Hi, I'm testing BIRD 2 (version 2.0.2) but I am having issue with the new syntax. More specifically, with arrays. This is a snippet of my configuration: protocol direct direct1 { interface "lo"; debug all; ipv4 { import where net ~ 192.168.60.0/24 ; export none; }; } I start bird and this is the logged output: 2018-06-27T15:26:21.123818+02:00 my.bird.router.com bird: direct1 < address 127.0.0.0/8 on interface lo added 2018-06-27T15:31:19.396405+02:00 my.bird.router.com bird: direct1 < address 192.168.60.10/32 on interface lo added 2018-06-27T15:31:19.396527+02:00 my.bird.router.com bird: direct1 > filtered out 192.168.60.10/32 unicast 2018-06-27T15:31:19.396653+02:00 my.bird.router.com bird: direct1 < address 192.168.60.20/32 on interface lo added 2018-06-27T15:31:19.396778+02:00 my.bird.router.com bird: direct1 > filtered out 192.168.60.20/32 unicast 2018-06-27T15:31:19.397165+02:00 my.bird.router.com bird: direct1 < address 192.168.60.21/32 on interface lo added 2018-06-27T15:31:19.397295+02:00 my.bird.router.com bird: direct1 > filtered out 192.168.60.21/32 unicast 2018-06-27T15:31:19.397419+02:00 my.bird.router.com bird: direct1 < address 192.168.60.12/32 on interface lo added 2018-06-27T15:31:19.397541+02:00 my.bird.router.com bird: direct1 > filtered out 192.168.60.12/32 unicast This works as expected. Now, if I try to use even a 1-member array, like this: protocol direct direct1 { interface "lo"; debug all; ipv4 { import where net ~ [ 192.168.60.0/24 ]; export none; }; } the result is that bird filters out my IPs. These are the relevant log lines: 2018-06-27T15:26:21.123818+02:00 my.bird.router.com bird: direct1 < address 127.0.0.0/8 on interface lo added 2018-06-27T15:26:21.123943+02:00 my.bird.router.com bird: direct1 < address 192.168.60.10/32 on interface lo added 2018-06-27T15:26:21.124277+02:00 my.bird.router.com bird: direct1 > added [best] 192.168.60.10/32 unicast 2018-06-27T15:26:21.124406+02:00 my.bird.router.com bird: direct1 < address 192.168.60.20/32 on interface lo added 2018-06-27T15:26:21.124534+02:00 my.bird.router.com bird: direct1 > added [best] 192.168.60.20/32 unicast 2018-06-27T15:26:21.124913+02:00 my.bird.router.com bird: direct1 < address 192.168.60.21/32 on interface lo added 2018-06-27T15:26:21.125041+02:00 my.bird.router.com bird: direct1 > added [best] 192.168.60.21/32 unicast 2018-06-27T15:26:21.125177+02:00 my.bird.router.com bird: direct1 < address 192.168.60.12/32 on interface lo added 2018-06-27T15:26:21.125304+02:00 my.bird.router.com bird: direct1 > added [best] 192.168.60.12/32 unicast "import where net ~" + "array" has always worked fine with BIRD 1.6. Did the syntax change on v2? Is this a bug? Thanks, Carlo
My bad, I’ve posted the log outputs in the opposite order. The first output is referred to the second configuration (the one that makes us of the array). Thanks, Carlo
On 27 Jun 2018, at 15:50, Carlo Rengo <info@carlorengo.it> wrote:
Hi, I'm testing BIRD 2 (version 2.0.2) but I am having issue with the new syntax. More specifically, with arrays. This is a snippet of my configuration:
protocol direct direct1 { interface "lo"; debug all; ipv4 { import where net ~ 192.168.60.0/24 ; export none; }; }
I start bird and this is the logged output:
