aboutsummaryrefslogtreecommitdiffstats
path: root/src/fnettrace
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@protonmail.com>2023-07-15 08:18:08 -0400
committerLibravatar netblue30 <netblue30@protonmail.com>2023-07-15 08:18:08 -0400
commitd2802ce6068e5e9296e7b9a06a9c82e18ca23972 (patch)
tree7ffd465af9f5e809d9e1661c59b806c82f659bd0 /src/fnettrace
parentMerge pull request #5898 from kmk3/build-simplify-man (diff)
downloadfirejail-d2802ce6068e5e9296e7b9a06a9c82e18ca23972.tar.gz
firejail-d2802ce6068e5e9296e7b9a06a9c82e18ca23972.tar.zst
firejail-d2802ce6068e5e9296e7b9a06a9c82e18ca23972.zip
fnettrace cleanup
Diffstat (limited to 'src/fnettrace')
-rw-r--r--src/fnettrace/hostnames.c5
-rw-r--r--src/fnettrace/main.c52
-rw-r--r--src/fnettrace/radix.c17
-rw-r--r--src/fnettrace/radix.h11
-rw-r--r--src/fnettrace/static-ip-map.txt42
5 files changed, 91 insertions, 36 deletions
diff --git a/src/fnettrace/hostnames.c b/src/fnettrace/hostnames.c
index 20c83803f..7cb34e2c4 100644
--- a/src/fnettrace/hostnames.c
+++ b/src/fnettrace/hostnames.c
@@ -50,12 +50,13 @@ char *retrieve_hostname(uint32_t ip) {
50 ptr = buf + 22; 50 ptr = buf + 22;
51 if (*ptr == ' ' && *(ptr + 3) == ',' && *(ptr + 4) == ' ') { 51 if (*ptr == ' ' && *(ptr + 3) == ',' && *(ptr + 4) == ' ') {
52 rv = ptr + 5; 52 rv = ptr + 5;
53 rv = radix_add(ip, 0xffffffff, rv); 53 if (strcmp(rv, "United States") == 0)
54 rv = "US";
54 } 55 }
55 } 56 }
56 } 57 }
57 pclose(fp); 58 pclose(fp);
58 return rv; 59 return strdup(rv);
59 } 60 }
60 else 61 else
61 geoip_not_found = 1; 62 geoip_not_found = 1;
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c
index 2d5072379..136a16e6d 100644
--- a/src/fnettrace/main.c
+++ b/src/fnettrace/main.c
@@ -33,13 +33,16 @@ typedef struct hnode_t {
33 struct hnode_t *hnext; // used for hash table and unused linked list 33 struct hnode_t *hnext; // used for hash table and unused linked list
34 struct hnode_t *dnext; // used to display streams on the screen 34 struct hnode_t *dnext; // used to display streams on the screen
35 uint32_t ip_src; 35 uint32_t ip_src;
36 RNode *rnode; // radix tree entry
37
38 // stats
36 uint32_t bytes; // number of bytes received in the last display interval 39 uint32_t bytes; // number of bytes received in the last display interval
37 uint16_t port_src; 40 uint16_t port_src;
38 uint8_t protocol; 41 uint8_t protocol;
42
39 // the firewall is build based on source address, and in the linked list 43 // the firewall is build based on source address, and in the linked list
40 // we have elements with the same address but different ports 44 // we could have elements with the same address but different ports
41 uint8_t ip_instance; 45 uint8_t ip_instance;
42 char *hostname;
43 int ttl; 46 int ttl;
44} HNode; 47} HNode;
45 48
@@ -89,6 +92,8 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint
89 ip_instance++; 92 ip_instance++;
90 if (ptr->port_src == port_src && ptr->protocol == protocol) { 93 if (ptr->port_src == port_src && ptr->protocol == protocol) {
91 ptr->bytes += bytes; 94 ptr->bytes += bytes;
95 assert(ptr->rnode);
96 ptr->rnode->pkts++;
