ProHoster > Blog > Utongi > Kumisikidza BGP kunzvenga kuvharira, kana "Maitiro andakaita kutya ndikadanana naRKN"

Kumisikidza BGP kunzvenga kuvharira, kana "Maitiro andakaita kutya ndikadanana naRKN"

Zvakanaka, zvakanaka, nezve "kudiwa" iko kuwedzeredza. Asi, “akakwanisa kugarisana naye.”

Sezvamunongoziva mese, kubvira Kubvumbi 16, 2018, Roskomnadzor yanga ichivharira kuwanikwa kwezviwanikwa paInternet mukurova kwakanyanya, ichiwedzera ku "Unified Rejista yemazita emazita, mapeji indexes emasaiti paInternet uye netiweki kero inobvumira kuzivisa nzvimbo. paInternet,” ine ruzivo rwakarambidzwa kuparadzirwa muRussian Federation” (mune chinyorwa - rejista chete) na/10 dzimwe nguva. Nekuda kweizvozvo, vagari veRussian Federation uye mabhizinesi vari kutambura, varasikirwa nekuwana kune zvachose zviwanikwa zvepamutemo zvavanoda.

Mushure mekunge ndataura mumashoko kune chimwe chezvinyorwa pamusoro peHabré kuti ndakanga ndakagadzirira kubatsira vakakuvadzwa nekugadzira chirongwa chekunzvenga, vanhu vakati wandei vakauya kwandiri vachikumbira rubatsiro rwakadaro. Kana zvese zvashanda kwavari, mumwe wavo akakurudzira kutsanangura hunyanzvi mune chimwe chinyorwa. Mushure meimwe pfungwa, ndakasarudza kuputsa kunyarara kwangu pane saiti uye kuyedza kamwe chete kunyora chimwe chinhu chepakati pakati peprojekiti uye Facebook post, i.e. habrapost. Mhedzisiro iri pamberi pako.

Disclaimer

Sezvo zvisiri pamutemo kushambadza nzira dzekupfuura nekuvharira kuvharira ruzivo rwakarambidzwa munharaunda yeRussian Federation, chinangwa chechinyorwa chino chichava chekutaura nezve nzira inobvumidza iwe kuti uite otomatiki kuwana zviwanikwa zvinotenderwa pa nharaunda yeRussian Federation, asi nekuda kwezviito zveumwe munhu hazviwanikwe zvakananga kuburikidza nemupi wako. Uye kuwana kune zvimwe zviwanikwa zvakawanikwa semhedzisiro yezviito kubva kuchinyorwa chinhu chinosiririsa uye hachisi chinangwa chechinyorwa.

Zvakare, sezvo ini ndiri kunyanya mugadziri wetiweki nebasa, basa uye nzira yehupenyu, hurongwa uye Linux haisi yangu mapoinzi akasimba. Naizvozvo, hongu, zvinyorwa zvinogona kunyorwa zviri nani, nyaya dzekuchengetedza muVPS dzinogona kushandirwa zvakadzama, nezvimwe. Mazano ako achagamuchirwa nekutenda, kana akatsanangurwa zvakakwana - ndichafara kuvawedzera kune chinyorwa chechinyorwa.

TL; DR

Isu tinogadzirisa kuwana zviwanikwa kuburikidza nemugero wako uripo uchishandisa kopi yeregistry uye BGP protocol. Chinangwa ndechekubvisa traffic yese yakanangidzirwa kune zvakavharika zviwanikwa mugero. Tsananguro shoma, kazhinji nhanho-ne-nhanho mirairo.

Chii chaunoda kune izvi?

Nehurombo, iyi post haisi yemunhu wese. Kuti ushandise tekinoroji iyi, iwe uchafanirwa kuisa akati wandei zvinhu pamwechete:

