From a02e90c9c849af99018f935e0299b21da181bbab Mon Sep 17 00:00:00 2001
From: Quantum <quantum2048@gmail.com>
Date: Wed, 31 Jul 2024 20:48:08 -0400
Subject: [PATCH] Add logging for rejected routes to aid debugging
---
filter_bgp.conf | 71 ++++++++++++++++++++++++++++++++++++++++---------
1 file changed, 58 insertions(+), 13 deletions(-)
diff --git a/filter_bgp.conf b/filter_bgp.conf
index c3e8c4d..eb85db7 100644
--- a/filter_bgp.conf
+++ b/filter_bgp.conf
@@ -166,12 +166,36 @@ function handle_prepend(int dest_asn) {
}
function import_safe(bool allow_default) {
- if is_default_route() then return allow_default;
- if ip_bogon() then return false;
- if bgp_path ~ ASN_BOGON then return false;
- if bgp_path.len > 50 then return false;
- if bad_prefix_len() then return false;
- if rpki_invalid() then return false;
+ if is_default_route() then {
+ if allow_default then return true;
+ print proto, ": ", net, ": unexpected default route";
+ return false;
+ }
+
+ if ip_bogon() then {
+ print proto, ": ", net, ": bogon prefix";
+ return false;
+ }
+
+ if bgp_path ~ ASN_BOGON then {
+ print proto, ": ", net, ": bogon in AS path: ", bgp_path;
+ return false;
+ }
+
+ if bgp_path.len > 50 then {
+ print proto, ": ", net, ": AS path too long: ", bgp_path;
+ return false;
+ }
+
+ if bad_prefix_len() then {
+ print proto, ": ", net, ": invalid prefix length";
+ return false;
+ }
+
+ if rpki_invalid() then {
+ print proto, ": ", net, ": invalid RPKI";
+ return false;
+ }
export_downstream = 1;
honour_graceful_shutdown();
@@ -188,10 +212,16 @@ function import_peer_trusted(int peer_asn) {
}
function import_peer(int peer_asn; prefix set prefixes; int set as_set) {
- if net !~ prefixes then return false;
+ if net !~ prefixes then {
+ print proto, ": ", net, ": prefix not in as-set for peer AS", peer_asn;
+ return false;
+ }
for int path_asn in bgp_path do {
- if path_asn !~ as_set then return false;
+ if path_asn !~ as_set then {
+ print proto, ": ", net, ": AS", path_asn, " not in as-set for peer AS", peer_asn;
+ return false;
+ }
}
return import_peer_trusted(peer_asn);
@@ -206,10 +236,16 @@ function import_ixp_trusted(int ixp_id) {
}
function import_ixp(int ixp_id; prefix set prefixes; int set as_set) {
- if net !~ prefixes then return false;
+ if net !~ prefixes then {
+ print proto, ": ", net, ": prefix not in as-set for IXP";
+ return false;
+ }
for int path_asn in bgp_path do {
- if path_asn !~ as_set then return false;
+ if path_asn !~ as_set then {
+ print proto, ": ", net, ": not in as-set for IXP";
+ return false;
+ }
}
return import_ixp_trusted(ixp_id);
@@ -224,14 +260,23 @@ function import_transit(int transit_asn; bool default_route) {
}
function import_downstream(int downstream_asn; prefix set prefixes; int set as_set) {
- if net !~ prefixes then return false;
+ if net !~ prefixes then {
+ print proto, ": ", net, ": prefix not in as-set for downstream AS", downstream_asn;
+ return false;
+ }
for int path_asn in bgp_path do {
- if path_asn !~ as_set then return false;
+ if path_asn !~ as_set then {
+ print proto, ": ", net, ": not in as-set for downstream AS", downstream_asn;
+ return false;
+ }
}
# If they don't want to export this to us, then we won't take it at all.
- if (MY_ASN, LC_NO_EXPORT, MY_ASN) ~ bgp_large_community then return false;
+ if (MY_ASN, LC_NO_EXPORT, MY_ASN) ~ bgp_large_community then {
+ print proto, ": ", net, ": rejected by no-export to AS", MY_ASN;
+ return false;
+ }
bgp_large_community.delete([
(MY_ASN, 0..LC_DOWNSTREAM_START-1, *),