fix(routing): filter own-origin routes in announce — prevent redundant forged-origin rejections

gades · gades · commit fcd9721336d8 · 2026-04-02T23:50:35.000+03:00
diff --git a/internal/core/node/routing_integration.go b/internal/core/node/routing_integration.go
@@ -352,7 +352,7 @@ func (s *Service) handleAnnounceRoutes(senderIdentity domain.PeerIdentity, frame
 		// syncSeqCounterLocked, breaking the per-origin SeqNo invariant.
 		if wireRoute.Origin == s.identity.Address {
 			rejected++
-			log.Warn().
+			log.Debug().
 				Str("identity", wireRoute.Identity).
 				Str("origin", wireRoute.Origin).
 				Str("from", string(senderIdentity)).
diff --git a/internal/core/routing/table.go b/internal/core/routing/table.go
@@ -677,6 +677,10 @@ func (t *Table) RefreshDirectPeers() int {
 
 // Announceable returns routes suitable for announcing to a specific peer,
 // applying split horizon: routes learned from excludeVia are omitted.
+// Routes originated by the peer (Origin == excludeVia) are also omitted —
+// the peer already knows its own routes and re-sending them wastes
+// bandwidth and triggers spurious "forged own origin" rejections on the
+// receiver side.
 // Withdrawn and expired routes are also excluded.
 //
 // Split horizon rule: routes where NextHop == excludeVia are not included
@@ -694,6 +698,9 @@ func (t *Table) Announceable(excludeVia PeerIdentity) []RouteEntry {
 			if r.NextHop == excludeVia {
 				continue
 			}
+			if r.Origin == excludeVia {
+				continue
+			}
 			if r.IsWithdrawn() || r.IsExpired(now) {
 				continue
 			}
@@ -704,9 +711,13 @@ func (t *Table) Announceable(excludeVia PeerIdentity) []RouteEntry {
 }
 
 // AnnounceTo returns the wire-safe projection of routes to announce to
-// a specific peer, applying split horizon and the +1 hop rule. This is
-// the preferred method for building announce_routes frames — it ensures
-// the boundary between model and wire format stays in the routing package.
+// a specific peer, applying split horizon, origin filtering and the +1
+// hop rule. This is the preferred method for building announce_routes
+// frames — it ensures the boundary between model and wire format stays
+// in the routing package.
+//
+// Origin filtering: routes where Origin == excludeVia are skipped because
+// the peer originated them and would reject them as forged own-origin.
 func (t *Table) AnnounceTo(excludeVia PeerIdentity) []AnnounceEntry {
 	t.mu.RLock()
 	defer t.mu.RUnlock()
@@ -719,6 +730,9 @@ func (t *Table) AnnounceTo(excludeVia PeerIdentity) []AnnounceEntry {
 			if r.NextHop == excludeVia {
 				continue
 			}
+			if r.Origin == excludeVia {
+				continue
+			}
 			if r.IsWithdrawn() || r.IsExpired(now) {
 				continue
 			}
diff --git a/internal/core/routing/table_test.go b/internal/core/routing/table_test.go
@@ -497,6 +497,54 @@ func TestAnnounceToAppliesSplitHorizon(t *testing.T) {
 	}
 }
 
+// --- Origin filtering (don't send peer its own originated routes) ---
+
+func TestAnnounceableOmitsRoutesOriginatedByPeer(t *testing.T) {
+	now := time.Date(2026, 1, 1, 12, 0, 0, 0, time.UTC)
+	tbl := NewTable(WithClock(fixedClock(now)))
+
+	// Route originated by peer-A, learned via peer-C (different NextHop).
+	// Split horizon alone would NOT filter this, but origin filter must.
+	mustUpdate(t, tbl, RouteEntry{
+		Identity: "alice", Origin: "peer-A", NextHop: "peer-C",
+		Hops: 3, SeqNo: 1, Source: RouteSourceAnnouncement,
+	})
+	mustUpdate(t, tbl, RouteEntry{
+		Identity: "bob", Origin: "peer-B", NextHop: "peer-C",
+		Hops: 2, SeqNo: 1, Source: RouteSourceAnnouncement,
+	})
+
+	announceable := tbl.Announceable("peer-A")
+	for _, r := range announceable {
+		if r.Origin == "peer-A" {
+			t.Fatal("origin filter: routes originated by peer-A must be excluded when announcing to peer-A")
+		}
+	}
+	if len(announceable) != 1 || announceable[0].Identity != "bob" {
+		t.Fatalf("expected only bob's route, got %+v", announceable)
+	}
+}
+
+func TestAnnounceToOmitsRoutesOriginatedByPeer(t *testing.T) {
+	now := time.Date(2026, 1, 1, 12, 0, 0, 0, time.UTC)
+	tbl := NewTable(WithClock(fixedClock(now)))
+
+	// Route originated by peer-A, learned via peer-C.
+	mustUpdate(t, tbl, RouteEntry{
+		Identity: "alice", Origin: "peer-A", NextHop: "peer-C",
+		Hops: 3, SeqNo: 1, Source: RouteSourceAnnouncement,
+	})
+	mustUpdate(t, tbl, RouteEntry{
+		Identity: "bob", Origin: "peer-B", NextHop: "peer-C",
+		Hops: 2, SeqNo: 1, Source: RouteSourceAnnouncement,
+	})
+
+	entries := tbl.AnnounceTo("peer-A")
+	if len(entries) != 1 || entries[0].Identity != "bob" {
+		t.Fatalf("origin filter should exclude alice's route: got %+v", entries)
+	}
+}
+
 func TestAnnounceToStripsInternalFields(t *testing.T) {
 	now := time.Date(2026, 1, 1, 12, 0, 0, 0, time.UTC)
 	tbl := NewTable(WithClock(fixedClock(now)))
