Re: vpn6-mpls routes on BIRD 2

[Jan Maria Matejka]

I suspect you are missing the "extended next hop" option in your
BGP protocol config.

Thanks
Maria

On 08/24/2018 07:02 PM, Chris Herdt wrote:
> When I run bird in debug mode, I do see a lot of messages about missing next 
> hop:
> 
> bird: peer1: Missing next hop address
> bird: peer1: Invalid NEXT_HOP attribute
> bird: peer1: Invalid NEXT_HOP attribute
> bird: peer1: Invalid NEXT_HOP attribute
> [etc.]
> 
> When I examine the update packets coming in for IPv6 route announcements, the 
> next hop is an IPv4 address in this format (addresses changed for anonymity):
> 
> :::192.168.42.6
> 
> I have also tried a couple different things in my config files to explicitly 
> set the next hop address, but the next hop address is still missing:
> 
> filter setnexthop
> ip explicit_next_hop;
> {
>     explicit_next_hop = fd12:3456:789a:1::1;
>     bgp_next_hop = explicit_next_hop;
>     accept;
> }
> 
> ...
> 
>     vpn6 mpls {
>     table vpntab6;
>     missing lladdr ignore;
>     next hop self;
>     import filter setnexthop;
>     };
> 
> 
> Anyone have any advice?
> 
> Thanks,
> 
> On Thu, Aug 23, 2018 at 8:42 PM Arvin Gan  > wrote:
> 
> Hi ,
> 
>   From your protocols info, “BGP Next hop:   ::”  in channel vpn6-mpls, 
> if next hop is empty, the route is withdrawn. Suggest to check it.
> 
> __ __
> 
> Best Regards,
> 
> Arvin Gan
> 
> __ __
> 
> *From:*Bird-users  > *On Behalf Of *Chris Herdt
> *Sent:* Friday, August 24, 2018 5:48 AM
> *To:* bird-users@network.cz 
> *Subject:* vpn6-mpls routes on BIRD 2
> 
> __ __
> 
> Thanks to the list for all the help you've given me so far!
> 
> __ __
> 
> Another question: I am running BIRD 2.0.2 and peering with a host that is 
> announcing vpn4 mpls and vpn6 mpls routes.
> 
> __ __
> 
> The vpn4 mpls routes are working, but all of the vpn6 mpls routes appear 
> as withdrawn routes. I'm not sure why -- I looked at the packet capture in 
> Wireshark and the UPDATE messages containing the IPv6 routes all show zero 
> for Withdrawn Routes Length. Any ideas?
> 
> __ __
> 
> Here's the result of 'show protocols all peer1' (addresses changed):
> 
> __ __
> 
> bird> show protocols all peer1
> Name   Proto  Table  State  Since Info
> peer1  BGP    ---    up 14:35:04.353  Established  
>   BGP state:  Established
>     Neighbor address: 192.168.42.1
>     Neighbor AS:  65321
>     Neighbor ID:  192.168.42.1
>     Local capabilities
>   Multiprotocol
>     AF announced: vpn4-mpls vpn6-mpls
>   Route refresh
>   Graceful restart
>   4-octet AS numbers
>   Enhanced refresh
>     Neighbor capabilities
>   Multiprotocol
>     AF announced: vpn4-mpls vpn6-mpls
>   Route refresh
>   Extended next hop
>     IPv6 nexthop: ipv4 ipv4-mc
>   Graceful restart
>     Restart time: 120
>     AF supported: vpn4-mpls vpn6-mpls
>     AF preserved:
>   4-octet AS numbers
>     Session:  internal multihop AS4
>     Source address:   192.168.100.1
>     Hold timer:   12.954/15
>     Keepalive timer:  0.005/5
>   Channel vpn4-mpls
>     State:  UP
>     Table:  vpntab4
>     Preference: 100
>     Input filter:   ACCEPT
>     Output filter:  REJECT
>     Routes: 9771 imported, 0 exported
>     Route change stats: received   rejected   filtered    ignored   
> accepted
>   Import updates:   9771  0  0  0 
>   9771
>   Import withdraws:   20  0    --- 20 
>  0
>   Export updates:   9771   9771  0    --- 
>  0
>   Export withdraws:    0    ---    ---    --- 
>  0
>     BGP Next hop:   192.168.100.1
>     IGP IPv4 table: master4
>   Channel vpn6-mpls
>     State:  UP
>     Table:  vpntab6
>     Preference: 100
>     Input filter:   ACCEPT
>     Output filter:  REJECT
>     Routes: 0 imported, 0 exported
>     Route change stats: received   rejected   filtered    ignored   
> accepted
>   Import updates:  0  0  0  0 
>  0
>   Import withdraws: 2785  0    ---   2785 
>  0
>   Export updates:  0  0  0    --- 
>  0
>   Export withdraws:    0    ---    ---    --- 
>  0
>     BGP Next hop:   ::
>     IGP IPv6 table: master6
> 
> 

Re: Flowspec Extended communities

[Jan Maria Matejka]

>> We are working on a way to specify flow actions in more user-friendly manner.
> 
> That would be great but if it works it is ok :)

Please check the show-route branch and give me some feedback. I think it is OK
and working but we never had enough time to test it properly.

Thank you in advance

Maria

Re: BIRD - Config Support for RFC 3107 - Carrying Label Information in BGP

[Jan Maria Matejka]

There are switches in the code to drop MPLS labels when the kernel
doesn't support it.

If you run
$ grep '^#define HAVE_MPLS_KERNEL' config.log
(config.log is a product of ./configure)
it should show that it is defined to 1.

If not, try running ./configure to check whether it shows you
Kernel MPLS Support: yes

If not, install also kernel headers for your current kernel.

