diff options
author | netblue30 <netblue30@protonmail.com> | 2022-04-05 06:55:06 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2022-04-05 06:55:06 -0400 |
commit | 54b7c31a786ac4ff98942c8ba715cb64bc28511e (patch) | |
tree | 65eb7225f6ed4dbfc4835a29026319fcc870518b /src | |
parent | teams: drop doubled option (#5087) (diff) | |
download | firejail-54b7c31a786ac4ff98942c8ba715cb64bc28511e.tar.gz firejail-54b7c31a786ac4ff98942c8ba715cb64bc28511e.tar.zst firejail-54b7c31a786ac4ff98942c8ba715cb64bc28511e.zip |
nettrace fixes
Diffstat (limited to 'src')
-rw-r--r-- | src/fnettrace/main.c | 52 | ||||
-rw-r--r-- | src/fnettrace/static-ip-map | 2 |
2 files changed, 43 insertions, 11 deletions
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index 31d49d839..fd3cd5016 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c | |||
@@ -28,7 +28,7 @@ static char *arg_log = NULL; | |||
28 | 28 | ||
29 | typedef struct hnode_t { | 29 | typedef struct hnode_t { |
30 | struct hnode_t *hnext; // used for hash table and unused linked list | 30 | struct hnode_t *hnext; // used for hash table and unused linked list |
31 | struct hnode_t *dnext; // used to display stremas on the screen | 31 | struct hnode_t *dnext; // used to display streams on the screen |
32 | uint32_t ip_src; | 32 | uint32_t ip_src; |
33 | uint32_t bytes; // number of bytes received in the last display interval | 33 | uint32_t bytes; // number of bytes received in the last display interval |
34 | uint16_t port_src; | 34 | uint16_t port_src; |
@@ -221,6 +221,35 @@ static unsigned adjust_bandwidth(unsigned bw) { | |||
221 | return (max < (sum / 2))? sum: max; | 221 | return (max < (sum / 2))? sum: max; |
222 | } | 222 | } |
223 | 223 | ||
224 | static inline const char *common_port(uint16_t port) { | ||
225 | if (port > 123) | ||
226 | return NULL; | ||
227 | |||
228 | if (port == 20 || port == 21) | ||
229 | return "(FTP)"; | ||
230 | else if (port == 22) | ||
231 | return "(SSH)"; | ||
232 | else if (port == 23) | ||
233 | return "(telnet)"; | ||
234 | else if (port == 25) | ||
235 | return "(SMTP)"; | ||
236 | else if (port == 67) | ||
237 | return "(DHCP)"; | ||
238 | else if (port == 69) | ||
239 | return "(TFTP)"; | ||
240 | else if (port == 80) | ||
241 | return "(HTTP)"; | ||
242 | else if (port == 109) | ||
243 | return "(POP2)"; | ||
244 | else if (port == 110) | ||
245 | return "(POP3)"; | ||
246 | else if (port == 123) | ||
247 | return "(NTP)"; | ||
248 | |||
249 | return NULL; | ||
250 | } | ||
251 | |||
252 | |||
224 | static void hnode_print(unsigned bw) { | 253 | static void hnode_print(unsigned bw) { |
225 | assert(!arg_netfilter); | 254 | assert(!arg_netfilter); |
226 | bw = (bw < 1024 * DISPLAY_INTERVAL)? 1024 * DISPLAY_INTERVAL: bw; | 255 | bw = (bw < 1024 * DISPLAY_INTERVAL)? 1024 * DISPLAY_INTERVAL: bw; |
@@ -285,19 +314,19 @@ static void hnode_print(unsigned bw) { | |||
285 | else | 314 | else |
286 | bwline = print_bw(ptr->bytes / bwunit); | 315 | bwline = print_bw(ptr->bytes / bwunit); |
287 | 316 | ||
288 | char *protocol = ""; | 317 | const char *protocol = NULL; |
289 | if (ptr->port_src == 80) | 318 | if (ptr->port_src == 443) |
290 | protocol = "(HTTP)"; | 319 | protocol = "(TLS)"; |
320 | else if (ptr->port_src == 53) | ||
321 | protocol = "(DNS)"; | ||
291 | else if (ptr->port_src == 853) | 322 | else if (ptr->port_src == 853) |
292 | protocol = "(DoT)"; | 323 | protocol = "(DoT)"; |
324 | else if ((protocol = common_port(ptr->port_src)) != NULL) | ||
325 | ; | ||
293 | else if (ptr->protocol == 0x11) | 326 | else if (ptr->protocol == 0x11) |
294 | protocol = "(UDP)"; | 327 | protocol = "(UDP)"; |
295 | /* | 328 | if (protocol == NULL) |
296 | else (ptr->port_src == 443) | 329 | protocol = ""; |
297 | protocol = "TLS"; | ||
298 | else if (ptr->port_src == 53) | ||
299 | protocol = "DNS"; | ||
300 | */ | ||
301 | 330 | ||
302 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s\n", | 331 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s\n", |
303 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->hostname); | 332 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->hostname); |
@@ -409,7 +438,8 @@ static void run_trace(void) { | |||
409 | memcpy(&port_src, buf + hlen, 2); | 438 | memcpy(&port_src, buf + hlen, 2); |
410 | port_src = ntohs(port_src); | 439 | port_src = ntohs(port_src); |
411 | 440 | ||
412 | hnode_add(ip_src, buf[9], port_src, bytes + 14); | 441 | uint8_t protocol = buf[9]; |
442 | hnode_add(ip_src, protocol, port_src, bytes + 14); | ||
413 | } | 443 | } |
414 | } | 444 | } |
415 | } | 445 | } |
diff --git a/src/fnettrace/static-ip-map b/src/fnettrace/static-ip-map index e24ecf218..17ffe7f82 100644 --- a/src/fnettrace/static-ip-map +++ b/src/fnettrace/static-ip-map | |||
@@ -37,8 +37,10 @@ | |||
37 | 192.168.0.0/16 local network | 37 | 192.168.0.0/16 local network |
38 | 10.0.0.0/8 local network | 38 | 10.0.0.0/8 local network |
39 | 172.16.0.0/16 local network | 39 | 172.16.0.0/16 local network |
40 | 169.254.0.0/16 local link | ||
40 | 41 | ||
41 | # huge address ranges | 42 | # huge address ranges |
43 | 4.0.0.0/9 Level 3 | ||
42 | 6.0.0.0/8 US Army | 44 | 6.0.0.0/8 US Army |
43 | 7.0.0.0/8 US Army | 45 | 7.0.0.0/8 US Army |
44 | 9.0.0.0/8 IBM | 46 | 9.0.0.0/8 IBM |