  1. Iwe unofanirwa kuve uine linux server kumwe kunhu kunze kwenzvimbo yekuvhara. Kana kuti chishuwo chekuva nesevha yakadaro - nerufaro ikozvino inodhura kubva ku $ 9 / gore, uye pamwe zvishoma. Iyo nzira zvakare yakakodzera kana iwe uine yakaparadzana VPN mugero, ipapo sevha inogona kuwanikwa mukati mevhavha yemunda.
  2. Router yako inofanirwa kuve yakangwara zvakakwana kuti ugone
    • chero VPN mutengi waunoda (Ndinoda OpenVPN, asi inogona kunge iri PPTP, L2TP, GRE + IPSec kana chero imwe sarudzo inogadzira tunnel interface);
    • BGPv4 protocol. Zvinoreva kuti kune SOHO inogona kunge iri Mikrotik kana chero router ine OpenWRT/LEDE/yakafanana tsika firmware inobvumidza iwe kuisa Quagga kana Shiri. Kushandisa PC router haina kurambidzwa zvakare. Kana iri bhizinesi, tsvaga rutsigiro rweBGP mune zvinyorwa zvebhodha router yako.
  3. Iwe unofanirwa kuve nekunzwisisa kweLinux kushandiswa uye networking matekinoroji, kusanganisira iyo BGP protocol. Kana kuti ndoda kuwana pfungwa yakadaro. Sezvo ini ndisati ndagadzirira kugamuchira ukuru panguva ino, iwe uchafanirwa kudzidza zvimwe zvinhu zvisinganzwisisike kwauri iwe pachako. Nekudaro, ini, hongu, ndichapindura mibvunzo yakananga mumhinduro uye ini handingave ini ndoga ndinopindura, saka usazeza kubvunza.

Chii chinoshandiswa mumuenzaniso

  • Ikopi yerejista - kubva https://github.com/zapret-info/z-i 
  • VPS - Ubuntu 16.04
  • Basa rekufambisa - shiri 1.6.3   
  • Router - Mikrotik hAP ac
  • Kushanda maforodha - sezvo isu tiri kushanda semudzi, zvizhinji zvezvose zvichave zviri mumudziyo weimba folda. Zvichienderana:
    • / mudzi / blacklist - kushanda folda ine script yekubatanidza
    • /mudzi/zi - kopi yeregistry kubva github
    • /etc/shiri - yakajairwa folda yezvirongwa zvesevhisi yeshiri
  • Iyo yekunze IP kero yeVPS ine routing server uye tunnel yekumisa nzvimbo ndeye 194.165.22.146, ASN 64998; kunze IP kero ye router - 81.177.103.94, ASN 64999
  • Iyo IP kero mukati memugero ndeye 172.30.1.1 uye 172.30.1.2, zvichiteerana.

Kumisikidza BGP kunzvenga kuvharira, kana "Maitiro andakaita kutya ndikadanana naRKN"

Ehe, iwe unogona kushandisa chero mamwe ma routers, anoshanda masisitimu uye zvigadzirwa zvesoftware, kugadzirisa mhinduro kune yavo logic.

Muchidimbu - pfungwa yemhinduro

  1. Zviito zvekugadzirira
    1. Kuwana VPS
    2. Kusimudza mugero kubva kune router kuenda kuVPS
  2. Isu tinogashira uye tinogara tichivandudza kopi yeregistry
  3. Kuisa uye kugadzirisa routing sevhisi
  4. Isu tinogadzira runyorwa rwema static nzira dzeiyo routing sevhisi zvichibva pane registry
  5. Isu tinobatanidza router kune sevhisi uye gadzirisa kutumira yese traffic kuburikidza netunnel.

Mhinduro chaiyo

Zviito zvekugadzirira

Kune akawanda masevhisi paInternet anopa VPS pamitengo inonzwisisika. Kusvika ikozvino ndawana uye ndiri kushandisa sarudzo ye $ 9 / gore, asi kunyange kana iwe usingatambudzi zvakanyanya, pane zvakawanda zvingasarudzwa zve 1E / mwedzi pamakona ose. Mubvunzo wekusarudza VPS unoramba uchipfuura chikamu chechinyorwa ichi, saka kana mumwe munhu asinganzwisisi chimwe chinhu pamusoro peizvi, bvunza mumashoko.

Kana iwe ukashandisa VPS kwete yebasa rekufambisa chete, asiwo kumisa mugero pairi, unofanirwa kusimudza mugero uyu uye, senge chokwadi, gadzirisa NAT yayo. Pane nhamba huru yemirairo pane izvi zviito paInternet, ini handisi kuzozvidzokorora pano. Chinodiwa chikuru chemugero wakadaro ndechekuti inofanirwa kugadzira yakasarudzika interface pane yako router inotsigira mugero wakananga kuVPS. Mazhinji anoshandiswa VPN matekinoroji anosangana nezvinodiwa izvi - semuenzaniso, OpenVPN mu tun modhi yakakwana.

