Make the prefix-len check more generic

Avoid code duplication.
pierky · Mar 26, 2024 · 09e123d · 09e123d
1 parent d8e246b
commit 09e123d
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 33 deletions.
diff --git a/templates/bird/clients.j2 b/templates/bird/clients.j2
@@ -368,24 +368,19 @@ filter receive_from_{{ client.id }} {
 		{% endif %}
 
 		# Prefix: length
-		{% if client.ip|ipaddr_ver == 4 %}
-		{% set min_pref_len = client.cfg.filtering.ipv4_pref_len.min %}
-		{% set max_pref_len = client.cfg.filtering.ipv4_pref_len.max %}
-		{% else %}
-		{% set min_pref_len = client.cfg.filtering.ipv6_pref_len.min %}
-		{% set max_pref_len = client.cfg.filtering.ipv6_pref_len.max %}
-		{% endif %}
 		{% if "2.0.0"|target_version_ge and client.cfg.rfc8950 and client.ip|ipaddr_ver == 6 %}
-		if net.type = NET_IP6 then {
+		{%     set afis = [4, 6] %}
+		{% else %}
+		{%     set afis = [ client.ip|ipaddr_ver ] %}
 		{% endif %}
-		if !prefix_len_is_valid({{ min_pref_len }}, {{ max_pref_len }}) then
-			{{ reject(client, 13, '"prefix len [", net.len, "] not in ' ~ min_pref_len ~ '-' ~ max_pref_len ~ ' - REJECTING ", net') }}
-		{% if "2.0.0"|target_version_ge and client.cfg.rfc8950 and client.ip|ipaddr_ver == 6 %}
-		} else {
-		if !prefix_len_is_valid({{ client.cfg.filtering.ipv4_pref_len.min }}, {{ client.cfg.filtering.ipv4_pref_len.max }}) then
-			{{ reject(client, 13, '"prefix len [", net.len, "] not in ' ~ client.cfg.filtering.ipv4_pref_len.min ~ '-' ~ client.cfg.filtering.ipv4_pref_len.max ~ ' - REJECTING ", net') }}
+		{% for current_afi in afis %}
+		{%	 set min_pref_len = client.cfg.filtering["ipv" ~ current_afi ~ "_pref_len"].min %}
+		{%   set max_pref_len = client.cfg.filtering["ipv" ~ current_afi ~ "_pref_len"].max %}
+		if net.type = NET_IP{{ current_afi }} then {
+			if !prefix_len_is_valid({{ min_pref_len }}, {{ max_pref_len }}) then
+				{{ reject(client, 13, '"prefix len [", net.len, "] not in ' ~ min_pref_len ~ '-' ~ max_pref_len ~ ' - REJECTING ", net') }}
 		}
-		{% endif %}
+		{% endfor %}
 
 		{% if cfg.graceful_shutdown.enabled %}
 		{%	if client.cfg.graceful_shutdown.enabled %}

diff --git a/templates/fingerprints.yml b/templates/fingerprints.yml
@@ -1,5 +1,5 @@
 bird:
-  clients.j2: f4d3d45e77a793ec11d52de030aef3178a289d38c535ab111803494933b8c03f02c0f85c0d0570718f2d1b482d6d6eeea40e1f7c48bcb9b4b3069cec1ecb3233
+  clients.j2: 4a59b6da873981b449bc0ef09e3d3c5aa70f865e05ca98284afaf37edc387e30ce036d50703fff8d13e9344ab5a9b59e0b8c562995d3b5153e187b3d760203a3
   common.j2: 1888f590f24415b2df86b3f86f4a36ca8c348ae6e5ddfac664e1663928fd5093863b605d5165b4075da38df5bb041f1cbeebee9991efc1be02eb4a696d95e420
   header.j2: 25f219ef4d0a4ee64c18b338bc557c246c4759b438f31865a7483ebef8a9a3795e09c85ba301da24d7036b474f7936f7a9ed758f93d66bca36e0624c23729170
   irrdb.j2: 4ff9a0dba41a02737c17a2497613f2dcc179a80b79714f18d61162e9503907cfd53765ab426036119e8bcb716d9d24a5380d724235373ae4ab7340d6c6eb074a

diff --git a/tests/live_tests/scenarios/rfc8950/base.py b/tests/live_tests/scenarios/rfc8950/base.py
@@ -218,3 +218,4 @@ def test_030_ipv4_prefixlen_ok(self):
         """{}: IPv4 prefix length within ipv6_pref_len but outside ipv4_pref_len"""
         for prefix in (self.DATA["AS1_v4_route14"],):
             self.receive_route(self.rs, prefix, filtered=True, reject_reason=13)
+            self.log_contains(self.rs, "prefix len [25] not in 8-24 - REJECTING " + prefix)
diff --git a/tests/live_tests/scenarios/rfc8950/configs/RFC8950Scenario_BIRD2IPv6/bird2.conf b/tests/live_tests/scenarios/rfc8950/configs/RFC8950Scenario_BIRD2IPv6/bird2.conf
@@ -675,8 +675,14 @@ filter receive_from_AS1_1 {
 			{ tag_and_reject(14, 1); reject "RPKI, route is INVALID - REJECTING ", net; }
 
