Re: Filters giving odd errors

13 Aug 2020


      I'm unable to reproduce the reported behavior. Could you please try to 
reduce your config to a minimum config that would reproduce this 
behavior? What version are you using?

Thanks,
Maria

On 8/13/20 5:46 PM, Skyler Mäntysaari wrote:
...
Line 360 is the prefix_is_bogon if statement.
The bogon lists can be seen from: 
https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.exam...
-----------------------------------------------------------
   if prefix_is_bogon() then
     reject "prefix is bogon - REJECTING ", net;
-----------------------------------------------------------
function prefix_is_bogon() {
   if net.type = NET_IP4 then
     if net ~ BOGONS_4 then return true;
   if net.type = NET_IP6 then
     if net ~ BOGONS_6 then return true;
   return false;
}
-----------------------------------------------------------
P.S Please do not reply to me directly, but to the list.
On 13/08/2020 18.41, Maria Matějka wrote:
...
Hello!
The error message tells you that you are passing something strange to 
the condition on line 360. What do you have on line 360?
Maria
On August 13, 2020 4:46:12 PM GMT+02:00, "Skyler Mäntysaari" 
<sm@samip.fi> wrote:
Hi there,
I'm using the template from
    https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.exam...  
    for my filters, and I'm getting argument related errors in logs.
What's the issue with those filters?
P.S I need to find a guide on how to do bird2 and RPKI as well.
Logs:
    ------------------------------------------------------------------------
    2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
    FI_CONDITION must be of type T_BOOL, got 0x00
    2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
    FI_CONDITION must be of type T_BOOL, got 0x00
    2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
    FI_CONDITION must be of type T_BOOL, got 0x00
    2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
    FI_CONDITION must be of type T_BOOL, got 0x00
    2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of instruction
    FI_CONDITION must be of type T_BOOL, got 0x00
    2020-08-13 17:37:47 <ERR> ...
    ------------------------------------------------------------------------
    Bird config, the filter functions:
    ------------------------------------------------------------------------
    # --- Filters (technically functions) ---
    function default_import() {
        if bgp_path.len > 32 then
          reject "AS_PATH len [", bgp_path.len ,"] longer than 32 - REJECTING
    ", net;
  if prefix_is_in_global_blacklist() then
          reject "prefix is in global blacklist - REJECTING ", net;
  if is_own_prefix() then
          reject "prefix is our own - REJECTING ", net;
  if is_own_internal_prefix() then {
          if !prefix_is_in_global_whitelist() then
            reject "prefix is our own and internal - REJECTING ", net;
        }
  if prefix_is_bogon() then
          reject "prefix is bogon - REJECTING ", net;
  if net.type = NET_IP4 then
          if !is_prefix_length_valid(8, 24) then
            reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
  if net.type = NET_IP6 then
          if !is_prefix_length_valid(12, 56) then
            reject "prefix len [", net.len, "] not in 12-56 - REJECTING ", net;
  #perform_rpki_validation();
  if route_is_rpki_invalid() then
          reject "RPKI, route is INVALID - REJECTING ", net;
  add_region_community();
        add_site_community();
        honor_graceful_shutdown();
  accept;
    }
function peer_import() {
        scrub_communities_in();
        add_peer_community();
        default_import();
    }
function peer_export() {
        strip_private_asns();
        add_global_prepends();
  if is_own_prefix() then accept;
  if route_is_rpki_invalid() then
          reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
  if is_own_internal_prefix() then {
          if !prefix_is_in_global_whitelist() then
            reject "prefix is our own and internal - NOT ANNOUNCING ", net;
        }
  if net.type = NET_IP4 then
          if !is_prefix_length_valid(8, 24) then
            reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
  if net.type = NET_IP6 then
          if !is_prefix_length_valid(12, 48) then
            reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
  if prefix_is_bogon() then
          reject "prefix is bogon - NOT ANNOUNCING ", net;
  if as_path_contains_invalid_asn() then
          reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
    ", net;
  if should_not_export_to_site() then
          reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
  if should_not_export_to_region() then
          reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
    net;
  if should_not_export_to_peers() then
