From c9f744a8da2c8898d54121f03d48d39f9be57baf Mon Sep 17 00:00:00 2001
From: Nick Pratley <nick@ix.asn.au>
Date: Mon, 27 Apr 2020 16:12:32 +1000
Subject: [PATCH 1/2] only build prefixes in as_set if the option is enabled

---
 pierky/arouteserver/builder.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/pierky/arouteserver/builder.py b/pierky/arouteserver/builder.py
index a7a80960..e19d41db 100644
--- a/pierky/arouteserver/builder.py
+++ b/pierky/arouteserver/builder.py
@@ -521,9 +521,13 @@ def enrich_config(self):
         if irrdb_cfg["peering_db"]:
             used_enricher_classes += [PeeringDBConfigEnricher_ASSet]
 
-        used_enricher_classes += [IRRDBConfigEnricher_ASNs,
-                                  IRRDBConfigEnricher_Prefixes,
-                                  PeeringDBConfigEnricher_MaxPrefix]
+        if filtering["irrdb"]["enforce_origin_in_as_set"]:
+            used_enricher_classes.append(IRRDBConfigEnricher_ASNs)
+
+        if filtering["irrdb"]["enforce_prefix_in_as_set"]:
+            used_enricher_classes.append(IRRDBConfigEnricher_Prefixes)
+
+        used_enricher_classes.append(PeeringDBConfigEnricher_MaxPrefix)
 
         if self.cfg_general.rtt_based_functions_are_used:
             used_enricher_classes.append(RTTGetterConfigEnricher)

From e1da3c2cce0e5c9e5e62e1b7f691c70b9d6f42f3 Mon Sep 17 00:00:00 2001
From: Nick Pratley <nick@ix.asn.au>
Date: Mon, 27 Apr 2020 16:44:08 +1000
Subject: [PATCH 2/2] supporting templates

---
 templates/bird/clients.j2     |  4 ++--
 templates/bird/irrdb.j2       | 38 +++++++++++++++++------------------
 templates/fingerprints.yml    |  8 ++++----
 templates/openbgpd/filters.j2 |  2 +-
 templates/openbgpd/irrdb.j2   |  3 ++-
 5 files changed, 28 insertions(+), 27 deletions(-)

diff --git a/templates/bird/clients.j2 b/templates/bird/clients.j2
index 2cbdd9f5..6b3fcf69 100644
--- a/templates/bird/clients.j2
+++ b/templates/bird/clients.j2
@@ -27,7 +27,7 @@ reject {{ err_msg }};
 
 # AS-SET for {{ client.id }}
 function origin_as_is_in_{{ client.id }}_as_set() {
-{% if client.cfg.filtering.irrdb.as_set_bundle_ids %}
+{% if 'as_set_bundle_ids' in client.cfg.filtering.irrdb.keys() and client.cfg.filtering.irrdb.as_set_bundle_ids %}
 {%	for as_set_bundle_id in client.cfg.filtering.irrdb.as_set_bundle_ids|sort %}
 {%		if irrdb_info[as_set_bundle_id].asns %}
 	if bgp_path.last_nonaggregated ~ AS_SET_{{ irrdb_info[as_set_bundle_id].name }}_asns then
@@ -42,7 +42,7 @@ function origin_as_is_in_{{ client.id }}_as_set() {
 
 # R-SET for {{ client.id }}
 function prefix_is_in_{{ client.id }}_as_set() {
-{% if client.cfg.filtering.irrdb.as_set_bundle_ids %}
+{% if 'as_set_bundle_ids' in client.cfg.filtering.irrdb.keys() and client.cfg.filtering.irrdb.as_set_bundle_ids %}
 {%	for as_set_bundle_id in client.cfg.filtering.irrdb.as_set_bundle_ids|sort %}
 {%    set this_ip_ver = client.ip|ipaddr_ver %}
 {%    set prefixes = irrdb_info[as_set_bundle_id].prefixes|selectattr("prefix", "is_ipver", this_ip_ver)|list %}
diff --git a/templates/bird/irrdb.j2 b/templates/bird/irrdb.j2
index 7797b074..ea8e3115 100644
--- a/templates/bird/irrdb.j2
+++ b/templates/bird/irrdb.j2
@@ -2,36 +2,36 @@
 
