To, lafiya, game da "fadi cikin soyayya" ƙari ne. Maimakon "zai iya zama tare da".
Kamar yadda kuka sani, tun daga Afrilu 16, 2018, Roskomnadzor yana toshe damar samun albarkatu akan hanyar sadarwar tare da bugun jini mai fa'ida, yana ƙara zuwa Haɗin kai na sunayen yanki, masu nuni ga shafukan yanar gizo akan Intanet da adiresoshin cibiyar sadarwa waɗanda ke ba ku damar. gano shafuka akan Intanet, dauke da bayanai, wanda aka haramta yadawa a cikin Tarayyar Rasha" (a cikin rubutu - kawai rajista) / 10 wani lokaci. A sakamakon haka, 'yan ƙasa na Tarayyar Rasha da kuma 'yan kasuwa suna shan wahala, sun rasa damar yin amfani da albarkatun doka gaba ɗaya da suke bukata.
Bayan da na ce a cikin sharhin daya daga cikin labarin Habré cewa a shirye nake in taimaka wa waɗanda abin ya shafa tare da kafa tsarin wucewa, mutane da yawa sun tuntube ni suna neman irin wannan taimako. Lokacin da duk abin ya yi aiki a gare su, ɗaya daga cikinsu ya ba da shawarar kwatanta fasaha a cikin labarin. A cikin tunani, na yanke shawarar karya shiru na a kan shafin kuma na gwada sau ɗaya don rubuta wani abu mai tsaka-tsakin tsakanin aiki da rubutu a Facebook, watau. habrapost. Sakamakon yana gaban ku.
Disclaimer
Tun da yake ba doka ba ne don buga hanyoyin da za a ketare damar yin amfani da bayanan da aka haramta a cikin Tarayyar Rasha, manufar wannan labarin zai zama magana game da hanyar da za ta ba ku damar sarrafa damar yin amfani da albarkatun da aka ba da izini a yankin. na Tarayyar Rasha, amma saboda ayyukan wani ba za a iya isa ba kai tsaye ta hanyar mai ba ku. Kuma samun damar yin amfani da wasu albarkatun, wanda aka samu a sakamakon ayyuka daga labarin, wani sakamako ne mai ban sha'awa kuma ba haka ba ne manufar labarin.
Har ila yau, tun da farko ni masanin fasahar sadarwa ne ta hanyar sana'a, sana'a da kuma hanyar rayuwa, shirye-shirye da Linux ba ƙarfina ba ne. Sabili da haka, ba shakka, ana iya rubuta rubutun mafi kyau, al'amurran tsaro a cikin VPS za a iya yin aiki da zurfi sosai, da dai sauransu. Za a yarda da shawarwarinku tare da godiya, idan an yi cikakkun bayanai - Zan yi farin cikin ƙara su a cikin rubutun labarin.
TL, DR
Muna sarrafa damar samun albarkatu ta atomatik ta hanyar rami na yanzu ta amfani da kwafin rajista da ka'idar BGP. Manufar ita ce a cire duk hanyoyin da ake magana da su zuwa abubuwan da aka toshe a cikin rami. Mafi ƙarancin bayani, galibi umarnin mataki zuwa mataki.
Me kuke bukata don wannan
Abin takaici, wannan sakon ba na kowa ba ne. Don amfani da wannan fasaha, kuna buƙatar haɗa wasu abubuwa kaɗan:
- Dole ne ku sami uwar garken Linux a waje da filin toshewa. Ko aƙalla sha'awar fara irin wannan uwar garke - tunda yanzu farashinsa daga $ 9 / shekara, kuma mai yiwuwa ƙasa. Hakanan hanyar ta dace idan kuna da ramin VPN daban, to ana iya kasancewa uwar garken a cikin filin toshe.
- Dole ne na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya zama mai kaifin basira don iya
- duk wani abokin ciniki na VPN da kuke so (Na fi son OpenVPN, amma yana iya zama PPTP, L2TP, GRE + IPSec, da duk wani zaɓi wanda ke haifar da ƙirar rami);
- BGPv4 yarjejeniya. Wanne yana nufin cewa don SOHO yana iya zama Mikrotik ko kowane na'ura mai ba da hanya tsakanin hanyoyin sadarwa tare da OpenWRT / LEDE / firmware na al'ada iri ɗaya wanda ke ba ku damar shigar da Quagga ko Tsuntsaye. Hakanan ba a haramta amfani da na'ura mai ba da hanya tsakanin hanyoyin sadarwa na PC ba. Don kamfani, duba takaddun don na'ura mai ba da hanya tsakanin hanyoyin sadarwa don tallafin BGP.
