gobgp icon indicating copy to clipboard operation
gobgp copied to clipboard
verified publisher icon osrg

Prefix Set Bug?

Open RajdeepMondal opened this issue 2 years ago • 7 comments

I have a router running GoBGP with the following configuration:

global:
  apply-policy:
    config:
      default-import-policy: reject-route
      import-policy-list:
      - example-policy
  config:
    as: 65001
    router-id: 192.2.3.4
neighbors:
- config:
    neighbor-address: 3.0.0.3
    peer-as: 65002
  transport:
    config:
      local-address: 3.0.0.2
defined-sets:
  prefix-sets:
    prefix-list:
    - ip-prefix: 96.0.0.0/5
      masklength-range: 11..17
    - ip-prefix: 96.0.0.0/6
      masklength-range: 18..32
    - ip-prefix: 102.0.0.0/7
      masklength-range: 18..32
    - ip-prefix: 101.0.0.0/8
      masklength-range: 18..32
    - ip-prefix: 100.128.0.0/9
      masklength-range: 18..32
    - ip-prefix: 100.64.0.0/10
      masklength-range: 18..32
    - ip-prefix: 100.32.0.0/11
      masklength-range: 18..32
    - ip-prefix: 100.16.0.0/12
      masklength-range: 18..32
    - ip-prefix: 100.8.0.0/13
      masklength-range: 18..32
    - ip-prefix: 0.0.0.0/0
      masklength-range: 10..10
    - ip-prefix: 128.0.0.0/1
      masklength-range: 11..11
    - ip-prefix: 0.0.0.0/2
      masklength-range: 11..11
    - ip-prefix: 64.0.0.0/3
      masklength-range: 11..11
    - ip-prefix: 112.0.0.0/4
      masklength-range: 11..11
    - ip-prefix: 104.0.0.0/5
      masklength-range: 11..11
    prefix-set-name: ps1
policy-definitions:
- name: example-policy
  statements:
  - actions:
      bgp-actions:
        set-community:
          options: remove
          set-community-method:
            communities-list:
            - '[0-2][0-2]*:[0-2][0-2]'
        set-next-hop: 97.156.64.3
      route-disposition: accept-route
    conditions:
      match-prefix-set:
        prefix-set: ps1
    name: statement1

I advertised the prefix 100.11.131.203/10 from an ExaBGP router to this GoBGP router. The prefix does not show up on the global RIB, meaning it is denied.

Expected behavior: The prefix should be allowed, as it matches with the prefix 0.0.0.0/0 10...10 in the prefix set ps1.

RajdeepMondal avatar Aug 28 '23 03:08 RajdeepMondal

0.0.0.0 doesn't work like that, I guess.

fujita avatar Sep 02 '23 13:09 fujita

What am I doing wrong here then? In the above configuration, I believe it should accept all prefixes that have a mask of length 10.

RajdeepMondal avatar Sep 04 '23 06:09 RajdeepMondal

https://github.com/osrg/gobgp/blob/155bc636cd7abe269bc34af69ba89527e9c043d0/internal/pkg/table/policy.go#L278C15-L278C15

https://pkg.go.dev/net#IPNet.Contains

Go's IPNet doesn't work as you expect.

fujita avatar Sep 06 '23 12:09 fujita

According to the code, line 278 first checks whether pMaskLen falls within the specified range [10, 10]. Then we check whether 100.11.131.203 is within the network 0.0.0.0/0. So this should return true, right? Am I missing something?

RajdeepMondal avatar Sep 09 '23 01:09 RajdeepMondal

It does seem like it should work as "expected" (assuming my test here is correct): https://go.dev/play/p/HMI_mFcSWcP?v=goprev

jdewald avatar Nov 07 '23 20:11 jdewald

@jdewald are you saying I made a mistake in the original configuration? I am using a slightly older version of GoBGP (3.13.0)

RajdeepMondal avatar Nov 08 '23 17:11 RajdeepMondal

@RajdeepMondal Ah no, I share your confusion :D It seems like IPNet is doing what you describe and that a prefix match of "0.0.0.0/0" for [10,10] should end up matching

jdewald avatar Nov 08 '23 18:11 jdewald