Filters giving odd errors
Skyler Mäntysaari
sm at samip.fi
Fri Aug 14 21:39:27 CEST 2020
I'm using version 2.0.7, running on Ubuntu 20.04.
Do you mean minimal config regarding the filters or the whole thing?
On Fri, Aug 14, 2020, at 02:15, Maria Matejka wrote:
> I'm unable to reproduce the reported behavior. Could you please try to
> reduce your config to a minimum config that would reproduce this
> behavior? What version are you using?
>
> Thanks,
> Maria
>
> On 8/13/20 5:46 PM, Skyler Mäntysaari wrote:
> > Line 360 is the prefix_is_bogon if statement.
> >
> > The bogon lists can be seen from:
> > https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf#L36-L84
> >
> > -----------------------------------------------------------
> > if prefix_is_bogon() then
> > reject "prefix is bogon - REJECTING ", net;
> > -----------------------------------------------------------
> > function prefix_is_bogon() {
> > if net.type = NET_IP4 then
> > if net ~ BOGONS_4 then return true;
> > if net.type = NET_IP6 then
> > if net ~ BOGONS_6 then return true;
> > return false;
> > }
> > -----------------------------------------------------------
> >
> > P.S Please do not reply to me directly, but to the list.
> >
> > On 13/08/2020 18.41, Maria Matějka wrote:
> >> Hello!
> >> The error message tells you that you are passing something strange to
> >> the condition on line 360. What do you have on line 360?
> >> Maria
> >>
> >> On August 13, 2020 4:46:12 PM GMT+02:00, "Skyler Mäntysaari"
> >> <sm at samip.fi> wrote:
> >>
> >> Hi there,
> >>
> >> I'm using the template from
> >> https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.example/bird.conf
> >> for my filters, and I'm getting argument related errors in logs.
> >>
> >> What's the issue with those filters?
> >>
> >> P.S I need to find a guide on how to do bird2 and RPKI as well.
> >>
> >> Logs:
> >> ------------------------------------------------------------------------
> >> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
> >> FI_CONDITION must be of type T_BOOL, got 0x00
> >> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
> >> FI_CONDITION must be of type T_BOOL, got 0x00
> >> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
> >> FI_CONDITION must be of type T_BOOL, got 0x00
> >> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
> >> FI_CONDITION must be of type T_BOOL, got 0x00
> >> 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
> >> FI_CONDITION must be of type T_BOOL, got 0x00
> >> 2020-08-13 17:37:47 <ERR> ...
> >> ------------------------------------------------------------------------
> >> Bird config, the filter functions:
> >> ------------------------------------------------------------------------
> >> # --- Filters (technically functions) ---
> >> function default_import() {
> >> if bgp_path.len > 32 then
> >> reject "AS_PATH len [", bgp_path.len ,"] longer than 32 - REJECTING
> >> ", net;
> >>
> >> if prefix_is_in_global_blacklist() then
> >> reject "prefix is in global blacklist - REJECTING ", net;
> >>
> >> if is_own_prefix() then
> >> reject "prefix is our own - REJECTING ", net;
> >>
> >> if is_own_internal_prefix() then {
> >> if !prefix_is_in_global_whitelist() then
> >> reject "prefix is our own and internal - REJECTING ", net;
> >> }
> >>
> >> if prefix_is_bogon() then
> >> reject "prefix is bogon - REJECTING ", net;
> >>
> >> if net.type = NET_IP4 then
> >> if !is_prefix_length_valid(8, 24) then
> >> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
> >>
> >> if net.type = NET_IP6 then
> >> if !is_prefix_length_valid(12, 56) then
> >> reject "prefix len [", net.len, "] not in 12-56 - REJECTING ", net;
> >>
> >> #perform_rpki_validation();
> >>
> >> if route_is_rpki_invalid() then
> >> reject "RPKI, route is INVALID - REJECTING ", net;
> >>
> >> add_region_community();
> >> add_site_community();
> >> honor_graceful_shutdown();
> >>
> >> accept;
> >> }
> >>
> >> function peer_import() {
> >> scrub_communities_in();
> >> add_peer_community();
> >> default_import();
> >> }
> >>
> >> function peer_export() {
> >> strip_private_asns();
> >> add_global_prepends();
> >>
> >> if is_own_prefix() then accept;
> >>
> >> if route_is_rpki_invalid() then
> >> reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
> >>
> >> if is_own_internal_prefix() then {
> >> if !prefix_is_in_global_whitelist() then
> >> reject "prefix is our own and internal - NOT ANNOUNCING ", net;
> >> }
> >>
> >> if net.type = NET_IP4 then
> >> if !is_prefix_length_valid(8, 24) then
> >> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
> >>
> >> if net.type = NET_IP6 then
> >> if !is_prefix_length_valid(12, 48) then
> >> reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
> >>
> >> if prefix_is_bogon() then
> >> reject "prefix is bogon - NOT ANNOUNCING ", net;
> >>
> >> if as_path_contains_invalid_asn() then
> >> reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
> >> ", net;
> >>
> >> if should_not_export_to_site() then
> >> reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
> >>
> >> if should_not_export_to_region() then
> >> reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