Maria

On 06/14/2018 08:13 PM, Thiruvazhiyan Lakshmanan wrote:
> Thanks Ondrej,
> 
> With your suggested changes, I notice both Kernel and BGP uses single
> table (master4) and both have the routes. However, the routes shown in
> the bird has labels attached to them, the routes shown in Kernel table
> do not show the labels to them.
> 
>  
> 
> bird> show route
> 
> Table master4:
> 
> 1.0.1.0/24   unicast [bgp1 11:48:56.097] * (100) [AS65001i]
> 
>     via 10.10.101.1 on bond0.11 mpls 1001
> 
> 1.0.0.0/24   unicast [bgp1 11:48:56.097] * (100) [AS65001i]
> 
>     via 10.10.101.1 on bond0.11 mpls 1000
> 
> 1.0.3.0/24   unicast [bgp1 11:48:56.097] * (100) [AS65001i]
> 
>     via 10.10.101.1 on bond0.11 mpls 1003
> 
> 1.0.2.0/24   unicast [bgp1 11:48:56.097] * (100) [AS65001i]
> 
>     via 10.10.101.1 on bond0.11 mpls 1002
> 
> 1.0.5.0/24   unicast [bgp1 11:48:56.097] * (100) [AS65001i]
> 
>     via 10.10.101.1 on bond0.11 mpls 1005
> 
> 1.0.4.0/24   unicast [bgp1 11:48:56.097] * (100) [AS65001i]
> 
>     via 10.10.101.1 on bond0.11 mpls 1004
> 
> 1.0.7.0/24   unicast [bgp1 11:48:56.097] * (100) [AS65001i]
> 
>     via 10.10.101.1 on bond0.11 mpls 1007
> 
> 1.0.6.0/24   unicast [bgp1 11:48:56.097] * (100) [AS65001i]
> 
>     via 10.10.101.1 on bond0.11 mpls 1006
> 
> 1.0.9.0/24   unicast [bgp1 11:48:56.097] * (100) [AS65001i]
> 
>     via 10.10.101.1 on bond0.11 mpls 1009
> 
> 1.0.8.0/24   unicast [bgp1 11:48:56.097] * (100) [AS65001i]
> 
>     via 10.10.101.1 on bond0.11 mpls 1008
> 
> 10.10.101.0/24   unicast [direct1 11:48:09.102] * (240)
> 
>     dev bond0.11
> 
> 135.21.13.160/28 unicast [direct1 11:46:40.209] * (240)
> 
>     dev ens3
> 
> bird>
> 
>  
> 
> root@ubuntu4-4-VM1:/usr/local/etc# ip -f mpls route show
> 
> 100 as to 200 via inet 192.168.2.2 dev ens3
> 
> 300 dev lo
> 
> root@ubuntu4-4-VM1:/usr/local/etc# ip -f inet route show
> 
> default via 135.21.13.161 dev ens3 onlink
> 
> 1.0.0.0/24 via 10.10.101.1 dev bond0.11  proto bird  metric 32
> 
> 1.0.1.0/24 via 10.10.101.1 dev bond0.11  proto bird  metric 32
> 
> 1.0.2.0/24 via 10.10.101.1 dev bond0.11  proto bird  metric 32
> 
> 1.0.3.0/24 via 10.10.101.1 dev bond0.11  proto bird  metric 32
> 
> 1.0.4.0/24 via 10.10.101.1 dev bond0.11  proto bird  metric 32
> 
> 1.0.5.0/24 via 10.10.101.1 dev bond0.11  proto bird  metric 32
> 
> 1.0.6.0/24 via 10.10.101.1 dev bond0.11  proto bird  metric 32
> 
> 1.0.7.0/24 via 10.10.101.1 dev bond0.11  proto bird  metric 32
> 
> 1.0.8.0/24 via 10.10.101.1 dev bond0.11  proto bird  metric 32
> 
> 1.0.9.0/24 via 10.10.101.1 dev bond0.11  proto bird  metric 32
> 
> 10.10.101.0/24 dev bond0.11  proto kernel  scope link  src 10.10.101.2
> 
> 10.10.101.0/24 dev bond0.11  proto bird  scope link  metric 32
> 
> 135.21.13.160/28 dev ens3  proto kernel  scope link  src 135.21.13.165
> 
> 135.21.13.160/28 dev ens3  proto bird  scope link  metric 32
> 
> root@ubuntu4-4-VM1:/
> 
>  
> 
> bird> show protocols all
> 
> Name   Proto  Table  State  Since Info
> 
> kernel1    Kernel master4    up 11:46:40.203
> 
>   Channel ipv4
> 
>     State:  UP
> 
>     Table:  master4
> 
>     Preference: 10
> 
>     Input filter:   ACCEPT
> 
>     Output filter:  ACCEPT
> 
>     Routes: 0 imported, 12 exported
> 
>     Route change stats: received   rejected   filtered    ignored  
> accepted
> 
>   Import updates:  0  0  0 
> 0  0
> 
>   Import withdraws:    0  0    --- 
> 0  0
> 
>   Export updates: 13  0  0   
> --- 13
> 
>   Export withdraws:    1    ---    ---   
> ---  1
> 
>  
> 
> direct1    Direct ---    up 11:46:40.203
> 
>   Channel ipv4
> 
>     State:  UP
> 
>     Table:  master4
> 
>     Preference: 240
> 
>     Input filter:   ACCEPT
> 
>     Output filter:  ACCEPT
> 
>     Routes: 2 imported, 0 exported
> 
>     Route change stats: received   rejected   filtered    ignored  
> accepted
> 
>   Import updates:  3  0  0 
> 0  3
> 
>   Import withdraws:    1  0    ---
>  0  1
> 
>   Export updates:  0  0  0   
> ---  0
> 
>   Export withdraws:    0    ---    ---   
> ---  0
> 
>  
> 
> device1    

Re: BIRD router/route server functions

[Jan Maria Matejka]

Remove the old one, install the new one, shutdown the old one, run the
new one. BIRD is simple. No docker images, no upgrade procedures.

