Filters giving odd errors
Skyler Mäntysaari
sm at samip.fi
Thu Aug 13 16:46:12 CEST 2020
Hi there,
I'm using the template from
https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf
for my filters, and I'm getting argument related errors in logs.
What's the issue with those filters?
P.S I need to find a guide on how to do bird2 and RPKI as well.
Logs:
----------------------------------------------------
2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
FI_CONDITION must be of type T_BOOL, got 0x00
2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
FI_CONDITION must be of type T_BOOL, got 0x00
2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
FI_CONDITION must be of type T_BOOL, got 0x00
2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
FI_CONDITION must be of type T_BOOL, got 0x00
2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
FI_CONDITION must be of type T_BOOL, got 0x00
2020-08-13 17:37:47 <ERR> ...
----------------------------------------------------
Bird config, the filter functions:
----------------------------------------------------
# --- Filters (technically functions) ---
function default_import() {
if bgp_path.len > 32 then
reject "AS_PATH len [", bgp_path.len ,"] longer than 32 - REJECTING
", net;
if prefix_is_in_global_blacklist() then
reject "prefix is in global blacklist - REJECTING ", net;
if is_own_prefix() then
reject "prefix is our own - REJECTING ", net;
if is_own_internal_prefix() then {
if !prefix_is_in_global_whitelist() then
reject "prefix is our own and internal - REJECTING ", net;
}
if prefix_is_bogon() then
reject "prefix is bogon - REJECTING ", net;
if net.type = NET_IP4 then
if !is_prefix_length_valid(8, 24) then
reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
if net.type = NET_IP6 then
if !is_prefix_length_valid(12, 56) then
reject "prefix len [", net.len, "] not in 12-56 - REJECTING ", net;
#perform_rpki_validation();
if route_is_rpki_invalid() then
reject "RPKI, route is INVALID - REJECTING ", net;
add_region_community();
add_site_community();
honor_graceful_shutdown();
accept;
}
function peer_import() {
scrub_communities_in();
add_peer_community();
default_import();
}
function peer_export() {
strip_private_asns();
add_global_prepends();
if is_own_prefix() then accept;
if route_is_rpki_invalid() then
reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
if is_own_internal_prefix() then {
if !prefix_is_in_global_whitelist() then
reject "prefix is our own and internal - NOT ANNOUNCING ", net;
}
if net.type = NET_IP4 then
if !is_prefix_length_valid(8, 24) then
reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
if net.type = NET_IP6 then
if !is_prefix_length_valid(12, 48) then
reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
if prefix_is_bogon() then
reject "prefix is bogon - NOT ANNOUNCING ", net;
if as_path_contains_invalid_asn() then
reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
", net;
if should_not_export_to_site() then
reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
if should_not_export_to_region() then
reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
net;
if should_not_export_to_peers() then
reject "NO_EXPORT community in place for peers - NOT ANNOUNCING ", net;
if prefix_is_in_global_blacklist() then
reject "prefix is in global blacklist - REJECTING ", net;
if was_learned_from_customer() then accept;
reject;
}
function upstream_import() {
scrub_communities_in();
add_upstream_community();
default_import();
}
function upstream_export() {
strip_private_asns();
add_global_prepends();
if is_own_prefix() then accept;
if route_is_rpki_invalid() then
reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
if is_own_internal_prefix() then {
if !prefix_is_in_global_whitelist() then
reject "prefix is our own and internal - NOT ANNOUNCING ", net;
}
if net.type = NET_IP4 then
if !is_prefix_length_valid(8, 24) then
reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
if net.type = NET_IP6 then
if !is_prefix_length_valid(12, 48) then
reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
if prefix_is_bogon() then
reject "prefix is bogon - NOT ANNOUNCING ", net;
if as_path_contains_invalid_asn() then
reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
", net;
if should_not_export_to_site() then
reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
if should_not_export_to_region() then
reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
net;
if should_not_export_to_upstreams() then
reject "NO_EXPORT community in place for upstreams - NOT ANNOUNCING
", net;
if prefix_is_in_global_blacklist() then
reject "prefix is in global blacklist - REJECTING ", net;
if was_learned_from_customer() then accept;
reject;
}
function customer_import() {
scrub_communities_in();
add_customer_community();
default_import();
}
function customer_export() {
strip_private_asns();
add_global_prepends();
if is_own_prefix() then accept;
if route_is_rpki_invalid() then
reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
if is_own_internal_prefix() then {
if !prefix_is_in_global_whitelist() then
reject "prefix is our own and internal - NOT ANNOUNCING ", net;
}
if net.type = NET_IP4 then
if !is_prefix_length_valid(8, 24) then
reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
if net.type = NET_IP6 then
if !is_prefix_length_valid(12, 48) then
reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
if prefix_is_bogon() then
reject "prefix is bogon - NOT ANNOUNCING ", net;
if as_path_contains_invalid_asn() then
reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
", net;
if should_not_export_to_site() then
reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
if should_not_export_to_region() then
reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
net;
if should_not_export_to_customers() then
reject "NO_EXPORT community in place for customers - NOT ANNOUNCING
", net;
if prefix_is_in_global_blacklist() then
reject "prefix is in global blacklist - REJECTING ", net;
if was_learned_from_peer() then accept;
if was_learned_from_private_peer() then accept;
if was_learned_from_upstream() then accept;
if was_learned_from_customer() then accept;
reject;
}
function core_import() {
if prefix_is_bogon() then reject;
if prefix_is_in_global_blacklist() then
reject "prefix is in global blacklist - REJECTING ", net;
honor_graceful_shutdown();
accept;
}
function core_export() {
if prefix_is_bogon() then reject;
if prefix_is_in_global_blacklist() then
reject "prefix is in global blacklist - REJECTING ", net;
if is_own_prefix() then accept;
if is_own_internal_prefix() then accept;
if was_learned_from_peer() then accept;
if was_learned_from_private_peer() then accept;
if was_learned_from_upstream() then accept;
if was_learned_from_customer() then accept;
reject;
}
----------------------------------------------------
--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the Bird-users
mailing list