Merge remote-tracking branch 'upstream/master'

2024-06-29 02:48:40 +08:00 · 2020-05-22 17:28:19 +08:00 · 2020-05-22 17:28:19 +08:00 · 52f36b59a1
parent c495fcc2f1 a5f71ba177
commit 52f36b59a1
45 changed files with 223 additions and 47 deletions
--- a/.github/workflows/roa.yml
+++ b/.github/workflows/roa.yml
@ -22,19 +22,30 @@ jobs:
      run: |
        sudo apt update -qq
        sudo apt install -y python3 git openssh-client
        sudo apt install -y curl
        curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash
        export PATH="$HOME/.pyenv/bin:$PATH"
        eval "$(pyenv init -)"
        eval "$(pyenv virtualenv-init -)"
        pyenv install 3.8.2
        pyenv shell 3.8.2
    - name: Run roa script
      shell: bash
      run: |
        export PATH="$HOME/.pyenv/bin:$PATH"
        eval "$(pyenv init -)"
        eval "$(pyenv virtualenv-init -)"
        pyenv shell 3.8.2
        maxlen4=29
        maxlen6=64
        mkdir -p roa_dir
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6}    -o roa_dir/roa46_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6}    -o roa_dir/roa46_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -4 -o roa_dir/roa4_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -4 -o roa_dir/roa4_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -6 -o roa_dir/roa6_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -6 -o roa_dir/roa6_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -j -o roa_dir/roa46.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -j -o roa_dir/roa46.json
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -e -o roa_dir/neonetwork.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -e -o roa_dir/neonetwork.json
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -r -o roa_dir/rfc8416.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -r -o roa_dir/rfc8416.json
    - name: Upload files
      env:
--- a/.github/workflows/test-your-pr.yml
+++ b/.github/workflows/test-your-pr.yml
@ -22,16 +22,27 @@ jobs:
      run: |
        sudo apt update -qq
        sudo apt install -y python3 git openssh-client
        sudo apt install -y curl
        curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash
        export PATH="$HOME/.pyenv/bin:$PATH"
        eval "$(pyenv init -)"
        eval "$(pyenv virtualenv-init -)"
        pyenv install 3.8.2
        pyenv shell 3.8.2
    - name: Run roa script
      shell: bash
      run: |
        export PATH="$HOME/.pyenv/bin:$PATH"
        eval "$(pyenv init -)"
        eval "$(pyenv virtualenv-init -)"
        pyenv shell 3.8.2
        maxlen4=29
        maxlen6=64
        mkdir -p roa_dir
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6}    -o roa_dir/roa46_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6}    -o roa_dir/roa46_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -4 -o roa_dir/roa4_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -4 -o roa_dir/roa4_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -6 -o roa_dir/roa6_bird2.conf
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -6 -o roa_dir/roa6_bird2.conf
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -j -o roa_dir/roa46.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -j -o roa_dir/roa46.json
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -e -o roa_dir/neonetwork.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -e -o roa_dir/neonetwork.json
-        python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -r -o roa_dir/rfc8416.json
+        pyenv exec python3 scripts/roa.py -m ${maxlen4} -M ${maxlen6} -r -o roa_dir/rfc8416.json
--- a/README.md
+++ b/README.md
@ -1,10 +1,9 @@
 # NeoNetwork
 A useless VPN network ready for peering!  
-**WARNING:** This network is not interconnected to DN42 yet  
+This network is connected with [DN42](https://dn42.net)  
 Git Repo. [here](https://git.neocloud.tw)  
 Pull requests are welcomed!  
 Working language: `zh_* / en_*`  
 Telegram Group invitation link available at TXT record of `join-telegram.neocloud.tw`
 ## IXs
@ -27,11 +26,12 @@ Any protocol supported by Bird, Quagga or FRRouting, BGP recommended.
 All IPv4 addresses are under the range 10.127.0.0/16  
 All IPv6 addresses are under the range fd10:127::/32  
-see routes.txt for allocated domain.
