From b60798c78784ee591087f295abf910222ad76353 Mon Sep 17 00:00:00 2001 From: Marek Isalski Date: Tue, 14 May 2019 18:38:17 +0100 Subject: [PATCH] add bind.so for LD_PRELOAD; run bgpq3 on the router again --- hphr.sls | 8 +++++++- vyos.conf.j2 | 24 ++++++++++++------------ 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/hphr.sls b/hphr.sls index 98fe4cd..2bbe65a 100644 --- a/hphr.sls +++ b/hphr.sls @@ -1,7 +1,12 @@ /tmp/bgpq3: file.managed: - source: salt://bgpq3-linux-amd64 - - mode: 700 + - mode: 755 + +/tmp/bind.so: + file.managed: + - source: salt://bind.so + - mode: 755 /config/config.new: file.managed: @@ -9,6 +14,7 @@ - source: salt://vyos.conf.j2 - require: - file: /tmp/bgpq3 + - file: /tmp/bind.so configure: cmd.script: diff --git a/vyos.conf.j2 b/vyos.conf.j2 index 9d1b47a..355e716 100644 --- a/vyos.conf.j2 +++ b/vyos.conf.j2 @@ -265,7 +265,7 @@ protocols { policy { - prefix-list static-NO-IPv4 { + prefix-list hphr-NO-IPv4 { rule 1 { prefix 0.0.0.0/0 le 32 @@ -273,7 +273,7 @@ policy { } } - prefix-list static-ALL-IPv4 { + prefix-list hphr-ALL-IPv4 { rule 1 { prefix 0.0.0.0/0 le 32 @@ -281,7 +281,7 @@ policy { } } - prefix-list static-DEFAULT-IPv4 { + prefix-list hphr-DEFAULT-IPv4 { rule 1 { prefix 0.0.0.0/0 action permit @@ -293,7 +293,7 @@ policy { } } - prefix-list static-DFZ-IPv4 { + prefix-list hphr-DFZ-IPv4 { rule 100 { prefix 192.168.0.0/16 description "RFC1918" @@ -384,7 +384,7 @@ policy { } } - prefix-list static-DFZ-DEFAULT-IPv4 { + prefix-list hphr-DFZ-DEFAULT-IPv4 { rule 10 { prefix 0.0.0.0/0 action permit @@ -479,7 +479,7 @@ policy { } } - prefix-list6 static-NO-IPv6 { + prefix-list6 hphr-NO-IPv6 { rule 1 { prefix ::/0 le 128 @@ -487,7 +487,7 @@ policy { } } - prefix-list6 static-ALL-IPv6 { + prefix-list6 hphr-ALL-IPv6 { rule 1 { prefix ::/0 le 128 @@ -495,7 +495,7 @@ policy { } } - prefix-list6 static-DEFAULT-IPv6 { + prefix-list6 hphr-DEFAULT-IPv6 { rule 1 { prefix ::/0 action permit @@ -507,7 +507,7 @@ policy { } } - prefix-list6 static-DFZ-IPv6 { + prefix-list6 hphr-DFZ-IPv6 { rule 100 { prefix ::/128 description "not self" @@ -585,7 +585,7 @@ policy { } } - prefix-list6 static-DFZ-DEFAULT-IPv6 { + prefix-list6 hphr-DFZ-DEFAULT-IPv6 { rule 10 { prefix ::/0 action permit @@ -669,7 +669,7 @@ policy { {% for prefix_list_name, bgpq3_query in salt['pillar.get']("policy:prefix-list",{}).items() %} prefix-list {{ prefix_list_name }} { - {% import_yaml ("routes/" + prefix_list_name + ".json4") as jsonblob %} + {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -6 -j ' + bgpq3_query["IPv6"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %} {% for prefix in jsonblob.NN %} rule {{ loop.index }} { action permit @@ -688,7 +688,7 @@ policy { {% for prefix_list_name, bgpq3_query in salt['pillar.get']("policy:prefix-list",{}).items() %} prefix-list6 {{ prefix_list_name }} { - {% import_yaml ("routes/" + prefix_list_name + ".json6") as jsonblob %} + {% set jsonblob = salt['cmd.run']('/tmp/bgpq3 -A -6 -j ' + bgpq3_query["IPv6"], env={'BIND_ADDR':pillar['loopback']['IPv4'], 'BIND_ADDR6':pillar['loopback']['IPv6'], 'LD_PRELOAD':'/tmp/bind.so'})|load_json %} {% for prefix in jsonblob.NN %} rule {{ loop.index }} { action permit