November 27, 2024 13:52 · October 25, 2024 08:03 · September 5, 2025 20:38 · August 13, 2024 11:04 · March 26, 2024 12:54 · February 17, 2024 09:25
 --- bgp_simple.pl~      2024-11-27 12:26:17.057483859 +0200
 +++ bgp_simple.pl       2024-11-27 14:46:48.435675124 +0200
 @@ -16,6 +16,8 @@
 use Net::BGP;
 use Net::BGP::Process;

 +STDOUT->autoflush(1);
 +
 my $version = "v0.12";
 my $version_date = "22-Jan-2011";
 #!/usr/bin/python3 -u

 """
 -> eth0: 192.168.17.36 -> 172.16.20.3 | protocol UDP | port 6000 | DATA |

 <- eth1: 10.0.0.2 -> 10.0.0.1 | protocol UDP | port 6000 | DATA |


 apt install --no-install-recommends python3-pcapy python3-scapy
 """
 log syslog all;
 debug protocols all;

 router id 213.184.52.1;
 define rtix_rs_asn = 207800;


 # BGP ipv4/ipv6 channel option "secondary" requires
 # routing table to be sorted.
 ipv4 table master4 sorted;
 interfaces {
    lo0 {
        unit 0 {
            family inet {
                filter {
                    input-list [ discard-ip-options discard-frags accept-single-hop-bfd-v4 accept-multi-hop-bfd-v4 accept-bgp-v4 accept-ospf2 accept-vrrpv3-v4 accept-established-v4 accept-common-services-v4 discard-all-v4 ];
                }
            }
            family inet6 {
                filter {
 version 1.0;

 ns junos = "http://xml.juniper.net/junos/*/junos";
 ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
 ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
 ns dyn = "http://exslt.org/dynamic";
 ns snmp extension = "http://exslt.org/functions";


 template find-alarm($alarm_severity) {
 #!/usr/bin/python3 -u

 """
 Title               : send-dst-unreach
 Last modified date  : 14.02.2024
 Author              : Martin Tonusoo
 Description         : Reads packets from Netfilter queue, sends the
                      ICMPv6 type "Destination Unreachable" code
                      "Source address failed ingress/egress policy"
                      as a response to those packets and finally
 #!/usr/bin/env python3

 """

 https://github.com/systemd/systemd/issues/27219


 Usage:

 # for i in {1..10}; do scapy-dhcp-client.py; done
 # Setup below allows one guest to receive untagged frames while the other guest receives tagged traffic.

 # Mark the frames depending on the ingress interface. eth0 is facing the physical network.
 ebtables -A FORWARD -i eth0.173 -j mark --mark-set 173 --mark-target CONTINUE
 ebtables -A FORWARD -i eth0.174 -j mark --mark-set 174 --mark-target CONTINUE

 # vnet0 is a TAP device facing the virtual machine.
 # Switch to classful prio qdisc for egress traffic.
 tc qdisc add dev vnet0 handle fffe: root prio
 # Attach filters to qdisc handle which will perform the VLAN push.
 #include <stdio.h>
 #include <unistd.h>
 #include <netinet/igmp.h>
 #include <linux/mroute.h>
 #include <arpa/inet.h>

 // socket configuration is based on https://github.com/pali/igmpproxy

 int main() {
 #!/usr/bin/env python3

 import multiprocessing
 from datetime import datetime
 from scapy.all import sniff, send, IP
 from scapy.contrib.igmp import IGMP


 def sniffer():
    sniff(iface="ens3", filter="dst 239.3.5.3 and igmp", store=0, count=1)
	--- bgp_simple.pl~ 2024-11-27 12:26:17.057483859 +0200
	+++ bgp_simple.pl 2024-11-27 14:46:48.435675124 +0200
	@@ -16,6 +16,8 @@
	use Net::BGP;
	use Net::BGP::Process;

	+STDOUT->autoflush(1);
	+
	my $version = "v0.12";
	my $version_date = "22-Jan-2011";
	#!/usr/bin/python3 -u

	"""
	-> eth0: 192.168.17.36 -> 172.16.20.3 \| protocol UDP \| port 6000 \| DATA \|

	<- eth1: 10.0.0.2 -> 10.0.0.1 \| protocol UDP \| port 6000 \| DATA \|


	apt install --no-install-recommends python3-pcapy python3-scapy
	"""
	log syslog all;
	debug protocols all;

	router id 213.184.52.1;
	define rtix_rs_asn = 207800;


	# BGP ipv4/ipv6 channel option "secondary" requires
	# routing table to be sorted.
	ipv4 table master4 sorted;
	interfaces {
	lo0 {
	unit 0 {
	family inet {
	filter {
	input-list [ discard-ip-options discard-frags accept-single-hop-bfd-v4 accept-multi-hop-bfd-v4 accept-bgp-v4 accept-ospf2 accept-vrrpv3-v4 accept-established-v4 accept-common-services-v4 discard-all-v4 ];
	}
	}
	family inet6 {
	filter {
	version 1.0;

	ns junos = "http://xml.juniper.net/junos/*/junos";
	ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
	ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
	ns dyn = "http://exslt.org/dynamic";
	ns snmp extension = "http://exslt.org/functions";


	template find-alarm($alarm_severity) {
	#!/usr/bin/python3 -u

	"""
	Title : send-dst-unreach
	Last modified date : 14.02.2024
	Author : Martin Tonusoo
	Description : Reads packets from Netfilter queue, sends the
	ICMPv6 type "Destination Unreachable" code
	"Source address failed ingress/egress policy"
	as a response to those packets and finally
	#!/usr/bin/env python3

	"""

	https://github.com/systemd/systemd/issues/27219


	Usage:

	# for i in {1..10}; do scapy-dhcp-client.py; done
	# Setup below allows one guest to receive untagged frames while the other guest receives tagged traffic.

	# Mark the frames depending on the ingress interface. eth0 is facing the physical network.
	ebtables -A FORWARD -i eth0.173 -j mark --mark-set 173 --mark-target CONTINUE
	ebtables -A FORWARD -i eth0.174 -j mark --mark-set 174 --mark-target CONTINUE

	# vnet0 is a TAP device facing the virtual machine.
	# Switch to classful prio qdisc for egress traffic.
	tc qdisc add dev vnet0 handle fffe: root prio
	# Attach filters to qdisc handle which will perform the VLAN push.
	#include <stdio.h>
	#include <unistd.h>
	#include <netinet/igmp.h>
	#include <linux/mroute.h>
	#include <arpa/inet.h>

	// socket configuration is based on https://github.com/pali/igmpproxy

	int main() {
	#!/usr/bin/env python3

	import multiprocessing
	from datetime import datetime
	from scapy.all import sniff, send, IP
	from scapy.contrib.igmp import IGMP


	def sniffer():
	sniff(iface="ens3", filter="dst 239.3.5.3 and igmp", store=0, count=1)