commit b3a99167475a11e90c1ed3f9271dbb8db3c56057 Author: Grzegorz Surmann Date: Wed Jul 17 17:04:23 2024 +0000 first commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6e0d064 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +etc/config.ini diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/etc/init.d/bgpblacklist b/etc/init.d/bgpblacklist new file mode 100755 index 0000000..278df70 --- /dev/null +++ b/etc/init.d/bgpblacklist @@ -0,0 +1,44 @@ +#! /bin/sh +# +### BEGIN INIT INFO +# Provides: bgpblacklist +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start and stop the bgpblacklist daemon +# Description: Controls the main bgpblacklist daemon +### END INIT INFO +# + +PATH=/root/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +export PATH + +. /lib/lsb/init-functions + +myname=`basename $0` +mypath='/opt/bgpblist' + +cd $mypath + + +case "$1" in + start) + log_daemon_msg "Starting bgpblacklist" + start-stop-daemon --start --quiet --pidfile /var/run/allall.pid --background --make-pidfile --exec $mypath/allall.php + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping bgpblacklist" + killall -HUP -g allall.php >/dev/null 2>&1 + start-stop-daemon --oknodo --stop --quiet --pidfile /var/run/allall.pid --exec $mypath/allall.php + log_end_msg $? + ;; + restart) + $mypath/$myname stop && $mypath/$myname start + ;; + *) + echo "Usage: $0 {start|stop|restart}" >&2 + exit 3 + ;; +esac diff --git a/etc/systemd/bgpblacklist.service b/etc/systemd/bgpblacklist.service new file mode 100644 index 0000000..a972649 --- /dev/null +++ b/etc/systemd/bgpblacklist.service @@ -0,0 +1,9 @@ +[Unit] +Description=bgpblacklist + +[Service] +ExecStart=/opt/bgpblist/sbin/bgpblacklistd +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/sbin/bgpblacklistd b/sbin/bgpblacklistd new file mode 100755 index 0000000..448562f --- /dev/null +++ b/sbin/bgpblacklistd @@ -0,0 +1,96 @@ +#!/usr/bin/php + $v) { + if ( strlen(trim($v)) == 0 ) { + continue; + } + if ( ip2long(preg_replace("/\/.*/","",$v)) == 0 || preg_match("/:/",$v) ) { + unset($tmp[$k]); + } + list($net,$mask)=explode("/",$v); + if ( $mask <= 19 ) { + unset($tmp[$k]); + } + $bad_nets[$v]=TRUE; + } + if ( count($bad_nets) == 0 ) { + logtofile("EMPTY_LST"); + $sleeptime=10; + logtofile("SLEEP: ".$sleeptime."s"); + sleep($sleeptime); + continue; + } + foreach(array_keys($bad_nets) as $k) { + if ( !array_key_exists($k,$prev_bad) ) { + passthru("ip route add prohibit ".$k); + logtofile("ROUTE + ".$k); + } + } + foreach(array_keys($prev_bad) as $k) { + if ( !array_key_exists($k,$bad_nets) ) { + passthru("ip route del prohibit ".$k); + logtofile("ROUTE - ".$k); + } + } + $prev_bad=$bad_nets; + gc_collect_cycles(); + $cycle_end=microtime(TRUE); + logtofile("CYCLE_END"); + $cycle_len=number_format($cycle_end-$cycle_beg,3,".",""); + logtofile("CYCLE_LEN: ".$cycle_len."s"); + $sleeptime=30*ceil($cycle_len); + if ( $sleeptime < 10 ) { $sleeptime=10; } + if ( $sleeptime > 300 ) { $sleeptime=300; } + logtofile("SLEEP: ".$sleeptime."s"); + sleep($sleeptime); +} +function logtofile($text) { + global $logfile; + $data=gmdate("Y-m-d H:i:s")." | ".$text."\n"; + file_put_contents($logfile,$data,FILE_APPEND); +} +function sig_handler($sig) { + clean_routes(); + exit_die(); +} +function clean_routes() { + logtofile("CLEANING_RT"); + passthru("ip route show | grep '^prohibit ' | awk '{print $2}' | xargs -I '{}' ip route del prohibit '{}'"); +} +function exit_die() { + logtofile("EXITING..."); + die(); +}