Merge remote-tracking branch 'upstream/master'

.github/workflows/roa.yml

@@ -22,19 +22,30 @@ jobs:
       run: |
         sudo apt update -qq
         sudo apt install -y python3 git openssh-client
+        sudo apt install -y curl
+        curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash
+        export PATH="$HOME/.pyenv/bin:$PATH"
+        eval "$(pyenv init -)"
+        eval "$(pyenv virtualenv-init -)"
+        pyenv install 3.8.2
+        pyenv shell 3.8.2
 
     - name: Run roa script
       shell: bash
       run: |
+        export PATH="$HOME/.pyenv/bin:$PATH"
+        eval "$(pyenv init -)"
+        eval "$(pyenv virtualenv-init -)"
+        pyenv shell 3.8.2
         maxlen4=29
         maxlen6=64
         mkdir -p roa_dir
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6}    -o roa_dir/roa46_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -4 -o roa_dir/roa4_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -6 -o roa_dir/roa6_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -j -o roa_dir/roa46.json
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -e -o roa_dir/neonetwork.json
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -r -o roa_dir/rfc8416.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6}    -o roa_dir/roa46_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -4 -o roa_dir/roa4_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -6 -o roa_dir/roa6_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -j -o roa_dir/roa46.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -e -o roa_dir/neonetwork.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -r -o roa_dir/rfc8416.json
 
     - name: Upload files
       env:

.github/workflows/test-your-pr.yml

@@ -22,16 +22,27 @@ jobs:
       run: |
         sudo apt update -qq
         sudo apt install -y python3 git openssh-client
+        sudo apt install -y curl
+        curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash
+        export PATH="$HOME/.pyenv/bin:$PATH"
+        eval "$(pyenv init -)"
+        eval "$(pyenv virtualenv-init -)"
+        pyenv install 3.8.2
+        pyenv shell 3.8.2
 
     - name: Run roa script
       shell: bash
       run: |
+        export PATH="$HOME/.pyenv/bin:$PATH"
+        eval "$(pyenv init -)"
+        eval "$(pyenv virtualenv-init -)"
+        pyenv shell 3.8.2
         maxlen4=29
         maxlen6=64
         mkdir -p roa_dir
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6}    -o roa_dir/roa46_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -4 -o roa_dir/roa4_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -6 -o roa_dir/roa6_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -j -o roa_dir/roa46.json
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -e -o roa_dir/neonetwork.json
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -r -o roa_dir/rfc8416.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6}    -o roa_dir/roa46_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -4 -o roa_dir/roa4_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -6 -o roa_dir/roa6_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -j -o roa_dir/roa46.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -e -o roa_dir/neonetwork.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -r -o roa_dir/rfc8416.json

README.md

@@ -1,10 +1,9 @@
 # NeoNetwork
 A useless VPN network ready for peering!  
-**WARNING:** This network is not interconnected to DN42 yet  
+This network is connected with [DN42](https://dn42.net)  
 Git Repo. [here](https://git.neocloud.tw)  
 Pull requests are welcomed!  
 Working language: `zh_* / en_*`  
-Telegram Group invitation link available at TXT record of `join-telegram.neocloud.tw`
 
 ## IXs
 
@@ -27,11 +26,12 @@ Any protocol supported by Bird, Quagga or FRRouting, BGP recommended.
 
 All IPv4 addresses are under the range 10.127.0.0/16  
 All IPv6 addresses are under the range fd10:127::/32  
-see routes.txt for allocated domain.
+see [route](https://github.com/NeoCloud/NeoNetwork/tree/master/route)
+and [route6](https://github.com/NeoCloud/NeoNetwork/tree/master/route6) for allocated subnet.
 
 ## DNS
 
-There's a bind9 server on dns.neocloud.tw (10.127.225.2), all domain names are under ".neo".
+There's a bind9 server on dns.neocloud.tw (`10.127.225.2` and `fd10:127:5f37:59df::255:2`), all domain names are under ".neo".
 
