Jump to content
Калькуляторы
Блокировка веб ресурса  

538 members have voted

  1. 1. Для блокировка используем



Блокировка сайтов провайдерами маневры с DNS

В файле ssl_host запись так же есть, но почемуто не сбрасывает по Hello пакету SSL подключение.

nDPI детектит пакеты к данному хосту как Tor.

 

т.е. не исправить?

Исправить можно, если добавить в условие проверки SSL TOR.

 

Похоже что в nDPI есть баг, напишу разработчикам.

 

Баг в nDPI исправлен.

Share this post


Link to post
Share on other sites

Патч для двух багов nDPI.

diff -ruN nDPI-1.7/src/lib/protocols/ssl.c nDPI-1.7.new/src/lib/protocols/ssl.c
--- nDPI-1.7/src/lib/protocols/ssl.c<-->2015-08-18 12:39:42.000000000 +0300
+++ nDPI-1.7.new/src/lib/protocols/ssl.c<------>2016-02-15 14:19:15.349618851 +0300
@@ -288,8 +288,6 @@
int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
  struct ndpi_packet_struct *packet = &flow->packet;
.
-  if(!packet->iph /* IPv4 */) return(-1);
-
  if((packet->payload_packet_len > 9)
     && (packet->payload[0] == 0x16 /* consider only specific SSL packets (handshake) */)) {
    if((packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
diff -ruN nDPI-1.7/src/lib/protocols/tor.c nDPI-1.7.new/src/lib/protocols/tor.c
--- nDPI-1.7/src/lib/protocols/tor.c<-->2015-08-18 12:39:42.000000000 +0300
+++ nDPI-1.7.new/src/lib/protocols/tor.c<------>2016-02-15 14:18:56.373737121 +0300
@@ -24,7 +24,7 @@
.
  if((certificate == NULL)
     || (strlen(certificate) < 6)
-     || strncmp(certificate, "www.", 4))
+     || !strncmp(certificate, "www.", 4))
    return(0);
.
  // printf("***** [sSL] %s(): %s\n", __FUNCTION__, certificate);

Share this post


Link to post
Share on other sites

Патч для двух багов nDPI.

diff -ruN nDPI-1.7/src/lib/protocols/ssl.c nDPI-1.7.new/src/lib/protocols/ssl.c
--- nDPI-1.7/src/lib/protocols/ssl.c<-->2015-08-18 12:39:42.000000000 +0300
+++ nDPI-1.7.new/src/lib/protocols/ssl.c<------>2016-02-15 14:19:15.349618851 +0300
@@ -288,8 +288,6 @@
int sslDetectProtocolFromCertificate(struct ndpi_detection_module_struct *ndpi_struct, struct ndpi_flow_struct *flow) {
  struct ndpi_packet_struct *packet = &flow->packet;
.
-  if(!packet->iph /* IPv4 */) return(-1);
-
  if((packet->payload_packet_len > 9)
     && (packet->payload[0] == 0x16 /* consider only specific SSL packets (handshake) */)) {
    if((packet->detected_protocol_stack[0] == NDPI_PROTOCOL_UNKNOWN)
diff -ruN nDPI-1.7/src/lib/protocols/tor.c nDPI-1.7.new/src/lib/protocols/tor.c
--- nDPI-1.7/src/lib/protocols/tor.c<-->2015-08-18 12:39:42.000000000 +0300
+++ nDPI-1.7.new/src/lib/protocols/tor.c<------>2016-02-15 14:18:56.373737121 +0300
@@ -24,7 +24,7 @@
.
  if((certificate == NULL)
     || (strlen(certificate) < 6)
-     || strncmp(certificate, "www.", 4))
+     || !strncmp(certificate, "www.", 4))
    return(0);
.
  // printf("***** [sSL] %s(): %s\n", __FUNCTION__, certificate);

 

 

max1976 спасибо.

Банит теперь.

 curl -v https://www.noxwin.com
* About to connect() to www.noxwin.com port 443 (#0)
*   Trying 109.205.94.28...
* Connected to www.noxwin.com (109.205.94.28) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
 CApath: none
* NSS error -5961 (PR_CONNECT_RESET_ERROR)
* TCP connection reset by peer
* Closing connection 0
curl: (35) TCP connection reset by peer

Share this post


Link to post
Share on other sites
Интересно' date=' какая будет производительность вашей сети, если пакеты будут придерживать.

