Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package firetools for openSUSE:Factory checked in at 2021-05-12 19:31:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/firetools (Old) and /work/SRC/openSUSE:Factory/.firetools.new.2988 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "firetools" Wed May 12 19:31:56 2021 rev:3 rq:892337 version:0.9.64 Changes: -------- --- /work/SRC/openSUSE:Factory/firetools/firetools.changes 2021-02-18 20:53:03.807476147 +0100 +++ /work/SRC/openSUSE:Factory/.firetools.new.2988/firetools.changes 2021-05-12 19:32:23.698998589 +0200 @@ -1,0 +2,9 @@ +Wed May 12 02:41:33 UTC 2021 - Ferdinand Thiessen <r...@fthiessen.de> + +- Update to version 0.9.64 + * more fdns support + * support for firejail version 0.9.64 + * bugfixes +- Drop fixed firetools-0.9.62-fail_linking.patch + +------------------------------------------------------------------- Old: ---- firetools-0.9.62-fail_linking.patch firetools-0.9.62.tar.xz firetools-0.9.62.tar.xz.asc New: ---- firetools-0.9.64.tar.xz firetools-0.9.64.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ firetools.spec ++++++ --- /var/tmp/diff_new_pack.JVQjAY/_old 2021-05-12 19:32:24.142996816 +0200 +++ /var/tmp/diff_new_pack.JVQjAY/_new 2021-05-12 19:32:24.142996816 +0200 @@ -17,15 +17,14 @@ Name: firetools -Version: 0.9.62 +Version: 0.9.64 Release: 0 Summary: GUI for Firajail security sandbox License: GPL-2.0-only Group: Productivity/Security -URL: https://firejail.wordpress.com/ +URL: https://firejailtools.wordpress.com Source0: https://downloads.sourceforge.net/project/firejail/firetools/firetools-%{version}.tar.xz Source1: https://downloads.sourceforge.net/project/firejail/firetools/firetools-%{version}.tar.xz.asc -Patch: firetools-0.9.62-fail_linking.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: gcc-c++ ++++++ firetools-0.9.62.tar.xz -> firetools-0.9.64.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/RELNOTES new/firetools-0.9.64/RELNOTES --- old/firetools-0.9.62/RELNOTES 2019-12-16 15:08:19.000000000 +0100 +++ new/firetools-0.9.64/RELNOTES 2021-01-08 14:38:16.000000000 +0100 @@ -1,3 +1,9 @@ +firetools (0.9.64) baseline; urgency=low + * more fdns support + * support for firejail version 0.9.64 + * bugfixes + -- netblue30 <netblu...@yahoo.com> Fri, 8 Jan 2021 08:00:00 -0500 + firetools (0.9.62) baseline; urgency=low * added fdns support * added stats system tray icon diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/configure new/firetools-0.9.64/configure --- old/firetools-0.9.62/configure 2019-12-16 15:08:19.000000000 +0100 +++ new/firetools-0.9.64/configure 2021-01-08 14:33:53.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for firetools 0.9.62. +# Generated by GNU Autoconf 2.69 for firetools 0.9.64. # # Report bugs to <netblu...@yahoo.com>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='firetools' PACKAGE_TARNAME='firetools' -PACKAGE_VERSION='0.9.62' -PACKAGE_STRING='firetools 0.9.62' +PACKAGE_VERSION='0.9.64' +PACKAGE_STRING='firetools 0.9.64' PACKAGE_BUGREPORT='netblu...