mirror of
https://gitlab.nic.cz/labs/bird.git
synced 2024-11-09 12:48:43 +00:00
af582c4811
- ROA tables, which are used as a basic part for RPKI. - Commands for examining and modifying ROA tables. - Filter operators based on ROA tables consistent with RFC 6483.
404 lines
14 KiB
Plaintext
404 lines
14 KiB
Plaintext
|
|
/*
|
|
* This is an example configuration file.
|
|
* FIXME: add all examples from docs here.
|
|
*/
|
|
|
|
# Yet another comment
|
|
|
|
router id 62.168.0.1;
|
|
|
|
define xyzzy = (120+10);
|
|
define '1a-a1' = (20+10);
|
|
define one = 1;
|
|
define ten = 10;
|
|
|
|
function onef(int a)
|
|
{
|
|
return 1;
|
|
}
|
|
|
|
|
|
function 'mkpair-a'(int a)
|
|
{
|
|
return (1, a);
|
|
}
|
|
|
|
function mkpath(int a; int b)
|
|
{
|
|
return [= a b 3 2 1 =];
|
|
}
|
|
|
|
function callme(int arg1; int arg2)
|
|
int local1;
|
|
int local2;
|
|
int i;
|
|
{
|
|
printn "Function callme called arguments ", arg1, " and ", arg2, ": " ;
|
|
i = arg2;
|
|
|
|
case arg1 {
|
|
11, 1, 111: printn "jedna, "; printn "jedna";
|
|
(one+onef(2)): printn "dva, "; printn "jeste jednou dva";
|
|
(2+one) .. 5: if arg2 < 3 then printn "tri az pet";
|
|
else: printn "neco jineho";
|
|
}
|
|
print;
|
|
}
|
|
|
|
function fifteen()
|
|
{
|
|
print "fifteen called";
|
|
return 15;
|
|
}
|
|
|
|
roa table rl
|
|
{
|
|
roa 10.110.0.0/16 max 16 as 1000;
|
|
roa 10.120.0.0/16 max 24 as 1000;
|
|
roa 10.130.0.0/16 max 24 as 2000;
|
|
roa 10.130.128.0/18 max 24 as 3000;
|
|
}
|
|
|
|
function test_roa()
|
|
{
|
|
# cannot be tested in __startup(), sorry
|
|
print "Testing ROA";
|
|
print "Should be true: ", roa_check(rl, 10.10.0.0/16, 1000) = ROA_UNKNOWN,
|
|
" ", roa_check(rl, 10.0.0.0/8, 1000) = ROA_UNKNOWN,
|
|
" ", roa_check(rl, 10.110.0.0/16, 1000) = ROA_VALID,
|
|
" ", roa_check(rl, 10.110.0.0/16, 2000) = ROA_INVALID,
|
|
" ", roa_check(rl, 10.110.32.0/20, 1000) = ROA_INVALID,
|
|
" ", roa_check(rl, 10.120.32.0/20, 1000) = ROA_VALID;
|
|
print "Should be true: ", roa_check(rl, 10.120.32.0/20, 2000) = ROA_INVALID,
|
|
" ", roa_check(rl, 10.120.32.32/28, 1000) = ROA_INVALID,
|
|
" ", roa_check(rl, 10.130.130.0/24, 1000) = ROA_INVALID,
|
|
" ", roa_check(rl, 10.130.130.0/24, 2000) = ROA_VALID,
|
|
" ", roa_check(rl, 10.130.30.0/24, 3000) = ROA_INVALID,
|
|
" ", roa_check(rl, 10.130.130.0/24, 3000) = ROA_VALID;
|
|
}
|
|
|
|
function paths()
|
|
bgpmask pm1;
|
|
bgpmask pm2;
|
|
bgppath p2;
|
|
clist l;
|
|
clist l2;
|
|
eclist el;
|
|
eclist el2;
|
|