2018-06-27T15:26:21.123818+02:00 my.bird.router.com bird: direct1 < address 127.0.0.0/8 on interface lo added 2018-06-27T15:31:19.396405+02:00 my.bird.router.com bird: direct1 < address 192.168.60.10/32 on interface lo added 2018-06-27T15:31:19.396527+02:00 my.bird.router.com bird: direct1 > filtered out 192.168.60.10/32 unicast 2018-06-27T15:31:19.396653+02:00 my.bird.router.com bird: direct1 < address 192.168.60.20/32 on interface lo added 2018-06-27T15:31:19.396778+02:00 my.bird.router.com bird: direct1 > filtered out 192.168.60.20/32 unicast 2018-06-27T15:31:19.397165+02:00 my.bird.router.com bird: direct1 < address 192.168.60.21/32 on interface lo added 2018-06-27T15:31:19.397295+02:00 my.bird.router.com bird: direct1 > filtered out 192.168.60.21/32 unicast 2018-06-27T15:31:19.397419+02:00 my.bird.router.com bird: direct1 < address 192.168.60.12/32 on interface lo added 2018-06-27T15:31:19.397541+02:00 my.bird.router.com bird: direct1 > filtered out 192.168.60.12/32 unicast
This works as expected. Now, if I try to use even a 1-member array, like this:
protocol direct direct1 { interface "lo"; debug all; ipv4 { import where net ~ [ 192.168.60.0/24 ]; export none; }; }
the result is that bird filters out my IPs. These are the relevant log lines:
2018-06-27T15:26:21.123818+02:00 my.bird.router.com bird: direct1 < address 127.0.0.0/8 on interface lo added 2018-06-27T15:26:21.123943+02:00 my.bird.router.com bird: direct1 < address 192.168.60.10/32 on interface lo added 2018-06-27T15:26:21.124277+02:00 my.bird.router.com bird: direct1 > added [best] 192.168.60.10/32 unicast 2018-06-27T15:26:21.124406+02:00 my.bird.router.com bird: direct1 < address 192.168.60.20/32 on interface lo added 2018-06-27T15:26:21.124534+02:00 my.bird.router.com bird: direct1 > added [best] 192.168.60.20/32 unicast 2018-06-27T15:26:21.124913+02:00 my.bird.router.com bird: direct1 < address 192.168.60.21/32 on interface lo added 2018-06-27T15:26:21.125041+02:00 my.bird.router.com bird: direct1 > added [best] 192.168.60.21/32 unicast 2018-06-27T15:26:21.125177+02:00 my.bird.router.com bird: direct1 < address 192.168.60.12/32 on interface lo added 2018-06-27T15:26:21.125304+02:00 my.bird.router.com bird: direct1 > added [best] 192.168.60.12/32 unicast
"import where net ~" + "array" has always worked fine with BIRD 1.6. Did the syntax change on v2? Is this a bug?
Thanks, Carlo
On Wed, Jun 27, 2018 at 04:11:17PM +0200, Carlo Rengo wrote:
My bad, I’ve posted the log outputs in the opposite order. The first output is referred to the second configuration (the one that makes us of the array).
Hi, it works like it worked in 1.6.x branch. Prefix set [ 192.168.60.0/24 ] matches only the 192.168.60.0/24 prefix. You have to use prefix set [ 192.168.60.0/24+ ] to match 192.168.60.0/24 and longer prefixes. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Using "[ 192.168.60.0/24+ ]” works, however from the documentation I read the following regarding the `include` operator: Special operators include (~, !~) for "is (not) element of a set" operation - it can be used on […] on prefix and prefix (returning true if first prefix is more specific than second one) In my case I have "import where net ~ [ 192.168.60.0/24 ] ;”, which should be true because prefix 192.168.60.10/32 is more specific than 192.168.60.0/24. That statement, in fact, is true on Bird 1.6.x. and, without the array ("import where net ~ 192.168.60.0/24 ;”), on Bird 2.0.x. Why do my networks get filtered out then? Thanks, Carlo
On 27 Jun 2018, at 16:20, Ondrej Zajicek <santiago@crfreenet.org> wrote:
On Wed, Jun 27, 2018 at 04:11:17PM +0200, Carlo Rengo wrote:
My bad, I’ve posted the log outputs in the opposite order. The first output is referred to the second configuration (the one that makes us of the array).
Hi, it works like it worked in 1.6.x branch. Prefix set [ 192.168.60.0/24 ] matches only the 192.168.60.0/24 prefix. You have to use prefix set [ 192.168.60.0/24+ ] to match 192.168.60.0/24 and longer prefixes.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
My bad, I’ve looked again at the 1.6.x conf I have, which has "192.168.60.0/24{32,32}" instead of "192.168.60.0/24”. I fixed the 2.0.x conf and it now works. Thank you again, Carlo
On 27 Jun 2018, at 16:36, Carlo Rengo <info@carlorengo.it> wrote:
Using "[ 192.168.60.0/24+ ]” works, however from the documentation I read the following regarding the `include` operator:
Special operators include (~, !~) for "is (not) element of a set" operation - it can be used on […] on prefix and prefix (returning true if first prefix is more specific than second one)
In my case I have "import where net ~ [ 192.168.60.0/24 ] ;”, which should be true because prefix 192.168.60.10/32 is more specific than 192.168.60.0/24. That statement, in fact, is true on Bird 1.6.x. and, without the array ("import where net ~ 192.168.60.0/24 ;”), on Bird 2.0.x. Why do my networks get filtered out then?
Thanks, Carlo
On 27 Jun 2018, at 16:20, Ondrej Zajicek <santiago@crfreenet.org <mailto:santiago@crfreenet.org>> wrote:
On Wed, Jun 27, 2018 at 04:11:17PM +0200, Carlo Rengo wrote:
My bad, I’ve posted the log outputs in the opposite order. The first output is referred to the second configuration (the one that makes us of the array).
Hi, it works like it worked in 1.6.x branch. Prefix set [ 192.168.60.0/24 ] matches only the 192.168.60.0/24 prefix. You have to use prefix set [ 192.168.60.0/24+ ] to match 192.168.60.0/24 and longer prefixes.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org <mailto:santiago@crfreenet.org>) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net <http://wwwkeys.pgp.net/>) "To err is human -- to blame it on a computer is even more so."
On Wed, Jun 27, 2018 at 04:36:44PM +0200, Carlo Rengo wrote:
Using "[ 192.168.60.0/24+ ]” works, however from the documentation I read the following regarding the `include` operator:
Special operators include (~, !~) for "is (not) element of a set" operation - it can be used on […] on prefix and prefix (returning true if first prefix is more specific than second one)
Yes, that is true for "prefix ~ prefix" expression, not for "prefix ~ set" expression. When the second argument is set, then it has basic meaning "is element of a set'.
In my case I have "import where net ~ [ 192.168.60.0/24 ] ;”, which should be true because prefix 192.168.60.10/32 is more specific than 192.168.60.0/24.
No, this should be true if the net is a member of set [ 192.168.60.0/24 ], which is true only for 192.168.60.0/24. Such behavior is intentional, so people can specify exact prefixes in prefix sets and match against the sets.
That statement, in fact, is true on Bird 1.6.x. and, without the array ("import where net ~ 192.168.60.0/24 ;”), on Bird 2.0.x.
No, the behavior is the same for v2.0.x and v1.6.x, see: BIRD v2.0.2-26-g1771f70d-x ready. bird> eval 192.168.60.10/32 ~ [ 192.168.60.0/24 ] FALSE bird> eval 192.168.60.10/32 ~ [ 192.168.60.0/24+ ] TRUE BIRD 1.6.3 ready. bird> eval 192.168.60.10/32 ~ [ 192.168.60.0/24 ] FALSE bird> eval 192.168.60.10/32 ~ [ 192.168.60.0/24+ ] TRUE -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Carlo Rengo -
Ondrej Zajicek