diff --git a/pierky/arouteserver/builder.py b/pierky/arouteserver/builder.py index 819f58b0..2abe4f4a 100644 --- a/pierky/arouteserver/builder.py +++ b/pierky/arouteserver/builder.py @@ -521,9 +521,13 @@ def enrich_config(self): if irrdb_cfg["peering_db"]: used_enricher_classes += [PeeringDBConfigEnricher_ASSet] - used_enricher_classes += [IRRDBConfigEnricher_ASNs, - IRRDBConfigEnricher_Prefixes, - PeeringDBConfigEnricher_MaxPrefix] + if filtering["irrdb"]["enforce_origin_in_as_set"]: + used_enricher_classes.append(IRRDBConfigEnricher_ASNs) + + if filtering["irrdb"]["enforce_prefix_in_as_set"]: + used_enricher_classes.append(IRRDBConfigEnricher_Prefixes) + + used_enricher_classes.append(PeeringDBConfigEnricher_MaxPrefix) if self.cfg_general.rtt_based_functions_are_used: used_enricher_classes.append(RTTGetterConfigEnricher) diff --git a/templates/bird/clients.j2 b/templates/bird/clients.j2 index c45d8c2d..518217e8 100644 --- a/templates/bird/clients.j2 +++ b/templates/bird/clients.j2 @@ -27,7 +27,7 @@ reject {{ err_msg }}; # AS-SET for {{ client.id }} function origin_as_is_in_{{ client.id }}_as_set() { -{% if client.cfg.filtering.irrdb.as_set_bundle_ids %} +{% if 'as_set_bundle_ids' in client.cfg.filtering.irrdb.keys() and client.cfg.filtering.irrdb.as_set_bundle_ids %} {% for as_set_bundle_id in client.cfg.filtering.irrdb.as_set_bundle_ids|sort %} {% if irrdb_info[as_set_bundle_id].asns %} if bgp_path.last ~ AS_SET_{{ irrdb_info[as_set_bundle_id].name }}_asns then @@ -42,7 +42,7 @@ function origin_as_is_in_{{ client.id }}_as_set() { # R-SET for {{ client.id }} function prefix_is_in_{{ client.id }}_as_set() { -{% if client.cfg.filtering.irrdb.as_set_bundle_ids %} +{% if 'as_set_bundle_ids' in client.cfg.filtering.irrdb.keys() and client.cfg.filtering.irrdb.as_set_bundle_ids %} {% for as_set_bundle_id in client.cfg.filtering.irrdb.as_set_bundle_ids|sort %} {% set this_ip_ver = client.ip|ipaddr_ver %} {% set prefixes = irrdb_info[as_set_bundle_id].prefixes|selectattr("prefix", "is_ipver", this_ip_ver)|list %} diff --git a/templates/bird/irrdb.j2 b/templates/bird/irrdb.j2 index 7797b074..ea8e3115 100644 --- a/templates/bird/irrdb.j2 +++ b/templates/bird/irrdb.j2 @@ -2,36 +2,36 @@ # --------------------------------------------------------- # IRRDB - -{% for as_set_bundle_id in irrdb_info|sort %} -{% set as_set_bundle = irrdb_info[as_set_bundle_id] %} +{% if irrdb_info %} +{% for as_set_bundle_id in irrdb_info|sort %} +{% set as_set_bundle = irrdb_info[as_set_bundle_id] %} # {{ as_set_bundle.descr }}, used_by {{ as_set_bundle.used_by|sort|join(", ") }} -{% if as_set_bundle.asns|length == 0 %} +{% if as_set_bundle.asns|length == 0 %} # no origin ASNs found for {{ as_set_bundle.name }} -{% else %} +{% else %} define AS_SET_{{ as_set_bundle.name }}_asns = [ {{ "\t" -}} -{% for asn in as_set_bundle.asns|sort %} -{{- asn -}} -{% if not loop.last %}, {% endif %} -{% if loop.index % 5 == 0 %}{{ "\n\t" }}{% endif %} -{% endfor %} +{% for asn in as_set_bundle.asns|sort %} +{{- asn -}} +{% if not loop.last %}, {% endif %} +{% if loop.index % 5 == 0 %}{{ "\n\t" }}{% endif %} +{% endfor %} ]; -{% endif %} +{% endif %} -{% for this_ip_ver in list_ip_vers %} -{% set this_ip_ver_prefixes = as_set_bundle.prefixes|selectattr("prefix", "is_ipver", this_ip_ver)|list %} -{% if this_ip_ver_prefixes|length == 0 %} +{% for this_ip_ver in list_ip_vers %} +{% set this_ip_ver_prefixes = as_set_bundle.prefixes|selectattr("prefix", "is_ipver", this_ip_ver)|list %} +{% if this_ip_ver_prefixes|length == 0 %} # no IPv{{ this_ip_ver }} prefixes found for {{ as_set_bundle.name }} -{% else %} +{% else %} define AS_SET_{{ as_set_bundle.name }}_prefixes_{{ this_ip_ver }} = [ {{ write_prefix_list(this_ip_ver_prefixes, True) }} ]; -{% endif %} -{% endfor %} - -{% endfor %} +{% endif %} +{% endfor %} +{% endfor %} +{% endif %} {% if cfg.filtering.irrdb.use_arin_bulk_whois_data.enabled and arin_whois_records %} # ARIN Whois database records diff --git a/templates/fingerprints.yml b/templates/fingerprints.yml index b552197c..8bcc9c17 100644 --- a/templates/fingerprints.yml +++ b/templates/fingerprints.yml @@ -2,7 +2,7 @@ bird: clients.j2: 1c72b2f1ffd9e886de4dc34007dff8dc1a0d91c226bc296db9e61f4200f127e76f4773051415044348ed4d9e7c2101beffe1058d098a820d162e4be0ca687f4d common.j2: 0a40c697607158c08ada0f212855b0254a43a81c5f9d05010e2a07a595dffd4f0e4f303c3522fced81e021d4f72e6f163153901331762e3901b37753482a297d header.j2: 584f9db6b8ee3f7c0be57d11323aac3e6b984cf5c495bbcb3d37b551c3525edc45baf1066d2d10b8af173a2159bc7e699a57f3fe4de4434ce244f12278df34a1 - irrdb.j2: ba14f717104b1ace6b208046d1028e0e9bda456f7bbec31fb57e04d8e75133a3925a49e91b047dc8d73b96cc6a2be8df7fa5134ef42e4937f4f2e8245e712c2f + irrdb.j2: 077b3da5b515ebdb0aa19338548d275ae7d9ab930175b8991176cf06278f993b3b0b4d67fcc1d2576f3c01b3953f8bb040ebc39bd1d9e933a9913e9fd3fd70d7 macros.j2: 0dd53486a495edb4a486f2c82a7482a255748654651c7e06ac29b1c7726ea2ccd7078d831b75e5350400b95c8927779a20f9c9c5b1d52f0f9f725d3e90f5c23a main.j2: ed32987ac71837a00e6065f135198080e493e9a92d41b056c608c9fb6821bd896f492f6b3ed2242c31b3c9ae868e9dd705d681b4e1dbe8aa63a1ec1706972cf0 rpki.j2: 1f4d7c5120e148651e3855ef38737cd8f32951bdc35c4fbbaee5e14e6ab77ab6ddf861b39d5268f52a270b9786268efc45b6f34f3c09e5494b987b2f697b9540 @@ -11,9 +11,9 @@ html: main.j2: efcdfb0191c76563b5b2bbac8a6aa345a71fedc19752cf7042859f3dfb792f437ed40fc563699efdd30f6e9fe52f7a46229965b273f1e58dedf8739c8fa20c0c