 # ---------------------------------------------------------
 # IRRDB
-
-{% for as_set_bundle_id in irrdb_info|sort %}
-{% set as_set_bundle = irrdb_info[as_set_bundle_id] %}
+{% if irrdb_info %}
+{%   for as_set_bundle_id in irrdb_info|sort %}
+{%   set as_set_bundle = irrdb_info[as_set_bundle_id] %}
 # {{ as_set_bundle.descr }}, used_by {{ as_set_bundle.used_by|sort|join(", ") }}
-{% if as_set_bundle.asns|length == 0 %}
+{%   if as_set_bundle.asns|length == 0 %}
 # no origin ASNs found for {{ as_set_bundle.name }}
-{% else %}
+{%   else %}
 define AS_SET_{{ as_set_bundle.name }}_asns = [
 {{ "\t" -}}
-{%	for asn in as_set_bundle.asns|sort %}
-{{-		asn -}}
-{%		if not loop.last %}, {% endif %}
-{%		if loop.index % 5 == 0 %}{{ "\n\t" }}{% endif %}
-{%	endfor %}
+{%	  for asn in as_set_bundle.asns|sort %}
+{{-		  asn -}}
+{%		  if not loop.last %}, {% endif %}
+{%		  if loop.index % 5 == 0 %}{{ "\n\t" }}{% endif %}
+{%	  endfor %}
 
 ];
-{% endif %}
+{%   endif %}
 
-{% for this_ip_ver in list_ip_vers %}
-{%   set this_ip_ver_prefixes = as_set_bundle.prefixes|selectattr("prefix", "is_ipver", this_ip_ver)|list %}
-{%   if this_ip_ver_prefixes|length == 0 %}
+{%   for this_ip_ver in list_ip_vers %}
+{%     set this_ip_ver_prefixes = as_set_bundle.prefixes|selectattr("prefix", "is_ipver", this_ip_ver)|list %}
+{%     if this_ip_ver_prefixes|length == 0 %}
 # no IPv{{ this_ip_ver }} prefixes found for {{ as_set_bundle.name }}
-{%   else %}
+{%     else %}
 define AS_SET_{{ as_set_bundle.name }}_prefixes_{{ this_ip_ver }} = [
 {{ write_prefix_list(this_ip_ver_prefixes, True) }}
 ];
-{%   endif %}
-{% endfor %}
-
-{% endfor %}
+{%     endif %}
+{%   endfor %}
+{%   endfor %}
+{% endif %}
 
