From 36ad3dd2871b9de8577406ed37e1050bd2d4009a Mon Sep 17 00:00:00 2001
From: uvok cheetah
Date: Mon, 29 Apr 2024 20:41:11 +0200
Subject: bird: Split clearnet files, use rsync

---
 roles/uvok_bird/templates/clearnet.conf.j2 | 153 +----------------------------
 1 file changed, 2 insertions(+), 151 deletions(-)

(limited to 'roles/uvok_bird/templates')

diff --git a/roles/uvok_bird/templates/clearnet.conf.j2 b/roles/uvok_bird/templates/clearnet.conf.j2
index 78b83b8..8f17d68 100644
--- a/roles/uvok_bird/templates/clearnet.conf.j2
+++ b/roles/uvok_bird/templates/clearnet.conf.j2
@@ -2,6 +2,8 @@
 
 include "/etc/bird/clear_defines.conf";
 include "/etc/bird/clear_functions.conf";
+include "/etc/bird/clear_rpki.conf";
+include "/etc/bird/clear_filters.conf";
 
 define CLEARNET_PREFIP = {{ uvok_bird_opts.preferred_ip }};
 
@@ -10,157 +12,6 @@ ipv6 table t_myas_unfiltered;
 ipv6 table t_myas_trs;
 ipv6 table t_myas_babel;
 
-roa6 table clear_roa_v6;
-
-protocol rpki roa_clearnet1 {
-    roa6 { table clear_roa_v6; };
-    remote 10.2.0.1;
-    port 8282;
-    refresh 3600;
-    retry 600;
-    expire 7200;
-}
-
-protocol rpki roa_clearnet2 {
-    roa6 { table clear_roa_v6; };
-    remote 10.2.0.12;
-    port 8282;
-    refresh 3600;
-    retry 600;
-    expire 7200;
-}
-
-define BOGON_ASNS = [
-  0,                      # RFC 7607
-  23456,                  # RFC 4893 AS_TRANS
-  64496..64511,           # RFC 5398 and documentation/example ASNs
-  64512..65534,           # RFC 6996 Private ASNs
-  65535,                  # RFC 7300 Last 16 bit ASN
-  65536..65551,           # RFC 5398 and documentation/example ASNs
-  65552..131071,          # RFC IANA reserved ASNs
-  4200000000..4294967294, # RFC 6996 Private ASNs
-  4294967295 ];           # RFC 7300 Last 32 bit ASN
-
-define BOGON_PREFIXES = [ ::/0,                          # Default route
-                          ::/8+,                         # RFC 4291 IPv4-compatible, loopback, et al
-                          0100::/64+,                    # RFC 6666 Discard-Only
-                          2001:2::/48+,                  # RFC 5180 BMWG
-                          2001:10::/28+,                 # RFC 4843 ORCHID
-                          2001:db8::/32+,                # RFC 3849 documentation
-                          2002::/16+,                    # RFC 7526 6to4 anycast relay
-                          3ffe::/16+,                    # RFC 3701 old 6bone
-                          fc00::/7+,                     # RFC 4193 unique local unicast
-                          fe80::/10+,                    # RFC 4291 link local unicast
-                          fec0::/10+,                    # RFC 3879 old site local unicast
-                          ff00::/8+                      # RFC 4291 multicast
- ];
-
-# not supported (yet???)
-# -> bool {
-function is_default_route() {
-    case net.type {
-        NET_IP4: return net = 0.0.0.0/0;
-        NET_IP6: return net = ::/0;
-        else:    return false;
-    }
-}
-
-function accept_default_route() {
-    if is_default_route() then accept;
-}
-
-function reject_bogon_asns()
-int set bogon_asns;
-{
-  bogon_asns = BOGON_ASNS;
-
-  if ( bgp_path ~ bogon_asns ) then {
-    print "Reject: bogon AS_PATH: ", net, " ", bgp_path;
-    clearnet_add_filter(FILTER_BOGON_ASN);
-  }
-}
-
-function reject_bogon_prefixes()
-prefix set bogon_prefixes;
-{
-    bogon_prefixes = BOGON_PREFIXES;
-    if (net ~ bogon_prefixes) then {
-        print "Reject: Bogon prefix: ", net, " ", bgp_path;
-        clearnet_add_filter(FILTER_BOGON_PREFIX);
-    }
-}
-
-define PROBLEM_PREFIXES = [
-];
-
-function reject_problem_prefixes()
-prefix set problem_prefixes;
-{
-    problem_prefixes = PROBLEM_PREFIXES;
-    if (net ~ problem_prefixes) then {
-        print "Reject: Problematic prefix: ", net, " ", bgp_path;
-        clearnet_add_filter(FILTER_PROBLEM_PREFIX);
-    }
-}
-
-function reject_long_aspaths()
-{
-    if ( bgp_path.len > 15 ) then {
-        clearnet_add_filter(FILTER_LONG_ASPATH);
-    }
-}
-
-function reject_small_prefixes()
-{
-  if (net.len > 55 && net.type = NET_IP6) then {
-    print "Reject: Too small prefix: ", net, " ", bgp_path;
-    clearnet_add_filter(FILTER_SMALL_V6_PREFIX);
-  }
-}
-
-function reject_roa_rpki()
-{
-    if ( roa_check(clear_roa_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID ) then {
-        clearnet_add_filter(FILTER_ROA_RPKI);
-    }
-}
-
-function prefer_direct_neighbor()
-{
-    if (bgp_path.len = 1) then
-        bgp_local_pref = bgp_local_pref + 700;
-}
-
-
-function clearnet_common_import() {
-    reject_bogon_asns();
-    reject_bogon_prefixes();
-    reject_long_aspaths();
-    reject_small_prefixes();
-    reject_problem_prefixes();
-    reject_roa_rpki();
-    prefer_direct_neighbor();
-    honor_graceful_shutdown();
-}
-
-filter myas_export
-{
-    if (proto = "myprefix") then {
-        accept;
-    }
-    reject;
-}
-
-# route collector
-filter myas_f_rc
-{
-# export IXP routes after all
-#    if ( clearnet_is_ixp() ) then reject;
-    if (source = RTS_BGP) then accept;
-    if (proto = "myprefix") then accept;
-    reject;
-};
-
 protocol static myprefix {
 {% for prefix in uvok_bird_opts.clear_prefixes %}
     route {{ prefix }} reject;
-- 
cgit v1.2.3