diff options
Diffstat (limited to 'src/fnettrace')
-rw-r--r-- | src/fnettrace/fnettrace.h | 3 | ||||
-rw-r--r-- | src/fnettrace/main.c | 486 | ||||
-rw-r--r-- | src/fnettrace/runprog.c (renamed from src/fnettrace/tail.c) | 48 | ||||
-rw-r--r-- | src/fnettrace/static-ip-map.txt | 94 |
4 files changed, 309 insertions, 322 deletions
diff --git a/src/fnettrace/fnettrace.h b/src/fnettrace/fnettrace.h index b1a2f5b6c..b4a8f26c7 100644 --- a/src/fnettrace/fnettrace.h +++ b/src/fnettrace/fnettrace.h | |||
@@ -75,4 +75,7 @@ void terminal_handler(int s); | |||
75 | void terminal_set(void); | 75 | void terminal_set(void); |
76 | void terminal_restore(void); | 76 | void terminal_restore(void); |
77 | 77 | ||
78 | // runprog.c | ||
79 | int runprog(const char *program); | ||
80 | |||
78 | #endif | 81 | #endif |
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index 932afff61..3bafd9090 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c | |||
@@ -25,15 +25,63 @@ | |||
25 | #include <signal.h> | 25 | #include <signal.h> |
26 | #define MAX_BUF_SIZE (64 * 1024) | 26 | #define MAX_BUF_SIZE (64 * 1024) |
27 | 27 | ||
28 | static int arg_netfilter = 0; | ||
29 | static int arg_tail = 0; | ||
30 | static char *arg_log = NULL; | 28 | static char *arg_log = NULL; |
31 | 29 | ||
30 | //***************************************************************** | ||
31 | // packet stats | ||
32 | //***************************************************************** | ||
32 | uint32_t stats_pkts = 0; | 33 | uint32_t stats_pkts = 0; |
33 | uint32_t stats_icmp = 0; | 34 | uint32_t stats_icmp_echo = 0; |
34 | uint32_t stats_dns = 0; | 35 | uint32_t stats_dns = 0; |
36 | uint32_t stats_dns_dot = 0; | ||
37 | uint32_t stats_dns_doh = 0; | ||
38 | uint32_t stats_dns_doq = 0; | ||
39 | uint32_t stats_tls = 0; | ||
40 | uint32_t stats_quic = 0; | ||
41 | uint32_t stats_tor = 0; | ||
42 | uint32_t stats_http = 0; | ||
43 | uint32_t stats_ssh = 0; | ||
44 | |||
45 | //***************************************************************** | ||
46 | // sni/dns log storage | ||
47 | //***************************************************************** | ||
48 | typedef struct lognode_t { | ||
49 | #define LOG_RECORD_LEN 255 | ||
50 | char record[LOG_RECORD_LEN + 1]; | ||
51 | } LogNode; | ||
52 | // circular list of SNI log records | ||
53 | #define SNIMAX 64 | ||
54 | LogNode sni_table[SNIMAX] = {0}; | ||
55 | int sni_index = 0; | ||
56 | |||
57 | // circular list of SNI log records | ||
58 | #define DNSMAX 64 | ||
59 | LogNode dns_table[SNIMAX] = {0}; | ||
60 | int dns_index = 0; | ||
61 | |||
62 | static void print_sni(void) { | ||
63 | int i; | ||
64 | for (i = sni_index; i < SNIMAX; i++) | ||
65 | if (*sni_table[i].record) | ||
66 | printf(" %s", sni_table[i].record); | ||
67 | for (i = 0; i < sni_index; i++) | ||
68 | if (*sni_table[i].record) | ||
69 | printf(" %s", sni_table[i].record); | ||
70 | } | ||
35 | 71 | ||
72 | static void print_dns(void) { | ||
73 | int i; | ||
74 | for (i = dns_index; i < DNSMAX; i++) | ||
75 | if (*dns_table[i].record) | ||
76 | printf(" %s", dns_table[i].record); | ||
77 | for (i = 0; i < dns_index; i++) | ||
78 | if (*dns_table[i].record) | ||
79 | printf(" %s", dns_table[i].record); | ||
80 | } | ||
36 | 81 | ||
82 | //***************************************************************** | ||
83 | // traffic trace storage - hash table for fast access + linked list for display purposes | ||
84 | //***************************************************************** | ||
37 | typedef struct hnode_t { | 85 | typedef struct hnode_t { |
38 | struct hnode_t *hnext; // used for hash table and unused linked list | 86 | struct hnode_t *hnext; // used for hash table and unused linked list |
39 | struct hnode_t *dnext; // used to display streams on the screen | 87 | struct hnode_t *dnext; // used to display streams on the screen |
@@ -42,6 +90,7 @@ typedef struct hnode_t { | |||
42 | 90 | ||
43 | // stats | 91 | // stats |
44 | uint32_t bytes; // number of bytes received in the last display interval | 92 | uint32_t bytes; // number of bytes received in the last display interval |
93 | uint32_t pkts; // number of packets received in the last display interval | ||
45 | uint16_t port_src; | 94 | uint16_t port_src; |
46 | uint8_t protocol; | 95 | uint8_t protocol; |
47 | 96 | ||
@@ -97,6 +146,7 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
97 | ip_instance++; | 146 | ip_instance++; |
98 | if (ptr->port_src == port_src && ptr->protocol == protocol) { | 147 | if (ptr->port_src == port_src && ptr->protocol == protocol) { |
99 | ptr->bytes += bytes; | 148 | ptr->bytes += bytes; |
149 | ptr->pkts++; | ||
100 | assert(ptr->rnode); | 150 | assert(ptr->rnode); |
101 | ptr->rnode->pkts++; | 151 | ptr->rnode->pkts++; |
102 | return; | 152 | return; |
@@ -115,6 +165,7 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
115 | hnew->protocol = protocol; | 165 | hnew->protocol = protocol; |
116 | hnew->hnext = NULL; | 166 | hnew->hnext = NULL; |
117 | hnew->bytes = bytes; | 167 | hnew->bytes = bytes; |
168 | hnew->pkts = 1; | ||
118 | hnew->ip_instance = ip_instance + 1; | 169 | hnew->ip_instance = ip_instance + 1; |
119 | hnew->ttl = DISPLAY_TTL; | 170 | hnew->ttl = DISPLAY_TTL; |
120 | if (htable[h] == NULL) | 171 | if (htable[h] == NULL) |
