Add logging for rejected routes to aid debugging

2025-04-24 09:01:57 -04:00 · 2024-07-31 20:48:08 -04:00 · 2024-07-31 20:48:08 -04:00 · a02e90c9c8
parent bf08457baf
commit a02e90c9c8
1 changed files with 58 additions and 13 deletions
--- a/filter_bgp.conf
+++ b/filter_bgp.conf
@ -166,12 +166,36 @@ function handle_prepend(int dest_asn) {
 }

 function import_safe(bool allow_default) {
-    if is_default_route()           then return allow_default;
-    if ip_bogon()                   then return false;
-    if bgp_path ~ ASN_BOGON         then return false;
-    if bgp_path.len > 50            then return false;
-    if bad_prefix_len()             then return false;
-    if rpki_invalid()               then return false;
+    if is_default_route() then {
+        if allow_default then return true;
+        print proto, ": ", net, ": unexpected default route";
+        return false;
+    }
+
+    if ip_bogon() then {
+        print proto, ": ", net, ": bogon prefix";
+        return false;
+    }
+
+    if bgp_path ~ ASN_BOGON then {
+        print proto, ": ", net, ": bogon in AS path: ", bgp_path;
+        return false;
+    }
+
+    if bgp_path.len > 50 then {
+        print proto, ": ", net, ": AS path too long: ", bgp_path;
+        return false;
+    }
+
+    if bad_prefix_len() then {
+        print proto, ": ", net, ": invalid prefix length";
+        return false;
+    }
+
+    if rpki_invalid() then {
+        print proto, ": ", net, ": invalid RPKI";
+        return false;
+    }

    export_downstream = 1;
    honour_graceful_shutdown();
@ -188,10 +212,16 @@ function import_peer_trusted(int peer_asn) {
 }

 function import_peer(int peer_asn; prefix set prefixes; int set as_set) {
-    if net !~ prefixes then return false;
+    if net !~ prefixes then {
+        print proto, ": ", net, ": prefix not in as-set for peer AS", peer_asn;
+        return false;
+    }

    for int path_asn in bgp_path do {
-        if path_asn !~ as_set then return false;
+        if path_asn !~ as_set then {
+            print proto, ": ", net, ": AS", path_asn, " not in as-set for peer AS", peer_asn;
+            return false;
+        }
    }

    return import_peer_trusted(peer_asn);
@ -206,10 +236,16 @@ function import_ixp_trusted(int ixp_id) {
 }

 function import_ixp(int ixp_id; prefix set prefixes; int set as_set) {
-    if net !~ prefixes then return false;
+    if net !~ prefixes then {
+        print proto, ": ", net, ": prefix not in as-set for IXP";
+        return false;
+    }

    for int path_asn in bgp_path do {
-        if path_asn !~ as_set then return false;
+        if path_asn !~ as_set then {
+            print proto, ": ", net, ": not in as-set for IXP";
+            return false;
+        }
    }

    return import_ixp_trusted(ixp_id);
@ -224,14 +260,23 @@ function import_transit(int transit_asn; bool default_route) {
 }

 function import_downstream(int downstream_asn; prefix set prefixes; int set as_set) {
-    if net !~ prefixes then return false;
+    if net !~ prefixes then {
+        print proto, ": ", net, ": prefix not in as-set for downstream AS", downstream_asn;
+        return false;
+    }

    for int path_asn in bgp_path do {
-        if path_asn !~ as_set then return false;
+        if path_asn !~ as_set then {
+            print proto, ": ", net, ": not in as-set for downstream AS", downstream_asn;
+            return false;
+        }
    }

    # If they don't want to export this to us, then we won't take it at all.
-    if (MY_ASN, LC_NO_EXPORT, MY_ASN) ~ bgp_large_community then return false;
+    if (MY_ASN, LC_NO_EXPORT, MY_ASN) ~ bgp_large_community then {
+        print proto, ": ", net, ": rejected by no-export to AS", MY_ASN;
+        return false;
+    }

    bgp_large_community.delete([
        (MY_ASN, 0..LC_DOWNSTREAM_START-1, *),