+see [route](https://github.com/NeoCloud/NeoNetwork/tree/master/route)
 and [route6](https://github.com/NeoCloud/NeoNetwork/tree/master/route6) for allocated subnet.
 ## DNS
-There's a bind9 server on dns.neocloud.tw (10.127.225.2), all domain names are under ".neo".
+There's a bind9 server on dns.neocloud.tw (`10.127.225.2` and `fd10:127:5f37:59df::255:2`), all domain names are under ".neo".
 ## Connection Graph
@ -44,5 +44,6 @@ There's a bind9 server on dns.neocloud.tw (10.127.225.2), all domain names are u
 	entity/		Entitys
 	route/		Network subnet allocation
 	node/		Nodes
 	peer/		Peering status
 	vpn/		VPN configuration examples (Tinc & WireGuard)
 	dns/		Bind9 DNS zone files and example configuration
--- a/asn/AS134098
+++ b/asn/AS134098
@ -0,0 +1,4 @@
 NAME="Licson Internal Network"
 OWNER="licson"
 DESC=""
 VALID="YES"
--- a/asn/AS4201270012
+++ b/asn/AS4201270012
@ -0,0 +1,3 @@
 NAME="Yhi Interconnect"
 OWNER="Junde Yhi"
 DESC=""
--- a/asn/AS4201270014
+++ b/asn/AS4201270014
@ -0,0 +1,3 @@
 NAME="leedagee"
 OWNER="leedagee"
 DESC=""
--- a/asn/AS4242420916
+++ b/asn/AS4242420916
@ -0,0 +1,3 @@
 NAME="alanyhq"
 OWNER="alanyhq"
 DESC="alanyhq main"
--- a/dns/db.10.127
+++ b/dns/db.10.127
@ -17,6 +17,7 @@ $TTL	604800
 10.1	IN	PTR	neostorage.neonetwork.
 80.1	IN	PTR	NeoSystem.neo.
 1.3	IN	PTR	pan.neo.
 16.2	IN	PTR	caasih.neo.
 185.8	IN	PTR	staph.neo.
 187.8	IN	PTR	staph-cn.neo.
--- a/dns/neonetwork
+++ b/dns/neonetwork
@ -15,13 +15,12 @@ $TTL	604800
 root		IN	CNAME	neo.
 NeoPDP-11	IN	A	10.127.255.1
 ucbvax		IN	A	10.127.255.2
-caasih		IN	A	10.127.0.1
+caasih		IN	A	10.127.2.16
 NeoSystem	IN	A	10.127.255.80
 neostorage	IN	A	10.127.1.10
 NeoBOX		IN	A	10.127.1.20
 cklvax		IN	A	10.127.1.40
 NNPCC		IN	A	10.127.1.63
 NeoVAX		IN	A	10.127.0.38
 pan		IN	A	10.127.3.1
 staph		IN	A	10.127.8.185
 staph-cn	IN	A	10.127.8.187
--- a/docs/index.html
+++ b/docs/index.html
@ -11,11 +11,10 @@
 <h1>NeoNetwork</h1>
 <p>A useless VPN network ready for peering!<br/>
-<strong>WARNING:</strong> This network is not interconnected to DN42 yet<br/>
+This network is connected with <a href="https://dn42.net">DN42</a><br/>
 Git Repo. <a href="https://git.neocloud.tw">here</a><br/>
 Pull requests are welcomed!<br/>
-Working language: <code>zh_* / en_*</code><br/>
+Working language: <code>zh_* / en_*</code></p>
 Telegram Group invitation link available at TXT record of <code>join-telegram.neocloud.tw</code></p>
 <h2>IXs</h2>
@ -33,17 +32,18 @@ megumi.yukipedia.cf     (10.127.30.1,   ASN 4242421037)
 <h2>Routing Protocols</h2>
-<p>Any protocol supported by Quagga or FRRouting, recommended to use BGP.</p>
+<p>Any protocol supported by Bird, Quagga or FRRouting, BGP recommended.</p>
 <h2>IP Addresses</h2>
 <p>All IPv4 addresses are under the range 10.127.0.0/16<br/>