openbgpd: clients.j2: 16ccd0d3815c31880ba81cf94c68567a33c743bf08d33aee3b0bfb178c44dced0b3f93b78389593945e1a42c737924169eb4328d17685be518a9578d4852caf8 - filters.j2: edc6ec402ea658f9a747385a140e5fd7fd8b4a43df125cff6435112316b7cfdfec66aa26dfa2b938f5286595757a4d9c6b002780c3a0e3ba6e3302fa8df20e5b + filters.j2: 25e68e8e8051bc6cf22e401c6f49f3880538418b0bcd0864b07a7eeeaf5f266bca98f529375ac2c97ba81cb036285e0693b390d69bb59c6263cfd3e82ae3df1d header.j2: e78b6cf99af7b185a60e4303deb4e4041684f022efdea3abdc85f6365b3296926a8a4343964a46ef28ce5f11474ea1bd122e33e84721eeff6b6bb6ab64ae7a68 - irrdb.j2: a41aff6077c4b7ddd8ae03f0ac33f3ff47c9812350204d929a8b02fe63d023a813e802a7c9183528058b55d7502f7aeaef77a65acc906022586510f37453b88a + irrdb.j2: 43e4f4e39c2ecde20914e1875dd8f326106416ab2818cd23ee80939a800ece835502b5cdae0000788b68e17d49af48a03c9b35a411ed0757dfd7b25ec2de134c macros.j2: 2a2edfebbcc29835c91723da117052374b1d07c1d9e66a23717d248768cd628b7ea831971be28d42e57c58f59d27fa92333b3b0e66eb439029a0bbf9f69b85c4 main.j2: c81d8a3d4052a440f3d404ebdadeeae181966447463f9733768d8d9da4304cd6ea1505a9fdb58e3df55521c44bd03174efa3d3f35b5b79b8d7dda17ee9589061 rpki.j2: 698a6cbe12289be3c9c694a11390e2478f7aa734eff64bf508210c7774719e9f49155cc3643dea78b4ebc31d69ca30dc21aa53c3d9c46393bfde00f71eb73b71 diff --git a/templates/openbgpd/filters.j2 b/templates/openbgpd/filters.j2 index 236895cf..83aa02c4 100644 --- a/templates/openbgpd/filters.j2 +++ b/templates/openbgpd/filters.j2 @@ -34,7 +34,7 @@ deny quick {{ condition }} # IRRDB filters for {{ client.id }}, AS{{ client.asn }}: {{ objects }} # add {{int_comm_ko}} to any; it will be removed later if at least one AS-SET authorizes this object match from {{ client.ip }} set ext-community {{ int_comm_ko }} -{% if client.cfg.filtering.irrdb.as_set_bundle_ids %} +{% if 'as_set_bundle_ids' in client.cfg.filtering.irrdb.keys() and client.cfg.filtering.irrdb.as_set_bundle_ids %} # verifying if object is authorized by AS-SETs {% for as_set_bundle_id in client.cfg.filtering.irrdb.as_set_bundle_ids|sort %} {% set as_set_bundle = irrdb_info[as_set_bundle_id] %} diff --git a/templates/openbgpd/irrdb.j2 b/templates/openbgpd/irrdb.j2 index fc6b4b35..0a908f5f 100644 --- a/templates/openbgpd/irrdb.j2 +++ b/templates/openbgpd/irrdb.j2 @@ -4,7 +4,7 @@ # IRRDB {{ "pre-irrdb"|include_local_file -}} - +{% if irrdb_info %} {% for as_set_bundle_id in irrdb_info|sort %} {% set as_set_bundle = irrdb_info[as_set_bundle_id] %} # {{ as_set_bundle.descr }}, used by {{ as_set_bundle.used_by|sort|join(", ") }} @@ -39,6 +39,7 @@ AS_SET_{{ as_set_bundle.name }}_prefixes{{ loop.index }}="{ {{ write_prefix_list {% endif %} {% endfor %} +{% endif %} {{ "post-irrdb"|include_local_file -}}