BIRD 1.6.3 + ROA crashing issue

Javor Kliachev jkliachev at neterra.net
Wed Mar 21 15:29:13 CET 2018


Hi,

Thank you very much for the fast response.

The patch has completely fixed the issue!

One more question about the ROA:

Is it possible to use roa_check() into another function and first 
parameter of the roa_check to be some argument like peer_as for an example:

roa table 65501 {
         roa 1.2.3.0/24 max 32 as 65501;
}


function BGP_IN(*int peer_as*) {

  if roa_check(*peer_as*, net, bgp_path.last) = ROA_INVALID then {
         print "ROA check failed for ", net, " from ASN ", 
bgp_path.last; return false;
  }

  if roa_check(*peer_as*, net, bgp_path.last) = ROA_UNKNOWN then {
          print "ROA check failed: unallowed prefix - ", net, " origin 
ASN ", bgp_path.last , " - AS-PATH", bgp_path , " via ", proto; return 
false;
  }
return true;
}

When I put the above lines in the configuration and try to reconfigure I 
got the following error:

/root at rs2-lab:/usr/local/bird-new/etc# birdc c//
//BIRD 1.6.3 ready.//
//Reading configuration from /usr/local/bird-new/etc/bird.conf//
///usr/local/bird-new/etc/roa.conf, line 8: peer_as is not a ROA table/

It makes me think that such implementation is not possible or may be I'm 
totally wrong or miss a bit something.

Thank you once again!

Best~

On 21.03.2018 15:40, Ondrej Zajicek wrote:
> On Wed, Mar 21, 2018 at 12:45:54PM +0200, Javor Kliachev wrote:
>> Hello,
>>
>> We have been using BIRD 1.6.3 on Ubuntu 16.04 as Route Server for a long
>> time.
>>
>> Recently we decided to implement a ROA check filtration but we're
>> experiencing the daemon is crashing whenever
>> removing roa table from the file config even when the roa table is not
>> applied anywhere.
> Hello
>
> Is the issue fixed by this patch:
>
> https://gitlab.labs.nic.cz/labs/bird/commit/0ff86d054efa8005c5df943acf6d2122781d3175
>
> ?
>

-- 
---


    Javor Kliachev


        Senior Engineer IP Services

office:+359 2 974 33 11
mobile:+359 885 98 84 95
www.neterra.net <http://www.neterra.net> 
<https://bg.linkedin.com/pub/javor-kliachev/11/b46/843>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20180321/7facf261/attachment.html>


More information about the Bird-users mailing list