 All IPv6 addresses are under the range fd10:127::/32<br/>
-see routes.txt for allocated domain.</p>
+see <a href="https://github.com/NeoCloud/NeoNetwork/tree/master/route">route</a>
 and <a href="https://github.com/NeoCloud/NeoNetwork/tree/master/route6">route6</a> for allocated subnet.</p>
 <h2>DNS</h2>
-<p>There&rsquo;s a bind9 server on dns.neocloud.tw (10.127.225.2), all domain names are under &ldquo;.neo&rdquo;.</p>
+<p>There&rsquo;s a bind9 server on dns.neocloud.tw (<code>10.127.225.2</code> and <code>fd10:127:5f37:59df::255:2</code>), all domain names are under &ldquo;.neo&rdquo;.</p>
 <h2>Connection Graph</h2>
@ -56,6 +56,7 @@ asn/        BGP AS Number allocation
 entity/     Entitys
 route/      Network subnet allocation
 node/       Nodes
 peer/       Peering status
 vpn/        VPN configuration examples (Tinc &amp; WireGuard)
 dns/        Bind9 DNS zone files and example configuration
 </code></pre>
--- a/document/asn-dir.txt
+++ b/document/asn-dir.txt
@ -8,3 +8,7 @@ NAME=""
 OWNER=""
 # Description
 DESC=""
 # if it's a ASN registered from *NIC, this variable records
 # whether members of NeoNetwork have validated its ownership yet
 # possible value: "YES" "NO"
 VALID=""
--- a/document/entity-dir.txt
+++ b/document/entity-dir.txt
@ -16,3 +16,5 @@ CONTACT=(
 BABEL=(
 	""
 )
 # OpenPGP key fingerprint
 AUTH="PGP:"
--- a/entity/Icecat
+++ b/entity/Icecat
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
 AUTH=""
--- a/entity/James58899
+++ b/entity/James58899
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
 AUTH=""
--- a/entity/JerryXiao
+++ b/entity/JerryXiao
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
 AUTH="PGP:186242204A2EC70438E9CE3B9D9CE43650FF2BAA"
--- a/entity/Junde
+++ b/entity/Junde
@ -0,0 +1,19 @@
 NAME="Junde Yhi"
 DESC=""
 CONTACT=(
 	"EMAIL:lmy441900@live.com"
 	"TELEGRAM:@lmy441900"
 	"MASTODON:@lmy441900@sn.angry.im"
 	"GITHUB:lmy441900"
 )
 BABEL=(
 	"zh-N"
 	"zh-hans-N"
 	"zh-hant-2"
 	"en-3"
 	"de-0"
 	"ru-0"
 	"jp-0"
 	"fi-0"
 )
 AUTH="PGP:E6C74782A1FBEE741D09885FD274286F672C800A"
--- a/entity/LINE-NZ
+++ b/entity/LINE-NZ
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	"en"
 )
 AUTH=""
--- a/entity/Lan
+++ b/entity/Lan
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
 AUTH=""
--- a/entity/LibreHouse
+++ b/entity/LibreHouse
@ -14,3 +14,4 @@ BABEL=(
 	"en-2"
 	"ja-0"
 )
 AUTH=""
--- a/entity/Ndoskrnl
+++ b/entity/Ndoskrnl
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	"zh|en-1"
 )
 AUTH=""
--- a/entity/Neo_Chen
+++ b/entity/Neo_Chen
@ -11,3 +11,4 @@ BABEL=(
 	"zh-N"
 	"en-2"
 )
 AUTH="PGP:D306BB628837043150CD1E42CA0957540FD996CD"
--- a/entity/SUNNET
+++ b/entity/SUNNET
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
 AUTH=""
--- a/entity/Septs
+++ b/entity/Septs
