Filters giving odd errors
Skyler Mäntysaari
sm at samip.fi
Thu Aug 13 17:46:27 CEST 2020
Line 360 is the prefix_is_bogon if statement.
The bogon lists can be seen from:
https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf#L36-L84
-----------------------------------------------------------
if prefix_is_bogon() then
reject "prefix is bogon - REJECTING ", net;
-----------------------------------------------------------
function prefix_is_bogon() {
if net.type = NET_IP4 then
if net ~ BOGONS_4 then return true;
if net.type = NET_IP6 then
if net ~ BOGONS_6 then return true;
return false;
}
-----------------------------------------------------------
P.S Please do not reply to me directly, but to the list.
On 13/08/2020 18.41, Maria Matějka wrote:
> Hello!
> The error message tells you that you are passing something strange to
> the condition on line 360. What do you have on line 360?
> Maria
>
> On August 13, 2020 4:46:12 PM GMT+02:00, "Skyler Mäntysaari"
> <sm at samip.fi> wrote:
>
> Hi there,
>
> I'm using the template from
> https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf <https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf>
> for my filters, and I'm getting argument related errors in logs.
>
> What's the issue with those filters?
>
> P.S I need to find a guide on how to do bird2 and RPKI as well.
>
> Logs:
> ------------------------------------------------------------------------
> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
> FI_CONDITION must be of type T_BOOL, got 0x00
> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
> FI_CONDITION must be of type T_BOOL, got 0x00
> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
> FI_CONDITION must be of type T_BOOL, got 0x00
> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
> FI_CONDITION must be of type T_BOOL, got 0x00
> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
> FI_CONDITION must be of type T_BOOL, got 0x00
> 2020-08-13 17:37:47 <ERR> ...
> ------------------------------------------------------------------------
> Bird config, the filter functions:
> ------------------------------------------------------------------------
> # --- Filters (technically functions) ---
> function default_import() {
> if bgp_path.len > 32 then
> reject "AS_PATH len [", bgp_path.len ,"] longer than 32 - REJECTING
> ", net;
>
> if prefix_is_in_global_blacklist() then
> reject "prefix is in global blacklist - REJECTING ", net;
>
> if is_own_prefix() then
> reject "prefix is our own - REJECTING ", net;
>
> if is_own_internal_prefix() then {
> if !prefix_is_in_global_whitelist() then
> reject "prefix is our own and internal - REJECTING ", net;
> }
>
> if prefix_is_bogon() then
> reject "prefix is bogon - REJECTING ", net;
>
> if net.type = NET_IP4 then
> if !is_prefix_length_valid(8, 24) then
> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
>
> if net.type = NET_IP6 then
> if !is_prefix_length_valid(12, 56) then
> reject "prefix len [", net.len, "] not in 12-56 - REJECTING ", net;
>
> #perform_rpki_validation();
>
> if route_is_rpki_invalid() then
> reject "RPKI, route is INVALID - REJECTING ", net;
>
> add_region_community();
> add_site_community();
> honor_graceful_shutdown();
>
> accept;
> }
>
> function peer_import() {
> scrub_communities_in();
> add_peer_community();
> default_import();
> }
>
> function peer_export() {
> strip_private_asns();
> add_global_prepends();
>
> if is_own_prefix() then accept;
>
> if route_is_rpki_invalid() then
> reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
>
> if is_own_internal_prefix() then {
> if !prefix_is_in_global_whitelist() then
> reject "prefix is our own and internal - NOT ANNOUNCING ", net;
> }
>
> if net.type = NET_IP4 then
> if !is_prefix_length_valid(8, 24) then
> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
>
> if net.type = NET_IP6 then
> if !is_prefix_length_valid(12, 48) then
> reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
>
> if prefix_is_bogon() then
> reject "prefix is bogon - NOT ANNOUNCING ", net;
>
> if as_path_contains_invalid_asn() then
> reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
> ", net;
>
> if should_not_export_to_site() then
> reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
>
> if should_not_export_to_region() then
> reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
> net;
>
> if should_not_export_to_peers() then
> reject "NO_EXPORT community in place for peers - NOT ANNOUNCING ", net;
>
> if prefix_is_in_global_blacklist() then
> reject "prefix is in global blacklist - REJECTING ", net;
>
> if was_learned_from_customer() then accept;
>
> reject;
> }
>
> function upstream_import() {
> scrub_communities_in();
> add_upstream_community();
> default_import();
> }
>
> function upstream_export() {
> strip_private_asns();
> add_global_prepends();
>
> if is_own_prefix() then accept;
>
> if route_is_rpki_invalid() then
> reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
>
> if is_own_internal_prefix() then {
> if !prefix_is_in_global_whitelist() then
> reject "prefix is our own and internal - NOT ANNOUNCING ", net;
> }
>
> if net.type = NET_IP4 then
> if !is_prefix_length_valid(8, 24) then
> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
>
> if net.type = NET_IP6 then
> if !is_prefix_length_valid(12, 48) then
> reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
>
> if prefix_is_bogon() then
> reject "prefix is bogon - NOT ANNOUNCING ", net;
>
> if as_path_contains_invalid_asn() then
> reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
> ", net;
>
> if should_not_export_to_site() then
> reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
>
> if should_not_export_to_region() then
> reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
> net;
>
> if should_not_export_to_upstreams() then
> reject "NO_EXPORT community in place for upstreams - NOT ANNOUNCING
> ", net;
>
> if prefix_is_in_global_blacklist() then
> reject "prefix is in global blacklist - REJECTING ", net;
>
> if was_learned_from_customer() then accept;
>
> reject;
> }
>
> function customer_import() {
> scrub_communities_in();
> add_customer_community();
> default_import();
> }
>
> function customer_export() {
> strip_private_asns();
> add_global_prepends();
>
> if is_own_prefix() then accept;
>
> if route_is_rpki_invalid() then
> reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
>
> if is_own_internal_prefix() then {
> if !prefix_is_in_global_whitelist() then
> reject "prefix is our own and internal - NOT ANNOUNCING ", net;
> }
>
> if net.type = NET_IP4 then
> if !is_prefix_length_valid(8, 24) then
> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
>
> if net.type = NET_IP6 then
> if !is_prefix_length_valid(12, 48) then
> reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
>
> if prefix_is_bogon() then
> reject "prefix is bogon - NOT ANNOUNCING ", net;
>
> if as_path_contains_invalid_asn() then
> reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
> ", net;
>
> if should_not_export_to_site() then
> reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
>
> if should_not_export_to_region() then
> reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
> net;
>
> if should_not_export_to_customers() then
> reject "NO_EXPORT community in place for customers - NOT ANNOUNCING
> ", net;
>
> if prefix_is_in_global_blacklist() then
> reject "prefix is in global blacklist - REJECTING ", net;
>
> if was_learned_from_peer() then accept;
> if was_learned_from_private_peer() then accept;
> if was_learned_from_upstream() then accept;
> if was_learned_from_customer() then accept;
>
> reject;
> }
>
> function core_import() {
> if prefix_is_bogon() then reject;
>
> if prefix_is_in_global_blacklist() then
> reject "prefix is in global blacklist - REJECTING ", net;
>
> honor_graceful_shutdown();
> accept;
> }
>
> function core_export() {
> if prefix_is_bogon() then reject;
>
> if prefix_is_in_global_blacklist() then
> reject "prefix is in global blacklist - REJECTING ", net;
>
> if is_own_prefix() then accept;
> if is_own_internal_prefix() then accept;
> if was_learned_from_peer() then accept;
> if was_learned_from_private_peer() then accept;
> if was_learned_from_upstream() then accept;
> if was_learned_from_customer() then accept;
>
> reject;
> }
> ------------------------------------------------------------------------
> --
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus <https://www.avast.com/antivirus>
>
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20200813/72d43844/attachment.htm>
More information about the Bird-users
mailing list