bird >=2.0.4 Stack underflow and most routes become filtered
Hi! .. /var/log/bird.log 2019-08-22 15:38:38.604 <ERR> filters, line 1023: Stack underflow 2019-08-22 18:02:27.157 <ERR> filters, line 511: Stack underflow 2019-08-22 18:02:30.616 <ERR> filters, line 0: Stack underflow.... ... function bgp_in(int peer_as; prefix set peer_nets) { if ! (avoid_martians()) then return false; if ! (net ~ peer_nets) then return false; if (bgp_path.first != peer_as ) then return false; # if (is_black()) then return true; # if net.len > 24 then return false; return true; } .. define DataClub_nets = [ 46.183.216.0/21{21,32} <http://46.183.216.0/21%7B21,32%7D>, 84.38.128.0/24{24,32} <http://84.38.128.0/24%7B24,32%7D>, 84.38.130.0/24{24,32} <http://84.38.130.0/24%7B24,32%7D>, 84.38.131.0/24{24,32} <http://84.38.131.0/24%7B24,32%7D>, 84.38.132.0/24{24,32} <http://84.38.132.0/24%7B24,32%7D>, 84.38.134.0/24{24,32} <http://84.38.134.0/24%7B24,32%7D>, 84.38.135.0/24{24,32} <http://84.38.135.0/24%7B24,32%7D>, 109.248.147.0/24{24,32} <http://109.248.147.0/24%7B24,32%7D>, 109.248.148.0/24{24,32} <http://109.248.148.0/24%7B24,32%7D>, 109.248.149.0/24{24,32} <http://109.248.149.0/24%7B24,32%7D>, 185.220.116.0/24{24,32} <http://185.220.116.0/24%7B24,32%7D>, 185.220.117.0/24{24,32} <http://185.220.117.0/24%7B24,32%7D>, 185.220.118.0/24{24,32} <http://185.220.118.0/24%7B24,32%7D>, 194.165.16.0/23{23,32} <http://194.165.16.0/23%7B23,32%7D> ]; .. protocol bgp DataClub from PEERS { description "DataClub/52048/as-dataclub"; neighbor 193.27.39.4 as 52048; ipv4 { import where bgp_in(52048, DataClub_nets); export where bgp_out(52048, 64004); }; } ... I redid the configuration something like ... ipv4 { import filter myfilter; .. ... then I issue test "show route filter myfilter" and get all nets. But in fact, all these routes were filtered. And, finally, only "accept" remained in the filter - this method unfiltered routes. Bug, feature? P.S.: Bird <= 2.0.3 is OK.
On Sat, Aug 24, 2019 at 01:22:10AM +0300, Дружок 1 wrote:
Hi! .. /var/log/bird.log 2019-08-22 15:38:38.604 <ERR> filters, line 1023: Stack underflow 2019-08-22 18:02:27.157 <ERR> filters, line 511: Stack underflow 2019-08-22 18:02:30.616 <ERR> filters, line 0: Stack underflow....
Re: bird >=2.0.4 Stack underflow and most routes become filtered
P.S.: Bird <= 2.0.3 is OK.
Hi Is it really >=2.0.4 and not >=2.0.5 ? AFAIK there is no 'Stack underflow' message in 2.0.4. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Will check it, thanks for your report. Maria On August 24, 2019 12:22:10 AM GMT+02:00, "Дружок 1" <arkhipax@gmail.com> wrote:
Hi! .. /var/log/bird.log 2019-08-22 15:38:38.604 <ERR> filters, line 1023: Stack underflow 2019-08-22 18:02:27.157 <ERR> filters, line 511: Stack underflow 2019-08-22 18:02:30.616 <ERR> filters, line 0: Stack underflow.... ... function bgp_in(int peer_as; prefix set peer_nets) { if ! (avoid_martians()) then return false; if ! (net ~ peer_nets) then return false; if (bgp_path.first != peer_as ) then return false; # if (is_black()) then return true; # if net.len > 24 then return false; return true; } .. define DataClub_nets = [ 46.183.216.0/21{21,32} <http://46.183.216.0/21%7B21,32%7D>, 84.38.128.0/24{24,32} <http://84.38.128.0/24%7B24,32%7D>, 84.38.130.0/24{24,32} <http://84.38.130.0/24%7B24,32%7D>, 84.38.131.0/24{24,32} <http://84.38.131.0/24%7B24,32%7D>, 84.38.132.0/24{24,32} <http://84.38.132.0/24%7B24,32%7D>, 84.38.134.0/24{24,32} <http://84.38.134.0/24%7B24,32%7D>, 84.38.135.0/24{24,32} <http://84.38.135.0/24%7B24,32%7D>, 109.248.147.0/24{24,32} <http://109.248.147.0/24%7B24,32%7D>, 109.248.148.0/24{24,32} <http://109.248.148.0/24%7B24,32%7D>, 109.248.149.0/24{24,32} <http://109.248.149.0/24%7B24,32%7D>, 185.220.116.0/24{24,32} <http://185.220.116.0/24%7B24,32%7D>, 185.220.117.0/24{24,32} <http://185.220.117.0/24%7B24,32%7D>, 185.220.118.0/24{24,32} <http://185.220.118.0/24%7B24,32%7D>, 194.165.16.0/23{23,32} <http://194.165.16.0/23%7B23,32%7D> ]; .. protocol bgp DataClub from PEERS { description "DataClub/52048/as-dataclub"; neighbor 193.27.39.4 as 52048; ipv4 { import where bgp_in(52048, DataClub_nets); export where bgp_out(52048, 64004); }; } ...
