* Re: [9front] how to create a blackhole/null route
@ 2024-07-31 2:09 sl
0 siblings, 0 replies; 5+ messages in thread
From: sl @ 2024-07-31 2:09 UTC (permalink / raw)
To: 9front, sl
> today's commits fixed multiple kernel bugs and resolved this issue
> for me. here's how to setup a successful blackhole route:
>
> # create a null device with junk ip address
> ; ip/ipconfig null /dev/mordor 192.69.69.69 255.255.255.0
>
> # fuck bytedance
> ; echo 'add 47.128.0.0 255.255.0.0 192.69.69.69' >/net/iproute
the method above accepts traffic but does not send anything back.
a recent commit enabled the following method of blocking traffic
entirely (it never gets passed to userland):
# fuck bytedance
aux/dial -e -o hangup 'ipmux!ver=4;src=47.128.0.0&255.252.0.0' rc -c 'echo 0 > /srv/blocked.47.128'
no dial process is left running, we just hold open the fd.
remove the block like so:
; rm /srv/blocked.47.128
sl
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9front] how to create a blackhole/null route
2024-07-28 2:19 ` Romano
@ 2024-07-28 4:37 ` Stanley Lieber
0 siblings, 0 replies; 5+ messages in thread
From: Stanley Lieber @ 2024-07-28 4:37 UTC (permalink / raw)
To: 9front
On July 27, 2024 10:19:18 PM EDT, Romano <me+unobe@fallglow.com> wrote:
>On Sat Jul 27 18:23:42 -0700 2024, sl@stanleylieber.com wrote:
>> today's commits fixed multiple kernel bugs and resolved this issue
>> for me. here's how to setup a successful blackhole route:
>>
>> # create a null device with junk ip address
>> ; ip/ipconfig null /dev/mordor 192.69.69.69 255.255.255.0
>
>Is there a reason why /dev/mordor and not /dev/null? Is that needed
>to actually return some junk to splooge over the requester?
>
the example in ipconfig(8) uses /dev/mordor, but i don't think there is any functional difference for this application.
corrections welcome.
sl
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9front] how to create a blackhole/null route
2024-07-28 1:18 ` sl
@ 2024-07-28 2:19 ` Romano
2024-07-28 4:37 ` Stanley Lieber
0 siblings, 1 reply; 5+ messages in thread
From: Romano @ 2024-07-28 2:19 UTC (permalink / raw)
To: 9front
On Sat Jul 27 18:23:42 -0700 2024, sl@stanleylieber.com wrote:
> today's commits fixed multiple kernel bugs and resolved this issue
> for me. here's how to setup a successful blackhole route:
>
> # create a null device with junk ip address
> ; ip/ipconfig null /dev/mordor 192.69.69.69 255.255.255.0
Is there a reason why /dev/mordor and not /dev/null? Is that needed
to actually return some junk to splooge over the requester?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9front] how to create a blackhole/null route
2024-07-27 5:00 Stanley Lieber
@ 2024-07-28 1:18 ` sl
2024-07-28 2:19 ` Romano
0 siblings, 1 reply; 5+ messages in thread
From: sl @ 2024-07-28 1:18 UTC (permalink / raw)
To: 9front
today's commits fixed multiple kernel bugs and resolved this issue
for me. here's how to setup a successful blackhole route:
# create a null device with junk ip address
; ip/ipconfig null /dev/mordor 192.69.69.69 255.255.255.0
# fuck bytedance
echo 'add 47.128.0.0 255.255.0.0 192.69.69.69' >/net/iproute
thanks cinap_lenrek and moody for the help.
sl
^ permalink raw reply [flat|nested] 5+ messages in thread
* [9front] how to create a blackhole/null route
@ 2024-07-27 5:00 Stanley Lieber
2024-07-28 1:18 ` sl
0 siblings, 1 reply; 5+ messages in thread
From: Stanley Lieber @ 2024-07-27 5:00 UTC (permalink / raw)
To: 9front
the following did not work as intended:
; { echo bind null; echo add 192.69.69.69 255.255.255.0 } >/net/ipifc/clone
; echo 'add 47.128.0.0 255.255.0.0 192.69.69.69' >/net/iproute
this resulted in:
; cat /net/iproute
0.0.0.0 /96 168.235.82.1 4 none 0 168.235.82.0 /120
0.0.0.0 /96 168.235.82.1 4 none 0 168.235.82.67 /128
224.0.0.1 /128 224.0.0.1 4m ifc 0 168.235.82.67 /128
224.0.0.1 /128 224.0.0.1 4m ifc 1 192.69.69.69 /128
192.69.69.0 /120 192.69.69.0 4i ifc 1 0.0.0.0 /96
192.69.69.0 /120 192.69.69.0 4i ifc 1 192.69.69.69 /128
192.69.69.0 /128 192.69.69.0 4b ifc 1 192.69.69.69 /128
192.69.69.69 /128 192.69.69.69 4u ifc 1 0.0.0.0 /96
192.69.69.255 /128 192.69.69.255 4b ifc 1 192.69.69.69 /128
168.235.0.0 /128 168.235.0.0 4b ifc 0 168.235.82.67 /128
168.235.82.0 /120 168.235.82.0 4i ifc 0 0.0.0.0 /96
168.235.82.0 /120 168.235.82.0 4i ifc 0 168.235.82.67 /128
168.235.82.0 /128 168.235.82.0 4b ifc 0 168.235.82.67 /128
168.235.82.67 /128 168.235.82.67 4u ifc 0 0.0.0.0 /96
168.235.82.255 /128 168.235.82.255 4b ifc 0 168.235.82.67 /128
168.235.255.255 /128 168.235.255.255 4b ifc 0 168.235.82.67 /128
47.128.0.0 /112 192.69.69.69 4 none 1 0.0.0.0 /96
255.255.255.255 /128 255.255.255.255 4b ifc 0 168.235.82.67 /128
255.255.255.255 /128 255.255.255.255 4b ifc 1 192.69.69.69 /128
fe80:: /64 fe80:: 6i ifc 0 fe80::f816:3eff:fe07:480d /128
fe80::f816:3eff:fe07:480d /128 fe80::f816:3eff:fe07:480d 6u ifc 0 fe80::f816:3eff:fe07:480d /128
ff02:: /16 ff02::1 6m ifc 0 fe80::f816:3eff:fe07:480d /128
ff02::1 /128 ff02::1 6m ifc 0 fe80::f816:3eff:fe07:480d /128
ff02::1:ff07:480d /128 ff02::1:ff07:480d 6m ifc 0 fe80::f816:3eff:fe07:480d /128
but:
1.) traffic from 47.128.0.0/16 still reached 168.235.82.67.
2.) after a few minutes the normal 168.235.82 routes disappeared from iproute, leaving only the new 192.69.69 lines, rendering the machine entirely inaccessible.
what am i doing wrong?
sl
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-07-31 2:11 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-07-31 2:09 [9front] how to create a blackhole/null route sl
-- strict thread matches above, loose matches on Subject: below --
2024-07-27 5:00 Stanley Lieber
2024-07-28 1:18 ` sl
2024-07-28 2:19 ` Romano
2024-07-28 4:37 ` Stanley Lieber
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).