bird/filters/dn42.conf

function is_dn42() {
	return net ~ [
		172.20.0.0/14{21,29},
		172.20.0.0/24{28,32}, # Anycast
		172.21.0.0/24{28,32}, # Anycast
		172.22.0.0/24{28,32}, # Anycast
		172.23.0.0/24{28,32}, # Anycast
		fd00::/8{44,64}
	];
}

function dn42_import_v4()
	bool ok;
{
	ok = true;

	if ! is_dn42() then
		ok = false;

	     if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_VALID then
		bgp_large_community.add(informational_rpki_valid);
	else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
		bgp_large_community.add(informational_rpki_unknown);
	else if roa_check(roa_dn42_v4, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
		print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last, " from ", proto;
		bgp_large_community.add(informational_rpki_invalid);
		ok = false;
	}
	else
		bgp_large_community.add(informational_rpki_not_checked);

	return ok;
}

function dn42_import_v6()
	bool ok;
{
	ok = true;

	if ! is_dn42() then
		ok = false;

	     if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_VALID then
		bgp_large_community.add(informational_rpki_valid);
	else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_UNKNOWN then
		bgp_large_community.add(informational_rpki_unknown);
	else if roa_check(roa_dn42_v6, net, bgp_path.last_nonaggregated) = ROA_INVALID then {
		print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last, " from ", proto;
		bgp_large_community.add(informational_rpki_invalid);
		ok = false;
	}
	else
		bgp_large_community.add(informational_rpki_not_checked);

	return ok;
}

function dn42_export_v4()
	bool ok;
{
	ok = true;

	if ! is_mine_dn42() then
		ok = false;

	return ok;
}

function dn42_export_v6()
	bool ok;
{
	ok = true;

	if ! is_mine_dn42() then
		ok = false;

	return ok;
}