@@ -139,9 +190,6 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint | |||
139 | if (!hnew->rnode) | 190 | if (!hnew->rnode) |
140 | hnew->rnode = radix_add(hnew->ip_src, 0xffffffff, NULL); | 191 | hnew->rnode = radix_add(hnew->ip_src, 0xffffffff, NULL); |
141 | hnew->rnode->pkts++; | 192 | hnew->rnode->pkts++; |
142 | |||
143 | if (arg_netfilter) | ||
144 | logprintf(" %d.%d.%d.%d ", PRINT_IP(hnew->ip_src)); | ||
145 | } | 193 | } |
146 | 194 | ||
147 | static void hnode_free(HNode *elem) { | 195 | static void hnode_free(HNode *elem) { |
@@ -242,23 +290,23 @@ typedef struct port_type_t { | |||
242 | char *service; | 290 | char *service; |
243 | } PortType; | 291 | } PortType; |
244 | static PortType ports[] = { | 292 | static PortType ports[] = { |
245 | {20, "(FTP)"}, | 293 | {20, "FTP"}, |
246 | {21, "(FTP)"}, | 294 | {21, "FTP"}, |
247 | {22, "(SSH)"}, | 295 | {22, "SSH"}, |
248 | {23, "(telnet)"}, | 296 | {23, "telnet"}, |
249 | {25, "(SMTP)"}, | 297 | {25, "SMTP"}, |
250 | {43, "(WHOIS)"}, | 298 | {43, "WHOIS"}, |
251 | {67, "(DHCP)"}, | 299 | {67, "DHCP"}, |
252 | {68, "(DHCP)"}, | 300 | {68, "DHCP"}, |
253 | {69, "(TFTP)"}, | 301 | {69, "TFTP"}, |
254 | {80, "(HTTP)"}, | 302 | {80, "HTTP"}, |
255 | {109, "(POP2)"}, | 303 | {109, "POP2"}, |
256 | {110, "(POP3)"}, | 304 | {110, "POP3"}, |
257 | {113, "(IRC)"}, | 305 | {113, "IRC"}, |
258 | {123, "(NTP)"}, | 306 | {123, "NTP"}, |
259 | {161, "(SNMP)"}, | 307 | {161, "SNMP"}, |
260 | {162, "(SNMP)"}, | 308 | {162, "SNMP"}, |
261 | {194, "(IRC)"}, | 309 | {194, "IRC"}, |
262 | {0, NULL}, | 310 | {0, NULL}, |
263 | }; | 311 | }; |
264 | 312 | ||
@@ -266,32 +314,32 @@ static PortType ports[] = { | |||
266 | static inline const char *common_port(uint16_t port) { | 314 | static inline const char *common_port(uint16_t port) { |
267 | if (port >= 6660 && port <= 10162) { | 315 | if (port >= 6660 && port <= 10162) { |
268 | if (port >= 6660 && port <= 6669) | 316 | if (port >= 6660 && port <= 6669) |
269 | return "(IRC)"; | 317 | return "IRC"; |
270 | else if (port == 6679) | 318 | else if (port == 6679) |
271 | return "(IRC)"; | 319 | return "IRC"; |
272 | else if (port == 6771) | 320 | else if (port == 6771) |
273 | return "(BitTorrent)"; | 321 | return "BitTorrent"; |
274 | else if (port >= 6881 && port <= 6999) | 322 | else if (port >= 6881 && port <= 6999) |
275 | return "(BitTorrent)"; | 323 | return "BitTorrent"; |
276 | else if (port == 9001) | 324 | else if (port == 9001) |
277 | return "(Tor)"; | 325 | return "Tor"; |
278 | else if (port == 9030) | 326 | else if (port == 9030) |
279 | return "(Tor)"; | 327 | return "Tor"; |
280 | else if (port == 9050) | 328 | else if (port == 9050) |
281 | return "(Tor)"; | 329 | return "Tor"; |
282 | else if (port == 9051) | 330 | else if (port == 9051) |
283 | return "(Tor)"; | 331 | return "Tor"; |
284 | else if (port == 9150) | 332 | else if (port == 9150) |
285 | return "(Tor)"; | 333 | return "Tor"; |
286 | else if (port == 10161) | 334 | else if (port == 10161) |
287 | return "(secure SNMP)"; | 335 | return "secure SNMP"; |
288 | else if (port == 10162) | 336 | else if (port == 10162) |
289 | return "(secure SNMP)"; | 337 | return "secure SNMP"; |
290 | return NULL; | 338 | return NULL; |
291 | } | 339 | } |
292 | 340 | ||
293 | if (port <= 194) { | 341 | if (port <= 194) { |
294 | PortType *ptr =&ports[0]; | 342 | PortType *ptr = &ports[0]; |
295 | while(ptr->service != NULL) { | 343 | while(ptr->service != NULL) { |
296 | if (ptr->port == port) | 344 | if (ptr->port == port) |
297 | return ptr->service; | 345 | return ptr->service; |
@@ -305,7 +353,6 @@ static inline const char *common_port(uint16_t port) { | |||
305 | 353 | ||
306 | 354 | ||
307 | static void hnode_print(unsigned bw) { | 355 | static void hnode_print(unsigned bw) { |
308 | assert(!arg_netfilter); | ||
309 | bw = (bw < 1024 * DISPLAY_INTERVAL) ? 1024 * DISPLAY_INTERVAL : bw; | 356 | bw = (bw < 1024 * DISPLAY_INTERVAL) ? 1024 * DISPLAY_INTERVAL : bw; |
310 | #ifdef DEBUG | 357 | #ifdef DEBUG |
311 | printf("*********************\n"); | 358 | printf("*********************\n"); |
@@ -336,7 +383,7 @@ static void hnode_print(unsigned bw) { | |||
336 | else | 383 | else |
337 | sprintf(stats, "%u KB/s ", bw / (1024 * DISPLAY_INTERVAL)); | 384 | sprintf(stats, "%u KB/s ", bw / (1024 * DISPLAY_INTERVAL)); |
338 | // int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes); | 385 | // int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes); |
339 | int len = snprintf(line, LINE_MAX, "%32s address:port (protocol) network (packets)\n", stats); | 386 | int len = snprintf(line, LINE_MAX, "%32s address:port (protocol) network\n", stats); |
340 | adjust_line(line, len, cols); | 387 | adjust_line(line, len, cols); |
341 | printf("%s", line); | 388 | printf("%s", line); |
342 | 389 | ||
@@ -369,47 +416,67 @@ static void hnode_print(unsigned bw) { | |||
369 | bwline = print_bw(ptr->bytes / bwunit); | 416 | bwline = print_bw(ptr->bytes / bwunit); |
370 | 417 | ||
371 | const char *protocol = NULL; | 418 | const char *protocol = NULL; |
372 | if (ptr->port_src == 443 && ptr->protocol == 0x06) // TCP | 419 | if (ptr->port_src == 443 && ptr->protocol == 0x06) { // TCP |
373 | protocol = "(TLS)"; | 420 | protocol = "TLS"; |