@yahoo.com' PACKAGE_URL='http://firejail.wordpress.com' @@ -663,6 +663,7 @@ docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -738,6 +739,7 @@ sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -990,6 +992,15 @@ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1127,7 +1138,7 @@ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1240,7 +1251,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures firetools 0.9.62 to adapt to many kinds of systems. +\`configure' configures firetools 0.9.64 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1280,6 +1291,7 @@ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1301,7 +1313,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of firetools 0.9.62:";; + short | recursive ) echo "Configuration of firetools 0.9.64:";; esac cat <<\_ACEOF @@ -1395,7 +1407,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -firetools configure 0.9.62 +firetools configure 0.9.64 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1735,7 +1747,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by firetools $as_me 0.9.62, which was +It was created by firetools $as_me 0.9.64, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4505,7 +4517,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by firetools $as_me 0.9.62, which was +This file was extended by firetools $as_me 0.9.64, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -4559,7 +4571,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -firetools config.status 0.9.62 +firetools config.status 0.9.64 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/configure.ac new/firetools-0.9.64/configure.ac --- old/firetools-0.9.62/configure.ac 2019-12-16 15:08:19.000000000 +0100 +++ new/firetools-0.9.64/configure.ac 2021-01-08 14:32:32.000000000 +0100 @@ -1,5 +1,5 @@ AC_PREREQ([2.68]) -AC_INIT(firetools, 0.9.62, netblu...@yahoo.com, , http://firejail.wordpress.com) +AC_INIT(firetools, 0.9.64, netblu...@yahoo.com, , http://firejail.wordpress.com) AC_CONFIG_SRCDIR([src/firetools/main.cpp]) #AC_CONFIG_HEADERS([config.h]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/mkdeb.sh new/firetools-0.9.64/mkdeb.sh --- old/firetools-0.9.62/mkdeb.sh 2019-10-09 04:00:24.000000000 +0200 +++ new/firetools-0.9.64/mkdeb.sh 2021-01-08 14:50:05.000000000 +0100 @@ -32,7 +32,7 @@ INSTALL_DIR+="/usr" mv $INSTALL_DIR/share/doc/firetools/RELNOTES $INSTALL_DIR/share/doc/firetools/changelog.Debian -gzip -9 $INSTALL_DIR/share/doc/firetools/changelog.Debian +gzip -9 -n $INSTALL_DIR/share/doc/firetools/changelog.Debian rm $INSTALL_DIR/share/doc/firetools/COPYING cp platform/debian/copyright $INSTALL_DIR/share/doc/firetools/. mkdir -p $DEBIAN_CTRL_DIR diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/mkman.sh new/firetools-0.9.64/mkman.sh --- old/firetools-0.9.62/mkman.sh 2019-10-09 04:00:24.000000000 +0200 +++ new/firetools-0.9.64/mkman.sh 2021-01-08 14:47:34.000000000 +0100 @@ -1,5 +1,7 @@ #!/bin/bash +set -e + sed "s/VERSION/$1/g" $2 > $3 MONTH=`LC_ALL=C date -u --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%b` sed -i "s/MONTH/$MONTH/g" $3 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/platform/debian/control new/firetools-0.9.64/platform/debian/control --- old/firetools-0.9.62/platform/debian/control 2019-10-09 04:00:24.000000000 +0200 +++ new/firetools-0.9.64/platform/debian/control 2021-01-08 14:44:43.000000000 +0100 @@ -2,10 +2,10 @@ Version: FIRETOOLSVER-1 Architecture: amd64 Maintainer: netblue30 <netblu...