{
|
|
pm1 = / 4 3 2 1 /;
|
|
pm2 = [= 4 3 2 1 =];
|
|
print "Testing path masks: ", pm1, " ", pm2;
|
|
p2 = prepend( + empty +, 1 );
|
|
p2 = prepend( p2, 2 );
|
|
p2 = prepend( p2, 3 );
|
|
p2 = prepend( p2, 4 );
|
|
print "Testing paths: ", p2;
|
|
print "Should be true: ", p2 ~ pm1, " ", p2 ~ pm2, " ", 3 ~ p2;
|
|
print "4 = ", p2.len;
|
|
p2 = prepend( p2, 5 );
|
|
print "Should be false: ", p2 ~ pm1, " ", p2 ~ pm2, " ", 10 ~ p2;
|
|
print "Should be true: ", p2 ~ / ? 4 3 2 1 /, " ", p2, " ", / ? 4 3 2 1 /;
|
|
print "Should be true: ", p2 ~ [= * 4 3 * 1 =], " ", p2, " ", [= * 4 3 * 1 =];
|
|
print "Should be true: ", p2 ~ [= (3+2) (2*2) 3 2 1 =], " ", p2 ~ mkpath(5, 4);
|
|
print "Should be true: ", p2.len = 5, " ", p2.first = 5, " ", p2.last = 1;
|
|
print "5 = ", p2.len;
|
|
|
|
pm1 = [= 1 2 * 3 4 5 =];
|
|
p2 = prepend( + empty +, 5 );
|
|
p2 = prepend( p2, 4 );
|
|
p2 = prepend( p2, 3 );
|
|
p2 = prepend( p2, 3 );
|
|
p2 = prepend( p2, 2 );
|
|
p2 = prepend( p2, 1 );
|
|
print "Should be true: ", p2 ~ pm1, " ", p2, " ", pm1;
|
|
|
|
l = - empty -;
|
|
print "Should be false in this special case: ", l ~ [(*,*)];
|
|
l = add( l, (one,2) );
|
|
print "Should be always true: ", l ~ [(*,*)];
|
|
l = add( l, (2,one+2) );
|
|
print "Community list (1,2) (2,3) ", l;
|
|
print "Should be true: ", (2,3) ~ l, " ", l ~ [(1,*)], " ", l ~ [(2,3)]," ", l ~ [(2,2..3)], " ", l ~ [(1,1..2)], " ", l ~ [(1,1)..(1,2)];
|
|
l = add( l, (2,5) );
|
|
l = add( l, (5,one) );
|
|
l = add( l, (6,one) );
|
|
l = add( l, (one,one) );
|
|
l = delete( l, [(5,1),(6,one),(one,1)] );
|
|
l = delete( l, [(5,one),(6,one)] );
|
|
l = filter( l, [(1,*)] );
|
|
print "Community list (1,2) ", l;
|
|
print "Should be false: ", (2,3) ~ l, " ", l ~ [(2,*)], " ", l ~ [(one,3..6)];
|
|
print "Should be always true: ", l ~ [(*,*)];
|
|
l = add( l, (3,one) );
|
|
l = add( l, (one+one+one,one+one) );
|
|
l = add( l, (3,3) );
|
|
l = add( l, (3,4) );
|
|
l = add( l, (3,5) );
|
|
l2 = filter( l, [(3,*)] );
|
|
l = delete( l, [(3,2..4)] );
|
|
print "Community list (1,2) (3,1) (3,5) ", l;
|
|
l = add( l, (3,2) );
|
|
l = add( l, (4,5) );
|
|
print "Community list (1,2) (3,1) (3,2) (3,5) (4,5) ", l;
|
|
print "Should be true: ", l ~ [(*,2)], " ", l ~ [(*,5)], " ", l ~ [(*, one)];
|
|
print "Should be false: ", l ~ [(*,3)], " ", l ~ [(*,(one+6))], " ", l ~ [(*, (one+one+one))];
|
|
l = delete( l, [(*,(one+onef(3)))] );
|
|
l = delete( l, [(*,(4+one))] );
|
|
print "Community list (3,1) ", l;
