120 lines
2.7 KiB
Plaintext
120 lines
2.7 KiB
Plaintext
function is_valid_network_v4() -> bool{
|
|
return net ~ [
|
|
172.20.0.0/14{21,29}, # dn42
|
|
172.20.0.0/24{28,32}, # dn42 Anycast
|
|
172.21.0.0/24{28,32}, # dn42 Anycast
|
|
172.22.0.0/24{28,32}, # dn42 Anycast
|
|
172.23.0.0/24{28,32}, # dn42 Anycast
|
|
172.31.0.0/16+, # ChaosVPN
|
|
10.100.0.0/14+, # ChaosVPN
|
|
10.127.0.0/16{16,32}, # neonetwork
|
|
10.0.0.0/8{15,24} # Freifunk.net
|
|
];
|
|
}
|
|
|
|
function is_valid_network_v6() -> bool {
|
|
return net ~ [
|
|
fd00::/8{44,64}
|
|
];
|
|
}
|
|
|
|
function is_valid_network() -> bool {
|
|
return is_valid_network_v4() || is_valid_network_v6();
|
|
}
|
|
|
|
function kernel_export() {
|
|
krt_prefsrc = OWNIP;
|
|
accept;
|
|
}
|
|
|
|
function reject_invalid_roa() {
|
|
#if (roa_check(dnroa, net, bgp_path.last) != ROA_VALID) then {
|
|
# print "Reject: ROA failed|", net, "|", bgp_path;
|
|
# reject;
|
|
#}
|
|
}
|
|
|
|
function reject_default_route() {
|
|
if (net = fd00::/8 || net = ::/0) then
|
|
reject;
|
|
}
|
|
|
|
function reject_blacklisted()
|
|
int set blacklist;
|
|
{
|
|
blacklist = ASN_BLACKLIST;
|
|
|
|
if ( bgp_path ~ blacklist ) then {
|
|
print "Reject: blacklisted ASN|", bgp_path;
|
|
reject;
|
|
}
|
|
}
|
|
|
|
function honor_graceful_shutdown() {
|
|
if (65535, 0) ~ bgp_community then {
|
|
bgp_local_pref = 0;
|
|
}
|
|
}
|
|
|
|
function dn_import_filter(int link_latency; int link_bandwidth; int link_crypto) {
|
|
#if ( net.type != NET_IP6 ) then {
|
|
# print "Reject: non-IPv6 on IPv6 Channel|", net, "|", bgp_path;
|
|
# reject;
|
|
#}
|
|
|
|
if ( ! is_valid_network() ) then {
|
|
print "Reject: invalid network|", net, "|", bgp_path;
|
|
reject;
|
|
}
|
|
|
|
if ( is_self_net() ) then {
|
|
print "Reject: export our network|", net, "|", bgp_path.first;
|
|
reject;
|
|
}
|
|
|
|
if ( bgp_path.len > 25 ) then {
|
|
print "Reject: AS path too long|", net, "|", bgp_path;
|
|
reject;
|
|
}
|
|
|
|
reject_blacklisted();
|
|
reject_invalid_roa();
|
|
reject_default_route();
|
|
|
|
if (bgp_path.len = 1) then
|
|
bgp_local_pref = bgp_local_pref + 500;
|
|
|
|
update_flags(link_latency, link_bandwidth, link_crypto);
|
|
|
|
accept;
|
|
}
|
|
|
|
function dn_export_filter(int link_latency; int link_bandwidth; int link_crypto) {
|
|
if (source !~ [RTS_STATIC, RTS_BGP]) then
|
|
reject;
|
|
|
|
if (bgp_path.last != bgp_path.first) then
|
|
reject;
|
|
|
|
reject_default_route();
|
|
|
|
update_flags(link_latency, link_bandwidth, link_crypto);
|
|
update_region();
|
|
|
|
bgp_med = 0;
|
|
bgp_med = bgp_med + ( ( 4 - ( link_crypto - 30 ) ) * 600 );
|
|
bgp_med = bgp_med + ( ( 9 - ( link_bandwidth - 20 ) ) * 100);
|
|
bgp_med = bgp_med + ( ( link_latency - 1) * 300);
|
|
|
|
accept;
|
|
}
|
|
|
|
function dn_export_collector() {
|
|
if (source !~ [RTS_STATIC, RTS_BGP]) then
|
|
reject;
|
|
|
|
update_region();
|
|
accept;
|
|
}
|
|
|