<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Hi Dirk,<br>
<br>
on the new v1.57 build 482 I've seen set/badip and sh/badip, but
it's missing the unset/badip (just in case of typo or something
else)... Are you planning to add this command later ?<br>
<br>
73 Luigi IK5ZUK<br>
<br>
<div class="moz-cite-prefix">Il 20/01/2023 15:41, Dirk Koopman via
Dxspider-support ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:69a1fcea-8516-8dbe-1bd7-703dded01086@tobit.co.uk">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<font size="4">There is a new release on the mojo branch. <br>
<br>
The main changes that will be of interest are:<br>
<br>
1. There is now a complete implementation of stopping logins
from TOR nodes and some other bad IP addresses. I maintain the
badip.torexit, badip.torrelay and badip.global files. If you
follow the instructions below for your local crontab, you will
keep a current set of 'bad ip addresses'. You can also add your
own local bad ip addresses with the set/badip command. But if
you think this IP address is a problem, tell the support mailing
list and I will add it to the 'global' list, which will be
distributed around those nodes that download the master lists. <br>
<br>
</font><font size="4"><font size="4">You will need to install
Net::CIDR::Lite to utilise the badip stuff.</font><br>
<br>
2. There is a mechanism for aliasing localhost on client
connections and/or other rfc1918 addresses for more complex node
arrangements such as web clusters etc. The default arrangement a
simple node with one external ip address will "just work"
automatically, once it has either connect to another node, or an
external user connects.<br>
<br>
This means that sshing into a node, running a console and doing
a few dx commands will result in the external address appearing
in the routing tables locally and externally automatically. If
you have a more complex networking arrangement, please get in
touch on here (or privately) for advice. <br>
<br>
3. There is a mechanism that uses information from incoming PC92
A records as well as PC61 spots to "upgrade" PC11 spots into
PC61s. There is command 'show/spotstats' (or 'sh/spot' for
short) that displays some statistics as to how this is all going
where you are in the network. Don't be disheartened if you only
see a small percentage of upgrades. It depends very much on how
many and which nodes that only send PC11 spots you are connected
to. I happen to get upwards of 6% on my test machine, but that
means there will be that many fewer for some other node to do.<br>
<br>
I expect that there will be questions....<br>
<br>
73 Dirk G1TLH<br>
<br>
Here is the Changes file:<br>
<br>
<font face="monospace">20Jan23=======================================================================<br>
1. Add the variable @main::localhost_names to allow other IP
addresses to<br>
be treated in the same way as localhost in item 1 on
19Jan23 below. NOTE<br>
you must include ALL the normal localhost names + any other
interface<br>
names that you might want to include:<br>
<br>
set/var @main::localhost_names qw(127.0.0.1 ::1
192.168.1.30)<br>
<br>
using the qw() construction is easier than:<br>
<br>
set/var @main::localhost_names ('127.0.0.1', '::1',
'192.168.1.30')<br>
<br>
but either will work. You can define as many IP addresses
as you like and<br>
they can be IPV4 or 6. <br>
<br>
You do NOT need to fiddle with this unless you specifically
have more<br>
than just the normal definitions of localhost. So for
'normal' nodes with<br>
one external interface, you DO NOT NEED TO DO ANY OF THIS.
<br>
2. Added CTY-3304 prefix data<br>
19Jan23=======================================================================<br>
1. Introduce aliasing for localhost in DX Spots and outgoing
PC92 A records<br>
on login. There are two variables which can be set with the
alias to use:<br>
$main::localhost_alias_ipv4<br>
$main::localhost_alias_ipv6 <br>
These can be set in the /spider/scripts/startup, but this
is only <br>
necessary if the node has more than one interface, or
virtual hosts. If <br>
there is ONLY ONE ipv4 and/or ipv6 IP address on the node
machine then <br>
these variables will be automatically populated on first
use. But the SAFE<br>
thing to do is to set them in the startup file. <br>
<br>
THIS FEATURE IS EXPERIMENTAL... <br>
18Jan23=======================================================================<br>
1. Make sure than *every* channel has an IP address. Thank you
(I think) Kin <br>
for pointing out that PC92 A records were not going out
with IP addresses.<br>
I'm guessing that other things (like spots) had a similar
problem. <br>
15Jan23=======================================================================<br>
1. Fix strange errors for carp on missing route_*_cache files
on startup.<br>
14Jan23=======================================================================<br>
1. Fixed route PC11 promotions so that a new PC61 is actually
generated and <br>
also sent instead of the original PC11 (to PC61 capable
nodes).<br>
13Jan23=======================================================================<br>