374 | else if (ptr->port_src == 443 && ptr->protocol == 0x11) // UDP | 421 | stats_tls += ptr->pkts; |
375 | protocol = "(QUIC)"; | 422 | if (strstr(ptr->rnode->name, "DNS")) { |
376 | else if (ptr->port_src == 53) | 423 | protocol = "DoH"; |
377 | protocol = "(DNS)"; | 424 | stats_dns_doh += ptr->pkts; |
425 | } | ||
426 | |||
427 | } | ||
428 | else if (ptr->port_src == 443 && ptr->protocol == 0x11) { // UDP | ||
429 | protocol = "QUIC"; | ||
430 | stats_quic += ptr->pkts; | ||
431 | if (strstr(ptr->rnode->name, "DNS")) { | ||
432 | protocol = "DoQ"; | ||
433 | stats_dns_doq += ptr->pkts; | ||
434 | } | ||
435 | } | ||
436 | else if (ptr->port_src == 53) { | ||
437 | protocol = "DNS"; | ||
438 | stats_dns += ptr->pkts; | ||
439 | } | ||
378 | else if (ptr->port_src == 853) { | 440 | else if (ptr->port_src == 853) { |
379 | if (ptr->protocol == 0x06) | 441 | if (ptr->protocol == 0x06) { |
380 | protocol = "(DoT)"; | 442 | protocol = "DoT"; |
381 | else if (ptr->protocol == 0x11) | 443 | stats_dns_dot += ptr->pkts; |
382 | protocol = "(DoQ)"; | 444 | } |
445 | else if (ptr->protocol == 0x11) { | ||
446 | protocol = "DoQ"; | ||
447 | stats_dns_doq += ptr->pkts; | ||
448 | } | ||
383 | else | 449 | else |
384 | protocol = NULL; | 450 | protocol = NULL; |
385 | } | 451 | } |
386 | else if ((protocol = common_port(ptr->port_src)) != NULL) | 452 | else if ((protocol = common_port(ptr->port_src)) != NULL) { |
387 | ; | 453 | if (strcmp(protocol, "HTTP") == 0) |
454 | stats_http += ptr->pkts; | ||
455 | else if (strcmp(protocol, "Tor") == 0) | ||
456 | stats_tor += ptr->pkts; | ||
457 | else if (strcmp(protocol, "SSH") == 0) | ||
458 | stats_ssh += ptr->pkts; | ||
459 | } | ||
388 | else if (ptr->protocol == 0x11) | 460 | else if (ptr->protocol == 0x11) |
389 | protocol = "(UDP)"; | 461 | protocol = "UDP"; |
390 | else if (ptr->protocol == 0x06) | 462 | else if (ptr->protocol == 0x06) |
391 | protocol = "(TCP)"; | 463 | protocol = "TCP"; |
392 | 464 | ||
393 | if (protocol == NULL) | 465 | if (protocol == NULL) |
394 | protocol = ""; | 466 | protocol = ""; |
395 | if (ptr->port_src == 0) | 467 | if (ptr->port_src == 0) |
396 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d (ICMP) %s\n", | 468 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d (ICMP) %s\n", |
397 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->rnode->name); | 469 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->rnode->name); |
398 | else if (ptr->rnode->pkts > 1000000) | ||
399 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fM)\n", | ||
400 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000000); | ||
401 | else if (ptr->rnode->pkts > 1000) | ||
402 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fK)\n", | ||
403 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000); | ||
404 | else | 470 | else |
405 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%u)\n", | 471 | len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u (%s) %s\n", |
406 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ptr->rnode->pkts); | 472 | bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name); |
407 | adjust_line(line, len, cols); | 473 | adjust_line(line, len, cols); |
408 | printf("%s", line); | 474 | printf("%s", line); |
409 | 475 | ||
410 | if (ptr->bytes) | 476 | if (ptr->bytes) |
411 | ptr->ttl = DISPLAY_TTL; | 477 | ptr->ttl = DISPLAY_TTL; |
412 | ptr->bytes = 0; | 478 | ptr->bytes = 0; |
479 | ptr->pkts = 0; | ||
413 | prev = ptr; | 480 | prev = ptr; |
414 | } | 481 | } |
415 | else { | 482 | else { |
@@ -440,17 +507,10 @@ static void hnode_print(unsigned bw) { | |||
440 | 507 | ||
441 | 508 | ||
442 | void print_stats(void) { | 509 | void print_stats(void) { |
443 | printf("\nIP table: %d entries, %d unknown\n", radix_nodes, geoip_calls); | ||
444 | printf(" address network (packets)\n"); | ||
445 | radix_print(1); | ||
446 | printf("Packets: %u total, ICMP %u, DNS %u\n", stats_pkts, stats_icmp, stats_dns); | ||
447 | } | 510 | } |
448 | 511 | ||
449 | // trace rx traffic coming in | 512 | // trace rx traffic coming in |
450 | static void run_trace(void) { | 513 | static void run_trace(void) { |
451 | if (arg_netfilter) | ||
452 | logprintf("accumulating traffic for %d seconds\n", NETLOCK_INTERVAL); | ||
453 | |||
454 | // trace only rx ipv4 tcp and upd | 514 | // trace only rx ipv4 tcp and upd |
455 | int s1 = socket(AF_INET, SOCK_RAW, IPPROTO_TCP); | 515 | int s1 = socket(AF_INET, SOCK_RAW, IPPROTO_TCP); |
456 | int s2 = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); | 516 | int s2 = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); |
@@ -458,37 +518,45 @@ static void run_trace(void) { | |||
458 | if (s1 < 0 || s2 < 0 || s3 < 0) | 518 | if (s1 < 0 || s2 < 0 || s3 < 0) |
459 | errExit("socket"); | 519 | errExit("socket"); |
460 | 520 | ||
461 | unsigned start = time(NULL); | 521 | |
522 | int p1 = runprog(LIBDIR "/firejail/fnettrace-sni"); | ||
523 | if (p1 != -1) | ||
524 | printf("loading snitrace..."); | ||
525 | |||
526 | int p2 = runprog(LIBDIR "/firejail/fnettrace-dns --nolocal"); | ||
527 | if (p2 != -1) | ||
528 | printf("loading dnstrace..."); | ||
462 | unsigned last_print_traces = 0; | 529 | unsigned last_print_traces = 0; |
463 | unsigned last_print_remaining = 0; | ||
