add bind.so for LD_PRELOAD; run bgpq3 on the router again

2019-05-14 18:38:17 +01:00 · 2019-05-14 18:38:17 +01:00 · b60798c787
commit b60798c787
parent 87807af1d4
2 changed files with 19 additions and 13 deletions
--- a/hphr.sls
+++ b/hphr.sls
@ -1,7 +1,12 @@
 /tmp/bgpq3:
  file.managed:
    - source: salt://bgpq3-linux-amd64
-    - mode: 700
+    - mode: 755
+
+/tmp/bind.so:
+  file.managed:
+    - source: salt://bind.so
+    - mode: 755

 /config/config.new:
  file.managed:
@ -9,6 +14,7 @@
    - source: salt://vyos.conf.j2
    - require:
      - file: /tmp/bgpq3
+      - file: /tmp/bind.so

 configure:
  cmd.script:
--- a/vyos.conf.j2
+++ b/vyos.conf.j2
@ -265,7 +265,7 @@ protocols {

 policy {

-    prefix-list static-NO-IPv4 {
+    prefix-list hphr-NO-IPv4 {
        rule 1 {
            prefix 0.0.0.0/0
            le 32
@ -273,7 +273,7 @@ policy {
        }
    }

-    prefix-list static-ALL-IPv4 {
+    prefix-list hphr-ALL-IPv4 {
        rule 1 {
            prefix 0.0.0.0/0
            le 32
@ -281,7 +281,7 @@ policy {
        }
    }

-    prefix-list static-DEFAULT-IPv4 {
+    prefix-list hphr-DEFAULT-IPv4 {
        rule 1 {
            prefix 0.0.0.0/0
            action permit
@ -293,7 +293,7 @@ policy {
        }
    }

-    prefix-list static-DFZ-IPv4 {
+    prefix-list hphr-DFZ-IPv4 {
        rule 100 {
            prefix 192.168.0.0/16
            description "RFC1918"
@ -384,7 +384,7 @@ policy {
        }
    }

-    prefix-list static-DFZ-DEFAULT-IPv4 {
+    prefix-list hphr-DFZ-DEFAULT-IPv4 {
        rule 10 {
            prefix 0.0.0.0/0
            action permit
@ -479,7 +479,7 @@ policy {
        }
    }

-    prefix-list6 static-NO-IPv6 {
+    prefix-list6 hphr-NO-IPv6 {
        rule 1 {
            prefix ::/0
            le 128
@ -487,7 +487,7 @@ policy {
        }
    }

-    prefix-list6 static-ALL-IPv6 {
+    prefix-list6 hphr-ALL-IPv6 {
        rule 1 {
            prefix ::/0
            le 128
@ -495,7 +495,7 @@ policy {
        }
    }

-    prefix-list6 static-DEFAULT-IPv6 {
+    prefix-list6 hphr-DEFAULT-IPv6 {
        rule 1 {
            prefix ::/0
            action permit
@ -507,7 +507,7 @@ policy {
        }
    }

-    prefix-list6 static-DFZ-IPv6 {
+    prefix-list6 hphr-DFZ-IPv6 {
        rule 100 {
            prefix ::/128
            description "not self"
@ -585,7 +585,7 @@ policy {
        }
    }

-    prefix-list6 static-DFZ-DEFAULT-IPv6 {
+    prefix-list6 hphr-DFZ-DEFAULT-IPv6 {
        rule 10 {
            prefix ::/0
            action permit
@ -669,7 +669,7 @@ policy {

    {% for prefix_list_name, bgpq3_query in salt['pillar.get']("policy:prefix-list",{}).items() %}
    prefix-list {{ prefix_list_name }} {
-        {% import_yaml ("routes/" + prefix_list_name + ".json4") as jsonblob %}
+        {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -6 -j ' + bgpq3_query["IPv6"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %}
        {% for prefix in jsonblob.NN %}
        rule {{ loop.index }} {
            action permit
@ -688,7 +688,7 @@ policy {

    {% for prefix_list_name, bgpq3_query in salt['pillar.get']("policy:prefix-list",{}).items() %}
    prefix-list6 {{ prefix_list_name }} {
-        {% import_yaml ("routes/" + prefix_list_name + ".json6") as jsonblob %}
+        {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -6 -j ' + bgpq3_query["IPv6"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %}
        {% for prefix in jsonblob.NN %}
        rule {{ loop.index }} {
            action permit