Maria

On 06/11/2018 05:35 AM, Isaac HO wrote:
> Could provide me the upgrade procedure? Thanks.
> 
> Rae
> 
> __ 
> 
> 
> 2018-06-06 14:10 GMT+08:00 Rae Ho (ITSC)  >:
> 
> You should also upgrade BIRD, version 1.4.5 is too old.
> 
> Could provide me the upgrade procedure?
> 
> __ __
> 
> Rae
> 
> __ __
> 
> *From:*Rae Ho (ITSC)
> *Sent:* Wednesday, June 6, 2018 12:04 PM
> *To:* Rae Ho (ITSC) mailto:ra...@cuhk.edu.hk>>;
> Ondrej Zajicek mailto:santi...@crfreenet.org>>
> *Cc:* bird-users@network.cz 
> *Subject:* RE: BIRD router/route server functions
> 
> __ __
> 
> tcpdump -i ens160 'tcp port 179 and host 192.168.199.13'
> 
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> 
> listening on ens160, link-type EN10MB (Ethernet), capture size 65535
> bytes
> 
> 11:52:14.026373 IP bird1.cuhk.edu.hk.54372 > 192.168.199.13.bgp:
> Flags [S], seq 256428900, win 29200, options [mss 1460,sackOK,TS val
> 2230497637 ecr 0,nop,wscale 7], length 0
> 
> 11:52:14.401556 IP 192.168.199.13.51631 > bird1.cuhk.edu.hk.bgp:
> Flags [S], seq 3989668659, win 29200, options [mss 1460,sackOK,TS
> val 2230734469 ecr 0,nop,wscale 7], length 0
> 
> 11:52:18.031631 IP bird1.cuhk.edu.hk.58460 > 192.168.199.13.bgp:
> Flags [S], seq 3350460062, win 29200, options [mss 1460,sackOK,TS
> val 2230501642 ecr 0,nop,wscale 7], length 0
> 
> 11:52:19.405962 IP 192.168.199.13.54429 > bird1.cuhk.edu.hk.bgp:
> Flags [S], seq 573528156, win 29200, options [mss 1460,sackOK,TS val
> 2230739473 ecr 0,nop,wscale 7], length 0
> 
> __ __
> 
> tcpdump -i ens160 'tcp port 179 and host 192.168.199.12'
> 
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> 
> listening on ens160, link-type EN10MB (Ethernet), capture size 65535
> bytes
> 
> 11:52:03.595665 IP 192.168.199.12.53662 > bird2.cuhk.edu.hk.bgp:
> Flags [S], seq 708312977, win 29200, options [mss 1460,sackOK,TS val
> 2230487710 ecr 0,nop,wscale 7], length 0
> 
> 11:52:03.884791 IP bird2.cuhk.edu.hk.39590 > 192.168.199.12.bgp:
> Flags [S], seq 2978908357, win 29200, options [mss 1460,sackOK,TS
> val 2230724456 ecr 0,nop,wscale 7], length 0
> 
> 11:52:07.600739 IP 192.168.199.12.54354 > bird2.cuhk.edu.hk.bgp:
> Flags [S], seq 562475138, win 29200, options [mss 1460,sackOK,TS val
> 2230491715 ecr 0,nop,wscale 7], length 0
> 
> 11:52:07.889979 IP bird2.cuhk.edu.hk.59598 > 192.168.199.12.bgp:
> Flags [S], seq 2985453764, win 29200, options [mss 1460,sackOK,TS
> val 2230728462 ecr 0,nop,wscale 7], length 0
> 
> __ __
> 
> Seems the problem is domain name?
> 
> __ __
> 
> -Original Message-
> From: Bird-users  > On Behalf Of Rae Ho (ITSC)
> Sent: Wednesday, June 6, 2018 11:13 AM
> To: Ondrej Zajicek  >
> Cc: bird-users@network.cz 
> Subject: RE: BIRD router/route server functions
> 
> __ __
> 
> Last error:   Socket: No route to host <-- 
> 
> __ __
> 
> -Original Message-
> 
> From: Ondrej Zajicek  > 
> 
> Sent: Tuesday, June 5, 2018 8:57 PM
> 
> To: Rae Ho (ITSC) mailto:ra...@cuhk.edu.hk>>
> 
> Cc: Quan Zhou  >; bird-users@network.cz
> 
> 
> Subject: Re: BIRD router/route server functions
> 
> __ __
> 
> On Tue, Jun 05, 2018 at 09:29:08AM +, Rae Ho (ITSC) wrote:
> 
> > Dear Quan Zhou, Thanks. Rae
> 
> __ __
> 
> Hi
> 
> __ __
> 
> Your setup looks OK. You could use tcpdump on ens160 to see if there
> are BGP connection attempts in both directions. Also, is there
> anything interesting in BIRD logs?
> 
> __ __
> 
> You should also upgrade BIRD, version 1.4.5 is too old.
> 
> __ __
> 
> --
> 
> Elen sila lumenn' omentielvo
> 
> __ __
> 
> Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org
> ) OpenPGP encrypted e-mails preferred
> (KeyID 0x11DEADC3, wwwkeys.pgp.net ) "To err
> is human -- to blame it on a computer is even more so."
> 
> __ __
> 
> 

Re: route withdrawals are not sent upon protocol removal

[Jan Maria Matejka]

Hello!

> Do you mean route withdrawals for routes received from that removed 
> protocol?
> Send to other peers? This should not be an issue - when a protocol is 
> removed
> or disabled, all its routes are removed and withdrawals should be sent to
> other protocols.
> 
>  
> Yes, I mean withdrawals for routes received by the router from the peer 
> running bird. The peer is directly connected with the router with a bgp 
> session.
> 
> I am removing some static protocols and doing "birdc configure soft" but no 
> route withdrawals are being sent for the removed prefixes. Even if I try to 
> run "birdc reload out all", the withdrawals are still not sent since bird 
> forgot about the prefixes already when I did the "configure soft":
> 
> bird[28196]: Removing protocol e_010_cidrs
> bird[28196]: Reconfigured
> 
> If I disable the protocol with "birdc disable e_010_cidrs" without removing 
> it from the config files, I see the esame "Remoing protocol e_010_cidrs" 
> message in the logs and the withdrawals are sent as expected, but I expect 
> bird to also send withdrawals when a protocol is removed from the configs 
> without being explicitly disabled.
> 
> Do you also think this is a bug?

I don't know whether I correctly understand what you are trying to do. Anyway, 
please
look at the attached script (for Linux). It creates two virtual routers CA and 
CB,
a BGP link between them and sends a route defined in protocol static {} on CA.

Then it reconfigures CA to remove the static protocol and it correctly shows 
that
the route is withdrawn, at least for me at v1.6.4.

Note that the script creates temporarily two network namespaces (ca and cb) and
leaves behind two configs and two log files.

Could you please try the attached script or try to create some reproducer for me
to see the bug clearly?

Thanks!
Maria
#!/bin/sh

# Create network namespaces
ip netns add ca
ip netns add cb
ip netns exec ca ip link set lo up
ip netns exec cb ip link set lo up

# Link between them
ip netns exec ca ip link add name xxx type veth peer name xxx netns cb
ip netns exec ca ip link set xxx up
ip netns exec cb ip link set xxx up
ip netns exec ca ip a add 10.0.0.1/24 dev xxx
ip netns exec cb ip a add 10.0.0.2/24 dev xxx

# Test a ping
ip netns exec ca ping -c 1 10.0.0.2

# Create configs
cat >ca.conf 

Re: Package repositories

[Jan Maria Matejka]

Hello!

> On Wed, May 23, 2018 at 3:05 PM Ondrej Zajicek  > wrote:
> We plan to have some transition in packages to keep both 1.6 and 2.0 as
> independent packages in repository without automatic update, similarly to
> how grub->grub2 transition was done in Debian.
> 
On 05/23/2018 03:54 PM, Olivier Cochard-Labbé wrote:
> 
> ​Hi,
> I need to rename the FreeBSD port name too because right now we've got:
> - net/bird : bird 1.X branch
> - net/bird-devel: bird 2.X branch
> 
> Do you have an idea for the most appropriate port name ?
> - net/bird1 and net/bird2
> - Or net/bird-legacy (for 1.X branch) and net/bird (for 2.X branch)
> - Or other idea ?

