nettrace

netblue30 · Dec 28, 2021 · e984359 · e984359
1 parent 54b28a0
commit e984359
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -43,6 +43,7 @@ src/profstats/profstats
 src/bash_completion/firejail.bash_completion
 src/zsh_completion/_firejail
 src/jailcheck/jailcheck
+src/fnettrace/fnettrace
 uids.h
 seccomp
 seccomp.debug

diff --git a/README.md b/README.md
@@ -296,6 +296,24 @@ INTRUSION DETECTION SYSTEM (IDS)
               as it contains running processes.
 `````
 
+### Network Monitor
+`````
+       --nettrace=name|pid
+              Monitor TCP and UDP traffic coming into the sandbox specified by
+              name or pid. Only networked sandboxes  created  with  --net  are
+              supported.
+
+              $ firejail --nettrace=browser
+              9.9.9.9:53              =>      192.168.1.60    UDP: 122 B/sec
+              72.21.91.29:80          =>      192.168.1.60    TCP: 257 B/sec
+              80.92.126.65:123        =>      192.168.1.60    UDP: 25 B/sec
+              69.30.241.50:443        =>      192.168.1.60    TCP: 88 KB/sec
+              140.82.112.4:443        =>      192.168.1.60    TCP: 1861 B/sec
+
+              (14 streams in the last one minute)
+
+`````
+
 ### Profile Statistics
 
 A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.

diff --git a/RELNOTES b/RELNOTES
@@ -5,6 +5,7 @@ firejail (0.9.67) baseline; urgency=low
   * deterministic shutdown (--deterministic-exit-code,
      --deterministic-shutdown) (#4635)
   * noprinters command (#4607)
+  * network monitor (--nettrace)
   * build: firecfg.config is now installed to /etc/firejail/ (#4669)
   * removed --disable-whitelist at compile time
   * removed whitelist=yes/no in /etc/firejail/firejail.config

diff --git a/src/firejail/usage.c b/src/firejail/usage.c
@@ -150,6 +150,7 @@ static char *usage_str =
 	"\tparent interfaces.\n"
 	"    --netns=name - Run the program in a named, persistent network namespace.\n"
 	"    --netstats - monitor network statistics.\n"
+	"    --nettrace - monitor TCP and UDP traffic coming into the sandbox.\n"
 #endif
 	"    --nice=value - set nice value.\n"
 	"    --no3d - disable 3D hardware acceleration.\n"

diff --git a/src/man/firejail.txt b/src/man/firejail.txt
@@ -1479,6 +1479,29 @@ PID  User    RX(KB/s) TX(KB/s) Command
 1294 netblue 53.355   1.473    firejail \-\-net=eth0 firefox
 .br
 7383 netblue 9.045    0.112    firejail \-\-net=eth0 transmission
+.TP
+\fB\-\-nettrace=name|pid
+Monitor TCP and UDP traffic coming into the sandbox specified by name or pid. Only networked sandboxes
+created with \-\-net are supported.
+.br
+
+.br
+$ firejail --nettrace=browser
+.br
+9.9.9.9:53              =>      192.168.1.60    UDP: 122 B/sec
+.br
+72.21.91.29:80          =>      192.168.1.60    TCP: 257 B/sec
+.br
+80.92.126.65:123        =>      192.168.1.60    UDP: 25 B/sec
+.br
+69.30.241.50:443        =>      192.168.1.60    TCP: 88 KB/sec
+.br
+140.82.112.4:443        =>      192.168.1.60    TCP: 1861 B/sec
+.br
+
+.br
+(14 streams in the last one minute)
+
 #endif
 .TP
 \fB\-\-nice=value