Route server IPv6 avoid_martians
Ondrej Zajicek
santiago at crfreenet.org
Thu Sep 10 11:56:42 CEST 2015
On Wed, Sep 09, 2015 at 05:25:30PM -0500, Jonathan Stewart wrote:
> On Thu, Aug 20, 2015 at 6:08 PM, Job Snijders <job at instituut.net> wrote:
>
> > You could match on it with something along the lines of:
> >
> > function avoid_too_long_or_too_short()
> > prefix set boundry;
> > {
> > boundry = [ ::/0{8,48} ];
> > if net ~ boundry then return true;
> > return false
> > }
> >
> > And later on use:
> >
> > if !(avoid_too_long_or_too_short()) then reject;
> >
> > Kind regards,
>
> I will now endeavour to add what I've learned to the BIRD wiki. Anyone
> know how I should get edit access to the wiki?
Hi
I don't know much about edit access approval, but if you send me the
text, i will put it there.
BTW, you can specify prefix set constants directly as global statement,
it is not necessary to have functions just for that:
define martians = [
0000::/8{8,128}, 0200::/7{7,128}, 2001::/32{32,128},
2001:db8::/32{32,128}, 2002::/16{16,128}, 3ffe::/16{16,128},
5f00::/8{8,128}, fc00::/7{7,128}, fe80::/10{10,128},
fec0::/10{10,128}, ff00::/8{8,128} ];
...
if net ~ martians then reject;
Also note that checking for proper length using the '::/0{8,48}' pattern
in a prefix set is OK, but if it is a separate check instead of a part of
a wider prefix set, it is simpler to use:
if (net.len < 8) or (net.len > 48) then reject;
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20150910/76933749/attachment.asc>
More information about the Bird-users
mailing list