|
|
l = delete( l, [(*,(onef(5)))] );
|
|
print "Community list empty ", l;
|
|
l2 = add( l2, (3,6) );
|
|
l = filter( l2, [(3,1..4)] );
|
|
l2 = filter( l2, [(3,3..6)] );
|
|
print "clist A (1..4): ", l;
|
|
print "clist B (3..6): ", l2;
|
|
print "clist A union B: ", add( l2, l );
|
|
print "clist A isect B: ", filter( l, l2 );
|
|
print "clist A \ B: ", delete( l, l2 );
|
|
|
|
el = -- empty --;
|
|
el = add(el, (rt, 10, 20));
|
|
el = add(el, (ro, 10.20.30.40, 100));
|
|
el = add(el, (ro, 11.21.31.41.mask(16), 200));
|
|
print "EC list (rt, 10, 20) (ro, 10.20.30.40, 100) (ro, 11.21.0.0, 200):";
|
|
print el;
|
|
el = delete(el, (rt, 10, 20));
|
|
el = delete(el, (rt, 10, 30));
|
|
el = add(el, (unknown 2, ten, 1));
|
|
el = add(el, (unknown 5, ten, 1));
|
|
el = add(el, (rt, ten, one+one));
|
|
el = add(el, (rt, 10, 3));
|
|
el = add(el, (rt, 10, 4));
|
|
el = add(el, (rt, 10, 5));
|
|
el = add(el, (generic, 0x2000a, 3*ten));
|
|
el = delete(el, [(rt, 10, 2..ten)]);
|
|
print "EC list (ro, 10.20.30.40, 100) (ro, 11.21.0.0, 200) (rt, 10, 1) (unknown 0x5, 10, 1) (rt, 10, 30):";
|
|
print el;
|
|
el = filter(el, [(rt, 10, *)]);
|
|
print "EC list (rt, 10, 1) (rt, 10, 30): ", el;
|
|
print "Testing EC list, true: ", (rt, 10, 1) ~ el, " ", el ~ [(rt, 10, ten..40)];
|
|
print "Testing EC list, false: ", (rt, 10, 20) ~ el, " ", (ro, 10.20.30.40, 100) ~ el, " ", el ~ [(rt, 10, 35..40)], " ", el ~ [(ro, 10, *)];
|
|
el = add(el, (rt, 10, 40));
|
|
el2 = filter(el, [(rt, 10, 20..40)] );
|
|
el2 = add(el2, (rt, 10, 50));
|
|
print "eclist A (1,30,40): ", el;
|
|
print "eclist B (30,40,50): ", el2;
|
|
print "eclist A union B: ", add( el2, el );
|
|
print "eclist A isect B: ", filter( el, el2 );
|
|
print "eclist A \ B: ", delete( el, el2 );
|
|
|
|
# test_roa();
|
|
}
|
|
|
|
function bla()
|
|
{
|
|
print "fifteen called";
|
|
return 15;
|
|
}
|
|
|
|
define four=4;
|
|
define onetwo=1.2.3.4;
|
|
|
|
function __test1()
|
|
{
|
|
if source ~ [ RTS_BGP, RTS_STATIC ] then {
|
|
# ospf_metric1 = 65535;
|
|
# ospf_metric2 = 1000;
|
|
ospf_tag = 0x12345678;
|
|
accept;
|
|
} reject;
|
|
}
|
|
|
|
function __test2()
|
|
{
|
|
if source ~ [ RTS_BGP, RTS_STATIC ] then {
|
|
# ospf_metric1 = 65535;
|
|
# ospf_metric2 = 1000;
|
|
ospf_tag = 0x12345678;
|
|
accept;
|
|
} reject;
|
|
}
|
|
|
|
function test_pxset(prefix set pxs)
|
|
{
|
|
print pxs;
|
|
print " must be true: ", 10.0.0.0/8 ~ pxs, ",", 10.0.0.0/10 ~ pxs, ",", 10.0.0.0/12 ~ pxs, ",",