- Ya kamata ku saba da amfani da Linux da fasahar hanyar sadarwa, gami da BGP. Ko aƙalla son samun wannan ra'ayin. Tun da ban shirya rungumar girman girman wannan lokacin ba, dole ne ku yi nazarin wasu abubuwan da ba ku fahimce ku da kanku ba. Duk da haka, zan, ba shakka, amsa takamaiman tambayoyi a cikin sharhi kuma ba ni da wuya in zama ni kaɗai ke amsawa, don haka jin daɗin yin tambaya.
Abin da ake amfani da shi a cikin misali
- Kwafi na rajista
- Sabis na zirga-zirga -
- na'ura mai ba da hanya tsakanin hanyoyin sadarwa -
- Fayilolin aiki - tunda muna aiki azaman tushen, yawancin komai za'a sanya su a cikin babban fayil ɗin tushen gida. Bi da bi:
- /tushen/blacklist - babban fayil mai aiki tare da rubutun haɗawa
- /tushen/zi - kwafin rajista daga github
- /etc/bird - daidaitaccen babban fayil ɗin saitunan sabis na tsuntsaye
- Mun yarda da 194.165.22.146, ASN 64998 a matsayin adireshin IP na waje na VPS tare da uwar garke mai ba da hanya da madaidaicin ƙarshen rami; Adireshin IP na waje na mai ba da hanya tsakanin hanyoyin sadarwa - 81.177.103.94, ASN 64999
- Adireshin IP na cikin rami sune 172.30.1.1 da 172.30.1.2, bi da bi.
Tabbas, zaku iya amfani da duk wasu hanyoyin sadarwa, tsarin aiki da samfuran software, daidaita mafita don dacewa da dabarun su.
A takaice - dabaru na mafita
- Ayyukan shirye-shirye
- Samun VPS
- Muna tayar da rami daga na'ura mai ba da hanya tsakanin hanyoyin sadarwa zuwa VPS
- Samun da sabunta kwafin rajista akai-akai
- Shigarwa da daidaita sabis na kwatance
- Ƙirƙiri jerin tsayayyen hanyoyi don sabis ɗin kwatance bisa tsarin rajista
- Muna haɗa na'ura mai ba da hanya tsakanin hanyoyin sadarwa zuwa sabis kuma saita aika duk zirga-zirga ta hanyar rami.
Ainihin yanke shawara
Ayyukan shirye-shirye
A cikin sararin cibiyar sadarwa akwai ayyuka da yawa waɗanda ke ba da VPS don kuɗi mai ma'ana. Ya zuwa yanzu, na samo kuma na yi amfani da zaɓi na $ 9 / shekara, amma ko da idan ba ku damu da gaske ba, akwai zaɓuɓɓuka da yawa don 1E / watan akan kowane kusurwa. Tambayar zabar VPS ya ta'allaka ne fiye da iyakokin wannan labarin, don haka idan wani abu bai bayyana ga wani ba game da wannan, tambaya a cikin sharhi.
Idan kuna amfani da VPS ba kawai don sabis na kwatance ba, har ma don ƙare rami akan shi, kuna buƙatar haɓaka wannan rami kuma, kusan babu shakka, saita NAT don shi. Akwai umarni masu yawa akan hanyar sadarwa don waɗannan ayyukan, ba zan maimaita su anan ba. Babban abin da ake buƙata don irin wannan rami shine cewa dole ne ya ƙirƙiri keɓantaccen keɓancewa akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa wanda ke goyan bayan ramin zuwa VPS. Yawancin fasahar VPN da aka yi amfani da su sun cika wannan buƙatu - alal misali, OpenVPN a yanayin tun yana da kyau.
Sami kwafin wurin yin rajista
Kamar yadda Jabrayil ya ce, "Wanda ya hana mu zai taimake mu." Tun da RKN yana ƙirƙirar rajista na albarkatun da aka haramta, zai zama zunubi idan ba a yi amfani da wannan rajista don magance matsalarmu ba. Za mu karɓi kwafin rajista daga github.