Kuwana kopi registry

Sezvakataurwa naJabrail, "Anotidzivisa achatibatsira." Sezvo RKN iri kugadzira rejista yezviwanikwa zvinorambidzwa, chingave chitadzo kusashandisa rejista iyi kugadzirisa dambudziko redu. Isu tichagamuchira kopi yeregistry kubva kugithub.

Isu tinoenda kune yako Linux server, inowira mumudziyo mamiriro (sudo su -) uye isa git kana isati yatoiswa.

apt install git

Enda kune yako dhairekitori repamba uye buritsa kopi yeregistry.

cd ~ && git clone --depth=1 https://github.com/zapret-info/z-i 

Isu tinogadzira cron update (Ndinozviita kamwe chete maminetsi e20, asi iwe unogona kusarudza chero nguva yaunofarira iwe). Kuti tiite izvi tinotanga crontab -e uye wedzera mutsara unotevera kwairi:

*/20 * * * * cd ~/z-i && git pull && git gc

Isu tinobatanidza hoko ichagadzira mafaira ebasa rekufambisa mushure mekugadzirisa registry. Kuti uite izvi, gadzira faira /root/zi/.git/hooks/post-merge nezvinotevera zvirimo:

#!/usr/bin/env bash
changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
check_run() {
    echo "$changed_files" | grep --quiet "$1" && eval "$2"
}
check_run dump.csv "/root/blacklist/makebgp"

uye usakanganwa kuita kuti iite

chmod +x /root/z-i/.git/hooks/post-merge

Isu tichagadzira iyo makebgp script iyo hoko inoreva zvishoma gare gare.

Kuisa uye kugadzirisa routing sevhisi

Isa shiri. Nehurombo, iyo vhezheni yeshiri yakatumirwa ikozvino muBuntu repositories inofananidzwa mukutsva kune Archeopteryx tsvina, saka isu tinofanirwa kutanga tawedzera iyo yepamutemo PPA yevagadziri vesoftware kuhurongwa.

add-apt-repository ppa:cz.nic-labs/bird
apt update
apt install bird

Mushure meizvi, isu tinobva tadzima shiri yeIPv6 - isu hatizoide mukuiswa uku.

systemctl stop bird6
systemctl disable bird6

Pazasi pane minimalistic shiri sevhisi yekumisikidza faira (/etc/bird/bird.conf), izvo zvakatikwanira isu (uye ini ndinokuyeuchidza zvakare kuti hapana anorambidza kugadzira nekugadzirisa zano kuti rienderane nezvido zvako)

log syslog all;
router id 172.30.1.1;

protocol kernel {
        scan time 60;
        import none;
#       export all;   # Actually insert routes into the kernel routing table
}

protocol device {
        scan time 60;
}

protocol direct {
        interface "venet*", "tun*"; # Restrict network interfaces it works with
}

protocol static static_bgp {
        import all;
        include "pfxlist.txt";
        #include "iplist.txt";
}

protocol bgp OurRouter {
        description "Our Router";
        neighbor 81.177.103.94 as 64999;
        import none;
        export where proto = "static_bgp";
        local as 64998;
        passive off;
        multihop;
}

router id - router identifier, iyo inotaridzika inoita seye IPv4 kero, asi isiri imwe. Kwatiri, inogona kuva chero nhamba ye32-bit mu IPv4 kero format, asi yakanaka fomu kuratidza chaiyo IPv4 kero yemudziyo wako (munyaya iyi, VPS).

protocol yakananga inotsanangura kuti ndeapi mainterfaces achashanda nemaitiro ekufambisa. Muenzaniso unopa akati wandei emuenzaniso mazita, unogona kuwedzera mamwe. Iwe unogona kungodzima mutsara; mune iyi kesi, sevha inoteerera kune ese aripo interfaces ine IPv4 kero.

