ProHoster > Блог > Ukuphatha > Ukuvumelanisa isikhathi kuvikeleke kanjani

Ukuvumelanisa isikhathi kuvikeleke kanjani

Ukuvumelanisa isikhathi kuvikeleke kanjani
Ungaqiniseka kanjani ukuthi isikhathi ngasinye asiqambi amanga uma unamadivayisi amakhulu namancane ayisigidi axhumana nge-TCP/IP? Phela, ngamunye wabo unewashi, futhi isikhathi kufanele siqonde kubo bonke. Le nkinga ayikwazi ukugwenywa ngaphandle kwe-ntp.

Ake sicabange ngomzuzu ukuthi engxenyeni eyodwa yengqalasizinda ye-IT yezimboni kukhona ubunzima ngezinsizakalo zokuvumelanisa ngokuhamba kwesikhathi. Ngokushesha isitaki se-cluster sesofthiwe ye-Enterprise siqala ukwehluleka, izizinda ziyahlakazeka, izingcweti kanye namanodi abekwe eceleni alwela ngempumelelo ukubuyisela isimo esikhona.

Kungenzeka futhi ukuthi umhlaseli azame ngamabomu ukuphazamisa isikhathi ngokuhlaselwa kwe-MiTM noma i-DDOS. Esimweni esinjalo, noma yini ingenzeka:

  • Amaphasiwedi e-akhawunti yomsebenzisi azophelelwa yisikhathi;
  • Izitifiketi ze-X.509 zizophelelwa yisikhathi;
  • Ukuqinisekiswa kwezinto ezimbili kwe-TOTP kuzoyeka ukusebenza;
  • izipele zizophelelwa yisikhathi futhi isistimu izozisusa;
  • I-DNSSec izophuka.

Kuyacaca ukuthi wonke umnyango we-IT unesithakazelo ekusebenzeni okuthembekile kwezinsizakalo zokuvumelanisa isikhathi, futhi kungaba kuhle uma zithembekile futhi ziphephile ekusebenzeni kwezimboni.

Phula i-NTP ngemizuzu engama-25

Amaphrothokholi enethiwekhi - izinkulungwane zeminyaka zinezinto ezihlukile, bezilokhu zikhona isiphelelwe yisikhathi futhi azisalungeli lutho, kodwa ukuzishintsha akulula kangako ngisho nalapho isixuku esibucayi sabashisekeli nokuxhaswa ngezimali kunqwabelana.

Isikhalazo esikhulu mayelana ne-NTP yakudala ukuntuleka kwezindlela ezithembekile zokuvikela ekuhlaselweni ngabahlaseli. Kuye kwenziwa imizamo eyahlukene yokuxazulula le nkinga. Ukuze sifinyelele lokhu, siqale sasebenzisa indlela yokhiye owabiwe ngaphambilini (PSK) wokushintshanisa okhiye be-symmetric.

Ngeshwa, le ndlela ayizange ikhokhe ngesizathu esilula - ayilingani kahle. Ukucushwa okwenziwa ngesandla kuyadingeka ngasohlangothini lweklayenti kuye ngeseva. Lokhu kusho ukuthi awukwazi ukwengeza elinye iklayenti kanjalo nje. Uma okuthile kushintsha kuseva ye-NTP, wonke amaklayenti kufanele amiswe kabusha.

Bese beqhamuka ne-AutoKey, kodwa ngokushesha bathola ubungozi obukhulu ekwakhiweni kwe-algorithm ngokwayo futhi kwadingeka bayishiye. Into ewukuthi imbewu iqukethe ama-bits angu-32 kuphela, incane kakhulu futhi ayiqukethe inkimbinkimbi eyanele yokubala yokuhlasela okungaphambili.

  • I-ID engukhiye - ukhiye we-symmetric 32-bit;
  • I-MAC (ikhodi yokuqinisekisa umlayezo) - isheke lephakethe le-NTP;

I-Autokey ibalwa kanje.

Autokey=H(Sender-IP||Receiver-IP||KeyID||Cookie)

Lapho u-H() kuwumsebenzi we-cryptographic hash.

Umsebenzi ofanayo usetshenziselwa ukubala isheke lamaphakethe.