@yahoo.com> -Installed-Size: 340 +Installed-Size: 684 Depends: libqt5gui5, libqt5svg5, libc6 Section: admin -Priority: extra +Priority: optional Homepage: http://firejail.sourceforge.net Description: Firejail graphical user interface program. Firejail is a SUID sandbox program that reduces the risk of security diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/src/common/utils.cpp new/firetools-0.9.64/src/common/utils.cpp --- old/firetools-0.9.62/src/common/utils.cpp 2019-10-09 04:00:24.000000000 +0200 +++ new/firetools-0.9.64/src/common/utils.cpp 2020-11-20 16:49:09.000000000 +0100 @@ -62,7 +62,7 @@ perror("asprintf"); exit(1); } - + // run command char *res = run_program(cmd); if (strstr(res, prog)) @@ -73,12 +73,12 @@ // check if a name.desktop file exists in config home directory bool have_config_file(const char *name) { assert(name); - + // build the full path char *path = get_config_file_name(name); if (!path) return false; - + // check file struct stat s; bool rv = true; @@ -88,7 +88,7 @@ rv = false; free(path); - return rv; + return rv; } // get a coniguration file path based on the name; returns allocated memory @@ -102,7 +102,7 @@ errExit("asprintf"); free(homedir); return path; -} +} // get the full path of the home directory; returns allocated memory char *get_home_directory() { @@ -110,7 +110,7 @@ struct passwd *pw = getpwuid(getuid()); if (!pw) errExit("getpwuid"); - + // extract home directory if (pw->pw_dir != NULL) { char *homedir = strdup(pw->pw_dir); @@ -118,7 +118,7 @@ errExit("strdup"); return homedir; } - + return 0; } @@ -127,7 +127,7 @@ char *homedir = get_home_directory(); if (!homedir) return 0; - + char *rv; if (asprintf(&rv, "%s/.config/firetools", homedir) == -1) errExit("asprintf"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/src/firejail-ui/network.cpp new/firetools-0.9.64/src/firejail-ui/network.cpp --- old/firetools-0.9.62/src/firejail-ui/network.cpp 2019-10-09 04:00:24.000000000 +0200 +++ new/firetools-0.9.64/src/firejail-ui/network.cpp 2021-01-08 17:07:00.000000000 +0100 @@ -42,19 +42,19 @@ if (!fp) // probably we are dealing with a GrSecurity system return 0; // attempt error recovery - + char buf[BUFSIZE]; uint32_t retval = 0; while (fgets(buf, BUFSIZE, fp)) { if (strncmp(buf, "Iface", 5) == 0) continue; - + char *ptr = buf; while (*ptr != ' ' && *ptr != '\t') ptr++; while (*ptr == ' ' || *ptr == '\t') ptr++; - + unsigned dest; unsigned gw; int rv = sscanf(ptr, "%x %x", &dest, &gw); @@ -75,7 +75,10 @@ int sock = -1; struct iwreq pwrq; memset(&pwrq, 0, sizeof(pwrq)); - strncpy(pwrq.ifr_name, ifname, IFNAMSIZ); + int len = strlen(ifname); + if (len > IFNAMSIZ) + len = IFNAMSIZ; + memcpy(pwrq.ifr_name, ifname, len); if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("sockqet"); @@ -99,7 +102,7 @@ if (getifaddrs(&ifaddr) == -1) errExit("getifaddrs"); - + // find the default gateway uint32_t gw = network_get_defaultgw(); printf("default gateway detected: %d.%d.%d.%d\n", PRINT_IP(gw)); @@ -107,7 +110,7 @@ fprintf(stderr, "Warning: cannot find the default gateway. Networking namespace is disabled.