When running IPv6 daemon, I have a BGP peer: protocol bgp bogon_1 from BH_SERVER { import where net.len < 33; import filter BLACKHOLE_IN; import limit 100000 action warn; } The filter is simply an “accept;”. The problem I’m seeing however is that I’m getting prefixes imported that are longer than 32. In fact, it looks like “import where” is completely ignored in IPv6 (at least for net.len?). If I put “import where net.len = 0” I still see all the longer prefixes getting imported. If I go into the filter and add a “if net.len < 33 then reject;” then I see it work. Is this the expected behavior, a bug or am I missing something? -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://inoc.net/~rblayzor/
On Mon, Oct 09, 2017 at 02:32:44PM -0400, Robert Blayzor wrote:
When running IPv6 daemon, I have a BGP peer:
protocol bgp bogon_1 from BH_SERVER { import where net.len < 33; import filter BLACKHOLE_IN; import limit 100000 action warn; }
The filter is simply an “accept;”. The problem I’m seeing however is that I’m getting prefixes imported that are longer than 32. In fact, it looks like “import where” is completely ignored in IPv6 (at least for net.len?). If I put “import where net.len = 0” I still see all the longer prefixes getting imported.
If I go into the filter and add a “if net.len < 33 then reject;” then I see it work.
Is this the expected behavior, a bug or am I missing something?
Hi It is not two separate options 'import where' and 'import filter', but one option 'import', so setting it second time (to 'filter BLACKHOLE_IN') silently overwrites the previous value ('where net.len < 33'). -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Ondrej Zajicek -
Robert Blayzor