К вашем сведению nfqueue работает per-flow, а не per-packet.

Даже при queue-balance одно подключение попадает в одну и туже очередь.

Задержали вы первый пакет, как второй смотреть будете, без вердикта первого?

Запись в файл с использованием pcap для меня вообще не вариант. [/quote']

 

А какой тогда вариант?

Share this post


Link to post
Share on other sites

zapret nfqfilter # make
Making all in src
make[1]: Entering directory `/etc/rc.script/dev/nfqfilter/src'
 CXX      main.o
In file included from ../include/main.h:36:0,
                from main.cpp:21:
../include/sender.h:44:20: sorry, unimplemented: non-static data member initializers
../include/sender.h:44:20: error: in-class initialization of static data member 'code' of non-literal type
main.cpp: In member function 'virtual void nfqFilter::initialize(Poco::Util::Application&)':
main.cpp:96:18: error: 'struct CSender::params' has no member named 'code'
make[1]: *** [main.o] Error 1
make[1]: Leaving directory `/etc/rc.script/dev/nfqfilter/src'
make: *** [all-recursive] Error 1

 

Что-то ридми молчит на тему версий гцц ;)

Share this post


Link to post
Share on other sites

Что-то ридми молчит на тему версий гцц ;)

 

Там указано, что точно собирается под centos 7.

Share this post


Link to post
Share on other sites

Ой простите, кентос, забыл.

Вечно у меня на генте не как у нормальных людей ;-)

Share this post


Link to post
Share on other sites

Добрый день. А как сообщить nfqfilter(от max1976) что файлы-списки обновились, или демон сам проверяет?

Share this post


Link to post
Share on other sites

Добрый день. А как сообщить nfqfilter(от max1976) что файлы-списки обновились, или демон сам проверяет?

Никак, только рестарт демона.

Share this post


Link to post
Share on other sites

Добрый день. А как сообщить nfqfilter(от max1976) что файлы-списки обновились, или демон сам проверяет?

Никак, только рестарт демона.

 

А нельзя сделать релоад? Скажем родителький процес получает релоад (USR1 сигнал), убивает потомка-демона и запускает потомка-демона. Либо нечто подобное

Share this post


Link to post
Share on other sites

я не знаю что я делаю не так, но выгрузка получается далеко не с первого раза

root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 147) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 147) line 92.
Subroutine AUTOLOAD redefined at (eval 147) line 109.
Subroutine OperatorRequestService::sendRequest redefined at (eval 147) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 147) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 147) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 147) line 107.
Use of uninitialized value $res in string eq at ./zapret.pl line 395.
Use of uninitialized value $code in concatenation (.) or string at ./zapret.pl line 407.
Died at ./zapret.pl line 409.

root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 129) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 129) line 92.
Subroutine AUTOLOAD redefined at (eval 129) line 109.
Subroutine OperatorRequestService::sendRequest redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 129) line 107.
Subroutine _call redefined at (eval 154) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 154) line 92.
Subroutine AUTOLOAD redefined at (eval 154) line 109.
Subroutine OperatorRequestService::getResult redefined at (eval 154) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 154) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 154) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 154) line 107.
Use of uninitialized value $res in string eq at ./zapret.pl line 395.
Use of uninitialized value $code in concatenation (.) or string at ./zapret.pl line 407.
Died at ./zapret.pl line 409.
root@skyprox-main:/home/rkn/zapret#

./zapret.pl
Subroutine _call redefined at (eval 147) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 147) line 92.
Subroutine AUTOLOAD redefined at (eval 147) line 109.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 147) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 147) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 147) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 147) line 107.
Use of uninitialized value $res in string eq at ./zapret.pl line 395.
Use of uninitialized value $code in concatenation (.) or string at ./zapret.pl line 407.
Died at ./zapret.pl line 409.

root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 129) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 129) line 92.
Subroutine AUTOLOAD redefined at (eval 129) line 109.
Subroutine OperatorRequestService::sendRequest redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 129) line 107.
Subroutine _call redefined at (eval 136) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 136) line 92.
Subroutine AUTOLOAD redefined at (eval 136) line 109.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 136) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 136) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 136) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 136) line 107.
Subroutine _call redefined at (eval 143) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 143) line 92.
Subroutine AUTOLOAD redefined at (eval 143) line 109.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 143) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 143) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 143) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 143) line 107.

