fnettrace cleanup

2026-05-22 22:01:18 -06:00 · 2023-07-15 08:18:08 -04:00 · 2023-07-15 08:18:08 -04:00 · d2802ce606
commit d2802ce606
parent 0d9c266c86
5 changed files with 91 additions and 36 deletions
--- a/src/fnettrace/hostnames.c
+++ b/src/fnettrace/hostnames.c
@ -50,12 +50,13 @@ char *retrieve_hostname(uint32_t ip) {
 				ptr = buf + 22;
 				if (*ptr == ' ' && *(ptr + 3) == ',' &&  *(ptr + 4) == ' ') {
 					rv = ptr + 5;
-					rv = radix_add(ip, 0xffffffff, rv);
+					if (strcmp(rv, "United States") == 0)
+						rv = "US";
 				}
 			}
 		}
 		pclose(fp);
-		return rv;
+		return strdup(rv);
 	}
 	else
 		geoip_not_found = 1;
--- a/src/fnettrace/main.c
+++ b/src/fnettrace/main.c
@ -33,13 +33,16 @@ typedef struct hnode_t {
 	struct hnode_t *hnext;	// used for hash table and unused linked list
 	struct hnode_t *dnext;	// used to display streams on the screen
 	uint32_t ip_src;
+	RNode *rnode;	// radix tree entry
+
+	// stats
 	uint32_t  bytes;	// number of bytes received in the last display interval
 	uint16_t port_src;
 	uint8_t protocol;
+
 	// the firewall is build based on source address, and in the linked list
-	// we have elements with the same address but different ports
+	// we could have elements with the same address but different ports
 	uint8_t ip_instance;
-	char *hostname;
 	int ttl;
 } HNode;

@ -89,6 +92,8 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint
 			ip_instance++;
 			if (ptr->port_src == port_src && ptr->protocol == protocol) {
 				ptr->bytes += bytes;
+				assert(ptr->rnode);
+				ptr->rnode->pkts++;
 				return;
 			}
 		}
@ -100,7 +105,6 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint
 #endif
 	HNode *hnew = hmalloc();
 	assert(hnew);
-	hnew->hostname = NULL;
 	hnew->ip_src = ip_src;
 	hnew->port_src = port_src;
 	hnew->protocol = protocol;
@ -126,6 +130,11 @@ static void hnode_add(uint32_t ip_src, uint8_t protocol, uint16_t port_src, uint
 		ptr->dnext = hnew;
 	}

+	hnew->rnode = radix_longest_prefix_match(hnew->ip_src);
+	if (!hnew->rnode)
+		hnew->rnode = radix_add(hnew->ip_src, 0xffffffff, NULL);
+	hnew->rnode->pkts++;
+
 	if (arg_netfilter)
 		logprintf(" %d.%d.%d.%d ", PRINT_IP(hnew->ip_src));
 }
@ -242,15 +251,15 @@ static PortType ports[] = {
 	{110, "(POP3)"},
 	{113, "(IRC)"},
 	{123, "(NTP)"},
-	{161, "(SNP)"},
-	{162, "(SNP)"},
+	{161, "(SNMP)"},
+	{162, "(SNMP)"},
 	{194, "(IRC)"},
 	{0, NULL},
 };


 static inline const char *common_port(uint16_t port) {
-	if (port >= 6660 && port <= 9150) {
+	if (port >= 6660 && port <= 10162) {
 		if (port >= 6660 && port <= 6669)
 			return "(IRC)";
 		else if (port == 6679)
@ -269,6 +278,10 @@ static inline const char *common_port(uint16_t port) {
 			return "(Tor)";
 		else if (port == 9150)
 			return "(Tor)";
+		else if (port == 10161)
+			return "(secure SNMP)";
+		else if (port == 10162)
+			return "(secure SNMP)";
 		return NULL;
 	}

@ -317,7 +330,8 @@ static void hnode_print(unsigned bw) {
 		sprintf(stats, "%u MB/s ", bw / (1024 * 1024 * DISPLAY_INTERVAL));
 	else
 		sprintf(stats, "%u KB/s ", bw / (1024 * DISPLAY_INTERVAL));
-	int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes);
+//	int len = snprintf(line, LINE_MAX, "%32s geoip %d, IP database %d\n", stats, geoip_calls, radix_nodes);
+	int len = snprintf(line, LINE_MAX, "%32s address:port (protocol) host (packets)\n", stats);
 	adjust_line(line, len, cols);
 	printf("%s", line);

@ -336,12 +350,11 @@ static void hnode_print(unsigned bw) {
 			else
 				snprintf(bytes, 11, "%u B/s ", (unsigned) (ptr->bytes / DISPLAY_INTERVAL));

