arouteserver: update templates from arouteserver 1.22.1

dd-ix · Apr 9, 2024 · cfc00d2 · cfc00d2
1 parent 88a994b
commit cfc00d2
Show file tree

Hide file tree

Showing 2 changed files with 85 additions and 29 deletions.
diff --git a/arouteserver/templates/bird/clients.j2 b/arouteserver/templates/bird/clients.j2
@@ -57,22 +57,28 @@ function origin_as_is_in_{{ client.id }}_as_set(){{ bird_fnc_type("bool") }} {
 # R-SET for {{ client.id }}
 function prefix_is_in_{{ client.id }}_as_set(){{ bird_fnc_type("bool") }} {
 {% if client.cfg.filtering.irrdb.as_set_bundle_ids %}
-{% for as_set_bundle_id in client.cfg.filtering.irrdb.as_set_bundle_ids|sort %}
-{% set this_ip_ver = client.ip|ipaddr_ver %}
-{% set prefixes = irrdb_info[as_set_bundle_id].prefixes|selectattr("prefix", "is_ipver", this_ip_ver)|list %}
-{% if prefixes %}
-{% if "2.0"|target_version_ge %}
+{% for as_set_bundle_id in client.cfg.filtering.irrdb.as_set_bundle_ids|sort %}
+{% if "2.0"|target_version_ge and client.cfg.rfc8950 and client.ip|ipaddr_ver == 6 %}
+{% set afis = [4, 6] %}
+{% else %}
+{% set afis = [ client.ip|ipaddr_ver ] %}
+{% endif %}
+{% for this_ip_ver in afis %}
+{% set prefixes = irrdb_info[as_set_bundle_id].prefixes|selectattr("prefix", "is_ipver", this_ip_ver)|list %}
+{% if prefixes %}
+{% if "2.0"|target_version_ge %}
  if net.type = NET_IP{{ this_ip_ver }} then
  if net ~ AS_SET_{{ irrdb_info[as_set_bundle_id].name }}_prefixes_{{ this_ip_ver }} then
  return true;
-{% else %}
+{%  else %}
  if net ~ AS_SET_{{ irrdb_info[as_set_bundle_id].name }}_prefixes_{{ this_ip_ver }} then
  return true;
-{% endif %}
-{% else %}
+{%  endif %}
+{%  else %}
  # AS-SET {{ irrdb_info[as_set_bundle_id].name }} referenced but empty.
-{% endif %}
-{% endfor %}
+{% endif %}
+{% endfor %}
+{% endfor %}
 {% endif %}
  return false;
 }
@@ -93,8 +99,15 @@ function next_hop_is_valid_for_{{ client.id }}(){{ bird_fnc_type("bool") }}
 {% endfor %}
 {% else %}
 {% for asn, same_as_clients in clients|groupby("asn") if asn == client.asn %}
-{% for same_as_client in same_as_clients|sort(attribute="ip") if same_as_client.ip|ipaddr_ver == client.ip|ipaddr_ver %}
+{% for same_as_client in same_as_clients|sort(attribute="ip") %}
+{% if (
+ "2.0"|target_version_ge and
+ client.cfg.rfc8950
+ ) or (
+ same_as_client.ip|ipaddr_ver == client.ip|ipaddr_ver
+ ) %}
  if bgp_next_hop = {{ same_as_client.ip }} then return true; # {{ same_as_client.id }}
+{% endif %}
 {% endfor %}
 {% endfor %}
 {% endif %}
@@ -104,12 +117,28 @@ function next_hop_is_valid_for_{{ client.id }}(){{ bird_fnc_type("bool") }}
 
 {% if client.cfg.filtering.black_list_pref %}
 function prefix_is_in_{{ client.id }}_blacklist(){{ bird_fnc_type("bool") }}
-prefix set {{ client.id }}_blacklist;
+{% for this_ip_ver in list_ip_vers %}
+{% set prefixes = client.cfg.filtering.black_list_pref|selectattr("prefix", "is_ipver", this_ip_ver )|list %}
+{% if prefixes|length > 0 %}
+prefix set {{ client.id }}_blacklist_{{ this_ip_ver }};
+{% endif %}
+{% endfor %}
 {
- {{ client.id }}_blacklist = [
-{{ write_prefix_list(client.cfg.filtering.black_list_pref|selectattr("prefix", "is_ipver", client.ip|ipaddr_ver)) }}
- ];
- return net ~ {{ client.id }}_blacklist;
+{% for this_ip_ver in list_ip_vers %}
+{% set prefixes = client.cfg.filtering.black_list_pref|selectattr("prefix", "is_ipver", this_ip_ver )|list %}
+{% if prefixes|length > 0 %}
+ {{ client.id }}_blacklist_{{ this_ip_ver }} = [
+{{ write_prefix_list(prefixes) }}
+ ];
+{% if "2.0"|target_version_ge %}
+ if net.type = NET_IP{{ this_ip_ver }} then
+ if net ~ {{ client.id }}_blacklist_{{ this_ip_ver }} then return true;
+{% else %}
+ if net ~ {{ client.id }}_blacklist_{{ this_ip_ver }} then return true;
+{% endif %}
+{% endif %}
+{% endfor %}
+ return false;
 }
 {% endif %}
 
