Hello, We have been using BIRD 1.6.3 on Ubuntu 16.04 as Route Server for a long time. Recently we decided to implement a ROA check filtration but we're experiencing the daemon is crashing whenever removing roa table from the file config even when the roa table is not applied anywhere. In simple words: The ROA table is only defined in the config. Here is а specific example: root@rs2-lab:/usr/local/bird-new/etc# cat roa.conf roa table r65501 { roa 1.2.3.0/24 max 32 as 65501; } ################################# *Here is our simple bird config:* root@rs2-lab:/usr/local/bird-new/etc# cat bird.conf log "/var/log/bird.log" all; log syslog all; debug protocols { events }; router id 10.10.10.100; define myas = 12345; protocol device {} include "roa.conf"; ################################# So when I remove/comment "roa.conf" from the config - bird process is crashing /root@rs2-lab:/usr/local/bird-new/etc# birdc c// //BIRD 1.6.3 ready.// //Connection closed by server/ *Here is dmesg with the crash info:* /[62285.414645] bird[11272]: segfault at 0 ip 000000000040ace7 sp 00007ffd5040e950 error 4 in bird[400000+74000]// //[62508.998315] bird[11487]: segfault at 0 ip 000000000040ace7 sp 00007ffe148741c0 error 4 in bird[400000+74000]// //[62599.558242] bird[11570]: segfault at 0 ip 000000000040ace7 sp 00007ffdfa129070 error 4 in bird[400000+74000]// //[62649.377296] bird[11575]: segfault at 0 ip 000000000040ace7 sp 00007ffd5d8da0a0 error 4 in bird[400000+74000]// //[63895.137084] bird[11730]: segfault at 0 ip 000000000040ace7 sp 00007ffdd4f08f00 error 4 in bird[400000+74000]// //[63927.053383] bird[11738]: segfault at 0 ip 000000000040ace7 sp 00007ffe9c5c8110 error 4 in bird[400000+74000]// //[66260.552622] bird[13629]: segfault at 0 ip 000000000040ace7 sp 00007ffc58de2ad0 error 4 in bird[400000+74000]// //[69835.274826] bird[14098]: segfault at 0 ip 000000000040ace7 sp 00007ffe306bc640 error 4 in bird[400000+74000]// //[70481.342658] bird[14218]: segfault at 0 ip 000000000040ace7 sp 00007ffd556c04c0 error 4 in bird[400000+74000]// //[70587.636343] bird[14234]: segfault at 0 ip 000000000040ace7 sp 00007ffdbc90e4d0 error 4 in bird[400000+74000]/ Could someone BIRD developer can help on this issue? Thanks in advance! Best~ -- --- Javor Kliachev Senior Engineer IP Services office:+359 2 974 33 11 mobile:+359 885 98 84 95 www.neterra.net <http://www.neterra.net> <https://bg.linkedin.com/pub/javor-kliachev/11/b46/843>
On Wed, Mar 21, 2018 at 12:45:54PM +0200, Javor Kliachev wrote:
Hello,
We have been using BIRD 1.6.3 on Ubuntu 16.04 as Route Server for a long time.
Recently we decided to implement a ROA check filtration but we're experiencing the daemon is crashing whenever removing roa table from the file config even when the roa table is not applied anywhere.
Hello Is the issue fixed by this patch: https://gitlab.labs.nic.cz/labs/bird/commit/0ff86d054efa8005c5df943acf6d2122... ? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hi, Thank you very much for the fast response. The patch has completely fixed the issue! One more question about the ROA: Is it possible to use roa_check() into another function and first parameter of the roa_check to be some argument like peer_as for an example: roa table 65501 { roa 1.2.3.0/24 max 32 as 65501; } function BGP_IN(*int peer_as*) { if roa_check(*peer_as*, net, bgp_path.last) = ROA_INVALID then { print "ROA check failed for ", net, " from ASN ", bgp_path.last; return false; } if roa_check(*peer_as*, net, bgp_path.last) = ROA_UNKNOWN then { print "ROA check failed: unallowed prefix - ", net, " origin ASN ", bgp_path.last , " - AS-PATH", bgp_path , " via ", proto; return false; } return true; } When I put the above lines in the configuration and try to reconfigure I got the following error: /root@rs2-lab:/usr/local/bird-new/etc# birdc c// //BIRD 1.6.3 ready.// //Reading configuration from /usr/local/bird-new/etc/bird.conf// ///usr/local/bird-new/etc/roa.conf, line 8: peer_as is not a ROA table/ It makes me think that such implementation is not possible or may be I'm totally wrong or miss a bit something. Thank you once again! Best~ On 21.03.2018 15:40, Ondrej Zajicek wrote:
On Wed, Mar 21, 2018 at 12:45:54PM +0200, Javor Kliachev wrote:
Hello,
We have been using BIRD 1.6.3 on Ubuntu 16.04 as Route Server for a long time.
Recently we decided to implement a ROA check filtration but we're experiencing the daemon is crashing whenever removing roa table from the file config even when the roa table is not applied anywhere. Hello
Is the issue fixed by this patch:
https://gitlab.labs.nic.cz/labs/bird/commit/0ff86d054efa8005c5df943acf6d2122...
?
-- --- Javor Kliachev Senior Engineer IP Services office:+359 2 974 33 11 mobile:+359 885 98 84 95 www.neterra.net <http://www.neterra.net> <https://bg.linkedin.com/pub/javor-kliachev/11/b46/843>
On Wed, Mar 21, 2018 at 04:29:13PM +0200, Javor Kliachev wrote:
Hi,
Thank you very much for the fast response.
The patch has completely fixed the issue!
One more question about the ROA:
Is it possible to use roa_check() into another function and first parameter of the roa_check to be some argument like peer_as for an example:
roa table 65501 { roa 1.2.3.0/24 max 32 as 65501; }
function BGP_IN(*int peer_as*) {
if roa_check(*peer_as*, net, bgp_path.last) = ROA_INVALID then { print "ROA check failed for ", net, " from ASN ", bgp_path.last; return false; }
if roa_check(*peer_as*, net, bgp_path.last) = ROA_UNKNOWN then { print "ROA check failed: unallowed prefix - ", net, " origin ASN ", bgp_path.last , " - AS-PATH", bgp_path , " via ", proto; return false; } return true; }
When I put the above lines in the configuration and try to reconfigure I got the following error:
No, you hae to use switch based on peer_as. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Javor Kliachev -
Ondrej Zajicek