\n"); return ""; } - + // Walk through linked list, maintaining head pointer so we can free list later for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { if (ifa->ifa_addr == NULL) @@ -116,7 +119,7 @@ int family = ifa->ifa_addr->sa_family; if (family != AF_INET) continue; - + // no loopback if (ifa->ifa_flags & IFF_LOOPBACK) continue; @@ -124,14 +127,14 @@ // interface not running if ((ifa->ifa_flags & (IFF_UP | IFF_RUNNING)) != (IFF_UP | IFF_RUNNING)) continue; - + // no wireless if (check_wireless(ifa->ifa_name, NULL)) continue; uint32_t if_addr = ntohl(((struct sockaddr_in *)ifa->ifa_addr)->sin_addr.s_addr); uint32_t if_mask = ntohl(((struct sockaddr_in *)ifa->ifa_netmask)->sin_addr.s_addr); - printf("network interface: %s %d.%d.%d.%d %d.%d.%d.%d\n", + printf("network interface: %s %d.%d.%d.%d %d.%d.%d.%d\n", ifa->ifa_name, PRINT_IP(if_addr), PRINT_IP(if_mask)); // check default gateway is resolved on this interface diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/src/fstats/dbpid.cpp new/firetools-0.9.64/src/fstats/dbpid.cpp --- old/firetools-0.9.62/src/fstats/dbpid.cpp 2019-10-09 04:00:24.000000000 +0200 +++ new/firetools-0.9.64/src/fstats/dbpid.cpp 2021-01-08 17:07:00.000000000 +0100 @@ -20,15 +20,12 @@ #include "dbpid.h" DbPid::DbPid(pid_t pid): next_(0), pid_(pid), cmd_(0), network_disabled_(true), uid_(0), configured_(false) { - memset(data_4min_, 0, sizeof(data_4min_)); - memset(data_1h_, 0, sizeof(data_1h_)); - memset(data_12h_, 0, sizeof(data_12h_)); } DbPid::~DbPid() { if (cmd_) delete cmd_; - + if (next_) delete next_; } @@ -45,8 +42,8 @@ delete cmd_; cmd_ = 0; } - } - + } + if (!cmd_) { cmd_ = new char[strlen(cmd) + 1]; strcpy(cmd_, cmd); @@ -60,7 +57,7 @@ next_ = dbpid; return; } - + next_->add(dbpid); } @@ -70,33 +67,33 @@ next_ = dbpid->next_; return; } - + if (next_) next_->remove(dbpid); } - + DbPid *DbPid::find(pid_t pid) { if (pid_ == pid) { return this; } - + if (next_) { return next_->find(pid); } - - return 0; -} + + return 0; +} void DbPid::dbgprint() { printf("***\n"); printf("*** PID %d, %s\n", pid_, cmd_); printf("***\n"); - + for (int i = 0; i < MAXCYCLE; i++) data_4min_[i].dbgprint(i); - + if (next_) next_->dbgprint(); } - + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/src/fstats/fstats.pro new/firetools-0.9.64/src/fstats/fstats.pro --- old/firetools-0.9.62/src/fstats/fstats.pro 2019-11-18 16:41:11.000000000 +0100 +++ new/firetools-0.9.64/src/fstats/fstats.pro 2020-08-22 15:08:06.000000000 +0200 @@ -1,6 +1,7 @@ QMAKE_CXXFLAGS += $$(CXXFLAGS) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security QMAKE_CFLAGS += $$(CFLAGS) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -QMAKE_LFLAGS += $$(LDFLAGS) -lrt -Wl,-z,relro -Wl,-z,now +QMAKE_LFLAGS += $$(LDFLAGS) -Wl,-z,relro -Wl,-z,now +QMAKE_LIBS += $$(LIBS) -lrt QT += widgets HEADERS = ../common/utils.h ../common/pid.h ../common/common.h \ pid_thread.h db.h dbstorage.h dbpid.h stats_dialog.h graph.h fstats.h diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/src/fstats/stats_dialog.cpp new/firetools-0.9.64/src/fstats/stats_dialog.cpp --- old/firetools-0.9.62/src/fstats/stats_dialog.cpp 2019-11-18 20:28:42.000000000 +0100 +++ new/firetools-0.9.64/src/fstats/stats_dialog.cpp 2021-01-08 17:07:00.000000000 +0100 @@ -27,15 +27,18 @@ #include <QUrl> #include <QProcess> +#include <sys/types.h> #include <sys/utsname.h> #include <sys/mman.h> #include <sys/stat.h> /* For mode constants */ #include <fcntl.h> /* For O_* constants */ #include <unistd.h> +#include <dirent.h> #include "stats_dialog.h" #include "db.h" #include "graph.h" +#include "../common/common.h" #include "../common/utils.h" #include "../common/pid.h" #include "../../firetools_config.h" @@ -50,24 +53,133 @@ static int getX11Display(pid_t pid); -// find the first child process for the specified pid -// return -1 if not found +// from fdns:procs.c - void procs_list(void) { +// returns malloc memory +static char *find_fdns_shm_file_name(void) { + int procs_addr_default = 0; + int procs_addr_loopback = 0; + char *procs_addr_real = NULL; + + DIR *dir; + if (!