compress static ip map for fnettrace at compile time

2026-05-15 14:16:14 -06:00 · 2023-07-06 08:38:28 -04:00 · 2023-07-06 08:38:28 -04:00 · f3774678ff
commit f3774678ff
parent 0235beefe2
7 changed files with 259 additions and 5414 deletions
--- a/1
+++ b/1
@ -160,6 +160,7 @@ clean:
 	rm -f $(SECCOMP_FILTERS)
 	rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm
 	rm -f $(SYNTAX_FILES)
+	rm -f src/fnettrace/static-ip-map
 	rm -f test/utils/index.html*
 	rm -f test/utils/wget-log
 	rm -f test/utils/firejail-test-file*
--- a/src/fnettrace/Makefile
+++ b/src/fnettrace/Makefile
@ -7,3 +7,10 @@ PROG = fnettrace
 TARGET = $(PROG)

 include $(ROOT)/src/prog.mk
+
+all: $(TARGET) static-ip-map
+static-ip-map: static-ip-map.txt fnettrace
+	./fnettrace --squash-map=static-ip-map.txt > static-ip-map
+
+
+
--- a/src/fnettrace/main.c
+++ b/src/fnettrace/main.c
@ -677,7 +677,9 @@ static const char *const usage_str =
 	"Options:\n"
 	"   --help, -? - this help screen\n"
 	"   --log=filename - netlocker logfile\n"
-	"   --netfilter - build the firewall rules and commit them.\n"
+	"   --netfilter - build the firewall rules and commit them\n"
+	"   --print-map - print IP map\n"
+	"   --squash-map - compress IP map\n"
 	"   --tail - \"tail -f\" functionality\n"
 	"Examples:\n"
 	"   # fnettrace                              - traffic trace\n"
@ -710,6 +712,36 @@ int main(int argc, char **argv) {
 			usage();
 			return 0;
 		}
+		else if (strcmp(argv[i], "--print-map") == 0) {
+			char *fname = "static-ip-map.txt";
+			load_hostnames(fname);
+			radix_print();
+			return 0;
+		}
+		else if (strncmp(argv[i], "--squash-map=", 13) == 0) {
+			if (i !=(argc - 1)) {
+				fprintf(stderr, "Error: please provide a map file\n");
+				return 1;
+			}
+			load_hostnames(argv[i] + 13);
+			int in = radix_nodes;
+			radix_squash();
+			radix_squash();
+			radix_squash();
+			radix_squash();
+			radix_squash();
+
+			printf("#\n");
+			printf("# This file is part of firejail project\n");
+			printf("# The following list of addresses was compiled from various public sources.\n");
+			printf("# License GPLv2\n");
+			printf("#\n");
+
+			radix_print();
+			printf("\n#\n#\n# input %d, output %d\n#\n#\n", in, radix_nodes);
+			fprintf(stderr, "static ip map: input %d, output %d\n", in, radix_nodes);
+			return 0;
+		}
 		else if (strcmp(argv[i], "--netfilter") == 0)
 			arg_netfilter = 1;
 		else if (strcmp(argv[i], "--tail") == 0)
--- a/src/fnettrace/radix.c
+++ b/src/fnettrace/radix.c
@ -55,10 +55,14 @@ static RNode *rmalloc(void) {
 static inline char *duplicate_name(const char *name) {
 	assert(name);

-	if (strcmp(name, "United States") == 0)
-		return "United States";
-	else if (strcmp(name, "Amazon") == 0)
+	if (strcmp(name, "Amazon") == 0)
 		return "Amazon";
+	else if (strcmp(name, "Digital Ocean") == 0)
+		return "Digital Ocean";
+	else if (strcmp(name, "Linode") == 0)
+		return "Linode";
+	else if (strcmp(name, "Google") == 0)
+		return "Google";
 	return strdup(name);
 }

