From af0de1612ace919b98a44ddd7ed4b9d5d662c976 Mon Sep 17 00:00:00 2001
From: graffen <gr@ffen.dk>
Date: Fri, 26 Oct 2018 06:50:35 +0000
Subject: [PATCH] Add helper scripts to repo

---
 scripts/mkroa.sh      |  96 +++++++++++++++++++++++++++
 scripts/nixmap.sh     |   5 ++
 scripts/peerfinder.sh | 148 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 249 insertions(+)
 create mode 100755 scripts/mkroa.sh
 create mode 100755 scripts/nixmap.sh
 create mode 100755 scripts/peerfinder.sh

diff --git a/scripts/mkroa.sh b/scripts/mkroa.sh
new file mode 100755
index 0000000..14779dc
--- /dev/null
+++ b/scripts/mkroa.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+
+#
+# bird-mkroa
+# author: hexa-
+#
+# get updates from net.dn42.registry/utils/roa/
+#
+
+<<EOF
+
+Load the ROA-Table from BIRD4_ROA_CFG like this:
+
+	roa table dn42_roa {
+		include "roa4.conf";
+	};
+
+Check in your filters like this:
+
+	if (roa_check(dn42_roa, net, bgp_path.last) = ROA_INVALID) then {
+		print "[dn42] ROA check failed for ", net, " ASN ", bgp_path.last;
+		reject;
+	}
+
+EOF
+
+#
+# Configuration
+#
+
+REGISTRY="/etc/bird/registry"
+
+BIRD4C=birdc
+BIRD4_ROA_CFG="/var/lib/bird/bird_roa_dn42.conf"
+BIRD4_MAX_PREFIXLEN=28
+
+BIRD6C=birdc6
+BIRD6_ROA_CFG="/var/lib/bird/bird6_roa_dn42.conf"
+BIRD6_MAX_PREFIXLEN=64
+
+#
+# End of configuration
+#
+
+# check if git repository exists
+if [ ! -d "$REGISTRY/.git" ]; then
+	>&2 echo "registry directory does not exist;"
+	exit 1
+fi
+
+pushd $REGISTRY
+git pull
+popd
+
+function mkroa() {
+	# based on utils/roa/genroa.sh by fritz@grimpen.net
+
+	for i in $*
+	do
+		route=$(grep -E "route[6]?:" $i | tr -d '[:blank:]' | cut -d':' -f2-)
+		origin=$(grep "origin:" $i | tr -d '[:blank:][:alpha:]' | cut -d':' -f2)
+		if [ -z "$origin" -o -z "$route" -o -n "$(echo $as | tr -d '[:digit:]')" ]
+		then
+			>&2 echo "$i is invalid"
+			continue
+		fi
+		prefixlen=$(echo $route | cut -d'/' -f2)
+		if [ $MAX_PREFIXLEN -gt $prefixlen ]; then
+			prefixlen=$MAX_PREFIXLEN
+		fi
+
+		while read -r asn
+		do
+			echo "roa $route max $prefixlen as $asn;"
+		done <<< "$origin"
+	done
+}
+
+MAX_PREFIXLEN=$BIRD4_MAX_PREFIXLEN mkroa $REGISTRY/data/route/* > $BIRD4_ROA_CFG
+MAX_PREFIXLEN=$BIRD6_MAX_PREFIXLEN mkroa $REGISTRY/data/route6/* > $BIRD6_ROA_CFG
+
+BIRD4_CHECK=$($BIRD4C configure check | grep error)
+if [[ -z $BIRD4_CHECK ]]; then
+	$BIRD4C configure >/dev/null
+else
+	>&2 echo $BIRD4_CHECK
+fi
+
+BIRD6_CHECK=$($BIRD6C configure check | grep error)
+if [[ -z $BIRD6_CHECK ]]; then
+	$BIRD6C configure >/dev/null
+else
+	>&2 echo $BIRD6_CHECK
+fi
+
+
diff --git a/scripts/nixmap.sh b/scripts/nixmap.sh
new file mode 100755
index 0000000..8c6d1a0
--- /dev/null
+++ b/scripts/nixmap.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/sbin/birdc 'show route table T_BGP all'|grep BGP\.as_path|egrep -o '[0-9]+ [0-9 ]+'|sort -n|uniq|curl --insecure -F 'pdata=<-' -F 'as=4242423934' https://nixnodes.net/dn42/routedump
+/usr/sbin/birdc6 'show route table T_BGP all'|grep BGP\.as_path|egrep -o '[0-9]+ [0-9 ]+'|sort -n|uniq|curl --insecure -F 'pdata=<-' -F 'as=4242423934' -F '6=1' https://nixnodes.net/dn42/routedump
+
diff --git a/scripts/peerfinder.sh b/scripts/peerfinder.sh
new file mode 100755
index 0000000..8a0f711
--- /dev/null
+++ b/scripts/peerfinder.sh
@@ -0,0 +1,148 @@
+#!/usr/bin/env bash
+#
+# Measurement script for the dn42 peer finder, see http://dn42.us/peers
+# Dependencies: curl, sed, ping
+#
+# This script is designed to be run in cron every 5 minutes, like this:
+#
+#   UUID=<Your UUID goes here>
+#   */5 * * * * /home/foo/cron.sh
+#
+
+# Put your UUID here, and keep it secret!
+UUID=${UUID}
+PEERFINDER=${PEERFINDER:-"https://dn42.us/peers"}
+NB_PINGS=${NB_PINGS:-5}
+LOGFILE=${LOGFILE:-/dev/stdout}   # Set to /dev/null to only receive errors.
+                                  # Set to a file writable by the cron runner to record pings.