|
|
20.0.0.0/24 ~ pxs, ",", 20.0.40.0/24 ~ pxs, ",", 20.0.0.0/26 ~ pxs, ",",
|
|
20.0.100.0/26 ~ pxs, ",", 20.0.0.0/28 ~ pxs, ",", 20.0.255.0/28 ~ pxs;
|
|
print " must be false: ", 10.0.0.0/7 ~ pxs, ",", 10.0.0.0/13 ~ pxs, ",", 10.0.0.0/16 ~ pxs, ",",
|
|
20.0.0.0/16 ~ pxs, ",", 20.0.0.0/23 ~ pxs, ",", 20.0.0.0/29 ~ pxs, ",",
|
|
11.0.0.0/10 ~ pxs, ",", 20.1.0.0/26 ~ pxs;
|
|
}
|
|
|
|
function test_undef(int a)
|
|
int b;
|
|
{
|
|
if a = 3
|
|
then b = 4;
|
|
print "Defined: ", a, " ", b, " ", defined(b);
|
|
}
|
|
|
|
function __startup()
|
|
int i;
|
|
bool b;
|
|
prefix px;
|
|
ip p;
|
|
pair pp;
|
|
quad qq;
|
|
ec cc;
|
|
int set is;
|
|
int set is1;
|
|
int set is2;
|
|
int set is3;
|
|
pair set ps;
|
|
ec set ecs;
|
|
prefix set pxs;
|
|
string s;
|
|
{
|
|
print "1a-a1 = 30: ", '1a-a1';
|
|
print "Testing filter language:";
|
|
i = four;
|
|
i = 12*100 + 60/2 + i;
|
|
i = ( i + 0 );
|
|
print " arithmetics: 1234 = ", i;
|
|
printn " if statements ";
|
|
print "what happens here?";
|
|
printn ".";
|
|
if (i = 4) then { print "*** FAIL: if 0"; quitbird; } else printn ".";
|
|
# if !(i = 3) then { print "*** FAIL: if 0"; quitbird; } else printn ".";
|
|
if 1234 = i then printn "."; else { print "*** FAIL: if 1 else"; }
|
|
# if 1 <= 1 then printn "."; else { print "*** FAIL: test 3"; }
|
|
if 1234 < 1234 then { print "*** FAIL: test 4"; quitbird; } else print "ok";
|
|
is = [ 2, 3, 4, 7..11 ];
|
|
print " must be true: ", 1.2.0.0/16 ~ [ 1.0.0.0/8{ 15 , 17 } ];
|
|
print " data types; must be true: ", 1.2.3.4 = 1.2.3.4, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 10 ~ is, ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 1.2.3.4 ~ [ 1.2.3.3..1.2.3.5 ], ",", 1.2.3.4 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ [ 1.0.0.0/8+ ];
|
|
print " must be true: ", true && true, ",", true || false, ",", ! false && ! false && true, ",", 1 < 2 && 1 != 3, ",", true && true && ! false, ",", true || 1+"a", ",", !(false && 1+"a");
|
|
|
|
print " must be true: ", defined(1), ",", defined(1.2.3.4), ",", 1 != 2, ",", 1 <= 2;
|
|
print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ is, ",", 1.2.3.4 ~ [ 1.2.3.3, 1.2.3.5 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1.0.0.0/9 ~ [ 1.0.0.0/8- ], ",", 1.2.0.0/17 ~ [ 1.0.0.0/8{ 15 , 16 } ], ",", true && false;
|
|
|
|
is1 = [ 1, 5, 8, 11, 15, 17, 19];
|
|
|
|
is1 = [ one, (2+1), (6-one), 8, 11, 15, 17, 19];
|
|
is2 = [(17+2), 17, 15, 11, 8, 5, 3, 2];
|
|