MAC=H(Autokey||NTP packet)

Kuvele ukuthi bonke ubuqotho bokuhlolwa kwephakheji kuncike ebufakazini bamakhukhi. Uma usunazo, ungabuyisela i-autokey bese u-spoof i-MAC. Nokho, iseva ye-NTP isebenzisa imbewu lapho iwakhiqiza. Yilapho okubanjwe khona.

Cookie=MSB_32(H(Client IP||Server IP||0||Server Seed))

Umsebenzi we-MSB_32 usika amabhithi abaluleke kakhulu angu-5 kumphumela wokubala we-md32 hashi. Ikhukhi yeklayenti ayishintshi inqobo nje uma izinhlaka zeseva zihlala zingashintshile. Bese umhlaseli angakwazi kuphela ukubuyisela inombolo yokuqala futhi akwazi ukukhiqiza amakhukhi ngokuzimela.

Okokuqala, udinga ukuxhuma kuseva ye-NTP njengeklayenti futhi uthole amakhukhi. Ngemva kwalokhu, esebenzisa indlela ye-brute force, umhlaseli ubuyisela inombolo yokuqala elandela i-algorithm elula.

I-algorithm yokuhlasela isibalo senombolo yokuqala kusetshenziswa indlela ye-brute-force.

   for i=0:2^32 − 1 do
        Ci=H(Server-IP||Client-IP||0||i)
        if Ci=Cookie then
            return i
        end if 
    end for

Amakheli e-IP ayaziwa, ngakho-ke okusele wukudala ama-hash angu-2^32 kuze kube ikhukhi elidaliwe lifana nalelo elitholwe kuseva ye-NTP. Esiteshini sasekhaya esijwayelekile esine-Intel Core i5, lokhu kuzothatha imizuzu engama-25.

I-NTS - i-Autokey entsha

Kwakungenakwenzeka ukubekezelela izimbobo ezinjalo zokuphepha ku-Autokey, futhi ngo-2012 kwavela inguqulo entsha Iphrothokholi. Ukuze bafake engcupheni igama, banqume ukuqamba kabusha, ngakho-ke i-Autokey v.2 yabizwa ngokuthi i-Network Time Security.

Iphrothokholi ye-NTS iyisandiso sokuphepha kwe-NTP futhi okwamanje isekela imodi ye-unicast kuphela. Ihlinzeka ngokuvikeleka okuqinile kwe-cryptographic ngokumelene nokukhwabanisa kwephakethe, ivimbela ukusnooping, isikali kahle, iyakwazi ukumelana nokulahlekelwa kwephakethe lenethiwekhi, futhi iholela enanini elincane lokulahlekelwa ukunemba okutholwe ngesikhathi sokuphepha kokuxhumeka.

Uxhumano lwe-NTS luqukethe izigaba ezimbili ezisebenzisa amaphrothokholi esendlalelo esiphansi. Vuliwe kuqala Kulesi sigaba, iklayenti neseva bayavumelana ngemingcele ehlukahlukene yokuxhumana futhi bashintshanisa amakhukhi aqukethe okhiye nawo wonke amasethi edatha ahambisanayo. Vuliwe okwesibili Kulesi sigaba, iseshini ye-NTS evikelekile yenzeka phakathi kweklayenti neseva ye-NTP.

Ukuvumelanisa isikhathi kuvikeleke kanjani

I-NTS iqukethe amaphrothokholi amabili anesendlalelo esiphansi: I-Network Time Security Key Exchange (NTS-KE), eqalisa uxhumano oluvikelekile nge-TLS, kanye ne-NTPv4, ukwenziwa komuntu kwakamuva kwephrothokholi ye-NTP. Okuncane mayelana nalokhu ngezansi.

Isigaba sokuqala - NTS KE

Kulesi sigaba, iklayenti le-NTP liqala iseshini ye-TLS 1.2/1.3 ngoxhumano oluhlukile lwe-TCP neseva ye-NTS KE. Ngalesi sikhathi okulandelayo kwenzeka.

  • Amaqembu anquma amapharamitha I-AEAD i-algorithm yesigaba sesibili.
  • Izinhlangothi zichaza iphrothokholi yesendlalelo esiphansi sesibili, kodwa okwamanje kusekelwa i-NTPv4 kuphela.
  • Izinhlangothi zinquma ikheli le-IP kanye nembobo yeseva ye-NTP.
  • Iseva ye-NTS KE ikhipha amakhukhi ngaphansi kwe-NTPv4.
  • Izinhlangothi zikhipha ipheya yokhiye be-symmetric (i-C2S ne-S2C) kusuka kokubalulekile kwekhukhi.