@@ -186,7 +215,12 @@ bool validated;
 
 {% if client.cfg.filtering.irrdb.white_list_route %}
  # Client's white list
-{% for route in client.cfg.filtering.irrdb.white_list_route|selectattr("prefix", "is_ipver", client.ip|ipaddr_ver)|sort(attribute="prefix") if route.prefix|ipaddr_ver == client.ip|ipaddr_ver %}
+{% if "2.0"|target_version_ge and client.cfg.rfc8950 and client.ip|ipaddr_ver == 6 %}
+{% set routes = client.cfg.filtering.irrdb.white_list_route|sort(attribute="prefix") %}
+{% else %}
+{% set routes = client.cfg.filtering.irrdb.white_list_route|selectattr("prefix", "is_ipver", client.ip|ipaddr_ver)|sort(attribute="prefix") %}
+{% endif %}
+{% for route in routes %}
  if !validated && net ~ [ {{ write_prefix_list_entry(route) }} ] then {
 {% if route.asn %}
  if bgp_path.last = {{ route.asn }} then {
@@ -223,7 +257,11 @@ filter receive_from_{{ client.id }} {
  {{ reject(client, 65535, '"source != RTS_BGP - REJECTING ", net') }}
 
  {% if "2.0"|target_version_ge %}
+ {% if client.cfg.rfc8950 and client.ip|ipaddr_ver == 6%}
+ if !(net.type = NET_IP6 || net.type = NET_IP4) then
+ {% else %}
  if !(net.type = NET_IP{{ client.ip|ipaddr_ver }}) then
+ {% endif %}
  {{ reject(client, 65535, '"AFI not enabled for this peer - REJECTING ", net') }}
  {% endif %}
 
@@ -279,8 +317,13 @@ filter receive_from_{{ client.id }} {
 
  {% if client.ip|ipaddr_ver == 6 %}
  # Prefix: only IPv6 Global Unicast space allowed
+ {% if "2.0"|target_version_ge %}
+ if net.type = NET_IP6 && !(net ~ [2000::/3+]) then
+ {{ reject(client, 10, '"prefix is not in IPv6 Global Unicast space - REJECTING ", net') }}
+ {% else %}
  if !(net ~ [2000::/3+]) then
  {{ reject(client, 10, '"prefix is not in IPv6 Global Unicast space - REJECTING ", net') }}
+ {% endif %}
  {% endif %}
 
  # Prefix: global blacklist
@@ -325,15 +368,18 @@ filter receive_from_{{ client.id }} {
  {% endif %}
 
  # Prefix: length
- {% if client.ip|ipaddr_ver == 4 %}
- {% set min_pref_len = client.cfg.filtering.ipv4_pref_len.min %}
- {% set max_pref_len = client.cfg.filtering.ipv4_pref_len.max %}
+ {% if "2.0.0"|target_version_ge and client.cfg.rfc8950 and client.ip|ipaddr_ver == 6 %}
+ {% set afis = [4, 6] %}
  {% else %}
- {% set min_pref_len = client.cfg.filtering.ipv6_pref_len.min %}
- {% set max_pref_len = client.cfg.filtering.ipv6_pref_len.max %}
+ {% set afis = [ client.ip|ipaddr_ver ] %}
  {% endif %}
- if !prefix_len_is_valid({{ min_pref_len }}, {{ max_pref_len }}) then
+ {% for current_afi in afis %}
+ {% set min_pref_len = client.cfg.filtering["ipv" ~ current_afi ~ "_pref_len"].min %}
+ {% set max_pref_len = client.cfg.filtering["ipv" ~ current_afi ~ "_pref_len"].max %}
+ if {%- if "2.0"|target_version_ge %} net.type = NET_IP{{ current_afi }} && {% else %} {% endif -%}
+ !prefix_len_is_valid({{ min_pref_len }}, {{ max_pref_len }}) then
  {{ reject(client, 13, '"prefix len [", net.len, "] not in ' ~ min_pref_len ~ '-' ~ max_pref_len ~ ' - REJECTING ", net') }}
+ {% endfor %}
 