92 return; 97 return;
93 } 98 }
94 } 99 }
@@ -100,7 +105,6 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint
100#endif 105#endif
101 HNode *hnew = hmalloc(); 106 HNode *hnew = hmalloc();
102 assert(hnew); 107 assert(hnew);
103 hnew->hostname = NULL;
104 hnew->ip_src = ip_src; 108 hnew->ip_src = ip_src;
105 hnew->port_src = port_src; 109 hnew->port_src = port_src;
106 hnew->protocol = protocol; 110 hnew->protocol = protocol;
@@ -126,6 +130,11 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint
126 ptr->dnext = hnew; 130 ptr->dnext = hnew;
127 } 131 }
128 132
133 hnew->rnode = radix_longest_prefix_match(hnew->ip_src);
134 if (!hnew->rnode)
135 hnew->rnode = radix_add(hnew->ip_src, 0xffffffff, NULL);
136 hnew->rnode->pkts++;
137
129 if (arg_netfilter) 138 if (arg_netfilter)
130 logprintf(" %d.%d.%d.%d ", PRINT_IP(hnew->ip_src)); 139 logprintf(" %d.%d.%d.%d ", PRINT_IP(hnew->ip_src));
131} 140}
@@ -242,15 +251,15 @@ static PortType ports[] = {
242 {110, "(POP3)"}, 251 {110, "(POP3)"},
243 {113, "(IRC)"}, 252 {113, "(IRC)"},
244 {123, "(NTP)"}, 253 {123, "(NTP)"},
245 {161, "(SNP)"}, 254 {161, "(SNMP)"},
246 {162, "(SNP)"}, 255 {162, "(SNMP)"},
247 {194, "(IRC)"}, 256 {194, "(IRC)"},
248 {0, NULL}, 257 {0, NULL},
249}; 258};
250 259
251 260
252static inline const char *common_port(uint16_t port) { 261static inline const char *common_port(uint16_t port) {
253 if (port >= 6660 && port <= 9150) { 262 if (port >= 6660 && port <= 10162) {
254 if (port >= 6660 && port <= 6669) 263 if (port >= 6660 && port <= 6669)
255 return "(IRC)"; 264 return "(IRC)";
256 else if (port == 6679) 265 else if (port == 6679)
@@ -269,6 +278,10 @@ static inline const char *common_port(uint16_t port) {
269 return "(Tor)"; 278 return "(Tor)";
270 else if (port == 9150) 279 else if (port == 9150)
271 return "(Tor)"; 280 return "(Tor)";
281 else if (port == 10161)
282 return "(secure SNMP)";
283 else if (port == 10162)
284 return "(secure SNMP)";
272 return NULL; 285 return NULL;
273 } 286 }
274 287
@@ -317,7 +330,8 @@ static void hnode_print(unsigned bw) {
317 sprintf(stats, "%u MB/s ", bw / (1024 * 1024 * DISPLAY_INTERVAL)); 330 sprintf(stats, "%u MB/s ", bw / (1024 * 1024 * DISPLAY_INTERVAL));
318 else 331 else
319 sprintf(stats, "%u KB/s ", bw / (1024 * DISPLAY_INTERVAL)); 332 sprintf(stats, "%u KB/s ", bw / (1024 * DISPLAY_INTERVAL));
320 int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes); 333// int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes);
334 int len = snprintf(line, LINE_MAX, "%32s address:port (protocol) host (packets)\n", stats);
321 adjust_line(line, len, cols); 335 adjust_line(line, len, cols);
322 printf("%s", line); 336 printf("%s", line);
323 337
@@ -336,12 +350,11 @@ static void hnode_print(unsigned bw) {
336 else 350 else
337 snprintf(bytes, 11, "%u B/s ", (unsigned) (ptr->bytes / DISPLAY_INTERVAL)); 351 snprintf(bytes, 11, "%u B/s ", (unsigned) (ptr->bytes / DISPLAY_INTERVAL));
338 352
339 if (!ptr->hostname) 353 if (!ptr->rnode->name)
340 ptr->hostname = radix_longest_prefix_match(ptr->ip_src); 354 ptr->rnode->name = retrieve_hostname(ptr->ip_src);
