From: Theo Buehler <tb@theobuehler.org>
Subject: Re: bgpd: print full path when neighbor-as check fails
To: tech@openbsd.org
Date: Tue, 13 Feb 2024 12:52:42 +0100

On Tue, Feb 13, 2024 at 12:42:28PM +0100, Claudio Jeker wrote:
> I think it is better to show the full path when the enforce neighbor-as
> check is on (which it is by default on ebgp sessions).
> At least if it triggers it is easier to identify what is up.

Should this protect against printing NULL since you don't error check
aspath_asprint()?

> 
> -- 
> :wq Claudio
> 
> Index: rde.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
> diff -u -p -r1.622 rde.c
> --- rde.c	3 Feb 2024 00:11:34 -0000	1.622
> +++ rde.c	13 Feb 2024 11:38:01 -0000
> @@ -1434,10 +1434,17 @@ rde_update_dispatch(struct rde_peer *pee
>  		    peer->conf.enforce_as == ENFORCE_AS_ON) {
>  			fas = aspath_neighbor(state.aspath.aspath);
>  			if (peer->conf.remote_as != fas) {
> -				log_peer_warnx(&peer->conf, "bad path, "
> -				    "starting with %s expected %u, "
> +				struct ibuf abuf;
> +				char *path;
> +				ibuf_from_buffer(&abuf,
> +				    state.aspath.aspath->data,
> +				    state.aspath.aspath->len);
> +				aspath_asprint(&path, &abuf);
> +				log_peer_warnx(&peer->conf, "bad path %s, "
> +				    "should start with %s, "
>  				    "enforce neighbor-as enabled",
> -				    log_as(fas), peer->conf.remote_as);
> +				    path, log_as(peer->conf.remote_as));
> +				free(path);
>  				rde_update_err(peer, ERR_UPDATE, ERR_UPD_ASPATH,
>  				    NULL);
>  				goto done;
>