 ## Connection Graph
 
@@ -44,5 +44,6 @@ There's a bind9 server on dns.neocloud.tw (10.127.225.2), all domain names are u
 	entity/		Entitys
 	route/		Network subnet allocation
 	node/		Nodes
+	peer/		Peering status
 	vpn/		VPN configuration examples (Tinc & WireGuard)
 	dns/		Bind9 DNS zone files and example configuration

asn/AS134098

@@ -0,0 +1,4 @@
+NAME="Licson Internal Network"
+OWNER="licson"
+DESC=""
+VALID="YES"

asn/AS4201270012

@@ -0,0 +1,3 @@
+NAME="Yhi Interconnect"
+OWNER="Junde Yhi"
+DESC=""

asn/AS4201270014

@@ -0,0 +1,3 @@
+NAME="leedagee"
+OWNER="leedagee"
+DESC=""

asn/AS4242420916

@@ -0,0 +1,3 @@
+NAME="alanyhq"
+OWNER="alanyhq"
+DESC="alanyhq main"

dns/db.10.127

@@ -17,6 +17,7 @@ $TTL	604800
 10.1	IN	PTR	neostorage.neonetwork.
 80.1	IN	PTR	NeoSystem.neo.
 1.3	IN	PTR	pan.neo.
+16.2	IN	PTR	caasih.neo.
 
 185.8	IN	PTR	staph.neo.
 187.8	IN	PTR	staph-cn.neo.

dns/neonetwork

@@ -15,13 +15,12 @@ $TTL	604800
 root		IN	CNAME	neo.
 NeoPDP-11	IN	A	10.127.255.1
 ucbvax		IN	A	10.127.255.2
-caasih		IN	A	10.127.0.1
+caasih		IN	A	10.127.2.16
 NeoSystem	IN	A	10.127.255.80
 neostorage	IN	A	10.127.1.10
 NeoBOX		IN	A	10.127.1.20
 cklvax		IN	A	10.127.1.40
 NNPCC		IN	A	10.127.1.63
-NeoVAX		IN	A	10.127.0.38
 pan		IN	A	10.127.3.1
 staph		IN	A	10.127.8.185
 staph-cn	IN	A	10.127.8.187

docs/index.html

@@ -11,11 +11,10 @@
 <h1>NeoNetwork</h1>
 
 <p>A useless VPN network ready for peering!<br/>
-<strong>WARNING:</strong> This network is not interconnected to DN42 yet<br/>
+This network is connected with <a href="https://dn42.net">DN42</a><br/>
 Git Repo. <a href="https://git.neocloud.tw">here</a><br/>
 Pull requests are welcomed!<br/>
-Working language: <code>zh_* / en_*</code><br/>
-Telegram Group invitation link available at TXT record of <code>join-telegram.neocloud.tw</code></p>
+Working language: <code>zh_* / en_*</code></p>
 
 <h2>IXs</h2>
 
@@ -33,17 +32,18 @@ megumi.yukipedia.cf     (10.127.30.1,   ASN 4242421037)
 
 <h2>Routing Protocols</h2>
 
-<p>Any protocol supported by Quagga or FRRouting, recommended to use BGP.</p>
+<p>Any protocol supported by Bird, Quagga or FRRouting, BGP recommended.</p>
 
 <h2>IP Addresses</h2>
 
 <p>All IPv4 addresses are under the range 10.127.0.0/16<br/>
 All IPv6 addresses are under the range fd10:127::/32<br/>
-see routes.txt for allocated domain.</p>
+see <a href="https://github.com/NeoCloud/NeoNetwork/tree/master/route">route</a>
+and <a href="https://github.com/NeoCloud/NeoNetwork/tree/master/route6">route6</a> for allocated subnet.</p>
 
 <h2>DNS</h2>
 
-<p>There&rsquo;s a bind9 server on dns.neocloud.tw (10.127.225.2), all domain names are under &ldquo;.neo&rdquo;.</p>
+<p>There&rsquo;s a bind9 server on dns.neocloud.tw (<code>10.127.225.2</code> and <code>fd10:127:5f37:59df::255:2</code>), all domain names are under &ldquo;.neo&rdquo;.</p>
 