> >> net;
> >>
> >> if should_not_export_to_peers() then
> >> reject "NO_EXPORT community in place for peers - NOT ANNOUNCING ", net;
> >>
> >> if prefix_is_in_global_blacklist() then
> >> reject "prefix is in global blacklist - REJECTING ", net;
> >>
> >> if was_learned_from_customer() then accept;
> >>
> >> reject;
> >> }
> >>
> >> function upstream_import() {
> >> scrub_communities_in();
> >> add_upstream_community();
> >> default_import();
> >> }
> >>
> >> function upstream_export() {
> >> strip_private_asns();
> >> add_global_prepends();
> >>
> >> if is_own_prefix() then accept;
> >>
> >> if route_is_rpki_invalid() then
> >> reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
> >>
> >> if is_own_internal_prefix() then {
> >> if !prefix_is_in_global_whitelist() then
> >> reject "prefix is our own and internal - NOT ANNOUNCING ", net;
> >> }
> >>
> >> if net.type = NET_IP4 then
> >> if !is_prefix_length_valid(8, 24) then
> >> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
> >>
> >> if net.type = NET_IP6 then
> >> if !is_prefix_length_valid(12, 48) then
> >> reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
> >>
> >> if prefix_is_bogon() then
> >> reject "prefix is bogon - NOT ANNOUNCING ", net;
> >>
> >> if as_path_contains_invalid_asn() then
> >> reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
> >> ", net;
> >>
> >> if should_not_export_to_site() then
> >> reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
> >>
> >> if should_not_export_to_region() then
> >> reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
> >> net;
> >>
> >> if should_not_export_to_upstreams() then
> >> reject "NO_EXPORT community in place for upstreams - NOT ANNOUNCING
> >> ", net;
> >>
> >> if prefix_is_in_global_blacklist() then
> >> reject "prefix is in global blacklist - REJECTING ", net;
> >>
> >> if was_learned_from_customer() then accept;
> >>
> >> reject;
> >> }
> >>
> >> function customer_import() {
> >> scrub_communities_in();
> >> add_customer_community();
> >> default_import();
> >> }
> >>
> >> function customer_export() {
> >> strip_private_asns();
> >> add_global_prepends();
> >>
> >> if is_own_prefix() then accept;
> >>
> >> if route_is_rpki_invalid() then
> >> reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
> >>
> >> if is_own_internal_prefix() then {
> >> if !prefix_is_in_global_whitelist() then
> >> reject "prefix is our own and internal - NOT ANNOUNCING ", net;
> >> }
> >>
> >> if net.type = NET_IP4 then
> >> if !is_prefix_length_valid(8, 24) then
> >> reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
> >>
> >> if net.type = NET_IP6 then
> >> if !is_prefix_length_valid(12, 48) then
> >> reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
> >>
> >> if prefix_is_bogon() then
> >> reject "prefix is bogon - NOT ANNOUNCING ", net;
> >>
> >> if as_path_contains_invalid_asn() then
> >> reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
> >> ", net;
> >>
> >> if should_not_export_to_site() then
> >> reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
> >>
> >> if should_not_export_to_region() then
> >> reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
> >> net;
> >>
> >> if should_not_export_to_customers() then
> >> reject "NO_EXPORT community in place for customers - NOT ANNOUNCING
> >> ", net;
> >>
> >> if prefix_is_in_global_blacklist() then
> >> reject "prefix is in global blacklist - REJECTING ", net;
> >>
> >> if was_learned_from_peer() then accept;
> >> if was_learned_from_private_peer() then accept;
> >> if was_learned_from_upstream() then accept;
> >> if was_learned_from_customer() then accept;
> >>
> >> reject;
> >> }
> >>
> >> function core_import() {
> >> if prefix_is_bogon() then reject;
> >>
> >> if prefix_is_in_global_blacklist() then
> >> reject "prefix is in global blacklist - REJECTING ", net;
> >>
> >> honor_graceful_shutdown();
> >> accept;
> >> }
> >>
> >> function core_export() {
> >> if prefix_is_bogon() then reject;
> >>
> >> if prefix_is_in_global_blacklist() then
> >> reject "prefix is in global blacklist - REJECTING ", net;
> >>
> >> if is_own_prefix() then accept;
> >> if is_own_internal_prefix() then accept;
> >> if was_learned_from_peer() then accept;
> >> if was_learned_from_private_peer() then accept;
> >> if was_learned_from_upstream() then accept;
> >> if was_learned_from_customer() then accept;
> >>
> >> reject;
> >> }
> >> ------------------------------------------------------------------------
> >> --
> >> This email has been checked for viruses by Avast antivirus software.
> >> https://www.avast.com/antivirus
> >>
> >>
> >> --
> >> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> >
> >
> > ------------------------------------------------------------------------
> > Avast logo
> > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
> >
> >
> > This email has been checked for viruses by Avast antivirus software.
> > www.avast.com
> > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
> >
> >
> >
> > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20200814/11b1813a/attachment.htm>
More information about the Bird-users
mailing list