From 022ef0ae8a5df9f48b6c97168f0244f547949b37 Mon Sep 17 00:00:00 2001
From: gaoyuheng <gaoyuheng@yuheng.hl.cn>
Date: Wed, 28 Jan 2026 12:37:15 +0800
Subject: [PATCH] q

---
 bird/filter/inet_downstream.conf | 15 +++++++++++++
 bird/filter/inet_filter.conf     | 36 ++++----------------------------
 bird/filter/inet_ibgp.conf       | 27 ++++++++++++++++++++++++
 bird/function/dn42.conf          |  8 +++++++
 bird/function/inet.conf          |  7 +++++++
 bird/function/unet.conf          |  8 +++----
 bird/template/dn42.conf          | 12 +++++------
 update.sh                        | 11 ++++++++--
 8 files changed, 80 insertions(+), 44 deletions(-)
 create mode 100644 bird/filter/inet_downstream.conf
 create mode 100644 bird/filter/inet_ibgp.conf
 create mode 100644 bird/function/inet.conf

diff --git a/bird/filter/inet_downstream.conf b/bird/filter/inet_downstream.conf
new file mode 100644
index 0000000..d6f516f
--- /dev/null
+++ b/bird/filter/inet_downstream.conf
@@ -0,0 +1,15 @@
+# 下游-收表控制器
+function function_inet6_downstream_import() {
+    if is_bogon_prefix() || (bgp_path.len > 100) then return false;
+    bgp_large_community.add((LOCAL_ASN,200,0));
+    return true;
+}
+
+# 下游-发表控制器
+function function_inet6_downstream_export() {
+    # 过滤掉begon和过长的段子（太长了下游受不了）
+    if is_bogon_prefix() || (bgp_path.len > 100) then reject;
+    # BGP发出底线防控
+    if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then return false;     
+    return true;
+}
\ No newline at end of file
diff --git a/bird/filter/inet_filter.conf b/bird/filter/inet_filter.conf
index cf652f5..a8030d8 100644
--- a/bird/filter/inet_filter.conf
+++ b/bird/filter/inet_filter.conf
@@ -1,12 +1,12 @@
 function function_inet4_bgp_import() {
-    if is_self_net_inet4() then return false;
+    if is_self_net() then return false;
     if is_bogon_prefix() || (bgp_path.len > 100) then return false;
     bgp_large_community.add((LOCAL_ASN,200,0));
     return true;
 }
 
 function function_inet4_bgp_export() {
-    if !is_self_net_inet4() then return false;
+    if !is_self_net() then return false;
     if is_bogon_prefix() || (bgp_path.len > 100) then reject;
     if source != RTS_STATIC then reject;
     if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then return false;     
@@ -14,44 +14,16 @@ function function_inet4_bgp_export() {
 }
 
 function function_inet6_bgp_import() {
-    if is_self_net_inet6() then return false;
+    if is_self_net() then return false;
     if is_bogon_prefix() || (bgp_path.len > 100) then return false;
     bgp_large_community.add((LOCAL_ASN,200,0));
     return true;
 }
 
 function function_inet6_bgp_export() {
-    if !is_self_net_inet6() then return false;
+    if !is_self_net() then return false;
     if is_bogon_prefix() || (bgp_path.len > 100) then reject;
     if source != RTS_STATIC then reject;
     if bgp_large_community !~ [(LOCAL_ASN, 200,0)] then return false;     
     return true;
-}
-
-function function_inet4_ibgp_import() {
-    if is_self_net_inet4() then return false;
-    if is_bogon_prefix() then return false;
-    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
-    return true;
-}
-
-function function_inet4_ibgp_export() {
-    if is_self_net_inet4() then return false;
-    if is_bogon_prefix() then return false;
-    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
-    return true;
-}
-
-function function_inet6_ibgp_import() {
-    if is_self_net_inet6() then reject;
-    if is_bogon_prefix() then reject;
-    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
-    return true;
-}
-
-function function_inet6_ibgp_export() {
-    if is_self_net_inet6() then reject;
-    if is_bogon_prefix() then reject;
-    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
-    return true;
 }
\ No newline at end of file
diff --git a/bird/filter/inet_ibgp.conf b/bird/filter/inet_ibgp.conf
new file mode 100644
index 0000000..e700b24
--- /dev/null
+++ b/bird/filter/inet_ibgp.conf
@@ -0,0 +1,27 @@
+function function_inet4_ibgp_import() {
+    if is_self_net() then return false;
+    if is_bogon_prefix() then return false;
+    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
+    return true;
+}
+
+function function_inet4_ibgp_export() {
+    if is_self_net() then return false;
+    if is_bogon_prefix() then return false;
+    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
+    return true;
+}
+
+function function_inet6_ibgp_import() {
+    if is_self_net() then reject;
+    if is_bogon_prefix() then reject;
+    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
+    return true;
+}
+
+function function_inet6_ibgp_export() {
+    if is_self_net() then reject;
+    if is_bogon_prefix() then reject;
+    if bgp_large_community ~ [(LOCAL_ASN, 1,*)] then reject;
+    return true;
+}
\ No newline at end of file
diff --git a/bird/function/dn42.conf b/bird/function/dn42.conf
index 960b18f..e263bb8 100644
--- a/bird/function/dn42.conf
+++ b/bird/function/dn42.conf
@@ -11,4 +11,12 @@ function is_dn42_prefix() {
         NET_IP6: return net ~ DN42_PREFIXES_V6;
         else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
     }
+}
+
+function is_dn42_self_net() {
+    case net.type {
+        NET_IP4: return net ~ IS_SELF_NET_dn42v4;
+        NET_IP6: return net ~ IS_SELF_NET_dn42v6;
+        else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
+    }
 }
\ No newline at end of file
diff --git a/bird/function/inet.conf b/bird/function/inet.conf
new file mode 100644
index 0000000..9e1a485
--- /dev/null
+++ b/bird/function/inet.conf
@@ -0,0 +1,7 @@
+function is_self_net() {
+    case net.type {
+        NET_IP4: return net ~ IS_SELF_NET_inet4;
+        NET_IP6: return net ~ IS_SELF_NET_inet6;
+        else: print "is_dn42_prefix: unexpected net.type ", net.type, " ", net; return false;
+    }
+}
\ No newline at end of file
diff --git a/bird/function/unet.conf b/bird/function/unet.conf
index 403be92..62e984c 100644
--- a/bird/function/unet.conf
+++ b/bird/function/unet.conf
@@ -6,13 +6,13 @@ function unet_is_valid_network_v4() {
 