 <h2>Connection Graph</h2>
 
@@ -56,6 +56,7 @@ asn/        BGP AS Number allocation
 entity/     Entitys
 route/      Network subnet allocation
 node/       Nodes
+peer/       Peering status
 vpn/        VPN configuration examples (Tinc &amp; WireGuard)
 dns/        Bind9 DNS zone files and example configuration
 </code></pre>

document/asn-dir.txt

@@ -8,3 +8,7 @@ NAME=""
 OWNER=""
 # Description
 DESC=""
+# if it's a ASN registered from *NIC, this variable records
+# whether members of NeoNetwork have validated its ownership yet
+# possible value: "YES" "NO"
+VALID=""

document/entity-dir.txt

@@ -16,3 +16,5 @@ CONTACT=(
 BABEL=(
 	""
 )
+# OpenPGP key fingerprint
+AUTH="PGP:"

entity/Icecat

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
+AUTH=""

entity/James58899

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
+AUTH=""

entity/JerryXiao

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
+AUTH="PGP:186242204A2EC70438E9CE3B9D9CE43650FF2BAA"

entity/Junde Yhi

@@ -0,0 +1,19 @@
+NAME="Junde Yhi"
+DESC=""
+CONTACT=(
+	"EMAIL:lmy441900@live.com"
+	"TELEGRAM:@lmy441900"
+	"MASTODON:@lmy441900@sn.angry.im"
+	"GITHUB:lmy441900"
+)
+BABEL=(
+	"zh-N"
+	"zh-hans-N"
+	"zh-hant-2"
+	"en-3"
+	"de-0"
+	"ru-0"
+	"jp-0"
+	"fi-0"
+)
+AUTH="PGP:E6C74782A1FBEE741D09885FD274286F672C800A"

entity/LINE-NZ

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	"en"
 )
+AUTH=""

entity/Lan Tian

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
+AUTH=""

entity/LibreHouse

@@ -14,3 +14,4 @@ BABEL=(
 	"en-2"
 	"ja-0"
 )
+AUTH=""

entity/Ndoskrnl

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	"zh|en-1"
 )
+AUTH=""

entity/Neo_Chen

@@ -11,3 +11,4 @@ BABEL=(
 	"zh-N"
 	"en-2"
 )
+AUTH="PGP:D306BB628837043150CD1E42CA0957540FD996CD"

entity/SUNNET

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
+AUTH=""

entity/Septs

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
+AUTH=""

entity/Staph

@@ -8,5 +8,10 @@ CONTACT=(
 	"GITHUB: StephDC"
 )
 BABEL=(
-	""
+	"zh-N"
+	"en-4"
+	"ja-2"
+	"es-1"
+	"fr-1"
 )
+AUTH=""

entity/Yangfl

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
+AUTH=""

entity/alanyhq

@@ -0,0 +1,14 @@
+NAME="alanyhq"
+DESC=""
+CONTACT=(
+	"EMAIL:"
+	"TELEGRAM:@alanyhq"
+	"IRC:alanyhq"
+	"MASTODON:"
+	"GITHUB:"
+)
+BABEL=(
+	"zh-N"
+	"en-2"
+)
+AUTH=""

entity/chenx97

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
+AUTH=""

entity/frank

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
+AUTH=""

entity/leedagee

@@ -0,0 +1,13 @@
+NAME="leedagee"
+DESC=""
+CONTACT=(
+	"EMAIL:leedageea@gmail.com"
+	"TELEGRAM:@leedagee"
+	"IRC:lizr"
+	"GITHUB:leedagee"
+)
+BABEL=(
+	"zh-N"
+	"en-2"
+)
+AUTH="PGP:47627D2288B20CC033C7B7D72D83E4E89C15DA36"

entity/licson

@@ -0,0 +1,13 @@
+NAME="licson"
+DESC=""
+CONTACT=(
+	"EMAIL:admin@licson.net"
+	"TELEGRAM:licson"
+	"IRC:licson"
+	"MASTODON:"
+	"GITHUB:licson0729"
+)
+BABEL=(
+	""
+)
+AUTH=""

entity/santost12

@@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
+AUTH=""

node/leedagee

@@ -0,0 +1,4 @@
+ASN="4201270014"
+DESC=""
+IP=(
+)

node/staph

@@ -1,4 +1,5 @@
 ASN="4201270007"
-DESC=""
+DESC="Home of S. aureus in Amsterdam"
 IP=(
+	"10.127.8.185/29"
 )

node/yhi-h

@@ -0,0 +1,4 @@
+ASN="AS4201270012"
+DESC=""
+IP=(
+)