I suggest this way:
1) rename bird -> bird-legacy and bird-devel -> bird2
2) keep this for quite a long time to let users manually change from bird-legacy
to bird2 (one whole release cycle?) and not force them into upgrade
3) rename bird2 -> bird
4) drop bird-legacy when we stop supporting it

Maria

Re: Debugging the RIP code

[Jan Maria Matejka]

Hello!

Disclaimer: There is no sarcasm in this mail. It may look like sarcasm
but I'm absolutely serious.

> I would like to get more understanding about one simple routing protocol
> (e.g. RIP) in BIRD by debugging the code step-by-step. However, I have
> got stuck at configuring the first step to run the code in Visual Studio
> C++. 

The code is C, not C++. It is probably not buildable as C++. Moreover,
BIRD currently supports Linux and several flavors of BSDs. We don't
support running on Windows natively and it seems to be quite a lot of
work to write all the needed bindings even for RIP to run. Anyway, it
would be too simple to tell you that you never want to do that. It is
definitely possible, yet quite difficult.

> Could you guys please point me out how could I configure things in C++
> to starting debugging. Any help you have to offer would be greatly
> appreciated.

My recommendations are as follows:
1. Setup a Linux C development environment.
2. Trace RIP on Linux.

Then you are done with what you wanted (to learn how RIP is written).

You didn't want this? Then skip step 2 and continue this way:
3. Dig deeply into BIRD sysdep/ folder and research what are the needed
APIs on Windows to bind to. You may need to trace the low-level parts of
BIRD and read a lot of documentation to check that your understanding of
the code is correct.
4. Fix the build errors in Visual Studio in a portable way.
5. Write Windows bindings in sysdep/.
6. Send your patches to the mailing list.
7. Debug RIP on Windows.

I'm not kidding. I'm definitely not kidding. I'm absolutely serious.
If I wanted to trace RIP in Visual Studio, I would do it this way.
Yes, I know, it is a painful way, yet still the least painful way.

I believe that you can do it. I'm looking forward to your patches!

Maria

Re: [PATCH] Makefile.in: Only set git version if .git directory exists

[Jan Maria Matejka]

Hi!

On 05/02/2018 06:43 PM, Toke Høiland-Jørgensen wrote:
> If Bird is compiled from a release tarball, but there is a git repository
> somewhere in a parent directory, the Makefile git version logic will pick
> up that version and use it as the Bird version, which is obviously not
> desirable> 
> For instance, on OpenWrt this results in something like this:
> 
> BIRD version reboot-6789-g4e9ce23aa5

Thank you for reporting the bug and sending the patch! Anyway, it failed
with my config as I use multiple worktree configuration (where .git is only
a file containing the real gitdir path). I also fixed it for build
outside the workdir.

M.

Re: BGP filter

[Jan Maria Matejka]

On 04/25/2018 03:26 PM, Jan Maria Matejka wrote:
> [...]
> 
> On 04/25/2018 12:38 PM, Arvin Gan wrote:
>> Thanks, I will try.
> 
> We found out that it may coredump on reconfiguration as instruction 
> comparison happens
> there and the format() instruction has no comparator. Please look into your 
> log, there
> should be something like >>Bug: Unknown instruction<<.

Fixed in 823ad12191e66e243dd088a81c66e4a518563e40.
Maria

Re: BGP filter

[Jan Maria Matejka]

[...]

On 04/25/2018 12:38 PM, Arvin Gan wrote:
> Thanks, I will try.

We found out that it may coredump on reconfiguration as instruction comparison 
happens
there and the format() instruction has no comparator. Please look into your 
log, there
should be something like >>Bug: Unknown instruction<<.

Thanks
Maria

Re: BGP filter

[Jan Maria Matejka]

>> 2.   config-file:
>>
>>   filter filter_bgp1{
>>
>>   if format(net) = "0.0.0.0/0" then accept;  // “format(net) 
>> = …” , bird coredump ???
>>
>>   /* if net = "0.0.0.0/0" then accept;  // “ net= …” ,  not 
>> bird coredump*/
>>
>> }
> 
> Will check this. Thanks for report.

Checked, couldn't reproduce. My test config follows below:

- 8<  BEGIN OF CONFIG -
define x = (format(0.0.0.0/0) = "0.0.0.0/0");
filter y { if format(net) = "0.0.0.0/0" then accept; };

protocol device {}
protocol kernel { learn; ipv4; }
protocol kernel { learn; ipv6; }

ipv4 table ttt;

protocol pipe { table ttt; peer table master4; import filter y; export filter 
y; }
- 8<  END OF CONFIG ---

This does not trigger a coredump when running on v2.0.2.

Please try this config on your machine or send in some minimal config
that causes a coredump.

Thanks!
Maria

Re: BGP filter

[Jan Maria Matejka]

Hi!

> 1.   bird>show route filter {if format(net) = "0.0.0.0/0" then accept;}  
> //correct result
> 
> /* show route filter {if net = "0.0.0.0/0" then accept;}  // incorrect result 
>  */

compare net = 0.0.0.0/0 – the "0.0.0.0/0" is a string literal, the 0.0.0.0/0 is 
a prefix literal.

> 2.   config-file:
> 
>   filter filter_bgp1{
> 
>   if format(net) = "0.0.0.0/0" then accept;  // “format(net) 
> = …” , bird coredump ???
> 
>   /* if net = "0.0.0.0/0" then accept;  // “ net= …” ,  not 
> bird coredump*/
> 
> }

Will check this. Thanks for report.
M.

Re: Cannot connect two ospf-instances over tun-interface

[Jan Maria Matejka]

Hmmm ... will try it on my own network some time this week.
If I don't send any report until Monday (April 9th), please ping me.

M.

