diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-10-26 20:15:44 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-26 20:15:44 +0200 |
| commit | 611c3b66f0db3ca113db6fb71534231bb87b4cef (patch) | |
| tree | 0dc777ffbf5a52e64b248b99b38620680d2a01d8 /utils | |
| parent | 1832d247b39e24ac7cc1b8417ca076bd61ae9c6e (diff) | |
ipv6: add support for ipv6 addresses lists (#2113)
Diffstat (limited to 'utils')
| -rwxr-xr-x | utils/asn_update.sh | 14 | ||||
| -rwxr-xr-x | utils/aws_ip_addresses_download.sh | 10 | ||||
| -rwxr-xr-x | utils/azure_ip_addresses_download.sh | 9 | ||||
| -rwxr-xr-x | utils/cachefly_ip_addresses_download.sh | 2 | ||||
| -rwxr-xr-x | utils/cloudflare_ip_addresses_download.sh | 10 | ||||
| -rwxr-xr-x | utils/crawlers_ip_addresses_download.sh | 23 | ||||
| -rwxr-xr-x | utils/ethereum_ip_addresses_download.sh | 2 | ||||
| -rwxr-xr-x | utils/get_routes6_by_asn.sh | 19 | ||||
| -rw-r--r-- | utils/google6.py | 41 | ||||
| -rwxr-xr-x | utils/google_cloud_ip_addresses_download.sh | 9 | ||||
| -rwxr-xr-x | utils/google_ip_addresses_download.sh | 8 | ||||
| -rwxr-xr-x | utils/icloud_private_relay_ip_addresses_download.sh | 11 | ||||
| -rwxr-xr-x | utils/ipaddr2list.py | 34 | ||||
| -rwxr-xr-x | utils/microsoft_ip_addresses_download.sh | 23 | ||||
| -rwxr-xr-x | utils/mullvad_ip_addresses_download.sh | 9 | ||||
| -rwxr-xr-x | utils/protonvpn_ip_addresses_download.sh | 13 | ||||
| -rwxr-xr-x | utils/tor_ip_addresses_download.sh | 2 | ||||
| -rwxr-xr-x | utils/whatsapp_ip_addresses_download.sh | 2 | ||||
| -rwxr-xr-x | utils/zoom_ip_addresses_download.sh | 12 |
19 files changed, 202 insertions, 51 deletions
diff --git a/utils/asn_update.sh b/utils/asn_update.sh index 7385d80b7..7569eae67 100755 --- a/utils/asn_update.sh +++ b/utils/asn_update.sh @@ -7,15 +7,18 @@ TOTAL_ASN=0 function processing_list() { local LIST_MERGED="/tmp/list_m" + local LIST_MERGED6="/tmp/list_m6" echo "(2) Processing IP addresses..." ./mergeipaddrlist.py "$1" > $LIST_MERGED - ./ipaddr2list.py "$LIST_MERGED" "$2" > "$3" + ./mergeipaddrlist.py "$2" > $LIST_MERGED6 + ./ipaddr2list.py "$LIST_MERGED" "$3" "$LIST_MERGED6" > "$4" rm -f $LIST_MERGED } function create_list() { LIST=/tmp/list + LIST6=/tmp/list6 for i in "${@:4}"; do TOTAL_ASN=$(( TOTAL_ASN + 1 )) @@ -23,15 +26,20 @@ function create_list() { echo "Could not fetch route for ${i} (${1})" FAILED_ASN=$(( FAILED_ASN + 1 )) fi + if ! ./get_routes6_by_asn.sh "$i" >> $LIST6; then + echo "Could not fetch route6 for ${i} (${1})" + FAILED_ASN=$(( FAILED_ASN + 1 )) + fi done + #TODO: ipv6 addresses if [ ! -z "$3" ]; then # Split comma separated list of additional networks to add echo "$3" | tr "," "\n" >> $LIST fi - processing_list "$LIST" "$1" "$2" - rm -f $LIST + processing_list "$LIST" "$LIST6" "$1" "$2" + rm -f $LIST $LIST6 } cd "$(dirname "${0}")" || exit 1 diff --git a/utils/aws_ip_addresses_download.sh b/utils/aws_ip_addresses_download.sh index 