| Age | Commit message (Collapse) | Author |
|---|
|
in an easily parseable form. This output can be used to implement SNMP MIBs
or rrdtool/mrtg update scripts. OK henning@
|
|
|
|
|
|
mostly from rivo nurges <rix@estpak.ee>, ok claudio
|
|
|
|
ok theo
|
|
going on (helps when the damn thing runs for hours). will be enabled with
a -v somewhen in the future
|
|
route: 198.73.251.0
no prefixlen...
overhaul error handling in prefixset_addmember(). for prefixes without
prefixlen or ones where inet_net_pton reports an invalid format, complain
and ignore the prefix, but don't err out completely.
|
|
route: 203.94.216.0/21,
origin: AS17813
so we need to cut trailing ',' away
|
|
|
|
everything we run into as members that is hierarchical (contains :) has to
be an as-set. RPSL requires one component to have the AS- prefix; we check
that.
now the huge AS-TELIANET correctly resolves - into 15128 unique ASes, takes
12m47.11s real 0m8.62s user 0m1.07s system
|
|
do the same in asset_expand() for the head as-set or aut-num reference from
the policy.
fixes duplicate ASes with mixed case seen after set resolution and saves
some str(n)casecmp on the way (or rather allows a whole bunch of strcmp to
stay)
|
|
|
|
|
|
|
|
spot 'em
|
|
|
|
any more. since aggregated entries might be further aggregatable...
shaves of another 1200 lines (of ~16900) from the generated ruleset for my AS
|
|
|
|
|
|
they can be expressed as one with shorter prefixlen. if so, adjust the
first prefix accordingly and return 1 so the second gets removed.
shrinks the ruleset for my AS from 19533 to 16892 rules.
|
|
|
|
that the resulting rule allows more specifics. i. e.
10.0.0.0/16, 10.0.1/24, 10.0.128/17 -> prefix 10.0.0.0/16 prefixlen <= 24
implementation: sort prefixes per AS by address family, prefix, prefixlen.
for every entry, check wether the prefix with the previous entry's mask
applied matches the previous entry's prefix & mask. Only move the previous
pointer forward if not so. Fill the holes we create in the process on the
fly; shrink the array afterwards.
shrinks the generated filters for our AS from over 100k to under 20k lines.
|
|
hanging connection for a specific query (which works find against radb,
investigating with ripe pplz), and ripe doesn't mirror some important RRs
like ALTDB.
|
|
multiple route objects (i. e. is the result of maksing out longer prefixes
or aggregation we'll do later).
if maxlen is > prefixlen, generate rules accordingly (prefixlen <= maxlen)
|
|
|
|
|
|
|
|
discussed with pyr
|
|
|
|
|
|
members
|
|
|
|
"" instead of defaulting to NULL, which is a pain to handle afterwards.
in the output function, treat empty string address like NULL address
problem noticed by rivo nurges <rix@estpak.ee>
|
|
to us trying to add an empty-string AS, which asset_get later complains
about.
in parse_asset, check that we're no dealing with a empty string token
before calling asset_addmember
|
|
|
|
RPSL spec and enforced by the IRR databases.
teach asset_get this fact. only send queries for the as-set members for
as-sets.
since we now always fake an as-set for aut-nums, we don't need to
escape the recursive as-set resolution process when we run into aut-num
members.
complain about and then ignore unresolvable as-set members.
|
|
for object found with n matched attributes. this way we can distinguish
between no object found and object without relevant attributes
|
|
|
|
|
|
|
|
generates bgpd filter rules from the Internet Routing Registry aka IRR aka
the aut-num, as-set and route objects in the RIPE, ARIN, APNIC ... databases
accessed via whois, using the Routing Policy Specificaion Language RPSL.
implement the whois query interface, an RPSL parser (of course only the
parts we need), recursive as-set resolver, prefixes per AS lookup,
and an ouput module to make up the rules.
work in progress, not ready for general consumption yet.
import agreed by theo & claudio
|
|
|
|
between templates and real sessions more obvious. OK henning@
|
|
|
|
OK henning@
|
|
The printf() was only reachable if one of the other capabilities were set.
|
|
|
|
|
|
state, if known by the driver. this is required to check the full
duplex state without depending on the ifmedia ioctl which can't be
called in the kernel without process context.
ok henning@, brad@
|
