# This is forked from bird.cfg.template from calico running on k0.hswaw.net on 2020/09/21.
# Changed vs. upstream (C-f HSCLOUD):
#  - do not pass over RTD_UNREACHABLE routes obtained from mesh peers, to
#    prevent them from being then passed over to ToRs. This prevents route leaks
#    of metallb routes into ToRs from nodes that do not actually run that
#    particular metallb service.
#  - do not program RTD_UNREACHABLE routes into the kernel (these come from metallb, and
#    programming them seems to break things)
# Generated by confd

filter calico_export_to_bgp_peers {
  calico_aggr();
{{- $static_key := "/staticroutes"}}
{{- if ls $static_key}}

  if ( proto ~ "Mesh_*" ) && ( dest = RTD_UNREACHABLE ) then { # HSCLOUD
    reject;
  }

  # Export static routes.
  {{- range ls $static_key}}
    {{- $parts := split . "-"}}
    {{- $cidr := join $parts "/"}}
  if ( net ~ {{$cidr}} ) then { accept; }
  {{- end}}
{{- end}}
{{range ls "/v1/ipam/v4/pool"}}{{$data := json (getv (printf "/v1/ipam/v4/pool/%s" .))}}
  if ( net ~ {{$data.cidr}} ) then {
    accept;
  }
{{- end}}
  reject;
}

{{$network_key := printf "/bgp/v1/host/%s/network_v4" (getenv "NODENAME")}}
filter calico_kernel_programming {
{{- $reject_key := "/rejectcidrs"}}
{{- if ls $reject_key}}

  if ( dest = RTD_UNREACHABLE ) then { # HSCLOUD
    reject;
  }

  # Don't program static routes into kernel.
  {{- range ls $reject_key}}
    {{- $parts := split . "-"}}
    {{- $cidr := join $parts "/"}}
  if ( net ~ {{$cidr}} ) then { reject; }
  {{- end}}

{{- end}}
{{- if exists $network_key}}{{$network := getv $network_key}}
{{range ls "/v1/ipam/v4/pool"}}{{$data := json (getv (printf "/v1/ipam/v4/pool/%s" .))}}
  if ( net ~ {{$data.cidr}} ) then {
{{- if $data.vxlan_mode}}
    # Don't program VXLAN routes into the kernel - these are handled by Felix.
    reject;
  }
{{- else if $data.ipip_mode}}{{if eq $data.ipip_mode "cross-subnet"}}
    if defined(bgp_next_hop) && ( bgp_next_hop ~ {{$network}} ) then
      krt_tunnel = "";                     {{- /* Destination in ipPool, mode is cross sub-net, route from-host on subnet, do not use IPIP */}}
    else
      krt_tunnel = "{{$data.ipip}}";       {{- /* Destination in ipPool, mode is cross sub-net, route from-host off subnet, set the tunnel (if IPIP not enabled, value will be "") */}}
    accept;
  } {{- else}}
    krt_tunnel = "{{$data.ipip}}";         {{- /* Destination in ipPool, mode not cross sub-net, set the tunnel (if IPIP not enabled, value will be "") */}}
    accept;
  } {{- end}} {{- else}}
    krt_tunnel = "{{$data.ipip}}";         {{- /* Destination in ipPool, mode field is not present, set the tunnel (if IPIP not enabled, value will be "") */}}
    accept;
  } {{- end}}
{{end}}
{{- end}}{{/* End of 'exists $network_key' */}}
  accept;                                  {{- /* Destination is not in any ipPool, accept  */}}
}