On 04/04/2018 11:35 AM, dawid k wrote:
> 
> 
> 2018-04-04 10:59 GMT+02:00 Jan Maria Matejka <jan.mate...@nic.cz 
> <mailto:jan.mate...@nic.cz>>:
> 
> Hello,
> 
> please could you enable 'debug all' for the ospf protocol at server?
> It should tell you whether it receives the packets and what is it doing
> with them.
> 
> 
> It is enabled, Here the logs: 
> 
> 
> 2018-04-04 11:22:42  myOSPF3: Initializing
> 2018-04-04 11:22:42  myOSPF3: Starting
> 2018-04-04 11:22:42  myOSPF3: Adding area 0.0.0.0
> 2018-04-04 11:22:42  myOSPF3: Connected to table master
> 2018-04-04 11:22:42  myOSPF3: State changed to feed
> 2018-04-04 11:22:42  myOSPF3 < added 1.1.1.1/32 <http://1.1.1.1/32> 
> via 192.168.20.94 on eth0
> 2018-04-04 11:22:42  myOSPF3: Originating LSA: Type: 4005, Id: 
> 1.1.1.1, Rt: 10.29.0.1, Seq: 8001
> 2018-04-04 11:22:42  Started
> 2018-04-04 11:22:42  myOSPF3 < interface lo goes up
> 2018-04-04 11:22:42  myOSPF3 < primary address 127.0.0.0/8 
> <http://127.0.0.0/8> on interface lo added
> 2018-04-04 11:22:42  myOSPF3 < interface eth0 goes up
> 2018-04-04 11:22:42  myOSPF3 < primary address 192.168.20.0/24 
> <http://192.168.20.0/24> on interface eth0 added
> 2018-04-04 11:22:42  myOSPF3 < interface tun0 goes up
> 2018-04-04 11:22:42  myOSPF3 < primary address 10.29.0.0/22 
> <http://10.29.0.0/22> on interface tun0 added
> 2018-04-04 11:22:42  myOSPF3: Adding interface tun0 (10.29.0.0/22 
> <http://10.29.0.0/22>) to area 0.0.0.0
> 2018-04-04 11:22:42  myOSPF3 < added 1.1.1.1/32 <http://1.1.1.1/32> 
> via 192.168.20.94 on eth0
> 2018-04-04 11:22:42  myOSPF3: State changed to up
> 2018-04-04 11:22:42  KRT: Received route 1.1.1.1/32 <http://1.1.1.1/32> 
> with strange next-hop 192.168.20.94
> 2018-04-04 11:22:42  KRT: Received route 1.1.1.1/32 <http://1.1.1.1/32> 
> with strange next-hop 192.168.20.94
> 2018-04-04 11:22:42  KRT: Received route 10.29.0.0/20 
> <http://10.29.0.0/20> with strange next-hop 10.29.0.1
> 2018-04-04 11:22:42  Netlink: File exists
> 2018-04-04 11:22:42  myOSPF3: Interface tun0 changed state from Down 
> to Waiting
> 2018-04-04 11:22:42  myOSPF3: HELLO packet sent via tun0
> 2018-04-04 11:22:43  myOSPF3: Updating router state for area 0.0.0.0
> 2018-04-04 11:22:43  myOSPF3: Originating LSA: Type: 2001, Id: 
> 10.29.0.1, Rt: 10.29.0.1, Seq: 8001
> 2018-04-04 11:22:43  myOSPF3: Scheduling routing table calculation
> 2018-04-04 11:22:43  myOSPF3: Starting routing table calculation
> 2018-04-04 11:22:43  myOSPF3: Starting routing table calculation for 
> area 0.0.0.0
> 2018-04-04 11:22:43  myOSPF3: Starting routing table calculation for 
> inter-area (area 0.0.0.0)
> 2018-04-04 11:22:43  myOSPF3: Starting routing table calculation for 
> ext routes
> 2018-04-04 11:22:43  myOSPF3: Starting routing table synchronisation
> 2018-04-04 11:22:43  myOSPF3 > added [best] 10.29.0.0/22 
> <http://10.29.0.0/22> dev tun0
> 2018-04-04 11:22:43  myOSPF3 < rejected by protocol 10.29.0.0/22 
> <http://10.29.0.0/22> dev tun0
> 2018-04-04 11:22:52  myOSPF3: HELLO packet sent via tun0
> 2018-04-04 11:22:52  myOSPF3: Wait timer fired on tun0
> 2018-04-04 11:22:52  myOSPF3: Interface tun0 changed state from 
> Waiting to DR
> 2018-04-04 11:22:52  myOSPF3: Updating router state for area 0.0.0.0
> 
> 
> no received packets, but with tcpdump on server I can see, that all devices 
> are sending hello messages:
> 
> 
> 11:18:26.328789 IP (tos 0xc0, ttl 1, id 15244, offset 0, flags [none], proto 
> OSPF (89), length 64)
>     10.29.0.1 (that's the server) > ospf-all.mcast.net 
> <http://ospf-all.mcast.net>: OSPFv2, Hello, length 44
>         Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.1
> 11:18:31.408140 IP (tos 0xc0, ttl 1, id 62511, offset 0, flags [none], proto 
> OSPF (89), length 72)
>     10.29.0.8 > ospf-all.mcast.net <http://ospf-all.mcast.net>: OSPFv2, 
> Hello, length 52
>         Router-ID 192.168.21.1, Backbone Area, Authentication Type: none (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>           Neighbor List:
>             192.168.21.17
>             10.29.0.1
> 11:18:31.741169 IP (tos 0xc0, ttl 1, id 55888, offset 0, flags [none

Re: Cannot connect two ospf-instances over tun-interface

[Jan Maria Matejka]

Hello,

please could you enable 'debug all' for the ospf protocol at server?
It should tell you whether it receives the packets and what is it doing
with them.

OpenVPN in TUN mode does quite strange things with routing. Have you tried
routing by static routes first (to see whether it works or not)?

Example:

Server has 10.29.0.1/30 (peer 10.29.0.2).
Client A has 10.29.0.5/30 (peer 10.29.0.6) and 172.30.5.0/24 on other iface.
Client B has 10.29.0.9/30 (peer 10.29.0.10) and 172.30.9.0/24 on other iface.

Have you managed to add a route on Client A that would route traffic
to 172.30.9.0/24? (If yes, please tell me, I also need something like that.)

Now I overcome these problems by several GRE (or GRETAP) tunnels over the VPN,
these are real PtP links and also routing works over them quite well.

M.