464 | unsigned char buf[MAX_BUF_SIZE]; | 530 | unsigned char buf[MAX_BUF_SIZE]; |
465 | unsigned bw = 0; // bandwidth calculations | 531 | unsigned bw = 0; // bandwidth calculations |
466 | 532 | ||
467 | while (1) { | 533 | while (1) { |
468 | unsigned end = time(NULL); | 534 | unsigned end = time(NULL); |
469 | if (arg_netfilter && end - start >= NETLOCK_INTERVAL) | ||
470 | break; | ||
471 | if (end % DISPLAY_INTERVAL == 1 && last_print_traces != end) { // first print after 1 second | 535 | if (end % DISPLAY_INTERVAL == 1 && last_print_traces != end) { // first print after 1 second |
472 | if (!arg_netfilter) | 536 | hnode_print(bw); |
473 | hnode_print(bw); | ||
474 | last_print_traces = end; | 537 | last_print_traces = end; |
475 | bw = 0; | 538 | bw = 0; |
476 | } | 539 | } |
477 | if (arg_netfilter && last_print_remaining != end) { | ||
478 | logprintf("."); | ||
479 | fflush(0); | ||
480 | last_print_remaining = end; | ||
481 | } | ||
482 | 540 | ||
483 | fd_set rfds; | 541 | fd_set rfds; |
484 | FD_ZERO(&rfds); | 542 | FD_ZERO(&rfds); |
543 | FD_SET(0, &rfds); | ||
544 | |||
485 | FD_SET(s1, &rfds); | 545 | FD_SET(s1, &rfds); |
486 | FD_SET(s2, &rfds); | 546 | FD_SET(s2, &rfds); |
487 | FD_SET(s3, &rfds); | 547 | FD_SET(s3, &rfds); |
488 | if (!arg_netfilter) | ||
489 | FD_SET(0, &rfds); | ||
490 | int maxfd = (s1 > s2) ? s1 : s2; | 548 | int maxfd = (s1 > s2) ? s1 : s2; |
491 | maxfd = (s3 > maxfd) ? s3 : maxfd; | 549 | maxfd = (s3 > maxfd) ? s3 : maxfd; |
550 | |||
551 | if (p1 != -1) { | ||
552 | FD_SET(p1, &rfds); | ||
553 | maxfd = (p1 > maxfd) ? p1 : maxfd; | ||
554 | } | ||
555 | |||
556 | if (p2 != -1) { | ||
557 | FD_SET(p2, &rfds); | ||
558 | maxfd = (p2 > maxfd) ? p2 : maxfd; | ||
559 | } | ||
492 | maxfd++; | 560 | maxfd++; |
493 | 561 | ||
494 | struct timeval tv; | 562 | struct timeval tv; |
@@ -508,10 +576,78 @@ static void run_trace(void) { | |||
508 | 576 | ||
509 | if (FD_ISSET(0, &rfds)) { | 577 | if (FD_ISSET(0, &rfds)) { |
510 | getchar(); | 578 | getchar(); |
511 | print_stats(); | 579 | printf("\n\nStats: %u packets\n", stats_pkts); |
580 | printf(" encrypted: TLS %u, QUIC %u, SSH %u, Tor %u\n", | ||
581 | stats_tls, stats_quic, stats_ssh, stats_tor); | ||
582 | printf(" unencrypted: HTTP %u\n", stats_http); | ||
583 | printf(" C&C backchannel: PING %u, DNS %u, DoH %u, DoT %u, DoQ %u\n", | ||
584 | stats_icmp_echo, stats_dns, stats_dns_doh, stats_dns_dot, stats_dns_doq); | ||
585 | printf("press any key to continue..."); | ||
586 | fflush(0); | ||
587 | |||
588 | getchar(); | ||
589 | printf("\n\nSNI log - time server-address SNI\n"); | ||
590 | print_sni(); | ||
512 | printf("press any key to continue..."); | 591 | printf("press any key to continue..."); |
513 | fflush(0); | 592 | fflush(0); |
593 | |||
594 | getchar(); | ||
595 | printf("\n\nDNS log - time server-address domain\n"); | ||
596 | print_dns(); | ||
597 | printf("press any key to continue..."); | ||
598 | fflush(0); | ||
599 | |||
514 | getchar(); | 600 | getchar(); |
601 | printf("\n\nIP table: %d addresses - server-address network (packets)\n", radix_nodes); | ||
602 | radix_print(1); | ||
603 | printf("press any key to continue..."); | ||
604 | fflush(0); | ||
605 | |||
606 | getchar(); | ||
607 | continue; | ||
608 | } | ||
609 | else if (FD_ISSET(p1, &rfds)) { | ||
610 | char buf[1024]; | ||
611 | ssize_t sz = read(p1, buf, 1024 - 1); | ||
612 | if (sz == -1) | ||
613 | errExit("error reading snitrace"); | ||
614 | if (sz == 0) { | ||
615 | fprintf(stderr, "Error: snitrace EOF!!!\n"); | ||
616 | p1 = -1; | ||
617 | } | ||
618 | if (strncmp(buf, "SNI trace", 9) == 0) | ||
619 | continue; | ||
620 | |||
621 | if (sz > LOG_RECORD_LEN) | ||
622 | sz = LOG_RECORD_LEN; | ||
623 | buf[sz] = '\0'; | ||
624 | strcpy(sni_table[sni_index].record, buf); | ||
625 | if (++sni_index >= SNIMAX) { | ||
626 | sni_index = 0; | ||
627 | *sni_table[sni_index].record = '\0'; | ||
628 | } | ||
629 | continue; | ||
630 | } | ||
631 | else if (FD_ISSET(p2, &rfds)) { | ||
632 | char buf[1024]; | ||
633 | ssize_t sz = read(p2, buf, 1024 - 1); | ||
634 | if (sz == -1) | ||
635 | errExit("error reading dnstrace"); | ||
636 | if (sz == 0) { | ||
637 | fprintf(stderr, "Error: dnstrace EOF!!!\n"); | ||
638 | p2 = -1; | ||
639 | } | ||
640 | if (strncmp(buf, "DNS trace", 9) == 0) | ||
641 | continue; | ||
642 | |||
643 | if (sz > LOG_RECORD_LEN) | ||
644 | sz = LOG_RECORD_LEN; | ||
645 | buf[sz] = '\0'; | ||
646 | strcpy(dns_table[dns_index].record, buf); | ||
647 | if (++dns_index >= DNSMAX) { | ||
648 | dns_index = 0; | ||
649 | *dns_table[dns_index].record = '\0'; | ||
650 | } | ||
515 | continue; | 651 | continue; |
516 | } | 652 | } |
517 | else if (FD_ISSET(s2, &rfds)) | 653 | else if (FD_ISSET(s2, &rfds)) |
@@ -557,10 +693,10 @@ static void run_trace(void) { | |||
557 | 693 | ||
558 | // stats | 694 | // stats |
559 | stats_pkts++; | 695 | stats_pkts++; |
560 | if (icmp) | 696 | if (icmp) { |
561 | stats_icmp++; | 697 | if (*(buf + hlen) == 0 || *(buf + hlen) == 8) |
562 | if (port_src == 53) | 698 | stats_icmp_echo++; |
563 | stats_dns++; | 699 | } |
564 | 700 | ||
565 | } | 701 | } |
566 | } | 702 | } |
@@ -572,142 +708,6 @@ static void run_trace(void) { | |||
572 | print_stats(); | 708 | print_stats(); |
573 | } | 709 | } |
574 | 710 | ||
