diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..19982d3 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "frog/pingfinder"] + path = frog/pingfinder + url = https://git.dn42.dev/dn42/pingfinder diff --git a/RFCs/IPAM.md b/RFCs/IPAM.md index b7a19bc..56a7dee 100644 --- a/RFCs/IPAM.md +++ b/RFCs/IPAM.md @@ -21,7 +21,7 @@ |-------------------------------|-------------------| | Nodes | | | 172.23.196.32 | Reserved | -| 172.23.196.33 | GPVM | +| 172.23.196.33 | frog | | 172.23.196.34 | Bagpipe | | 172.23.196.35 | LXC | | Reserve | | @@ -59,8 +59,8 @@ | Subnet | Range | Comment | |-------------------------------|-------------------------------------------------------------|-----------------------| -| fd42:deca:fbad::f1:c47:1/112 | fd42:deca:fbad::f1:c47:0000 - fd42:deca:fbad::f1:c47:ffff | GPVM net prefix | -| fd42:deca:fbad::f1:c0de:1/112 | fd42:deca:fbad::f1:c0de:0000 - fd42:deca:fbad::f1:c0de:ffff | GPVM client prefix | +| fd42:deca:fbad::f1:c47:1/112 | fd42:deca:fbad::f1:c47:0000 - fd42:deca:fbad::f1:c47:ffff | frog net prefix | +| fd42:deca:fbad::f1:c0de:1/112 | fd42:deca:fbad::f1:c0de:0000 - fd42:deca:fbad::f1:c0de:ffff | frog client prefix | | fd42:deca:fbad::f2:c47:1/112 | fd42:deca:fbad::f2:c47:0000 - fd42:deca:fbad::f2:c47:ffff | Bagpipe net prefix | | fd42:deca:fbad::f2:c0de:1/112 | fd42:deca:fbad::f2:c0de:0000 - fd42:deca:fbad::f2:c0de:ffff | Bagpipe client prefix | @@ -68,7 +68,7 @@ | Address | | |---------------------------|-------------------| -| fd42:deca:fbad::1 | GPVM | +| fd42:deca:fbad::1 | frog | | fd42:deca:fbad::2 | Bagpipe | | fd42:deca:fbad::3 | LXC | | fd42:deca:fbad::f1:c47:ff | Authoritative DNS | diff --git a/frog/bird/bird.conf b/frog/bird/bird.conf new file mode 100644 index 0000000..c734a86 --- /dev/null +++ b/frog/bird/bird.conf @@ -0,0 +1,95 @@ +define AS = 4242421411; +define IPv4 = 172.23.196.33; +define IPv6 = fd42:deca:fbad::1; +define NETv4 = 172.23.196.32/27; +define NETv6 = fd42:deca:fbad::/48; +define NETSETv4 = [172.23.196.32/27+]; +define NETSETv6 = [fd42:deca:fbad::/48+]; +define DN42_REGION = 41; + +router id IPv4; + +log "/tmp/bird.log" all; + +roa4 table dn42_roa; +roa6 table dn42_roa6; + +protocol device { + scan time 10; +}; + +protocol kernel { + scan time 20; + ipv4 { + import none; + export filter { + if source = RTS_DEVICE then reject; + krt_prefsrc = IPv4; + accept; + }; + }; +}; + +protocol kernel { + scan time 20; + ipv6 { + import none; + export filter { + if source = RTS_DEVICE then reject; + krt_prefsrc = IPv6; + accept; + }; + }; +}; + +protocol static { + roa4 { + table dn42_roa; + }; + include "/etc/bird/roa/dn42_roa_bird2_4.conf"; +}; + +protocol static { + roa6 { + table dn42_roa6; + }; + include "/etc/bird/roa/dn42_roa_bird2_6.conf"; +}; + +protocol static { + route NETv4 reject; + ipv4 { + import all; + export none; + }; +}; + +protocol static { + route NETv6 reject; + ipv6 { + import all; + export none; + }; +}; + +template bgp dn42_peer { + local as AS; + prefer older on; + enforce first as on; + enable extended messages on; +}; + +template bgp dn42_igp { + local as AS; + enable extended messages on; + direct; +}; + +# Functions +include "/etc/bird/functions/*.conf"; +# IGP stuff +include "/etc/bird/igp/*.conf"; +include "/etc/bird/babel.conf"; +# BGP peers +include "/etc/bird/peers/*"; + diff --git a/frog/bird/bird/babel.conf b/frog/bird/bird/babel.conf new file mode 100644 index 0000000..454c3d2 --- /dev/null +++ b/frog/bird/bird/babel.conf @@ -0,0 +1,26 @@ +protocol direct { + ipv4; + ipv6; + interface "dn42_igp"; +} + +protocol babel frog { + ipv4 { + import where source != RTS_BGP && is_self_net(); + export where source != RTS_BGP && is_self_net(); + }; + + ipv6 { + import where source != RTS_BGP && is_self_net_v6(); + export where source != RTS_BGP && is_self_net_v6(); + }; + + interface "igp_lxc" { + rxcost 30; + }; + + interface "igp_bagpipe" { + rxcost 130; + }; +} + diff --git a/frog/bird/bird/functions/a_functions.conf b/frog/bird/bird/functions/a_functions.conf new file mode 100644 index 0000000..6bc0262 --- /dev/null +++ b/frog/bird/bird/functions/a_functions.conf @@ -0,0 +1,42 @@ +function is_self_net() { + return net ~ NETSETv4; +} + +function is_valid_network() { + return net ~ [ + 172.20.0.0/14{21,29}, # dn42 + 172.20.0.0/24{28,32}, # dn42 Anycast + 172.21.0.0/24{28,32}, # dn42 Anycast + 172.22.0.0/24{28,32}, # dn42 Anycast + 172.23.0.0/24{28,32}, # dn42 Anycast + 172.31.0.0/16+, # ChaosVPN + 10.100.0.0/14+, # ChaosVPN + 10.127.0.0/16{16,32}, # neonetwork + 10.0.0.0/8{15,24} # Freifunk.net + ]; +} + +function is_self_net_v6() { + if net ~ NETSETv6 then { + print "[dn42] route", net, "is inside", NETSETv6; + return true; + } + return false; +} + +function is_valid_network_v6() { + return net ~ [ + fd00::/8{44,64} # ULA address space as per RFC 4193 + ]; +} + +function is_igp_network() { + if net.type = NETv4 && net ~ NETSETv4 then { + return true; + } else if net.type = NETv6 && net ~ NETSETv6 then { + return true; + } else { + return false; + } +} + diff --git a/frog/bird/bird/functions/b_filters.conf b/frog/bird/bird/functions/b_filters.conf new file mode 100644 index 0000000..ebc8f30 --- /dev/null +++ b/frog/bird/bird/functions/b_filters.conf @@ -0,0 +1,110 @@ +# Based on jlu5's custom filters +# https://github.com/jlu5/ansible-dn42 +# Adapted for AS4242421411 - C4TG1RL5 + +function lower_pref(int x) { + if (bgp_local_pref > x) then { + bgp_local_pref = bgp_local_pref - x; + } else { + bgp_local_pref = 0; + } +} + +function get_region_tag(int region_tag) { + if (region_tag = 44) then { + return 1; # North America - West + } else if (region_tag ~ [42..43]) then { + return 2; # North America - Central/East + } else if (region_tag = 41) then { + return 3; # Europe + } else if (region_tag ~ [51..53]) then { + return 4; # Asia E/SE + Oceania + } + return 0; +} + +function prefer_same_region_origin(int base_weight) + int region_tag; + int incoming_tag; +{ + region_tag = get_region_tag(DN42_REGION); + incoming_tag = 0; + + if ((64511, 41) ~ bgp_community) then { + incoming_tag = get_region_tag(41); + } + else if ((64511, 42) ~ bgp_community) then { + incoming_tag = get_region_tag(42); + } + else if ((64511, 43) ~ bgp_community) then { + incoming_tag = get_region_tag(43); + } + else if ((64511, 44) ~ bgp_community) then { + incoming_tag = get_region_tag(44); + } + else if ((64511, 50) ~ bgp_community) then { + incoming_tag = get_region_tag(50); + } + else if ((64511, 51) ~ bgp_community) then { + incoming_tag = get_region_tag(51); + } + else if ((64511, 52) ~ bgp_community) then { + incoming_tag = get_region_tag(52); + } + else if ((64511, 53) ~ bgp_community) then { + incoming_tag = get_region_tag(53); + } + + if (incoming_tag = 0 || incoming_tag = region_tag) then { + bgp_local_pref = bgp_local_pref + base_weight; + } +} + +function bgp_import_filter() { + # Reject routes with long path lengths + if (bgp_path.len > 12) then { + reject; + } + + bgp_local_pref = bgp_local_pref + 1400; + lower_pref(bgp_path.len * 100); + prefer_same_region_origin(300); + + if (source = RTS_BGP && (65535, 666) ~ bgp_community) then { + dest = RTD_BLACKHOLE; + } +}; + +function igp_import_filter() { + if (source != RTS_BGP) then { + reject; + } + if (!is_valid_network() && !is_valid_network_v6()) then { + reject; + } + + + # TODO: fix this + # bgp_local_pref = bgp_local_pref + 200; + lower_pref(bgp_path.len * 100); + if (bgp_path.len = 0) then { + bgp_local_pref = bgp_local_pref + 2000; + } + prefer_same_region_origin(200); + + accept; +} + +# TODO: implement exports with the bgp_med attribute + +function igp_export_filter() { + if (source != RTS_BGP && !is_igp_network()) then { + reject; + } + + if (is_igp_network() && source = RTS_DEVICE) then { + reject; + } + accept; +} + diff --git a/frog/bird/bird/functions/c_community_filters.conf b/frog/bird/bird/functions/c_community_filters.conf new file mode 100644 index 0000000..be4ec25 --- /dev/null +++ b/frog/bird/bird/functions/c_community_filters.conf @@ -0,0 +1,107 @@ +# Stole from https://github.com/jlu5/ansible-dn42/tree/main/roles/config-bird2 +# adapted for our general config (thanks jlu5 for sharing it) +# +# DN42 community filters. Based off https://dn42.net/howto/Bird-communities and tweaked +# for Bird 2 + +function update_latency(int link_latency) { + bgp_community.add((64511, link_latency)); + if (64511, 9) ~ bgp_community then { bgp_community.delete([(64511, 1..8)]); return 9; } + else if (64511, 8) ~ bgp_community then { bgp_community.delete([(64511, 1..7)]); return 8; } + else if (64511, 7) ~ bgp_community then { bgp_community.delete([(64511, 1..6)]); return 7; } + else if (64511, 6) ~ bgp_community then { bgp_community.delete([(64511, 1..5)]); return 6; } + else if (64511, 5) ~ bgp_community then { bgp_community.delete([(64511, 1..4)]); return 5; } + else if (64511, 4) ~ bgp_community then { bgp_community.delete([(64511, 1..3)]); return 4; } + else if (64511, 3) ~ bgp_community then { bgp_community.delete([(64511, 1..2)]); return 3; } + else if (64511, 2) ~ bgp_community then { bgp_community.delete([(64511, 1..1)]); return 2; } + else return 1; +} + +function update_bandwidth(int link_bandwidth) { + bgp_community.add((64511, link_bandwidth)); + if (64511, 21) ~ bgp_community then { bgp_community.delete([(64511, 22..29)]); return 21; } + else if (64511, 22) ~ bgp_community then { bgp_community.delete([(64511, 23..29)]); return 22; } + else if (64511, 23) ~ bgp_community then { bgp_community.delete([(64511, 24..29)]); return 23; } + else if (64511, 24) ~ bgp_community then { bgp_community.delete([(64511, 25..29)]); return 24; } + else if (64511, 25) ~ bgp_community then { bgp_community.delete([(64511, 26..29)]); return 25; } + else if (64511, 26) ~ bgp_community then { bgp_community.delete([(64511, 27..29)]); return 26; } + else if (64511, 27) ~ bgp_community then { bgp_community.delete([(64511, 28..29)]); return 27; } + else if (64511, 28) ~ bgp_community then { bgp_community.delete([(64511, 29..29)]); return 28; } + else return 29; +} + +function update_crypto(int link_crypto) { + bgp_community.add((64511, link_crypto)); + if (64511, 31) ~ bgp_community then { bgp_community.delete([(64511, 32..34)]); return 31; } + else if (64511, 32) ~ bgp_community then { bgp_community.delete([(64511, 33..34)]); return 32; } + else if (64511, 33) ~ bgp_community then { bgp_community.delete([(64511, 34..34)]); return 33; } + else return 34; +} + +function update_flags(int link_latency; int link_bandwidth; int link_crypto) +int dn42_latency; +int dn42_bandwidth; +int dn42_crypto; +{ + dn42_latency = update_latency(link_latency); + dn42_bandwidth = update_bandwidth(link_bandwidth) - 20; + dn42_crypto = update_crypto(link_crypto) - 30; + # TODO: abstract this out into a config variable + if dn42_bandwidth > 4 then dn42_bandwidth = 4; + return true; +} + +function dn42_import_filter(int link_latency; int link_bandwidth; int link_crypto) { + if net.type = NET_IP4 && is_valid_network() && !is_self_net() then { + if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then { + print "[dn42] ROA check failed for ", net, " - AS ", bgp_path.last; + reject; + } + } else if net.type = NET_IP6 && is_valid_network_v6() && !is_self_net_v6() then { + if (roa_check(dn42_roa6, net, bgp_path.last) != ROA_VALID) then { + print "[dn42] ROA check failed for ", net, " - AS ", bgp_path.last; + reject; + } + } else { # Invalid IP or unknown net type + reject; + } + update_flags(link_latency, link_bandwidth, link_crypto); + bgp_import_filter(); + + accept; +} + +function dn42_export_filter(int link_latency; int link_bandwidth; int link_crypto) { + if (is_valid_network() || is_valid_network_v6()) then { + if source = RTS_STATIC || source = RTS_DEVICE then { + bgp_community.add((64511, DN42_REGION)); + } + update_flags(link_latency, link_bandwidth, link_crypto); + + accept; + } + + reject; +} + +function dn42_ibgp_import_filter(int link_latency; int link_bandwidth; int link_crypto) { + if source = RTS_BGP && net.type = NET_IP4 && is_valid_network() && !is_self_net() then { + update_flags(link_latency, link_bandwidth, link_crypto); + accept; + } else if source = RTS_BGP && net.type = NET_IP6 && is_valid_network_v6() && !is_self_net_v6() then { + update_flags(link_latency, link_bandwidth, link_crypto); + accept; + } else { + reject; + } +} + +function dn42_ibgp_export_filter(int link_latency; int link_bandwidth; int link_crypto) { + if source = RTS_BGP && (is_valid_network() || is_valid_network_v6()) && (!is_self_net() || !is_self_net_v6()) then { + update_flags(link_latency, link_bandwidth, link_crypto); + accept; + } + reject; +} + + diff --git a/frog/bird/bird/igp/ibgp_bagpipe.conf b/frog/bird/bird/igp/ibgp_bagpipe.conf new file mode 100644 index 0000000..6070d7b --- /dev/null +++ b/frog/bird/bird/igp/ibgp_bagpipe.conf @@ -0,0 +1,16 @@ +protocol bgp