diff --git a/src/firejail/main.c b/src/firejail/main.c index e3dab561c00..0c9c801372f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -420,7 +420,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { exit_err_feature("x11"); } #endif -#ifdef HAVE_NETWORK else if (strcmp(argv[i], "--nettrace") == 0) { if (checkcfg(CFG_NETWORK)) { if (getuid() != 0) { @@ -524,8 +523,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { exit(0); } - - +#ifdef HAVE_NETWORK else if (strncmp(argv[i], "--bandwidth=", 12) == 0) { if (checkcfg(CFG_NETWORK)) { logargs(argc, argv); diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index 5a0b97e89e4..4db8e747820 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c @@ -308,6 +308,8 @@ static inline const char *common_port(uint16_t port) { return "Tor"; else if (port == 9030) return "Tor"; + else if (port == 9040) + return "Tor"; else if (port == 9050) return "Tor"; else if (port == 9051) @@ -506,16 +508,16 @@ static void print_stats(FILE *fp) { fprintf(fp, "\n\nIP map"); if (fp == stdout) - ansi_faint(" - server-address network (packets)\n"); + ansi_faint(" - network (packets)\n"); else - fprintf(fp, " - server-address network (packets)\n"); + fprintf(fp, " - network (packets)\n"); radix_print(fp, 1); fprintf(fp, "\n\nEvents %d", ev_cnt); if (fp == stdout) - ansi_faint(" - time address:port data\n"); + ansi_faint(" - time address data\n"); else - fprintf(fp, " - time address:port data\n"); + fprintf(fp, " - time address data\n"); ev_print(fp); } diff --git a/src/fnettrace/static-ip-map.txt b/src/fnettrace/static-ip-map.txt index 3e857b200ab..aeac58c6ad8 100644 --- a/src/fnettrace/static-ip-map.txt +++ b/src/fnettrace/static-ip-map.txt @@ -188,6 +188,7 @@ 104.244.40.0/21 Twitter 108.160.160.0/20 Dropbox 108.175.32.0/20 Netflix +129.144.0.0/12 Oracle 129.134.0.0/16 Facebook 140.82.112.0/20 GitHub 143.55.64.0/20 GitHub @@ -221,7 +222,6 @@ 185.125.188.0/22 Ubuntu One 185.199.108.0/22 GitHub 185.205.69.0/24 Tutanota -185.238.113.0/24 Bitchute 188.64.224.0/21 Twitter 190.217.33.0/24 Steam 192.0.64.0/18 Wordpress @@ -253,7 +253,11 @@ 63.141.247.168/29 BitChute 63.141.247.240/29 BitChute 69.30.200.200/29 BitChute +69.30.230.64/29 BitChute +69.30.241.40/29 BitChute 69.30.241.48/29 BitChute +69.30.243.168/29 BitChute +69.30.245.232/29 BitChute 69.30.253.16/29 BitChute 69.197.182.184/29 BitChute 74.91.28.208/29 BitChute @@ -264,6 +268,7 @@ 107.150.45.120/29 BitChute 142.54.180.104/29 BitChute 142.54.181.184/29 BitChute +142.54.188.112/29 BitChute 142.54.189.192/29 BitChute 173.208.154.8/29 BitChute 173.208.154.160/29 BitChute @@ -275,19 +280,27 @@ 173.208.216.40/29 BitChute 173.208.219.112/29 BitChute 173.208.246.160/29 BitChute +185.238.113.0/24 BitChute +192.151.147.16/29 BitChute 192.151.158.136/29 BitChute 192.187.97.88/29 BitChute 192.187.114.16/29 BitChute 192.187.114.96/29 BitChute +192.187.118.168/29 BitChute +192.187.121.208/29 BitChute 192.187.123.112/29 BitChute 192.187.126.0/29 BitChute 198.204.226.120/29 BitChute 198.204.228.48/29 BitChute +198.204.235.88/29 BitChute 198.204.235.216/29 BitChute 198.204.245.32/29 BitChute 198.204.245.88/29 BitChute 198.204.250.208/29 BitChute +198.204.253.64/29 BitChute +198.204.253.184/29 BitChute 199.168.96.24/29 BitChute +199.168.96.64/29 BitChute 204.12.220.136/29 BitChute 204.12.194.176/29 BitChute 204.12.194.248/29 BitChute @@ -297,7 +310,7 @@ # WholeSale Internet 69.30.192.0/18 WholeSale Internet 69.197.128.0/18 WholeSale Internet - +142.54.160.0/19 WholeSale Internet 173.208.128.0/17 WholeSale Internet 204.12.192.0/18 WholeSale Internet 208.67.0.0/21 WholeSale Internet @@ -625,6 +638,7 @@ 206.190.32.0/19 Yahoo 209.73.160.0/19 Yahoo 209.191.64.0/18 Yahoo +212.82.100.0/22 Yahoo 216.115.96.0/20 Yahoo # Google @@ -634,6 +648,18 @@ 8.35.192.0/20 Google 23.236.48.0/20 Google 23.251.128.0/19 Google +34.4.16.0/20 Google +34.4.64.0/18 Google +34.4.6.0/23 Google +34.16.0.0/12 Google +34.32.0.0/11 Google +34.4.128.0/17 Google +34.8.0.0/13 Google +34.4.8.0/21 Google +34.5.0.0/16 Google +34.6.0.0/15 Google +34.4.32.0/19 Google +34.4.5.0/24 Google 34.64.0.0/10 Google 34.128.0.0/10 Google 35.184.0.0/13 Google @@ -1884,6 +1910,7 @@ 34.192.0.0/12 Amazon 34.208.0.0/12 Amazon 34.224.0.0/12 Amazon +34.225.127.72/10 Amazon 34.240.0.0/13 Amazon 34.248.0.0/13 Amazon 35.71.64.0/22 Amazon @@ -3432,7 +3459,7 @@ 54.93.0.0/16 Amazon 54.94.0.0/16 Amazon 54.95.0.0/16 Amazon -54.144.0.0/14 Amazon +54.144.0.0/12 Amazon 54.148.0.0/15 Amazon 54.150.0.0/16 Amazon 54.151.0.0/17 Amazon @@ -3443,7 +3470,7 @@ 54.154.0.0/16 Amazon 54.155.0.0/16 Amazon 54.156.0.0/14 Amazon -54.160.0.0/13 Amazon +54.160.0.0/11 Amazon 54.168.0.0/16 Amazon 54.169.0.0/16 Amazon 54.170.0.0/15 Amazon @@ -3456,7 +3483,7 @@ 54.182.0.0/16 Amazon 54.183.0.0/16 Amazon 54.184.0.0/13 Amazon -54.192.0.0/16 Amazon +54.192.0.0/12 Amazon 54.193.0.0/16 Amazon 54.194.0.0/15 Amazon 54.196.0.0/15 Amazon @@ -3467,12 +3494,12 @@ 54.204.0.0/15 Amazon 54.206.0.0/16 Amazon 54.207.0.0/16 Amazon -54.208.0.0/15 Amazon +54.208.0.0/13 Amazon 54.210.0.0/15 Amazon 54.212.0.0/15 Amazon 54.214.0.0/16 Amazon 54.215.0.0/16 Amazon -54.216.0.0/15 Amazon +54.216.0.0/14 Amazon 54.218.0.0/16 Amazon 54.219.0.0/16 Amazon 54.220.0.0/16 Amazon diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index ee4adf5b80d..06969e851d6 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in @@ -788,7 +788,6 @@ $ firejail \-\-list .br $ firejail \-\-dns.print=3272 -#ifdef HAVE_NETWORK .TP \fB\-\-dnstrace[=name|pid] Monitor DNS queries. The sandbox can be specified by name or pid. Only networked sandboxes @@ -828,7 +827,6 @@ $ sudo firejail --dnstrace .br 11:32:08 9.9.9.9 www.youtube.com (type 1) .br -#endif .TP \fB\-\-env=name=value @@ -930,7 +928,6 @@ $ firejail --ignore=seccomp --ignore=caps firefox $ firejail \-\-ignore="net eth0" firefox #endif -#ifdef HAVE_NETWORK .TP \fB\-\-icmptrace[=name|pid] Monitor ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes @@ -956,7 +953,6 @@ $ sudo firejail --icmptrace .br 20:53:55 192.168.1.60 -> 1.1.1.1 - 154 bytes - Destination unreachable/Port unreachable .br -#endif .TP \fB\-\-\include=file.profile @@ -1643,6 +1639,7 @@ PID User RX(KB/s) TX(KB/s) Command 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox .br 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission +#endif .TP \fB\-\-nettrace[=name|pid] Monitor received TCP. UDP, and ICMP traffic. The sandbox can be specified by name or pid. Only networked sandboxes @@ -1658,17 +1655,15 @@ Example: .br $ sudo firejail --nettrace .br - 95 KB/s geoip 457, IP database 4436 + 93 KB/s address:port (protocol) network .br - 52 KB/s *********** 64.222.84.207:443 United States + 14 B/s ** 104.24.8.4:443(QUIC) Cloudflare .br - 33 KB/s ******* 89.147.74.105:63930 Hungary + 80 KB/s ***************** 192.187.97.90:443(TLS) BitChute .br - 0 B/s 45.90.28.0:443 NextDNS + 1 B/s 149.56.228.45:443(DoH) Canada .br - 0 B/s 94.70.122.176:52309(UDP) Greece -.br - 339 B/s 104.26.7.35:443 Cloudflare +(D)isplay, (S)ave, (C)lear, e(X)it .br .br @@ -1677,7 +1672,6 @@ the country the traffic originates from is added to the trace. We also use the static IP map in /usr/lib/firejail/static-ip-map to print the domain names for some of the more common websites and cloud platforms. No external services are contacted for reverse IP lookup. -#endif .TP \fB\-\-nice=value Set nice value for all processes running inside the sandbox. @@ -2862,7 +2856,6 @@ $ firejail \-\-list .br $ firejail \-\-shutdown=3272 -#ifdef HAVE_NETWORK .TP \fB\-\-snitrace[=name|pid] Monitor Server Name Indication (TLS/SNI). The sandbox can be specified by name or pid. Only networked sandboxes @@ -2904,7 +2897,6 @@ $ sudo firejail --snitrace .br 07:53:11 192.0.73.2 1.gravatar.com .br -#endif .TP \fB\-\-tab