575 | static char *filter_start = | ||
576 | "*filter\n" | ||
577 | ":INPUT DROP [0:0]\n" | ||
578 | ":FORWARD DROP [0:0]\n" | ||
579 | ":OUTPUT DROP [0:0]\n"; | ||
580 | |||
581 | // return 1 if error | ||
582 | static int print_filter(FILE *fp) { | ||
583 | if (dlist == NULL) | ||
584 | return 1; | ||
585 | fprintf(fp, "%s\n", filter_start); | ||
586 | fprintf(fp, "-A INPUT -s 127.0.0.0/8 -j ACCEPT\n"); | ||
587 | fprintf(fp, "-A OUTPUT -d 127.0.0.0/8 -j ACCEPT\n"); | ||
588 | fprintf(fp, "\n"); | ||
589 | |||
590 | int i; | ||
591 | for (i = 0; i < HMAX; i++) { | ||
592 | HNode *ptr = htable[i]; | ||
593 | while (ptr) { | ||
594 | // filter rules are targeting ip address, the port number is disregarded, | ||
595 | // so we look only at the first instance of an address | ||
596 | if (ptr->ip_instance == 1) { | ||
597 | char *protocol = (ptr->protocol == 6) ? "tcp" : "udp"; | ||
598 | fprintf(fp, "-A INPUT -s %d.%d.%d.%d -p %s -j ACCEPT\n", | ||
599 | PRINT_IP(ptr->ip_src), | ||
600 | protocol); | ||
601 | fprintf(fp, "-A OUTPUT -d %d.%d.%d.%d -p %s -j ACCEPT\n", | ||
602 | PRINT_IP(ptr->ip_src), | ||
603 | protocol); | ||
604 | fprintf(fp, "\n"); | ||
605 | } | ||
606 | ptr = ptr->hnext; | ||
607 | } | ||
608 | } | ||
609 | fprintf(fp, "COMMIT\n"); | ||
610 | |||
611 | return 0; | ||
612 | } | ||
613 | |||
614 | static char *flush_rules[] = { | ||
615 | "-P INPUT ACCEPT", | ||
616 | // "-P FORWARD DENY", | ||
617 | "-P OUTPUT ACCEPT", | ||
618 | "-F", | ||
619 | "-X", | ||
620 | // "-t nat -F", | ||
621 | // "-t nat -X", | ||
622 | // "-t mangle -F", | ||
623 | // "-t mangle -X", | ||
624 | // "iptables -t raw -F", | ||
625 | // "-t raw -X", | ||
626 | NULL | ||
627 | }; | ||
628 | |||
629 | static void deploy_netfilter(void) { | ||
630 | int rv; | ||
631 | char *cmd; | ||
632 | int i; | ||
633 | |||
634 | if (dlist == NULL) { | ||
635 | logprintf("Sorry, no network traffic was detected. The firewall was not configured.\n"); | ||
636 | return; | ||
637 | } | ||
638 | // find iptables command | ||
639 | char *iptables = NULL; | ||
640 | char *iptables_restore = NULL; | ||
641 | if (access("/sbin/iptables", X_OK) == 0) { | ||
642 | iptables = "/sbin/iptables"; | ||
643 | iptables_restore = "/sbin/iptables-restore"; | ||
644 | } | ||
645 | else if (access("/usr/sbin/iptables", X_OK) == 0) { | ||
646 | iptables = "/usr/sbin/iptables"; | ||
647 | iptables_restore = "/usr/sbin/iptables-restore"; | ||
648 | } | ||
649 | if (iptables == NULL || iptables_restore == NULL) { | ||
650 | fprintf(stderr, "Error: iptables command not found, netfilter not configured\n"); | ||
651 | exit(1); | ||
652 | } | ||
653 | |||
654 | // flush all netfilter rules | ||
655 | i = 0; | ||
656 | while (flush_rules[i]) { | ||
657 | char *cmd; | ||
658 | if (asprintf(&cmd, "%s %s", iptables, flush_rules[i]) == -1) | ||
659 | errExit("asprintf"); | ||
660 | int rv = system(cmd); | ||
661 | (void) rv; | ||
662 | free(cmd); | ||
663 | i++; | ||
664 | } | ||
665 | |||
666 | // create temporary file | ||
667 | char fname[] = "/tmp/firejail-XXXXXX"; | ||
668 | int fd = mkstemp(fname); | ||
669 | if (fd == -1) { | ||
670 | fprintf(stderr, "Error: cannot create temporary configuration file\n"); | ||
671 | exit(1); | ||
672 | } | ||
673 | |||
674 | FILE *fp = fdopen(fd, "w"); | ||
675 | if (!fp) { | ||
676 | rv = unlink(fname); | ||
677 | (void) rv; | ||
678 | fprintf(stderr, "Error: cannot create temporary configuration file\n"); | ||
679 | exit(1); | ||
680 | } | ||
681 | print_filter(fp); | ||
682 | fclose(fp); | ||
683 | |||
684 | logprintf("\n\n"); | ||
685 | logprintf(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); | ||
686 | if (asprintf(&cmd, "cat %s >> %s", fname, arg_log) == -1) | ||
687 | errExit("asprintf"); | ||
688 | rv = system(cmd); | ||
689 | (void) rv; | ||
690 | free(cmd); | ||
691 | |||
692 | if (asprintf(&cmd, "cat %s", fname) == -1) | ||
693 | errExit("asprintf"); | ||
694 | rv = system(cmd); | ||
695 | (void) rv; | ||
696 | free(cmd); | ||
697 | logprintf("<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); | ||
698 | |||
699 | // configuring | ||
700 | if (asprintf(&cmd, "%s %s", iptables_restore, fname) == -1) | ||
701 | errExit("asprintf"); | ||
702 | rv = system(cmd); | ||
703 | if (rv) | ||
704 | fprintf(stdout, "Warning: possible netfilter problem!"); | ||
705 | free(cmd); | ||
706 | |||
707 | rv = unlink(fname); | ||
708 | (void) rv; | ||
709 | logprintf("\nfirewall deployed\n"); | ||
710 | } | ||
711 | 711 | ||
712 | void logprintf(char *fmt, ...) { | 712 | void logprintf(char *fmt, ...) { |
713 | if (!arg_log) | 713 | if (!arg_log) |
@@ -733,14 +733,8 @@ static const char *const usage_str = | |||
733 | "Options:\n" | 733 | "Options:\n" |
734 | " --help, -? - this help screen\n" | 734 | " --help, -? - this help screen\n" |
735 | " --log=filename - netlocker logfile\n" | 735 | " --log=filename - netlocker logfile\n" |
736 | " --netfilter - build the firewall rules and commit them\n" | ||
737 | " --print-map - print IP map\n" | 736 | " --print-map - print IP map\n" |
738 | " --squash-map - compress IP map\n" | 737 | " --squash-map - compress IP map\n"; |
739 | " --tail - \"tail -f\" functionality\n" | ||
740 | "Examples:\n" | ||
741 | " # fnettrace - traffic trace\n" | ||
