From d2802ce6068e5e9296e7b9a06a9c82e18ca23972 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 15 Jul 2023 08:18:08 -0400 Subject: fnettrace cleanup --- src/fnettrace/hostnames.c | 5 ++-- src/fnettrace/main.c | 52 +++++++++++++++++++++++++++-------------- src/fnettrace/radix.c | 17 ++++---------- src/fnettrace/radix.h | 11 +++++++-- src/fnettrace/static-ip-map.txt | 42 ++++++++++++++++++++++++++++++--- 5 files changed, 91 insertions(+), 36 deletions(-) (limited to 'src') diff --git a/src/fnettrace/hostnames.c b/src/fnettrace/hostnames.c index 20c83803f..7cb34e2c4 100644 --- a/src/fnettrace/hostnames.c +++ b/src/fnettrace/hostnames.c @@ -50,12 +50,13 @@ char *retrieve_hostname(uint32_t ip) { ptr = buf + 22; if (*ptr == ' ' && *(ptr + 3) == ',' && *(ptr + 4) == ' ') { rv = ptr + 5; - rv = radix_add(ip, 0xffffffff, rv); + if (strcmp(rv, "United States") == 0) + rv = "US"; } } } pclose(fp); - return rv; + return strdup(rv); } else geoip_not_found = 1; diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index 2d5072379..136a16e6d 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c @@ -33,13 +33,16 @@ typedef struct hnode_t { struct hnode_t *hnext; // used for hash table and unused linked list struct hnode_t *dnext; // used to display streams on the screen uint32_t ip_src; + RNode *rnode; // radix tree entry + + // stats uint32_t bytes; // number of bytes received in the last display interval uint16_t port_src; uint8_t protocol; + // the firewall is build based on source address, and in the linked list - // we have elements with the same address but different ports + // we could have elements with the same address but different ports uint8_t ip_instance; - char *hostname; int ttl; } HNode; @@ -89,6 +92,8 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint ip_instance++; if (ptr->port_src == port_src && ptr->protocol == protocol) { ptr->bytes += bytes; + assert(ptr->rnode); + ptr->rnode->pkts++; return; } } @@ -100,7 +105,6 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint #endif HNode *hnew = hmalloc(); assert(hnew); - hnew->hostname = NULL; hnew->ip_src = ip_src; hnew->port_src = port_src; hnew->protocol = protocol; @@ -126,6 +130,11 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint ptr->dnext = hnew; } + hnew->rnode = radix_longest_prefix_match(hnew->ip_src); + if (!hnew->rnode) + hnew->rnode = radix_add(hnew->ip_src, 0xffffffff, NULL); + hnew->rnode->pkts++; + if (arg_netfilter) logprintf(" %d.%d.%d.%d ", PRINT_IP(hnew->ip_src)); } @@ -242,15 +251,15 @@ static PortType ports[] = { {110, "(POP3)"}, {113, "(IRC)"}, {123, "(NTP)"}, - {161, "(SNP)"}, - {162, "(SNP)"}, + {161, "(SNMP)"}, + {162, "(SNMP)"}, {194, "(IRC)"}, {0, NULL}, }; static inline const char *common_port(uint16_t port) { - if (port >= 6660 && port <= 9150) { + if (port >= 6660 && port <= 10162) { if (port >= 6660 && port <= 6669) return "(IRC)"; else if (port == 6679) @@ -269,6 +278,10 @@ static inline const char *common_port(uint16_t port) { return "(Tor)"; else if (port == 9150) return "(Tor)"; + else if (port == 10161) + return "(secure SNMP)"; + else if (port == 10162) + return "(secure SNMP)"; return NULL; } @@ -317,7 +330,8 @@ static void hnode_print(unsigned bw) { sprintf(stats, "%u MB/s ", bw / (1024 * 1024 * DISPLAY_INTERVAL)); else sprintf(stats, "%u KB/s ", bw / (1024 * DISPLAY_INTERVAL)); - int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes); +// int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes); + int len = snprintf(line, LINE_MAX, "%32s address:port (protocol) host (packets)\n", stats); adjust_line(line, len, cols); printf("%s", line); @@ -336,12 +350,11 @@ static void hnode_print(unsigned bw) { else snprintf(bytes, 11, "%u B/s ", (unsigned) (ptr->bytes / DISPLAY_INTERVAL)); - if (!ptr->hostname) - ptr->hostname = radix_longest_prefix_match(ptr->ip_src); - if (!ptr->hostname) - ptr->hostname = retrieve_hostname(ptr->ip_src); - if (!ptr->hostname) - ptr->hostname = " "; + if (!ptr->rnode->name) + ptr->rnode->name = retrieve_hostname(ptr->ip_src); + if (!ptr->rnode->name) + ptr->rnode->name = " "; + assert(ptr->rnode->name); unsigned bwunit = bw / DISPLAY_BW_UNITS; char *bwline; @@ -376,11 +389,16 @@ static void hnode_print(unsigned bw) { protocol = ""; if (ptr->port_src == 0) len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d (ICMP) %s\n", - bytes, bwline, PRINT_IP(ptr->ip_src), ptr->hostname); + bytes, bwline, PRINT_IP(ptr->ip_src), ptr->rnode->name); + else if (ptr->rnode->pkts > 1000000) + len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fM)\n", + bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000000); + else if (ptr->rnode->pkts > 1000) + len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fK)\n", + bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000); else - len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s\n", - bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->hostname); - + len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%u)\n", + bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ptr->rnode->pkts); adjust_line(line, len, cols); printf("%s", line); diff --git a/src/fnettrace/radix.c b/src/fnettrace/radix.c index f0a22da74..f0ac4c094 100644 --- a/src/fnettrace/radix.c +++ b/src/fnettrace/radix.c @@ -25,12 +25,6 @@ #include "radix.h" #include "fnettrace.h" -typedef struct rnode_t { - struct rnode_t *zero; - struct rnode_t *one; - char *name; -} RNode; - RNode *head = 0; int radix_nodes = 0; @@ -100,8 +94,7 @@ static inline RNode *addZero(RNode *ptr, char *name) { // add to radix tree -char *radix_add(uint32_t ip, uint32_t mask, char *name) { - assert(name); +RNode *radix_add(uint32_t ip, uint32_t mask, char *name) { uint32_t m = 0x80000000; uint32_t lastm = 0; if (head == 0) { @@ -124,17 +117,17 @@ char *radix_add(uint32_t ip, uint32_t mask, char *name) { ptr = addZero(ptr, (valid)? name: NULL); } assert(ptr); - if (!ptr->name) { + if (name && !ptr->name) { ptr->name = duplicate_name(name); if (!ptr->name) errExit("duplicate_name"); } - return ptr->name; + return ptr; } // find last match -char *radix_longest_prefix_match(uint32_t ip) { +RNode *radix_longest_prefix_match(uint32_t ip) { if (!head) return NULL; @@ -154,7 +147,7 @@ char *radix_longest_prefix_match(uint32_t ip) { rv = ptr; } - return (rv)? rv->name: NULL; + return rv; } static uint32_t sum; diff --git a/src/fnettrace/radix.h b/src/fnettrace/radix.h index 349d0e4b8..60a64f18f 100644 --- a/src/fnettrace/radix.h +++ b/src/fnettrace/radix.h @@ -20,9 +20,16 @@ #ifndef RADIX_H #define RADIX_H +typedef struct rnode_t { + struct rnode_t *zero; + struct rnode_t *one; + char *name; + uint32_t pkts; +} RNode; + extern