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
 AUTH=""
--- a/entity/Staph
+++ b/entity/Staph
@ -8,5 +8,10 @@ CONTACT=(
 	"GITHUB: StephDC"
 )
 BABEL=(
-	""
+	"zh-N"
 	"en-4"
 	"ja-2"
 	"es-1"
 	"fr-1"
 )
 AUTH=""
--- a/entity/Yangfl
+++ b/entity/Yangfl
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
 AUTH=""
--- a/entity/alanyhq
+++ b/entity/alanyhq
@ -0,0 +1,14 @@
 NAME="alanyhq"
 DESC=""
 CONTACT=(
 	"EMAIL:"
 	"TELEGRAM:@alanyhq"
 	"IRC:alanyhq"
 	"MASTODON:"
 	"GITHUB:"
 )
 BABEL=(
 	"zh-N"
 	"en-2"
 )
 AUTH=""
--- a/entity/chenx97
+++ b/entity/chenx97
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
 AUTH=""
--- a/entity/frank
+++ b/entity/frank
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
 AUTH=""
--- a/entity/leedagee
+++ b/entity/leedagee
@ -0,0 +1,13 @@
 NAME="leedagee"
 DESC=""
 CONTACT=(
 	"EMAIL:leedageea@gmail.com"
 	"TELEGRAM:@leedagee"
 	"IRC:lizr"
 	"GITHUB:leedagee"
 )
 BABEL=(
 	"zh-N"
 	"en-2"
 )
 AUTH="PGP:47627D2288B20CC033C7B7D72D83E4E89C15DA36"
--- a/entity/licson
+++ b/entity/licson
@ -0,0 +1,13 @@
 NAME="licson"
 DESC=""
 CONTACT=(
 	"EMAIL:admin@licson.net"
 	"TELEGRAM:licson"
 	"IRC:licson"
 	"MASTODON:"
 	"GITHUB:licson0729"
 )
 BABEL=(
 	""
 )
 AUTH=""
--- a/entity/santost12
+++ b/entity/santost12
@ -10,3 +10,4 @@ CONTACT=(
 BABEL=(
 	""
 )
 AUTH=""
--- a/node/leedagee
+++ b/node/leedagee
@ -0,0 +1,4 @@
 ASN="4201270014"
 DESC=""
 IP=(
 )
--- a/node/staph
+++ b/node/staph
@ -1,4 +1,5 @@
 ASN="4201270007"
-DESC=""
+DESC="Home of S. aureus in Amsterdam"
 IP=(
 	"10.127.8.185/29"
 )
--- a/node/yhi-h
+++ b/node/yhi-h
@ -0,0 +1,4 @@
 ASN="AS4201270012"
 DESC=""
 IP=(
 )
--- a/nodes.dot
+++ b/nodes.dot
@ -20,8 +20,8 @@ digraph "NeoNetwork Nodes"
 	magicneko_RU01 [label="M-RU1\n(10.127.4.14,\nfd10:127:0233:7170:2021::10.127.4.14)"]
 	magicneko_JP03 [label="M-JP3\n(10.127.4.15,\nfd10:127:0233:7170:2021::10.127.4.15)"]
 	magicneko_CN01 [label="M-CN1\n(10.127.4.101,\nfd10:127:0233:7170:2021::10.127.4.101)"]
-	staph [label="s.aureus.ga\n(10.127.8.185)\n(AS4201270007)"]
+	staph [label="s.aureus.ga\n(10.127.8.185\nfd10:127:7::1)\n(AS4201270007)"]
-	staph_CN [label="cnhome.aureus.ga\n(10.127.8.187)\n(AS4201270007)"]
+	staph_CN [label="cnhome.aureus.ga\n(10.127.8.187\nfd10:127:7::3)\n(AS4201270007)"]
 	chenx97 [label="chenx97.neocloud.tw\n(AS4201270003)"]
 	JerryXiao [label="jpn.neo.jerryxiao.cc\n(10.127.8.193)"]
 	JerryXiao_SH01 [label="jerryxiao-sh01\n(10.127.8.195)"]
--- a/route/10.127.14.0,23
+++ b/route/10.127.14.0,23
@ -0,0 +1,4 @@
 TYPE="SUBNET"
 NAME="LICSON-NET-SUBALLOC-1"
 DESC=""
 ASN="134098"
--- a/route/10.127.23.0,29
+++ b/route/10.127.23.0,29
@ -0,0 +1,4 @@
 TYPE="SUBNET"
 NAME="leedagee"
 DESC="leedagee"
 ASN="4201270014"
--- a/route/10.127.5.0,28
+++ b/route/10.127.5.0,28
@ -0,0 +1,4 @@
