diff options
-rw-r--r-- | .github/workflows/build-extra.yml | 10 | ||||
-rw-r--r-- | .github/workflows/build.yml | 2 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 8 | ||||
-rw-r--r-- | .github/workflows/profile-checks.yml | 2 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/fnettrace/hostnames.c | 4 | ||||
-rw-r--r-- | src/fnettrace/main.c | 6 |
7 files changed, 21 insertions, 12 deletions
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index dd0dc4da0..8754e7eff 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml | |||
@@ -54,7 +54,7 @@ jobs: | |||
54 | runs-on: ubuntu-22.04 | 54 | runs-on: ubuntu-22.04 |
55 | steps: | 55 | steps: |
56 | - name: Harden Runner | 56 | - name: Harden Runner |
57 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 57 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
58 | with: | 58 | with: |
59 | egress-policy: block | 59 | egress-policy: block |
60 | allowed-endpoints: > | 60 | allowed-endpoints: > |
@@ -84,7 +84,7 @@ jobs: | |||
84 | runs-on: ubuntu-22.04 | 84 | runs-on: ubuntu-22.04 |
85 | steps: | 85 | steps: |
86 | - name: Harden Runner | 86 | - name: Harden Runner |
87 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 87 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
88 | with: | 88 | with: |
89 | egress-policy: block | 89 | egress-policy: block |
90 | allowed-endpoints: > | 90 | allowed-endpoints: > |
@@ -110,7 +110,7 @@ jobs: | |||
110 | runs-on: ubuntu-22.04 | 110 | runs-on: ubuntu-22.04 |
111 | steps: | 111 | steps: |
112 | - name: Harden Runner | 112 | - name: Harden Runner |
113 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 113 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
114 | with: | 114 | with: |
115 | egress-policy: block | 115 | egress-policy: block |
116 | allowed-endpoints: > | 116 | allowed-endpoints: > |
@@ -132,7 +132,7 @@ jobs: | |||
132 | runs-on: ubuntu-20.04 | 132 | runs-on: ubuntu-20.04 |
133 | steps: | 133 | steps: |
134 | - name: Harden Runner | 134 | - name: Harden Runner |
135 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 135 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
136 | with: | 136 | with: |
137 | egress-policy: block | 137 | egress-policy: block |
138 | allowed-endpoints: > | 138 | allowed-endpoints: > |
@@ -150,7 +150,7 @@ jobs: | |||
150 | runs-on: ubuntu-22.04 | 150 | runs-on: ubuntu-22.04 |
151 | steps: | 151 | steps: |
152 | - name: Harden Runner | 152 | - name: Harden Runner |
153 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 153 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
154 | with: | 154 | with: |
155 | egress-policy: block | 155 | egress-policy: block |
156 | allowed-endpoints: > | 156 | allowed-endpoints: > |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index afa8d1305..32dbaf8cc 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml | |||
@@ -46,7 +46,7 @@ jobs: | |||
46 | SHELL: /bin/bash | 46 | SHELL: /bin/bash |
47 | steps: | 47 | steps: |
48 | - name: Harden Runner | 48 | - name: Harden Runner |
49 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 49 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
50 | with: | 50 | with: |
51 | egress-policy: block | 51 | egress-policy: block |
52 | allowed-endpoints: > | 52 | allowed-endpoints: > |
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index eec359f40..9b82ab240 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml | |||
@@ -75,7 +75,7 @@ jobs: | |||
75 | 75 | ||
76 | steps: | 76 | steps: |
77 | - name: Harden Runner | 77 | - name: Harden Runner |
78 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 78 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
79 | with: | 79 | with: |
80 | disable-sudo: true | 80 | disable-sudo: true |
81 | egress-policy: block | 81 | egress-policy: block |
@@ -93,7 +93,7 @@ jobs: | |||
93 | 93 | ||
94 | # Initializes the CodeQL tools for scanning. | 94 | # Initializes the CodeQL tools for scanning. |
95 | - name: Initialize CodeQL | 95 | - name: Initialize CodeQL |
96 | uses: github/codeql-action/init@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e | 96 | uses: github/codeql-action/init@f6e388ebf0efc915c6c5b165b019ee61a6746a38 |
97 | with: | 97 | with: |
98 | languages: ${{ matrix.language }} | 98 | languages: ${{ matrix.language }} |
99 | # If you wish to specify custom queries, you can do so here or in a config file. | 99 | # If you wish to specify custom queries, you can do so here or in a config file. |
@@ -104,7 +104,7 @@ jobs: | |||
