diff --git a/bird/filter/unet_filter.conf b/bird/filter/unet_filter.conf new file mode 100644 index 0000000..589731b --- /dev/null +++ b/bird/filter/unet_filter.conf @@ -0,0 +1,42 @@ +function function_unet_import() { + if !unet_is_valid_network() then return false; + if is_unet_self_net() then return false; + bgp_large_community.add((UNET_ASN,200,0)); + return true; +} + +function function_unet_export() { + if !unet_is_valid_network() then reject; + if source !~ [RTS_STATIC, RTS_BGP] then reject; + if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; + accept; +} + +function function_unet_only_import() { + if !unet_is_valid_network_v4() then return false; + if is_unet_self_net() then return false; + bgp_large_community.add((UNET_ASN,200,0)); + return true; +} + +function function_unet_only_export() { + if !unet_is_valid_network_v4() then return false; + if source !~ [RTS_STATIC, RTS_BGP] then return false; + if bgp_large_community !~ [(UNET_ASN, 200,0)] then return false; + return true; +} + + +function function_unet_ibgp_import() { + if bgp_large_community ~ [(UNET_ASN, 1,*)] then return false; + if !unet_is_valid_network() then return false; + if is_unet_self_net() then return false; + return true; +} + +function function_unet_ibgp_export() { + if bgp_large_community ~ [(UNET_ASN, 1,*)] then return false; + if !unet_is_valid_network() then return false; + if is_unet_self_net() then return false; + return true; +} diff --git a/bird/function/unet.conf b/bird/function/unet.conf index d07d4fd..0687427 100644 --- a/bird/function/unet.conf +++ b/bird/function/unet.conf @@ -23,3 +23,11 @@ function is_unet_self_net() { else: print "is_unet_prefix: unexpected net.type ", net.type, " ", net; return false; } } + + +function unet_is_valid_network() { + case net.type { + NET_IP4: return unet_is_valid_network_v4_allnet(); + NET_IP6: return unet_is_voalid_net_v6(); + } +} \ No newline at end of file diff --git a/bird/template/unet.conf b/bird/template/unet.conf index 6459a8c..5a4f483 100644 --- a/bird/template/unet.conf +++ b/bird/template/unet.conf @@ -3,34 +3,14 @@ template bgp unet_bgp_up0 { local as UNET_ASN; ipv4 { table unet4; - import filter { - if !unet_is_valid_network_v4_allnet() then reject; - if is_unet_self_net() then reject; - bgp_large_community.add((UNET_ASN,200,0)); - accept; - }; - export filter { - if !unet_is_valid_network_v4_allnet() then reject; - if source !~ [RTS_STATIC, RTS_BGP] then reject; - if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; - accept; - }; + import filter {if !function_unet_import() then reject; accept; }; + export filter {if !function_unet_export() then reject; accept; }; import limit 9000 action block; }; ipv6 { table unet6; - import filter { - if !unet_is_voalid_net_v6() then reject; - if is_unet_self_net() then reject; - bgp_large_community.add((UNET_ASN,200,0)); - accept; - }; - export filter { - if !unet_is_voalid_net_v6() then reject; - if source !~ [RTS_STATIC, RTS_BGP] then reject; - if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; - accept; - }; + import filter {if !function_unet_import() then reject; accept; }; + export filter {if !function_unet_export() then reject; accept; }; import limit 9000 action block; }; } @@ -40,18 +20,8 @@ template bgp unet_bgp_up1 { local as UNET_ASN; ipv4 { table unet4; - import filter { - if !unet_is_valid_network_v4() then reject; - if is_unet_self_net() then reject; - bgp_large_community.add((UNET_ASN,200,0)); - accept; - }; - export filter { - if !unet_is_valid_network_v4() then reject; - if source !~ [RTS_STATIC, RTS_BGP] then reject; - if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; - accept; - }; + import filter {if !function_unet_only_import() then reject; accept; }; + export filter {if !function_unet_only_export() then reject; accept; }; import limit 9000 action block; }; } @@ -65,34 +35,14 @@ template bgp unet_ibgp { table unet4; next hop self; gateway direct; - import filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_valid_network_v4_allnet() then reject; - if is_unet_self_net() then reject; - accept; - }; - export filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_valid_network_v4_allnet() then reject; - if is_unet_self_net() then reject; - accept; - }; + import filter {if !function_unet_ibgp_import() then reject; accept; }; + export filter {if !function_unet_ibgp_export() then reject; accept; }; }; ipv6 { table unet6; next hop self; gateway direct; - import filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_voalid_net_v6() then reject; - if is_unet_self_net() then reject; - accept; - }; - export filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_voalid_net_v6() then reject; - if is_unet_self_net() then reject; - accept; - }; + import filter {if !function_unet_ibgp_import() then reject; accept; }; + export filter {if !function_unet_ibgp_export() then reject; accept; }; }; } \ No newline at end of file diff --git a/update.sh b/update.sh index f6b53e6..30c5adc 100644 --- a/update.sh +++ b/update.sh @@ -6,6 +6,12 @@ git clone https://git.nia.ink/brnet/bird_config.git rm /etc/bird/filter/*.conf mv ./bird_config/bird/filter/*.conf /etc/bird/filter/ +rm /etc/bird/function/*.conf +mv ./bird_config/bird/function/*.conf /etc/bird/function/ + +rm /etc/bird/template/*.conf +mv ./bird_config/bird/template/*.conf /etc/bird/template/ + birdc c cd