(dir = opendir("/run/fdns"))) { + // sleep 2 seconds and try again + sleep(2); + if (!(dir = opendir("/run/fdns"))) + return 0; + } + + struct dirent *entry; + int procs_addr_flag = 0; + while ((entry = readdir(dir))) { + if (*entry->d_name == '.') + continue; + + char *fname; + if (asprintf(&fname, "/proc/%s", entry->d_name) == -1) + errExit("asprintf"); + if (access(fname, R_OK) == 0) { + char *runfname; + if (asprintf(&runfname, "/run/fdns/%s", entry->d_name) == -1) + errExit("asprintf"); + if (arg_debug) + printf("pid %s,", entry->d_name); + FILE *fp = fopen(runfname, "r"); + if (fp) { + static const int MAXBUF = 1024; + char buf[MAXBUF]; + if (fgets(buf, MAXBUF, fp)) { + char *ptr = strchr(buf, '\n'); + if (ptr) + *ptr = '\0'; + + if (!procs_addr_flag) { + if (strcmp(buf, "127.1.1.1") == 0) { + procs_addr_default = 1; + procs_addr_flag = 1; + } + else if (strcmp(buf, "127.0.0.1") == 0) { + procs_addr_loopback = 1; + procs_addr_flag = 1; + } + else if (!procs_addr_real) { + procs_addr_real = strdup(buf); + if (!procs_addr_real) + errExit("strdup"); + } + } + } + } + printf("\n"); + fclose(fp); + free(runfname); + } + free(fname); + } + closedir(dir); + + char *rv = 0; + if (procs_addr_default) { + rv = strdup("/dev/shm/fdns-stats-127.1.1.1"); + if (!rv) + errExit("strdup"); + } + else if (procs_addr_loopback) { + rv = strdup("/dev/shm/fdns-stats-127.0.0.1"); + if (!rv) + errExit("strdup"); + } + else if (procs_addr_real) { + if (asprintf(&rv, "/dev/shm/fdns-stats-%s", procs_addr_real) == -1) + errExit("asprintf"); + } + + if (procs_addr_real) + free(procs_addr_real); + + return rv; +} + + +// dbus proxy path used by firejail and firemon +#define XDG_DBUS_PROXY_PATH "/usr/bin/xdg-dbus-proxy" static int find_child(int id) { int i; + int first_child = -1; + // find the first child + for (i = 0; i < max_pids && first_child == -1; i++) { + if (pids[i].level == 2 && pids[i].parent == id) { + // skip /usr/bin/xdg-dbus-proxy (started by firejail for dbus filtering) + char *cmdline = pid_proc_cmdline(i); + if (strncmp(cmdline, XDG_DBUS_PROXY_PATH, strlen(XDG_DBUS_PROXY_PATH)) == 0) { + free(cmdline); + continue; + } + free(cmdline); + first_child = i; + break; + } + } + + if (first_child == -1) + return -1; + + // find the second-level child for (i = 0; i < max_pids; i++) { - if (pids[i].level == 2 && pids[i].parent == id) + if (pids[i].level == 3 && pids[i].parent == first_child) return i; } - return -1; + // if a second child is not found, return the first child pid + // this happens for processes sandboxed with --join + return