add any things

2025-04-25 12:39:32 +08:00
commit c454b5f16e
18 changed files with 698 additions and 0 deletions
--- a/bird/function/begon.conf
+++ b/bird/function/begon.conf
@@ -0,0 +1,66 @@
+# 网络长度判断
+function net_len_too_long(){
+    case net.type {
+        NET_IP4: return net.len > 24; 
+        NET_IP6: return net.len > 48;
+        else: print "net_len_too_long: unexpected net.type ", net.type, " ", net; return false;
+    }
+}
+
+# Bogon
+define BOGON_ASNS = [
+    0,                      # RFC 7607
+    23456,                  # RFC 4893 AS_TRANS
+    64496..64511,           # RFC 5398 and documentation/example ASNs
+    64512..65534,           # RFC 6996 Private ASNs
+    65535,                  # RFC 7300 Last 16 bit ASN
+    65536..65551,           # RFC 5398 and documentation/example ASNs
+    65552..131071,          # RFC IANA reserved ASNs
+    4200000000..4294967294, # RFC 6996 Private ASNs
+    4294967295              # RFC 7300 Last 32 bit ASN
+];
+define BOGON_PREFIXES_V4 = [
+    0.0.0.0/8+,             # RFC 1122 'this' network
+    10.0.0.0/8+,            # RFC 1918 private space
+    100.64.0.0/10+,         # RFC 6598 Carrier grade nat space
+    127.0.0.0/8+,           # RFC 1122 localhost
+    169.254.0.0/16+,        # RFC 3927 link local
+    172.16.0.0/12+,         # RFC 1918 private space 
+    192.0.2.0/24+,          # RFC 5737 TEST-NET-1
+    192.88.99.0/24+,        # RFC 7526 deprecated 6to4 relay anycast. If you wish to allow this, change `24+` to `24{25,32}`(no more specific)
+    192.168.0.0/16+,        # RFC 1918 private space
+    198.18.0.0/15+,         # RFC 2544 benchmarking
+    198.51.100.0/24+,       # RFC 5737 TEST-NET-2
+    203.0.113.0/24+,        # RFC 5737 TEST-NET-3
+    224.0.0.0/4+,           # multicast
+    240.0.0.0/4+            # reserved
+];
+define BOGON_PREFIXES_V6 = [
+    ::/8+,                  # RFC 4291 IPv4-compatible, loopback, et al
+    0064:ff9b::/96+,        # RFC 6052 IPv4/IPv6 Translation
+    0064:ff9b:1::/48+,      # RFC 8215 Local-Use IPv4/IPv6 Translation
+    0100::/64+,             # RFC 6666 Discard-Only
+    2001::/32{33,128},      # RFC 4380 Teredo, no more specific
+    2001:2::/48+,           # RFC 5180 BMWG
+    2001:10::/28+,          # RFC 4843 ORCHID
+    2001:db8::/32+,         # RFC 3849 documentation
+    2002::/16+,             # RFC 7526 deprecated 6to4 relay anycast. If you wish to allow this, change `16+` to `16{17,128}`(no more specific)
+    3ffe::/16+, 5f00::/8+,  # RFC 3701 old 6bone
+    fc00::/7+,              # RFC 4193 unique local unicast
+    fe80::/10+,             # RFC 4291 link local unicast
+    fec0::/10+,             # RFC 3879 old site local unicast
+    ff00::/8+               # RFC 4291 multicast
+];
+
+function is_bogon_prefix() {
+    case net.type {
+        NET_IP4: return net ~ BOGON_PREFIXES_V4;
+        NET_IP6: return net ~ BOGON_PREFIXES_V6;
+        else: print "is_bogon_prefix: unexpected net.type ", net.type, " ", net; return false;
+    }
+}
+
+function is_bogon_asn() {
+    if bgp_path ~ BOGON_ASNS then return true;
+    return false;
+}
--- a/bird/function/network.conf
+++ b/bird/function/network.conf
@@ -0,0 +1,48 @@
+function dn42_is_valid_network() {
+  return net ~ [
+    172.20.0.0/14+,
+    10.100.0.0/14+,
+    172.31.0.0/16+,
+    10.127.0.0/16+
+  ];
+}
+
+function dn42_is_valid_network_v6() {
+  return net ~ [
+    fd00::/8{32,64}
+  ];
+}
+
+function unet_is_valid_network_v4_unet() {
+  return net ~ [
+    10.50.0.0/16+,
+    10.21.0.0/16+,
+    10.188.0.0/16+
+  ];
+}
+
+function unet_is_valid_network_v4_anynet() {
+  return net ~ [
+    172.20.21.0/26+,
+    44.32.191.0/24+
+  ];
+}
+
+function unet_is_voalid_net_v4(){
+  if !unet_is_valid_network_v4_anynet() && !unet_is_valid_network_v4_unet() then return false;
+  return true;
+}
+
+
+function unet_is_voalid_net_v6_anynet(){
+  return net ~ [
+    2406:840:e600::/44{44,56},
+    2a14:7580:9600::/40{45,56},
+    fde8:936e:ee29::/48{48,56}
+  ];
+}
+
+function unet_is_voalid_net_v6(){
+  if !unet_is_voalid_net_v6_anynet() then return false;
+  return true;
+}
--- a/bird/function/tables.conf
+++ b/bird/function/tables.conf
@@ -0,0 +1,83 @@
+ipv4 table inet4;
+ipv6 table inet6;
+ipv4 table unet4;
+ipv6 table unet6;
+ipv4 table dn42v4;
+ipv6 table dn42v6;
+ipv4 table ospf4;
+ipv6 table ospf6;
+
+protocol pipe inet6_sync {
+  table inet6;
+  peer table master6;
+  import none;
+  export filter {
+    if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+
+protocol pipe inet4_sync {
+  table inet4;
+  peer table master4;
+  import none;
+  export filter {
+    if bgp_large_community ~ [(LOCAL_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+
+protocol pipe dn42v4_sync {
+  table dn42v4;
+  peer table master4;
+  import none;
+  export filter {
+    if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+
+protocol pipe dn42v6_sync {
+  table dn42v6;
+  peer table master6;
+  import none;
+  export filter {
+    if bgp_large_community ~ [(DN42_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+
+protocol pipe unet4_sync {
+  table unet4;
+  peer table master4;
+  export filter {
+    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+protocol pipe unet6_sync {
+  table unet6;
+  peer table master6;
+  export filter {
+    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+
+protocol pipe pipe_ospf4_sync {
+  table ospf4;
+  peer table master4;
+  export filter {
+    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
+    accept;
+    };
+}
+
+protocol pipe ospf6_sync {
+  table ospf6;
+  peer table master6;
+  export filter {
+    if bgp_large_community ~ [(UNET_ASN, 3,*)] then reject;
+    accept;
+    };
+}