742 | " # fnettrace --netfilter --log=logfile - netlocker, dump output in logfile\n" | ||
743 | " # fnettrace --tail --log=logifile - similar to \"tail -f logfile\"\n"; | ||
744 | 738 | ||
745 | static void usage(void) { | 739 | static void usage(void) { |
746 | puts(usage_str); | 740 | puts(usage_str); |
@@ -775,7 +769,7 @@ int main(int argc, char **argv) { | |||
775 | return 0; | 769 | return 0; |
776 | } | 770 | } |
777 | else if (strncmp(argv[i], "--squash-map=", 13) == 0) { | 771 | else if (strncmp(argv[i], "--squash-map=", 13) == 0) { |
778 | if (i !=(argc - 1)) { | 772 | if (i != (argc - 1)) { |
779 | fprintf(stderr, "Error: please provide a map file\n"); | 773 | fprintf(stderr, "Error: please provide a map file\n"); |
780 | return 1; | 774 | return 1; |
781 | } | 775 | } |
@@ -798,10 +792,6 @@ int main(int argc, char **argv) { | |||
798 | fprintf(stderr, "static ip map: input %d, output %d\n", in, radix_nodes); | 792 | fprintf(stderr, "static ip map: input %d, output %d\n", in, radix_nodes); |
799 | return 0; | 793 | return 0; |
800 | } | 794 | } |
801 | else if (strcmp(argv[i], "--netfilter") == 0) | ||
802 | arg_netfilter = 1; | ||
803 | else if (strcmp(argv[i], "--tail") == 0) | ||
804 | arg_tail = 1; | ||
805 | else if (strncmp(argv[i], "--log=", 6) == 0) | 795 | else if (strncmp(argv[i], "--log=", 6) == 0) |
806 | arg_log = argv[i] + 6; | 796 | arg_log = argv[i] + 6; |
807 | else { | 797 | else { |
@@ -810,19 +800,6 @@ int main(int argc, char **argv) { | |||
810 | } | 800 | } |
811 | } | 801 | } |
812 | 802 | ||
813 | // tail | ||
814 | if (arg_tail) { | ||
815 | if (!arg_log) { | ||
816 | fprintf(stderr, "Error: no log file\n"); | ||
817 | usage(); | ||
818 | exit(1); | ||
819 | } | ||
820 | |||
821 | tail(arg_log); | ||
822 | sleep(5); | ||
823 | exit(0); | ||
824 | } | ||
825 | |||
826 | if (getuid() != 0) { | 803 | if (getuid() != 0) { |
827 | fprintf(stderr, "Error: you need to be root to run this program\n"); | 804 | fprintf(stderr, "Error: you need to be root to run this program\n"); |
828 | return 1; | 805 | return 1; |
@@ -838,25 +815,10 @@ int main(int argc, char **argv) { | |||
838 | prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); | 815 | prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0); |
839 | 816 | ||
840 | ansi_clrscr(); | 817 | ansi_clrscr(); |
841 | if (arg_netfilter) | 818 | char *fname = LIBDIR "/firejail/static-ip-map"; |
842 | logprintf("starting network lockdown\n"); | 819 | load_hostnames(fname); |
843 | else { | ||
844 | char *fname = LIBDIR "/firejail/static-ip-map"; | ||
845 | load_hostnames(fname); | ||
846 | } | ||
847 | 820 | ||
848 | run_trace(); | 821 | run_trace(); |
849 | if (arg_netfilter) { | ||
850 | // TCP path MTU discovery will not work properly since the firewall drops all ICMP packets | ||
851 | // Instead, we use iPacketization Layer PMTUD (RFC 4821) support in Linux kernel | ||
852 | int rv = system("echo 1 > /proc/sys/net/ipv4/tcp_mtu_probing"); | ||
853 | (void) rv; | ||
854 | |||
855 | deploy_netfilter(); | ||
856 | sleep(3); | ||
857 | if (arg_log) | ||
858 | unlink(arg_log); | ||
859 | } | ||
860 | 822 | ||
861 | return 0; | 823 | return 0; |
862 | } | 824 | } |
diff --git a/src/fnettrace/tail.c b/src/fnettrace/runprog.c index 3b1b274f8..e30d8a16c 100644 --- a/src/fnettrace/tail.c +++ b/src/fnettrace/runprog.c | |||
@@ -19,45 +19,13 @@ | |||
19 | */ | 19 | */ |
20 | #include "fnettrace.h" | 20 | #include "fnettrace.h" |
21 | 21 | ||
22 | void tail(const char *logfile) { | 22 | int runprog(const char *program) { |
23 | assert(logfile); | 23 | assert(program); |
24 | 24 | FILE *fp = popen(program, "r"); | |
25 | // wait for no more than 5 seconds for the logfile to appear in the filesystem | 25 | if (!fp) { |
26 | int cnt = 5; | 26 | fprintf(stderr, "Error: cannot run %s\n", program); |
27 | while (access(logfile, R_OK) && cnt > 0) | 27 | return -1; |
28 | cnt--; | ||
29 | if (cnt == 0) | ||
30 | exit(1); | ||
31 | |||
32 | off_t last_size = 0; | ||
33 | |||
34 | while (1) { | ||
35 | int fd = open(logfile, O_RDONLY); | ||
36 | if (fd == -1) | ||
37 | return; | ||
38 | |||
39 | off_t size = lseek(fd, 0, SEEK_END); | ||
40 | if (size < 0) { | ||
41 | close(fd); | ||
42 | return; | ||
43 | } | ||
44 | |||
45 | char *content = NULL; | ||
46 | int mmapped = 0; | ||
47 | if (size && size != last_size) { | ||
48 | content = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0); | ||
49 | close(fd); | ||
50 | if (content != MAP_FAILED) | ||
51 | mmapped = 1; | ||
52 | } | ||
53 | |||
54 | if (mmapped) { | ||
55 | printf("%.*s", (int) (size - last_size), content + last_size); | ||
56 | fflush(0); | ||
57 | munmap(content, size); | ||
58 | last_size = size; | ||
59 | } | ||
60 | |||
61 | sleep(1); | ||
62 | } | 28 | } |
29 | |||
30 | return fileno(fp); | ||
63 | } | 31 | } |
diff --git a/src/fnettrace/static-ip-map.txt b/src/fnettrace/static-ip-map.txt index 756658562..59ec79f8f 100644 --- a/src/fnettrace/static-ip-map.txt +++ b/src/fnettrace/static-ip-map.txt | |||
@@ -38,14 +38,19 @@ | |||
38 | # | 38 | # |
39 | 39 | ||
40 | 40 | ||
41 | # local network addresses | 41 | # local network addresses (based on https://en.wikipedia.org/wiki/Reserved_IP_addresses) |
42 | 192.168.0.0/16 local network | 42 | 10.0.0.0/8 Local network |
