BGP measurement analysis for the masses
C M4 Python Makefile Other
Latest commit 1115a80 Jan 20, 2017 @alistairking alistairking committed on GitHub Add filtering language and parser
Developed by @salcock during the 2016 CAIDA BGP Hackathon.

Provides more filtering options than the current API, and in a more user-friendly format.
Also allows relative time intervals to be specified.
For example:
bgpreader -I "1 h" -f "collector route-views6 and ipversion 6 and type updates"
Retrieves IPv6 (`ipversion 6`) updates (`type updates`) data for the last 1 hour (`-I "1 h"`) from the `route-views6` collector

See the `FILTERING` file for information about the filter language.

Original commit log below:

* First pass at a filter string parser.

Doesn't actually generate any filters yet, but now we've got a
language in place to work with.

* Fixed bug causing assert failure when using the broker.

Should be dereferencing the pointer before asserting that the
character is a null char.

* Implement filtering using filter strings.

Obviously this only works for filter terms that are natively
supported by bgpstream, but we can start adding in the rest
as we go.

* Added filtering on AS path using regular expressions.

The regexs should be expressed in the style of

Most importantly, use '_' to specify multiple consecutive ASNs (be
careful at the start or end of the path).

Use ^ and $ to specify the start and end of an AS path respectively.

* Added ability to filter on prefixe specificity.

Previously, we could only filter to show "exact or more specific"
prefixes. Now we can also do "exact only", "exact or less specific"
and "any related prefixes".

* Added ability to filter based on the IP address family of the prefix

* Updated python API to support new filter strings

Also added terms for the new filter types to the add_filter
function, e.g. prefix-exact, aspath, ipversion etc.

Updated python documentation to include these changes.

* Added a file documenting the filtering language

* Added ability to specify a recent time interval as a filter.

In other words, an interval of "3 h" will fetch the most recent 3 hours
of data so you won't need to rely on UTC time calculators to look at the
most recent data.

Added support for recent time intervals to both bgpreader and pybgpstream.

* Add missing documentation for new python API method.

* Added ability to filter on element type.

Acceptable element types to filter on are 'ribs', 'announcements',
'withdrawals' and 'peerstates'.

Updated documentation to include description of element type filtering.

* Changed multiple aspath filters to act as AND rather than OR

Also added the ability to negate an aspath regex.

In combination, these changes allow you to construct some fairly interesting
filters, e.g. contains ASN A and B but A is not immediately followed by B.

Updated FILTERING to explain these changes.

* Add some CLI documentation for the new bgpstream options

* Update formatting of filtering code

* Run code through clang-format again

* Add missing include

* Fix issues introduced in manual merge


BGPStream is an open-source software framework for the analysis of both historical and real-time Border Gateway Protocol (BGP) measurement data.

For a detailed description of BGPStream as well as documentation and tutorials, please visit

Quick Start

To get started using BGPStream, either download the latest release tarball, or clone the GitHub repository.

You will also need the libcurl and wandio libraries installed before building BGPStream (libcurl must be installed prior to building wandio).

In most cases, the following will be enough to build and install BGPStream:

$ ./configure
$ make
# make install

If you cloned BGPStream from GitHub, you will need to run ./ before ./configure.

For further information or support, please visit the BGPStream website, or contact