Hello Łukasz,
On Tue, 03 Jun 2025, Łukasz Trąbiński wrote:
> Could You send me example of rpki config for Bird 3.x.x?
> In 2.x.x, I’m use something like below, but it’s not working with 3.x.x
I'm using the following with rpki-client. I guess you need to remove the
if() for force_roa_table_update when using a TCP connection instead of an
include.
function reject_invalid_roa() {
if (force_roa_table_update > 0) then {
if (net.type = NET_IP4) then {
case roa_check(ROAS4, net, bgp_path.last) {
ROA_INVALID:
print "Rejected invalid ROA IPv4 prefix: ", net, " ", bgp_path, ",
(neighbour ", from, ")";
reject;
ROA_VALID:
print "Valid ROA IPv4 prefix: ", net, " ", bgp_path, ", (neighbour ",
from, ")";
ROA_UNKNOWN:
print "Unknown ROA IPv4 prefix: ", net, " ", bgp_path, ", (neighbour
", from, ")";
}
}
if (net.type = NET_IP6) then {
case roa_check(ROAS6, net, bgp_path.last) {
ROA_INVALID:
print "Rejected invalid ROA IPv6 prefix: ", net, " ", bgp_path, ",
(neighbour ", from, ")";
reject;
ROA_VALID:
print "Valid ROA IPv6 prefix: ", net, " ", bgp_path, ", (neighbour ",
from, ")";
ROA_UNKNOWN:
print "Unknown ROA IPv6 prefix: ", net, " ", bgp_path, ", (neighbour
", from, ")";
}
}
}
}
The main difference is that I reject inside the function without returning
a boolean.
Regards,
Robert