nodes.dot

@@ -20,8 +20,8 @@ digraph "NeoNetwork Nodes"
 	magicneko_RU01 [label="M-RU1\n(10.127.4.14,\nfd10:127:0233:7170:2021::10.127.4.14)"]
 	magicneko_JP03 [label="M-JP3\n(10.127.4.15,\nfd10:127:0233:7170:2021::10.127.4.15)"]
 	magicneko_CN01 [label="M-CN1\n(10.127.4.101,\nfd10:127:0233:7170:2021::10.127.4.101)"]
-	staph [label="s.aureus.ga\n(10.127.8.185)\n(AS4201270007)"]
-	staph_CN [label="cnhome.aureus.ga\n(10.127.8.187)\n(AS4201270007)"]
+	staph [label="s.aureus.ga\n(10.127.8.185\nfd10:127:7::1)\n(AS4201270007)"]
+	staph_CN [label="cnhome.aureus.ga\n(10.127.8.187\nfd10:127:7::3)\n(AS4201270007)"]
 	chenx97 [label="chenx97.neocloud.tw\n(AS4201270003)"]
 	JerryXiao [label="jpn.neo.jerryxiao.cc\n(10.127.8.193)"]
 	JerryXiao_SH01 [label="jerryxiao-sh01\n(10.127.8.195)"]

route/10.127.14.0,23

@@ -0,0 +1,4 @@
+TYPE="SUBNET"
+NAME="LICSON-NET-SUBALLOC-1"
+DESC=""
+ASN="134098"

route/10.127.23.0,29

@@ -0,0 +1,4 @@
+TYPE="SUBNET"
+NAME="leedagee"
+DESC="leedagee"
+ASN="4201270014"

route/10.127.5.0,28

@@ -0,0 +1,4 @@
+TYPE=SUBNET
+NAME="yhi-h"
+DESC="Yhi Interconnect H"
+ASN="AS4201270012"

route/10.127.8.184,29

@@ -1,4 +1,4 @@
 TYPE="SUBNET"
 NAME="StaphNet"
-DESC="For Staph equipments around the world"
+DESC="For Staph-infected equipments around the world"
 ASN="4201270007"

route6/fd10:127:0023::,48

@@ -0,0 +1,4 @@
+TYPE="SUBNET"
+NAME="leedagee"
+DESC="leedagee"
+ASN="4201270014"

route6/fd10:127:5f37:59df::,64

@@ -1,4 +1,4 @@
 TYPE=SUBNET
-NAME="CROOM"
-DESC="For CROOM connectivity"
+NAME="NeoNetwork Origin"
+DESC="Neo_Chen's Network"
 ASN="4201270000"

route6/fd10:127:7::,48

@@ -0,0 +1,4 @@
+TYPE="SUBNET"
+NAME="Staph_v6"
+DESC="Staph-infected IPv6 subnet - please do not disinfect"
+ASN="4201270007"

scripts/dns-reverse-generator.sh

@@ -38,7 +38,7 @@ for i in *; do
 	if [ "$TYPE" = "LO" ]; then
 		ip="${i/,32/}"
 
-		print_record "$(ipcalc "$ip" 0)" "$NAME.neo" >> "$LO_TEMP"
+		print_record "$(ipcalc "$ip" 0)" "$NAME.neo." >> "$LO_TEMP"
 	fi
 done
 )

scripts/pretty-output.sh

@@ -99,7 +99,7 @@ if [ $# -lt 1 ]; then
 		"Usage: table-output.sh <table type>\n" \
 		"\n" \
 		"	table types:\n" \
-		"		asn, route, people, node\n"
+		"		asn, route, entity, node\n"
 fi
 