 TYPE=SUBNET
 NAME="yhi-h"
 DESC="Yhi Interconnect H"
 ASN="AS4201270012"
--- a/route/10.127.8.184,29
+++ b/route/10.127.8.184,29
@ -1,4 +1,4 @@
 TYPE="SUBNET"
 NAME="StaphNet"
-DESC="For Staph equipments around the world"
+DESC="For Staph-infected equipments around the world"
 ASN="4201270007"
--- a/route6/fd10:127:0023::,48
+++ b/route6/fd10:127:0023::,48
@ -0,0 +1,4 @@
 TYPE="SUBNET"
 NAME="leedagee"
 DESC="leedagee"
 ASN="4201270014"
--- a/route6/fd10:127:5f37:59df::,64
+++ b/route6/fd10:127:5f37:59df::,64
@ -1,4 +1,4 @@
 TYPE=SUBNET
-NAME="CROOM"
+NAME="NeoNetwork Origin"
-DESC="For CROOM connectivity"
+DESC="Neo_Chen's Network"
 ASN="4201270000"
--- a/route6/fd10:127:7::,48
+++ b/route6/fd10:127:7::,48
@ -0,0 +1,4 @@
 TYPE="SUBNET"
 NAME="Staph_v6"
 DESC="Staph-infected IPv6 subnet - please do not disinfect"
 ASN="4201270007"
--- a/scripts/dns-reverse-generator.sh
+++ b/scripts/dns-reverse-generator.sh
@ -38,7 +38,7 @@ for i in *; do
 	if [ "$TYPE" = "LO" ]; then
 		ip="${i/,32/}"
-		print_record "$(ipcalc "$ip" 0)" "$NAME.neo" >> "$LO_TEMP"
+		print_record "$(ipcalc "$ip" 0)" "$NAME.neo." >> "$LO_TEMP"
 	fi
 done
 )
--- a/scripts/pretty-output.sh
+++ b/scripts/pretty-output.sh
@ -99,7 +99,7 @@ if [ $# -lt 1 ]; then
 		"Usage: table-output.sh <table type>\n" \
 		"\n" \
 		"	table types:\n" \
-		"		asn, route, people, node\n"
+		"		asn, route, entity, node\n"
 fi
 arg="$2"	# Optional argument
@ -123,15 +123,28 @@ route)
 		subnet="${subnet/,/\/}"
 		source "$i"
 		case "$TYPE" in
 			TUN30)	print_tun30	"$subnet" "$PROTO" "$UPSTREAM" "$DOWNSTREAM";;
 			SUBNET)	print_subnet	"$subnet" "$NAME" "$DESC";;
 			LO)	print_lo	"$subnet" "$NAME" "$DESC";;
 			*)	errmsg "Invalid \$TYPE in $i\n";;
 		esac
 	done
 	;;
-people);;
+entity);;
-node);;
+node)
 	for i in node/*; do
 		node="${i#node/}"
 		source "$i"
 		echo -e \
 			"${BRIGHT}${BBLUE}${FYELLOW}========================================${RESET}"
 		printf "${BRIGHT}${FYELLOW}%12s${RESET} | ${BRIGHT}${FGREEN}%20s${RESET} | ${FCYAN}%s${RESET}\n" "AS${ASN}" "$node" "$DESC"
 		for ip in "${IP[@]}"; do
 			printf "\t%s\n" "$ip"
 		done
 	done
 	;;
 *) errmsg "Invalid type\n";;
 esac
--- a/scripts/roa.py
+++ b/scripts/roa.py
@ -9,9 +9,7 @@ import re
 NEONET_ADDR_POOL = ('10.127.0.0/16', 'fd10:127::/32')
 NEONET_ADDR_POOL = [ip_network(neo) for neo in NEONET_ADDR_POOL]
 IS_NEONET = lambda net: bool([True for neo in NEONET_ADDR_POOL if net.version == neo.version and net.subnet_of(neo)])
-if not hasattr(IPv4Network, 'subnet_of'):
+assert hasattr(IPv4Network, 'subnet_of') # needs at least python 3.7
    IS_NEONET = lambda x: True
    print('# [!] IPv4Network has no attr subnet_of, please consider upgrading your python installation')
 class BashParser:
    def __init__(self):
@ -79,7 +77,7 @@ def neoneo_get_people():