is3 = [5, 17, 2, 11, 8, 15, 3, 19];
|
|
|
|
print " must be true: ", 1 ~ is1, " ", 3 ~ is1, " ", 5 ~ is1;
|
|
print " must be true: ", (one+2) ~ is1, " ", 2 ~ is2, " ", 2 ~ is3;
|
|
print " must be false: ", 4 ~ is1, " ", 4 ~ is2, " ", 4 ~ is3;
|
|
print " must be false: ", 10 ~ is1, " ", 10 ~ is2, " ", 10 ~ is3;
|
|
print " must be true: ", 15 ~ is1, " ", 15 ~ is2, " ", 15 ~ is3;
|
|
print " must be false: ", 18 ~ is1, " ", 18 ~ is2, " ", 18 ~ is3;
|
|
print " must be true: ", 19 ~ is1, " ", 19 ~ is2, " ", 19 ~ is3;
|
|
print " must be false: ", 20 ~ is1, " ", 20 ~ is2, " ", 20 ~ is3;
|
|
|
|
px = 1.2.0.0/18;
|
|
print "Testing prefixes: 1.2.0.0/18 = ", px;
|
|
print " must be true: ", 192.168.0.0/16 ~ 192.168.0.0/16, " ", 192.168.0.0/17 ~ 192.168.0.0/16, " ", 192.168.254.0/24 ~ 192.168.0.0/16;
|
|
print " must be false: ", 192.168.0.0/15 ~ 192.168.0.0/16, " ", 192.160.0.0/17 ~ 192.168.0.0/16;
|
|
|
|
p = 127.1.2.3;
|
|
print "Testing mask : 127.0.0.0 = ", p.mask(8);
|
|
|
|
pp = (1, 2);
|
|
print "Testing pairs: (1,2) = ", (1,2), " = ", pp, " = ", (1,1+1), " = ", 'mkpair-a'(2);
|
|
print " must be true: ", (1,2) = (1,1+1);
|
|
print "Testing enums: ", RTS_DUMMY, " ", RTS_STATIC, " ",
|
|
", true: ", RTS_STATIC ~ [RTS_STATIC, RTS_DEVICE],
|
|
", false: ", RTS_BGP ~ [RTS_STATIC, RTS_DEVICE];
|
|
|
|
ps = [(1,(one+one)), (3,4)..(4,8), (5,*), (6,3..6)];
|
|
print "Pair set: ", ps;
|
|
print "Testing pair set, true: ", pp ~ ps, " ", (3,5) ~ ps, " ", (4,1) ~ ps, " ", (5,4) ~ ps, " ", (5,65535) ~ ps, " ", (6,4) ~ ps, " ", (3, 10000) ~ ps;
|
|
print "Testing pair set, false: ", (3,3) ~ ps, " ", (4,9) ~ ps, " ", (4,65535) ~ ps, " ", (6,2) ~ ps, " ", (6,6+one) ~ ps, " ", ((one+6),2) ~ ps, " ", (1,1) ~ ps;
|
|
|
|
ps = [(20..150, 200..300), (50100..50200, 1000..50000), (*, 5+5)];
|
|
print "Pair set: .. too long ..";
|
|
print "Testing pair set, true: ", (100,200) ~ ps, " ", (150,300) ~ ps, " ", (50180,1200) ~ ps, " ", (50110,49000) ~ ps, " ", (0,10) ~ ps, " ", (64000,10) ~ ps;
|
|
print "Testing pair set, false: ", (20,199) ~ ps, " ", (151,250) ~ ps, " ", (50050,2000) ~ ps, " ", (50150,50050) ~ ps, " ", (10,9) ~ ps, " ", (65535,11) ~ ps ;
|
|
|
|
qq = 1.2.3.4;
|
|
print "Testinq quad: 1.2.3.4 = ", qq,
|
|
", true: ", qq = 1.2.3.4, " ", qq ~ [1.2.3.4, 5.6.7.8],
|
|
", false: ", qq = 4.3.2.1, " ", qq ~ [1.2.1.1, 1.2.3.5];
|
|
|
|
cc = (rt, 12345, 200000);
|
|
print "Testing EC: (rt, 12345, 200000) = ", cc;
|
|
print "Testing EC: (ro, 100000, 20000) = ", (ro, 100000, 20000);