Muna zuwa uwar garken Linux ɗin ku, mun fada cikin mahallin root'a (sudo su-) kuma shigar da git idan ba a riga an shigar dashi ba.
apt install gitJeka kundin adireshin gidan ku kuma ciro kwafin rajistar.
cd ~ && git clone --depth=1 https://github.com/zapret-info/z-i Saita sabuntawar cron (Ina da shi kowane minti 20, amma kuna iya zaɓar kowane tazara da ke sha'awar ku). Don yin wannan, za mu kaddamar crontab -e kuma ƙara masa layi mai zuwa:
*/20 * * * * cd ~/z-i && git pull && git gcMuna haɗa ƙugiya wanda zai ƙirƙiri fayiloli don sabis na kwatance bayan an sabunta rajistar. Don wannan muna ƙirƙirar fayil /tushen/zi/.git/hooks/post-merge tare da abun ciki mai zuwa:
#!/usr/bin/env bash
changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
check_run() {
echo "$changed_files" | grep --quiet "$1" && eval "$2"
}
check_run dump.csv "/root/blacklist/makebgp"kuma kar a manta da sanya shi aiwatarwa
chmod +x /root/z-i/.git/hooks/post-mergeRubutun makebgp da ƙugiya ke magana za a ƙirƙira daga baya.
Shigarwa da daidaita sabis na kwatance
Sanya tsuntsu. Abin takaici, nau'in tsuntsun da aka buga a halin yanzu a cikin ma'ajin Ubuntu yana kama da sabo da najasar Archeopteryx, don haka muna buƙatar fara ƙara PPA na hukuma na masu haɓaka software zuwa tsarin.
add-apt-repository ppa:cz.nic-labs/bird
apt update
apt install birdBayan haka, nan da nan muna kashe tsuntsu don IPv6 - a cikin wannan shigarwa ba za mu buƙaci shi ba.
systemctl stop bird6
systemctl disable bird6A ƙasa akwai ƙaramin fayil ɗin daidaitawa don sabis ɗin tsuntsu (/etc/bird/bird.conf), wanda ya ishe mu sosai (kuma ina tunatar da ku cewa babu wanda ya hana haɓakawa da daidaita ra'ayin don dacewa da bukatun ku)
log syslog all;
router id 172.30.1.1;
protocol kernel {
scan time 60;
import none;
# export all; # Actually insert routes into the kernel routing table
}
protocol device {
scan time 60;
}
protocol direct {
interface "venet*", "tun*"; # Restrict network interfaces it works with
}
protocol static static_bgp {
import all;
include "pfxlist.txt";
#include "iplist.txt";
}
protocol bgp OurRouter {
description "Our Router";
neighbor 81.177.103.94 as 64999;
import none;
export where proto = "static_bgp";
local as 64998;
passive off;
multihop;
}
na'ura mai ba da hanya tsakanin hanyoyin sadarwa id - mai gano na'ura mai ba da hanya tsakanin hanyoyin sadarwa, da gani yana kama da adireshin IPv4, amma ba haka bane. A cikin yanayinmu, yana iya zama kowane lamba 32-bit a cikin tsarin adireshin IPv4, amma yana da kyau a saka adireshin IPv4 na na'urar ku (a wannan yanayin, VPS) a can.
ka'idar kai tsaye tana ƙayyade waɗanne musaya za su yi aiki tare da tsarin tuƙi. Misalin yana ba da misalai biyu na sunaye, zaku iya ƙara ƙari. Hakanan zaka iya share layin kawai, a cikin wannan yanayin uwar garken zai saurari duk abubuwan da ke akwai tare da adireshin IPv4.
Static protocol shine sihirinmu wanda ke ɗora lissafin prefixes da adiresoshin ip (waɗanda, ba shakka, / prefixes 32) daga fayiloli don sanarwa daga baya. Inda waɗannan jerin sunayen suka fito za a tattauna a ƙasa. Da fatan za a lura cewa an yi sharhi game da loda adiresoshin ip ta tsohuwa, dalilin hakan shine yawan lodawa. Don kwatanta, a lokacin rubuta labarin, akwai layi na 78 a cikin jerin prefixes, da 85898 a cikin jerin adiresoshin ip. don kunna ip loda a nan gaba bayan gwaji tare da na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Ba kowane ɗayansu ba ne zai iya narkar da shigarwar 85 cikin sauƙi a cikin tebur ɗin tuƙi.