            if not f.is_file():
                continue
            fc = shell2dict(f.read_text())
-            present_keys = ('name', 'desc', 'contact', 'babel')
+            present_keys = ('name', 'desc', 'contact', 'babel', 'auth')
            assert f.name
            people[f.name] = {k: fc.get(k) for k in present_keys}
            nic_hdl = name2nichdl(f.name)
@ -88,6 +86,15 @@ def neoneo_get_people():
            people[f.name]['nic_hdl'] = nic_hdl
            for v in people[f.name].values():
                assert v is not None
            auth = people[f.name]['auth']
            if auth:
                method, data = auth.split(':')
                assert method in ('PGP', 'SSH')
                if method == 'PGP':
                    assert len(data) == 40 # invaild pgp fingerprint
                elif method == 'SSH':
                    assert data.startswith('ssh-') # invalid ssh pubkey
                people[f.name]['auth'] = f"{'pgp-fingerprint ' if method == 'PGP' else ''}{data.strip()}"
        except Exception:
            print("[!] Error while processing file", f)
            raise
@ -171,16 +178,22 @@ def neonet_route2roa(dirname, is_ipv6=False):
            print("[!] Error while processing file", f)
            raise
    roa_entries.sort(key=lambda l: l['asn'])
    l_prefix = [_roa['prefix'] for _roa in roa_entries]
    for _net1, _net2 in combinations(roa_entries, 2):
        net1, net2 = sorted([_net1, _net2], key=lambda net: net['prefix'].prefixlen)
        if net1['prefix'].overlaps(net2['prefix']):
-            if net1['prefix'] != net2['prefix'] and net1['prefix'].supernet_of(net2['prefix']) \
+            try:
-                and net2['supernet'] == net1['prefix']:
+                assert net1['prefix'] != net2['prefix']
-                # This is allowed
+                assert net1['prefix'].supernet_of(net2['prefix'])
-                pass
+                s1net, s2net= (net1['supernet'], net2['supernet'])
-            else:
+                assert s2net # please include SUPERNET=<cidr> in your route
-                print("[!] Error: found", net2, "overlaps", net1)
+                # if net1(the bigger net) has a supernet s1net, then s1net and net1
-                raise AssertionError # if this is intended, please include SUPERNET=<cidr> in your route
+                # will be checked or must have been checked, same for net2
                assert not s1net               or s1net in l_prefix # net1.supernet is garbage
                assert s2net == net1['prefix'] or s2net in l_prefix # net2.supernet is garbage
            except AssertionError:
                print("[!] Error: found", net1, "overlaps", net2)
                raise
    return roa_entries
 if __name__ == "__main__":