@ -152,3 +156,86 @@ char *radix_longest_prefix_match(uint32_t ip) {

 	return (rv)? rv->name: NULL;
 }
+
+static uint32_t sum;
+static void print(RNode *ptr, int level) {
+	if (!ptr)
+		return;
+	if (ptr->name) {
+		printf("%d.%d.%d.%d/%d ", PRINT_IP(sum << (32 - level)), level);
+		printf("%s\n", ptr->name);
+	}
+
+	if (ptr->zero == NULL && ptr->one == NULL)
+		return;
+
+	level++;
+	sum <<= 1;
+	print(ptr->zero, level);
+	sum++;
+	print(ptr->one, level);
+	sum--;
+	sum >>= 1;
+}
+
+void radix_print(void) {
+	if (!head)
+		return;
+	printf("\n");
+	sum = 0;
+	print(head->zero, 1);
+	assert(sum == 0);
+	sum = 1;
+	print(head->one, 1);
+	assert(sum == 1);
+}
+
+static inline int strnullcmp(const char *a, const char *b) {
+	if (!a || !b)
+		return -1;
+	return strcmp(a, b);
+}
+
+void squash(RNode *ptr, int level) {
+	if (!ptr)
+		return;
+
+	if (ptr->name == NULL &&
+	    ptr->zero && ptr->one &&
+	    strnullcmp(ptr->zero->name, ptr->one->name) == 0 &&
+	    !ptr->zero->zero && !ptr->zero->one &&
+	    !ptr->one->zero && !ptr->one->one) {
+	    	ptr->name = ptr->one->name;
+//		fprintf(stderr, "squashing %d.%d.%d.%d/%d ", PRINT_IP(sum << (32 - level)), level);
+//		fprintf(stderr, "%s\n", ptr->name);
+		ptr->zero = NULL;
+		ptr->one = NULL;
+		radix_nodes--;
+		return;
+	}
+
+	if (ptr->zero == NULL && ptr->one == NULL)
+		return;
+
+	level++;
+	sum <<= 1;
+	squash(ptr->zero, level);
+	sum++;
+	squash(ptr->one, level);
+	sum--;
+	sum >>= 1;
+}
+
+// using stderr for printing
+void radix_squash(void) {
+	if (!head)
+		return;
+
+	sum = 0;
+	squash(head->zero, 1);
+	assert(sum == 0);
+	sum = 1;
+	squash(head->one, 1);
+	assert(sum == 1);
+
+}
--- a/src/fnettrace/radix.h
+++ b/src/fnettrace/radix.h
@ -23,5 +23,7 @@
 extern int radix_nodes;
 char *radix_longest_prefix_match(uint32_t ip);
 char *radix_add(uint32_t ip, uint32_t mask, char *name);
+void radix_print(void);
+void radix_squash(void);

 #endif
--- a/src/fnettrace/static-ip-map
+++ b/src/fnettrace/static-ip-map
--- a/src/fnettrace/static-ip-map.txt
+++ b/src/fnettrace/static-ip-map.txt
@ -74,7 +74,6 @@
 55.0.0.0/8 US Army
 56.0.0.0/8 US Postal Service
 73.0.0.0/8 Comcast
-205.0.0.0/8 US Army
 214.0.0.0/8 US Army
 215.0.0.0/8 US Army

@ -174,6 +173,7 @@
 185.125.188.0/22 Ubuntu One
 185.199.108.0/22 GitHub
 185.205.69.0/24 Tutanota
+185.238.113.0/24 Bitchute
 188.64.224.0/21 Twitter
 190.217.33.0/24 Steam
 192.0.64.0/18 Wordpress
@ -196,6 +196,30 @@
 208.75.76.0/22 Netflix
 208.78.164.0/22 Steam
 208.80.152.0/22 Wikipedia
+
+# Level 3
+205.128.0.0/14 Level 3
+205.180.0.0/14 Level 3
+205.184.0.0/19 Level 3
+205.184.32.0/20 Level 3
+205.184.96.0/19 Level 3
+205.184.128.0/18 Level 3
+205.184.192.0/20 Level 3
+205.184.240.0/20 Level 3
+205.128.0.0/14 Level 3
+205.180.0.0/14 Level 3
+205.184.0.0/19 Level 3
+205.184.32.0/20 Level 3
+205.184.96.0/19 Level 3
+205.184.128.0/18 Level 3
+205.184.192.0/20 Level 3
+205.184.240.0/20 Level 3
+205.187.32.0/20 Level 3
+205.187.80.0/20 Level 3
+205.187.128.0/19 Level 3
+205.187.176.0/20 Level 3
+205.187.192.0/18 Level 3
+205.224.0.0/14 Level 3
 209.244.0.0/14 Level 3

 # WholeSale Internet
@ -212,6 +236,28 @@
 69.16.174.0/23 StackPath
 69.16.176.0/20 StackPath
 151.139.0.0/16 StackPath
+205.185.194.0/23 StackPath
+205.185.196.0/23 StackPath
+205.185.198.0/24 StackPath
+205.185.200.0/21 StackPath
+205.185.212.0/23 StackPath
+205.185.215.0/24 StackPath
+205.185.216.0/23 StackPath
+205.185.219.0/24 StackPath
+205.185.220.0/24 StackPath
+205.185.215.0/24 StackPath
+205.185.216.0/23 StackPath
+205.185.219.0/24 StackPath
+205.185.220.0/24 StackPath
+205.185.194.0/23 StackPath
+205.185.196.0/23 StackPath
+205.185.198.0/24 StackPath
+205.185.200.0/21 StackPath
+205.185.212.0/23 StackPath
+205.185.215.0/24 StackPath
+205.185.216.0/23 StackPath
+205.185.219.0/24 StackPath
+205.185.220.0/24 StackPath

