<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>aspa_check() should return ASPA_INVALID when there is an AS-SET
in the AS path.</p>
<p>I dont think bird current does this. I haven't looked recently.</p>
<p><a class="moz-txt-link-freetext" href="https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/">https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/</a></p>
<pre>6.2. Algorithm for Upstream Paths
3. If the AS_PATH has an AS_SET, then the procedure halts with the
outcome "Invalid".
6.3. Algorithm for Downstream Paths
3. If the AS_PATH has an AS_SET, then the procedure halts with the
outcome "Invalid".
Thank you!</pre>
<pre class="moz-signature" cols="72">Ralph Covelli
Network Engineer
Hurricane Electric / AS6939</pre>
<div class="moz-cite-prefix">On 9/2/2025 3:47 PM, Alarig Le Lay via
Bird-users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:aLdJ7bPlZYmMlWfx@irc-clt.no.swordarmor.fr">
<pre wrap="" class="moz-quote-pre">Hello,
On Tue 02 Sep 2025 16:44:46 GMT, Ondrej Zajicek wrote:
</pre>
<blockquote type="cite">
<pre wrap="" class="moz-quote-pre">On Sun, Aug 31, 2025 at 06:04:12PM +0200, Alarig Le Lay via Bird-users wrote:
</pre>
<blockquote type="cite">
<pre wrap="" class="moz-quote-pre">Hello,
We (Evann and I) found a bug related to as_path_getlen() when used by
aspa_check(). When a route contains an AS_SET segment type, the length
returned by as_path_getlen() is incorrect. The function assumes that the
length of an AS_PATH_SET is a single AS (1), while in reality an
AS_PATH_SET is an unordered set of ASN (as described here
<a class="moz-txt-link-freetext" href="https://www.rfc-editor.org/rfc/rfc4271#section-9.2.2.1">https://www.rfc-editor.org/rfc/rfc4271#section-9.2.2.1</a>).
</pre>
</blockquote>
<pre wrap="" class="moz-quote-pre">
Hello
Thanks, merged the second patch:
<a class="moz-txt-link-freetext" href="https://gitlab.nic.cz/labs/bird/-/commit/93012b3ac81bc8e2a0a9b7e48b552c269b0523d9">https://gitlab.nic.cz/labs/bird/-/commit/93012b3ac81bc8e2a0a9b7e48b552c269b0523d9</a>
(I modified comments and expanded as_path_contains_set() to match also
AS_CONFED_SET, which is irrelevant to this case, but it is fitting.)
</pre>
</blockquote>
<pre wrap="" class="moz-quote-pre">
Thanks a lot!
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="" class="moz-quote-pre">Originally, the segfault was handled by returning ASPA_INVALID on AS_PATH
that contained an AS_SET, but we discovered that this was not the real
problem, but rather a bad allocation due to an incorrect calculation of
the AS path length. We mitigated this issue with our first patch.
</pre>
</blockquote>
<pre wrap="" class="moz-quote-pre">
The real problem was using as_path_getlen() to estimate the size of a
buffer in general. The primary purpose of as_path_getlen() is to compute
AS_PATH length for the best route comparison, and here the AS_SET segment
should be considered of length 1:
<a class="moz-txt-link-freetext" href="https://www.rfc-editor.org/rfc/rfc4271#section-9.1.2.2">https://www.rfc-editor.org/rfc/rfc4271#section-9.1.2.2</a>
a) Remove from consideration all routes that are not tied for
having the smallest number of AS numbers present in their
AS_PATH attributes. Note that when counting this number, an
AS_SET counts as 1, no matter how many ASes are in the set.
Therefore, the first patch would break the best path selection.
</pre>
</blockquote>
<pre wrap="" class="moz-quote-pre">
Oh yes I totally forgot about that, sorry. The issue we had we’ll be
fixed with the first patch anyway, so I’m fine with that :)
</pre>
</blockquote>
</body>
</html>