 arg="$2"	# Optional argument
@@ -123,15 +123,28 @@ route)
 		subnet="${subnet/,/\/}"
 		source "$i"
 		case "$TYPE" in
-			TUN30)	print_tun30	"$subnet" "$PROTO" "$UPSTREAM" "$DOWNSTREAM";;
 			SUBNET)	print_subnet	"$subnet" "$NAME" "$DESC";;
 			LO)	print_lo	"$subnet" "$NAME" "$DESC";;
 			*)	errmsg "Invalid \$TYPE in $i\n";;
 		esac
 	done
 	;;
-people);;
-node);;
+entity);;
+node)
+	for i in node/*; do
+		node="${i#node/}"
+		source "$i"
+
+		echo -e \
+			"${BRIGHT}${BBLUE}${FYELLOW}========================================${RESET}"
+
+		printf "${BRIGHT}${FYELLOW}%12s${RESET} | ${BRIGHT}${FGREEN}%20s${RESET} | ${FCYAN}%s${RESET}\n" "AS${ASN}" "$node" "$DESC"
+
+		for ip in "${IP[@]}"; do
+			printf "\t%s\n" "$ip"
+		done
+	done
+	;;
 *) errmsg "Invalid type\n";;
 esac
 

scripts/roa.py

@@ -9,9 +9,7 @@ import re
 NEONET_ADDR_POOL = ('10.127.0.0/16', 'fd10:127::/32')
 NEONET_ADDR_POOL = [ip_network(neo) for neo in NEONET_ADDR_POOL]
 IS_NEONET = lambda net: bool([True for neo in NEONET_ADDR_POOL if net.version == neo.version and net.subnet_of(neo)])
-if not hasattr(IPv4Network, 'subnet_of'):
-    IS_NEONET = lambda x: True
-    print('# [!] IPv4Network has no attr subnet_of, please consider upgrading your python installation')
+assert hasattr(IPv4Network, 'subnet_of') # needs at least python 3.7
 
 class BashParser:
     def __init__(self):
@@ -79,7 +77,7 @@ def neoneo_get_people():
             if not f.is_file():
                 continue
             fc = shell2dict(f.read_text())
-            present_keys = ('name', 'desc', 'contact', 'babel')
+            present_keys = ('name', 'desc', 'contact', 'babel', 'auth')
             assert f.name
             people[f.name] = {k: fc.get(k) for k in present_keys}
             nic_hdl = name2nichdl(f.name)
@@ -88,6 +86,15 @@ def neoneo_get_people():
             people[f.name]['nic_hdl'] = nic_hdl
             for v in people[f.name].values():
                 assert v is not None
+            auth = people[f.name]['auth']
+            if auth:
+                method, data = auth.split(':')
+                assert method in ('PGP', 'SSH')
+                if method == 'PGP':
+                    assert len(data) == 40 # invaild pgp fingerprint
+                elif method == 'SSH':
+                    assert data.startswith('ssh-') # invalid ssh pubkey
+                people[f.name]['auth'] = f"{'pgp-fingerprint ' if method == 'PGP' else ''}{data.strip()}"
         except Exception:
             print("[!] Error while processing file", f)
             raise
@@ -171,16 +178,22 @@ def neonet_route2roa(dirname, is_ipv6=False):
             print("[!] Error while processing file", f)
             raise
     roa_entries.sort(key=lambda l: l['asn'])
+    l_prefix = [_roa['prefix'] for _roa in roa_entries]
     for _net1, _net2 in combinations(roa_entries, 2):
         net1, net2 = sorted([_net1, _net2], key=lambda net: net['prefix'].prefixlen)
         if net1['prefix'].overlaps(net2['prefix']):
-            if net1['prefix'] != net2['prefix'] and net1['prefix'].supernet_of(net2['prefix']) \
-                and net2['supernet'] == net1['prefix']:
-                # This is allowed
-                pass
-            else:
-                print("[!] Error: found", net2, "overlaps", net1)
-                raise AssertionError # if this is intended, please include SUPERNET=<cidr> in your route
+            try:
+                assert net1['prefix'] != net2['prefix']
+                assert net1['prefix'].supernet_of(net2['prefix'])
+                s1net, s2net= (net1['supernet'], net2['supernet'])
+                assert s2net # please include SUPERNET=<cidr> in your route
+                # if net1(the bigger net) has a supernet s1net, then s1net and net1
+                # will be checked or must have been checked, same for net2
+                assert not s1net               or s1net in l_prefix # net1.supernet is garbage
+                assert s2net == net1['prefix'] or s2net in l_prefix # net2.supernet is garbage
+            except AssertionError:
+                print("[!] Error: found", net1, "overlaps", net2)
+                raise
     return roa_entries
 
 if __name__ == "__main__":