 # Linode
 103.29.68.0/22 Linode
@ -322,6 +368,7 @@
 96.6.0.0/15 Akamai
 96.16.0.0/15 Akamai
 104.64.0.0/10 Akamai
+173.222.0.0/15 Akamai
 184.24.0.0/13 Akamai
 184.50.0.0/15 Akamai
 184.84.0.0/14 Akamai
@ -379,6 +426,13 @@
 192.229.128.0/17 MCI

 # Microsoft
+20.40.0.0/13 Microsoft
+20.64.0.0/10 Microsoft
+20.48.0.0/12 Microsoft
+20.128.0.0/16 Microsoft
+20.33.0.0/16 Microsoft
+20.36.0.0/14 Microsoft
+20.34.0.0/15 Microsoft
 40.76.0.0/14 Microsoft
 40.96.0.0/12 Microsoft
 40.112.0.0/13 Microsoft
@ -5415,3 +5469,74 @@
 209.97.144.0/20 Digital Ocean
 209.97.160.0/20 Digital Ocean
 209.97.176.0/20 Digital Ocean
+
+# Leaseweb
+185.28.70.0/24 Leaseweb
+108.177.128.0/22 Leaseweb
+108.177.216.0/22 Leaseweb
+108.177.244.0/22 Leaseweb
+108.62.152.0/21 Leaseweb
+108.62.192.0/22 Leaseweb
+108.62.197.0/24 Leaseweb
+108.62.199.0/24 Leaseweb
+108.62.220.0/22 Leaseweb
+108.62.5.0/24 Leaseweb
+108.62.56.0/21 Leaseweb
+142.234.104.0/21 Leaseweb
+142.234.168.0/21 Leaseweb
+142.234.180.0/22 Leaseweb
+142.234.188.0/22 Leaseweb
+142.234.232.0/21 Leaseweb
+142.234.248.0/22 Leaseweb
+142.91.116.0/22 Leaseweb
+142.91.208.0/22 Leaseweb
+142.91.88.0/21 Leaseweb
+147.255.224.0/21 Leaseweb
+172.241.120.0/22 Leaseweb
+172.241.136.0/22 Leaseweb
+172.241.156.0/22 Leaseweb
+172.241.200.0/22 Leaseweb
+173.208.118.0/24 Leaseweb
+173.208.32.0/21 Leaseweb
+173.234.180.0/22 Leaseweb
+173.234.80.0/22 Leaseweb
+173.234.88.0/23 Leaseweb
+174.34.144.0/24 Leaseweb
+174.34.145.0/24 Leaseweb
+216.6.228.0/24 Leaseweb
+216.6.236.0/24 Leaseweb
+23.105.64.0/19 Leaseweb
+23.106.0.0/19 Leaseweb
+23.106.192.0/19 Leaseweb
+23.108.128.0/19 Leaseweb
+23.108.224.0/19 Leaseweb
+23.19.104.0/22 Leaseweb
+23.19.124.0/22 Leaseweb
+23.19.128.0/22 Leaseweb
+23.19.168.0/22 Leaseweb
+23.19.216.0/22 Leaseweb
+23.19.248.0/22 Leaseweb
+23.19.32.0/21 Leaseweb
+23.19.80.0/21 Leaseweb
+23.81.0.0/21 Leaseweb
+23.81.136.0/21 Leaseweb
+23.81.208.0/21 Leaseweb
+23.82.144.0/21 Leaseweb
+23.82.192.0/20 Leaseweb
+23.82.208.0/21 Leaseweb
+23.82.216.0/21 Leaseweb
+23.82.224.0/21 Leaseweb
+23.82.240.0/21 Leaseweb
+23.82.32.0/21 Leaseweb
+23.82.72.0/21 Leaseweb
+64.120.106.0/24 Leaseweb
+64.120.123.0/24 Leaseweb
+64.120.16.0/22 Leaseweb
+64.120.2.0/24 Leaseweb
+64.120.4.0/22 Leaseweb
+64.120.48.0/22 Leaseweb
+64.120.65.0/24 Leaseweb
+64.120.68.0/24 Leaseweb
+64.120.69.0/24 Leaseweb
+69.147.236.0/24 Leaseweb
+70.32.34.0/24 Leaseweb