root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 147) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 147) line 92.
Subroutine AUTOLOAD redefined at (eval 147) line 109.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 147) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 147) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 147) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 147) line 107.
Use of uninitialized value $res in string eq at ./zapret.pl line 395.
Use of uninitialized value $code in concatenation (.) or string at ./zapret.pl line 407.
Died at ./zapret.pl line 409.
root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 129) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 129) line 92.
Subroutine AUTOLOAD redefined at (eval 129) line 109.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 129) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 129) line 107.
Subroutine _call redefined at (eval 154) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 154) line 92.
Subroutine AUTOLOAD redefined at (eval 154) line 109.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 154) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 154) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 154) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 154) line 107.
Use of uninitialized value $res in string eq at ./zapret.pl line 395.
Use of uninitialized value $code in concatenation (.) or string at ./zapret.pl line 407.
Died at ./zapret.pl line 409.
root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 129) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 129) line 92.
Subroutine AUTOLOAD redefined at (eval 129) line 109.
Subroutine OperatorRequestService::sendRequest redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 129) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 129) line 107.
Subroutine _call redefined at (eval 154) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 154) line 92.
Subroutine AUTOLOAD redefined at (eval 154) line 109.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 154) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 154) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 154) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 154) line 107.
Subroutine _call redefined at (eval 175) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 175) line 92.
Subroutine AUTOLOAD redefined at (eval 175) line 109.
Subroutine OperatorRequestService::getResult redefined at (eval 175) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 175) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 175) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 175) line 107.
root@skyprox-main:/home/rkn/zapret# ./zapret.pl
root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 141) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 141) line 92.
Subroutine AUTOLOAD redefined at (eval 141) line 109.
Subroutine OperatorRequestService::sendRequest redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 141) line 107.
root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 141) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 141) line 92.
Subroutine AUTOLOAD redefined at (eval 141) line 109.
Subroutine OperatorRequestService::sendRequest redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 141) line 107.
Subroutine _call redefined at (eval 160) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 160) line 92.
Subroutine AUTOLOAD redefined at (eval 160) line 109.
Subroutine OperatorRequestService::getResult redefined at (eval 160) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 160) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 160) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 160) line 107.
root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 141) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 141) line 92.
Subroutine AUTOLOAD redefined at (eval 141) line 109.
Subroutine OperatorRequestService::sendRequest redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 141) line 107.
Subroutine _call redefined at (eval 160) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 160) line 92.
Subroutine AUTOLOAD redefined at (eval 160) line 109.
Subroutine OperatorRequestService::sendRequest redefined at (eval 160) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 160) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 160) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 160) line 107.
root@skyprox-main:/home/rkn/zapret# ./zapret.pl

root@skyprox-main:/home/rkn/zapret# ./zapret.pl

root@skyprox-main:/home/rkn/zapret# ./zapret.pl
root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 141) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 141) line 92.
Subroutine AUTOLOAD redefined at (eval 141) line 109.
Subroutine OperatorRequestService::sendRequest redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 141) line 107.
root@skyprox-main:/home/rkn/zapret# ./zapret.pl
root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 141) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 141) line 92.
Subroutine AUTOLOAD redefined at (eval 141) line 109.
Subroutine OperatorRequestService::getResult redefined at (eval 141) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 141) line 107.
root@skyprox-main:/home/rkn/zapret# ./zapret.pl
Subroutine _call redefined at (eval 141) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 141) line 92.
Subroutine AUTOLOAD redefined at (eval 141) line 109.
Subroutine OperatorRequestService::getResult redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 141) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 141) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 141) line 107.
Subroutine _call redefined at (eval 160) line 50.
Subroutine OperatorRequestService::want_som redefined at (eval 160) line 92.
Subroutine AUTOLOAD redefined at (eval 160) line 109.
Subroutine OperatorRequestService::getLastDumpDate redefined at (eval 160) line 107.
Subroutine OperatorRequestService::getResult redefined at (eval 160) line 107.
Subroutine OperatorRequestService::getLastDumpDateEx redefined at (eval 160) line 107.
Subroutine OperatorRequestService::sendRequest redefined at (eval 160) line 107.
root@skyprox-main:/home/rkn/zapret#

последний запуск получилось

Edited by yKpon

Share this post


Link to post
Share on other sites

я не знаю что я делаю не так, но выгрузка получается далеко не с первого раза

Какая установлена версия SOAP::Lite и XML::Simple?

