Discussion:
Syntax error with brackets in bgpd.conf
Tristan Pilat
2017-05-10 17:00:50 UTC
Permalink
Hi OpenBSD team,

I'm facing an odd syntax error in bgpd.conf.

# sysctl -n kern.version
OpenBSD 6.1 (GENERIC.MP) #4: Sat May 6 09:33:37 CEST 2017
***@syspatch-61-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

# bgpd -vnf /etc/bgpd.conf
/etc/bgpd.conf:251: syntax error

# cat -n /etc/bgpd.conf
[…]
250 deny to 192.0.2.1
251 allow to 192.0.2.1 prefix { 203.0.113.0/24, 198.51.100.0/24 } prefixlen <= 24
[…]

But if I substitute the line containing brackets for two lines, it's alright.

deny to 192.0.2.1
allow to 192.0.2.1 prefix 198.51.100.0/24 prefixlen <= 24
allow to 192.0.2.1 prefix 203.0.113.0/24 prefixlen <= 24

The man page however specifies :

prefix address/len or-longer
This rule applies only to UPDATES for the specified prefix.

Multiple entries may be specified, separated by commas or
whitespace, if enclosed in curly brackets:

deny from any prefix { 192.168.0.0/16, 10.0.0.0/8 or-longer }

Am I missing something here?

Regards,
--
Tristan
Peter Hessler
2017-05-11 09:11:14 UTC
Permalink
Hi Tristan

This is documented in the man page.

prefix address/len
prefix address/len prefixlen range
prefix address/len or-longer

Currently, you cannot remove "prefixlen" from the specific attached
"prefix". The way that '{}' is implemented cannot split full
parameters, even if the results would be syntactically correct.

I do agree this isn't very intuitive. We'll be looking at the syntax in
the near future.

-peter


On 2017 May 10 (Wed) at 19:00:50 +0200 (+0200), Tristan Pilat wrote:
:Hi OpenBSD team,
:
:I'm facing an odd syntax error in bgpd.conf.
:
:# sysctl -n kern.version
:OpenBSD 6.1 (GENERIC.MP) #4: Sat May 6 09:33:37 CEST 2017
: ***@syspatch-61-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
:
:# bgpd -vnf /etc/bgpd.conf
:/etc/bgpd.conf:251: syntax error
:
:# cat -n /etc/bgpd.conf
:[…]
:250 deny to 192.0.2.1
:251 allow to 192.0.2.1 prefix { 203.0.113.0/24, 198.51.100.0/24 } prefixlen <= 24
:[…]
:
:But if I substitute the line containing brackets for two lines, it's alright.
:
:deny to 192.0.2.1
:allow to 192.0.2.1 prefix 198.51.100.0/24 prefixlen <= 24
:allow to 192.0.2.1 prefix 203.0.113.0/24 prefixlen <= 24
:
:The man page however specifies :
:
:prefix address/len or-longer
: This rule applies only to UPDATES for the specified prefix.
:
: Multiple entries may be specified, separated by commas or
: whitespace, if enclosed in curly brackets:
:
: deny from any prefix { 192.168.0.0/16, 10.0.0.0/8 or-longer }
:
:Am I missing something here?
:
:Regards,
:--
:Tristan
:
--
The right to revolt has sources deep in our history.
-- Supreme Court Justice William O. Douglas
Tristan Pilat
2017-05-11 10:11:13 UTC
Permalink
Hi Peter,
Post by Peter Hessler
Hi Tristan
This is documented in the man page.
prefix address/len
prefix address/len prefixlen range
prefix address/len or-longer
Currently, you cannot remove "prefixlen" from the specific attached
"prefix". The way that '{}' is implemented cannot split full
parameters, even if the results would be syntactically correct.
I do agree this isn't very intuitive. We'll be looking at the syntax in
the near future.
Thanks for your insight. Actually what misled me is that I was
using that syntax in the past (with OpenBSD 5.2 it seems to
work). Maybe I missed a syntax change warning somewhere.

Sorry for the noise.

Regards,
--
Tristan
Loading...