int radix_nodes; -char *radix_longest_prefix_match(uint32_t ip); -char *radix_add(uint32_t ip, uint32_t mask, char *name); +RNode *radix_longest_prefix_match(uint32_t ip); +RNode*radix_add(uint32_t ip, uint32_t mask, char *name); void radix_print(void); void radix_squash(void); diff --git a/src/fnettrace/static-ip-map.txt b/src/fnettrace/static-ip-map.txt index 2742e71c5..52eb307d8 100644 --- a/src/fnettrace/static-ip-map.txt +++ b/src/fnettrace/static-ip-map.txt @@ -88,6 +88,7 @@ 8.8.8.0/24 Google DNS 9.9.9.0/24 Quad9 DNS 45.90.28.0/22 NextDNS +94.140.14.0/23 Adguard DNS 149.112.112.0/24 Quad9 DNS 149.112.120.0/21 CIRA DNS Canada 146.255.56.96/29 Applied Privacy @@ -96,6 +97,7 @@ 208.67.216.0/21 OpenDNS # whois +192.0.32.0/20 ICANN 193.0.0.0/21 whois.ripe.net Netherlands 199.5.26.0/24 whois.arin.net US 199.15.80.0/21 whois.publicinterestregistry.net Canada @@ -106,6 +108,7 @@ 201.159.220.0/22 whois.lacnic.net Ecuador # some popular websites +5.255.255.0/24 Yandex 23.160.0.0/24 Twitch 23.246.0.0/18 Netflix 31.13.24.0/21 Facebook @@ -121,9 +124,18 @@ 64.63.0.0/18 Twitter 64.112.13.0/24 Dropbox 64.120.128.0/17 Netflix +66.111.48.0/22 WhatsApp +66.187.208.0/20 Cisco Systems, Inc +66.187.224.0/20 Red Hat, Inc 66.197.128.0/17 Netflix +66.211.160.0/21 eBay +66.211.168.0/22 PayPal +66.211.172.0/22 eBay +66.211.176.0/20 eBay +66.220.144.0/20 Facebook 69.53.224.0/19 Netflix 69.171.224.0/19 Facebook +87.250.254.0/24 Yandex 91.105.192.0/23 Telegram 91.108.4.0/22 Telegram 91.108.8.0/21 Telegram @@ -162,6 +174,7 @@ 162.213.32.0/22 Ubuntu One 162.254.192.0/21 Steam 172.98.56.0/22 Rumble +178.154.131.0/24 Yandex 185.2.220.0/22 Netflix 185.9.188.0/22 Netflix 185.25.182.0/23 Steam @@ -192,12 +205,24 @@ 205.185.194.0/24 Steam 205.196.6.0/24 Steam 207.45.72.0/22 Netflix +207.241.224.0/20 Internet Archive 208.64.200.0/22 Steam 208.75.76.0/22 Netflix 208.78.164.0/22 Steam 208.80.152.0/22 Wikipedia +209.140.128.0/18 eBay # Level 3 +66.114.192.0/18 Level 3 +66.147.128.0/18 Level 3 +66.147.192.0/19 Level 3 +66.162.0.0/16 Level 3 +66.170.128.0/20 Level 3 +66.192.0.0/14 Level 3 +66.199.0.0/19 Level 3 +66.243.0.0/17 Level 3 +66.243.128.0/18 Level 3 +66.251.192.0/19 Level 3 205.128.0.0/14 Level 3 205.180.0.0/14 Level 3 205.184.0.0/19 Level 3 @@ -260,6 +285,7 @@ 205.185.220.0/24 StackPath # Linode +66.175.208.0/20 Linode 103.29.68.0/22 Linode 104.200.16.0/21 Linode 104.200.24.0/22 Linode @@ -427,13 +453,17 @@ 192.229.128.0/17 MCI # Microsoft +13.64.0.0/11 Microsoft +13.104.0.0/14 Microsoft +13.96.0.0/13 Microsoft +20.33.0.0/16 Microsoft +20.36.0.0/14 Microsoft +20.34.0.0/15 Microsoft 20.40.0.0/13 Microsoft 20.64.0.0/10 Microsoft 20.48.0.0/12 Microsoft 20.128.0.0/16 Microsoft -20.33.0.0/16 Microsoft -20.36.0.0/14 Microsoft -20.34.0.0/15 Microsoft +20.192.0.0/10 Microsoft 40.76.0.0/14 Microsoft 40.96.0.0/12 Microsoft 40.112.0.0/13 Microsoft @@ -455,6 +485,8 @@ 69.147.64.0/18 Yahoo 76.13.0.0/16 Yahoo 98.136.0.0/14 Yahoo +182.22.0.0/17 Yahoo Japan +183.79.0.0/16 Yahoo Japan 206.190.32.0/19 Yahoo 209.73.160.0/19 Yahoo 209.191.64.0/18 Yahoo @@ -3505,6 +3537,10 @@ 65.8.0.0/16 Amazon 65.9.0.0/17 Amazon 65.9.128.0/18 Amazon +66.34.0.0/16 Amazon +66.157.0.0/16 Amazon +66.165.64.0/18 Amazon +66.221.0.0/16 Amazon 67.202.0.0/18 Amazon 67.220.224.0/20 Amazon 67.220.240.0/20 Amazon -- cgit v1.2.3-70-g09d2