diff options
| -rw-r--r-- | .github/workflows/build-extra.yml | 10 | ||||
| -rw-r--r-- | .github/workflows/build.yml | 2 | ||||
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 8 | ||||
| -rw-r--r-- | .github/workflows/profile-checks.yml | 2 | ||||
| -rw-r--r-- | RELNOTES | 1 | ||||
| -rw-r--r-- | src/fnettrace/hostnames.c | 4 | ||||
| -rw-r--r-- | src/fnettrace/main.c | 6 |
7 files changed, 21 insertions, 12 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index dd0dc4da0..8754e7eff 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
| @@ -54,7 +54,7 @@ jobs: | |||
| 54 | runs-on: ubuntu-22.04 | 54 | runs-on: ubuntu-22.04 |
| 55 | steps: | 55 | steps: |
| 56 | - name: Harden Runner | 56 | - name: Harden Runner |
| 57 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 57 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
| 58 | with: | 58 | with: |
| 59 | egress-policy: block | 59 | egress-policy: block |
| 60 | allowed-endpoints: > | 60 | allowed-endpoints: > |
| @@ -84,7 +84,7 @@ jobs: | |||
| 84 | runs-on: ubuntu-22.04 | 84 | runs-on: ubuntu-22.04 |
| 85 | steps: | 85 | steps: |
| 86 | - name: Harden Runner | 86 | - name: Harden Runner |
| 87 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 87 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
| 88 | with: | 88 | with: |
| 89 | egress-policy: block | 89 | egress-policy: block |
| 90 | allowed-endpoints: > | 90 | allowed-endpoints: > |
| @@ -110,7 +110,7 @@ jobs: | |||
| 110 | runs-on: ubuntu-22.04 | 110 | runs-on: ubuntu-22.04 |
| 111 | steps: | 111 | steps: |
| 112 | - name: Harden Runner | 112 | - name: Harden Runner |
| 113 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 113 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
| 114 | with: | 114 | with: |
| 115 | egress-policy: block | 115 | egress-policy: block |
| 116 | allowed-endpoints: > | 116 | allowed-endpoints: > |
| @@ -132,7 +132,7 @@ jobs: | |||
| 132 | runs-on: ubuntu-20.04 | 132 | runs-on: ubuntu-20.04 |
| 133 | steps: | 133 | steps: |
| 134 | - name: Harden Runner | 134 | - name: Harden Runner |
| 135 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 135 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
| 136 | with: | 136 | with: |
| 137 | egress-policy: block | 137 | egress-policy: block |
| 138 | allowed-endpoints: > | 138 | allowed-endpoints: > |
| @@ -150,7 +150,7 @@ jobs: | |||
| 150 | runs-on: ubuntu-22.04 | 150 | runs-on: ubuntu-22.04 |
| 151 | steps: | 151 | steps: |
| 152 | - name: Harden Runner | 152 | - name: Harden Runner |
| 153 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 153 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
| 154 | with: | 154 | with: |
| 155 | egress-policy: block | 155 | egress-policy: block |
| 156 | allowed-endpoints: > | 156 | allowed-endpoints: > |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index afa8d1305..32dbaf8cc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
| @@ -46,7 +46,7 @@ jobs: | |||
| 46 | SHELL: /bin/bash | 46 | SHELL: /bin/bash |
| 47 | steps: | 47 | steps: |
| 48 | - name: Harden Runner | 48 | - name: Harden Runner |
| 49 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 49 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
| 50 | with: | 50 | with: |
| 51 | egress-policy: block | 51 | egress-policy: block |
| 52 | allowed-endpoints: > | 52 | allowed-endpoints: > |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index eec359f40..9b82ab240 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
| @@ -75,7 +75,7 @@ jobs: | |||
| 75 | 75 | ||
| 76 | steps: | 76 | steps: |
| 77 | - name: Harden Runner | 77 | - name: Harden Runner |
| 78 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 78 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
| 79 | with: | 79 | with: |
| 80 | disable-sudo: true | 80 | disable-sudo: true |
| 81 | egress-policy: block | 81 | egress-policy: block |
| @@ -93,7 +93,7 @@ jobs: | |||
| 93 | 93 | ||
| 94 | # Initializes the CodeQL tools for scanning. | 94 | # Initializes the CodeQL tools for scanning. |
| 95 | - name: Initialize CodeQL | 95 | - name: Initialize CodeQL |
| 96 | uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e | 96 | uses: github/codeql-action/init@f6e388ebf0efc915c6c5b165b019ee61a6746a38 |
| 97 | with: | 97 | with: |
| 98 | languages: ${{ matrix.language }} | 98 | languages: ${{ matrix.language }} |
| 99 | # If you wish to specify custom queries, you can do so here or in a config file. | 99 | # If you wish to specify custom queries, you can do so here or in a config file. |