first_child; } -StatsDialog::StatsDialog(): QDialog(), fdns_report_(0), fdns_seq_(0), fdns_fd_(0), fdns_first_run_(true), fdns_cnt_(0), +StatsDialog::StatsDialog(): QDialog(), fdns_report_(0), fdns_seq_(0), fdns_fd_(0), fdns_first_run_(true), mode_(MODE_TOP), pid_(0), uid_(0), lts_(false), pid_initialized_(false), pid_seccomp_(false), pid_caps_(QString("")), pid_noroot_(false), pid_cpu_cores_(QString("")), pid_protocol_(QString("")), pid_name_(QString("")), - profile_(QString("")), pid_x11_(0), - have_join_(true), caps_cnt_(64), graph_type_(GRAPH_4MIN), net_none_(false) { + profile_(QString("")), pid_x11_(0), fdns_dump_(""), + have_join_(true), caps_cnt_(64), graph_type_(GRAPH_4MIN), net_none_(false), shm_file_name_(0) { // clean storage area cleanStorage(); @@ -193,6 +305,13 @@ else if (mode_ == MODE_FDNS) { msg += "<table><tr><td width=\"5\"></td><td>"; msg += "<a href=\"top\">Home</a>"; + msg += " <a href=\"dump\">Proxy</a>"; + msg += "</td></tr></table>"; + } + else if (mode_ == MODE_FDNS_DUMP) { + msg += "<table><tr><td width=\"5\"></td><td>"; + msg += "<a href=\"top\">Home</a>"; + msg += " <a href=\"fdns\">Live</a>"; msg += "</td></tr></table>"; } @@ -261,15 +380,135 @@ procView_->setHtml(msg); } +QString StatsDialog::printDump(int index) { + QString msg = ""; + struct tm *t = localtime(&fdns_report_->tstamp[index]); + char *s; + if (asprintf(&s, "%02d:%02d:%02d ", t->tm_hour, t->tm_min, t->tm_sec) == -1) + errExit("asprintf"); + if (strstr(fdns_report_->logentry[index], "dropped")) { + msg += "<font color=\"red\">"; + msg += QString(s) + fdns_report_->logentry[index]; + msg += "</font>"; + } + else + msg += QString(s) + fdns_report_->logentry[index]; + + free(s); + msg += "<br/>"; + + return msg; +} + +void StatsDialog::updateFdnsDump() { + if (!fdns_dump_.isEmpty()) + return; + QString msg = header(); + + if (access(shm_file_name_, R_OK)) { + msg += QString("Error: cannot open shared memory, probably fdns is not running<br/>"); + fdns_fd_ = 0; + procView_->setHtml(msg); + return; + } + + int fd = ::open(shm_file_name_, O_RDONLY); + if (fd <= 0) { + msg += "Error: cannot access Firejail DNS data"; + procView_->setHtml(msg); + return; + + } + + DnsReport report; + ssize_t len = ::read(fd, &report, sizeof(DnsReport)); + if (len != sizeof(DnsReport)) { + msg += "Error: cannot access Firejail DNS data"; + procView_->setHtml(msg); + return; + } + ::close(fd); + + QDateTime current = QDateTime::currentDateTime(); + msg += "<b>Fireail DNS report for " + current.toString() + "</b><br/><br/>"; + + msg += "<b>Stats:</b><br/>"; + msg += QString(fdns_report_->header1) + "<br/>"; + msg += QString(fdns_report_->header2) + "<br/><br/>"; + + + msg += "<b>Resolvers:</b><br/>"; + for (int i = 0; i < fdns_report_->resolvers; i++) { + QString str= QString("Resolver %1: ").arg(i); + msg += str; + if (fdns_report_->encrypted[i]) { + char *s; + if (asprintf(&s, "connected to %d.%d.%d.%d<br/>", PRINT_IP(fdns_report_->peer_ip[i])) == -1) + errExit("asprintf"); + QString str2 = s; + free(s); + msg += str2; + } + else + msg += "fallback mode<br/>"; + } + msg += "<br/>"; + + msg += "<b>Process:</b><br/>"; + QString qs = QString("PID: %1<br/>").arg(report.pid); + msg += qs; + qs = QString("Fallback server: %1<br/>").arg(report.fallback); + msg += qs; + if (report.disable_local_doh) + msg += "DoH disabled for applications behind the proxy<br/>"; + else + msg += "DoH allowed for applications behind the proxy<br/>"; + qs = QString("To shutdown the proxy run <b>\"sudo kill -9 %1\"</b> in a terminal<br/><br/>").arg(report.pid); + msg += qs; + + msg += "<b>Queries:</b><br/>"; + qs = QString("(queries cleared after %1 