aboutsummaryrefslogtreecommitdiff
path: root/tnet/templates
diff options
context:
space:
mode:
Diffstat (limited to 'tnet/templates')
-rw-r--r--tnet/templates/bird-tnet-pre.conf.j214
-rw-r--r--tnet/templates/bird-tnet.conf.j210
2 files changed, 19 insertions, 5 deletions
diff --git a/tnet/templates/bird-tnet-pre.conf.j2 b/tnet/templates/bird-tnet-pre.conf.j2
index 7994dfe..ec31fa2 100644
--- a/tnet/templates/bird-tnet-pre.conf.j2
+++ b/tnet/templates/bird-tnet-pre.conf.j2
@@ -5,3 +5,17 @@ function is_tnet() # -> bool
{
return net ~ tnet && ! (net ~ tnet_router);
}
+
+roa6 table dn42_roa;
+
+protocol static {
+ roa6 { table dn42_roa; };
+ include "/etc/bird/dn42_roa_bird2_6.conf";
+};
+
+function dn42_is_valid_network() # -> bool
+{
+ return net ~ [
+ fd00::/8{44,64} # ULA address space as per RFC 4193
+ ];
+}
diff --git a/tnet/templates/bird-tnet.conf.j2 b/tnet/templates/bird-tnet.conf.j2
index b11bf0c..9797241 100644
--- a/tnet/templates/bird-tnet.conf.j2
+++ b/tnet/templates/bird-tnet.conf.j2
@@ -42,7 +42,7 @@ protocol bgp tnet_{{ p }} from tnet_tpl {
{% elif policy == "dn42" %}
protocol bgp {{ p }} {
local as 4242423538;
- neighbor {{ peer.address }}
+ neighbor {{ peer.address }};
neighbor as {{ peer.as }};
{% if peer.interface is defined %}
interface "{{ peer.interface }}";
@@ -52,7 +52,7 @@ protocol bgp {{ p }} {
import filter {
if dn42_is_valid_network() && !is_tnet() then {
# Check when unknown or invalid according to ROA
- if (roa_check(dn42_roa, net, bgp_path.last) == ROA_VALID) then {
+ if (roa_check(dn42_roa, net, bgp_path.last) = ROA_VALID) then {
accept;
} else {
print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
@@ -61,15 +61,15 @@ protocol bgp {{ p }} {
} else {
reject;
}
- }
+ };
export filter {
if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then {
accept;
} else {
reject;
}
- }
- }
+ };
+ };
}
{% endif %}
{% endfor %}