Download raw body.
rpki-client: detect & reject "AS0 TALs"
On Sat, Nov 30, 2024 at 02:11:08PM +0000, Lucas Gabriel Vuotto wrote:
> On Sat, Nov 30, 2024 at 01:01:20PM +0000, Job Snijders wrote:
> > Index: output.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/rpki-client/output.c,v
> > diff -u -p -r1.33 output.c
> > --- output.c 22 Feb 2024 12:49:42 -0000 1.33
> > +++ output.c 30 Nov 2024 13:00:41 -0000
> > @@ -82,6 +82,49 @@ static int output_finish(FILE *);
> > static void sig_handler(int);
> > static void set_signal_handler(void);
> >
> > +/*
> > + * Detect & reject so-called "AS0 TALs".
> > + * AS0 TALs are TALs where for each and every subordinate ROA the asID field
> > + * set to 0. Such TALs introduce operational risk, as they change the fail-safe
> > + * from 'fail-open' to 'fail-closed'. Some context:
> > + * https://lists.afrinic.net/pipermail/rpd/2021/013312.html
> > + * https://lists.afrinic.net/pipermail/rpd/2021/013314.html
> > + */
> > +static void
> > +prune_as0_tals(struct vrp_tree *vrps)
> > +{
> > + struct vrp *v, *tv;
> > + int talid;
> > + int is_as0_tal[TALSZ_MAX] = { 0 };
> > +
> > + for (talid = 0; talid < talsz; talid++)
> > + is_as0_tal[talid] = 1;
> > +
> > + if (includeas0)
> > + return;
>
> Shouldn't this go before the for loop? is_as0_tal is local. Also I'd
> prefer the call to prune_as0_tals to be guarded by includeas0 instead,
> but that falls deeper into bikeshedding territory.
Yes, I think it should be moved to outputfiles(). I also wonder if we
should not call the global excludeas0, defaulting to 1 and let -0 flip
that to 0. Seems less awkward to do
if (excludeas0)
prune_as0_tals(v);
than
if (!includeas0)
prune_as0_tals(v)
rpki-client: detect & reject "AS0 TALs"