subject:"bgpd silence \"connection from non\-peer\" unless verbose"

Re: bgpd silence "connection from non-peer" unless verbose

2022-08-25 Thread Claudio Jeker

On Thu, Aug 25, 2022 at 01:48:50PM +0100, Stuart Henderson wrote:
> On 2022/08/25 14:38, Claudio Jeker wrote:
> > On Thu, Aug 25, 2022 at 09:23:01AM +0100, Stuart Henderson wrote:
> > > On 2022/08/24 18:47, Denis Fondras wrote:
> > > > Le Tue, Aug 23, 2022 at 06:28:12PM +0200, Claudio Jeker a écrit :
> > > > > I noticed that the "connection from non-peer" message can fill the 
> > > > > log and
> > > > > be so chatty that it is hard to see the other messages. The system I 
> > > > > see
> > > > > this on is a bit special since it gets hammered by incorrectly 
> > > > > configured
> > > > > systems. Maybe other people find this message helpful. If so please
> > > > > speak up now because I think the message does not add much info and 
> > > > > should
> > > > > be skipped unless verbose logging is used.
> > > > > 
> > > > 
> > > > I agree with this change (I also have a log full of this message).
> > > 
> > > btw I like the log message, it shows me if I messed up and forgot to add a
> > > session, or if someone else messed up and added a session without 
> > > arranging
> > > it (or typoed the address, etc). But I only allow port 179 connections 
> > > from
> > > possible candidates for peering (IXP peering lans etc) - I consider that
> > > good practice anyway - and means it isn't too noisy.
> > 
> > True but in my case of a route collector misconfigured neighbors try to
> > connect more or less every other second. This results in a lot of log
> > chatter that is very annoying.
> > 
> > Maybe bgpd needs to keep some state so that the message is not shown over 
> > and
> > over again.
> 
> Looking at the actual log message I see -v isn't much more noisy for bgpd
> anyway, so it's not a problem to use that.

-v enables a lot of LOG_DEBUG messages which syslog will drop by default.
This is one of the few LOG_INFO that is based on -v.
Now if you log with -v it will be more noisy (but since I run bgpd often
with -v I try to keep the noise down).
 
> I thought about keeping state, but there are a lot of potential non-peers
> that might try to connect, which could result in a a lot of addresses
> for bgpd to keep track of :)

We could use a fixed upper limit and LRU to keep the number of connections
small. 

-- 
:wq Claudio

Re: bgpd silence "connection from non-peer" unless verbose

2022-08-25 Thread Stuart Henderson

On 2022/08/25 14:38, Claudio Jeker wrote:
> On Thu, Aug 25, 2022 at 09:23:01AM +0100, Stuart Henderson wrote:
> > On 2022/08/24 18:47, Denis Fondras wrote:
> > > Le Tue, Aug 23, 2022 at 06:28:12PM +0200, Claudio Jeker a écrit :
> > > > I noticed that the "connection from non-peer" message can fill the log 
> > > > and
> > > > be so chatty that it is hard to see the other messages. The system I see
> > > > this on is a bit special since it gets hammered by incorrectly 
> > > > configured
> > > > systems. Maybe other people find this message helpful. If so please
> > > > speak up now because I think the message does not add much info and 
> > > > should
> > > > be skipped unless verbose logging is used.
> > > > 
> > > 
> > > I agree with this change (I also have a log full of this message).
> > 
> > btw I like the log message, it shows me if I messed up and forgot to add a
> > session, or if someone else messed up and added a session without arranging
> > it (or typoed the address, etc). But I only allow port 179 connections from
> > possible candidates for peering (IXP peering lans etc) - I consider that
> > good practice anyway - and means it isn't too noisy.
> 
> True but in my case of a route collector misconfigured neighbors try to
> connect more or less every other second. This results in a lot of log
> chatter that is very annoying.
> 
> Maybe bgpd needs to keep some state so that the message is not shown over and
> over again.

Looking at the actual log message I see -v isn't much more noisy for bgpd
anyway, so it's not a problem to use that.

I thought about keeping state, but there are a lot of potential non-peers
that might try to connect, which could result in a a lot of addresses
for bgpd to keep track of :)

Re: bgpd silence "connection from non-peer" unless verbose

2022-08-25 Thread Claudio Jeker

On Thu, Aug 25, 2022 at 09:23:01AM +0100, Stuart Henderson wrote:
> On 2022/08/24 18:47, Denis Fondras wrote:
> > Le Tue, Aug 23, 2022 at 06:28:12PM +0200, Claudio Jeker a écrit :
> > > I noticed that the "connection from non-peer" message can fill the log and
> > > be so chatty that it is hard to see the other messages. The system I see
> > > this on is a bit special since it gets hammered by incorrectly configured
> > > systems. Maybe other people find this message helpful. If so please
> > > speak up now because I think the message does not add much info and should
> > > be skipped unless verbose logging is used.
> > > 
> > 
> > I agree with this change (I also have a log full of this message).
> 
> btw I like the log message, it shows me if I messed up and forgot to add a
> session, or if someone else messed up and added a session without arranging
> it (or typoed the address, etc). But I only allow port 179 connections from
> possible candidates for peering (IXP peering lans etc) - I consider that
> good practice anyway - and means it isn't too noisy.