On 04/04/2018 10:29 AM, dawid k wrote:
> Additional info:
> 
> bird show ospf state on server:
> 
> area 0.0.0.0
> 
>         router 10.29.0.1
>                 distance 0
>                 stubnet 10.29.0.0/22  metric 10   
>                 external 1.1.1.1/32  metric 33
>                 external 10.29.0.0/22  metric 33
> 
> I wonder, why my netowrk is marked as stubnet. I defined in config stub no. I 
> suppose, that's the problem, but how can I avoid this ?
> 
> bird show ospf state on first client :
> 
>      router 192.168.21.17
>                 distance 20
>                 network 192.168.21.16/28  metric 5
>                 network 10.29.0.0/22  metric 10 #ethernet
>                 external 192.168.9.17/32  metric2 
> 1 via 192.168.21.25 #static
> 
>     network 
>           ..
> 
> 
> 
> 
> 2018-04-04 8:59 GMT+02:00 dawid k  >:
> 
> Hi Chris,
> 
> Thank you for your advice, I got a little bit forward.
> 
> I expended my topology with another pc - another vpn client - and I got 
> these two vpn clients working, but somehow I cannot get the server to work 
> properly. The server remains always in state  Init/Other.
> 
> I can see with tcpdump, that every pc is sending the hello-message, but 
> the server is missing the neighbor list:
> 
> 
> 08:48:55.791063 IP (tos 0xc0, ttl 1, id 15221, offset 0, flags [none], 
> proto OSPF (89), length 64)
> server > ospf-all.mcast.net : OSPFv2, Hello, 
> length 44
>         Router-ID 10.29.0.1, Backbone Area, Authentication Type: none (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.1
> 08:49:02.449351 IP (tos 0xc0, ttl 1, id 6717, offset 0, flags [none], 
> proto OSPF (89), length 72)
>     10.29.0.8 > ospf-all.mcast.net : OSPFv2, 
> Hello, length 52
>         Router-ID 192.168.21.1, Backbone Area, Authentication Type: none 
> (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>           Neighbor List:
>             192.168.21.17
>             10.29.0.1
> 08:49:02.854749 IP (tos 0xc0, ttl 1, id 9690, offset 0, flags [none], 
> proto OSPF (89), length 72)
>     10.29.0.4 > ospf-all.mcast.net : OSPFv2, 
> Hello, length 52
>         Router-ID 192.168.21.17, Backbone Area, Authentication Type: none 
> (0)
>         Options [External]
>           Hello Timer 10s, Dead Timer 40s, Mask 255.255.252.0, Priority 1
>           Designated Router 10.29.0.4, Backup Designated Router 10.29.0.8
>           Neighbor List:
>             192.168.21.1
>             10.29.0.1
> 
> Here the output from  birdc show ospf neighbors on client:
> 
> Router ID       Pri          State      DTime   Interface  Router IP
> 192.168.21.17     1     Full/DR         00:35   tun0       10.29.0.4
> 10.29.0.1         1     Init/Other      00:38   tun0       10.29.0.1
> 
> and finally my ospf-setup for every device:
> 
> 
> protocol ospf myOSPFX { # X depending on device (1,2,3)
>         debug all;
>         import filter importAll;
>         export filter onlyLocalExport;
>         area 0.0.0.0 {
>                 interface "tun0" {
>                         cost 10;
>                         type  bcast;
>                         stub no;
>                         hello 10;
>                         transmit delay 5;
>                         wait 10;
>                         dead 40;
>                  };
>        };
> }
> 
> Do you have any idea, what I'm missing? 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 2018-04-03 16:52 GMT+02:00 Chris Boot  

Re: Can't Log information about a double

[Jan Maria Matejka]

Yes, there is a branch named 'show-route'. Quite old. Updated now to current 
int-new,
it builds but may be highly unstable.

Sorry for misleading hints.
M.

On 04/03/2018 05:54 PM, Mattia Milani wrote:
> I didn't find any branch with "flowspec" in the name :( did you find 
> something? 
> 
> Mattia
> 
> Il lun 2 apr 2018, 20:23 Mattia Milani  > ha scritto:
> 
> I'll check me to tomorrow on git for sone branch with "flowspec" but if 
> you can check tomorrow and give me some more feedback it will be beautiful. 
> Thanks, 
> Mattia
> 
> Il lun 2 apr 2018, 20:03 Jan Maria Matějka  > ha scritto:
> 
> Bird's internal sprintf doesn't support floats, at least for now, in 
> 1.6.x probably forever. There may be some patch that adds it. Look for some 
> branch with "flowspec", I think I was implementing something like this for 
> printing BGP flowspec and it is probably not merged. I don't have the git 
> here now, maybe I can find it tomorrow.
> 
> Maria
> 
> Quidquid latine dictum sit, altum videtur.
> 
> -Original Message-
> From: Mattia Milani  >
> To: BIRD Users >
> Sent: Fri, 30 Mar 2018 6:32 PM
> Subject: Can't Log information about a double
> 
> Hello all,
> 
> I'm trying to log some information during the bird process execution.
> I'm doing it in the bgp section.
> 
> I used the command:
> 
> log(L_INFO "** some text **");
> 
> with success, i added to the log some information about an integer 
> variable
> with success, here it is the code:
> 
> int a = 5;
> log(L_INFO "** some text ** %d", a);
> 
> Now i'm trying to make the same with a double variable but without 
> success
> 
> double a = 5.5;
> log(L_INFO "** some text ** %lf", a);
> 
> the output was:
> 
> 2018-03-30 18:09:12.270  ** some text ** %f
> 
> I had already tried with %f instead of %lf but nothing changed in the 
> output
> 
> How can i log some double value? i need to use another function 
> instead of
> log()?
> 
> Thanks,
> Mattia
> 

Re: constant not available everywhere and passing variables from protocols

[Jan Maria Matejka]

> Are there considerations in future to pass bgp_neighbour object to
> filter, to discriminate on neighbor address, ifname, asn, etc? JunOS
> allows this. This would allow me to keep single 'define backup_int =
> "XYZ". On ingress I'd match against protocol, on egress I'd match
> against bgp_neighbour.ifname. So only thing I'd define for
> backup/primary selection is single const, which could be included in a
> single line config file.
> 
> Something like this:
> 
> 
> filter bgp_primary_out {
>   if ifname = "lo" then {
> if bgp_neighbor.ifname = backup_int then bgp_path.prepend(local_as);
> accept;
>   }
>   reject;
> }
> 
> filter bgp_primary_in {
>   if proto = backup_int then bgp_local_pref = 50;
>   if net = default_candidate_net then accept;
>   reject;
> }

Probably yes (or something like that) . See this thread.
http://bird.network.cz/pipermail/bird-users/2018-January/011881.html

>> Anyway, it should be possible to 'define default_candidate_ip = 
>> default_candidate_net.ip;'
>> and then use the constant as IP.
> 
> This works. Curiously won't work if the next-hop is
> default_candidate_net.ip; Actually have to assign own constant to it.

Yes, you have to assign an own constant for it due to current
configuration syntax restrictions. It may change in future.

M.