1. Periodically store Routing tables and, if they are young
enough (def: 3hrs)<br>
autotically restore them on restart of the node. This will
short circuit<br>
the need to rebuild the routing tables from scratch on
every restart - <br>
which is normally for something like software update. <br>
2. Fix pc11 debugging stats with the correct figures. Sigh...
Also move some<br>
of the totals to a different place.<br>
3. Add show/spotstats command which gives the current spot
statistics shown<br>
during pc11 debugging (which means you don't need to
set/deb pc11 unless<br>
you really want that extra noise).<br>
12Jan23=======================================================================<br>
1. Regularise 'set/debug pc11' output to track all the routes
through PC11 and<br>
PC61 processing and statistics.<br>
11Jan23=======================================================================<br>
1. Improve (?) the PC11 -> PC61 upgrading process that
delays incoming PC11s<br>
for a very short time in the hope that a PC61 will come in
to be used <br>
instead. It will also upgrade a PC11 if we have an uptodate
IP address <br>
that has come in from the routing system PC92s. do a
'set/debug pc11' to <br>
see it in action. <br>
2. I have chosen a definitive list of TOR exits and relays
which can be <br>
downloaded from <a class="moz-txt-link-freetext"
href="http://www.dxspider.net/download/badip.torexit"
moz-do-not-send="true">http://www.dxspider.net/download/badip.torexit</a>,<br>
<a class="moz-txt-link-freetext"
href="http://www.dxspider.net/download/badip.torrelay"
moz-do-not-send="true">http://www.dxspider.net/download/badip.torrelay</a>
and finally, for those IP<br>
addresses that are deemed to be 'bad':<br>
<a class="moz-txt-link-freetext"
href="http://www.dxspider.net/download/badip.global"
moz-do-not-send="true">http://www.dxspider.net/download/badip.global</a>.
I have added the following <br>
lines to my /spider/local_cmd/crontab:<br>
<br>
24 * * * * spawn('cd /spider/local_data; wget -qN <a
class="moz-txt-link-freetext"
href="http://www.dxspider.net/download/badip.torexit"
moz-do-not-send="true">http://www.dxspider.net/download/badip.torexit</a>')<br>
24 * * * * spawn('cd /spider/local_data; wget -qN <a
class="moz-txt-link-freetext"
href="http://www.dxspider.net/download/badip.torrelay"
moz-do-not-send="true">http://www.dxspider.net/download/badip.torrelay</a>')<br>
24 * * * * spawn('cd /spider/local_data; wget -qN <a
class="moz-txt-link-freetext"
href="http://www.dxspider.net/download/badip.global"
moz-do-not-send="true">http://www.dxspider.net/download/badip.global</a>')<br>
25 * * * * run_cmd('load/badip')<br>
<br>
The tor files are downloaded from <a
class="moz-txt-link-freetext"
href="https://lists.fissionrelays.net/tor/"
moz-do-not-send="true">https://lists.fissionrelays.net/tor/</a>
at <br>
15 minutes past every hour, please would you use some other
minute than<br>
23 or 24 to get your own local copies. <br>
<br>
A 'set/debug badip' will show you what is being blocked. <br>
3. Fix set/badip so that it appends new IP addresses
correctly.<br>
10Jan23=======================================================================<br>
1. Add baddx on incoming callsign in RBN.<br>
2. Search for all /spider/local_data/badip.* files to allow
more control on<br>
which IP addresses are detected. e.g. badip.torexit,
badip.torrelay as well<br>
as baddx.local. The suffixes, apart from .local (created by
set/badip) are<br>
completely arbitrary. You can use whichever suffix name you
like. This is<br>
a more useful arrangement for the ever increasing sources
of "bad ip<br>
addresses" that we need to deter. <br>
<br>
NOTE: all badip.<suffix> are read only EXCEPT
badip.local (which can be<br>
altered in real time by the sysop using set/badip <ip
address> ...). <br>
If one uses periodic crontab jobs to update any other
badip.<suffix><br>
files from web resources then don't forget to 'load/badip'
afterwards. <br>
3. Add a /spider/data/baddx.issue file which can be copied to
(or used as a <br>
basis to create) /spider/local_data/baddx<br>
09Jan23=======================================================================<br>
1. Finish implemention of DXCIDR ip address filtering. This
works on both <br>
logins (treated the same as locked out - i.e. just
disconnected) and also<br>
with PC61s where these sentences are just dropped. Also
attempt to prevent<br>
any *following* PC11s with the same data getting through. <br>
<br>
YOU WILL NEED either 'cpanm Net::CIDR::Lite' or
debian/ubuntu based distros <br>
'apt install libnet-cidr-lite-perl'. RedHat based systems
will have similar<br>
packages available.<br>
<br>
2. Recognise PC18s coming from CC Clusters more nicely.<br>
04Jan23=======================================================================<br>
1. Fillout DXCIDR, attach checks in PC61 and logins. Login
that fail will <br>
simply disconnect, like locked out callsigns<br>
2. Fix qrz.com URL in stock Internet.pm.<br>
3. Fix DXHash issues (baddx, badnode, badspotter etc)<br>
</font><br>
<br>
</font> <br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Dxspider-support mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dxspider-support@tobit.co.uk">Dxspider-support@tobit.co.uk</a>
<a class="moz-txt-link-freetext" href="https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support">https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support</a>
</pre>
</blockquote>
<br>
</body>
</html>