3379c96eb..04a6a790d 100755 --- a/utils/aws_ip_addresses_download.sh +++ b/utils/aws_ip_addresses_download.sh @@ -8,6 +8,7 @@ cd "$(dirname "${0}")" || exit 1 DEST=../src/lib/inc_generated/ndpi_amazon_aws_match.c.inc TMP=/tmp/aws.json LIST=/tmp/aws.list +LIST6=/tmp/aws.list6 ORIGIN=https://ip-ranges.amazonaws.com/ip-ranges.json @@ -17,11 +18,14 @@ check_http_response "${http_response}" is_file_empty "${TMP}" echo "(2) Processing IP addresses..." -jq -r '.prefixes | .[].ip_prefix' $TMP > $LIST # TODO: ipv6 +jq -r '.prefixes | .[].ip_prefix' $TMP > $LIST is_file_empty "${LIST}" -./ipaddr2list.py $LIST NDPI_PROTOCOL_AMAZON_AWS > $DEST -rm -f $TMP $LIST +jq -r '.ipv6_prefixes | .[].ipv6_prefix' $TMP > $LIST6 +is_file_empty "${LIST6}" +./ipaddr2list.py $LIST NDPI_PROTOCOL_AMAZON_AWS $LIST6 > $DEST is_file_empty "${DEST}" +rm -f $TMP $LIST $LIST6 + echo "(3) Amazon AWS IPs are available in $DEST" exit 0 diff --git a/utils/azure_ip_addresses_download.sh b/utils/azure_ip_addresses_download.sh index 7df5d9cca..4aada03ee 100755 --- a/utils/azure_ip_addresses_download.sh +++ b/utils/azure_ip_addresses_download.sh @@ -9,6 +9,7 @@ DEST=../src/lib/inc_generated/ndpi_azure_match.c.inc LINK_TMP=/tmp/azure_link.txt TMP=/tmp/azure.json LIST=/tmp/azure.list +LIST6=/tmp/azure.list6 # https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519 # Azure links have the format https://download.microsoft.com/download/7/1/D/71D86715-5596-4529-9B13-DA13A5DE5B63/ServiceTags_Public_<date>.json LINK_ORIGIN="https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519" @@ -28,12 +29,14 @@ check_http_response "${http_response}" is_file_empty "${TMP}" echo "(3) Processing IP addresses..." -# Note: the last "grep -v :" is used to skip IPv6 addresses tr -d '\r' < $TMP | grep / | tr -d '"' | tr -d " " | tr -d "," | grep -v : > $LIST is_file_empty "${LIST}" -./ipaddr2list.py $LIST NDPI_PROTOCOL_MICROSOFT_AZURE > $DEST -rm -f $TMP $LIST +tr -d '\r' < $TMP | grep / | tr -d '"' | tr -d " " | tr -d "," | grep : > $LIST6 +is_file_empty "${LIST6}" +./ipaddr2list.py $LIST NDPI_PROTOCOL_MICROSOFT_AZURE $LIST6 > $DEST is_file_empty "${DEST}" +rm -f $TMP $LIST $LIST6 + echo "(4) Microsoft Azure IPs are available in $DEST" exit 0 diff --git a/utils/cachefly_ip_addresses_download.sh b/utils/cachefly_ip_addresses_download.sh index 9d14e379d..ade534698 100755 --- a/utils/cachefly_ip_addresses_download.sh +++ b/utils/cachefly_ip_addresses_download.sh @@ -8,7 +8,7 @@ cd "$(dirname "${0}")" || exit 1 DEST=../src/lib/inc_generated/ndpi_cachefly_match.c.inc LIST=/tmp/cachefly.list ORIGIN='https://cachefly.cachefly.net/ips/cdn.txt' - +#TODO: ipv6. Is there any ipv6 list? echo "(1) Downloading file..." http_response=$(curl -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}") diff --git a/utils/cloudflare_ip_addresses_download.sh b/utils/cloudflare_ip_addresses_download.sh index aa34e11cb..c1aca0165 100755 --- a/utils/cloudflare_ip_addresses_download.sh +++ b/utils/cloudflare_ip_addresses_download.sh @@ -7,17 +7,21 @@ cd "$(dirname "${0}")" || exit 1 DEST=../src/lib/inc_generated/ndpi_cloudflare_match.c.inc LIST=/tmp/cloudflare.list -# TODO: ipv6 list from https://www.cloudflare.com/ips-v6 +LIST6=/tmp/cloudflare.list6 ORIGIN="https://www.cloudflare.com/ips-v4" - +ORIGIN6="https://www.cloudflare.com/ips-v6" echo "(1) Downloading file... ${ORIGIN}" http_response=$(curl -s -o $LIST -w "%{http_code}" ${ORIGIN}) check_http_response "${http_response}" is_file_empty "${LIST}" +http_response=$(curl -s -o $LIST6 -w "%{http_code}" ${ORIGIN6}) +check_http_response "${http_response}" +is_file_empty "${LIST6}" + echo "(2) Processing IP addresses..." -./ipaddr2list.py $LIST NDPI_PROTOCOL_CLOUDFLARE > $DEST +./ipaddr2list.py $LIST NDPI_PROTOCOL_CLOUDFLARE $LIST6 > $DEST rm -f $LIST is_file_empty "${DEST}" diff --git a/utils/crawlers_ip_addresses_download.sh b/utils/crawlers_ip_addresses_download.sh index 50b8934a3..18f95f1df 100755 --- a/utils/crawlers_ip_addresses_download.sh +++ b/utils/crawlers_ip_addresses_download.sh @@ -12,6 +12,7 @@ TMP3=/tmp/bot_google_c3.json TMP_BING=/tmp/bot_bing.json TMP_FB=/tmp/bot_fb.list LIST=/tmp/bot.list +LIST6=/tmp/bot.list6 #Google Common crawlers ORIGIN1="https://developers.google.com/static/search/apis/ipranges/googlebot.json" #Google Special-case crawlers @@ -48,16 +49,24 @@ is_file_empty "${TMP_FB}" echo "(2) Processing IP addresses..." { - jq -r '.prefixes | .[].ipv4Prefix | select( . != null )' $TMP1 # TODO: ipv6 - jq -r '.prefixes | .[].ipv4Prefix | select( . != null )' $TMP2 # TODO: ipv6 - jq -r '.prefixes | .[].ipv4Prefix | select( . != null )' $TMP3 # TODO: ipv6 - jq -r '.prefixes | .[].ipv4Prefix | select( . != null )' $TMP_BING # TODO: ipv6 - grep -v route6 $TMP_FB | tr -d 'route:^ ' # TODO: ipv6 + jq -r '.prefixes | .[].ipv4Prefix | select( . != null )' $TMP1 + jq -r '.prefixes | .[].ipv4Prefix | select( . != null )' $TMP2 + jq -r '.prefixes | .[].ipv4Prefix | select( . != null )' $TMP3 + jq -r '.prefixes | .[].ipv4Prefix | select( . != null )' $TMP_BING + grep -v route6 $TMP_FB | tr -d 'route:^ ' } > $LIST is_file_empty "${LIST}" -./ipaddr2list.py $LIST NDPI_HTTP_CRAWLER_BOT > $DEST +{ + jq -r '.prefixes | .[].ipv6Prefix | select( . != null )' $TMP1 + jq -r '.prefixes | .[].ipv6Prefix | select( . != null )' $TMP2 + jq -r '.prefixes | .[].ipv6Prefix | select( . != null )' $TMP3 + jq -r '.prefixes | .[].ipv6Prefix | select( . != null )' $TMP_BING + grep route6 $TMP_FB | tr -d 'route6:^ ' +} > $LIST6 +is_file_empty "${LIST6}" +./ipaddr2list.py $LIST NDPI_HTTP_CRAWLER_BOT $LIST6 > $DEST is_file_empty "${DEST}" -rm -f $TMP1 $TMP2 $TMP3 $TMP_BING $TMP_FB $LIST +rm -f $TMP1 $TMP2 $TMP3 $TMP_BING $TMP_FB $LIST $LIST6 echo "(3) Crawlers IPs are available in $DEST" exit 0 diff --git a/utils/ethereum_ip_addresses_download.sh b/utils/ethereum_ip_addresses_download.sh index 076b24359..95f11d052 