Re: constant not available everywhere and passing variables from protocols

[Jan Maria Matejka]

On 03/21/2018 10:00 AM, Saku Ytti wrote:
> My config:
> 
> define local_ip  = 129.250.14.127;
> define default_candidate_net = 129.250.0.0/16;
> define default_candidate_ip  = 129.250.0.0;
> define default_net   = 0.0.0.0/0;
> include "common.conf";
> 
> protocol static {
>   route 0.0.0.0/0 recursive default_candidate_ip;
> }
> 
> # ens192
> protocol bgp active from NTT {
>   neighbor 204.141.224.0;
> }
> 
> # ens 224
> protocol bgp backup from NTT {
>   neighbor 204.141.224.2;
> }
> 
> 
> 1) constant not available everywhere
> 
> a) this works
> - define default_candidate_ip  = 129.250.0.0;
> - route 0.0.0.0/0 recursive default_candidate_ip;
> 
> b) this does not
> - define default_route = 0.0.0.0/0;
> - route default_route recursive 129.250.0.0;
> 
> Why not? It barfs with 'line 10: IP address expected'

In v1.6.x, nobody implemented it. In v2, it should work.

> 2) passing variables from protocols
> 
> I'm thinking how to tell which neighbour is backup which is primary. My 
> thoughts
> 
> a) 'import (backup, bgp_in)
> => no way to define >1 filter?
> 
> b) 'bool backup = true'
> => no way to set variables in protocols
> 
> c) 'define backup = true'
> => no way to set constants in protocols
> 
> d) ''import bgp_in(true)'
> => no way to pass variables to filters
> 
> I resorted to matching to protocol name, and call the backup group
> backup. But I'd really prefer way to give neighbour or protocol some
> information I can use in filter to discriminate.

Try 'import where yourCustomImportFunction(arg1, arg2, arg3, ... argN)'.

> Are constants considered strings? If so, should the strings have some
> methods, like split, sub, []? I bit needlessly need to define
> 129.250.0.0 and 129.250.0.0/16 as one is used as static route next-hop
> another is used as filter to permit prefix. I could just maybe say
> 'default_candidate_net.split('/')[0]'.

Try 'default_candidate_net.ip' and 'default_candidate_net.len'. Both of them
are available only in filters.

Anyway, it should be possible to 'define default_candidate_ip = 
default_candidate_net.ip;'
and then use the constant as IP.

M.

Re: MPLS Support Question

[Jan Maria Matejka]

On 03/19/2018 03:12 PM, t a wrote:
> We use BIRD in our production network and are considering rolling out a
> work-around to partially support MPLS functionality.  However, before
> doing so we were wondering what the timeline is for adding
> additional support for MPLS label support on v2.0+.

Hello,

the supported part of MPLS is BGP VPN v[46] in Route Reflector mode, and
static VPN routes. Supported are also static MPLS switching rules and
kernel sync of them.

No additional support is in the short-term plan as we have to stabilize
the whole internal structures of BIRD before adding more features.

Anyway, if you specify what exactly you'd like to have in BIRD, we may
find out that it is quick and easy to implement ...

M.

Re: feature query

[Jan Maria Matejka]

Hello!

> I work for a satellite operator and we are looking for a vrouter that 
> integrates with VPP.
> 
> We are looking for the following functionalities:
> 
> 1)full VRF support not VRF LITE

Don't exactly know what you mean with this. If speaking the Cisco way, the 
router daemon
supports full VRF but the main work is done by the underlying kernel. Linux can 
do it,
I have no idea about BSD's.

> 2)MPLS l3 vpn

Not supported.

> 3)MP BGP Support with vpnv4

Supported in route reflector mode.

> 4)DLEP (optional)

Not supported.

Maria

Re: bird systemd startup init debian

[Jan Maria Matejka]

> root@rs1f:/etc/bird# systemctl status bird.service

[...]

>   Process: 510 ExecStartPre=/usr/sbin/bird -p (code=exited, status=1/FAILURE)

Here is the problem, this command failed.

> root@rs1f:/etc/init# cat /lib/systemd/system/bird.service

[...]

> ExecStartPre=/usr/sbin/bird -p

Here it uses the default config path. This command checks the bird config for 
validity.

Maria

Re: Cannot block flows with BGP FlowSpec

[Jan Maria Matejka]

Hello!

On 02/20/2018 12:08 PM, Giorgos Dimopoulos wrote:
> I'm using ExaBGP to send FlowSpec rules to BIRD. BIRD correctly lists the 
> received rules when running 'show route table flowtab4' but the respective 
> flows are not affected (i.e. drop traffic to a destination prefix).
> 
> Is this because of a configuration issue on my side or BIRD does not 
> implement the required FlowSpec actions?

BIRD doesn't implement this feature. We support only resending
the flowspec rules in Route Reflector mode and also injecting
them via the static pseudoprotocol.

Insertion of the rules into kernel is not implemented. It is
a feature on our nice-to-have list but we aren't working on it.

Maria

Re: how to specify pid file ? (for newsyslog)

[Jan Maria Matejka]

On 02/15/2018 06:56 AM, Илья Шипицин wrote:
> hi,
> 
> on freebsd I need to specify pid file in order to send a signal to rotate log:
> 
> /etc/newsyslog.conf:
> 
> /var/log/bird.log   600  7 100  @0101T JC  
> /var/run/bird.pid SIGHUP
> ...
> 
> 
> is there a way to write a pid to file ? I haven't found any

$ bird --help
Usage: bird [--version] [--help] [-c ] [OPTIONS]

Options:
  ...
  -P Create a PID file with given filename
  ...

Maria

Re: Kernel Protocol not supports IPv4 and IPv6 channels in one protocol instance

[Jan Maria Matejka]

Hello!

On 02/11/2018 02:22 PM, Michael Rack wrote:
> Hi Guys,
> 
> can anyone explain why the KENREL-Protocol does not support IPv4 and
> IPv6 Channels in one instance? BGP, OSPF and so on also supports that,
> what is so special on KERNEL that this is not supported? That makes a
> huge configuration mess.
>  
> 
> The Kernel protocol supports both IPv4 and IPv6 channels; only one
> of them can be configured in each protocol instance.
> 
> *Source:* http://bird.network.cz/?get_doc=20=bird-6.html#ss6.6
> 
> So i have to double the instances to do IPv6 and IPv4 stuff on
> KERNEL-Protocol?

The kernel IPv4 and IPv6 tables are not related and the joint kernel
protocol would do both protocols separately. Therefore we would have to
move almost all the kernel protocol options to the channel config.

The same would happen with almost all the protocol's internal structures
-- there are state variables and also an internal route table for alien
routes -- all of these would need to be moved.

OSPF and BGP supporting IPv4+IPv6 together also send them together
through the socket to the network -- these are really one instance
handling both together. The kernel protocol on Linux has separate
netlink sockets for distinct address families but it is common for all
the tables (so there are structures across the kernel protocols in
another way); on BSD there is one sysctl and one socket for all.

To be correctly aligned with the system, the cleanest solution would be
to have only one kernel protocol for all. It would be possible but we
don't see any good reason to do this because it is quite a lot of highly
error-prone work. Split protocols may be also stopped and started
separately which includes error handling which is quite a good reason to
keep status quo.

