From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 10 Jan 2025 13:38:35 +0000 (+0000)
Subject: importer: Don't import /4 or /10 networks from the routing table
X-Git-Tag: 0.9.18~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d708fec9569ef4593e61b0b80869b65cf831fce3;p=location%2Flibloc.git

importer: Don't import /4 or /10 networks from the routing table

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/scripts/location-importer.in b/src/scripts/location-importer.in
index b6f2fa5..641aec2 100644
--- a/src/scripts/location-importer.in
+++ b/src/scripts/location-importer.in
@@ -1678,11 +1678,25 @@ class CLI(object):
 			# Fetch the extracted network and ASN
 			network, autnum = m.groups()
 
+			# Skip the line if there is no network
+			if not network:
+				continue
+
 			# Decode into strings
-			if network:
-				network = network.decode()
-			if autnum:
-				autnum = autnum.decode()
+			network = network.decode()
+
+			# Parse as network object
+			network = ipaddress.ip_network(network)
+
+			# Skip announcements that are too large
+			if isinstance(network, ipaddress.IPv6Network):
+				if network.prefixlen < 10:
+					log.warning("Skipping unusually large network %s" % network)
+					continue
+			elif isinstance(network, ipaddress.IPv4Network):
+				if network.prefixlen < 4:
+					log.warning("Skipping unusually large network %s" % network)
+					continue
 
 			# Collect all aggregated networks
 			if not autnum:
@@ -1690,11 +1704,14 @@ class CLI(object):
 				aggregated_networks.append(network)
 				continue
 
+			# Decode ASN
+			autnum = autnum.decode()
+
 			# Insert it into the database
 			self.db.execute("INSERT INTO announcements(network, autnum) \
 				VALUES(%s, %s) ON CONFLICT (network) DO \
 				UPDATE SET autnum = excluded.autnum, last_seen_at = CURRENT_TIMESTAMP",
-				network, autnum,
+				"%s" % network, autnum,
 			)
 
 		# Process any aggregated networks