Le ndlela inenzuzo enkulu yokuthi wonke umthwalo wokudlulisa ulwazi oluyimfihlo mayelana nemingcele yokuxhuma uwela kuphrothokholi ye-TLS efakazelwe nethembekile. Lokhu kuqeda isidingo sokusungula kabusha isondo lakho ukuze uthole ukuxhawulana kwe-NTP okuphephile.

Isigaba sesibili - i-NTP ngaphansi kokuvikelwa kwe-NTS

Esinyathelweni sesibili, iklayenti livumelanisa ngokuphephile isikhathi neseva ye-NTP. Ngale njongo, idlulisela izandiso ezine ezikhethekile (izinkambu zesandiso) kusakhiwo sephakethe le-NTPv4.

  • Isandiso Sesikhombi Esihlukile siqukethe i-nonce engahleliwe yokuvimbela ukuhlaselwa kokudlala futhi.
  • I-NTS Cookie Extension iqukethe eyodwa yamakhukhi e-NTP atholakalayo kuklayenti. Njengoba iklayenti kuphela elinokhiye be-AAED C2S no-S2C abalinganayo, iseva ye-NTP kufanele ibakhiphe kokubalulekile kwekhukhi.
  • Isandiso sesimeli se-NTS Cookie siyindlela yokuthi iklayenti licele amakhukhi engeziwe kuseva. Lesi sandiso siyadingeka ukuze kuqinisekiswe ukuthi impendulo yeseva ye-NTP ayinde kakhulu kunesicelo. Lokhu kusiza ukuvimbela ukuhlaselwa kokukhulisa.
  • I-NTS Authenticator kanye Nesandiso Sezinkundla Zesandiso Esibethelwe siqukethe i-AAED cipher enokhiye we-C2S, unhlokweni we-NTP, izitembu zesikhathi, kanye ne-EF engenhla njengedatha ehambisanayo. Ngaphandle kwalesi sandiso kungenzeka ukukhohlisa izitembu zesikhathi.

Ukuvumelanisa isikhathi kuvikeleke kanjani

Lapho ithola isicelo esivela kuklayenti, iseva iqinisekisa ubuqiniso bephakethe le-NTP. Ukuze enze lokhu, kufanele asuse ukubhala amakhukhi, akhiphe i-algorithm ye-AAED nokhiye. Ngemva kokuhlola ngempumelelo iphakethe le-NTP ukuthi liyasebenza yini, iseva iphendula iklayenti ngendlela elandelayo.

  • Isandiso Sesihlonzi Esiyingqayizivele ikhophi yesibuko yesicelo seklayenti, isilinganiso esimelene nokuhlaselwa kokudlala futhi.
  • I-NTS Cookie Extension amakhukhi amaningi ukuze uqhubeke neseshini.
  • I-NTS Authenticator kanye Nesandiso Sezinkundla Zesandiso Esibethelwe siqukethe i-cipher ye-AEAD enokhiye we-S2C.

Ukuxhawula kwesibili kungaphindwa izikhathi eziningi, kweqe isinyathelo sokuqala, njengoba isicelo ngasinye nempendulo kunikeza iklayenti amakhukhi engeziwe. Lokhu kunenzuzo yokuthi imisebenzi ye-TLS edinga izinsiza kakhulu yokwenza ikhompuyutha kanye nokudlulisa idatha ye-PKI ihlukaniswa ngenani lezicelo eziphindaphindiwe. Lokhu kulungele ikakhulukazi abagcini besikhathi be-FPGA abakhethekile, lapho konke ukusebenza okuyinhloko kungapakishwa kube imisebenzi eminingana kusuka emkhakheni we-cryptography elinganayo, kudluliselwe sonke isitaki se-TLS kwenye idivayisi.

I-NTPSek

Yini ekhethekile nge-NTP? Naphezu kweqiniso lokuthi umbhali wephrojekthi, u-Dave Mills, wazama ukubhala ikhodi yakhe ngendlela engcono kakhulu ngangokunokwenzeka, umhleli ongavamile ozokwazi ukuqonda ubunkimbinkimbi be-algorithms yokuvumelanisa isikhathi esineminyaka engu-35 ubudala. Enye ikhodi yabhalwa ngaphambi kwenkathi ye-POSIX, futhi i-Unix API ngaleso sikhathi yayihluke kakhulu kulokho okusetshenziswa namuhla. Ngaphezu kwalokho, ulwazi lwezibalo luyadingeka ukuze kususwe isignali ekuphazamisekeni kwemigqa enomsindo.

I-NTS bekungewona umzamo wokuqala wokulungisa i-NTP. Lapho abahlaseli sebefunde ukuxhaphaza ubungozi be-NTP ukuze bakhulise ukuhlasela kwe-DDoS, kwaba sobala ukuthi izinguquko ezinkulu zazidingeka. Futhi ngenkathi kusalungiswa futhi kuphothulwa uhlaka lwe-NTS, i-US National Science Foundation ekupheleni konyaka wezi-2014 yabelwa ngokushesha imali yokuxhasa i-NTP ibe yesimanjemanje.

Iqembu elisebenzayo laliholwa hhayi yinoma ubani nje, kodwa U-Eric Steven Raymond - omunye wabasunguli nezinsika zomphakathi we-Open Source kanye nombhali wencwadi Cathedral futhi Bazaar. Into yokuqala u-Eric nabangane bakhe abazame ukuyenza ukuhambisa ikhodi ye-NTP ku-platform ye-BitKeeper baye ku-git, kodwa ayizange isebenze ngaleyo ndlela. Umholi wephrojekthi u-Harlan Stenn ubephikisana nalesi sinqumo futhi izingxoxo zimile. Khona-ke kwanqunywa ukuba kufakwe ikhodi yephrojekthi, futhi i-NTPSec yazalwa.

Okuhlangenwe nakho okuqinile, okuhlanganisa umsebenzi ku-GPSD, isizinda sezibalo kanye nekhono lomlingo lokufunda ikhodi yasendulo - u-Eric Raymond nguye kanye umgebenga ongase akhiphe iphrojekthi enjalo. Ithimba lithole uchwepheshe wokuthutha amakhodi futhi emavikini ayi-10 nje e-NTP wazinzaku-GitLab. Umsebenzi wawusugcwele.

Iqembu lika-Eric Raymond lithathe umsebenzi ngendlela efanayo naleyo u-Auguste Rodin awenza ngayo ngetshe. Ngokususa i-175 KLOC yekhodi endala, bakwazile ukunciphisa kakhulu indawo yokuhlasela ngokuvala izimbobo eziningi zokuphepha.

Nalu uhlu olungaphelele lwalabo abafakwe ekusatshalalisweni:

  • Iwashi elingabhaliwe, eliphelelwe yisikhathi, eliphelelwe yisikhathi noma eliphukile.
  • Umtapo wezincwadi we-ICS ongasetshenzisiwe.
  • libopts/autogen.
  • Ikhodi endala ye-Windows.
  • ntpdc.
  • Ukhiye wokuzenzakalelayo.
  • Ikhodi ye-ntpq C ibhalwe kabusha ku-Python.
  • Ikhodi ye-sntp/ntpdig C ibhalwe kabusha ngePython.

Ngaphezu kokuhlanza ikhodi, iphrojekthi yayineminye imisebenzi. Nalu uhlu oluyingxenye yezimpumelelo:

  • Ukuvikeleka kwekhodi ekuchichimeni kwebhafa kuye kwathuthukiswa kakhulu. Ukuze uvimbele ukuchichima kwebhafa, yonke imisebenzi yeyunithi yezinhlamvu engaphephile (strcpy/strcat/strtok/sprintf/vsprintf/gets) ithathelwe indawo yizinguqulo eziphephile ezisebenzisa imikhawulo kasayizi webhafa.
  • Kwengezwe ukwesekwa kwe-NTS.
  • Ukunemba kwesinyathelo sesikhathi esithuthukisiwe ngokuphindwe kashumi ngokuxhumanisa ihadiwe ebonakalayo. Lokhu kungenxa yokuthi amawashi ekhompyutha esimanje anembe kakhulu kunalawo ngesikhathi kuzalwa i-NTP. Abahlomule kakhulu kulokhu kube yi-GPSDO kanye nemisakazo yesikhathi esizinikele.
  • Inani lezilimi zokuhlela lehlisiwe lafika kwezimbili. Esikhundleni se-Perl, i-awk kanye nemibhalo ye-S, manje sekuyiPython yonke. Ngenxa yalokhu, maningi amathuba okusebenzisa kabusha ikhodi.
  • Esikhundleni sama-noodle wemibhalo ye-autotools, iphrojekthi yaqala ukusebenzisa uhlelo lokwakha isoftware waf.
  • Amadokhumenti ephrojekthi abuyekeziwe futhi ahlelwe kabusha. Kusukela eqoqweni lemibhalo eliphikisanayo futhi kwesinye isikhathi lakudala, bakha imibhalo edlula kalula. Zonke izinguquko zomugqa womyalo kanye nayo yonke inhlangano yokumisa manje inenguqulo eyodwa yeqiniso. Ukwengeza, amakhasi omuntu kanye nemibhalo yewebhu manje sekudalwe kusuka kumafayela ayisisekelo afanayo.

I-NTPSec iyatholakala ngenani lokusabalalisa kwe-Linux. Okwamanje, inguqulo yakamuva ezinzile ithi 1.1.8, kuGentoo Linux iyona ephambili.

(1:696)$ sudo emerge -av ntpsec
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild   R    ] net-misc/ntpsec-1.1.7-r1::gentoo  USE="samba seccomp -debug -doc -early -gdb -heat -libbsd -nist -ntpviz -rclock_arbiter -rclock_generic -rclock_gpsd -rclock_hpgps -rclock_jjy -rclock_local -rclock_modem -rclock_neoclock -rclock_nmea -rclock_oncore -rclock_pps -rclock_shm -rclock_spectracom -rclock_trimble -rclock_truetime -rclock_zyfer -smear -tests" PYTHON_TARGETS="python3_6" 0 KiB
Total: 1 package (1 reinstall), Size of downloads: 0 KiB
Would you like to merge these packages? [Yes/No]

I-Chrony

Kube khona omunye umzamo wokushintsha i-NTP endala ngokunye okuvikeleke kakhulu. I-Chrony, ngokungafani ne-NTPSec, ibhalwe kusukela phansi futhi iklanyelwe ukusebenza ngokwethembeka ngaphansi kwezimo eziningi ezihlukahlukene, okuhlanganisa ukuxhumeka kwenethiwekhi okungazinzile, ukutholakala kwenethiwekhi okuyingxenye noma ukuminyana, kanye nokushintsha kwezinga lokushisa. Ngaphezu kwalokho, i-chrony inezinye izinzuzo:

  • i-chrony ingavumelanisa iwashi lesistimu ngokushesha ngokunemba okukhulu;
  • I-chrony incane, idla inkumbulo encane, futhi ifinyelela i-CPU kuphela lapho idingeka. Lokhu kuhlanganisa okukhulu okonga izinsiza namandla;
  • I-chrony isekela izitembu zesikhathi zehadiwe ku-Linux, evumela ukuvumelanisa okunembe kakhulu kumanethiwekhi endawo.

Kodwa-ke, i-chrony ayinazo ezinye izici ze-NTP endala, njengokusakaza kanye neklayenti/iseva ye-multicast. Ngaphezu kwalokho, i-NTP yakudala isekela inombolo enkulu yezinhlelo zokusebenza nezinkundla.

Ukuze ukhubaze ukusebenza kweseva nezicelo ze-NTP kunqubo ye-chronyd, vele ubhale imbobo engu-0 kufayela elithi chrony.conf. Lokhu kwenziwa ezimeni lapho singekho isidingo sokugcina isikhathi samakhasimende e-NTP noma ontanga. Kusukela kunguqulo 2.0, imbobo yeseva ye-NTP ivuleka kuphela uma ukufinyelela kuvunyelwe umyalo wokuvumela noma umyalo ofanele, noma kulungiselelwa intanga ye-NTP, noma kusetshenziswa isiqondiso sokusakaza.

Uhlelo luqukethe amamojula amabili.

