From e9843593cbf107de641801bd9871c357e967dc99 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 28 Dec 2021 12:19:44 -0500 Subject: [PATCH] nettrace --- .gitignore | 1 + README.md | 18 ++++++++++++++++++ RELNOTES | 1 + src/firejail/usage.c | 1 + src/man/firejail.txt | 23 +++++++++++++++++++++++ 5 files changed, 44 insertions(+) diff --git a/.gitignore b/.gitignore index ace86f218..29e0b63d6 100644 --- a/.gitignore +++ b/.gitignore @@ -43,6 +43,7 @@ src/profstats/profstats src/bash_completion/firejail.bash_completion src/zsh_completion/_firejail src/jailcheck/jailcheck +src/fnettrace/fnettrace uids.h seccomp seccomp.debug diff --git a/README.md b/README.md index b16b55d6a..e52a02d34 100644 --- a/README.md +++ b/README.md @@ -296,6 +296,24 @@ INTRUSION DETECTION SYSTEM (IDS) as it contains running processes. ````` +### Network Monitor +````` + --nettrace=name|pid + Monitor TCP and UDP traffic coming into the sandbox specified by + name or pid. Only networked sandboxes created with --net are + supported. + + $ firejail --nettrace=browser + 9.9.9.9:53 => 192.168.1.60 UDP: 122 B/sec + 72.21.91.29:80 => 192.168.1.60 TCP: 257 B/sec + 80.92.126.65:123 => 192.168.1.60 UDP: 25 B/sec + 69.30.241.50:443 => 192.168.1.60 TCP: 88 KB/sec + 140.82.112.4:443 => 192.168.1.60 TCP: 1861 B/sec + + (14 streams in the last one minute) + +````` + ### Profile Statistics A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. diff --git a/RELNOTES b/RELNOTES index e16099b39..d0211ce27 100644 --- a/RELNOTES +++ b/RELNOTES @@ -5,6 +5,7 @@ firejail (0.9.67) baseline; urgency=low * deterministic shutdown (--deterministic-exit-code, --deterministic-shutdown) (#4635) * noprinters command (#4607) + * network monitor (--nettrace) * build: firecfg.config is now installed to /etc/firejail/ (#4669) * removed --disable-whitelist at compile time * removed whitelist=yes/no in /etc/firejail/firejail.config diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 4a0f05528..b993cb80c 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -150,6 +150,7 @@ static char *usage_str = "\tparent interfaces.\n" " --netns=name - Run the program in a named, persistent network namespace.\n" " --netstats - monitor network statistics.\n" + " --nettrace - monitor TCP and UDP traffic coming into the sandbox.\n" #endif " --nice=value - set nice value.\n" " --no3d - disable 3D hardware acceleration.\n" diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 09e7165a7..b366fed7c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1479,6 +1479,29 @@ PID User RX(KB/s) TX(KB/s) Command 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox .br 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission +.TP +\fB\-\-nettrace=name|pid +Monitor TCP and UDP traffic coming into the sandbox specified by name or pid. Only networked sandboxes +created with \-\-net are supported. +.br + +.br +$ firejail --nettrace=browser +.br +9.9.9.9:53 => 192.168.1.60 UDP: 122 B/sec +.br +72.21.91.29:80 => 192.168.1.60 TCP: 257 B/sec +.br +80.92.126.65:123 => 192.168.1.60 UDP: 25 B/sec +.br +69.30.241.50:443 => 192.168.1.60 TCP: 88 KB/sec +.br +140.82.112.4:443 => 192.168.1.60 TCP: 1861 B/sec +.br + +.br +(14 streams in the last one minute) + #endif .TP \fB\-\-nice=value