Question: ROA verification does not work properly on bird 2.0.11
Hello dear community members, I am configuring RPKI verification for my network, but I have encountered a strange syntax error problem. My configuration is as follows: roa4 table roa_table4; roa6 table roa_table6; protocol rpki Cloudflare_RPKI { roa4 { table roa_table4; }; roa6 { table roa_table6; }; remote "172.65.0.2" port 8282; retry keep 90; refresh keep 900; expire keep 172800; } function is_rpki_invalid () { } if roa_check(roa_table4, net, bgp_path.last) = ROA_INVALID then return true if roa_check(roa_table6, net, bgp_path.last) = ROA_INVALID then return true; return false; } bird will return the following error: /etc/bird/function.conf:59:22 Syntax error, unexpected CF_SYM_UNDEFINED, expecting CF_SYM_KNOWN This error is also returned by the example configuration provided in the documentation. PS: RPKI session placed in bird.conf PS: Function placed in function.conf Regards, Haima MoeBee Network
Oh, I found that the translation tool seems to delete the semicolon in the function configuration, but it actually exists. ________________________________ 寄件者: haima 寄件日期: 2023年1月23日 22:44 收件者: bird-users@network.cz <bird-users@network.cz> 主旨: Question: ROA verification does not work properly on bird 2.0.11 Hello dear community members, I am configuring RPKI verification for my network, but I have encountered a strange syntax error problem. My configuration is as follows: roa4 table roa_table4; roa6 table roa_table6; protocol rpki Cloudflare_RPKI { roa4 { table roa_table4; }; roa6 { table roa_table6; }; remote "172.65.0.2" port 8282; retry keep 90; refresh keep 900; expire keep 172800; } function is_rpki_invalid () { } if roa_check(roa_table4, net, bgp_path.last) = ROA_INVALID then return true if roa_check(roa_table6, net, bgp_path.last) = ROA_INVALID then return true; return false; } bird will return the following error: /etc/bird/function.conf:59:22 Syntax error, unexpected CF_SYM_UNDEFINED, expecting CF_SYM_KNOWN This error is also returned by the example configuration provided in the documentation. PS: RPKI session placed in bird.conf PS: Function placed in function.conf Regards, Haima MoeBee Network
On Mon, 23 Jan 2023, haima via Bird-users wrote:
function is_rpki_invalid () { } if roa_check(roa_table4, net, bgp_path.last) = ROA_INVALID then return true if roa_check(roa_table6, net, bgp_path.last) = ROA_INVALID then return true; return false; }
I might be totally wrong here, but last time I tried this approach, I finally had to use something like this: if (net.type = NET_IP4 && roa_check(roa_table4, net, bgp_path.last) = ROA_INVALID) then { … } if (net.type = NET_IP6 && roa_check(roa_table6, net, bgp_path.last) = ROA_INVALID) then { … } Regards, Robert
Hi Robert, Thanks for your reply, I used this write method, but it still returns this error I modified it to look like this: function is_rpki_invalid() { if (net.type = NET_IP4 && roa_check(roa_table4, net, bgp_path.last) = ROA_INVALID) then return true; else if (net.type = NET_IP6 && roa_check(roa_table6, net, bgp_path.last) = ROA_INVALID) then return true; return false; } Thank you for your help Haima MoeBee Network 寄件者: Bird-users <bird-users-bounces@network.cz> 代表 Robert Scheck <bird@robert-scheck.de> 寄件日期: 2023年1月24日 0:03 收件者: haima via Bird-users <bird-users@network.cz> 主旨: Re: 回覆: Question: ROA verification does not work properly on bird 2.0.11 On Mon, 23 Jan 2023, haima via Bird-users wrote:
function is_rpki_invalid () { } if roa_check(roa_table4, net, bgp_path.last) = ROA_INVALID then return true if roa_check(roa_table6, net, bgp_path.last) = ROA_INVALID then return true; return false; }
I might be totally wrong here, but last time I tried this approach, I finally had to use something like this: if (net.type = NET_IP4 && roa_check(roa_table4, net, bgp_path.last) = ROA_INVALID) then { … } if (net.type = NET_IP6 && roa_check(roa_table6, net, bgp_path.last) = ROA_INVALID) then { … } Regards, Robert
Hello!
bird will return the following error: /etc/bird/function.conf:59:22 Syntax error, unexpected CF_SYM_UNDEFINED, expecting CF_SYM_KNOWN
The numbers 59:22 are actually the line:char index in that file. Could you please disclose what is in /etc/bird/function.conf around line 59 to let us help you find out what's the case? Thanks Maria
participants (3)
-
haima -
Maria Matejka -
Robert Scheck