341 if (!ptr->hostname) 355 if (!ptr->rnode->name)
342 ptr->hostname = retrieve_hostname(ptr->ip_src); 356 ptr->rnode->name = " ";
343 if (!ptr->hostname) 357 assert(ptr->rnode->name);
344 ptr->hostname = " ";
345 358
346 unsigned bwunit = bw / DISPLAY_BW_UNITS; 359 unsigned bwunit = bw / DISPLAY_BW_UNITS;
347 char *bwline; 360 char *bwline;
@@ -376,11 +389,16 @@ static void hnode_print(unsigned bw) {
376 protocol = ""; 389 protocol = "";
377 if (ptr->port_src == 0) 390 if (ptr->port_src == 0)
378 len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d (ICMP) %s\n", 391 len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d (ICMP) %s\n",
379 bytes, bwline, PRINT_IP(ptr->ip_src), ptr->hostname); 392 bytes, bwline, PRINT_IP(ptr->ip_src), ptr->rnode->name);
393 else if (ptr->rnode->pkts > 1000000)
394 len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fM)\n",
395 bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000000);
396 else if (ptr->rnode->pkts > 1000)
397 len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fK)\n",
398 bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000);
380 else 399 else
381 len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s\n", 400 len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%u)\n",
382 bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->hostname); 401 bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ptr->rnode->pkts);
383
384 adjust_line(line, len, cols); 402 adjust_line(line, len, cols);
385 printf("%s", line); 403 printf("%s", line);
386 404
diff --git a/src/fnettrace/radix.c b/src/fnettrace/radix.c
index f0a22da74..f0ac4c094 100644
--- a/src/fnettrace/radix.c
+++ b/src/fnettrace/radix.c
@@ -25,12 +25,6 @@
25#include "radix.h" 25#include "radix.h"
26#include "fnettrace.h" 26#include "fnettrace.h"
27 27
28typedef struct rnode_t {
29 struct rnode_t *zero;
30 struct rnode_t *one;
31 char *name;
32} RNode;
33
34RNode *head = 0; 28RNode *head = 0;
35int radix_nodes = 0; 29int radix_nodes = 0;
36 30
@@ -100,8 +94,7 @@ static inline RNode *addZero(RNode *ptr, char *name) {
100 94
101 95
102// add to radix tree 96// add to radix tree
103char *radix_add(uint32_t ip, uint32_t mask, char *name) { 97RNode *radix_add(uint32_t ip, uint32_t mask, char *name) {
104 assert(name);
105 uint32_t m = 0x80000000; 98 uint32_t m = 0x80000000;
106 uint32_t lastm = 0; 99 uint32_t lastm = 0;
107 if (head == 0) { 100 if (head == 0) {
@@ -124,17 +117,17 @@ char *radix_add(uint32_t ip, uint32_t mask, char *name) {
124 ptr = addZero(ptr, (valid)? name: NULL); 117 ptr = addZero(ptr, (valid)? name: NULL);
125 } 118 }
126 assert(ptr); 119 assert(ptr);
127 if (!ptr->name) { 120 if (name && !ptr->name) {
128 ptr->name = duplicate_name(name); 121 ptr->name = duplicate_name(name);
129 if (!ptr->name) 122 if (!ptr->name)
130 errExit("duplicate_name"); 123 errExit("duplicate_name");
131 } 124 }
132 125
133 return ptr->name; 126 return ptr;
134} 127}
135 128
136// find last match 129// find last match
137char *radix_longest_prefix_match(uint32_t ip) { 130RNode *radix_longest_prefix_match(uint32_t ip) {
138 if (!head) 131 if (!head)
