dnstrace and snitrace

1 files changed, 83 insertions, 76 deletions

diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index c26d21ec9..49fd18a04 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -779,6 +779,46 @@ $ firejail \-\-list
 .br
 $ firejail \-\-dns.print=3272
 
+#ifdef HAVE_NETWORK
+.TP
+\fB\-\-dnstrace[=name|pid]
+Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes
+created with \-\-net are supported. This option is only available when running the sandbox as root.
+.br
+
+.br
+Without a name/pid, Firejail will monitor the main system network namespace.
+.br
+
+.br
+$ sudo firejail --dnstrace=browser
+.br
+11:31:43  9.9.9.9        linux.com (type 1)
+.br
+11:31:45  9.9.9.9        fonts.googleapis.com (type 1) NXDOMAIN
+.br
+11:31:45  9.9.9.9        js.hs-scripts.com (type 1) NXDOMAIN
+.br
+11:31:45  9.9.9.9        www.linux.com (type 1)
+.br
+11:31:45  9.9.9.9        fonts.googleapis.com (type 1) NXDOMAIN
+.br
+11:31:52  9.9.9.9        js.hs-scripts.com (type 1) NXDOMAIN
+.br
+11:32:05  9.9.9.9        secure.gravatar.com (type 1)
+.br
+11:32:06  9.9.9.9        secure.gravatar.com (type 1)
+.br
+11:32:08  9.9.9.9        taikai.network (type 1)
+.br
+11:32:08  9.9.9.9        cdn.jsdelivr.net (type 1)
+.br
+11:32:08  9.9.9.9        taikai.azureedge.net (type 1)
+.br
+11:32:08  9.9.9.9        www.youtube.com (type 1)
+.br
+#endif
+
 .TP
 \fB\-\-env=name=value
 Set environment variable in the new sandbox.
@@ -1578,82 +1618,6 @@ the country the traffic originates from is added to the trace.
 We also use the static IP map in /usr/lib/firejail/static-ip-map
 to print the domain names for some of the more common websites and cloud platforms.
 No external services are contacted for reverse IP lookup.
-.TP
-\fB\-\-nettrace-dns[=name|pid]
-Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes
-created with \-\-net are supported. This option is only available when running the sandbox as root.
-.br
-
-.br
-Without a name/pid, Firejail will monitor the main system network namespace.
-.br
-
-.br
-$ sudo firejail --nettrace-dns=browser
-.br
-11:31:43  9.9.9.9        linux.com (type 1)
-.br
-11:31:45  9.9.9.9        fonts.googleapis.com (type 1) NXDOMAIN
-.br
-11:31:45  9.9.9.9        js.hs-scripts.com (type 1) NXDOMAIN
-.br
-11:31:45  9.9.9.9        www.linux.com (type 1)
-.br
-11:31:45  9.9.9.9        fonts.googleapis.com (type 1) NXDOMAIN
-.br
-11:31:52  9.9.9.9        js.hs-scripts.com (type 1) NXDOMAIN
-.br
-11:32:05  9.9.9.9        secure.gravatar.com (type 1)
-.br
-11:32:06  9.9.9.9        secure.gravatar.com (type 1)
-.br
-11:32:08  9.9.9.9        taikai.network (type 1)
-.br
-11:32:08  9.9.9.9        cdn.jsdelivr.net (type 1)
-.br
-11:32:08  9.9.9.9        taikai.azureedge.net (type 1)
-.br
-11:32:08  9.9.9.9        www.youtube.com (type 1)
-.br
-.TP
-\fB\-\-nettrace-sni[=name|pid]
-Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes
-created with \-\-net are supported. This option is only available when running the sandbox as root.
-.br
-
-.br
-Without a name/pid, Firejail will monitor the main system network namespace.
-.br
-
-.br
-$ sudo firejail --nettrace-sni=browser
-.br
-07:49:51  23.185.0.3       linux.com
-.br
-07:49:51  23.185.0.3       www.linux.com
-.br
-07:50:05  192.0.73.2       secure.gravatar.com
-.br
-07:52:35  172.67.68.93     www.howtoforge.com
-.br
-07:52:37  13.225.103.59    sf.ezoiccdn.com
-.br
-07:52:42  142.250.176.3    www.gstatic.com
-.br
-07:53:03  173.236.250.32   www.linuxlinks.com
-.br
-07:53:05  192.0.77.37      c0.wp.com
-.br
-07:53:08  192.0.78.32      jetpack.wordpress.com
-.br
-07:53:09  192.0.77.32      s0.wp.com
-.br
-07:53:09  192.0.77.2       i0.wp.com
-.br
-07:53:10  192.0.77.2       i0.wp.com
-.br
-07:53:11  192.0.73.2       1.gravatar.com
-.br
 #endif
 .TP
 \fB\-\-nice=value
@@ -2833,6 +2797,49 @@ $ firejail \-\-list
 3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-shutdown=3272
+
+#ifdef HAVE_NETWORK
+.TP
+\fB\-\-snitrace[=name|pid]
+Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes
+created with \-\-net are supported. This option is only available when running the sandbox as root.
+.br
+
+.br
+Without a name/pid, Firejail will monitor the main system network namespace.
+.br
+
+.br
+$ sudo firejail --snitrace=browser
+.br
+07:49:51  23.185.0.3       linux.com
+.br
+07:49:51  23.185.0.3       www.linux.com
+.br
+07:50:05  192.0.73.2       secure.gravatar.com
+.br
+07:52:35  172.67.68.93     www.howtoforge.com
+.br
+07:52:37  13.225.103.59    sf.ezoiccdn.com
+.br
+07:52:42  142.250.176.3    www.gstatic.com
+.br
+07:53:03  173.236.250.32   www.linuxlinks.com
+.br
+07:53:05  192.0.77.37      c0.wp.com
+.br
+07:53:08  192.0.78.32      jetpack.wordpress.com
+.br
+07:53:09  192.0.77.32      s0.wp.com
+.br
+07:53:09  192.0.77.2       i0.wp.com
+.br
+07:53:10  192.0.77.2       i0.wp.com
+.br
+07:53:11  192.0.73.2       1.gravatar.com
+.br
+#endif
+
 .TP
 \fB\-\-tab
 Enable shell tab completion in sandboxes using private or whitelisted home directories.