Filters giving odd errors
Maria Matejka
maria.matejka at nic.cz
Fri Aug 14 01:15:15 CEST 2020
I'm unable to reproduce the reported behavior. Could you please try to
reduce your config to a minimum config that would reproduce this
behavior? What version are you using?
Thanks,
Maria
On 8/13/20 5:46 PM, Skyler Mäntysaari wrote:
> Line 360 is the prefix_is_bogon if statement.
>
> The bogon lists can be seen from:
> https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf#L36-L84
>
> -----------------------------------------------------------
> if prefix_is_bogon() then
> reject "prefix is bogon - REJECTING ", net;
> -----------------------------------------------------------
> function prefix_is_bogon() {
> if net.type = NET_IP4 then
> if net ~ BOGONS_4 then return true;
> if net.type = NET_IP6 then
> if net ~ BOGONS_6 then return true;
> return false;
> }
> -----------------------------------------------------------
>
> P.S Please do not reply to me directly, but to the list.
>
> On 13/08/2020 18.41, Maria Matějka wrote:
>> Hello!
>> The error message tells you that you are passing something strange to
>> the condition on line 360. What do you have on line 360?
>> Maria
>>
>> On August 13, 2020 4:46:12 PM GMT+02:00, "Skyler Mäntysaari"
>> <sm at samip.fi> wrote:
>>
>> Hi there,
>>
>> I'm using the template from
>> https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf
>> for my filters, and I'm getting argument related errors in logs.
>>
>> What's the issue with those filters?
>>
>> P.S I need to find a guide on how to do bird2 and RPKI as well.
>>
>> Logs:
>> ------------------------------------------------------------------------
>> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
>> FI_CONDITION must be of type T_BOOL, got 0x00
>> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
>> FI_CONDITION must be of type T_BOOL, got 0x00
>> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
>> FI_CONDITION must be of type T_BOOL, got 0x00
>> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
>> FI_CONDITION must be of type T_BOOL, got 0x00
>> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
>> FI_CONDITION must be of type T_BOOL, got 0x00
>> 2020-08-13 17:37:47 <ERR> ...
>> ------------------------------------------------------------------------
>> Bird config, the filter functions:
>> ------------------------------------------------------------------------
>> # --- Filters (technically functions) ---
>> function default_import() {
>> if bgp_path.len > 32 then
>> reject "AS_PATH len [", bgp_path.len ,"] longer than 32 - REJECTING
>> ", net;
>>
>> if prefix_is_in_global_blacklist() then
>> reject "prefix is in global blacklist - REJECTING ", net;
>>
>> if is_own_prefix() then
>> reject "prefix is our own - REJECTING ", net;
>>
>> if is_own_internal_prefix() then {
>> if !prefix_is_in_global_whitelist() then
>> reject "prefix is our own and internal - REJECTING ", net;
>> }
>>
>> if prefix_is_bogon() then
>> reject "prefix is bogon - REJECTING ", net;
>>
>> if net.type = NET_IP4 then
>> if !is_prefix_length_valid(8, 24) then
>> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
>>
>> if net.type = NET_IP6 then
>> if !is_prefix_length_valid(12, 56) then
>> reject "prefix len [", net.len, "] not in 12-56 - REJECTING ", net;
>>
>> #perform_rpki_validation();
>>
>> if route_is_rpki_invalid() then
>> reject "RPKI, route is INVALID - REJECTING ", net;
>>
>> add_region_community();
>> add_site_community();
>> honor_graceful_shutdown();
>>
>> accept;
>> }
>>
>> function peer_import() {
>> scrub_communities_in();
>> add_peer_community();
>> default_import();
>> }
>>
>> function peer_export() {
>> strip_private_asns();
>> add_global_prepends();
>>
>> if is_own_prefix() then accept;
>>
>> if route_is_rpki_invalid() then
>> reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
>>
>> if is_own_internal_prefix() then {
>> if !prefix_is_in_global_whitelist() then
>> reject "prefix is our own and internal - NOT ANNOUNCING ", net;
>> }
>>
>> if net.type = NET_IP4 then
>> if !is_prefix_length_valid(8, 24) then
>> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
>>
>> if net.type = NET_IP6 then
>> if !is_prefix_length_valid(12, 48) then
>> reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
>>
>> if prefix_is_bogon() then
>> reject "prefix is bogon - NOT ANNOUNCING ", net;
>>
>> if as_path_contains_invalid_asn() then
>> reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
>> ", net;
>>
>> if should_not_export_to_site() then
>> reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
>>
>> if should_not_export_to_region() then
>> reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
>> net;
>>
