How to filter VPN4 address using route-map
Ondrej Zajicek
santiago at crfreenet.org
Mon Feb 24 13:48:50 CET 2025
On Mon, Feb 24, 2025 at 11:31:41AM +0100, Jana Babovakova via Bird-users wrote:
> Hi Ramanathan.
>
> We do not currently support such prefix set (your route map) filtering. But
> you can use the following approach instead:
>
> if net.rd = 1:100 && net ~ [ 60.0.0.0/24 ] then ...
Hi
I must say i am surprised that net ~ [...] works, but seems like it does.
We have operators to access separate elementary parts of VPN addresses:
bird> eval (1:100 60.0.0.0/24).rd
1:100
bird> eval (1:100 60.0.0.0/24).ip
60.0.0.0
bird> eval (1:100 60.0.0.0/24).len
24
But nothing to access the prefix part as a whole.
We generally distinguish nets of different types, but in ~ operator
against a prefix set there is an implicit conversion from complex net
to just a prefix, so we get these counterintuitive results:
bird> eval (1:100 60.0.0.0/24) = 60.0.0.0/24
FALSE
bird> eval (1:100 60.0.0.0/24) ~ [ 60.0.0.0/24 ]
TRUE
I think it is undocumented and untested behavior (at least i do not see
it tested in filter/test.conf). We could add an appropriate test
into filter/test.conf . And we could add some explicit accessor.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list