I redid the configuration something like ... ipv4 { import filter myfilter; .. ... then I issue test "show route filter myfilter" and get all nets. But in fact, all these routes were filtered. And, finally, only "accept" remained in the filter - this method unfiltered routes. Bug, feature? P.S.: Bird <= 2.0.3 is OK.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
On Sat, Aug 24, 2019 at 01:22:10AM +0300, Дружок 1 wrote:
Hi! .. /var/log/bird.log 2019-08-22 15:38:38.604 <ERR> filters, line 1023: Stack underflow 2019-08-22 18:02:27.157 <ERR> filters, line 511: Stack underflow 2019-08-22 18:02:30.616 <ERR> filters, line 0: Stack underflow....
then I issue test "show route filter myfilter" and get all nets. But in fact, all these routes were filtered. And, finally, only "accept" remained in the filter - this method unfiltered routes.
Hi Found the bug, it was in incorrect code for 'where' operator, here is the patch: https://gitlab.labs.nic.cz/labs/bird/commit/452e90ba72f57c44b44f9940ac951d2f... We plan to release a new version soon with this and other fixes. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On Tue, 10 Sep 2019, Ondrej Zajicek wrote:
We plan to release a new version soon with this and other fixes.
That sounds like it makes sense for a package maintainer like me to hold my breath for a 2.0.6 - which also addresses the CVE from yesterday or so? Or is soon meant more like "in a month"? Regards Robert
On Wed, Sep 11, 2019 at 05:28:21PM +0200, Robert Scheck wrote:
On Tue, 10 Sep 2019, Ondrej Zajicek wrote:
We plan to release a new version soon with this and other fixes.
That sounds like it makes sense for a package maintainer like me to hold my breath for a 2.0.6 - which also addresses the CVE from yesterday or so? Or is soon meant more like "in a month"?
Hi Yes, 2.0.6 will address this CVE. I hope it will be released during tomorrow, it is already prepared in git: https://gitlab.labs.nic.cz/labs/bird/commit/5235c3f78da15826b0654ba68dc7a897... -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Awesome, thanks! I thought that this would remain only my own problem. You managed to figure out a bug without any help from me. I will try path and write you with results. Spasibo! On Tue, Sep 10, 2019 at 2:57 PM Ondrej Zajicek <santiago@crfreenet.org> wrote:
On Sat, Aug 24, 2019 at 01:22:10AM +0300, Дружок 1 wrote:
Hi! .. /var/log/bird.log 2019-08-22 15:38:38.604 <ERR> filters, line 1023: Stack underflow 2019-08-22 18:02:27.157 <ERR> filters, line 511: Stack underflow 2019-08-22 18:02:30.616 <ERR> filters, line 0: Stack underflow....
then I issue test "show route filter myfilter" and get all nets. But in fact, all these routes were filtered. And, finally, only "accept" remained in the filter - this method unfiltered routes.
Hi
Found the bug, it was in incorrect code for 'where' operator, here is the patch:
https://gitlab.labs.nic.cz/labs/bird/commit/452e90ba72f57c44b44f9940ac951d2f...
We plan to release a new version soon with this and other fixes.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
-- *-- * *-- С Уважением*
participants (5)
-
Chriztoffer Hansen -
Maria Matějka -
Ondrej Zajicek -
Robert Scheck -
Дружок 1