From 934e7660c90f5863eefbcf145a3ef988542fb2dc Mon Sep 17 00:00:00 2001
From: uvok cheetah
Date: Sun, 21 Jul 2024 14:05:08 +0200
Subject: bird: Add IRR filter

also, remove "direct neighbor" preference
---
 roles/uvok_bird/files/clear_filters.conf | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

(limited to 'roles/uvok_bird/files/clear_filters.conf')

diff --git a/roles/uvok_bird/files/clear_filters.conf b/roles/uvok_bird/files/clear_filters.conf
index bb01b4c..303ea91 100644
--- a/roles/uvok_bird/files/clear_filters.conf
+++ b/roles/uvok_bird/files/clear_filters.conf
@@ -128,12 +128,33 @@ function reject_roa_rpki()
     }
 }
 
-function prefer_direct_neighbor()
+# take the set of allowed ASes (as first AS), according to IRR 
+# adds filter if first AS in BGP path is not in allowed list
+function reject_irr_invalid_as(int set irr_ases)
 {
-    if (bgp_path.len = 1) then
-        bgp_local_pref = bgp_local_pref + 700;
+    if (bgp_path.first !~ irr_ases) then {
+        print "Reject: Not in IRR AS list: ", net, " ", bgp_path;
+        clearnet_add_filter(FILTER_IRR);
+    }
+}
+
+# take the set of allowed prefixes (prefix set), according to IRR
+# adds filter if net is not in allowed list
+function reject_irr_invalid_net(prefix set irr_prefixes)
+{
+    if (net !~ irr_prefixes) then {
+        print "Reject: Not in IRR AS list: ", net, " ", bgp_path;
+        clearnet_add_filter(FILTER_IRR);
+    }
 }
 
+# ... what did I think? Shortest AS path wins anyway.
+# function prefer_direct_neighbor()
+# {
+#     if (bgp_path.len = 1) then
+#         bgp_local_pref = bgp_local_pref + 700;
+# }
+
 
 function clearnet_common_import() {
     reject_bogon_asns();
@@ -142,7 +163,7 @@ function clearnet_common_import() {
     reject_small_prefixes();
     reject_problem_prefixes();
     reject_roa_rpki();
-    prefer_direct_neighbor();
+    #prefer_direct_neighbor();
     honor_graceful_shutdown();
 }
 
-- 
cgit v1.2.3