# Configure logging
#log syslog { warning, error, fatal, bug };
log syslog all;

# Turn on global debugging of all protocols
#debug protocols all;
debug protocols { states };


# Override router ID and store ASN
router id 193.34.197.192;
define myasn = 47214;


#####################
# GENERAL PROTOCOLS #
#####################
# This pseudo-protocol watches all interface up/down events.
protocol device {
        # Scan interfaces every 5 seconds
        scan time 5;
}

protocol bfd {
	interface "ens19" {
		passive on;
	};
}

roa4 table r4;
roa6 table r6;

protocol rpki rpki_alarig {
	remote "msi.no.swordarmor.fr";

	roa4 { table r4; };
	roa6 { table r6; };
}

protocol rpki rpki_cf {
	remote "rtr.rpki.cloudflare.com";
	port 8282;

	roa4 { table r4; };
	roa6 { table r6; };
}

###############
# BGP FILTERS #
###############
include "/etc/bird/check_import.conf";

function check_ipv4(int peeras; ip nexthop)
  prefix set martians;
  prefix set our_prefixes;
{

	check_import(peeras, nexthop);

	martians = [
		10.0.0.0/8+, 100.64.0.0/10+, 127.0.0.0/8+, 169.254.0.0/16+,
		172.16.0.0/12+, 192.0.0.0/24+, 192.0.2.0/24+, 192.168.0.0/16+,
		198.18.0.0/15+, 198.51.100.0/24+, 203.0.113.0/24+,
		224.0.0.0/4+, 240.0.0.0/4+, 255.255.255.255/32
	];

    # Avoid reserved networks
    if net ~ martians then return false;

    # Avoid too short and too long prefixes
    if (net.len < 8) || (net.len > 24) then return false;

    # Avoid 0.0.0.0/X (default route + 0.0.0.0/8)
    if net.ip = 0.0.0.0 then return false;

    # Remove our prefixes. Only us can announce them
    # Remove also our interconnection prefixes. We are directly connected.
    if net ~ [ 185.1.89.0/24+ ] then return false;

	# scrub Origin Validation State Extended Community
	bgp_ext_community.delete((unknown 0x4300, 0, 0));
	bgp_ext_community.delete((unknown 0x4300, 0, 1));
	bgp_ext_community.delete((unknown 0x4300, 0, 2));

	# set RPKI Origin Validation State Extended Community
	case roa_check(r4, net, bgp_path.last_nonaggregated) {
		ROA_VALID:
			# add rfc8097 marker to routes for which a valid
			# matching ROA exists
			bgp_ext_community.add((unknown 0x4300, 0, 0));
		ROA_INVALID:
			bgp_ext_community.add((unknown 0x4300, 0, 2));
			return false;
		else:
			# add rfc8097 marker to routes for which no covering
			# ROA exists
			bgp_ext_community.add((unknown 0x4300, 0, 1));
	}

	return true;
};

function check_ipv6(int peeras; ip nexthop)
  prefix set martians;
  prefix set our_prefixes;
{

	check_import(peeras, nexthop);

    martians = [ ::1/128, ::/128, ::ffff:0:0/96+, 100::/64+,
	2001:db8::/32+, 2001::/23, 2001:2::/48+, 2001:10::/28+, 2002::/17+,
	fc00::/7, fe80::/10, ff00::/8+, 3FFE::/16+, 5F00::/8+
    ];

    # Avoid reserved networks
    if net ~ martians then return false;

    # Avoid too short and too long prefixes
    if (net.len < 16) || (net.len > 48) then return false;

    # Avoid bogons. IANA didn't allocate outside of 2000::/3
    # but there are already announces there
    if ! (net.ip ~ 2000::/3) then return false;

    # Avoid 0.0.0.0/X (default route + 0.0.0.0/8)
    if net.ip = ::/0 then return false;

    # Remove our prefixes. Only us can announce them
    # Remove also our interconnection prefixes. We are directly connected.
    if net ~ 2001:7f8:b1::/48 then return false;

	# scrub Origin Validation State Extended Community
	bgp_ext_community.delete((unknown 0x4300, 0, 0));
	bgp_ext_community.delete((unknown 0x4300, 0, 1));
	bgp_ext_community.delete((unknown 0x4300, 0, 2));

	# set RPKI Origin Validation State Extended Community
	case roa_check(r6, net, bgp_path.last_nonaggregated) {
		ROA_VALID:
			# add rfc8097 marker to routes for which a valid
			# matching ROA exists
			bgp_ext_community.add((unknown 0x4300, 0, 0));
		ROA_INVALID:
			bgp_ext_community.add((unknown 0x4300, 0, 2));
			return false;
		else:
			# add rfc8097 marker to routes for which no covering
			# ROA exists
			bgp_ext_community.add((unknown 0x4300, 0, 1));
	}

	return true;
};

#############
# Templates #
#############

template bgp PEERS_IPv4 {
        local as myasn;
	rs client;
	passive;
	local role rs_server;
	#bfd on;
	prefer older;

        ipv4 {
		import table on;
		export table on;
		rpki reload;
		add paths tx;
	        import keep filtered;
	        import all;
	        export all;
	        import limit 100 action block;
		receive limit 1000 action disable;
        };
}

template bgp PEERS_IPv6 {
        local as myasn;
	rs client;
	passive;
	local role rs_server;
	#bfd on;
	prefer older;

	ipv6 {
		import table on;
		export table on;
		rpki reload;
		add paths tx;
	        import keep filtered;
	        import all;
	        export all;
	        import limit 100 action block;
		receive limit 1000 action disable;
	};
}


#########
# PEERS #
#########

include "/etc/bird/google.conf";
include "/etc/bird/functions/*.conf";
include "/etc/bird/peers/*.conf";