Protocol bgp a zahiri yana kafa bgp peering tare da na'ura mai ba da hanya tsakanin hanyoyin sadarwa. ip-address shine adireshin waje na na'ura mai ba da hanya tsakanin hanyoyin sadarwa (ko adreshin tunnel interface daga gefen na'ura mai ba da hanya tsakanin hanyoyin sadarwa), 64998 da 64999 su ne lambobin tsarin masu zaman kansu. A wannan yanayin, ana iya sanya su ta hanyar kowane lambobi 16-bit, amma yana da kyau a yi amfani da lambobin AS daga kewayon keɓaɓɓen da RFC6996 - 64512-65534 ya ƙunshi (akwai tsarin ASN 32-bit, amma a wajenmu wannan tabbas ya wuce kima). Tsarin da aka kwatanta yana amfani da peering na eBGP, wanda lambobin tsarin masu cin gashin kansu na sabis ɗin tuƙi da na'ura mai ba da hanya tsakanin hanyoyin sadarwa dole ne su bambanta.
Kamar yadda kake gani, sabis ɗin yana buƙatar sanin adireshin IP na na'ura mai ba da hanya tsakanin hanyoyin sadarwa, don haka idan kuna da adreshin mai ƙarfi ko mara amfani (RFC1918) ko adireshi (RFC6598), ba ku da wani zaɓi don haɓaka peering akan keɓancewar waje, amma har yanzu sabis ɗin zai yi aiki a cikin rami.
Hakanan a bayyane yake cewa zaku iya samar da hanyoyin sadarwa daban-daban tare da hanyoyi daga sabis ɗaya - kawai kwafi su ta hanyar kwafi sashin bgp yarjejeniya tare da canza adireshin IP na maƙwabci. Abin da ya sa misalin ya nuna saituna don leƙen asiri a waje da rami a matsayin mafi yawan duniya. Ba shi da wahala a cire su cikin rami ta hanyar canza adiresoshin IP a cikin saitunan daidai.
Gudanar da Rijista don Sabis na Ruga
Yanzu muna buƙatar, a zahiri, don ƙirƙirar jerin prefixes da adiresoshin ip, waɗanda aka ambata a cikin matakin da ya gabata a cikin ƙa'idar yarjejeniya. Don yin wannan, muna ɗaukar fayil ɗin rajista kuma mu sanya fayilolin da muke buƙata daga ciki tare da rubutun mai zuwa, wanda yake a ciki. /tushen/blacklist/makebgp
#!/bin/bash
cut -d";" -f1 /root/z-i/dump.csv| tr '|' 'n' | tr -d ' ' > /root/blacklist/tmpaddr.txt
cat /root/blacklist/tmpaddr.txt | grep / | sed 's_.*_route & reject;_' > /etc/bird/pfxlist.txt
cat /root/blacklist/tmpaddr.txt | sort | uniq | grep -Eo "([0-9]{1,3}[.]){3}[0-9]{1,3}" | sed 's_.*_route &/32 reject;_' > /etc/bird/iplist.txt
/etc/init.d/bird reload
logger 'bgp list compiled'Kar a manta da sanya shi aiwatarwa
chmod +x /root/blacklist/makebgpYanzu zaku iya gudanar da shi da hannu kuma ku lura da bayyanar fayiloli a /etc/bird.
Mafi mahimmanci, a wannan lokacin tsuntsu ba ya aiki a gare ku, saboda a matakin da ya gabata kun ba da shawarar cewa ya nemi fayilolin da ba su wanzu ba tukuna. Don haka, muna ƙaddamar da shi kuma mu sarrafa cewa yana farawa:
systemctl start bird
birdc show routeFitowar umarni na biyu ya kamata ya nuna kusan shigarwar 80 (wannan shine a halin yanzu, kuma lokacin da kuka saita shi, komai zai dogara da himma na ILV don toshe hanyoyin sadarwa) kamar haka:
54.160.0.0/12 unreachable [static_bgp 2018-04-19] * (200)tawagar
birdc show protocolzai nuna matsayin ladabi a cikin sabis ɗin. Har sai kun saita na'ura mai ba da hanya tsakanin hanyoyin sadarwa (duba sakin layi na gaba), ka'idar OurRouter za ta kasance a cikin yanayin farawa (Haɗawa ko Active Phase), kuma bayan haɗin da aka yi nasara, zai shiga cikin yanayin sama (Kafaffen lokaci). Misali, akan tsarina, fitowar wannan umarni yayi kama da haka:
BIRD 1.6.3 ready.
