bird/filters/dn42.conf

function is_dn42() {
	return net ~ [
		172.20.0.0/14{21,29},
		172.20.0.0/24{28,32}, # Anycast
		172.21.0.0/24{28,32}, # Anycast
		172.22.0.0/24{28,32}, # Anycast
		172.23.0.0/24{28,32}, # Anycast
		fd00::/8{44,64}
	];
}

function dn42_import_v4()
	bool ok;
{
	ok = true;

	if bgp_path ~ [= * 4242421331 * =] then reject;

	if is_mine_dn42() then
		ok = false;

	if ! is_dn42() then
		ok = false;

	     if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_VALID then
		bgp_large_community.add(informational_rpki_valid);
	else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
		bgp_large_community.add(informational_rpki_unknown);
	else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
		print "Ignore ROA invalid ", net, " for ASN ", bgp_path.last, " from ", proto;
		bgp_large_community.add(informational_rpki_invalid);
		ok = false;
	}
	else
		bgp_large_community.add(informational_rpki_not_checked);

	return ok;
}

function dn42_import_v6()
	bool ok;
{
	ok = true;

	if bgp_path ~ [= * 4242421331 * =] then reject;

	if is_mine_dn42() then
		ok = false;

	if ! is_dn42() then
		ok = false;

	     if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_VALID then
		bgp_large_community.add(informational_rpki_valid);
	else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
		bgp_large_community.add(informational_rpki_unknown);
	else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
		print "Ignore ROA invalid ", net, " for ASN ", bgp_path.last, " from ", proto;
		bgp_large_community.add(informational_rpki_invalid);
		ok = false;
	}
	else
		bgp_large_community.add(informational_rpki_not_checked);

	return ok;
}

function dn42_export_v4()
	bool ok;
{
	ok = true;

	if ! is_dn42() then
		ok = false;

	return ok;
}

function dn42_export_v6()
	bool ok;
{
	ok = true;

	if ! is_dn42() then
		ok = false;

	return ok;
}
initial commit 2020-04-20 04:42:25 +02:00			`function is_dn42() {`
			`return net ~ [`
			`172.20.0.0/14{21,29},`
			`172.20.0.0/24{28,32}, # Anycast`
			`172.21.0.0/24{28,32}, # Anycast`
			`172.22.0.0/24{28,32}, # Anycast`
			`172.23.0.0/24{28,32}, # Anycast`
			`fd00::/8{44,64}`
			`];`
			`}`

update filters 2020-05-03 00:33:40 +02:00			`function dn42_import_v4()`
			`bool ok;`
initial commit 2020-04-20 04:42:25 +02:00			`{`
update filters 2020-05-03 00:33:40 +02:00			`ok = true;`
initial commit 2020-04-20 04:42:25 +02:00
large chunk of updates 2020-08-22 02:36:36 +02:00			`if bgp_path ~ [= * 4242421331 * =] then reject;`

			`if is_mine_dn42() then`
			`ok = false;`

initial commit 2020-04-20 04:42:25 +02:00			`if ! is_dn42() then`
update filters 2020-05-03 00:33:40 +02:00			`ok = false;`

			`if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_VALID then`
			`bgp_large_community.add(informational_rpki_valid);`
			`else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then`
			`bgp_large_community.add(informational_rpki_unknown);`
			`else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_INVALID then {`
large chunk of updates 2020-08-22 02:36:36 +02:00			`print "Ignore ROA invalid ", net, " for ASN ", bgp_path.last, " from ", proto;`
update filters 2020-05-03 00:33:40 +02:00			`bgp_large_community.add(informational_rpki_invalid);`
			`ok = false;`
			`}`
			`else`
			`bgp_large_community.add(informational_rpki_not_checked);`

			`return ok;`
initial commit 2020-04-20 04:42:25 +02:00			`}`

update filters 2020-05-03 00:33:40 +02:00			`function dn42_import_v6()`
			`bool ok;`
initial commit 2020-04-20 04:42:25 +02:00			`{`
update filters 2020-05-03 00:33:40 +02:00			`ok = true;`
initial commit 2020-04-20 04:42:25 +02:00
large chunk of updates 2020-08-22 02:36:36 +02:00			`if bgp_path ~ [= * 4242421331 * =] then reject;`

			`if is_mine_dn42() then`
			`ok = false;`

initial commit 2020-04-20 04:42:25 +02:00			`if ! is_dn42() then`
update filters 2020-05-03 00:33:40 +02:00			`ok = false;`

			`if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_VALID then`
			`bgp_large_community.add(informational_rpki_valid);`
			`else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then`
			`bgp_large_community.add(informational_rpki_unknown);`
			`else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then {`
large chunk of updates 2020-08-22 02:36:36 +02:00			`print "Ignore ROA invalid ", net, " for ASN ", bgp_path.last, " from ", proto;`
update filters 2020-05-03 00:33:40 +02:00			`bgp_large_community.add(informational_rpki_invalid);`
			`ok = false;`
			`}`
			`else`
			`bgp_large_community.add(informational_rpki_not_checked);`

			`return ok;`
initial commit 2020-04-20 04:42:25 +02:00			`}`

update filters 2020-05-03 00:33:40 +02:00			`function dn42_export_v4()`
			`bool ok;`
			`{`
			`ok = true;`

large chunk of updates 2020-08-22 02:36:36 +02:00			`if ! is_dn42() then`
update filters 2020-05-03 00:33:40 +02:00			`ok = false;`
initial commit 2020-04-20 04:42:25 +02:00
update filters 2020-05-03 00:33:40 +02:00			`return ok;`
initial commit 2020-04-20 04:42:25 +02:00			`}`

update filters 2020-05-03 00:33:40 +02:00			`function dn42_export_v6()`
			`bool ok;`
			`{`
			`ok = true;`

large chunk of updates 2020-08-22 02:36:36 +02:00			`if ! is_dn42() then`
update filters 2020-05-03 00:33:40 +02:00			`ok = false;`
initial commit 2020-04-20 04:42:25 +02:00
update filters 2020-05-03 00:33:40 +02:00			`return ok;`
initial commit 2020-04-20 04:42:25 +02:00			`}`