          reject "NO_EXPORT community in place for peers - NOT ANNOUNCING ", net;
  if prefix_is_in_global_blacklist() then
          reject "prefix is in global blacklist - REJECTING ", net;
  if was_learned_from_customer() then accept;
  reject;
    }
function upstream_import() {
        scrub_communities_in();
        add_upstream_community();
        default_import();
    }
function upstream_export() {
        strip_private_asns();
        add_global_prepends();
  if is_own_prefix() then accept;
  if route_is_rpki_invalid() then
          reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
  if is_own_internal_prefix() then {
          if !prefix_is_in_global_whitelist() then
            reject "prefix is our own and internal - NOT ANNOUNCING ", net;
        }
  if net.type = NET_IP4 then
          if !is_prefix_length_valid(8, 24) then
            reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
  if net.type = NET_IP6 then
          if !is_prefix_length_valid(12, 48) then
            reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
  if prefix_is_bogon() then
          reject "prefix is bogon - NOT ANNOUNCING ", net;
  if as_path_contains_invalid_asn() then
          reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
    ", net;
  if should_not_export_to_site() then
          reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
  if should_not_export_to_region() then
          reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
    net;
  if should_not_export_to_upstreams() then
          reject "NO_EXPORT community in place for upstreams - NOT ANNOUNCING
    ", net;
  if prefix_is_in_global_blacklist() then
          reject "prefix is in global blacklist - REJECTING ", net;
  if was_learned_from_customer() then accept;
  reject;
    }
function customer_import() {
        scrub_communities_in();
        add_customer_community();
        default_import();
    }
function customer_export() {
        strip_private_asns();
        add_global_prepends();
  if is_own_prefix() then accept;
  if route_is_rpki_invalid() then
          reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
  if is_own_internal_prefix() then {
          if !prefix_is_in_global_whitelist() then
            reject "prefix is our own and internal - NOT ANNOUNCING ", net;
        }
  if net.type = NET_IP4 then
          if !is_prefix_length_valid(8, 24) then
            reject "prefix len [", net.len, "] not in 8-24 - REJECTING ", net;
  if net.type = NET_IP6 then
          if !is_prefix_length_valid(12, 48) then
            reject "prefix len [", net.len, "] not in 12-48 - REJECTING ", net;
  if prefix_is_bogon() then
          reject "prefix is bogon - NOT ANNOUNCING ", net;
  if as_path_contains_invalid_asn() then
          reject "AS_PATH [", bgp_path ,"] contains invalid ASN - REJECTING
    ", net;
  if should_not_export_to_site() then
          reject "NO_EXPORT community in place for site - NOT ANNOUNCING ", net;
  if should_not_export_to_region() then
          reject "NO_EXPORT community in place for region - NOT ANNOUNCING ",
    net;
  if should_not_export_to_customers() then
          reject "NO_EXPORT community in place for customers - NOT ANNOUNCING
    ", net;
  if prefix_is_in_global_blacklist() then
          reject "prefix is in global blacklist - REJECTING ", net;
  if was_learned_from_peer() then accept;
        if was_learned_from_private_peer() then accept;
        if was_learned_from_upstream() then accept;
        if was_learned_from_customer() then accept;
  reject;
    }
function core_import() {
        if prefix_is_bogon() then reject;
  if prefix_is_in_global_blacklist() then
          reject "prefix is in global blacklist - REJECTING ", net;
  honor_graceful_shutdown();
        accept;
    }
function core_export() {
        if prefix_is_bogon() then reject;
  if prefix_is_in_global_blacklist() then
          reject "prefix is in global blacklist - REJECTING ", net;
  if is_own_prefix() then accept;
        if is_own_internal_prefix() then accept;
        if was_learned_from_peer() then accept;
        if was_learned_from_private_peer() then accept;
        if was_learned_from_upstream() then accept;
        if was_learned_from_customer() then accept;
  reject;
    }
    ------------------------------------------------------------------------
    -- 
    This email has been checked for viruses by Avast antivirus software.
    https://www.avast.com/antivirus
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
------------------------------------------------------------------------
Avast logo 
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
This email has been checked for viruses by Avast antivirus software.
www.avast.com 
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

Re: Filters giving odd errors

Maria Matejka