diff options
Diffstat (limited to 'tnet/templates')
-rw-r--r-- | tnet/templates/bird-tnet-pre.conf.j2 | 14 | ||||
-rw-r--r-- | tnet/templates/bird-tnet.conf.j2 | 10 |
2 files changed, 19 insertions, 5 deletions
diff --git a/tnet/templates/bird-tnet-pre.conf.j2 b/tnet/templates/bird-tnet-pre.conf.j2 index 7994dfe..ec31fa2 100644 --- a/tnet/templates/bird-tnet-pre.conf.j2 +++ b/tnet/templates/bird-tnet-pre.conf.j2 @@ -5,3 +5,17 @@ function is_tnet() # -> bool { return net ~ tnet && ! (net ~ tnet_router); } + +roa6 table dn42_roa; + +protocol static { + roa6 { table dn42_roa; }; + include "/etc/bird/dn42_roa_bird2_6.conf"; +}; + +function dn42_is_valid_network() # -> bool +{ + return net ~ [ + fd00::/8{44,64} # ULA address space as per RFC 4193 + ]; +} diff --git a/tnet/templates/bird-tnet.conf.j2 b/tnet/templates/bird-tnet.conf.j2 index b11bf0c..9797241 100644 --- a/tnet/templates/bird-tnet.conf.j2 +++ b/tnet/templates/bird-tnet.conf.j2 @@ -42,7 +42,7 @@ protocol bgp tnet_{{ p }} from tnet_tpl { {% elif policy == "dn42" %} protocol bgp {{ p }} { local as 4242423538; - neighbor {{ peer.address }} + neighbor {{ peer.address }}; neighbor as {{ peer.as }}; {% if peer.interface is defined %} interface "{{ peer.interface }}"; @@ -52,7 +52,7 @@ protocol bgp {{ p }} { import filter { if dn42_is_valid_network() && !is_tnet() then { # Check when unknown or invalid according to ROA - if (roa_check(dn42_roa, net, bgp_path.last) == ROA_VALID) then { + if (roa_check(dn42_roa, net, bgp_path.last) = ROA_VALID) then { accept; } else { print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last; @@ -61,15 +61,15 @@ protocol bgp {{ p }} { } else { reject; } - } + }; export filter { if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then { accept; } else { reject; } - } - } + }; + }; } {% endif %} {% endfor %} |