If your config is much boilerplated, it should be possible to use this:

template kernel kdt { kernel table 253; ... other options; }

protocol kernel kernel_default4 from kdt {
ipv4 { table default4; export all; };
}

protocol kernel kernel_default6 from kdt {
ipv6 { table default6; export all; };
}

Maria

Re: Compilation on FreeBSD 11.1

[Jan Maria Matejka]

Hello!
 
>> I have FreeBSD XXX 11.1-RELEASE FreeBSD 11.1-RELEASE #0 r321309: Fri Jul 21 
>> 02:08:28 UTC 2017 r...@releng2.nyi.freebsd.org 
>> :/usr/obj/usr/src/sys/GENERIC  amd64
>>  
>> I installed these packages: hs-readline gauche-readline
>>  
>> But I cant compile bird-2.0.0:
>> checking for library containing tgetent... -ltinfo 
>> checking for readline/readline.h... no 
>> configure: error: The client requires GNU Readline library. Either install 
>> the library or use --disable-client to compile without the client.
>>  
>> # find / -name "readline.h" 
>> /usr/include/edit/readline/readline.h 
>> /usr/local/include/editline/readline.h 
>> /usr/local/include/readline/readline.h
>>  
>> Could you help me please?
>>  
>> Many thanks.
>  
> I think you add -l /usr/local/include and re-compile
> or add --with-readline-inc=/usr/local/include

Please try now the tip of int-new. It seems to work.
Maria

Re: Bird-2.0.0 uid 0: exited on signal 6 (core dumped)

[Jan Maria Matejka]

Hello all!

On 01/04/2018 11:16 AM, Jan Maria Matejka wrote:
> On 01/04/2018 06:17 AM, David S. wrote:
>> I just installed Bird 2.0.0  on FreeBSD 10.4-STABLE #0 r326382
>> I use source file from ftp://bird.network.cz/pub/bird/bird-2.0.0.tar.gz.
>>
>> Sometimes bird will be dead when I run "configure" in birdc and I found the 
>> following error message:
>>
>> pid 1791 (bird), uid 0: exited on signal 6 (core dumped)
>>
>> Does it same problem with "BIRD v2.0.0-11-gc36a298 segmentation fault"?
> 
> I'm already solving another segfault problem, it may be related. Please
> could you send me your binary (unstripped) and corefile? Better off-list,
> it is too big and may contain private data. I'll look at it asap.

This may have been solved by the last commit in int-new branch: 
94f9be80c3686284942ba73670780d27730da997
Please check it whether it is true or not.

Maria

Request for Comments: Filter behavior on undefined values

[Jan Maria Matejka]

Hello all!

There are many cases when the filter reads an undefined route attribute.
We have several variants how to behave then, all of them have their pros and 
cons.

The current behavior is inconsistent and sometimes strange.

Variants we thought about when an undefined attribute is to be read:

1  the filter fails with an error.
2  the value is set to default (zero or whatever) and then used
3  it is propagated as undefined until any comparison/match happens,
   then the comparison/match is always false

What can happen then?
We thought about several use cases. Let's assume there is a route without the 
ospf_metric1 attribute.

A  (in config) import where ospf_metric1 > 10;
B  (in config) import where ! (ospf_metric1 > 10);
C  (in config) import where check();
function check() { if ospf_metric1 > 10 then { return true; } else { 
return false; } };
D  (in config)
function update() {
if defined(ospf_metric1) then { return; }
if ospf_metric1 > 10 then { bgp_path.append(myasn); 
bgp_path.append(myasn); }
}
E  (in cli) show route where ospf_metric1 > 10
F  (in cli) show route where ! (ospf_metric1 > 10)

We think generally that:

Variant 1 may work in config as the admin shall write the filters correctly but 
it is too strict
when it comes to CLI ad-hoc filters.

Variant 2 is used now for BGP communities lists where the default is empty 
list. In other cases,
the behavior is undefined. It is convenient as far as the default fits your 
purposes. Then it becomes
almost the same as variant 1.

Variant 3 is simple and convenient until you negate the condition. Note that 
the following two lines
would do different things:
where bgp_med != 201
where !(bgp_med = 201)

We do not know which variant of filters behaviour is the best. We'd like you
to think about your use cases for Bird's filters and contribute to this thread
with your opinion. Also feel free to suggest other behavior variants if you 
think out some.

Thank you!
Maria

Re: Bird-2.0.0 uid 0: exited on signal 6 (core dumped)

[Jan Maria Matejka]

Hi David!

On 01/04/2018 06:17 AM, David S. wrote:
> I just installed Bird 2.0.0  on FreeBSD 10.4-STABLE #0 r326382
> I use source file from ftp://bird.network.cz/pub/bird/bird-2.0.0.tar.gz.
> 
> Sometimes bird will be dead when I run "configure" in birdc and I found the 
> following error message:
> 
> pid 1791 (bird), uid 0: exited on signal 6 (core dumped)
> 
> Does it same problem with "BIRD v2.0.0-11-gc36a298 segmentation fault"?

I'm already solving another segfault problem, it may be related. Please
could you send me your binary (unstripped) and corefile? Better off-list,
it is too big and may contain private data. I'll look at it asap.

Thanks!
Maria

Re: Bird 2.0.0 -- unknown filter instructions

[Jan Maria Matejka]

Hello!

On 12/16/2017 04:10 PM, Luis Ressel wrote:
> I've been experimenting with bird 2.0.0 for a few days now. Apart from
> the memory leak (which Ondrej's patch appears to fix), the most serious
> issue I've run into is a spurious bird crash caused by the filter code.
> Twice so far, bird died when I ran 'birdc configure', with the messages
> " Unknown instruction 26912" and " Unknown instruction 0",
> respectively.
> 
> I haven't been able to reliably reproduce these crashes, though. If
> someone has an idea how to do this, or at least how to narrow down
> which part of my lengthy filter config is causing it, that'd be much
> appreciated!
This seems to be some bad memory access. Please, if you can, send me
your binary, config and coredump, off-list please as it may contain
sensitive data.

There is no code setting these instruction codes intentionally.

Thanks!
Maria

Re: Bird 2.0.0 memory leak

[Jan Maria Matejka]

Hi!

On 12/15/2017 02:45 PM, Miłosz Oller wrote:
> Hi
> 
> After install bird 2.0.0 from sources, bird has memory leak. After running it 
> c.a. 15min daemon used ~24G of RAM.
> 
> Compile options: ./configure --enable-client --enable-libssh
> 
> Debian 9, kernel 4.9.69

Could you please send in the config file you are running Bird with?

Thanks
JMM