ibgp_bagpipe from dn42_igp { + neighbor fe80::4242:2%igp_bagpipe as AS; + + ipv4 { + import where igp_import_filter(); + export where dn42_ibgp_export_filter(5,24,33); + next hop self; + extended next hop on; + }; + ipv6 { + import where igp_import_filter(); + export where dn42_ibgp_export_filter(5,24,33); + next hop self; + }; +} + diff --git a/frog/bird/bird/igp/ibgp_lxc.conf b/frog/bird/bird/igp/ibgp_lxc.conf new file mode 100644 index 0000000..57584ef --- /dev/null +++ b/frog/bird/bird/igp/ibgp_lxc.conf @@ -0,0 +1,18 @@ +protocol bgp ibgp_lxc from dn42_igp { + neighbor fe80::4242:2%igp_lxc as AS; + passive off; + + ipv4 { + import where igp_import_filter(); + export where igp_export_filter(); + next hop self; + extended next hop on; + }; + + ipv6 { + import where igp_import_filter(); + export where igp_export_filter(); + next hop self; + }; +} + diff --git a/frog/bird/bird/peers/COLLECTOR.conf b/frog/bird/bird/peers/COLLECTOR.conf new file mode 100644 index 0000000..3cf1678 --- /dev/null +++ b/frog/bird/bird/peers/COLLECTOR.conf @@ -0,0 +1,29 @@ +protocol bgp COLLECTOR { + local as AS; + neighbor fd42:4242:2601:ac12::1 as 4242422602; + multihop; + + ipv4 { + add paths tx; + import none; + export filter { + if ( is_valid_network() && source ~ [ RTS_STATIC, RTS_BGP ] ) + then { + accept; + } + reject; + }; + }; + ipv6 { + add paths tx; + import none; + export filter { + if ( is_valid_network_v6() && source ~ [ RTS_STATIC, RTS_BGP ] ) + then { + accept; + } + reject; + }; + }; +}; + diff --git a/frog/bird/bird/peers/burble.conf b/frog/bird/bird/peers/burble.conf new file mode 100644 index 0000000..01a2154 --- /dev/null +++ b/frog/bird/bird/peers/burble.conf @@ -0,0 +1,15 @@ +protocol bgp burble from dn42_peer { + neighbor fe80::42:2601:31:1%dn42_burble as 4242422601; + passive off; + + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + diff --git a/frog/bird/bird/peers/fortless.conf b/frog/bird/bird/peers/fortless.conf new file mode 100644 index 0000000..046d6d2 --- /dev/null +++ b/frog/bird/bird/peers/fortless.conf @@ -0,0 +1,16 @@ +protocol bgp fortless_4 from dn42_peer { + neighbor 172.20.222.224 as 4242423192; + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + +protocol bgp fortless_6 from dn42_peer { + neighbor fe80::3198%dn42_fortless as 4242423192; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + diff --git a/frog/bird/bird/peers/jlu5.conf b/frog/bird/bird/peers/jlu5.conf new file mode 100644 index 0000000..769212c --- /dev/null +++ b/frog/bird/bird/peers/jlu5.conf @@ -0,0 +1,15 @@ +protocol bgp jlu5 from dn42_peer { + neighbor fe80::1080:121%dn42_jlu5 as 4242421080; + passive off; + + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + diff --git a/frog/bird/bird/peers/kioubit.conf b/frog/bird/bird/peers/kioubit.conf new file mode 100644 index 0000000..1106c3b --- /dev/null +++ b/frog/bird/bird/peers/kioubit.conf @@ -0,0 +1,15 @@ +protocol bgp kioubit from dn42_peer { + neighbor fe80::ade0%dn42_kioubit as 4242423914; + passive off; + + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + diff --git a/frog/bird/bird/peers/kskb-neo.conf b/frog/bird/bird/peers/kskb-neo.conf new file mode 100644 index 0000000..bf0fec1 --- /dev/null +++ b/frog/bird/bird/peers/kskb-neo.conf @@ -0,0 +1,14 @@ +protocol bgp kskb_neo from dn42_peer { + neighbor fe80::1111%dn42_kskb_neo as 4201271111; + + ipv4 { + import where dn42_import_filter(5,25,33); + export where dn42_export_filter(5,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(5,25,33); + export where dn42_export_filter(5,25,33); + }; +} + diff --git a/frog/bird/bird/peers/kskb.conf b/frog/bird/bird/peers/kskb.conf new file mode 100644 index 0000000..6d2980f --- /dev/null +++ b/frog/bird/bird/peers/kskb.conf @@ -0,0 +1,14 @@ +protocol bgp kskb from dn42_peer { + neighbor fe80::1817%dn42_kskb as 4242421817; + + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + diff --git a/frog/bird/bird/peers/lutoma.conf b/frog/bird/bird/peers/lutoma.conf new file mode 100644 index 0000000..1771728 --- /dev/null +++ b/frog/bird/bird/peers/lutoma.conf @@ -0,0 +1,14 @@ +protocol bgp lutoma from dn42_peer { + neighbor fe80::acab%dn42_lutoma as 64719; + + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + diff --git a/frog/bird/bird/peers/maraun.conf b/frog/bird/bird/peers/maraun.conf new file mode 100644 index 0000000..0c3f0b0 --- /dev/null +++ b/frog/bird/bird/peers/maraun.conf @@ -0,0 +1,15 @@ +protocol bgp maraun from dn42_peer { + neighbor fe80::2225%dn42_maraun as 4242422225; + passive off; + + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + diff --git a/frog/bird/bird/peers/mark22k.conf b/frog/bird/bird/peers/mark22k.conf new file mode 100644 index 0000000..781e002 --- /dev/null +++ b/frog/bird/bird/peers/mark22k.conf @@ -0,0 +1,15 @@ +protocol bgp mark22k from dn42_peer { + neighbor fe80::2924%dn42_mark22k as 4242422923; + passive off; + + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + diff --git a/frog/bird/bird/peers/munsternet.conf b/frog/bird/bird/peers/munsternet.conf new file mode 100644 index 0000000..774d08a --- /dev/null +++ b/frog/bird/bird/peers/munsternet.conf @@ -0,0 +1,16 @@ +protocol bgp munsternet from dn42_peer { + neighbor fe80::42:2237%dn42_munsternet as 4242422237; + passive off; + + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + + diff --git a/frog/bird/bird/peers/tomkap.conf b/frog/bird/bird/peers/tomkap.conf new file mode 100644 index 0000000..a0547d0 --- /dev/null +++ b/frog/bird/bird/peers/tomkap.conf @@ -0,0 +1,16 @@ +protocol bgp tomkap from dn42_peer { + neighbor fe80::ffff:2092%dn42_tomkap as 4242422092; + passive off; + + ipv4 { + import where dn42_import_filter(1,25,33); + export where dn42_export_filter(1,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(1,25,33); + export where dn42_export_filter(1,25,33); + }; +} + + diff --git a/frog/bird/bird/peers/whojk.conf b/frog/bird/bird/peers/whojk.conf new file mode 100644 index 0000000..3825a53 --- /dev/null +++ b/frog/bird/bird/peers/whojk.conf @@ -0,0 +1,15 @@ +protocol bgp whojk from dn42_peer { + neighbor fe80::2717%dn42_whojk as 4242422717; + passive off; + + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + diff --git a/frog/bird/bird/peers/yuuta.conf b/frog/bird/bird/peers/yuuta.conf new file mode 100644 index 0000000..6c81495 --- /dev/null +++ b/frog/bird/bird/peers/yuuta.conf @@ -0,0 +1,15 @@ +protocol bgp yuuta from dn42_peer { + neighbor