# managed by Ansible

## IMPORT FILTERS

define BOGON_ASNS = [
  0,                      # RFC 7607
  23456,                  # RFC 4893 AS_TRANS
  64496..64511,           # RFC 5398 and documentation/example ASNs
  64512..65534,           # RFC 6996 Private ASNs
  65535,                  # RFC 7300 Last 16 bit ASN
  65536..65551,           # RFC 5398 and documentation/example ASNs
  65552..131071,          # RFC IANA reserved ASNs
  4200000000..4294967294, # RFC 6996 Private ASNs
  4294967295 ];           # RFC 7300 Last 32 bit ASN

define BOGON_PREFIXES = [ ::/0,                          # Default route
                          ::/8+,                         # RFC 4291 IPv4-compatible, loopback, et al
                          0100::/64+,                    # RFC 6666 Discard-Only
                          2001:2::/48+,                  # RFC 5180 BMWG
                          2001:10::/28+,                 # RFC 4843 ORCHID
                          2001:db8::/32+,                # RFC 3849 documentation
                          2002::/16+,                    # RFC 7526 6to4 anycast relay
                          3ffe::/16+,                    # RFC 3701 old 6bone
                          fc00::/7+,                     # RFC 4193 unique local unicast
                          fe80::/10+,                    # RFC 4291 link local unicast
                          fec0::/10+,                    # RFC 3879 old site local unicast
                          ff00::/8+                      # RFC 4291 multicast
];

# not supported (yet???)
# -> bool {
function is_default_route() {
    case net.type {
        NET_IP4: return net = 0.0.0.0/0;
        NET_IP6: return net = ::/0;
        else:    return false;
    }
}

function accept_default_route() {
    if is_default_route() then accept;
}

function reject_bogon_asns()
int set bogon_asns;
{
  bogon_asns = BOGON_ASNS;

  if ( bgp_path ~ bogon_asns ) then {
    print "Reject: bogon AS_PATH: ", net, " ", bgp_path;
    clearnet_add_filter(FILTER_BOGON_ASN);
  }
}

function reject_bogon_prefixes()
prefix set bogon_prefixes;
{
    bogon_prefixes = BOGON_PREFIXES;
    if (net ~ bogon_prefixes) then {
        print "Reject: Bogon prefix: ", net, " ", bgp_path;
        clearnet_add_filter(FILTER_BOGON_PREFIX);
    }
}

define PROBLEM_PREFIXES = [
];

function reject_problem_prefixes()
prefix set problem_prefixes;
{
    problem_prefixes = PROBLEM_PREFIXES;
    if (net ~ problem_prefixes) then {
        print "Reject: Problematic prefix: ", net, " ", bgp_path;
        clearnet_add_filter(FILTER_PROBLEM_PREFIX);
    }
}

function reject_long_aspaths()
{
    if ( bgp_path.len > 15 ) then {
        clearnet_add_filter(FILTER_LONG_ASPATH);
    }
}

function reject_small_prefixes()
{
  if (net.len > 48 && net.type = NET_IP6) then {
    print "Reject: Too small prefix: ", net, " ", bgp_path;
    clearnet_add_filter(FILTER_SMALL_V6_PREFIX);
  }
}

function reject_roa_rpki()
{
    if ( roa_check(clear_roa_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID ) then {
        clearnet_add_filter(FILTER_ROA_RPKI);
    }
}

function prefer_direct_neighbor()
{
    if (bgp_path.len = 1) then
        bgp_local_pref = bgp_local_pref + 700;
}


function clearnet_common_import() {
    reject_bogon_asns();
    reject_bogon_prefixes();
    reject_long_aspaths();
    reject_small_prefixes();
    reject_problem_prefixes();
    reject_roa_rpki();
    prefer_direct_neighbor();
    honor_graceful_shutdown();
}

## EXPORT FILTERS

filter myas_export
{
    if (proto = "myprefix") then {
        accept;
    }
    reject;
}

# route collector
filter myas_f_rc
{
# export IXP routes after all
#    if ( clearnet_is_ixp() ) then reject;
    if (source = RTS_BGP) then accept;
    if (proto = "myprefix") then accept;
    reject;
};