[Babel-users] making babeld go boom with bogons
Dave Taht
dave.taht at gmail.com
Mon Oct 1 01:42:23 BST 2018
I was adding bogon filtering back into that new apu2 default gateway
(which, btw, used to run quagga)
Simple example (though you need to grep out a few more things)
#!/bin/sh
TFILE=/tmp/bogons.$$
B6N=fullbogons-ipv6.txt
B4N=fullbogons-ipv4.txt
B6=https://www.team-cymru.org/Services/Bogons/$B6N
B4=https://www.team-cymru.org/Services/Bogons/$B4N
rm -f /tmp/$B6N /tmp/$B4N
cd /tmp; wget -t 300 $B6; wget -t 300 $B4
cat /tmp/$B4N /tmp/$B6N | egrep -v \# | while read x
do
echo route replace blackhole $x proto 51
done > $TFILE
ip -b $TFILE
rm -f $TFILE
And I'm *not* importing proto 51 of this list into babeld, but when it
does a kernel dump, it gets it all, hits an internal memory limit
processing the netlink data and doesn't manage to import *any* kernel
routes.
root at ida:~/git/babeld# ./babeld -d 1 eth0
Interface eth0 has no link-local address.
setsockopt(IPV6_LEAVE_GROUP): Cannot assign requested address
Warning: couldn't check exported routes.
Interface eth0 has no link-local address.
...
So, perhaps, some way to express invalid protocols and tables earlier
in the babeld filtering system would help. (yep, gonna fiddle with
bird soon, too. or bpf, again.)
crude, example, hack
diff --git a/kernel_netlink.c b/kernel_netlink.c
index 76e6350..c651d72 100644
--- a/kernel_netlink.c
+++ b/kernel_netlink.c
@@ -1201,6 +1201,9 @@ filter_kernel_routes(struct nlmsghdr *nh, struct
kernel_route *route)
if(rtm->rtm_protocol == RTPROT_BABEL)
return 0;
+ if(rtm->rtm_protocol == 51 )
+ return 0;
+
/* Ignore cached routes, advertised by some kernels (linux 3.x). */
if(rtm->rtm_flags & RTM_F_CLONED)
return 0;
More information about the Babel-users
mailing list