From: Claudio Jeker Subject: Re: bgpd: print full path when neighbor-as check fails To: Theo Buehler Cc: tech@openbsd.org Date: Tue, 13 Feb 2024 14:52:47 +0100 On Tue, Feb 13, 2024 at 12:52:42PM +0100, Theo Buehler wrote: > On Tue, Feb 13, 2024 at 12:42:28PM +0100, Claudio Jeker wrote: > > I think it is better to show the full path when the enforce neighbor-as > > check is on (which it is by default on ebgp sessions). > > At least if it triggers it is easier to identify what is up. > > Should this protect against printing NULL since you don't error check > aspath_asprint()? Indeed. How about this instead? -- :wq Claudio Index: rde.c =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v diff -u -p -r1.622 rde.c --- rde.c 3 Feb 2024 00:11:34 -0000 1.622 +++ rde.c 13 Feb 2024 13:52:03 -0000 @@ -1434,10 +1434,22 @@ rde_update_dispatch(struct rde_peer *pee peer->conf.enforce_as == ENFORCE_AS_ON) { fas = aspath_neighbor(state.aspath.aspath); if (peer->conf.remote_as != fas) { - log_peer_warnx(&peer->conf, "bad path, " - "starting with %s expected %u, " - "enforce neighbor-as enabled", - log_as(fas), peer->conf.remote_as); + struct ibuf abuf; + char *path; + ibuf_from_buffer(&abuf, + state.aspath.aspath->data, + state.aspath.aspath->len); + if (aspath_asprint(&path, &abuf) != -1) + log_peer_warnx(&peer->conf, "bad path " + "%s, should start with %s, " + "enforce neighbor-as enabled", + path, log_as(peer->conf.remote_as)); + else + log_peer_warnx(&peer->conf, "bad path, " + "starts with %s expected %u, " + "enforce neighbor-as enabled", + log_as(fas), peer->conf.remote_as); + free(path); rde_update_err(peer, ERR_UPDATE, ERR_UPD_ASPATH, NULL); goto done;