From f8d8ba844f1a9265752a0d20f519e14bd9c3ba5c Mon Sep 17 00:00:00 2001
From: Quantum <quantum2048@gmail.com>
Date: Wed, 30 Oct 2024 02:15:54 -0400
Subject: [PATCH] Add ASPA filter syntax validation

---
 .github/workflows/bird.yml |  5 ++++
 skeleton-aspa.conf         | 47 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)
 create mode 100644 skeleton-aspa.conf

diff --git a/.github/workflows/bird.yml b/.github/workflows/bird.yml
index ee71d98..4d09875 100644
--- a/.github/workflows/bird.yml
+++ b/.github/workflows/bird.yml
@@ -16,3 +16,8 @@ jobs:
           sudo apt-get install -y bird2
       - name: Test skeleton.conf syntax
         run: /usr/sbin/bird -c skeleton.conf -p
+
+      - name: Generate aspa_invalids.conf
+        run: ./make-bird-aspa aspa/example.json > aspa_invalids.conf
+      - name: Test skeleton-aspa.conf syntax
+        run: /usr/sbin/bird -c skeleton-aspa.conf -p
diff --git a/skeleton-aspa.conf b/skeleton-aspa.conf
new file mode 100644
index 0000000..6bd879c
--- /dev/null
+++ b/skeleton-aspa.conf
@@ -0,0 +1,47 @@
+log syslog all;
+
+# FIXME: Change this to one of your router's IPv4 addresses.
+# If you have none, pick something random from 240.0.0.0/4.
+router id 192.0.2.1;
+
+protocol kernel {
+    scan time 60;
+    ipv4 {
+        export where source != RTS_STATIC;
+        # NOTE: this basic export above doesn't make the routes inserted into
+        # the kernel prefer your own IPs. Things will work fine with your
+        # server's IP assigned by the provider if you have a single upstream
+        # but strange things will happen if you have more than one peer.
+        # Instead, to use your own IP as the default source IP for outgoing
+        # connections on your system, add an IP from your range to the `lo`
+        # interface, remove the line above, and use the block below, changing
+        # 192.0.2.1 to the IP used.
+        #
+        # export filter {
+        #     if source = RTS_STATIC then reject;
+        #     if source = RTS_BGP then krt_prefsrc = 192.0.2.1;
+        #     accept;
+        # };
+    };
+}
+
+protocol kernel {
+    scan time 60;
+    ipv6 {
+        export where source != RTS_STATIC;
+        # NOTE: similar to above, use the following block to change the default
+        # source IP for outgoing connections.
+        # export filter {
+        #     if source = RTS_STATIC then reject;
+        #     if source = RTS_BGP then krt_prefsrc = 2001:db8::1;
+        #     accept;
+        # };
+    };
+}
+
+protocol device {
+    scan time 60;
+}
+
+include "aspa_invalids.conf";
+include "filter_aspa.conf";