100755 --- a/utils/ethereum_ip_addresses_download.sh +++ b/utils/ethereum_ip_addresses_download.sh @@ -17,7 +17,7 @@ check_http_response "${http_response}" is_file_empty "${TMP}" echo "(2) Processing IP addresses..." -grep 'enode' $TMP | grep -v '^/' | grep ':' | cut -d '@' -f 2 | cut -d ':' -f 1 > $LIST +grep 'enode' $TMP | grep -v '^/' | grep ':' | cut -d '@' -f 2 | cut -d ':' -f 1 > $LIST #no ipv6 in this list is_file_empty "${LIST}" ./ipaddr2list.py $LIST NDPI_PROTOCOL_ETHEREUM > $DEST diff --git a/utils/get_routes6_by_asn.sh b/utils/get_routes6_by_asn.sh new file mode 100755 index 000000000..235bebbfd --- /dev/null +++ b/utils/get_routes6_by_asn.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +if [ "$#" -ne 1 ]; then + echo "Usage: $0 AS-Number" >&2 + return +fi + +LIST=/tmp/asn.json +ORIGIN="https://stat.ripe.net/data/announced-prefixes/data.json?resource=$1" + +http_response=$(curl -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}") +if [ "$http_response" != "200" ]; then + echo "Error $http_response: wrong ASN number/format?" >&2 + return +fi + +jq -r '.data.prefixes[].prefix' $LIST | grep ":" + +rm -f $LIST diff --git a/utils/google6.py b/utils/google6.py new file mode 100644 index 000000000..2d9ffa27c --- /dev/null +++ b/utils/google6.py @@ -0,0 +1,41 @@ +#!/usr/bin/env python3 + +import json +import urllib.request +import netaddr + +GOOG_URL="https://www.gstatic.com/ipranges/goog.json" +CLOUD_URL="https://www.gstatic.com/ipranges/cloud.json" + +def read_url(url): + try: + s = urllib.request.urlopen(url).read() + return json.loads(s) + except urllib.error.HTTPError: + print("Invalid HTTP response from %s" % url) + return {} + except json.decoder.JSONDecodeError: + print("Could not parse HTTP response from %s" % url) + return {} + +def main(): + goog_json=read_url(GOOG_URL) + cloud_json=read_url(CLOUD_URL) + + if goog_json and cloud_json: +# print("{} published: {}".format(GOOG_URL,goog_json.get('creationTime'))) +# print("{} published: {}".format(CLOUD_URL,cloud_json.get('creationTime'))) + goog_cidrs = netaddr.IPSet() + for pref in goog_json['prefixes']: + if pref.get('ipv6Prefix'): + goog_cidrs.add(pref.get('ipv6Prefix')) + cloud_cidrs = netaddr.IPSet() + for pref in cloud_json['prefixes']: + if pref.get('ipv6Prefix'): + cloud_cidrs.add(pref.get('ipv6Prefix')) +# print("IP ranges for Google APIs and services default domains:") + for i in goog_cidrs.difference(cloud_cidrs).iter_cidrs(): + print(i) + +if __name__=='__main__': + main() diff --git a/utils/google_cloud_ip_addresses_download.sh b/utils/google_cloud_ip_addresses_download.sh index 02a270e53..d2efb2dcb 100755 --- a/utils/google_cloud_ip_addresses_download.sh +++ b/utils/google_cloud_ip_addresses_download.sh @@ -8,6 +8,7 @@ cd "$(dirname "${0}")" || exit 1 DEST=../src/lib/inc_generated/ndpi_google_cloud_match.c.inc TMP=/tmp/google_c.json LIST=/tmp/google_c.list +LIST6=/tmp/google_c.list6 ORIGIN="https://www.gstatic.com/ipranges/cloud.json" @@ -19,9 +20,11 @@ if [ "$http_response" != "200" ]; then fi echo "(2) Processing IP addresses..." -jq -r '.prefixes | .