  {% if cfg.graceful_shutdown.enabled %}
  {% if client.cfg.graceful_shutdown.enabled %}
@@ -457,24 +503,33 @@ protocol bgp {{ client.id }} {
  interpret communities off;
  {% endif %}
 
+ {% if "2.0.0"|target_version_ge and client.cfg.rfc8950 and client.ip|ipaddr_ver == 6 %}
+ {% set afis = [4, 6] %}
+ {% else %}
+ {% set afis = [ client.ip|ipaddr_ver ] %}
+ {% endif %}
+ {% for current_afi in afis %}
  {% if "2.0.0"|target_version_ge %}
  # ---------------------------------------
- ipv{{ client.ip|ipaddr_ver }} {
- table master{{ client.ip|ipaddr_ver }};
+ ipv{{ current_afi }} {
+ table master{{ current_afi }};
  {% endif %}
 
  {% if client.cfg.add_path %}
  add paths tx;
  {% endif %}
 
+ {% if client.cfg.rfc8950 and client.ip|ipaddr_ver == 6 and current_afi == 4 %}
+ extended next hop on;
+ {% endif %}
  {% if cfg.path_hiding %}
  secondary;
  {% endif %}
 
  {% if client.cfg.filtering.max_prefix.action %}
- {% if client.ip|ipaddr_ver == 4 and client.cfg.filtering.max_prefix.limit_ipv4 %}
+ {% if current_afi == 4 and client.cfg.filtering.max_prefix.limit_ipv4 %}
  {% set max_pref_limit = client.cfg.filtering.max_prefix.limit_ipv4 %}
- {% elif client.ip|ipaddr_ver == 6 and client.cfg.filtering.max_prefix.limit_ipv6 %}
+ {% elif current_afi == 6 and client.cfg.filtering.max_prefix.limit_ipv6 %}
  {% set max_pref_limit = client.cfg.filtering.max_prefix.limit_ipv6 %}
  {% else %}
  {% set max_pref_limit = 0 %}
@@ -498,11 +553,12 @@ protocol bgp {{ client.id }} {
  export filter announce_to_{{ client.id }};
 
  {%- if "2.0.0"|target_version_ge %}
- {{- write_custom_config_lines(client, "ipv" ~ client.ip|ipaddr_ver, "channel")|indent(" ") }}
+ {{- write_custom_config_lines(client, "ipv" ~ current_afi, "channel")|indent(" ") }}
  {{- write_custom_config_lines(client, "any", "channel")|indent(" ") }}
  # ---------------------------------------
  };
  {% endif %}
+ {% endfor %}
 
  {{- write_custom_config_lines(client, "ipv" ~ client.ip, "protocol")|indent(" ") }}
  {{- write_custom_config_lines(client, "any", "protocol")|indent(" ") }}

diff --git a/arouteserver/templates/fingerprints.yml b/arouteserver/templates/fingerprints.yml
@@ -1,5 +1,5 @@
 bird:
- clients.j2: 87e945e73ea2fee187092b66aa3a7ef266ae655e2863d919e9c34f7d73f419418948caa217a73bc7f0c7a2b1a39313dbb8c3d2551e4b393983066def64eb00bd
+ clients.j2: 2b59e328f8f183a9d47af70d7a48b6ed573779696e23e1fa48049b0503d4d53daa5b29bd9e5047083d9d1f0f365f5d25ef1a6c14a43d7bb92452dd121368580a
  common.j2: 1888f590f24415b2df86b3f86f4a36ca8c348ae6e5ddfac664e1663928fd5093863b605d5165b4075da38df5bb041f1cbeebee9991efc1be02eb4a696d95e420
  header.j2: 25f219ef4d0a4ee64c18b338bc557c246c4759b438f31865a7483ebef8a9a3795e09c85ba301da24d7036b474f7936f7a9ed758f93d66bca36e0624c23729170
  irrdb.j2: 4ff9a0dba41a02737c17a2497613f2dcc179a80b79714f18d61162e9503907cfd53765ab426036119e8bcb716d9d24a5380d724235373ae4ab7340d6c6eb074a