From: "Peter Müller" <peter.mueller@ipfire.org>
To: location@lists.ipfire.org
Subject: [PATCH 6/8] location-importer.in: omit historic/orphaned RIR data
Date: Wed, 21 Oct 2020 14:47:41 +0000 [thread overview]
Message-ID: <20201021144743.18083-6-peter.mueller@ipfire.org> (raw)
In-Reply-To: <20201021144743.18083-1-peter.mueller@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 4445 bytes --]
Some RIRs include detailled information regarding networks not managed
by or allocated to themselves, particually APNIC. We need to filter
those networks (they usually have a characteristic network name) in
order to prevent operational quirks or returning wrong country codes.
Fixes: #12501
Partially fixes: #12499
Cc: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
src/python/location-importer.in | 38 +++++++++++++++++++++------------
1 file changed, 24 insertions(+), 14 deletions(-)
diff --git a/src/python/location-importer.in b/src/python/location-importer.in
index 20eb052..4f4a46d 100644
--- a/src/python/location-importer.in
+++ b/src/python/location-importer.in
@@ -484,38 +484,38 @@ class CLI(object):
return False
if not network.is_global:
- logging.warning("Skipping non-globally routable network: %s" % network)
+ log.warning("Skipping non-globally routable network: %s" % network)
return False
if network.version == 4:
if network.prefixlen < 7:
- logging.warning("Skipping too big IP chunk: %s" % network)
+ log.warning("Skipping too big IP chunk: %s" % network)
return False
if network.prefixlen > 24:
- logging.info("Skipping network too small to be publicly announced: %s" % network)
+ log.info("Skipping network too small to be publicly announced: %s" % network)
return False
if str(network.network_address) == "0.0.0.0":
- logging.warning("Skipping network based on 0.0.0.0: %s" % network)
+ log.warning("Skipping network based on 0.0.0.0: %s" % network)
return False
elif network.version == 6:
if network.prefixlen < 10:
- logging.warning("Skipping too big IP chunk: %s" % network)
+ log.warning("Skipping too big IP chunk: %s" % network)
return False
if network.prefixlen > 48:
- logging.info("Skipping network too small to be publicly announced: %s" % network)
+ log.info("Skipping network too small to be publicly announced: %s" % network)
return False
if str(network.network_address) == "::":
- logging.warning("Skipping network based on '::': %s" % network)
+ log.warning("Skipping network based on '::': %s" % network)
return False
else:
# This should not happen...
- logging.warning("Skipping network of unknown family, this should not happen: %s" % network)
+ log.warning("Skipping network of unknown family, this should not happen: %s" % network)
return False
# In case we have made it here, the network is considered to
@@ -564,15 +564,22 @@ class CLI(object):
)
def _parse_inetnum_block(self, block):
- logging.debug("Parsing inetnum block:")
+ log.debug("Parsing inetnum block:")
inetnum = {}
for line in block:
- logging.debug(line)
+ log.debug(line)
# Split line
key, val = split_line(line)
+ # Filter any inetnum records which are only referring to IP space
+ # not managed by that specific RIR...
+ if key == "netname":
+ if re.match(r"(ERX-NETBLOCK|(AFRINIC|ARIN|LACNIC|RIPE)-CIDR-BLOCK|IANA-NETBLOCK-\d{1,3}|NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK)", val.strip()):
+ log.warning("Skipping record indicating historic/orphaned data: %s" % val.strip())
+ return
+
if key == "inetnum":
start_address, delim, end_address = val.partition("-")
@@ -584,7 +591,7 @@ class CLI(object):
start_address = ipaddress.ip_address(start_address)
end_address = ipaddress.ip_address(end_address)
except ValueError:
- logging.warning("Could not parse line: %s" % line)
+ log.warning("Could not parse line: %s" % line)
return
# Set prefix to default
@@ -601,15 +608,18 @@ class CLI(object):
inetnum[key] = val
elif key == "country":
- if val == "UNITED STATES":
- val = "US"
-
inetnum[key] = val.upper()
# Skip empty objects
if not inetnum or not "country" in inetnum:
return
+ # Skip objects with bogus country code 'ZZ'
+ if inetnum.get("country") == "ZZ":
+ log.warning("Skipping network with bogus country 'ZZ': %s" % \
+ (inetnum.get("inet6num") or inetnum.get("inetnum")))
+ return
+
network = ipaddress.ip_network(inetnum.get("inet6num") or inetnum.get("inetnum"), strict=False)
if not self._check_parsed_network(network):
--
2.20.1
next prev parent reply other threads:[~2020-10-21 14:47 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-21 14:47 [PATCH 1/8] Revert "Revert "Revert "Revert "importer: Import raw sources for inetnum's again"""" Peter Müller
2020-10-21 14:47 ` [PATCH 2/8] Revert "Revert "location-importer.in: only import relevant data from AFRINIC, APNIC and RIPE"" Peter Müller
2020-10-21 14:47 ` [PATCH 3/8] export.py: fix exporting IP networks for crappy xt_geoip module Peter Müller
2020-10-21 14:47 ` [PATCH 4/8] location-importer.in: filter bogus IP networks for both Whois and extended sources Peter Müller
2020-10-21 14:47 ` [PATCH 5/8] importer.py: fetch LACNIC data via HTTPS Peter Müller
2020-10-21 14:47 ` Peter Müller [this message]
2020-10-21 14:47 ` [PATCH 7/8] location-importer.in: Create gist index for announcement table as well Peter Müller
2020-10-21 14:47 ` [PATCH 8/8] location-importer.in: avoid log spam for too small networks Peter Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201021144743.18083-6-peter.mueller@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=location@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox