brnet/bird_config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

更新倒表方式

Browse Source
This commit is contained in:
gaoyuheng
2026-05-05 15:48:43 +08:00
parent 171c595483
commit 08fdf2fa04
7 changed files with 134 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
bird/bird.conf
View File

@@ -7,15 +7,39 @@ protocol device {
scan time 10; scan time 10;
}; };
protocol kernel { protocol kernel kernel_main4 {
scan time 20; scan time 20;
ipv4 { ipv4 {
import none; import none;
export filter { export filter {
if unet_is_valid_network_v4() then { if bgp_large_community ~ [(UNET_ASN, 10,4)] then accept;
krt_prefsrc = UNET_V4_kernel; reject;
accept; };
} };
};
protocol kernel kernel_t102v4 {
scan time 20;
kernel table 102;
ipv4 {
table t102v4;
import none;
export filter {
if bgp_large_community ~ [(UNET_ASN, 10,10204)] then accept;
reject;
};
};
};
protocol kernel kernel_t102v6 {
scan time 20;
kernel table 102;
ipv6 {
table t102v6;
import none;
export filter {
if bgp_large_community ~ [(UNET_ASN, 10,10206)] then accept;
reject; reject;
}; };
}; };

2
bird/function/tables.conf
View File

@@ -1,3 +1,5 @@
ipv4 table t102v4;
ipv6 table t102v6;
ipv4 table inet4; ipv4 table inet4;
ipv6 table inet6; ipv6 table inet6;
ipv4 table dn42v4; ipv4 table dn42v4;

56
bird/net/dn42.conf
View File

@@ -1,33 +1,29 @@
protocol kernel kernel_dn42v4_105 { protocol pipe dn42v4_sync {
scan time 20; table dn42v4;
kernel table 105; peer table t102v4;
ipv4 { export filter {
table dn42v4; if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
import none; if !is_dn42_prefix() then reject;
export filter { bgp_community.empty;
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; bgp_large_community.empty;
if is_dn42_prefix() then { bgp_large_community.add((UNET_ASN,10,10204));
krt_prefsrc = DN42_V4_kernel; krt_prefsrc = DN42_V4_kernel;
accept; accept;
}
reject;
};
}; };
}; import none;
}
protocol kernel kernel_dn42v6_105 { protocol pipe dn42v6_sync {
scan time 20; table dn42v6;
kernel table 105; peer table t102v6;
ipv6 { export filter {
table dn42v6; if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
import none; if !is_dn42_prefix() then reject;
export filter { bgp_community.empty;
if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject; bgp_large_community.empty;
if is_dn42_prefix() then { bgp_large_community.add((UNET_ASN,10,10206));
krt_prefsrc = DN42_V6_kernel; krt_prefsrc = DN42_V6_kernel;
accept; accept;
}
reject;
};
}; };
}; import none;
}

57
bird/net/inet.conf
View File

@@ -1,34 +1,29 @@
protocol kernel kernel_inet4_102 { protocol pipe inet4_sync {
scan time 20; table inet4;
kernel table 102; peer table t102v4;
ipv4 { export filter {
table inet4; if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
import none; if is_bogon_prefix() then reject;
export filter { bgp_community.empty;
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; bgp_large_community.empty;
if !is_bogon_prefix() then { bgp_large_community.add((UNET_ASN,10,10204));
krt_prefsrc = LOCAL_V4_kernel; krt_prefsrc = LOCAL_V4_kernel;
accept; accept;
}
reject;
};
}; };
}; import none;
}
protocol pipe inet6_sync {
protocol kernel kernel_inet6_102 { table inet6;
scan time 20; peer table t102v6;
kernel table 102; export filter {
ipv6 { if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
table inet6; if is_bogon_prefix() then reject;
import none; bgp_community.empty;
export filter { bgp_large_community.empty;
if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject; bgp_large_community.add((UNET_ASN,10,10206));
if !is_bogon_prefix() then { krt_prefsrc = LOCAL_V6_kernel;
krt_prefsrc = LOCAL_V6_kernel; accept;
accept;
}
reject;
};
}; };
}; import none;
}