-			if (!ptr->hostname)
-				ptr->hostname = radix_longest_prefix_match(ptr->ip_src);
-			if (!ptr->hostname)
-				ptr->hostname = retrieve_hostname(ptr->ip_src);
-			if (!ptr->hostname)
-				ptr->hostname = " ";
+			if (!ptr->rnode->name)
+				ptr->rnode->name = retrieve_hostname(ptr->ip_src);
+			if (!ptr->rnode->name)
+				ptr->rnode->name = " ";
+			assert(ptr->rnode->name);

 			unsigned bwunit = bw / DISPLAY_BW_UNITS;
 			char *bwline;
@ -376,11 +389,16 @@ static void hnode_print(unsigned bw) {
 				protocol = "";
 			if (ptr->port_src == 0)
 				len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d (ICMP) %s\n",
-					       bytes, bwline, PRINT_IP(ptr->ip_src), ptr->hostname);
+					       bytes, bwline, PRINT_IP(ptr->ip_src), ptr->rnode->name);
+			else if (ptr->rnode->pkts > 1000000)
+				len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fM)\n",
+					       bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000000);
+			else if (ptr->rnode->pkts > 1000)
+				len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%.01fK)\n",
+					       bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ((double) ptr->rnode->pkts) / 1000);
 			else
-				len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s\n",
-					       bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->hostname);
-
+				len = snprintf(line, LINE_MAX, "%10s %s %d.%d.%d.%d:%u%s %s (%u)\n",
+					       bytes, bwline, PRINT_IP(ptr->ip_src), ptr->port_src, protocol, ptr->rnode->name, ptr->rnode->pkts);
 			adjust_line(line, len, cols);
 			printf("%s", line);

--- a/src/fnettrace/radix.c
+++ b/src/fnettrace/radix.c
@ -25,12 +25,6 @@
 #include "radix.h"
 #include "fnettrace.h"

-typedef struct rnode_t {
-	struct rnode_t *zero;
-	struct rnode_t *one;
-	char *name;
-} RNode;
-
 RNode *head = 0;
 int radix_nodes = 0;

@ -100,8 +94,7 @@ static inline RNode *addZero(RNode *ptr, char *name) {


 // add to radix tree
-char *radix_add(uint32_t ip, uint32_t mask, char *name) {
-	assert(name);
+RNode *radix_add(uint32_t ip, uint32_t mask, char *name) {
 	uint32_t m = 0x80000000;
 	uint32_t lastm = 0;
 	if (head == 0) {
@ -124,17 +117,17 @@ char *radix_add(uint32_t ip, uint32_t mask, char *name) {
 			ptr = addZero(ptr, (valid)? name: NULL);
 	}
 	assert(ptr);
-	if (!ptr->name) {
+	if (name && !ptr->name) {
 		ptr->name = duplicate_name(name);
 		if (!ptr->name)
 			errExit("duplicate_name");
 	}

-	return ptr->name;
+	return ptr;
 }

 // find last match
-char *radix_longest_prefix_match(uint32_t ip) {
+RNode *radix_longest_prefix_match(uint32_t ip) {
 	if (!head)
 		return NULL;

@ -154,7 +147,7 @@ char *radix_longest_prefix_match(uint32_t ip) {
 			rv = ptr;
 	}

-	return (rv)? rv->name: NULL;
+	return rv;
 }

 static uint32_t sum;
--- a/src/fnettrace/radix.h
+++ b/src/fnettrace/radix.h
@ -20,9 +20,16 @@
 #ifndef RADIX_H
 #define RADIX_H

+typedef struct rnode_t {
+	struct rnode_t *zero;
+	struct rnode_t *one;
+	char *name;
+	uint32_t pkts;
+} RNode;
+
 extern int radix_nodes;
-char *radix_longest_prefix_match(uint32_t ip);
-char *radix_add(uint32_t ip, uint32_t mask, char *name);
+RNode *radix_longest_prefix_match(uint32_t ip);
+RNode*radix_add(uint32_t ip, uint32_t mask, char *name);
 void radix_print(void);
 void radix_squash(void);

--- a/src/fnettrace/static-ip-map.txt
+++ b/src/fnettrace/static-ip-map.txt
@ -88,6 +88,7 @@
 8.8.8.0/24 Google DNS
 9.9.9.0/24 Quad9 DNS
 45.90.28.0/22 NextDNS
+94.140.14.0/23 Adguard DNS
 149.112.112.0/24 Quad9 DNS
 149.112.120.0/21 CIRA DNS Canada
 146.255.56.96/29 Applied Privacy
@ -96,6 +97,7 @@
 208.67.216.0/21 OpenDNS