 {% if cfg.filtering.irrdb.use_arin_bulk_whois_data.enabled and arin_whois_records %}
 # ARIN Whois database records
diff --git a/templates/fingerprints.yml b/templates/fingerprints.yml
index ec225e9a..eec8d695 100644
--- a/templates/fingerprints.yml
+++ b/templates/fingerprints.yml
@@ -1,8 +1,8 @@
 bird:
-  clients.j2: 036f23b6c57472d9a7eff117eb194be0dc5c567b57a3b88d342ae049560ba938a974a5e404c2ffba4d51a38603917b96df5b61408e825174ac1fe5d8e947cfb5
+  clients.j2: 7d6aea870af5f12d7b0ae832bdb3ab26ac622aee603d79f21ef96f0296074fe51e6d1fcc69882d33b044d1d9774fa6bcd50a91fea6c445a1194bea39feb50d91
   common.j2: 2e5af4937fb04eebabe6a32b797924049755021dcda4ffccb775bdfcbc78ce6a351ca86349512ddf56d82fd09f9b69a9ea64185a383b321f89a31c5f155d45e9
   header.j2: 584f9db6b8ee3f7c0be57d11323aac3e6b984cf5c495bbcb3d37b551c3525edc45baf1066d2d10b8af173a2159bc7e699a57f3fe4de4434ce244f12278df34a1
-  irrdb.j2: ba14f717104b1ace6b208046d1028e0e9bda456f7bbec31fb57e04d8e75133a3925a49e91b047dc8d73b96cc6a2be8df7fa5134ef42e4937f4f2e8245e712c2f
+  irrdb.j2: 077b3da5b515ebdb0aa19338548d275ae7d9ab930175b8991176cf06278f993b3b0b4d67fcc1d2576f3c01b3953f8bb040ebc39bd1d9e933a9913e9fd3fd70d7
   macros.j2: 0dd53486a495edb4a486f2c82a7482a255748654651c7e06ac29b1c7726ea2ccd7078d831b75e5350400b95c8927779a20f9c9c5b1d52f0f9f725d3e90f5c23a
   main.j2: ed32987ac71837a00e6065f135198080e493e9a92d41b056c608c9fb6821bd896f492f6b3ed2242c31b3c9ae868e9dd705d681b4e1dbe8aa63a1ec1706972cf0
   rpki.j2: 1f4d7c5120e148651e3855ef38737cd8f32951bdc35c4fbbaee5e14e6ab77ab6ddf861b39d5268f52a270b9786268efc45b6f34f3c09e5494b987b2f697b9540
@@ -11,9 +11,9 @@ html:
   main.j2: efcdfb0191c76563b5b2bbac8a6aa345a71fedc19752cf7042859f3dfb792f437ed40fc563699efdd30f6e9fe52f7a46229965b273f1e58dedf8739c8fa20c0c
 openbgpd:
   clients.j2: 16ccd0d3815c31880ba81cf94c68567a33c743bf08d33aee3b0bfb178c44dced0b3f93b78389593945e1a42c737924169eb4328d17685be518a9578d4852caf8
-  filters.j2: edc6ec402ea658f9a747385a140e5fd7fd8b4a43df125cff6435112316b7cfdfec66aa26dfa2b938f5286595757a4d9c6b002780c3a0e3ba6e3302fa8df20e5b
+  filters.j2: 25e68e8e8051bc6cf22e401c6f49f3880538418b0bcd0864b07a7eeeaf5f266bca98f529375ac2c97ba81cb036285e0693b390d69bb59c6263cfd3e82ae3df1d
   header.j2: e78b6cf99af7b185a60e4303deb4e4041684f022efdea3abdc85f6365b3296926a8a4343964a46ef28ce5f11474ea1bd122e33e84721eeff6b6bb6ab64ae7a68
-  irrdb.j2: a41aff6077c4b7ddd8ae03f0ac33f3ff47c9812350204d929a8b02fe63d023a813e802a7c9183528058b55d7502f7aeaef77a65acc906022586510f37453b88a
+  irrdb.j2: 43e4f4e39c2ecde20914e1875dd8f326106416ab2818cd23ee80939a800ece835502b5cdae0000788b68e17d49af48a03c9b35a411ed0757dfd7b25ec2de134c
   macros.j2: 2a2edfebbcc29835c91723da117052374b1d07c1d9e66a23717d248768cd628b7ea831971be28d42e57c58f59d27fa92333b3b0e66eb439029a0bbf9f69b85c4
   main.j2: c81d8a3d4052a440f3d404ebdadeeae181966447463f9733768d8d9da4304cd6ea1505a9fdb58e3df55521c44bd03174efa3d3f35b5b79b8d7dda17ee9589061
   rpki.j2: 698a6cbe12289be3c9c694a11390e2478f7aa734eff64bf508210c7774719e9f49155cc3643dea78b4ebc31d69ca30dc21aa53c3d9c46393bfde00f71eb73b71
diff --git a/templates/openbgpd/filters.j2 b/templates/openbgpd/filters.j2
index 236895cf..83aa02c4 100644
--- a/templates/openbgpd/filters.j2
+++ b/templates/openbgpd/filters.j2
@@ -34,7 +34,7 @@ deny quick {{ condition }}
 # IRRDB filters for {{ client.id }}, AS{{ client.asn }}: {{ objects }}
 # add {{int_comm_ko}} to any; it will be removed later if at least one AS-SET authorizes this object
 match from {{ client.ip  }} set ext-community {{ int_comm_ko }}
-{%      if client.cfg.filtering.irrdb.as_set_bundle_ids %}
+{%      if 'as_set_bundle_ids' in client.cfg.filtering.irrdb.keys() and client.cfg.filtering.irrdb.as_set_bundle_ids %}
 # verifying if object is authorized by AS-SETs
 {%              for as_set_bundle_id in client.cfg.filtering.irrdb.as_set_bundle_ids|sort %}
 {%			set as_set_bundle = irrdb_info[as_set_bundle_id] %}
diff --git a/templates/openbgpd/irrdb.j2 b/templates/openbgpd/irrdb.j2
index fc6b4b35..0a908f5f 100644
--- a/templates/openbgpd/irrdb.j2
+++ b/templates/openbgpd/irrdb.j2
@@ -4,7 +4,7 @@
 # IRRDB
 
 {{ "pre-irrdb"|include_local_file -}}
-
+{% if irrdb_info %}
 {% for as_set_bundle_id in irrdb_info|sort %}
 {%	set as_set_bundle = irrdb_info[as_set_bundle_id] %}
 # {{ as_set_bundle.descr }}, used by {{ as_set_bundle.used_by|sort|join(", ") }}
@@ -39,6 +39,7 @@ AS_SET_{{ as_set_bundle.name }}_prefixes{{ loop.index }}="{ {{ write_prefix_list
 {%	endif %}
 
 {% endfor %}
+{% endif %}
 
 {{ "post-irrdb"|include_local_file -}}