104 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | 104 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). |
105 | # If this step fails, then you should remove it and run the build manually (see below) | 105 | # If this step fails, then you should remove it and run the build manually (see below) |
106 | - name: Autobuild | 106 | - name: Autobuild |
107 | uses: github/codeql-action/autobuild@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e | 107 | uses: github/codeql-action/autobuild@f6e388ebf0efc915c6c5b165b019ee61a6746a38 |
108 | 108 | ||
109 | # âšī¸ Command-line programs to run using the OS shell. | 109 | # âšī¸ Command-line programs to run using the OS shell. |
110 | # đ https://git.io/JvXDl | 110 | # đ https://git.io/JvXDl |
@@ -118,4 +118,4 @@ jobs: | |||
118 | # make release | 118 | # make release |
119 | 119 | ||
120 | - name: Perform CodeQL Analysis | 120 | - name: Perform CodeQL Analysis |
121 | uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e | 121 | uses: github/codeql-action/analyze@f6e388ebf0efc915c6c5b165b019ee61a6746a38 |
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml index 8418a390b..0e7403508 100644 --- a/.github/workflows/profile-checks.yml +++ b/.github/workflows/profile-checks.yml | |||
@@ -24,7 +24,7 @@ jobs: | |||
24 | runs-on: ubuntu-latest | 24 | runs-on: ubuntu-latest |
25 | steps: | 25 | steps: |
26 | - name: Harden Runner | 26 | - name: Harden Runner |
27 | uses: step-security/harden-runner@128a63446a954579617e875aaab7d2978154e969 | 27 | uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 |
28 | with: | 28 | with: |
29 | disable-sudo: true | 29 | disable-sudo: true |
30 | egress-policy: block | 30 | egress-policy: block |
@@ -5,6 +5,7 @@ firejail (0.9.73) baseline; urgency=low | |||
5 | * feature: a random hostname is assigned to each sandbox unless | 5 | * feature: a random hostname is assigned to each sandbox unless |
6 | overwritten using --hostname command | 6 | overwritten using --hostname command |
7 | * feature: add IPv6 support for --net.print option | 7 | * feature: add IPv6 support for --net.print option |
8 | * feature: QUIC (HTTP/3) support in --nettrace | ||
8 | * modif: Stop forwarding own double-dash to the shell (#5599 #5600) | 9 | * modif: Stop forwarding own double-dash to the shell (#5599 #5600) |
9 | * modif: Prevent sandbox name (--name=) and host name (--hostname=) | 10 | * modif: Prevent sandbox name (--name=) and host name (--hostname=) |
10 | from containing only digits (#5578 #5741) | 11 | from containing only digits (#5578 #5741) |
diff --git a/src/fnettrace/hostnames.c b/src/fnettrace/hostnames.c index 878a67123..20c83803f 100644 --- a/src/fnettrace/hostnames.c +++ b/src/fnettrace/hostnames.c | |||
@@ -28,6 +28,10 @@ static char buf[MAXBUF]; | |||
28 | char *retrieve_hostname(uint32_t ip) { | 28 | char *retrieve_hostname(uint32_t ip) { |
29 | if (geoip_not_found) | 29 | if (geoip_not_found) |
30 | return NULL; | 30 | return NULL; |
31 | if (access("/usr/bin/geoiplookup", X_OK)) { | ||
32 | geoip_not_found = 1; | ||
33 | return NULL; | ||
34 | } | ||
31 | geoip_calls++; | 35 | geoip_calls++; |
32 | 36 | ||
33 | char *rv = NULL; | 37 | char *rv = NULL; |
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index 178ac3631..3eb7a13f5 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c | |||
@@ -351,8 +351,10 @@ static void hnode_print(unsigned bw) { | |||
351 | bwline = print_bw(ptr->bytes / bwunit); | 351 | bwline = print_bw(ptr->bytes / bwunit); |
352 | 352 | ||
353 | const char *protocol = NULL; | 353 | const char *protocol = NULL; |
354 | if (ptr->port_src == 443) | 354 | if (ptr->port_src == 443 && ptr->protocol == 0x06) // TCP |
355 | protocol = "(TLS)"; | 355 | protocol = "(TLS)"; |
356 | else if (ptr->port_src == 443 && ptr->protocol == 0x11) // UDP | ||
357 | protocol = "(QUIC)"; | ||
356 | else if (ptr->port_src == 53) | 358 | else if (ptr->port_src == 53) |
357 | protocol = "(DNS)"; | 359 | protocol = "(DNS)"; |
358 | else if (ptr->port_src == 853) { | 360 | else if (ptr->port_src == 853) { |
@@ -367,6 +369,8 @@ static void hnode_print(unsigned bw) { | |||
367 | ; | 369 | ; |
368 | else if (ptr->protocol == 0x11) | 370 | else if (ptr->protocol == 0x11) |
369 | protocol = "(UDP)"; | 371 | protocol = "(UDP)"; |
372 | else if (ptr->protocol == 0x06) | ||
373 | protocol = "(TCP)"; | ||
370 | 374 | ||
371 | if (protocol == NULL) | 375 | if (protocol == NULL) |
372 | protocol = ""; | 376 | protocol = ""; |