...
| Command | Params | Description |
|---|---|---|
| accept | accept matched prefix | |
| reject | reject matched prefix | |
| return | return to parent chain | |
| jump | jump chain_name | jump to specified chain |
| unset | unset prop_name | used to unset value of the following properties:pref-src|bgp-med|bgp-out-med|bgp-local-pref |
| append | append at the end of the list | |
| filter | ||
| delete | ||
| set | set prop_writeable value | Command is used to set new value to writeable properties. Value can be set from other readable properties of matching types. For numeric properties it is possible to prefix value with +/- which will increment or decrement current property value by given amount. For example, "set pref-src +1" will increment current pref-src by one, or extract value from other readable num property, "set distance +ospf-ext-metric" |
| rpki-verify | rpki-verify rpki_group_name | Enable RPKI verification in current chain from specified RPKI group. |
Operators
Matcher
...
Operators
| Operator | Description | Example |
|---|---|---|
| && | Logical AND operator | if (dst == 192.168.0.0/16 && dst-len in 16-32) {reject;} |
| || | Logical OR operator | |
| not | Logical NOT operator | if ( not bgp-network) {reject; } |
Num Prop Operators
| Operator | Description |
|---|---|
| in | return true if the value is in provided numeric range. Numeric range can be written in following formats: {int..int}, {int-int} |
| == | return true if numeric values are equal |
| != | return true if numeric values are not equal |
| > | return true if the left numeric value is greater than the right numeric value |
| < | return true if the left numeric value is less than the right numeric value |
| >= | return true if the left numeric value is greater than or equal to the right numeric value |
| <= | return true if the left numeric value is less than or equal to the right numeric value |
Prefix Operators
| Operator | Description |
|---|---|
| in | Return true if the prefix is the subnet of provided network |
| != | Return true if the prefix is not equal to provided value |
| == | Return true if the prefix is equal to provided value |
BGP Community Operators
| Operator | Description | Example |
|---|---|---|
| equal | return true if provided communities is equal to the property value | |
| equal-set | ||
| any | ||
| any-set | ||
| includes | ||
| includes-set | ||
| subset | ||
| subset-set | ||
| any-regexp | ||
| subset-regexp |
String Operators
| Operator | Description |
|---|---|
| find | Check if provided substring is the part of the property value |
| regexp | Match string regexp of the property value |
...