protocol static ndiyo mashiripiti edu anoremedza zvinyorwa zve prefixes uye IP kero (izvo chaizvo / 32 prefixes, hongu) kubva kumafaira echiziviso chinotevera. Mazita aya anobva kupi achakurukurwa pasi apa. Ndokumbira utarise kuti kurodha IP kero kunotsanangurwa kunze nekusarudzika, chikonzero cheichi ihombe huru yekurodha. Kuenzanisa, panguva yekunyora, pane mitsara makumi manomwe nesere mune rondedzero ye prefixes, uye 78 mune rondedzero ye IP kero. Ini ndinokurudzira zvakasimba kutanga nekugadzirisa chete pane rondedzero ye prefixes, uye kana kana kwete kugonesa IP kurodha mukati. ramangwana riri kwauri kuti usarudze mushure mekuyedza router yako. Haasi imwe neimwe yadzo inogona nyore kugaya zviuru makumi masere neshanu ekupinda mutafura yekufambisa.

protocol bgp, chokwadi, inomisa bgp kutarisisa nerouter yako. Iyo IP kero ndiyo kero yekunze interface yeiyo router (kana kero yeiyo tunnel interface padivi re router), 64998 uye 64999 ndidzo nhamba dzeautonomous system. Muchiitiko ichi, vanogona kugoverwa muchimiro chemhando ipi neipi yegumi nematanhatu, asi itsika yakanaka kushandisa AS manhamba kubva kune yakavanzika renji inotsanangurwa neRFC16 - 6996-64512 inosanganisirwa (kune fomati ye65534-bit ASNs, asi kwatiri izvi zvakanyanyisa kuwanda). Iyo yakatsanangurwa dhizaini inoshandisa eBGP peering, umo nhamba dzeautonomous masisitimu eiyo routing sevhisi uye router inofanira kunge yakasiyana.

Sezvauri kuona, sevhisi inoda kuziva iyo IP kero yerouter, saka kana iwe uine inoshanduka kana isingaite yakavanzika (RFC1918) kana yakagovaniswa (RFC6598) kero, hauna sarudzo yekusimudza kutarisa kune yekunze. interface, asi sevhisi ichiri kushanda mukati memugero.

Izvo zvakare zvakajeka kuti kubva kune imwe sevhisi unogona kupa nzira kune akati wandei ma routers - ingo dzokorora marongero avo nekukopa iyo protocol bgp chikamu uye nekuchinja IP kero yemuvakidzani. Ndokusaka muenzaniso unoratidza marongero ekutarisa kunze kwemugero, seyakanyanya pasirese. Zviri nyore kuvabvisa mumugero nekushandura IP kero muzvirongwa zvinoenderana.

Kugadzirisa registry yebasa rekufambisa

Iye zvino tinoda, chaizvoizvo, kugadzira zvinyorwa zve prefixes uye IP kero, idzo dzakataurwa muprotocol static padanho rakapfuura. Kuti tiite izvi, tinotora registry faira uye tinoita mafaira atinoda kubva mairi tichishandisa script inotevera, yakaiswa mukati /root/blacklist/makebgp

#!/bin/bash
cut -d";" -f1 /root/z-i/dump.csv| tr '|' 'n' |  tr -d ' ' > /root/blacklist/tmpaddr.txt
cat /root/blacklist/tmpaddr.txt | grep / | sed 's_.*_route & reject;_' > /etc/bird/pfxlist.txt
cat /root/blacklist/tmpaddr.txt | sort | uniq | grep -Eo "([0-9]{1,3}[.]){3}[0-9]{1,3}" | sed 's_.*_route &/32 reject;_' > /etc/bird/iplist.txt
/etc/init.d/bird reload
logger 'bgp list compiled'

Usakanganwa kuita kuti iite executable

chmod +x /root/blacklist/makebgp

Iye zvino unogona kuimhanyisa nemaoko uye kuona kutaridzika kwemafaira mukati /etc/bird.

Zvingangodaro, shiri haisi kukushandira iwe panguva ino, nokuti pane imwe nhanho yawakakumbira kuti itarise mafaira akanga asati aripo. Naizvozvo, tinoivhura uye tarisa kuti yatanga:

systemctl start bird
birdc show route

Kubuda kwemurairo wechipiri kunofanira kuratidza anenge makumi masere marekodhi (izvi ndezvezvino, asi kana wazvimisa, zvese zvinoenderana nekushingaira kweRKN mukuvharira network) chimwe chinhu chakadai:

54.160.0.0/12      unreachable [static_bgp 2018-04-19] * (200)

chikwata

birdc show protocol

icharatidza mamiriro emaprotocol mukati mesevhisi. Kusvikira iwe wagadzirisa router (ona iyo inotevera pfungwa), iyo YeduRouter protocol ichave iri mukutanga mamiriro (Batanidza kana Active chikamu), uye mushure mekubatana kwakabudirira ichaenda kune iyo kumusoro state (Yakasimbiswa chikamu). Semuenzaniso, pane yangu system kubuda kwemurairo uyu kunoratidzika seizvi:

BIRD 1.6.3 ready.
name     proto    table    state  since       info
kernel1  Kernel   master   up     2018-04-19
device1  Device   master   up     2018-04-19
static_bgp Static   master   up     2018-04-19
direct1  Direct   master   up     2018-04-19
RXXXXXx1 BGP      master   up     13:10:22    Established
RXXXXXx2 BGP      master   up     2018-04-24  Established
RXXXXXx3 BGP      master   start  2018-04-22  Connect       Socket: Connection timed out
RXXXXXx4 BGP      master   up     2018-04-24  Established
RXXXXXx5 BGP      master   start  2018-04-24  Passive

Kubatanidza router

Wese munhu angangove aneta nekuverenga jira retsoka iri, asi shinga - magumo ave pedyo. Uyezve, muchikamu chino ini handizokwanisi kupa nhanho-nhanho mirairo - ichave yakasiyana kune umwe neumwe mugadziri.

Zvisinei, ndinogona kukuratidza mienzaniso miviri. Pfungwa huru ndeyekusimudza BGP yekutarisa uye kugovera nexthop kune ese akagashirwa prefixes, achinongedza mugero wedu (kana tichida kutumira traffic kuburikidza ne p2p interface) kana iyo nexthop IP kero kana traffic ichienda kuethernet).

Semuenzaniso, paMikrotik muRouterOS izvi zvinogadziriswa sezvinotevera

/routing bgp instance set default as=64999 ignore-as-path-len=yes router-id=172.30.1.2
/routing bgp peer add in-filter=dynamic-in multihop=yes name=VPS remote-address=194.165.22.146 remote-as=64998 ttl=default
/routing filter add action=accept chain=dynamic-in protocol=bgp comment="Set nexthop" set-in-nexthop=172.30.1.1

uye muCisco IOS - seizvi

router bgp 64999
  neighbor 194.165.22.146 remote-as 64998
  neighbor 194.165.22.146 route-map BGP_NEXT_HOP in
  neighbor 194.165.22.146 ebgp-multihop 250
!
route-map BGP_NEXT_HOP permit 10
  set ip next-hop 172.30.1.1

Kana mugero mumwechete uchishandiswa zvese kuBGP kutarisisa uye kufambisa traffic inobatsira, hazvifanirwe kuseta nexthop; ichaiswa nemazvo uchishandisa protocol. Asi kana iwe ukaiisa nemaoko, haizoiti kuti iwedzere kana.

Pane mamwe mapuratifomu, iwe uchafanirwa kuona iyo gadziriso iwe pachako, asi kana uine chero matambudziko, nyora mune zvakataurwa, ini ndichaedza kubatsira.

Mushure mekunge chikamu chako cheBGP chatanga, nzira dzekuenda kunetiweki dzakakura dzasvika uye dzakaiswa mutafura, traffic yakayerera kuenda kumakero kubva kwavari uye mufaro uri pedyo, unogona kudzokera kubasa reshiri uye edza kusunungura kupinda uko kunobatanidza iyo. rondedzero yeIP kero, ita mushure meizvozvo

systemctl reload bird

uye ona kuti router yako yakatamisa sei idzi 85 zviuru nzira. Gadzirira kusunungura uye funga nezve zvekuita nazvo :)

Total

Zvichinyatso dzidziso, mushure mekupedza matanho atsanangurwa pamusoro, ikozvino wave nesevhisi inodzosa otomatiki traffic kune IP kero yakarambidzwa muRussian Federation yapfuura iyo yekusefa system.

Inogona, hongu, kuvandudzwa. Semuenzaniso, zviri nyore kupfupisa rondedzero ye IP kero uchishandisa perl kana python mhinduro. Manyorero akareruka ePerl achiita izvi uchishandisa Net ::CIDR::Lite inoshandura zviuru makumi masere neshanu zvezvirevo zvekutanga kuita makumi matanhatu (kwete chiuru), asi, chokwadi, inovhara huwandu hwakakura hwekero pane yakavharwa.

