how to use "Operators" in bird
popovich_sergei at mail.ru
Wed Jul 30 13:28:41 CEST 2014
> My system is Ubuntu 13.04, kernel version is 3.8.0-21-generic, bird version
> is 1.4.4.
> Device configuration is as follows:
> 1. about function
> function rt_import (int asn; int set peer_asns; prefix set peer_nets)
> if (net ~ peer_nets) then return false!;
> 2. about filter
> filter bgp_upstream
> if rt_import (64609, , [192.168.1.0/24]) then reject;
> In the above function, I use net ~ peer_nets to filter out peer_nets route,
> but in filter medium, peer_nets defined as 192.168.1.0/24, which would lead
> to such a fine route 192.168.1.1 will be filtered out. If the test using
> the "-" operator, will lead filter to filter out all the routes. Why?
192.168.1.1/32 should not be filtered with !(net ~ peer_nets) when
peer_nets = [ 192.168.1.0/24 ] as this specifies set of prefixes
with one prefix 192.168.1.0/24.
192.168.1.1/32 is another prefix (network address + prefix length,
not just IP address) and net ~ [ 192.168.1.0/24 ] gives false (i.e.
prefix 192.168.1.1/32 not in the prefix set peer_nets).
"-" operator is undefined when supstracting from net (prefix type)
peer_nets (prefix set type) and filter error should be logged probably.
> In the above example, how can I use "operators" to achieve peer_nets
> defined as 192.168.1.0/24, 192.168.1.1 subnet address to ensure it will not
> be filtered out.
[192.168.1.0/24] and 192.168.1.0/24 are not the same.
[192.168.1.0/24] - is a prefix set (set of IP prefixes),
and 192.168.1.0/24 is a just IP prefix.
"~" could be used on both, but with different meaning.
net ~ [192.168.1.0/24] it matches net to the set of prefixes.
net ~ 192.168.1.0/24 matches if net is subnet of 192.168.1.0/24.
net.ip ~ 192.168.1.0/24 or
192.168.1.1 ~ 192.168.1.0/24 matches IP to the prefix.
So if peer_nets declared as prefix in rt_import()
(not prefix set, as in your rt_import()) statement net ~ peer_nets
would match and prefix is filtered if peer_nets specified as
192.168.1.0/24 on rt_import() call.
Furthermore as I said previously net ~ [192.168.1.0/24] shall
not filter 192.168.1.1/32, but net ~ [192.168.1.0/24+] will do that
(see BIRD's documentation filter section for details on sets of
prefixes and how they could be written).
> Thank you very much for nothing always help, thanks.
More information about the Bird-users