43 | 10.0.0.0/8 local network | 43 | 100.64.0.0/10 Carrier-grade NAT |
44 | 172.16.0.0/16 local network | 44 | 127.0.0.0/8 Local host |
45 | 169.254.0.0/16 local link | 45 | 169.254.0.0/16 Local link |
46 | 172.16.0.0/12 Local network | ||
47 | 192.0.2.0/24 Documentation | ||
48 | 192.168.0.0/16 Local network | ||
49 | 198.51.100.0/24 Documentation | ||
50 | 203.0.113.0/24 Documentation | ||
46 | 51 | ||
47 | # multicast | 52 | # multicast |
48 | 224.0.0.0/4 multicast | 53 | 224.0.0.0/4 Multicast |
49 | 224.0.0.9/32 RIPv2 | 54 | 224.0.0.9/32 RIPv2 |
50 | 224.0.0.5/32 OSPF | 55 | 224.0.0.5/32 OSPF |
51 | 224.0.0.6/32 OSPF | 56 | 224.0.0.6/32 OSPF |
@@ -86,15 +91,40 @@ | |||
86 | 4.2.2.4/32 Level3 DNS | 91 | 4.2.2.4/32 Level3 DNS |
87 | 8.8.4.0/24 Google DNS | 92 | 8.8.4.0/24 Google DNS |
88 | 8.8.8.0/24 Google DNS | 93 | 8.8.8.0/24 Google DNS |
94 | 8.20.247.20/32 Comodo DNS | ||
95 | 8.26.56.26/32 Comodo DNS | ||
89 | 9.9.9.0/24 Quad9 DNS | 96 | 9.9.9.0/24 Quad9 DNS |
90 | 45.90.28.0/22 NextDNS | 97 | 45.90.28.0/22 NextDNS |
98 | 45.11.45.0/24 DNS-SB | ||
99 | 64.6.64.6/32 Neustar DNS | ||
100 | 64.6.65.6/32 Neustar DNS | ||
101 | 74.82.42.42/32 Hurricane Electric DNS | ||
102 | 76.76.2.0/24 ControlD DNS | ||
103 | 76.76.10.0/24 ControlD DNS | ||
104 | 76.76.19.0/24 Alternate DNS | ||
105 | 76.223.122.150/32 Alternate DNS | ||
106 | 77.88.8.8/32 Yandex DNS | ||
107 | 77.88.8.1/32 Yandex DNS | ||
108 | 80.80.80.0/24 Freenom DNS Cloud | ||
109 | 80.80.81.0/24 Freenom DNS Cloud | ||
110 | 84.200.69.80/32 DSN Watch | ||
111 | 84.200.70.40/32 DNS Watch | ||
91 | 94.140.14.0/23 Adguard DNS | 112 | 94.140.14.0/23 Adguard DNS |
92 | 149.112.112.0/24 Quad9 DNS | 113 | 149.112.112.0/24 Quad9 DNS |
93 | 149.112.120.0/21 CIRA DNS Canada | 114 | 149.112.120.0/21 CIRA DNS Canada |
94 | 146.255.56.96/29 Applied Privacy | 115 | 146.255.56.96/29 Applied Privacy DNS |
95 | 176.103.128.0/19 Adguard DNS | 116 | 176.103.128.0/19 Adguard DNS |
117 | 185.222.222.0/24 DNS-SB | ||
96 | 185.228.168.0/24 Cleanbrowsing DNS | 118 | 185.228.168.0/24 Cleanbrowsing DNS |
119 | 185.236.104.0/24 FlashStart DNS | ||
120 | 185.236.105.0/24 FlashStart DNS | ||
121 | 185.253.5.0/24 NextDNS | ||
122 | 193.110.81.0/24 NextDNS | ||
123 | 205.171.3.66/32 CentyrLink DNS | ||
124 | 205.171.202.166/32 CentyrLink DNS | ||
97 | 208.67.216.0/21 OpenDNS | 125 | 208.67.216.0/21 OpenDNS |
126 | 216.146.35.35/32 Dyn DNS | ||
127 | 216.146.36.36/32 Dyn DNS | ||
98 | 128 | ||
99 | # whois | 129 | # whois |
100 | 192.0.32.0/20 ICANN | 130 | 192.0.32.0/20 ICANN |
@@ -106,13 +136,15 @@ | |||
106 | 199.212.0.0/24 whois.arin.net US | 136 | 199.212.0.0/24 whois.arin.net US |
107 | 200.3.12.0/22 whois.lacnic.net Uruguay | 137 | 200.3.12.0/22 whois.lacnic.net Uruguay |
108 | 201.159.220.0/22 whois.lacnic.net Ecuador | 138 | 201.159.220.0/22 whois.lacnic.net Ecuador |
139 | 203.119.100.0/22 apnic.net Australia | ||
109 | 140 | ||
110 | # some popular websites | 141 | # some popular websites |
111 | 5.255.255.0/24 Yandex | 142 | 5.255.255.0/24 Yandex |
112 | 23.160.0.0/24 Twitch | 143 | 23.160.0.0/24 Twitch |
144 | 23.229.128.0/17 GoDaddy | ||
113 | 23.246.0.0/18 Netflix | 145 | 23.246.0.0/18 Netflix |
114 | 31.13.24.0/21 Facebook | 146 | 31.13.24.0/21 Facebook |
115 | 31.13.64.0/18 Facebook | 147 | 31.13.64.0/17 Facebook |
116 | 37.77.184.0/21 Netflix | 148 | 37.77.184.0/21 Netflix |
117 | 45.57.0.0/17 Netflix | 149 | 45.57.0.0/17 Netflix |
118 | 45.58.64.0/20 Dropbox | 150 | 45.58.64.0/20 Dropbox |
@@ -132,9 +164,14 @@ | |||
132 | 66.211.168.0/22 PayPal | 164 | 66.211.168.0/22 PayPal |
133 | 66.211.172.0/22 eBay | 165 | 66.211.172.0/22 eBay |
134 | 66.211.176.0/20 eBay | 166 | 66.211.176.0/20 eBay |
167 | 66.218.64.0/19 Yahoo | ||
135 | 66.220.144.0/20 Facebook | 168 | 66.220.144.0/20 Facebook |
169 | 69.30.200.200/29 BitChute | ||
136 | 69.53.224.0/19 Netflix | 170 | 69.53.224.0/19 Netflix |
137 | 69.171.224.0/19 Facebook | 171 | 69.171.224.0/19 Facebook |
172 | 69.197.182.184/29 BitChute | ||
173 | 74.6.0.0/16 Yahoo | ||
174 | 74.91.29.208/29 BitChute | ||
138 | 87.250.254.0/24 Yandex | 175 | 87.250.254.0/24 Yandex |
139 | 91.105.192.0/23 Telegram | 176 | 91.105.192.0/23 Telegram |
140 | 91.108.4.0/22 Telegram | 177 | 91.108.4.0/22 Telegram |
@@ -147,14 +184,21 @@ | |||
147 | 91.189.94.0/24 Ubuntu One | 184 | 91.189.94.0/24 Ubuntu One |
148 | 95.161.64.0/20 Telegram | 185 | 95.161.64.0/20 Telegram |
149 | 99.181.64.0/18 Twitch | 186 | 99.181.64.0/18 Twitch |
150 | 103.53.48.0/23 Twitch | 187 | 69.197.138.24/29 BitChute |
151 | 104.244.40.0/21 Twitter | ||
152 | 103.10.124.0/23 Steam | 188 | 103.10.124.0/23 Steam |
153 | 103.28.54.0/24 Steam | 189 | 103.28.54.0/24 Steam |
190 | 103.53.48.0/23 Twitch | ||
191 | 104.244.40.0/21 Twitter | ||
192 | 107.150.32.0/19 BitChute | ||
193 | 107.150.35.192/29 BitChute | ||
194 | 107.150.45.120/29 BitChute | ||
154 | 108.160.160.0/20 Dropbox | 195 | 108.160.160.0/20 Dropbox |
155 | 108.175.32.0/20 Netflix | 196 | 108.175.32.0/20 Netflix |
156 | 129.134.0.0/16 Facebook | 197 | 129.134.0.0/16 Facebook |
157 | 140.82.112.0/20 GitHub | 198 | 140.82.112.0/20 GitHub |
199 | 142.54.180.104/29 BitChute | ||
200 | 142.54.181.184/29 BitChute | ||
201 | 142.54.189.192/29 BitChute | ||
158 | 143.55.64.0/20 Github | 202 | 143.55.64.0/20 Github |
