Implement max-len filter

To implement a max-length filter, we need a rule/policy/filter file that contains the corresponding prefixes with their maximum length and a list with the prefixes without maxlen to distinguish if the prefix belongs to CRXN or to dn42. The entitydb contains a bash script for this purpose. If you run this script with the argument bird, you will get a bird-compatible list with the maximum lengths. If you run the script with the bird prefix-list parameter, you will get a prefix list without the maximum lengths.

define CRXN_IPs = [
    include "<path-to-file-1>";

define CRXN_MAXLEN = [
    include "<path-to-file-2>";

function is_crxn_net() {
  return net ~ CRXN_IPs;

function is_maxlen_valid() {
  return net ~ CRXN_MAXLEN;

This bird configuration can be used to load the file. You have to replace <path-to-file-1> with the path of the filter file without maximum lengths and <path-to-file-2> with the path of the filter file with maximum lengths. Function is_crxn_net then checks if the prefix belongs to the CRXN network and function is_maxlen_valid then checks if the prefix is maxlen-valid.

if (is_crxn_net() && (! is_maxlen_valid())) then {
    print "[CRXN] Invalid crxn route: ", net;

This instruction checks whether a prefix belongs to the CRXN network and then whether the prefix is maxlen-valid. If it is not maxlen-valid, it is filtered and a message is issued.

This configuration can then be added to your import filter before accept. The line with print is optional. If you leave this line, every hjack attempt will be logged in the bird log output.