[].ipv4Prefix | select( . != null )' $TMP > $LIST # TODO: ipv6 -./ipaddr2list.py $LIST NDPI_PROTOCOL_GOOGLE_CLOUD > $DEST -rm -f $TMP $LIST +jq -r '.prefixes | .[].ipv4Prefix | select( . != null )' $TMP > $LIST +jq -r '.prefixes | .[].ipv6Prefix | select( . != null )' $TMP > $LIST6 +./ipaddr2list.py $LIST NDPI_PROTOCOL_GOOGLE_CLOUD $LIST6 > $DEST + +rm -f $TMP $LIST $LIST6 echo "(3) Google Cloud IPs are available in $DEST" exit 0 diff --git a/utils/google_ip_addresses_download.sh b/utils/google_ip_addresses_download.sh index bd2acbd4e..0b586ee2c 100755 --- a/utils/google_ip_addresses_download.sh +++ b/utils/google_ip_addresses_download.sh @@ -7,6 +7,7 @@ cd "$(dirname "${0}")" || exit 1 DEST=../src/lib/inc_generated/ndpi_google_match.c.inc LIST=/tmp/google.list +LIST6=/tmp/google.list6 echo "(1) Downloading file..." #Nothing to do @@ -15,9 +16,12 @@ echo "(2) Processing IP addresses..." #https://cloud.google.com/vpc/docs/configure-private-google-access#ip-addr-defaults python3 google.py > $LIST is_file_empty "${LIST}" -./ipaddr2list.py $LIST NDPI_PROTOCOL_GOOGLE > $DEST -rm -f "${TMP}" "${LIST}" +python3 google6.py > $LIST6 +is_file_empty "${LIST6}" +./ipaddr2list.py $LIST NDPI_PROTOCOL_GOOGLE $LIST6 > $DEST is_file_empty "${DEST}" +rm -f $TMP $LIST $LIST6 + echo "(3) Google IPs are available in $DEST" exit 0 diff --git a/utils/icloud_private_relay_ip_addresses_download.sh b/utils/icloud_private_relay_ip_addresses_download.sh index 24f6f56f6..0b6862e14 100755 --- a/utils/icloud_private_relay_ip_addresses_download.sh +++ b/utils/icloud_private_relay_ip_addresses_download.sh @@ -8,7 +8,9 @@ cd "$(dirname "${0}")" || exit 1 DEST=../src/lib/inc_generated/ndpi_icloud_private_relay_match.c.inc TMP=/tmp/icloud.csv LIST=/tmp/icloud.list +LIST6=/tmp/icloud.list6 LIST_MERGED=/tmp/icloud.list_m +LIST6_MERGED=/tmp/icloud.list6_m ORIGIN="https://mask-api.icloud.com/egress-ip-ranges.csv" @@ -24,9 +26,14 @@ cut -d ',' -f 1 $TMP | grep -v ':' > $LIST is_file_empty "${LIST}" ./mergeipaddrlist.py $LIST > $LIST_MERGED is_file_empty "${LIST_MERGED}" -./ipaddr2list.py $LIST_MERGED NDPI_ANONYMOUS_SUBSCRIBER "_icloud_private_relay" > $DEST +cut -d ',' -f 1 $TMP | grep ':' > $LIST6 +is_file_empty "${LIST6}" +./mergeipaddrlist.py $LIST6 > $LIST6_MERGED +is_file_empty "${LIST6_MERGED}" + +./ipaddr2list.py $LIST_MERGED NDPI_ANONYMOUS_SUBSCRIBER $LIST6_MERGED "_icloud_private_relay" > $DEST is_file_empty "${DEST}" -rm -f "${TMP}" "${LIST}" "${LIST_MERGED}" +rm -f "${TMP}" "${LIST}" "${LIST_MERGED}" "${LIST6_MERGED}" echo "(3) iCloud Private Relay IPs are available in $DEST" exit 0 diff --git a/utils/ipaddr2list.py b/utils/ipaddr2list.py index 1f610c88e..2aa244b35 100755 --- a/utils/ipaddr2list.py +++ b/utils/ipaddr2list.py @@ -8,15 +8,14 @@ import socket, struct proto = "NDPI_PROTOCOL_XYX" append_name = "" if len (sys.argv) < 2 : - print("Usage: ipaddr2list.py <file> <protocol> [<append_name>]") + print("Usage: ipaddr2list.py <file> <protocol> [file6] [<append_name>]") sys.exit (1) if len (sys.argv) >= 3: proto = sys.argv[2] -if len (sys.argv) >= 4: - append_name = sys.argv[3] - +if len (sys.argv) >= 5: + append_name = sys.argv[4] print("""/* @@ -67,5 +66,32 @@ print(" /* End */") print(" { 0x0, 0, 0 }") print("};") +print(""); +print("static ndpi_network6 "+proto.lower()+append_name+"_protocol_list_6[] = {") + +if(len (sys.argv) >= 4): + + with open(sys.argv[3]) as fp: + for cnt, line in enumerate(fp): + line = line.rstrip() + + if(line != ""): + lines += 1 + x = line.split("/") + + if(len(x) == 2): + ipaddr = x[0] + cidr = x[1] + else: + ipaddr = line + cidr = "128" + + if(ipaddr != ""): + print(" { \""+ipaddr+"\", "+cidr+", "+proto+" },") + +print(" /* End */") +print(" { NULL, 0, 0 }") +print("};") + if lines == 0: sys.stderr.write(f'{sys.argv[0]}: File {sys.argv[1]} is empty.\n') diff --git a/utils/microsoft_ip_addresses_download.sh b/utils/microsoft_ip_addresses_download.sh index 86cbbe83a..51ef89b8d 100755 --- a/utils/microsoft_ip_addresses_download.sh +++ b/utils/microsoft_ip_addresses_download.sh @@ -11,6 +11,7 @@ DEST_ONEDRIVE=../src/lib/inc_generated/ndpi_ms_onedrive_match.c.inc DEST_OFFICE365=../src/lib/inc_generated/ndpi_ms_office365_match.c.inc TMP=/tmp/ms.json LIST=/tmp/ms.list +LIST6=/tmp/ms.list6 # https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide ORIGIN="https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7" @@ -23,35 +24,39 @@ is_file_empty "${TMP}" echo "(2) Processing IP addresses..." #OUTLOOK -# Note: the "grep -v :" is used to skip IPv6 addresses jq -r '.[] | select(.serviceArea=="Exchange") | .ips[]?' < $TMP | grep -v ':' | sort -u | uniq > $LIST is_file_empty "${LIST}" -./ipaddr2list.py $LIST NDPI_PROTOCOL_MS_OUTLOOK > $DEST_OUTLOOK +jq -r '.[] | select(.serviceArea=="Exchange") | .ips[]?' < $TMP | grep ':' | sort -u | uniq > $LIST6 +is_file_empty "${LIST6}" +./ipaddr2list.py $LIST NDPI_PROTOCOL_MS_OUTLOOK $LIST6 > $DEST_OUTLOOK is_file_empty "${DEST_OUTLOOK}" #SKYPE/TEAMS -# Note: the "grep -v :" is used to skip IPv6 addresses jq -r '.[] | select(.serviceArea=="Skype") | .ips[]?' < $TMP | grep -v ':' | sort -u | uniq > $LIST is_file_empty "${LIST}" -./ipaddr2list.py $LIST NDPI_PROTOCOL_SKYPE_TEAMS > $DEST_SKYPE_MSTEAMS +jq -r '.[] | select(.serviceArea=="Skype") | .ips[]?' < $TMP | grep ':' | sort -u | uniq > $LIST6 +is_file_empty "${LIST6}" +./ipaddr2list.py $LIST NDPI_PROTOCOL_SKYPE_TEAMS $LIST6 > $DEST_SKYPE_MSTEAMS is_file_empty "${DEST_SKYPE_MSTEAMS}" #ONEDRIVE -# Note: the "grep -v :" is used to skip IPv6 addresses jq -r '.[] | select(.serviceArea=="SharePoint") | .ips[]?' < $TMP | grep -v ':' | sort -u | uniq > $LIST is_file_empty "${LIST}" -./ipaddr2list.py $LIST NDPI_PROTOCOL_MS_ONE_DRIVE > $DEST_ONEDRIVE +jq -r '.