name proto table state since info
kernel1 Kernel master up 2018-04-19
device1 Device master up 2018-04-19
static_bgp Static master up 2018-04-19
direct1 Direct master up 2018-04-19
RXXXXXx1 BGP master up 13:10:22 Established
RXXXXXx2 BGP master up 2018-04-24 Established
RXXXXXx3 BGP master start 2018-04-22 Connect Socket: Connection timed out
RXXXXXx4 BGP master up 2018-04-24 Established
RXXXXXx5 BGP master start 2018-04-24 Passive
Haɗa na'ura mai ba da hanya tsakanin hanyoyin sadarwa
Wataƙila kowa ya riga ya gaji da karanta wannan sawun, amma ku yi hankali - ƙarshen ya kusa. Bugu da ƙari, a cikin wannan sashe ba zan iya ba da umarnin mataki-mataki ba - zai bambanta ga kowane masana'anta.
Koyaya, zan iya nuna muku misalai biyu. Babban ma'ana shine haɓaka peering BGP da haɗa nexthop zuwa duk prefixes da aka karɓa, yana nuna ramin mu (idan kuna buƙatar fitar da zirga-zirga ta hanyar haɗin p2p) ko ip-address na gaba idan zirga-zirgar ta tafi ethernet).
Misali, akan Mikrotik a cikin RouterOS, an warware wannan kamar haka
/routing bgp instance set default as=64999 ignore-as-path-len=yes router-id=172.30.1.2
/routing bgp peer add in-filter=dynamic-in multihop=yes name=VPS remote-address=194.165.22.146 remote-as=64998 ttl=default
/routing filter add action=accept chain=dynamic-in protocol=bgp comment="Set nexthop" set-in-nexthop=172.30.1.1kuma a cikin Cisco IOS - kamar wannan
router bgp 64999
neighbor 194.165.22.146 remote-as 64998
neighbor 194.165.22.146 route-map BGP_NEXT_HOP in
neighbor 194.165.22.146 ebgp-multihop 250
!
route-map BGP_NEXT_HOP permit 10
set ip next-hop 172.30.1.1A yayin da aka yi amfani da rami iri ɗaya don peering BGP da kuma watsa zirga-zirga mai amfani, ba lallai ba ne a saita gaba, za a saita shi daidai ta hanyar yarjejeniya. Amma idan ka saita shi da hannu, shima ba zai yi muni ba.
A kan wasu dandamali, dole ne ku gano tsarin da kanku, amma idan kuna da wasu matsaloli, rubuta a cikin sharhi, zan yi ƙoƙarin taimakawa.
Bayan zaman ku na BGP ya tashi, hanyoyin zuwa manyan cibiyoyin sadarwa sun isa kuma an shigar da su a cikin tebur, zirga-zirga zuwa adiresoshin daga gare su ya tafi kuma farin ciki yana kusa, za ku iya komawa sabis na tsuntsu kuma kuyi ƙoƙarin uncomment shigarwa a can wanda ya haɗa jerin adiresoshin ip, aiwatarwa bayan haka
systemctl reload birdkuma duba yadda na'ura mai ba da hanya tsakanin hanyoyin sadarwa ta canja wurin wadannan hanyoyi dubu 85. Yi shiri don kashe shi kuma kuyi tunanin abin da za ku yi da shi 🙂
Jimlar
A zahiri, bayan aiwatar da matakan da ke sama, kuna da sabis wanda ke tura zirga-zirga ta atomatik zuwa adiresoshin IP da aka dakatar a cikin Tarayyar Rasha ta wuce tsarin tacewa.
Yana iya, ba shakka, za a iya inganta a kan. Misali, yana da sauƙin isa a taƙaita jerin adiresoshin ip ta hanyar perl ko mafita na python. Rubutun perl mai sauƙi yana yin wannan tare da Net ::CIDR :: Lite yana juya prefixes dubu 85 zuwa 60 (ba dubu ba), amma a zahiri yana rufe manyan adiresoshin fiye da yadda aka toshe.