| @@ -104,7 +104,7 @@ jobs: | |||
| 104 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 104 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
| 105 | # If this step fails, then you should remove it and run the build manually (see below) | 105 | # If this step fails, then you should remove it and run the build manually (see below) |
| 106 | - name: Autobuild | 106 | - name: Autobuild |
| 107 | uses: github/codeql-action/autobuild@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e | 107 | uses: github/codeql-action/autobuild@f6e388ebf0efc915c6c5b165b019ee61a6746a38 |
| 108 | 108 | ||
| 109 | # âšī¸ Command-line programs to run using the OS shell. | 109 | # âšī¸ Command-line programs to run using the OS shell. |
| 110 | # đ https://git.io/JvXDl | 110 | # đ https://git.io/JvXDl |
| @@ -118,4 +118,4 @@ jobs: | |||
| 118 | # make release | 118 | # make release |
| 119 | 119 | ||
| 120 | - name: Perform CodeQL Analysis | 120 | - name: Perform CodeQL Analysis |
| 121 | uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e | 121 | uses: github/codeql-action/analyze@f6e388ebf0efc915c6c5b165b019ee61a6746a38 |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 8418a390b..0e7403508 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
| @@ -24,7 +24,7 @@ jobs: | |||
| 24 | runs-on: ubuntu-latest | 24 | runs-on: ubuntu-latest |
| 25 | steps: | 25 | steps: |
| 26 | - name: Harden Runner | 26 | - name: Harden Runner |
| 27 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 27 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
| 28 | with: | 28 | with: |
| 29 | disable-sudo: true | 29 | disable-sudo: true |
| 30 | egress-policy: block | 30 | egress-policy: block |
| @@ -5,6 +5,7 @@ firejail (0.9.73) baseline; urgency=low | |||
| 5 | * feature: a random hostname is assigned to each sandbox unless | 5 | * feature: a random hostname is assigned to each sandbox unless |
| 6 | overwritten using --hostname command | 6 | overwritten using --hostname command |
| 7 | * feature: add IPv6 support for --net.print option | 7 | * feature: add IPv6 support for --net.print option |
| 8 | * feature: QUIC (HTTP/3) support in --nettrace | ||
| 8 | * modif: Stop forwarding own double-dash to the shell (#5599 #5600) | 9 | * modif: Stop forwarding own double-dash to the shell (#5599 #5600) |
| 9 | * modif: Prevent sandbox name (--name=) and host name (--hostname=) | 10 | * modif: Prevent sandbox name (--name=) and host name (--hostname=) |
| 10 | from containing only digits (#5578 #5741) | 11 | from containing only digits (#5578 #5741) |
diff --git a/src/fnettrace/hostnames.c b/src/fnettrace/hostnames.c index 878a67123..20c83803f 100644 --- a/src/fnettrace/hostnames.c +++ b/src/fnettrace/hostnames.c | |||
| @@ -28,6 +28,10 @@ static char buf[MAXBUF]; | |||
| 28 | char *retrieve_hostname(uint32_t ip) { | 28 | char *retrieve_hostname(uint32_t ip) { |
| 29 | if (geoip_not_found) | 29 | if (geoip_not_found) |
| 30 | return NULL; | 30 | return NULL; |
| 31 | if (access("/usr/bin/geoiplookup", X_OK)) { | ||
| 32 | geoip_not_found = 1; | ||
| 33 | return NULL; | ||
| 34 | } | ||
| 31 | geoip_calls++; | 35 | geoip_calls++; |
| 32 | 36 | ||
| 33 | char *rv = NULL; | 37 | char *rv = NULL; |
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index 178ac3631..3eb7a13f5 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c | |||
| @@ -351,8 +351,10 @@ static void hnode_print(unsigned bw) { | |||
| 351 | bwline = print_bw(ptr->bytes / bwunit); | 351 | bwline = print_bw(ptr->bytes / bwunit); |
| 352 | 352 | ||
| 353 | const char *protocol = NULL; | 353 | const char *protocol = NULL; |
| 354 | if (ptr->port_src == 443) | 354 | if (ptr->port_src == 443 && ptr->protocol == 0x06) // TCP |
| 355 | protocol = "(TLS)"; | 355 | protocol = "(TLS)"; |
| 356 | else if (ptr->port_src == 443 && ptr->protocol == 0x11) // UDP | ||
| 357 | protocol = "(QUIC)"; | ||
| 356 | else if (ptr->port_src == 53) | 358 | else if (ptr->port_src == 53) |
| 357 | protocol = "(DNS)"; | 359 | protocol = "(DNS)"; |
| 358 | else if (ptr->port_src == 853) { | 360 | else if (ptr->port_src == 853) { |
| @@ -367,6 +369,8 @@ static void hnode_print(unsigned bw) { | |||
| 367 | ; | 369 | ; |
| 368 | else if (ptr->protocol == 0x11) | 370 | else if (ptr->protocol == 0x11) |
| 369 | protocol = "(UDP)"; | 371 | protocol = "(UDP)"; |
| 372 | else if (ptr->protocol == 0x06) | ||
| 373 | protocol = "(TCP)"; | ||
| 370 | 374 | ||
| 371 | if (protocol == NULL) | 375 | if (protocol == NULL) |
| 372 | protocol = ""; | 376 | protocol = ""; |