> hi,

> My system is Ubuntu 13.04, kernel version is 3.8.0-21-generic, bird version
> is 1.4.4.
> Device configuration is as follows:
> 1. about function
> function rt_import (int asn; int set peer_asns; prefix set peer_nets)
> {
>    if (net ~ peer_nets) then return false!;
> }
> 2. about filter
> filter bgp_upstream
> {
>          if rt_import (64609, [64609], []) then reject;
> }
> In the above function, I use net ~ peer_nets to filter out peer_nets route,
> but in filter medium, peer_nets defined as, which would lead
> to such a fine route will be filtered out. If the test using
> the "-" operator, will lead filter to filter out all the routes. Why? should not be filtered with !(net ~ peer_nets) when
peer_nets = [ ] as this specifies set of prefixes
with one prefix is another prefix (network address + prefix length,
not just IP address) and net ~ [ ] gives false (i.e.
prefix not in the prefix set peer_nets).

"-" operator is undefined when supstracting from net (prefix type)
peer_nets (prefix set type) and filter error should be logged probably.

> In the above example, how can I use "operators" to achieve peer_nets
> defined as, subnet address to ensure it will not
> be filtered out.

[] and are not the same.

[] - is a prefix set (set of IP prefixes),
and is a just IP prefix.

"~" could be used on both, but with different meaning.

net ~ []       it matches net to the set of prefixes.
net ~         matches if net is subnet of
net.ip ~ or ~ matches IP to the prefix.

So if peer_nets declared as prefix in rt_import()
(not prefix set, as in your rt_import()) statement net ~ peer_nets
would match and prefix is filtered if peer_nets specified as on rt_import() call.

Furthermore as I said previously net ~ [] shall
not filter, but net ~ [] will do that
(see BIRD's documentation filter section for details on sets of
prefixes and how they could be written).

Sergey Popovich