Tunda sabis ɗin yana aiki a matakin na uku na samfurin ISO / OSI, ba zai cece ku daga toshe rukunin yanar gizon / shafi ba idan bai warware adireshin da aka yi rikodin a cikin rajista ba. Amma tare da rajista daga github, fayil ɗin nxdomain.txt ya zo, wanda tare da ƴan bugun jini na rubutun sauƙi ya juya zuwa tushen adireshi, misali, plugin na SwitchyOmega a cikin Chrome.
Hakanan ya kamata a ambaci cewa maganin yana buƙatar ƙarin kaifi idan ba kawai mai amfani da Intanet ba ne, amma kuma buga wasu albarkatu daga kanku (misali, gidan yanar gizo ko sabar saƙon yana gudana akan wannan haɗin). Ta hanyar na'ura mai ba da hanya tsakanin hanyoyin sadarwa, kuna buƙatar ɗaure zirga-zirga mai fita daga wannan sabis ɗin zuwa adireshin jama'a, in ba haka ba za ku rasa haɗin kai tare da waɗannan albarkatun waɗanda jerin prefixes ɗin da na'ura mai ba da hanya tsakanin hanyoyin sadarwa ke rufe su.
Idan kuna da wasu tambayoyi - tambaya, a shirye don amsawa.
UPD. na gode и don zaɓuɓɓuka don git don rage juzu'in zazzagewa.
UPD2. Abokan aiki, da alama na yi kuskure ta hanyar rashin ƙara umarni don kafa rami tsakanin VPS da na'ura mai ba da hanya tsakanin hanyoyin sadarwa zuwa labarin. Tambayoyi da yawa kan haifar da hakan.
Kawai idan, na sake lura - ana ɗauka cewa kafin fara matakai a cikin wannan jagorar, kun riga kun saita rami na VPN a cikin hanyar da kuke buƙata kuma ku bincika aikinta (misali, haɗa zirga-zirgar ababen hawa a can ta tsohuwa ko a tsaye). Idan baku gama wannan matakin ba tukuna, ba lallai bane ku bi matakan labarin. Ba ni da rubutun kaina akan wannan tukuna, amma idan kuna google “OpenVPN saitin uwar garken” tare da sunan tsarin aiki da aka sanya akan VPS, da “OpenVPN saitin abokin ciniki” tare da sunan na'ura mai ba da hanya tsakanin hanyoyin sadarwa, da alama ku zai sami labarai da dama akan wannan batu, gami da kan Habré.
UPD3. ya rubuta lambar da ke sanya fayil ɗin sakamakon tsuntsu daga dump.csv tare da taƙaitaccen adiresoshin IP na zaɓi. Don haka, ana iya maye gurbin sashin "Ma'aikatar Rijista don sabis na kwatance" tare da kira zuwa shirinsa.
UPD4. Ƙananan aiki akan kurakuran (ba su ba da gudummawa a cikin rubutun ba):
1) maimakon systemctl sake loda tsuntsu yana da ma'ana don amfani da umarnin birdc saitin.
2) a cikin Mikrotik na'ura mai ba da hanya tsakanin hanyoyin sadarwa, maimakon canza na gaba-hop zuwa IP na gefen na biyu na rami. /wato tace ƙara mataki = karɓar sarkar = tsari mai ƙarfi-in = bgp sharhi = "Saita nexthop" saita-in-nexthop = 172.30.1.1 yana da ma'ana don ƙayyade hanyar kai tsaye zuwa hanyar tunnel, ba tare da adireshin ba /routing filter add action=accept sarkar=tsari-in yarjejeniya = bgp sharhi = "Saita nexthop" set-in-nexthop-direct = <interface name>
UPD5. Wani sabon sabis ya iso , daga inda zaku iya ɗaukar jerin shirye-shiryen adiresoshin ip. Ana sabunta kowane rabin sa'a. A gefen abokin ciniki, duk abin da ya rage shine a tsara shigarwar tare da madaidaicin "hanyar ... ƙi".
Kuma tabbas hakan ya isa in shag kakata da sabunta labarin.
UPD6. Bita na labarin ga waɗanda ba sa son fahimta, amma suna son farawa - .
source: www.habr.com