 # whois
+192.0.32.0/20 ICANN
 193.0.0.0/21 whois.ripe.net Netherlands
 199.5.26.0/24 whois.arin.net US
 199.15.80.0/21 whois.publicinterestregistry.net Canada
@ -106,6 +108,7 @@
 201.159.220.0/22 whois.lacnic.net Ecuador

 # some popular websites
+5.255.255.0/24 Yandex
 23.160.0.0/24 Twitch
 23.246.0.0/18 Netflix
 31.13.24.0/21 Facebook
@ -121,9 +124,18 @@
 64.63.0.0/18 Twitter
 64.112.13.0/24 Dropbox
 64.120.128.0/17 Netflix
+66.111.48.0/22 WhatsApp
+66.187.208.0/20 Cisco Systems, Inc
+66.187.224.0/20 Red Hat, Inc
 66.197.128.0/17 Netflix
+66.211.160.0/21 eBay
+66.211.168.0/22 PayPal
+66.211.172.0/22 eBay
+66.211.176.0/20 eBay
+66.220.144.0/20 Facebook
 69.53.224.0/19 Netflix
 69.171.224.0/19 Facebook
+87.250.254.0/24 Yandex
 91.105.192.0/23 Telegram
 91.108.4.0/22 Telegram
 91.108.8.0/21 Telegram
@ -162,6 +174,7 @@
 162.213.32.0/22 Ubuntu One
 162.254.192.0/21 Steam
 172.98.56.0/22 Rumble
+178.154.131.0/24 Yandex
 185.2.220.0/22 Netflix
 185.9.188.0/22 Netflix
 185.25.182.0/23 Steam
@ -192,12 +205,24 @@
 205.185.194.0/24 Steam
 205.196.6.0/24 Steam
 207.45.72.0/22 Netflix
+207.241.224.0/20 Internet Archive
 208.64.200.0/22 Steam
 208.75.76.0/22 Netflix
 208.78.164.0/22 Steam
 208.80.152.0/22 Wikipedia
+209.140.128.0/18 eBay

 # Level 3
+66.114.192.0/18 Level 3
+66.147.128.0/18 Level 3
+66.147.192.0/19 Level 3
+66.162.0.0/16 Level 3
+66.170.128.0/20 Level 3
+66.192.0.0/14 Level 3
+66.199.0.0/19 Level 3
+66.243.0.0/17 Level 3
+66.243.128.0/18 Level 3
+66.251.192.0/19 Level 3
 205.128.0.0/14 Level 3
 205.180.0.0/14 Level 3
 205.184.0.0/19 Level 3
@ -260,6 +285,7 @@
 205.185.220.0/24 StackPath

 # Linode
+66.175.208.0/20 Linode
 103.29.68.0/22 Linode
 104.200.16.0/21 Linode
 104.200.24.0/22 Linode
@ -427,13 +453,17 @@
 192.229.128.0/17 MCI

 # Microsoft
+13.64.0.0/11 Microsoft
+13.104.0.0/14 Microsoft
+13.96.0.0/13 Microsoft
+20.33.0.0/16 Microsoft
+20.36.0.0/14 Microsoft
+20.34.0.0/15 Microsoft
 20.40.0.0/13 Microsoft
 20.64.0.0/10 Microsoft
 20.48.0.0/12 Microsoft
 20.128.0.0/16 Microsoft
-20.33.0.0/16 Microsoft
-20.36.0.0/14 Microsoft
-20.34.0.0/15 Microsoft
+20.192.0.0/10 Microsoft
 40.76.0.0/14 Microsoft
 40.96.0.0/12 Microsoft
 40.112.0.0/13 Microsoft
@ -455,6 +485,8 @@
 69.147.64.0/18 Yahoo
 76.13.0.0/16 Yahoo
 98.136.0.0/14 Yahoo
+182.22.0.0/17 Yahoo Japan
+183.79.0.0/16 Yahoo Japan
 206.190.32.0/19 Yahoo
 209.73.160.0/19 Yahoo
 209.191.64.0/18 Yahoo
@ -3505,6 +3537,10 @@
 65.8.0.0/16 Amazon
 65.9.0.0/17 Amazon
 65.9.128.0/18 Amazon
+66.34.0.0/16 Amazon
+66.157.0.0/16 Amazon
+66.165.64.0/18 Amazon
+66.221.0.0/16 Amazon
 67.202.0.0/18 Amazon
 67.220.224.0/20 Amazon
 67.220.240.0/20 Amazon