[] | select(.serviceArea=="SharePoint") | .ips[]?' < $TMP | grep ':' | sort -u | uniq > $LIST6 +is_file_empty "${LIST6}" +./ipaddr2list.py $LIST NDPI_PROTOCOL_MS_ONE_DRIVE $LIST6 > $DEST_ONEDRIVE is_file_empty "${DEST_ONEDRIVE}" #OFFICE -# Note: the "grep -v :" is used to skip IPv6 addresses jq -r '.[] | select(.serviceArea=="Common") | .ips[]?' < $TMP | grep -v ':' | sort -u | uniq > $LIST is_file_empty "${LIST}" +jq -r '.[] | select(.serviceArea=="Common") | .ips[]?' < $TMP | grep ':' | sort -u | uniq > $LIST6 +is_file_empty "${LIST6}" #TODO: NDPI_PROTOCOL_MICROSOFT_365 or NDPI_PROTOCOL_MICROSOFT? -./ipaddr2list.py $LIST NDPI_PROTOCOL_MICROSOFT_365 > $DEST_OFFICE365 +./ipaddr2list.py $LIST NDPI_PROTOCOL_MICROSOFT_365 $LIST6 > $DEST_OFFICE365 is_file_empty "${DEST_OFFICE365}" -rm -f "${TMP}" "${LIST}" +rm -f ${TMP} ${LIST} ${LIST6} echo "(3) Microsoft IPs are available in ${DEST_OUTLOOK}, ${DEST_SKYPE_MSTEAMS}, ${DEST_ONEDRIVE}, ${DEST_OFFICE365}" exit 0 diff --git a/utils/mullvad_ip_addresses_download.sh b/utils/mullvad_ip_addresses_download.sh index 837f1bda7..ec7597acc 100755 --- a/utils/mullvad_ip_addresses_download.sh +++ b/utils/mullvad_ip_addresses_download.sh @@ -8,6 +8,7 @@ cd "$(dirname "${0}")" || exit 1 DEST=../src/lib/inc_generated/ndpi_mullvad_match.c.inc TMP=/tmp/mullvad.json LIST=/tmp/mullvad.list +LIST6=/tmp/mullvad.list6 ORIGIN=https://api-www.mullvad.net/www/relays/all/ @@ -17,12 +18,14 @@ check_http_response "${http_response}" is_file_empty "${TMP}" echo "(2) Processing IP addresses..." -jq -r '.[].ipv4_addr_in' $TMP > $LIST # TODO: ipv6 +jq -r '.[].ipv4_addr_in' $TMP > $LIST is_file_empty "${LIST}" -./ipaddr2list.py $LIST NDPI_PROTOCOL_MULLVAD > $DEST +jq -r '.[].ipv6_addr_in | select( . != null )' $TMP > $LIST6 +is_file_empty "${LIST6}" +./ipaddr2list.py $LIST NDPI_PROTOCOL_MULLVAD $LIST6 > $DEST is_file_empty "${DEST}" -rm -f $TMP $LIST +rm -f $TMP $LIST $LIST6 echo "(3) Mullvad IPs are available in $DEST" exit 0 diff --git a/utils/protonvpn_ip_addresses_download.sh b/utils/protonvpn_ip_addresses_download.sh index 94e7cfa37..af3625520 100755 --- a/utils/protonvpn_ip_addresses_download.sh +++ b/utils/protonvpn_ip_addresses_download.sh @@ -9,6 +9,7 @@ DEST_IN=../src/lib/inc_generated/ndpi_protonvpn_in_match.c.inc DEST_OUT=../src/lib/inc_generated/ndpi_protonvpn_out_match.c.inc TMP=/tmp/proton.json LIST=/tmp/proton.list +LIST6=/tmp/proton.list6 LIST_MERGED=/tmp/proton.list.merged ORIGIN=https://api.protonmail.ch/vpn/logicals @@ -22,16 +23,20 @@ echo "(2) Processing IP addresses..." jq -r '.LogicalServers[].Servers[].EntryIP' $TMP > $LIST # TODO: ipv6 is_file_empty "${LIST}" ./mergeipaddrlist.py $LIST > $LIST_MERGED -./ipaddr2list.py $LIST_MERGED NDPI_PROTOCOL_PROTONVPN > $DEST_IN +#TODO: no ipv6 yet +touch $LIST6 +./ipaddr2list.py $LIST_MERGED NDPI_PROTOCOL_PROTONVPN $LIST6 > $DEST_IN is_file_empty "${DEST_IN}" jq -r '.LogicalServers[].Servers[].ExitIP' $TMP > $LIST # TODO: ipv6 is_file_empty "${LIST}" ./mergeipaddrlist.py $LIST > $LIST_MERGED -./ipaddr2list.py $LIST_MERGED NDPI_ANONYMOUS_SUBSCRIBER "_protonvpn"> $DEST_OUT -is_file_empty "${DEST_IN}" +#TODO: no ipv6 yet +touch $LIST6 +./ipaddr2list.py $LIST_MERGED NDPI_ANONYMOUS_SUBSCRIBER $LIST6 "_protonvpn"> $DEST_OUT +is_file_empty "${DEST_OUT}" -rm -f $TMP $LIST $LIST_MERGED +rm -f $TMP $LIST $LIST_MERGED $LIST6 echo "(3) ProtonVPN IPs are available in $DEST_IN, $DEST_OUT" exit 0 diff --git a/utils/tor_ip_addresses_download.sh b/utils/tor_ip_addresses_download.sh index db71ca590..602556a4e 100755 --- a/utils/tor_ip_addresses_download.sh +++ b/utils/tor_ip_addresses_download.sh @@ -19,6 +19,8 @@ http_response=$(curl -s -o $LIST -w "%{http_code}" ${ORIGIN}) check_http_response "${http_response}" is_file_empty "${LIST}" +#TODO: TOR relays don't support ipv6 yet + echo "(2) Processing IP addresses..." ./ipaddr2list.py $LIST NDPI_PROTOCOL_TOR > $DEST rm -f "${LIST}" diff --git a/utils/whatsapp_ip_addresses_download.sh b/utils/whatsapp_ip_addresses_download.sh index 611de4f10..c3b251e6e 100755 --- a/utils/whatsapp_ip_addresses_download.sh +++ b/utils/whatsapp_ip_addresses_download.sh @@ -21,7 +21,7 @@ check_http_response "${http_response}" is_file_empty "${TMP}" echo "(3) Processing IP addresses..." -unzip -p /tmp/wa.zip "WhatsApp IPs (IPv4 Only) 2022-07-26 - 2022-07-30.txt" > "${LIST}" +unzip -p /tmp/wa.zip "WhatsApp IPs (IPv4 Only) 2022-07-26 - 2022-07-30.txt" > "${LIST}" #TODO: ipv6 is_file_empty "${LIST}" ./ipaddr2list.py "${LIST}" NDPI_PROTOCOL_WHATSAPP > "${DEST}" rm -f "${TMP}" "${LIST}" diff --git a/utils/zoom_ip_addresses_download.sh b/utils/zoom_ip_addresses_download.sh index e74d1c66a..10cd602e2 100755 --- a/utils/zoom_ip_addresses_download.sh +++ b/utils/zoom_ip_addresses_download.sh @@ -7,6 +7,7 @@ cd "$(dirname "${0}")" || exit 1 DEST=../src/lib/inc_generated/ndpi_zoom_match.c.inc LIST=/tmp/zoom.list +LIST6=/tmp/zoom.list6 # https://support.zoom.us/hc/en-us/articles/201362683-Zoom-network-firewall-or-proxy-server-settings # There are few lists in this page, partially overlapping. Pick the generic one ORIGIN="https://assets.zoom.us/docs/ipranges/Zoom.txt" @@ -17,9 +18,16 @@ http_response=$(curl -s -o "${LIST}" -w "%{http_code}" "${ORIGIN}") check_http_response "${http_response}" is_file_empty "${LIST}" +# IPv6: in that page there is a few IPv6 prefixes but these prefixes are not present in +# the "main" list! +# Add them manually: TODO: keep them in sync +echo "2620:123:2000::/40" > $LIST6 +echo "2600:9000:2600::/48" >> $LIST6 +echo "2407:30C0::/32" >> $LIST6 + echo "(2) Processing IP addresses..." -./ipaddr2list.py "${LIST}" NDPI_PROTOCOL_ZOOM > "${DEST}" -rm -f "${LIST}" +./ipaddr2list.py "${LIST}" NDPI_PROTOCOL_ZOOM "${LIST6}" > "${DEST}" +rm -f "${LIST}" "${LIST6}" is_file_empty "${DEST}" echo "(3) ZOOM IPs are available in ${DEST}" |