139 return NULL; 132 return NULL;
140 133
@@ -154,7 +147,7 @@ char *radix_longest_prefix_match(uint32_t ip) {
154 rv = ptr; 147 rv = ptr;
155 } 148 }
156 149
157 return (rv)? rv->name: NULL; 150 return rv;
158} 151}
159 152
160static uint32_t sum; 153static uint32_t sum;
diff --git a/src/fnettrace/radix.h b/src/fnettrace/radix.h
index 349d0e4b8..60a64f18f 100644
--- a/src/fnettrace/radix.h
+++ b/src/fnettrace/radix.h
@@ -20,9 +20,16 @@
20#ifndef RADIX_H 20#ifndef RADIX_H
21#define RADIX_H 21#define RADIX_H
22 22
23typedef struct rnode_t {
24 struct rnode_t *zero;
25 struct rnode_t *one;
26 char *name;
27 uint32_t pkts;
28} RNode;
29
23extern int radix_nodes; 30extern int radix_nodes;
24char *radix_longest_prefix_match(uint32_t ip); 31RNode *radix_longest_prefix_match(uint32_t ip);
25char *radix_add(uint32_t ip, uint32_t mask, char *name); 32RNode*radix_add(uint32_t ip, uint32_t mask, char *name);
26void radix_print(void); 33void radix_print(void);
27void radix_squash(void); 34void radix_squash(void);
28 35
diff --git a/src/fnettrace/static-ip-map.txt b/src/fnettrace/static-ip-map.txt
index 2742e71c5..52eb307d8 100644
--- a/src/fnettrace/static-ip-map.txt
+++ b/src/fnettrace/static-ip-map.txt
@@ -88,6 +88,7 @@
888.8.8.0/24 Google DNS 888.8.8.0/24 Google DNS
899.9.9.0/24 Quad9 DNS 899.9.9.0/24 Quad9 DNS
9045.90.28.0/22 NextDNS 9045.90.28.0/22 NextDNS
9194.140.14.0/23 Adguard DNS
91149.112.112.0/24 Quad9 DNS 92149.112.112.0/24 Quad9 DNS
92149.112.120.0/21 CIRA DNS Canada 93149.112.120.0/21 CIRA DNS Canada
93146.255.56.96/29 Applied Privacy 94146.255.56.96/29 Applied Privacy
@@ -96,6 +97,7 @@
96208.67.216.0/21 OpenDNS 97208.67.216.0/21 OpenDNS
97 98
98# whois 99# whois
100192.0.32.0/20 ICANN
99193.0.0.0/21 whois.ripe.net Netherlands 101193.0.0.0/21 whois.ripe.net Netherlands
100199.5.26.0/24 whois.arin.net US 102199.5.26.0/24 whois.arin.net US
101199.15.80.0/21 whois.publicinterestregistry.net Canada 103199.15.80.0/21 whois.publicinterestregistry.net Canada
@@ -106,6 +108,7 @@
106201.159.220.0/22 whois.lacnic.net Ecuador 108201.159.220.0/22 whois.lacnic.net Ecuador
107 109
108# some popular websites 110# some popular websites
1115.255.255.0/24 Yandex
10923.160.0.0/24 Twitch 11223.160.0.0/24 Twitch
11023.246.0.0/18 Netflix 11323.246.0.0/18 Netflix
11131.13.24.0/21 Facebook 11431.13.24.0/21 Facebook
@@ -121,9 +124,18 @@
12164.63.0.0/18 Twitter 12464.63.0.0/18 Twitter
12264.112.13.0/24 Dropbox 12564.112.13.0/24 Dropbox
12364.120.128.0/17 Netflix 12664.120.128.0/17 Netflix
12766.111.48.0/22 WhatsApp
12866.187.208.0/20 Cisco Systems, Inc
12966.187.224.0/20 Red Hat, Inc
12466.197.128.0/17 Netflix 13066.197.128.0/17 Netflix
13166.211.160.0/21 eBay
13266.211.168.0/22 PayPal
13366.211.172.0/22 eBay
13466.211.176.0/20 eBay
13566.220.144.0/20 Facebook
12569.53.224.0/19 Netflix 13669.53.224.0/19 Netflix
12669.171.224.0/19 Facebook 13769.171.224.0/19 Facebook
13887.250.254.0/24 Yandex
12791.105.192.0/23 Telegram 13991.105.192.0/23 Telegram
12891.108.4.0/22 Telegram 14091.108.4.0/22 Telegram
12991.108.8.0/21 Telegram 14191.108.8.0/21 Telegram
@@ -162,6 +174,7 @@
