54 lines
1.4 KiB
Bash
54 lines
1.4 KiB
Bash
|
#!/bin/sh
|
||
|
|
||
|
set -e
|
||
|
|
||
|
if [ ! -f /usr/local/etc/bird-peers-update.conf ]; then
|
||
|
printf "Write /usr/local/etc/bird-peers-update.conf with at least "
|
||
|
printf "PDB_API_KEY and BIRD_CONF_PATH vars\n"
|
||
|
exit 1
|
||
|
else
|
||
|
. /usr/local/etc/bird-peers-update.conf
|
||
|
fi
|
||
|
|
||
|
# comma list
|
||
|
NEVER_VIA_RS_LIST="$(
|
||
|
curl -H 'Authorization: Api-Key '"${PDB_API_KEY}" \
|
||
|
-s 'https://www.peeringdb.com/api/net?info_never_via_route_servers=1' | \
|
||
|
jq '.data[].asn' | sort -n | tr '\n' ',' | sed 's/,/, /g;s/, $//'
|
||
|
)"
|
||
|
|
||
|
# bird set
|
||
|
NEVER_VIA_RS_SET="$(
|
||
|
printf "[ ${NEVER_VIA_RS_LIST} ]"
|
||
|
)"
|
||
|
|
||
|
|
||
|
if [ -n "${NEVER_VIA_RS_SET}" ]; then
|
||
|
printf "# generated by $0 $@
|
||
|
function check_import(int peeras; ip nexthop)
|
||
|
int set reserved_asn;
|
||
|
int set never_via_rs;
|
||
|
{
|
||
|
reserved_asn = [ 0, 64297..131071, 4200000000..4294967294, 4294967295 ];
|
||
|
|
||
|
never_via_rs = ${NEVER_VIA_RS_SET};
|
||
|
|
||
|
# Check that the next AS is our neighbour's.
|
||
|
# Same for next-hop
|
||
|
if bgp_path.first != peeras then return false;
|
||
|
if bgp_next_hop != nexthop then return false;
|
||
|
|
||
|
# AS_PATH too long (8 because a member could re-annonce its clients, and
|
||
|
# the clients of it clients, and prepend on the IXP)
|
||
|
if bgp_path.len > 8 then return false;
|
||
|
|
||
|
# Don't accept if path contains a reserved AS
|
||
|
# Disabled because it removes legit prefixes
|
||
|
if bgp_path ~ reserved_asn then return false;
|
||
|
if bgp_path ~ never_via_rs then return false;
|
||
|
|
||
|
return true;
|
||
|
}
|
||
|
" > "${BIRD_CONF_PATH}"/check_import.conf
|
||
|
fi
|