fe80::2980%dn42_yuuta as 4242422980; + passive off; + + ipv4 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + extended next hop on; + }; + ipv6 { + import where dn42_import_filter(3,25,33); + export where dn42_export_filter(3,25,33); + }; +} + diff --git a/frog/cron b/frog/cron new file mode 100644 index 0000000..bdda383 --- /dev/null +++ b/frog/cron @@ -0,0 +1,4 @@ +0 * * * * curl -sfo /etc/bird/roa/dn42_roa_bird2_6.conf https://dn42.burble.com/roa/dn42_roa_bird2_6.conf && birdc configure +0 * * * * curl -sfo /etc/bird/roa/dn42_roa_bird2_4.conf https://dn42.burble.com/roa/dn42_roa_bird2_4.conf && birdc configure +*/5 * * * * UUID= /usr/local/bin/generic-linux-debian-redhat-busybox.sh + diff --git a/frog/nsd/zones/0-24.42.0.10.in-addr.arpa.zone b/frog/nsd/zones/0-24.42.0.10.in-addr.arpa.zone new file mode 100644 index 0000000..1bdb4a6 --- /dev/null +++ b/frog/nsd/zones/0-24.42.0.10.in-addr.arpa.zone @@ -0,0 +1,7 @@ +$ORIGIN 0/24.42.0.10.in-addr.arpa. +$TTL 600 + +0/24.42.0.10.in-addr.arpa. IN SOA ns1.frog lemon.lemonsh.moe 1 7200 3600 1209600 3600 + +1 IN PTR at-vie1.frog + diff --git a/frog/nsd/zones/32-27.196.23.172.in-addr.arpa.zone b/frog/nsd/zones/32-27.196.23.172.in-addr.arpa.zone new file mode 100644 index 0000000..7e49b40 --- /dev/null +++ b/frog/nsd/zones/32-27.196.23.172.in-addr.arpa.zone @@ -0,0 +1,14 @@ +$ORIGIN 32/27.196.23.172.in-addr.arpa. +$TTL 600 + +32/27.196.23.172.in-addr.arpa. IN SOA ns1.catgirls.dn42. lemon.lemonsh.moe. 1 7200 3600 1209600 3600 + +33 IN PTR at-vie1_frog.catgirls.dn42. +34 IN PTR us-tex1_bagpipe.catgirls.dn42. +35 IN PTR fi-hel1_lxc.catgirls.dn42. + +41 IN PTR famfo.catgirls.dn42. +43 IN PTR lemon.catgirls.dn42. + +52 IN PTR ns1.catgirls.dn42. + diff --git a/frog/nsd/zones/catgirls.dn42.zone b/frog/nsd/zones/catgirls.dn42.zone new file mode 100644 index 0000000..76a4de7 --- /dev/null +++ b/frog/nsd/zones/catgirls.dn42.zone @@ -0,0 +1,15 @@ +$ORIGIN catgirls.dn42. +$TTL 600 + +catgirls.dn42. IN SOA ns1.catgirls.dn42. lemon.lemonsh.moe. 1 7200 3600 1209600 3600 +_dn42_tlsverify.catgirls.dn42. IN TXT C4TG1RL5-MNT:pin-sha256:2pA38u4nEUzN2mSi7hmqR4GR6koZIU+JTgJZt41860Q= + +catgirls.dn42. IN A 172.23.196.33 +catgirls.dn42. IN AAAA fd42:deca:fbad::1 + +;catgirls.dn42. IN NS ns1 +ns1 IN A 172.23.196.52 +ns1 IN AAAA fd42:deca:fbad::f1:c47:ff + +factorio IN A 172.23.196.33 + diff --git a/frog/nsd/zones/d.a.b.f.a.c.e.d.2.4.d.f.ip6.arpa.zone b/frog/nsd/zones/d.a.b.f.a.c.e.d.2.4.d.f.ip6.arpa.zone new file mode 100644 index 0000000..18ea4db --- /dev/null +++ b/frog/nsd/zones/d.a.b.f.a.c.e.d.2.4.d.f.ip6.arpa.zone @@ -0,0 +1,9 @@ +$ORIGIN d.a.b.f.a.c.e.d.2.4.d.f.ip6.arpa. +$TTL 600 + +d.a.b.f.a.c.e.d.2.4.d.f.ip6.arpa. IN SOA ns1.catgirls.dn42 lemon.lemonsh.moe. 2021082301 1800 3600 1209600 3600 + +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR at-vie1_frog.catgirls.dn42. +2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR us-tex1_bagpipe.catgirls.dn42. +3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR fi-hel1_lxc.catgirls.dn42. + diff --git a/frog/pingfinder b/frog/pingfinder new file mode 160000 index 0000000..4a185c3 --- /dev/null +++ b/frog/pingfinder @@ -0,0 +1 @@ +Subproject commit 4a185c375c404360b4f2fa3f5791d0b8876c83ca