On Tue, Feb 13, 2024 at 12:52:42PM +0100, Theo Buehler wrote:
> On Tue, Feb 13, 2024 at 12:42:28PM +0100, Claudio Jeker wrote:
> > I think it is better to show the full path when the enforce neighbor-as
> > check is on (which it is by default on ebgp sessions).
> > At least if it triggers it is easier to identify what is up.
> 
> Should this protect against printing NULL since you don't error check
> aspath_asprint()?

Indeed. How about this instead?
-- 
:wq Claudio

Index: rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
diff -u -p -r1.622 rde.c
--- rde.c	3 Feb 2024 00:11:34 -0000	1.622
+++ rde.c	13 Feb 2024 13:52:03 -0000
@@ -1434,10 +1434,22 @@ rde_update_dispatch(struct rde_peer *pee
 		    peer->conf.enforce_as == ENFORCE_AS_ON) {
 			fas = aspath_neighbor(state.aspath.aspath);
 			if (peer->conf.remote_as != fas) {
-				log_peer_warnx(&peer->conf, "bad path, "
-				    "starting with %s expected %u, "
-				    "enforce neighbor-as enabled",
-				    log_as(fas), peer->conf.remote_as);
+				struct ibuf abuf;
+				char *path;
+				ibuf_from_buffer(&abuf,
+				    state.aspath.aspath->data,
+				    state.aspath.aspath->len);
+				if (aspath_asprint(&path, &abuf) != -1)
+					log_peer_warnx(&peer->conf, "bad path "
+					    "%s, should start with %s, "
+					    "enforce neighbor-as enabled",
+					    path, log_as(peer->conf.remote_as));
+				else
+					log_peer_warnx(&peer->conf, "bad path, "
+					    "starts with %s expected %u, "
+					    "enforce neighbor-as enabled",
+					    log_as(fas), peer->conf.remote_as);
+				free(path);
 				rde_update_err(peer, ERR_UPDATE, ERR_UPD_ASPATH,
 				    NULL);
 				goto done;