 function unet_is_valid_network_v4_allnet(){
   if unet_is_valid_network_v4() then return true;
-  if is_self_net_inet4() then return true;
-  if is_self_net_dn42v4() then return true;
+  if is_self_net() then return true;
+  if is_dn42_self_net() then return true;
   return false;
 }
 
 function unet_is_voalid_net_v6(){
-  if is_self_net_inet6() then return true;
-  if is_self_net_dn42v6() then return true;
+  if is_self_net() then return true;
+  if is_dn42_self_net() then return true;
   return false;
 }
\ No newline at end of file
diff --git a/bird/template/dn42.conf b/bird/template/dn42.conf
index 6c03fa8..f9ab282 100644
--- a/bird/template/dn42.conf
+++ b/bird/template/dn42.conf
@@ -5,7 +5,7 @@ template bgp dn42_bgp_up {
         table dn42v4;
         import filter {
           if !is_dn42_prefix() then reject;
-          if is_self_net_dn42v4() then reject;
+          if is_dn42_self_net() then reject;
           bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
           accept;
         };
@@ -22,7 +22,7 @@ template bgp dn42_bgp_up {
         table dn42v6;
         import filter {
           if !is_dn42_prefix() then reject;
-          if is_self_net_dn42v6() then reject;
+          if is_dn42_self_net() then reject;
           bgp_large_community.add((DN42_ASN,200,0));# 传输到Ebgp
           accept;
         };
@@ -48,13 +48,13 @@ template bgp dn42_ibgp {
         import filter { 
             if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
             if !is_dn42_prefix() then reject;
-            if is_self_net_dn42v4() then reject;
+            if is_dn42_self_net() then reject;
             accept; 
         };
         export filter { 
             if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
             if !is_dn42_prefix() then reject;
-            if is_self_net_dn42v4() then reject;
+            if is_dn42_self_net() then reject;
             accept;
             };
     };
@@ -65,13 +65,13 @@ template bgp dn42_ibgp {
         import filter { 
             if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
             if !is_dn42_prefix() then reject;
-            if is_self_net_dn42v6() then reject;
+            if is_dn42_self_net() then reject;
             accept; 
         };
         export filter { 
             if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
             if !is_dn42_prefix() then reject;
-            if is_self_net_dn42v6() then reject;
+            if is_dn42_self_net() then reject;
             accept;
             };
     };
diff --git a/update.sh b/update.sh
index 2feee0f..021164a 100644
--- a/update.sh
+++ b/update.sh
@@ -6,12 +6,19 @@ git clone https://git.nia.ink/brnet/bird_config.git
 rm /etc/bird/filter -rf
 mv ./bird_config/bird/filter /etc/bird/filter
 
+rm /etc/bird/function -rf
+mv ./bird_config/bird/function /etc/bird/function
+
 rm /etc/bird/template -rf
 mv ./bird_config/bird/template /etc/bird/template
 
-rm /etc/bird/bird.conf -rf
-mv ./bird_config/bird/bird.conf /etc/bird/bird.conf
+mv /etc/bird/whitelist/ipconfig.conf /etc/bird/whitelist/ipconfig.conf.bak
+rm /etc/bird/whitelist/*.conf -rf
+mv /etc/bird/whitelist/ipconfig.conf.bak /etc/bird/whitelist/ipconfig.conf
 
+wget https://noc.zhuantou.com.cn/api/network.php?s=inet6-bird-function -O /etc/bird/whitelist/mynet_ipv6.conf
+wget https://noc.zhuantou.com.cn/api/network.php?s=inet4-bird-function -O /etc/bird/whitelist/mynet_ipv4.conf
+wget https://noc.zhuantou.com.cn/api/network.php?s=dn42-bird-function -O /etc/bird/whitelist/mynet_dn42.conf
 
 chmod -R 755 /etc/bird