Share this post


Link to post
Share on other sites

Добрый день!

 

nfqfilter перестал собираться на 32-битной архитектуре с nDPI из git'а:

 

  CXX      AhoCorasickPlus.o
 CXX      sendertask.o
qdpi.cpp: In function 'ndpi_detection_module_struct* init_ndpi()':
qdpi.cpp:77:152: error: invalid conversion from 'void* (*)(long unsigned int)' to 'void* (*)(size_t) {aka void* (*)(unsigned int)}' [-fpermissive]
 struct ndpi_detection_module_struct* my_ndpi_struct = ndpi_init_detection_module(detection_tick_resolution, malloc_wrapper, free_wrapper, debug_printf);
                                                                                                                                                       ^
In file included from ../include/qdpi.h:22:0,
                from qdpi.cpp:20:
/usr/include/libndpi/ndpi_api.h:77:40: note:   initializing argument 2 of 'ndpi_detection_module_struct* ndpi_init_detection_module(u_int32_t, void* (*)(size_t), void (*)(void*), ndpi_debug_function_ptr)'
  struct ndpi_detection_module_struct *ndpi_init_detection_module(u_int32_t ticks_per_second,
                                       ^

Share this post


Link to post
Share on other sites

taf_321, так он изначально был заявлен как 64-only.

Share this post


Link to post
Share on other sites

Спасибо автору за nfqfilter.

 

Для nfqfilter

Подскажите пожалуйста какой лучше nDPI ставить

nDPI = 1.7 плюс выше выложеный патч.

Или с git и там уже все патчи приложены?

 

Просветите как nfqfilter детектит SSL

По ip или из TLS, hostname вытягивает.

Share this post


Link to post
Share on other sites

Спасибо автору за nfqfilter.

 

Для nfqfilter

Подскажите пожалуйста какой лучше nDPI ставить

nDPI = 1.7 плюс выше выложеный патч.

Или с git и там уже все патчи приложены?

 

Просветите как nfqfilter детектит SSL

По ip или из TLS, hostname вытягивает.

 

Я не проверял nDPI с dev ветки. 1.7 + патч работают как надо.

На данный момент SSL блокируется на основе имени хоста в hello запросе. Но, к сожалению, старые версии браузеров не вставляют имя хоста в hello запрос, поэтому есть опция block_undetected_ssl, при помощи которой блокируются все SSL hello пакеты от клиента.

Share this post


Link to post
Share on other sites

max1976 приветствую. Отличная разработка, спасибо огромное.

Проверьте пожалуйста у себя, блокируется ли у вас url: http://konan-vesti.blogspot.ru/2015/11/18.html

Посмотрел в реестре и в файле urls выглядит вроде все правильно. Но не блокируется.

Share this post


Link to post
Share on other sites

max1976 приветствую. Отличная разработка, спасибо огромное.

Проверьте пожалуйста у себя, блокируется ли у вас url: http://konan-vesti.blogspot.ru/2015/11/18.html

Посмотрел в реестре и в файле urls выглядит вроде все правильно. Но не блокируется.

Замечательно блокируется. Возможно у вас ещё не все ip адреса blogspot.ru отрезолвились.

Share this post


Link to post
Share on other sites

Постоянно такое вылазит:

[root@localhost etc]# perl /usr/local/etc/nfqfilter_config-master/make_files.pl

Alarm clock

[root@localhost etc]#

Есть идеи где копать?

Share this post


Link to post
Share on other sites

Постоянно такое вылазит:

[root@localhost etc]# perl /usr/local/etc/nfqfilter_config-master/make_files.pl

Alarm clock

[root@localhost etc]#

Есть идеи где копать?

 

Что-то отваливается по таймауту, возможно vtysh.

Share this post


Link to post
Share on other sites

max1976 приветствую. Отличная разработка, спасибо огромное.

Проверьте пожалуйста у себя, блокируется ли у вас url: http://konan-vesti.blogspot.ru/2015/11/18.html

Посмотрел в реестре и в файле urls выглядит вроде все правильно. Но не блокируется.

Замечательно блокируется. Возможно у вас ещё не все ip адреса blogspot.ru отрезолвились.

