Thank You, i have just found new documentation: https://bird.nic.cz/doc/bird-3.1.1.html#rpki
Wiadomość napisana przez Robert Scheck <bird@robert-scheck.de> w dniu 3 cze 2025, o godz. 17:35:
Hello Łukasz,
On Tue, 03 Jun 2025, Łukasz Trąbiński wrote:
Could You send me example of rpki config for Bird 3.x.x? In 2.x.x, I’m use something like below, but it’s not working with 3.x.x
I'm using the following with rpki-client. I guess you need to remove the if() for force_roa_table_update when using a TCP connection instead of an include.
function reject_invalid_roa() { if (force_roa_table_update > 0) then { if (net.type = NET_IP4) then { case roa_check(ROAS4, net, bgp_path.last) { ROA_INVALID: print "Rejected invalid ROA IPv4 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")"; reject; ROA_VALID: print "Valid ROA IPv4 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")"; ROA_UNKNOWN: print "Unknown ROA IPv4 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")"; } }
if (net.type = NET_IP6) then { case roa_check(ROAS6, net, bgp_path.last) { ROA_INVALID: print "Rejected invalid ROA IPv6 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")"; reject; ROA_VALID: print "Valid ROA IPv6 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")"; ROA_UNKNOWN: print "Unknown ROA IPv6 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")"; } } } }
The main difference is that I reject inside the function without returning a boolean.
Regards, Robert