From 42fd9fcae4619858944c036e6866a218e6289e93 Mon Sep 17 00:00:00 2001 From: daxi20 Date: Mon, 8 Jun 2026 17:28:53 +0800 Subject: [PATCH] update --- bird/filter/unet_filter.conf | 42 ++++++++++++++++++++++ bird/function/unet.conf | 8 +++++ bird/template/unet.conf | 70 ++++++------------------------------ update.sh | 6 ++++ 4 files changed, 66 insertions(+), 60 deletions(-) create mode 100644 bird/filter/unet_filter.conf diff --git a/bird/filter/unet_filter.conf b/bird/filter/unet_filter.conf new file mode 100644 index 0000000..589731b --- /dev/null +++ b/bird/filter/unet_filter.conf @@ -0,0 +1,42 @@ +function function_unet_import() { + if !unet_is_valid_network() then return false; + if is_unet_self_net() then return false; + bgp_large_community.add((UNET_ASN,200,0)); + return true; +} + +function function_unet_export() { + if !unet_is_valid_network() then reject; + if source !~ [RTS_STATIC, RTS_BGP] then reject; + if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; + accept; +} + +function function_unet_only_import() { + if !unet_is_valid_network_v4() then return false; + if is_unet_self_net() then return false; + bgp_large_community.add((UNET_ASN,200,0)); + return true; +} + +function function_unet_only_export() { + if !unet_is_valid_network_v4() then return false; + if source !~ [RTS_STATIC, RTS_BGP] then return false; + if bgp_large_community !~ [(UNET_ASN, 200,0)] then return false; + return true; +} + + +function function_unet_ibgp_import() { + if bgp_large_community ~ [(UNET_ASN, 1,*)] then return false; + if !unet_is_valid_network() then return false; + if is_unet_self_net() then return false; + return true; +} + +function function_unet_ibgp_export() { + if bgp_large_community ~ [(UNET_ASN, 1,*)] then return false; + if !unet_is_valid_network() then return false; + if is_unet_self_net() then return false; + return true; +} diff --git a/bird/function/unet.conf b/bird/function/unet.conf index d07d4fd..0687427 100644 --- a/bird/function/unet.conf +++ b/bird/function/unet.conf @@ -23,3 +23,11 @@ function is_unet_self_net() { else: print "is_unet_prefix: unexpected net.type ", net.type, " ", net; return false; } } + + +function unet_is_valid_network() { + case net.type { + NET_IP4: return unet_is_valid_network_v4_allnet(); + NET_IP6: return unet_is_voalid_net_v6(); + } +} \ No newline at end of file diff --git a/bird/template/unet.conf b/bird/template/unet.conf index 6459a8c..5a4f483 100644 --- a/bird/template/unet.conf +++ b/bird/template/unet.conf @@ -3,34 +3,14 @@ template bgp unet_bgp_up0 { local as UNET_ASN; ipv4 { table unet4; - import filter { - if !unet_is_valid_network_v4_allnet() then reject; - if is_unet_self_net() then reject; - bgp_large_community.add((UNET_ASN,200,0)); - accept; - }; - export filter { - if !unet_is_valid_network_v4_allnet() then reject; - if source !~ [RTS_STATIC, RTS_BGP] then reject; - if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; - accept; - }; + import filter {if !function_unet_import() then reject; accept; }; + export filter {if !function_unet_export() then reject; accept; }; import limit 9000 action block; }; ipv6 { table unet6; - import filter { - if !unet_is_voalid_net_v6() then reject; - if is_unet_self_net() then reject; - bgp_large_community.add((UNET_ASN,200,0)); - accept; - }; - export filter { - if !unet_is_voalid_net_v6() then reject; - if source !~ [RTS_STATIC, RTS_BGP] then reject; - if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; - accept; - }; + import filter {if !function_unet_import() then reject; accept; }; + export filter {if !function_unet_export() then reject; accept; }; import limit 9000 action block; }; } @@ -40,18 +20,8 @@ template bgp unet_bgp_up1 { local as UNET_ASN; ipv4 { table unet4; - import filter { - if !unet_is_valid_network_v4() then reject; - if is_unet_self_net() then reject; - bgp_large_community.add((UNET_ASN,200,0)); - accept; - }; - export filter { - if !unet_is_valid_network_v4() then reject; - if source !~ [RTS_STATIC, RTS_BGP] then reject; - if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject; - accept; - }; + import filter {if !function_unet_only_import() then reject; accept; }; + export filter {if !function_unet_only_export() then reject; accept; }; import limit 9000 action block; }; } @@ -65,34 +35,14 @@ template bgp unet_ibgp { table unet4; next hop self; gateway direct; - import filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_valid_network_v4_allnet() then reject; - if is_unet_self_net() then reject; - accept; - }; - export filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_valid_network_v4_allnet() then reject; - if is_unet_self_net() then reject; - accept; - }; + import filter {if !function_unet_ibgp_import() then reject; accept; }; + export filter {if !function_unet_ibgp_export() then reject; accept; }; }; ipv6 { table unet6; next hop self; gateway direct; - import filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_voalid_net_v6() then reject; - if is_unet_self_net() then reject; - accept; - }; - export filter { - if bgp_large_community ~ [(UNET_ASN, 1,*)] then reject; - if !unet_is_voalid_net_v6() then reject; - if is_unet_self_net() then reject; - accept; - }; + import filter {if !function_unet_ibgp_import() then reject; accept; }; + export filter {if !function_unet_ibgp_export() then reject; accept; }; }; } \ No newline at end of file diff --git a/update.sh b/update.sh index f6b53e6..30c5adc 100644 --- a/update.sh +++ b/update.sh @@ -6,6 +6,12 @@ git clone https://git.nia.ink/brnet/bird_config.git rm /etc/bird/filter/*.conf mv ./bird_config/bird/filter/*.conf /etc/bird/filter/ +rm /etc/bird/function/*.conf +mv ./bird_config/bird/function/*.conf /etc/bird/function/ + +rm /etc/bird/template/*.conf +mv ./bird_config/bird/template/*.conf /etc/bird/template/ + birdc c cd