|
|
print "Testing EC: (rt, 10.20.30.40, 20000) = ", (rt, 10.20.30.40, 20000);
|
|
print " true: ", cc = (rt, 12345, 200000), " ", cc < (rt, 12345, 200010),
|
|
", false: ", cc = (rt, 12346, 200000), " ", cc = (ro, 12345, 200000), " ", cc > (rt, 12345, 200010);
|
|
|
|
ecs = [(rt, ten, (one+onef(0))*10), (ro, 100000, 100..200), (rt, 12345, *)];
|
|
print "EC set: ", ecs;
|
|
print "Testing EC set, true: ", (rt, 10, 20) ~ ecs, " ", (ro, 100000, 100) ~ ecs, " ", (ro, 100000, 200) ~ ecs,
|
|
" ", (rt, 12345, 0) ~ ecs, " ", cc ~ ecs, " ", (rt, 12345, 4000000) ~ ecs;
|
|
print "Testing EC set, false: ", (ro, 10, 20) ~ ecs, " ", (rt, 10, 21) ~ ecs, " ", (ro, 100000, 99) ~ ecs,
|
|
" ", (ro, 12345, 10) ~ ecs, " ", (rt, 12346, 0) ~ ecs, " ", (ro, 0.1.134.160, 150) ~ ecs;
|
|
|
|
s = "Hello";
|
|
print "Testing string: ", s, " true: ", s ~ "Hell*", " false: ", s ~ "ell*";
|
|
|
|
b = true;
|
|
print "Testing bool: ", b, ", ", !b;
|
|
|
|
if ( b = true ) then print "Testing bool comparison b = true: ", b;
|
|
else { print "*** FAIL: TRUE test failed" ; quitbird; }
|
|
|
|
pxs = [ 1.2.0.0/16, 1.4.0.0/16+];
|
|
print "Testing prefix sets: ";
|
|
print pxs;
|
|
print " must be true: ", 1.2.0.0/16 ~ pxs, ",", 1.4.0.0/16 ~ pxs, ",", 1.4.0.0/18 ~ pxs, ",", 1.4.0.0/32 ~ pxs;
|
|
print " must be false: ", 1.1.0.0/16 ~ pxs, ",", 1.3.0.0/16 ~ pxs, ",", 1.2.0.0/15 ~ pxs, ",", 1.2.0.0/17 ~ pxs, ",",
|
|
1.2.0.0/32 ~ pxs, ",", 1.4.0.0/15 ~ pxs;
|
|
|
|
test_pxset([ 10.0.0.0/16{8,12}, 20.0.0.0/16{24,28} ]);
|
|
print "What will this do? ", [ 1, 2, 1, 1, 1, 3, 4, 1, 1, 1, 5 ];
|
|
|
|
print "Testing functions...";
|
|
callme ( 1, 2 );
|
|
callme ( 2, 2 );
|
|
callme ( 2, 2 );
|
|
callme ( 3, 2 );
|
|
callme ( 4, 4 );
|
|
callme ( 7, 2 );
|
|
|
|
i = fifteen();
|
|
print "Testing function calls: 15 = ", i;
|
|
|
|
paths();
|
|
|
|
print "1.2.3.4 = ", onetwo;
|
|
|
|
test_undef(2);
|
|
test_undef(3);
|
|
test_undef(2);
|
|
|
|
print "Testing include";
|
|
include "test.conf.inc";
|
|
|
|
print "done";
|
|
quitbird;
|
|
# print "*** FAIL: this is unreachable";
|
|
}
|
|
|
|
filter testf
|
|
int j;
|
|
{
|
|
print "Heya, filtering route to ", net.ip, " prefixlen ", net.len, " source ", source;
|
|
print "This route was from ", from;
|
|
j = 7;
|
|
j = 17;
|
|
if rip_metric > 15 then {
|
|
reject "RIP Metric is more than infinity";
|
|
}
|
|
rip_metric = 14;
|
|
unset(rip_metric);
|
|
|
|
accept "ok I take that";
|
|
}
|
|
|
|
eval __startup();
|