minutes)<br/>").arg(report.log_timeout); + msg += qs; + for (int i = fdns_report_->logindex; i < MAX_LOG_ENTRIES; i++) { + if (fdns_report_->tstamp && strlen(fdns_report_->logentry[i])) + msg += printDump(i); + } + for (int i = 0; i < fdns_report_->logindex; i++) { + if (fdns_report_->tstamp && strlen(fdns_report_->logentry[i])) + msg += printDump(i); + } + + procView_->setHtml(msg); + fdns_dump_ = msg; + if (fdns_fd_) + ::close(fdns_fd_); + fdns_fd_ = 0; + fdns_report_ = 0; +} + + void StatsDialog::updateFdns() { QString msg = header(); + if (access(shm_file_name_, R_OK)) { + msg += QString("Error: cannot open shared memory, probably fdns is not running<br/>"); + if (fdns_fd_) + ::close(fdns_fd_); + fdns_fd_ = 0; + fdns_report_ = 0; + procView_->setHtml(msg); + return; + } + // open fdns shared memory if necessary if (!fdns_fd_) { - fdns_fd_ = shm_open("/fdns-stats", O_RDONLY, S_IRWXU); + fdns_fd_ = shm_open(shm_file_name_ + 8, O_RDONLY, S_IRWXU); if (fdns_fd_ == -1) { - msg += "Error: cannot open /dev/shm/fdns_stats, probably fdns is not running<br/>"; + msg += "Error: cannot access shared memory, probably fdns is not running<br/>"; + if (fdns_fd_) + ::close(fdns_fd_); fdns_fd_ = 0; + fdns_report_ = 0; procView_->setHtml(msg); return; } @@ -278,7 +517,7 @@ if (fdns_fd_ && fdns_report_ == 0) { fdns_report_ = (DnsReport *) mmap(0, sizeof(DnsReport), PROT_READ, MAP_SHARED, fdns_fd_, 0 ); if (fdns_report_ == (void *) - 1) { - msg += "Error: cannot map /sdv/shm/fdns_stats file in process memory<<br/>"; + msg += "Error: cannot map /dev/shm/fdns_stats file in process memory<<br/>"; fdns_report_ = 0; ::close(fdns_fd_); fdns_fd_ = 0; @@ -286,28 +525,39 @@ return; } } + if (fdns_fd_ && fdns_report_) { - if (fdns_first_run_ || fdns_cnt_++ >= 10 || fdns_seq_ != fdns_report_->seq) { + if (fdns_first_run_ || fdns_seq_ != fdns_report_->seq) { fdns_first_run_ = false; - fdns_cnt_ = 0; fdns_seq_ = fdns_report_->seq; // print header - msg += fdns_report_->header; - msg += "<br/>"; + msg += "<b>"; + msg += fdns_report_->header1; + msg += "</b><br/><b>"; + msg += fdns_report_->header2; + msg += "</b><br/><br/>"; // print log lines - for (int i = fdns_report_->logindex; i < MAX_LOG_ENTRIES; i++) { - msg += fdns_report_->logentry[i]; - msg += "<br/>"; - } - for (int i = 0; i < fdns_report_->logindex; i++) { - msg += fdns_report_->logentry[i]; - msg += "<br/>"; + int row = 24; + int i; + int logrows = MAX_LOG_ENTRIES; + if ((row - 4) > 0 && (row - 4) < MAX_LOG_ENTRIES) + logrows = row - 4; + + int index = fdns_report_->logindex - logrows; + for (i = 0; i < logrows; i++, index++) { + int position = index; + if (index < 0) + position += MAX_LOG_ENTRIES; + + if (fdns_report_->tstamp && strlen(fdns_report_->logentry[position])) + msg += printDump(position); } procView_->setHtml(msg); } } + procView_->update(); } @@ -350,7 +600,7 @@ char *str = 0; char *cmd; - if (asprintf(&cmd, "firemon --tree --nowrap %d", pid_) != -1) { + if (asprintf(&cmd, "firemon --tree --wrap %d", pid_) != -1) { str = run_program(cmd); char *ptr = str; // htmlize! @@ -529,8 +779,7 @@ ptr++; char *child_dev = ptr; - QString str; - str.sprintf("%s (parent device %s", child_dev, parent_dev); + QString str = QString("%1 (parent device %2").arg(child_dev).arg(parent_dev); // detect bridge device char *sysfile; @@ -967,6 +1216,8 @@ updateTop(); else if (mode_ == MODE_FDNS) updateFdns(); + else if (mode_ == MODE_FDNS_DUMP) + updateFdnsDump(); else if (mode_ == MODE_PID) updatePid(); else if (mode_ == MODE_TREE) @@ -1084,8 +1335,24 @@ QMessageBox::about(this, tr("About"), msg); } - else if (linkstr == "fdns") + else if (linkstr == "fdns") { + if (mode_ != MODE_FDNS_DUMP) { + if (shm_file_name_) + free(shm_file_name_); + shm_file_name_ = find_fdns_shm_file_name(); + if (fdns_report_) + fdns_report_ = 0; + if (fdns_fd_) { + ::close(fdns_fd_); + sleep(1); // give the kernel some time to close the shared mem file in order to open another one + } + } mode_ = MODE_FDNS; + } + else if (linkstr == "dump") { + fdns_dump_ = QString(""); + mode_ = MODE_FDNS_DUMP; + } else if (linkstr == "newsandbox") { // start firejail-ui as a separate process diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/firetools-0.9.62/src/fstats/stats_dialog.h new/firetools-0.9.64/src/fstats/stats_dialog.h --- old/firetools-0.9.62/src/fstats/stats_dialog.h 2019-11-18 19:06:26.000000000 +0100 +++ new/firetools-0.9.64/src/fstats/stats_dialog.h 2020-12-19 14:35:21.000000000 +0100 @@ -32,17 +32,36 @@ class PidThread; + extern "C" { - typedef struct dns_report_t { - volatile uint32_t seq; //sqence number used to detect data changes - #define MAX_HEADER 163 // two full lines on a terminal screen, \n and \0 - char header[MAX_HEADER]; - int logindex; - #define MAX_LOG_ENTRIES 18 // 18 lines on the screen in order to handle tab terminals - #define MAX_ENTRY_LEN 82 // a full line on a terminal screen, \n and \0 - char logentry[MAX_LOG_ENTRIES][MAX_ENTRY_LEN]; - } DnsReport; -} +typedef struct dns_report_t { + volatile uint32_t seq; //sqence number used to detect data changes + + // proxy config + unsigned pid; + int log_timeout; + int disable_local_doh; + int nofilter; +#define MAX_ENTRY_LEN 82 // a full line on a terminal screen, \n and \0 + char fallback[MAX_ENTRY_LEN]; + + // resolvers +#define RESOLVERS_CNT_MAX 10 + int resolvers; + int encrypted[RESOLVERS_CNT_MAX]; + uint32_t peer_ip[RESOLVERS_CNT_MAX]; + + // header + char header1[MAX_ENTRY_LEN]; + char header2[MAX_ENTRY_LEN]; + + // queries + int logindex; +#define MAX_LOG_ENTRIES 512 // 18 lines on the screen in order to handle tab terminals + time_t tstamp[MAX_LOG_ENTRIES]; + char logentry[MAX_LOG_ENTRIES][MAX_ENTRY_LEN]; +} DnsReport; +} // extern "C" class StatsDialog: public QDialog { Q_OBJECT @@ -64,6 +83,8 @@ void kernelSecuritySettings(); void updateTop(); void updateFdns(); + inline QString printDump(int index); + void updateFdnsDump(); void updatePid(); void updateTree(); void updateSeccomp(); @@ -78,7 +99,6 @@ uint32_t fdns_seq_; int fdns_fd_; bool fdns_first_run_; - int fdns_cnt_; QTextBrowser *procView_; @@ -90,7 +110,8 @@ #define MODE_CAPS 5 #define MODE_FIREWALL 6 #define MODE_FDNS 7 -#define MODE_MAX 8 // always the last one +#define MODE_FDNS_DUMP 8 +#define MODE_MAX 9 // always the last one int mode_; int pid_; // pid value for mode 1 uid_t uid_; @@ -108,6 +129,7 @@ QString pid_apparmor_; QString profile_; int pid_x11_; + QString fdns_dump_; bool have_join_; int caps_cnt_; @@ -123,6 +145,8 @@ QString storage_intro_; QString storage_network_; QString storage_netfilter_; + + char *shm_file_name_; public: QAction *minimizeAction; QAction *restoreAction;