>> if should_not_export_to_peers() then
>> reject "NO_EXPORT community in place for peers - NOT ANNOUNCING ", net;
>>
>> if prefix_is_in_global_blacklist() then
>> reject "prefix is in global blacklist - REJECTING ", net;
>>
>> if was_learned_from_customer() then accept;
>>
>> reject;
>> }
>>
>> function upstream_import() {
>> scrub_communities_in();
>> add_upstream_community();
>> default_import();
>> }
>>
>> function upstream_export() {
>> strip_private_asns();
>> add_global_prepends();
>>
>> if is_own_prefix() then accept;
>>
>> if route_is_rpki_invalid() then
>> reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
>>
>> if is_own_internal_prefix() then {
>> if !prefix_is_in_global_whitelist() then
>> reject "prefix is our own and internal - NOT ANNOUNCING ", net;
>> }
>>
>> if net.type = NET_IP4 then
>> if !is_prefix_length_valid(8, 24) then
>> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
>>
>> if net.type = NET_IP6 then
>> if !is_prefix_length_valid(12, 48) then
>> reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
>>
>> if prefix_is_bogon() then
>> reject "prefix is bogon - NOT ANNOUNCING ", net;
>>
>> if as_path_contains_invalid_asn() then
>> reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
>> ", net;
>>
>> if should_not_export_to_site() then
>> reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
>>
>> if should_not_export_to_region() then
>> reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
>> net;
>>
>> if should_not_export_to_upstreams() then
>> reject "NO_EXPORT community in place for upstreams - NOT ANNOUNCING
>> ", net;
>>
>> if prefix_is_in_global_blacklist() then
>> reject "prefix is in global blacklist - REJECTING ", net;
>>
>> if was_learned_from_customer() then accept;
>>
>> reject;
>> }
>>
>> function customer_import() {
>> scrub_communities_in();
>> add_customer_community();
>> default_import();
>> }
>>
>> function customer_export() {
>> strip_private_asns();
>> add_global_prepends();
>>
>> if is_own_prefix() then accept;
>>
>> if route_is_rpki_invalid() then
>> reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
>>
>> if is_own_internal_prefix() then {
>> if !prefix_is_in_global_whitelist() then
>> reject "prefix is our own and internal - NOT ANNOUNCING ", net;
>> }
>>
>> if net.type = NET_IP4 then
>> if !is_prefix_length_valid(8, 24) then
>> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
>>
>> if net.type = NET_IP6 then
>> if !is_prefix_length_valid(12, 48) then
>> reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
>>
>> if prefix_is_bogon() then
>> reject "prefix is bogon - NOT ANNOUNCING ", net;
>>
>> if as_path_contains_invalid_asn() then
>> reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
>> ", net;
>>
>> if should_not_export_to_site() then
>> reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
>>
>> if should_not_export_to_region() then
>> reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
>> net;
>>
>> if should_not_export_to_customers() then
>> reject "NO_EXPORT community in place for customers - NOT ANNOUNCING
>> ", net;
>>
>> if prefix_is_in_global_blacklist() then
>> reject "prefix is in global blacklist - REJECTING ", net;
>>
>> if was_learned_from_peer() then accept;
>> if was_learned_from_private_peer() then accept;
>> if was_learned_from_upstream() then accept;
>> if was_learned_from_customer() then accept;
>>
>> reject;
>> }
>>
>> function core_import() {
>> if prefix_is_bogon() then reject;
>>
>> if prefix_is_in_global_blacklist() then
>> reject "prefix is in global blacklist - REJECTING ", net;
>>
>> honor_graceful_shutdown();
>> accept;
>> }
>>
>> function core_export() {
>> if prefix_is_bogon() then reject;
>>
>> if prefix_is_in_global_blacklist() then
>> reject "prefix is in global blacklist - REJECTING ", net;
>>
>> if is_own_prefix() then accept;
>> if is_own_internal_prefix() then accept;
>> if was_learned_from_peer() then accept;
>> if was_learned_from_private_peer() then accept;
>> if was_learned_from_upstream() then accept;
>> if was_learned_from_customer() then accept;
>>
>> reject;
>> }
>> ------------------------------------------------------------------------
>> --
>> This email has been checked for viruses by Avast antivirus software.
>> https://www.avast.com/antivirus
>>
>>
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
> ------------------------------------------------------------------------
> Avast logo
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>
>
> This email has been checked for viruses by Avast antivirus software.
> www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>
>
>
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
More information about the Bird-users
mailing list