46
bird/net/unet.conf
View File

@@ -1,10 +1,15 @@
# 公网处理 => inet4/6 # 公网处理 => inet4/6
protocol pipe unet4_inet4_sync { protocol pipe unet4_inet4_sync {
table unet4; table unet4;
peer table inet4; peer table t102v4;
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if is_bogon_prefix() then reject; if is_bogon_prefix() then reject;
bgp_path.empty;
bgp_community.empty;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,10,10204));
krt_prefsrc = LOCAL_V4_kernel;
accept; accept;
}; };
import none; import none;
@@ -12,10 +17,15 @@ protocol pipe unet4_inet4_sync {
protocol pipe unet6_inet6_sync { protocol pipe unet6_inet6_sync {
table unet6; table unet6;
peer table inet6; peer table t102v6;
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if is_bogon_prefix() then reject; if is_bogon_prefix() then reject;
bgp_path.empty;
bgp_community.empty;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,10,10206));
krt_prefsrc = LOCAL_V6_kernel;
accept; accept;
}; };
import none; import none;
@@ -25,10 +35,15 @@ protocol pipe unet6_inet6_sync {
# DN42处理 => dn42v4/6 # DN42处理 => dn42v4/6
protocol pipe unet4_dn42v4_sync { protocol pipe unet4_dn42v4_sync {
table unet4; table unet4;
peer table dn42v4; peer table t102v4;
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !is_dn42_prefix() then reject; if !is_dn42_prefix() then reject;
bgp_path.empty;
bgp_community.empty;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,10,10204));
krt_prefsrc = DN42_V4_kernel;
accept; accept;
}; };
import none; import none;
@@ -36,10 +51,15 @@ protocol pipe unet4_dn42v4_sync {
protocol pipe unet6_dn42v6_sync { protocol pipe unet6_dn42v6_sync {
table unet6; table unet6;
peer table dn42v6; peer table t102v6;
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !is_dn42_prefix() then reject; if !is_dn42_prefix() then reject;
bgp_path.empty;
bgp_community.empty;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,10,10206));
krt_prefsrc = DN42_V6_kernel;
accept; accept;
}; };
import none; import none;
@@ -53,6 +73,24 @@ protocol pipe unet4_sync {
export filter { export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject; if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
if !unet_is_valid_network_v4() then reject; if !unet_is_valid_network_v4() then reject;
bgp_community.empty;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,10,4));
krt_prefsrc = UNET_V4_kernel;
accept;
};
import none;
}
protocol pipe unet4_syncto_inet4 {
table unet4;
peer table t102v4;
export filter {
if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
bgp_community.empty;
bgp_large_community.empty;
bgp_large_community.add((UNET_ASN,10,10204));
krt_prefsrc = UNET_V4_kernel;
accept; accept;
}; };
import none; import none;

8
ip-policy-rules
View File

@@ -36,11 +36,11 @@ add_rules() {
current_prio=$((current_prio + 2)) current_prio=$((current_prio + 2))
done done
ip rule add from ${LAN_SUBNET_V4} to ${LAN_SUBNET_V4} lookup 105 priority ${current_prio} 2>/dev/null ip rule add from ${LAN_SUBNET_V4} to ${LAN_SUBNET_V4} lookup 102 priority ${current_prio} 2>/dev/null
current_prio=$((current_prio + 10)) current_prio=$((current_prio + 10))
ip -6 rule add from ${TUNNEL_SUBNET_V6} to ${TUNNEL_SUBNET_V6} lookup 102 priority ${BASE_PRIORITY} 2>/dev/null ip -6 rule add from ${TUNNEL_SUBNET_V6} to ${TUNNEL_SUBNET_V6} lookup 102 priority ${BASE_PRIORITY} 2>/dev/null
ip -6 rule add from ${LAN_SUBNET_V6_FD} to ${LAN_SUBNET_V6_FD} lookup 105 priority $((BASE_PRIORITY + 10)) 2>/dev/null ip -6 rule add from ${LAN_SUBNET_V6_FD} to ${LAN_SUBNET_V6_FD} lookup 102 priority $((BASE_PRIORITY + 10)) 2>/dev/null
} }
del_rules() { del_rules() {
@@ -51,11 +51,11 @@ del_rules() {
current_prio=$((current_prio + 2)) current_prio=$((current_prio + 2))
done done
ip rule del from ${LAN_SUBNET_V4} to ${LAN_SUBNET_V4} lookup 105 priority ${current_prio} 2>/dev/null ip rule del from ${LAN_SUBNET_V4} to ${LAN_SUBNET_V4} lookup 102 priority ${current_prio} 2>/dev/null
current_prio=$((current_prio + 10)) current_prio=$((current_prio + 10))
ip -6 rule del from ${TUNNEL_SUBNET_V6} to ${TUNNEL_SUBNET_V6} lookup 102 priority ${BASE_PRIORITY} 2>/dev/null ip -6 rule del from ${TUNNEL_SUBNET_V6} to ${TUNNEL_SUBNET_V6} lookup 102 priority ${BASE_PRIORITY} 2>/dev/null
ip -6 rule del from ${LAN_SUBNET_V6_FD} to ${LAN_SUBNET_V6_FD} lookup 105 priority $((BASE_PRIORITY + 10)) 2>/dev/null ip -6 rule del from ${LAN_SUBNET_V6_FD} to ${LAN_SUBNET_V6_FD} lookup 102 priority $((BASE_PRIORITY + 10)) 2>/dev/null
} }
start() { start() {

6
update.sh
View File

@@ -12,7 +12,11 @@ mv ./bird_config/bird/net/dn42.conf /etc/bird/net/dn42.conf
rm /etc/bird/net/inet.conf rm /etc/bird/net/inet.conf
mv ./bird_config/bird/net/inet.conf /etc/bird/net/inet.conf mv ./bird_config/bird/net/inet.conf /etc/bird/net/inet.conf
mv ./bird_config/bird/conf/static.conf /etc/bird/conf/static.conf.disable rm /etc/bird/net/unet.conf
mv ./bird_config/bird/net/unet.conf /etc/bird/net/unet.conf
rm /etc/bird/function/tables.conf
mv ./bird_config/bird/function/tables.conf /etc/bird/function/tables.conf
birdc c birdc c
cd cd