  • I-chronyd iyisevisi esebenza ngemuva. Ithola ulwazi mayelana nomehluko phakathi kwewashi lesistimu neseva yesikhathi sangaphandle futhi ilungise isikhathi sasendaweni. Iphinde isebenzise iphrothokholi ye-NTP futhi ingasebenza njengeklayenti noma iseva.
  • I-chronyc iyinsiza yomugqa womyalo yokuqapha nokulawula uhlelo. Isetshenziselwa ukushuna kahle amapharamitha esevisi ahlukahlukene, isibonelo, okukuvumela ukuthi wengeze noma ukhiphe amaseva e-NTP ngenkathi i-chronyd iqhubeka nokusebenza.

Kusukela kunguqulo yesi-7 ye-RedHat Linux isebenzisa chrony njengesevisi yokuvumelanisa isikhathi. Iphakheji iyatholakala futhi kokunye ukusatshalaliswa kweLinux. Inguqulo yakamuva ezinzile ingu-3.5, ilungiselela ukukhululwa kwe-v4.0.

(1:712)$ sudo emerge -av chrony
These are the packages that would be merged, in order:
Calculating dependencies... done!
[binary  N     ] net-misc/chrony-3.5-r2::gentoo  USE="adns caps cmdmon ipv6 ntp phc readline refclock rtc seccomp (-html) -libedit -pps (-selinux)" 246 KiB
Total: 1 package (1 new, 1 binary), Size of downloads: 246 KiB
Would you like to merge these packages? [Yes/No]

Ungayisetha kanjani iseva yakho ye-chrony ekude ku-inthanethi ukuze uvumelanise isikhathi kunethiwekhi yehhovisi. Ngezansi isibonelo sokusetha i-VPS.

Isibonelo sokusetha i-Chrony ku-RHEL / CentOS ku-VPS

Manje ake sizilolonge kancane futhi simise iseva yethu ye-NTP ku-VPS. Kulula kakhulu, khetha nje intela efanele kuwebhusayithi ye-RuVDS, thola iseva esenziwe ngomumo bese uthayipha imiyalo elula eyishumi nambili. Ngezinjongo zethu, le nketho ifanelekile.

Ukuvumelanisa isikhathi kuvikeleke kanjani

Masiqhubekele phambili ekusetheni isevisi futhi siqale sifake iphakheji ye-chrony.

[root@server ~]$ yum install chrony

I-RHEL 8 / CentOS 8 isebenzisa umphathi wephakheji ohlukile.

[root@server ~]$ dnf install chrony

Ngemuva kokufaka i-chrony, udinga ukuqala futhi wenze kusebenze isevisi.

[root@server ~]$ systemctl enable chrony --now

Uma uthanda, ungenza izinguquko ku-/etc/chrony.conf, esikhundleni samaseva e-NPT ufake ezasendaweni eziseduze ukuze unciphise isikhathi sokuphendula.

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.ru.pool.ntp.org iburst
server 1.ru.pool.ntp.org iburst
server 2.ru.pool.ntp.org iburst
server 3.ru.pool.ntp.org iburst

Okulandelayo, simisa ukuvumelanisa kweseva ye-NTP ngamanodi asuka echibini elishiwo.

[root@server ~]$ timedatectl set-ntp true
[root@server ~]$ systemctl restart chronyd.service

Kuyadingeka futhi ukuvula imbobo ye-NTP ngaphandle, ngaphandle kwalokho i-firewall izovimba ukuxhumana okungenayo kusuka kuma-client node.

[root@server ~]$ firewall-cmd --add-service=ntp --permanent 
[root@server ~]$ firewall-cmd --reload

Ohlangothini lweklayenti, kwanele ukusetha indawo yesikhathi ngendlela efanele.

[root@client ~]$ timedatectl set-timezone Europe/Moscow

Ifayela /etc/chrony.conf licacisa i-IP noma igama lomsingathi leseva yethu ye-VPS esebenzisa i-NTP server chrony.

server my.vps.server

Futhi ekugcineni, ukuqala ukuvumelanisa isikhathi kuklayenti.

[root@client ~]$ systemctl enable --now chronyd
[root@client ~]$ timedatectl set-ntp true

Ngokuzayo ngizokutshela ukuthi yiziphi izinketho ezikhona zokuvumelanisa isikhathi ngaphandle kwe-inthanethi.

Ukuvumelanisa isikhathi kuvikeleke kanjani

Ukuvumelanisa isikhathi kuvikeleke kanjani

Source: www.habr.com

Engeza amazwana