159 | 146.66.152.0/24 Steam | 203 | 146.66.152.0/24 Steam |
160 | 146.66.155.0/24 Steam | 204 | 146.66.155.0/24 Steam |
@@ -174,6 +218,10 @@ | |||
174 | 162.213.32.0/22 Ubuntu One | 218 | 162.213.32.0/22 Ubuntu One |
175 | 162.254.192.0/21 Steam | 219 | 162.254.192.0/21 Steam |
176 | 172.98.56.0/22 Rumble | 220 | 172.98.56.0/22 Rumble |
221 | 173.208.154.8/29 BitChute | ||
222 | 173.208.154.160/29 BitChute | ||
223 | 173.208.185.200/29 BitChute | ||
224 | 173.208.219.112/29 BitChute | ||
177 | 178.154.131.0/24 Yandex | 225 | 178.154.131.0/24 Yandex |
178 | 185.2.220.0/22 Netflix | 226 | 185.2.220.0/22 Netflix |
179 | 185.9.188.0/22 Netflix | 227 | 185.9.188.0/22 Netflix |
@@ -194,23 +242,33 @@ | |||
194 | 192.30.252.0/22 GitHub | 242 | 192.30.252.0/22 GitHub |
195 | 192.69.96.0/22 Steam | 243 | 192.69.96.0/22 Steam |
196 | 192.108.239.0/24 Twitch | 244 | 192.108.239.0/24 Twitch |
245 | 192.151.158.136/29 BitChute | ||
197 | 192.173.64.0/18 Netflix | 246 | 192.173.64.0/18 Netflix |
247 | 192.187.97.88/29 BitChute | ||
248 | 192.187.114.96/29 BitChute | ||
249 | 192.187.123.112/29 BitChute | ||
198 | 192.189.200.0/23 Dropbox | 250 | 192.189.200.0/23 Dropbox |
199 | 194.169.254.0/24 Ubuntu One | 251 | 194.169.254.0/24 Ubuntu One |
200 | 198.38.96.0/19 Netflix | 252 | 198.38.96.0/19 Netflix |
201 | 198.45.48.0/20 Netflix | 253 | 198.45.48.0/20 Netflix |
254 | 198.204.226.120/29 BitChute | ||
255 | 198.204.245.88/29 BitChute | ||
256 | 198.252.206.0/24 Stack Exchange | ||
202 | 199.9.248.0/21 Twitch | 257 | 199.9.248.0/21 Twitch |
203 | 199.16.156.0/22 Twitter | 258 | 199.16.156.0/22 Twitter |
204 | 199.59.148.0/22 Twitter | 259 | 199.59.148.0/22 Twitter |
205 | 199.168.96.24/29 BitChute | 260 | 199.168.96.24/29 BitChute |
261 | 204.12.194.176/29 BitChute | ||
206 | 205.185.194.0/24 Steam | 262 | 205.185.194.0/24 Steam |
207 | 205.196.6.0/24 Steam | 263 | 205.196.6.0/24 Steam |
208 | 207.45.72.0/22 Netflix | 264 | 207.45.72.0/22 Netflix |
209 | 207.241.224.0/20 Internet Archive | 265 | 207.241.224.0/20 Internet Archive |
266 | 208.82.236.0/22 Creiglist | ||
210 | 208.64.200.0/22 Steam | 267 | 208.64.200.0/22 Steam |
211 | 208.75.76.0/22 Netflix | 268 | 208.75.76.0/22 Netflix |
212 | 208.78.164.0/22 Steam | 269 | 208.78.164.0/22 Steam |
213 | 208.80.152.0/22 Wikipedia | 270 | 208.80.152.0/22 Wikipedia |
271 | 208.110.68.56/29 BitChute | ||
214 | 209.140.128.0/18 eBay | 272 | 209.140.128.0/18 eBay |
215 | 273 | ||
216 | # Imperva | 274 | # Imperva |
@@ -261,15 +319,6 @@ | |||
261 | 205.224.0.0/14 Level 3 | 319 | 205.224.0.0/14 Level 3 |
262 | 209.244.0.0/14 Level 3 | 320 | 209.244.0.0/14 Level 3 |
263 | 321 | ||
264 | # WholeSale Internet | ||
265 | 69.30.192.0/18 WholeSale Internet | ||
266 | 69.197.128.0/18 WholeSale Internet | ||
267 | 173.208.128.0/17 WholeSale Internet | ||
268 | 204.12.192.0/18 WholeSale Internet | ||
269 | 208.67.0.0/21 WholeSale Internet | ||
270 | 208.110.64.0/19 WholeSale Internet | ||
271 | 208.110.91.0/24 WholeSale Internet | ||
272 | |||
273 | # StackPath | 322 | # StackPath |
274 | 69.16.173.0/24 StackPath | 323 | 69.16.173.0/24 StackPath |
275 | 69.16.174.0/23 StackPath | 324 | 69.16.174.0/23 StackPath |
@@ -279,6 +328,7 @@ | |||
279 | 205.185.196.0/23 StackPath | 328 | 205.185.196.0/23 StackPath |
280 | 205.185.198.0/24 StackPath | 329 | 205.185.198.0/24 StackPath |
281 | 205.185.200.0/21 StackPath | 330 | 205.185.200.0/21 StackPath |
331 | 205.185.208.0/24 StackPath | ||
282 | 205.185.212.0/23 StackPath | 332 | 205.185.212.0/23 StackPath |
283 | 205.185.215.0/24 StackPath | 333 | 205.185.215.0/24 StackPath |
284 | 205.185.216.0/23 StackPath | 334 | 205.185.216.0/23 StackPath |
@@ -299,6 +349,8 @@ | |||
299 | 205.185.220.0/24 StackPath | 349 | 205.185.220.0/24 StackPath |
300 | 350 | ||
301 | # Linode | 351 | # Linode |
352 | 45.79.0.0/16 Linode | ||
353 | 50.116.0.0/18 Linode | ||
302 | 66.175.208.0/20 Linode | 354 | 66.175.208.0/20 Linode |
303 | 103.29.68.0/22 Linode | 355 | 103.29.68.0/22 Linode |
304 | 104.200.16.0/21 Linode | 356 | 104.200.16.0/21 Linode |
@@ -397,6 +449,7 @@ | |||
397 | 172.105.0.0/19 Linode | 449 | 172.105.0.0/19 Linode |
398 | 172.105.112.0/20 Linode | 450 | 172.105.112.0/20 Linode |
399 | 172.105.128.0/23 Linode | 451 | 172.105.128.0/23 Linode |
452 | 173.255.192.0/18 Linode | ||
400 | 453 | ||
401 | # Akamai | 454 | # Akamai |
402 | 2.16.0.0/13 Akamai | 455 | 2.16.0.0/13 Akamai |
@@ -576,7 +629,7 @@ | |||
576 | 103.21.244.0/22 Cloudflare | 629 | 103.21.244.0/22 Cloudflare |
577 | 103.22.200.0/22 Cloudflare | 630 | 103.22.200.0/22 Cloudflare |
578 | 103.31.4.0/22 Cloudflare | 631 | 103.31.4.0/22 Cloudflare |
579 | 104.16.0.0/13 Cloudflare | 632 | 104.16.0.0/12 Cloudflare |
580 | 104.24.0.0/14 Cloudflare | 633 | 104.24.0.0/14 Cloudflare |
581 | 108.162.192.0/18 Cloudflare | 634 | 108.162.192.0/18 Cloudflare |
582 | 131.0.72.0/22 Cloudflare | 635 | 131.0.72.0/22 Cloudflare |
@@ -684,6 +737,7 @@ | |||
684 | 3.136.0.0/13 Amazon | 737 | 3.136.0.0/13 Amazon |
685 | 3.144.0.0/13 Amazon | 738 | 3.144.0.0/13 Amazon |
686 | 3.152.0.0/13 Amazon | 739 | 3.152.0.0/13 Amazon |
740 | 3.160.0.0/14 Amazon | ||
687 | 3.208.0.0/12 Amazon | 741 | 3.208.0.0/12 Amazon |
688 | 3.224.0.0/12 Amazon | 742 | 3.224.0.0/12 Amazon |
689 | 3.240.0.0/13 Amazon | 743 | 3.240.0.0/13 Amazon |