 		# Prefix: length
-		if !prefix_len_is_valid(12, 48) then
-			{ tag_and_reject(13, 1); reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net; }
+		if net.type = NET_IP4 then {
+			if !prefix_len_is_valid(8, 24) then
+				{ tag_and_reject(13, 1); reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net; }
+		}
+		if net.type = NET_IP6 then {
+			if !prefix_len_is_valid(12, 48) then
+				{ tag_and_reject(13, 1); reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net; }
+		}
 
 	}
 
@@ -891,8 +897,14 @@ filter receive_from_AS1_2 {
 			{ tag_and_reject(14, 1); reject "RPKI, route is INVALID - REJECTING ", net; }
 
 		# Prefix: length
-		if !prefix_len_is_valid(12, 48) then
-			{ tag_and_reject(13, 1); reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net; }
+		if net.type = NET_IP4 then {
+			if !prefix_len_is_valid(8, 24) then
+				{ tag_and_reject(13, 1); reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net; }
+		}
+		if net.type = NET_IP6 then {
+			if !prefix_len_is_valid(12, 48) then
+				{ tag_and_reject(13, 1); reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net; }
+		}
 
 	}
 
@@ -1105,8 +1117,14 @@ filter receive_from_AS2_1 {
 			{ tag_and_reject(14, 2); reject "RPKI, route is INVALID - REJECTING ", net; }
 
 		# Prefix: length
-		if !prefix_len_is_valid(12, 48) then
-			{ tag_and_reject(13, 2); reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net; }
+		if net.type = NET_IP4 then {
+			if !prefix_len_is_valid(8, 24) then
+				{ tag_and_reject(13, 2); reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net; }
+		}
+		if net.type = NET_IP6 then {
+			if !prefix_len_is_valid(12, 48) then
+				{ tag_and_reject(13, 2); reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net; }
+		}
 
 	}
 

diff --git a/tests/live_tests/scenarios/rfc8950/routes/RFC8950Scenario_BIRD2IPv6/bird2/AS2_1.txt b/tests/live_tests/scenarios/rfc8950/routes/RFC8950Scenario_BIRD2IPv6/bird2/AS2_1.txt
@@ -1,25 +1,25 @@
-1.1.1.0/24, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+1.0.0.0/8, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
   std comms:
   ext comms:
   lrg comms:
   best: False, LOCAL_PREF: 100
   filtered: True ()
 
-1.1.4.0/24, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+1.1.1.0/24, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
   std comms:
   ext comms:
   lrg comms:
   best: False, LOCAL_PREF: 100
   filtered: True ()
 
-1.1.6.0/24, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+1.1.4.0/24, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
   std comms:
   ext comms:
   lrg comms:
   best: False, LOCAL_PREF: 100
   filtered: True ()
 
-1.1.8.0/25, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
+1.1.6.0/24, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::2
   std comms:
   ext comms:
   lrg comms:

diff --git a/tests/live_tests/scenarios/rfc8950/routes/RFC8950Scenario_BIRD2IPv6/bird2/rs.txt b/tests/live_tests/scenarios/rfc8950/routes/RFC8950Scenario_BIRD2IPv6/bird2/rs.txt
@@ -1,9 +1,9 @@
 1.0.0.0/8, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
-  std comms: 65520:0, 65520:13, 65524:1
-  ext comms: rfc8097-not-found, rt:65524:1
+  std comms:
+  ext comms: rfc8097-not-found
   lrg comms:
-  best: False, LOCAL_PREF: 1
-  filtered: True ()
+  best: True, LOCAL_PREF: 100
+  filtered: False ()
 
 1.1.1.0/24, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
   std comms:
@@ -48,11 +48,11 @@
   filtered: True (14)
 
 1.1.8.0/25, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
-  std comms:
+  std comms: 65524:1
   ext comms: rfc8097-not-found
   lrg comms:
-  best: True, LOCAL_PREF: 100
-  filtered: False ()
+  best: False, LOCAL_PREF: 1
+  filtered: True (13)
 
 104.0.0.0/24, AS_PATH: 1, NEXT_HOP: 2001:db8:1:1::11, via 2001:db8:1:1::11
   std comms: