This worked, thank you! It may be better to throw a syntax error and refuse to load (or reload) the configuration than to just accept it but to log errors at runtime...after I made this change, my filter started rejecting all routes and it took me a lot of troubleshooting to understand why.
On Sun, Oct 17, 2021 at 7:53 AM Ondrej Zajicek <[email protected]> wrote: > On Sun, Oct 17, 2021 at 04:58:06AM -0400, Ross Tajvar wrote: > > Even using the correct syntax as described by Ondrej I am not able to get > > this to work. When I try, I get the following error in my logs: > > > > > filters, line 117: ~ applied on unknown type pair > > > > > > I am trying to build filters that check multiple things, add a community > > for each thing (if it is true), then reject the route if any of the > > communities exist. It doesn't seem like it's possible to check if any > > member of a set is in another set - only if a particular element is in > > another set. > > > > I.e. I can do > > (1,2,3) ~ bgp_large_community > > but not > > [(1,2,*)] ~ bgp_large_community. > > It should be bgp_large_community ~ [(1,2,*)]. > > In the first case the meaning is whether (1,2,3) is a member of > bgp_large_community, while in the second is whether any community from > bgp_large_community is a member of set [(1,2,*)]. > > > > On Thu, Oct 29, 2020 at 2:49 PM Ondrej Zajicek <[email protected]> > > wrote: > > > > > On Thu, Oct 29, 2020 at 10:00:58AM -0400, Brooks Swinnerton wrote: > > > > Hello, > > > > > > > > I was wondering if it's possible to create a conditional that > matches on > > > a > > > > wildcard for a part of a BGP large community. For example: > > > > > > > > if ([*, 600, 6939]) ~ bgp_large_community then > > > > reject; > > > > > > Hello > > > > > > Note that it would be [(*, 600, 6939)], not ([*, 600, 6939]). > > > > > > But for large communities, BIRD allows wildcard only on the more > specific > > > part. > > > You can have [(64496, 600, *)], [(64496, *, *)] or even [(*, *, *)], > but > > > not > > > [(*, 600, 6939)]. > > > > > > Also, wildcard (*, 600, 6939) does not really make sense, as meaning of > > > the second and third part is determined by the first (global admin), > and > > > may be different for different first parts. > > > > > > -- > > > Elen sila lumenn' omentielvo > > > > > > Ondrej 'Santiago' Zajicek (email: [email protected]) > > > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net > ) > > > "To err is human -- to blame it on a computer is even more so." > > > > > -- > Elen sila lumenn' omentielvo > > Ondrej 'Santiago' Zajicek (email: [email protected]) > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) > "To err is human -- to blame it on a computer is even more so." >
