ifname in filters

Alexander Velkov alvel85 at googlemail.com
Mon Jul 4 15:49:06 CEST 2016


Hello,

I would like to configure RIP with different ACLs set on different RIP
interfaces. For this purpose I thought I could use the '*ifname*' route
attribute in bird filters. The problem I am facing is that when I use it,
no RIP routes are announced at all, so maybe I am using a wrong syntax.

If I don't use the *ifname = "eth0" *I see the following sent from the
bird's RIP instance (10.0.4.1 is configured on eth1 and 172.16.0.4 on
eth0). I would like the 10.2.4.1/32 route to be announced through eth0
only. I have also tried to use the *ifname ~ "eth0" *syntax with no luck.




*tcpdump:*
# tcpdump -i any -vvnn port 520
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size
65535 bytes
13:02:58.664760 IP (tos 0xc0, ttl 1, id 27713, offset 0, flags [none],
proto UDP (17), length 52)
    *10.0.4.1.520* > 224.0.0.9.520: [udp sum ok]
        RIPv2, Response, length: 24, routes: 1 or less
          AFI IPv4,        *10.2.4.1/32 <http://10.2.4.1/32>*, tag 0x0000,
metric: 1, next-hop: self
        0x0000:  0202 0000 0002 0000 0a02 0401 ffff ffff
        0x0010:  0000 0000 0000 0001
13:03:14.686163 IP (tos 0xc0, ttl 1, id 27714, offset 0, flags [none],
proto UDP (17), length 52)
    *172.16.0.4.520* > 224.0.0.9.520: [udp sum ok]
        RIPv2, Response, length: 24, routes: 1 or less
          AFI IPv4,        *10.2.4.1/32 <http://10.2.4.1/32>*, tag 0x0000,
metric: 1, next-hop: self
        0x0000:  0202 0000 0002 0000 0a02 0401 ffff ffff
        0x0010:  0000 0000 0000 0001

*bird config:*

protocol kernel {
#  persist;                # Don't remove routes on BIRD shutdown
  scan time 20;           # Scan kernel routing table every 20 seconds
  export all;             # Default is export none
  learn;
  device routes;
}

protocol device {
  scan time 10;           # Scan interfaces every 10 seconds
}

protocol direct {
  interface "*";
}

filter rip_export {
  # redistribute connected + RIP + ACL
  if ( ( source = RTS_DEVICE || source = RTS_RIP ) &&
       ( net ~ 10.2.4.0/24 && *ifname = "eth0"* ) ) then {
    print "net export accepted: ", net;
    accept;
  }

  reject;
}

protocol rip RIP {
  debug all;

  interface "eth0" {mode multicast; split horizon yes; poison reverse no; };
  interface "eth1" {mode multicast; split horizon yes; poison reverse no; };

  import all;
  export filter rip_export;
}

Any help would be appreciated, thank you.

Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20160704/e353ed23/attachment.html>


More information about the Bird-users mailing list