Sezvo sevhisi ichishanda padanho rechitatu reiyo ISO/OSI modhi, haizokuponese kubva pakuvhara saiti/peji kana ikagadzirisa kukero isiriyo sezvakanyorwa murejista. Asi pamwe chete neregistry, faira nxdomain.txt inosvika kubva kugithub, iyo ine zvishoma zvishoma zve script inoshanduka kuva chitubu chekero, semuenzaniso, SwitchyOmega plugin muChrome.

Izvo zvinodiwawo kutaura kuti mhinduro inoda kumwe kunatsiridzwa kana usiri mushandisi weInternet, asi zvakare buritsa zvimwe zviwanikwa uri wega (semuenzaniso, webhusaiti kana mail server inomhanya pane iyi kubatana). Uchishandisa nzira dzeiyo router, zvinodikanwa kuti unyatso kusunga traffic inobuda kubva kune ino sevhisi kuenda kukero yako yeruzhinji, zvikasadaro iwe unorasikirwa nekubatana neizvo zviwanikwa zvakafukidzwa nerondedzero ye prefixes inogamuchirwa nerouter.

Kana uine chero mibvunzo, bvunza, ndakagadzirira kupindura.

UPD. Ndatenda navion и TerAnYu kune ma parameter egit anobvumira kudzikisa mavhoriyamu ekurodha.

UPD2. Shamwari, zvinoita sekunge ndakanganisa nekusawedzera mirairo yekumisikidza mugero pakati peVPS nerouter kuchinyorwa. Mibvunzo yakawanda inomutswa neizvi.
Zvingoitika, ini ndichacherechedza zvakare kuti usati watanga gwara iri, iwe watogadzira VPN mugero munzira yaunoda uye nekutarisa mashandiro ayo (semuenzaniso, nekushandura traffic ipapo nekusarudzika kana statically). Kana usati wapedza chikamu ichi parizvino, hazvina musoro kuti uteedzere matanho ari muchinyorwa. Ini handisati ndave neyangu chinyorwa pane izvi parizvino, asi kana iwe uchi google "kumisikidza OpenVPN server" pamwe chete nezita reiyo inoshanda sisitimu yakaiswa paVPS, uye "kumisikidza OpenVPN mutengi" ine zita re router yako. , ungangowana akati wandei ezvinyorwa nezvenyaya iyi, kusanganisira paHabré.

UPD3. Kusazvipira Ndakanyora kodhi inoshandura dump.csv kuita faira inobuda yeshiri ine sarudzo pfupiso yemakero eIP. Naizvozvo, chikamu "Kugadzirisa registry yebasa rekufambisa" chinogona kutsiviwa nekudaidza chirongwa chayo. https://habr.com/post/354282/#comment_10782712

UPD4. Basa diki pane zvikanganiso (handina kuvawedzera kune chinyorwa):
1) panzvimbo systemctl reload shiri zvine musoro kushandisa murairo birdc gadzirisa.
2) muMikrotik router, panzvimbo yekushandura inotevera hop kuIP yerutivi rwechipiri rwemugero. / routing sefa wedzera chiito= gamuchira cheni=dynamic-in protocol=bgp comment=»Set nexthop» set-in-nexthop=172.30.1.1 zvine musoro kutsanangura nzira yakananga kune tunnel interface, pasina kero / routing sefa wedzera chiito= gamuchira cheni = dynamic-in protocol=bgp comment=»Set nexthop» set-in-nexthop-direct=<interface name>

UPD5. Sevhisi itsva yaonekwa https://antifilter.download, kubva kwaunogona kutora akagadzirira-akagadzirwa mazita ema IP kero. Yakagadziridzwa hafu yeawa yega yega. Padivi remutengi, chinosara ndechekugadzira zvinyorwa ne "nzira ... kuramba".
Uye panguva ino, zvichida, zvakakwana kukwenya mbuya vako uye kugadzirisa chinyorwa.

UPD6. Iyo yakadzokororwa vhezheni yechinyorwa kune avo vasingade kuifungidzira, asi vanoda kutanga - pano.

Source: www.habr.com

Voeg