encrypt_key = no [req_dn] CN = Pseudo-%(HOLDER)s testbed root RPKI certificate [x509v3_extensions] basicConstraints = critical,CA:true subjectKeyIdentifier = hash keyUsage = critical,keyCertSign,cRLSign subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://%(holder)s.rpki.net/rpki/%(holder)s/,1.3.6.1.5.5.7.48.10;URI:rsync://%(holder)s.rpki.net/rpki/%(holder)s/root.mft certificatePolicies = critical,1.3.6.1.5.5.7.14.2 sbgp-autonomousSysNum = critical,@rfc3779_asns sbgp-ipAddrBlock = critical,@rfc3997_addrs [rfc3779_asns] ''' % { "holder" : sys.argv[1].lower(), "HOLDER" : sys.argv[1].upper() } for i, asn in enumerate(asn for handle, asn in csv_reader(sys.argv[2] if len(sys.argv) > 2 else "asns.csv", columns = 2)): print "AS.%d = %s" % (i, asn) print '''\ [rfc3997_addrs] ''' for i, prefix in enumerate(prefix for handle, prefix in csv_reader(sys.argv[3] if len(sys.argv) > 2 else "prefixes.csv", columns = 2)): v = 6 if ":" in prefix else 4 print "IPv%d.%d = %s" % (v, i, prefix)
datum = datum + "-" + datum try: t.append(t.parse_str(datum)) except: print "Error attempting to parse", datum raise #print "Looking for: ASNs %s IPv4 %s IPv6 %s" % (asn, ipv4, ipv6) def matches(set1, datum): set2 = set1.__class__(datum) if set1.intersection(set2): return set2 else: return False if asn: for h, a in csv_reader("asns.csv", columns=2): m = matches(asn, a) if m: print h, m if ipv4 or ipv6: for h, a in csv_reader("prefixes.csv", columns=2): t = ipv6 if ":" in a else ipv4 m = t and matches(t, a) if m: print h, m
t = ipv6 if ":" in datum else ipv4 if "-" not in datum and "/" not in datum: datum = datum + "-" + datum try: t.append(t.parse_str(datum)) except: print "Error attempting to parse", datum raise #print "Looking for: ASNs %s IPv4 %s IPv6 %s" % (asn, ipv4, ipv6) def matches(set1, datum): set2 = set1.__class__(datum) if set1.intersection(set2): return set2 else: return False if asn: for h, a in csv_reader("asns.csv", columns = 2): m = matches(asn, a) if m: print h, m if ipv4 or ipv6: for h, a in csv_reader("prefixes.csv", columns = 2): t = ipv6 if ":" in a else ipv4 m = t and matches(t, a) if m: print h, m
asns.writerow((handles[description], record.findtext(tag_number))) for record in iterate_xml("ipv4-address-space.xml", tag_record): designation = record.findtext(tag_designation) if record.findtext(tag_status) != "RESERVED": prefix, prefixlen = [int(i) for i in record.findtext(tag_prefix).split("/")] if prefixlen != 8: raise ValueError("%s violated /8 assumption" % record.findtext(tag_prefix)) rirs[handles.get(designation, "legacy")] |= resource_bag.from_str("%d.0.0.0/8" % prefix) for record in iterate_xml("ipv6-unicast-address-assignments.xml", tag_record): description = record.findtext(tag_description) if record.findtext(tag_description) in handles: rirs[handles[description]] |= resource_bag.from_str(record.findtext(tag_prefix)) erx = list(csv_reader("erx.csv")) assert all(r in rirs for r, p in erx) erx_overrides = resource_bag.from_str(",".join(p for r, p in erx), allow_overlap = True) for rir in rirs: if rir != "legacy": rirs[rir] -= erx_overrides rirs[rir] |= resource_bag.from_str(",".join(p for r, p in erx if r == rir), allow_overlap = True) for rir, bag in rirs.iteritems(): for p in bag.v4: prefixes.writerow((rir, p)) for p in bag.v6: prefixes.writerow((rir, p))
[x509v3_extensions] basicConstraints = critical,CA:true subjectKeyIdentifier = hash keyUsage = critical,keyCertSign,cRLSign subjectInfoAccess = 1.3.6.1.5.5.7.48.5;URI:rsync://%(holder)s.rpki.net/rpki/%(holder)s/,1.3.6.1.5.5.7.48.10;URI:rsync://%(holder)s.rpki.net/rpki/%(holder)s/root.mft certificatePolicies = critical,1.3.6.1.5.5.7.14.2 sbgp-autonomousSysNum = critical,@rfc3779_asns sbgp-ipAddrBlock = critical,@rfc3997_addrs [rfc3779_asns] ''' % { "holder": sys.argv[1].lower(), "HOLDER": sys.argv[1].upper() } for i, asn in enumerate(asn for handle, asn in csv_reader( sys.argv[2] if len(sys.argv) > 2 else "asns.csv", columns=2)): print "AS.%d = %s" % (i, asn) print '''\ [rfc3997_addrs] ''' for i, prefix in enumerate(prefix for handle, prefix in csv_reader( sys.argv[3] if len(sys.argv) > 2 else "prefixes.csv", columns=2)): v = 6 if ":" in prefix else 4 print "IPv%d.%d = %s" % (v, i, prefix)
program for two reasons: - Conversion of some of the RIR data is a very slow process, and it's both annoying and unnecessary to run it every time we add a new participant to the testbed. - This handle translation business now has fingers into half a dozen scripts, so it needs refactoring in any case, either as a common library function or as a separate script. This program takes a list of .CSV files on its command line, and rewrites them as needed after performing the translation. """ import os import sys from rpki.csv_utils import csv_reader, csv_writer translations = dict((src, dst) for src, dst in csv_reader("translations.csv", columns = 2)) for filename in sys.argv[1:]: f = csv_writer(filename) for cols in csv_reader(filename): if cols[0] in translations: cols[0] = translations[cols[0]] f.writerow(cols) f.close()