 

Похоже такое поведение связанно с наличием у нас GGC. На IP, который резольвиться из konan-vesti.blogspot.ru успевает пролететь несколько десяток пакетов, потом начинаеться обращение к GGC, откуда и тянеться оставшаяся часть контента. Очень странно, что по логам nfqfilter в режиме дебаг не видно, распознования этого ресурса. Как будто пакетов не хватило для анализа.

 

Если интересно, вот ссылка на дамп, с машины, где поднят nfqfilter: https://www.dropbox.com/s/42pwistj4xam8fc/konan-vesti2.pcap?dl=0

 

Спасибо.

Edited by Zarin

Share this post


Link to post
Share on other sites

Нашел причину:

2016-02-24 17:55:06.555 [1256] Debug nfqThread - Protocol is 0/126 
2016-02-24 17:55:06.555 [1256] Debug nfqThread - nDPI protocol detection occupied 108 us
2016-02-24 17:55:06.555 [1256] Debug nfqThread - Not http protocol. Protocol is 0/126 from 109.110.59.18:39206 to 173.194.219.132:80
2016-02-24 17:55:06.555 [1256] Debug nfqThread - Got the packet from queue
2016-02-24 17:55:06.555 [1256] Debug nfqThread - Got the packet from queue
tail: ‘/var/log/nfqfilter.log’ has become inaccessible: No such file or directory
tail: ‘/var/log/nfqfilter.log’ has appeared;  following end of new file
tail: ‘/var/log/nfqfilter.log’ has become inaccessible: No such file or directory
tail: ‘/var/log/nfqfilter.log’ has appeared;  following end of new file
tail: ‘/var/log/nfqfilter.log’ has been replaced;  following end of new file
tail: ‘/var/log/nfqfilter.log’ has become inaccessible: No such file or directory
tail: ‘/var/log/nfqfilter.log’ has appeared;  following end of new file
--
2016-02-24 17:55:10.651 [1256] Debug nfqThread - Protocol is 0/126 
2016-02-24 17:55:10.651 [1256] Debug nfqThread - nDPI protocol detection occupied 118 us
2016-02-24 17:55:10.651 [1256] Debug nfqThread - Not http protocol. Protocol is 0/126 from 109.110.59.18:39206 to 173.194.219.132:80
2016-02-24 17:55:10.651 [1256] Debug nfqThread - Got the packet from queue
2016-02-24 17:55:10.651 [1256] Debug nfqThread - Got the packet from queue

 

По какой-то причине классифицируеться не как HTTP. На версии nDPI (1.7.1-dev-294-33fa198)

 

А вот и причина: https://github.com/ntop/nDPI/blob/33fa1989bce4cd3d56ca6e34c336b233e9de16a9/src/lib/ndpi_content_match.c.inc

 

Google

173.194.0.0/16

64.233.160.0/19

*/

{ 0xADC20000 /* 173.194.0.0 */, 16, NDPI_SERVICE_GOOGLE },

{ 0x40E91600 /* 64.233.160.0 */, 19, NDPI_SERVICE_GOOGLE },

Edited by Zarin

Share this post


Link to post
Share on other sites

Постоянно такое вылазит:

[root@localhost etc]# perl /usr/local/etc/nfqfilter_config-master/make_files.pl

Alarm clock

[root@localhost etc]#

Есть идеи где копать?

 

Что-то отваливается по таймауту, возможно vtysh.

 

Блин, похоже и в правду он отваливается:

[root@localhost nfqfilter_config-master]# perl make_files.pl
Alarm clock

2016-02-24 14:41:33 | DEBUG | main  | Add ip address 188.164.255.182 to bgpd via vtysh
2016-02-24 14:41:33 | DEBUG | main  | Command '/usr/bin/vtysh -c 'configure terminal' -c 'router bgp 31336' -c 'network 188.164.255.182/32'' excecuted successfully
2016-02-24 14:41:33 | DEBUG | main  | Add ip address 46.249.51.143 to bgpd via vtysh
2016-02-24 14:41:33 | DEBUG | main  | Command '/usr/bin/vtysh -c 'configure terminal' -c 'router bgp 31336' -c 'network 46.249.51.143/32'' excecuted successfully
2016-02-24 14:41:33 | DEBUG | main  | Add ip address 104.27.133.59 to bgpd via vtysh
2016-02-24 14:41:33 | DEBUG | main  | Command '/usr/bin/vtysh -c 'configure terminal' -c 'router bgp 31336' -c 'network 104.27.133.59/32'' excecuted successfully
2016-02-24 14:41:33 | DEBUG | main  | Add ip address 46.246.38.37 to bgpd via vtysh
2016-02-24 14:41:33 | DEBUG | main  | Command '/usr/bin/vtysh -c 'configure terminal' -c 'router bgp 31336' -c 'network 46.246.38.37/32'' excecuted successfully
2016-02-24 14:41:33 | DEBUG | main  | Add ip address 95.211.184.212 to bgpd via vtysh

 

Вообще странно, настройки вроде стандартные...

Крайнюю команду выполняю вручную - все норм.

Share this post


Link to post
Share on other sites

Нашел причину:

2016-02-24 17:55:06.555 [1256] Debug nfqThread - Protocol is 0/126 
2016-02-24 17:55:06.555 [1256] Debug nfqThread - nDPI protocol detection occupied 108 us
2016-02-24 17:55:06.555 [1256] Debug nfqThread - Not http protocol. Protocol is 0/126 from 109.110.59.18:39206 to 173.194.219.132:80
2016-02-24 17:55:06.555 [1256] Debug nfqThread - Got the packet from queue
2016-02-24 17:55:06.555 [1256] Debug nfqThread - Got the packet from queue
tail: ‘/var/log/nfqfilter.log’ has become inaccessible: No such file or directory
tail: ‘/var/log/nfqfilter.log’ has appeared;  following end of new file
tail: ‘/var/log/nfqfilter.log’ has become inaccessible: No such file or directory
tail: ‘/var/log/nfqfilter.log’ has appeared;  following end of new file
tail: ‘/var/log/nfqfilter.log’ has been replaced;  following end of new file
tail: ‘/var/log/nfqfilter.log’ has become inaccessible: No such file or directory
tail: ‘/var/log/nfqfilter.log’ has appeared;  following end of new file
--
2016-02-24 17:55:10.651 [1256] Debug nfqThread - Protocol is 0/126 
2016-02-24 17:55:10.651 [1256] Debug nfqThread - nDPI protocol detection occupied 118 us
2016-02-24 17:55:10.651 [1256] Debug nfqThread - Not http protocol. Protocol is 0/126 from 109.110.59.18:39206 to 173.194.219.132:80
2016-02-24 17:55:10.651 [1256] Debug nfqThread - Got the packet from queue
2016-02-24 17:55:10.651 [1256] Debug nfqThread - Got the packet from queue

 

По какой-то причине классифицируеться не как HTTP. На версии nDPI (1.7.1-dev-294-33fa198)

 

А вот и причина: https://github.com/ntop/nDPI/blob/33fa1989bce4cd3d56ca6e34c336b233e9de16a9/src/lib/ndpi_content_match.c.inc

 

Google

173.194.0.0/16

64.233.160.0/19

*/

{ 0xADC20000 /* 173.194.0.0 */, 16, NDPI_SERVICE_GOOGLE },

{ 0x40E91600 /* 64.233.160.0 */, 19, NDPI_SERVICE_GOOGLE },

 

Не ставьте dev-версию. Ставьте версию 1.7 + небольшой патч от меня и тогда всё будет работать без проблем.

 

Вообще странно, настройки вроде стандартные...

 

Видимо ваш shell думает что программа выполняется слишком долго (заполнение начального конфига bgpd маршрутами). Выключите quagga, дайте сгенерировать сrрипту начальный конфиг для bgpd. После этого включайте quagga и маршруты буду удаляться/добавляться в онлайн режиме без перезапуска bgpd.

Share this post


Link to post
Share on other sites

Видимо ваш shell думает что программа выполняется слишком долго (заполнение начального конфига bgpd маршрутами). Выключите quagga, дайте сгенерировать сrрипту начальный конфиг для bgpd. После этого включайте quagga и маршруты буду удаляться/добавляться в онлайн режиме без перезапуска bgpd.

Попробовал без bgpd, Alarm clock, попробовал без zebra тоже Alarm clock.

Может таймаут какой где-то подкрутить? Или памяти не хватает?(1024)

 

UPD решил колхозом:

[root@localhost nfqfilter_config-master]# for i in {1..20}; do ./make_files.pl; done

Edited by KaraVan

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now