+                                  #  (Errors will be sent in cron mail)
+WARNLOCK=${WARNLOCK:-warn.lock}   # Set this variable if you want a file written when the script updates.
+LOCKFILE=${LOCKFILE:-exec.lock}   # Set this variable if you want the script to not run multiple instances at once.
+LOCKFD=${LOCKFD:-42}
+
+# This avoids synchronisation (everybody fetching jobs and running
+# measurements simultaneously)
+RANDOM_DELAY=30
+
+function die() {
+  echo "## PEERFINDER ERROR $(date) ## " \
+    "$*"
+  exit 1
+}
+
+if command -v flock >/dev/null 2>&1; then
+  eval "exec $LOCKFD>$LOCKFILE"
+  flock -n $LOCKFD || die "Unable to acquire lock."
+fi
+
+VERSION=1.0.10
+ver() { printf "%03d%03d%03d%03d" $(echo "$1" | tr '.' ' '); }
+
+[ -e $LOGFILE ] || touch $LOGFILE
+exec >> $LOGFILE
+
+echo "STARTING PEERFINDER (v. $VERSION)"
+
+SLEEP=$((RANDOM % RANDOM_DELAY))
+
+# check for ping binary
+PING=$(which ping)
+if [ -z "$PING" ]; then
+  die "Unable to find a suitable ping binary."
+fi
+
+CURL=$(which curl)
+if [ -z "$CURL" ]; then
+  die "Unable to find a suitable curl binary."
+fi
+CURL="$CURL -A PeerFinder -sf"
+
+case $OSTYPE in
+  solaris*)
+    GREP=$(which ggrep)
+
+    function ping_cmd() {
+      $PING -sn $3 56 $2
+    }
+    ;;
+  *-gnu|*)
+    # check for IPv6 binary. if ping6 is missing assume 'ping -6'
+    PING6=$(which ping6)
+    [ -z "$PING6" -a -n "$PING" ] && PING6="$PING -6"
+
+    GREP=$(which grep)
+
+    function ping_cmd() {
+      [ "$1" -eq "1" -a -n "$PING" ] && $PING -nqc $2 $3
+      [ "$1" -eq "2" -a -n "$PING6" ] && $PING6 -nqc $2 $3
+    }
+    ;;
+esac
+
+while true ; do
+
+  JOB=$(mktemp)
+
+  $CURL -H 'accept: text/environment' "$PEERFINDER/pending/$UUID" | tee $JOB
+
+  REQ_ID=$($GREP REQ_ID $JOB|cut -d'=' -f2|tr -d '[$`;><{}%|&!()]"/\\')
+  REQ_IP=$($GREP REQ_IP $JOB|cut -d'=' -f2|tr -d '[$`;><{}%|&!()]"/\\')
+  REQ_FAMILY=$($GREP REQ_FAMILY $JOB|cut -d'=' -f2|tr -d '[$`;><{}%|&!()]"/\\')
+  CUR_VERSION=$($GREP SCRIPT_VERSION $JOB|cut -d'=' -f2|tr -d '[$`;><{}%|&!()]"/\\')
+
+  rm "$JOB"
+
+  if [ $(ver "$VERSION") -lt $(ver "$CUR_VERSION") ]; then
+    echo "## PEERFINDER WARN $(date) ## " \
+         "Current script version is $CUR_VERSION. You are running $VERSION " \
+         "Get it here: https://dn42.us/peers/script"
+
+    [ -z "$WARNLOCK" ] && touch $WARNLOCK
+  else
+    [ -z "$WARNLOCK" -o -f "$WARNLOCK" ] && rm $WARNLOCK
+  fi
+
+  # Avoid empty fields
+  [ -z "$REQ_ID" -a -z "$REQ_IP" ] && exit
+
+  echo "PINGING TO: $REQ_IP for $REQ_ID..."
+
+  # Parsing ping output, for Linux
+  if ! output=$(ping_cmd "$REQ_FAMILY" "$NB_PINGS" "$REQ_IP" 2>&1 | $GREP -A1 "packets transmitted"); then
+    sent=0
+    received=0
+    args="res_latency=NULL"
+    echo "Target $REQ_ID ($REQ_IP) is unreachable"
+  else
+     pattern='([0-9]*) packets transmitted, ([0-9]*)( packets)? received'
+     if [[ $output =~ $pattern ]]; then
+         sent=${BASH_REMATCH[1]}
+         received=${BASH_REMATCH[2]}
+         if [ "$received" -eq 0 ]
+         then
+             args="res_latency=NULL"
+             echo "Target $REQ_ID ($REQ_IP) is unreachable"
+         else
+             pattern='(rtt|round-trip).* min/avg/max.*= ([^/]*)/([^/]*)/([^/]*)(/(.*))?( ms)?'
+             if [[ $output =~ $pattern ]]; then
+                 minrtt=${BASH_REMATCH[1]}
+                 avgrtt=${BASH_REMATCH[2]}
+                 maxrtt=${BASH_REMATCH[3]}
+                 jitter=${BASH_REMATCH[4]}
+                 [ -z "$avgrtt" ] && exit
+                 echo "RTT to target $REQ_ID ($REQ_IP) is $avgrtt"
+                 args="res_latency=${avgrtt}"
+             else
+                 args="res_latency=NULL"
+             fi
+         fi
+      else
+          args="res_latency=NULL"
+      fi
+  fi
+
+  # Report results back to peerfinder
+  $CURL -X POST "$PEERFINDER/req/$REQ_ID" -d "peer_id=$UUID&peer_version=$VERSION&$args" -H 'accept: text/environment'
+
+done
+