162162.213.32.0/22 Ubuntu One 174162.213.32.0/22 Ubuntu One
163162.254.192.0/21 Steam 175162.254.192.0/21 Steam
164172.98.56.0/22 Rumble 176172.98.56.0/22 Rumble
177178.154.131.0/24 Yandex
165185.2.220.0/22 Netflix 178185.2.220.0/22 Netflix
166185.9.188.0/22 Netflix 179185.9.188.0/22 Netflix
167185.25.182.0/23 Steam 180185.25.182.0/23 Steam
@@ -192,12 +205,24 @@
192205.185.194.0/24 Steam 205205.185.194.0/24 Steam
193205.196.6.0/24 Steam 206205.196.6.0/24 Steam
194207.45.72.0/22 Netflix 207207.45.72.0/22 Netflix
208207.241.224.0/20 Internet Archive
195208.64.200.0/22 Steam 209208.64.200.0/22 Steam
196208.75.76.0/22 Netflix 210208.75.76.0/22 Netflix
197208.78.164.0/22 Steam 211208.78.164.0/22 Steam
198208.80.152.0/22 Wikipedia 212208.80.152.0/22 Wikipedia
213209.140.128.0/18 eBay
199 214
200# Level 3 215# Level 3
21666.114.192.0/18 Level 3
21766.147.128.0/18 Level 3
21866.147.192.0/19 Level 3
21966.162.0.0/16 Level 3
22066.170.128.0/20 Level 3
22166.192.0.0/14 Level 3
22266.199.0.0/19 Level 3
22366.243.0.0/17 Level 3
22466.243.128.0/18 Level 3
22566.251.192.0/19 Level 3
201205.128.0.0/14 Level 3 226205.128.0.0/14 Level 3
202205.180.0.0/14 Level 3 227205.180.0.0/14 Level 3
203205.184.0.0/19 Level 3 228205.184.0.0/19 Level 3
@@ -260,6 +285,7 @@
260205.185.220.0/24 StackPath 285205.185.220.0/24 StackPath
261 286
262# Linode 287# Linode
28866.175.208.0/20 Linode
263103.29.68.0/22 Linode 289103.29.68.0/22 Linode
264104.200.16.0/21 Linode 290104.200.16.0/21 Linode
265104.200.24.0/22 Linode 291104.200.24.0/22 Linode
@@ -427,13 +453,17 @@
427192.229.128.0/17 MCI 453192.229.128.0/17 MCI
428 454
429# Microsoft 455# Microsoft
45613.64.0.0/11 Microsoft
45713.104.0.0/14 Microsoft
45813.96.0.0/13 Microsoft
45920.33.0.0/16 Microsoft
46020.36.0.0/14 Microsoft
46120.34.0.0/15 Microsoft
43020.40.0.0/13 Microsoft 46220.40.0.0/13 Microsoft
43120.64.0.0/10 Microsoft 46320.64.0.0/10 Microsoft
43220.48.0.0/12 Microsoft 46420.48.0.0/12 Microsoft
43320.128.0.0/16 Microsoft 46520.128.0.0/16 Microsoft
43420.33.0.0/16 Microsoft 46620.192.0.0/10 Microsoft
43520.36.0.0/14 Microsoft
43620.34.0.0/15 Microsoft
43740.76.0.0/14 Microsoft 46740.76.0.0/14 Microsoft
43840.96.0.0/12 Microsoft 46840.96.0.0/12 Microsoft
43940.112.0.0/13 Microsoft 46940.112.0.0/13 Microsoft
@@ -455,6 +485,8 @@
45569.147.64.0/18 Yahoo 48569.147.64.0/18 Yahoo
45676.13.0.0/16 Yahoo 48676.13.0.0/16 Yahoo
45798.136.0.0/14 Yahoo 48798.136.0.0/14 Yahoo
488182.22.0.0/17 Yahoo Japan
489183.79.0.0/16 Yahoo Japan
458206.190.32.0/19 Yahoo 490206.190.32.0/19 Yahoo
459209.73.160.0/19 Yahoo 491209.73.160.0/19 Yahoo
460209.191.64.0/18 Yahoo 492209.191.64.0/18 Yahoo
@@ -3505,6 +3537,10 @@
350565.8.0.0/16 Amazon 353765.8.0.0/16 Amazon
350665.9.0.0/17 Amazon 353865.9.0.0/17 Amazon
350765.9.128.0/18 Amazon 353965.9.128.0/18 Amazon
354066.34.0.0/16 Amazon
354166.157.0.0/16 Amazon
354266.165.64.0/18 Amazon
354366.221.0.0/16 Amazon
350867.202.0.0/18 Amazon 354467.202.0.0/18 Amazon
350967.220.224.0/20 Amazon 354567.220.224.0/20 Amazon
351067.220.240.0/20 Amazon 354667.220.240.0/20 Amazon
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-30 13:43:04 +0000