True but in my case of a route collector misconfigured neighbors try to
connect more or less every other second. This results in a lot of log
chatter that is very annoying.

Maybe bgpd needs to keep some state so that the message is not shown over and
over again.
-- 
:wq Claudio

Re: bgpd silence "connection from non-peer" unless verbose

2022-08-25 Thread Stuart Henderson

On 2022/08/24 18:47, Denis Fondras wrote:
> Le Tue, Aug 23, 2022 at 06:28:12PM +0200, Claudio Jeker a écrit :
> > I noticed that the "connection from non-peer" message can fill the log and
> > be so chatty that it is hard to see the other messages. The system I see
> > this on is a bit special since it gets hammered by incorrectly configured
> > systems. Maybe other people find this message helpful. If so please
> > speak up now because I think the message does not add much info and should
> > be skipped unless verbose logging is used.
> > 
> 
> I agree with this change (I also have a log full of this message).

btw I like the log message, it shows me if I messed up and forgot to add a
session, or if someone else messed up and added a session without arranging
it (or typoed the address, etc). But I only allow port 179 connections from
possible candidates for peering (IXP peering lans etc) - I consider that
good practice anyway - and means it isn't too noisy.

Re: bgpd silence "connection from non-peer" unless verbose

2022-08-24 Thread Denis Fondras

Le Tue, Aug 23, 2022 at 06:28:12PM +0200, Claudio Jeker a écrit :
> I noticed that the "connection from non-peer" message can fill the log and
> be so chatty that it is hard to see the other messages. The system I see
> this on is a bit special since it gets hammered by incorrectly configured
> systems. Maybe other people find this message helpful. If so please
> speak up now because I think the message does not add much info and should
> be skipped unless verbose logging is used.
> 

I agree with this change (I also have a log full of this message).

> -- 
> :wq Claudio
> 
> Index: logmsg.c
> ===
> RCS file: /cvs/src/usr.sbin/bgpd/logmsg.c,v
> retrieving revision 1.8
> diff -u -p -r1.8 logmsg.c
> --- logmsg.c  28 Jul 2022 13:11:48 -  1.8
> +++ logmsg.c  23 Aug 2022 14:38:42 -
> @@ -213,11 +213,11 @@ void
>  log_conn_attempt(const struct peer *peer, struct sockaddr *sa, socklen_t len)
>  {
>   char*p;
> - const char  *b;
>  
>   if (peer == NULL) { /* connection from non-peer, drop */
> - b = log_sockaddr(sa, len);
> - logit(LOG_INFO, "connection from non-peer %s refused", b);
> + if (log_getverbose())
> + logit(LOG_INFO, "connection from non-peer %s refused",
> + log_sockaddr(sa, len));
>   } else {
>   /* only log if there is a chance that the session may come up */
>   if (peer->conf.down && peer->state == STATE_IDLE)
>

bgpd silence "connection from non-peer" unless verbose

2022-08-23 Thread Claudio Jeker

I noticed that the "connection from non-peer" message can fill the log and
be so chatty that it is hard to see the other messages. The system I see
this on is a bit special since it gets hammered by incorrectly configured
systems. Maybe other people find this message helpful. If so please
speak up now because I think the message does not add much info and should
be skipped unless verbose logging is used.

-- 
:wq Claudio

Index: logmsg.c
===
RCS file: /cvs/src/usr.sbin/bgpd/logmsg.c,v
retrieving revision 1.8
diff -u -p -r1.8 logmsg.c
--- logmsg.c28 Jul 2022 13:11:48 -  1.8
+++ logmsg.c23 Aug 2022 14:38:42 -
@@ -213,11 +213,11 @@ void
 log_conn_attempt(const struct peer *peer, struct sockaddr *sa, socklen_t len)
 {
char*p;
-   const char  *b;
 
if (peer == NULL) { /* connection from non-peer, drop */
-   b = log_sockaddr(sa, len);
-   logit(LOG_INFO, "connection from non-peer %s refused", b);
+   if (log_getverbose())
+   logit(LOG_INFO, "connection from non-peer %s refused",
+   log_sockaddr(sa, len));
} else {
/* only log if there is a chance that the session may come up */
if (peer->conf.down && peer->state == STATE_IDLE)

Re: bgpd silence "connection from non-peer" unless verbose

Re: bgpd silence "connection from non-peer" unless verbose

Re: bgpd silence "connection from non-peer" unless verbose

Re: bgpd silence "connection from non-peer" unless verbose

Re: bgpd silence "connection from non-peer" unless verbose

bgpd silence "connection from non-peer" unless verbose

6 matches

Site Navigation

Mail list logo

Footer information