Index | Thread | Search

From:
Job Snijders <job@bsd.nl>
Subject:
rpki-client: track rpkiNotify in rrdp state file
To:
tech@openbsd.org
Date:
Wed, 3 Jun 2026 21:39:13 +0000

Download raw body.

Thread

  • Job Snijders:

    rpki-client: track rpkiNotify in rrdp state file

As part of RPKIViews I'd like to build something to more easily detect
whether RRDP servers are presenting different data to different clients.

Recording the rpkiNotify itself in the RRDP .state file makes easier for
external programs to analyse RRDP states across different instances.
Having the actual URL handy makes it easier to instrument such
comparisons.

As example:

	$ head /var/cache/rpki-client/.rrdp/436FC6BD7B32853E42FCE5FD95B31D5E3EC1C32C46B7518C2067D568E7EAC119/.state
	https://chloe.sobornost.net/rpki/news.xml
	bd919006-71a6-457c-8a7e-83bafbd1065c
	30391
	1780521020
	Wed, 03 Jun 2026 21:15:03 GMT
	30388 48F6825FA81BC1D9E0DDDAD1B70CE4442DBF2FE0220EDDF7276A9B1C7FBCC1ED
	30389 64B659EE9D34C314AE9A4CB93EC418F3106E9064228BF288C6E0BA2AD08B09D8
	30390 33C4BBC59CDD2A43B7DE4B6F00E7149C4BB58FF7656FF814609E3E3D8FCEC0E7
	30391 F58312DAE900CA43516649C606CD8D5BF534B93BC0CF540F568BF52F31CC6DE6

OK?

Kind regards,

Job

Index: repo.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/repo.c,v
diff -u -p -r1.81 repo.c
--- repo.c	13 May 2026 04:38:42 -0000	1.81
+++ repo.c	3 Jun 2026 21:33:06 -0000
@@ -709,10 +709,14 @@ rrdp_session_parse(struct rrdprepo *rr)
 			line[n - 1] = '\0';
 		switch (ln) {
 		case 0:
+			if (!valid_uri(line, strlen(line), HTTPS_PROTO))
+				goto reset;
+			break;
+		case 1:
 			if ((state->session_id = strdup(line)) == NULL)
 				err(1, NULL);
 			break;
-		case 1:
+		case 2:
 			state->serial = strtonum(line, 1, LLONG_MAX, &errstr);
 			if (errstr) {
 				warnx("%s: state file: serial is %s: %s",
@@ -720,7 +724,7 @@ rrdp_session_parse(struct rrdprepo *rr)
 				goto reset;
 			}
 			break;
-		case 2:
+		case 3:
 			rr->last_reset = strtonum(line, 1, LLONG_MAX, &errstr);
 			if (errstr) {
 				warnx("%s: state file: last_reset is %s: %s",
@@ -728,7 +732,7 @@ rrdp_session_parse(struct rrdprepo *rr)
 				goto reset;
 			}
 			break;
-		case 3:
+		case 4:
 			if (strcmp(line, "-") == 0)
 				break;
 			if ((state->last_mod = strdup(line)) == NULL)
@@ -805,7 +809,7 @@ rrdp_session_save(unsigned int id, struc
 		err(1, "fdopen");
 
 	/* write session state file out */
-	if (fprintf(f, "%s\n%lld\n%lld\n", state->session_id,
+	if (fprintf(f, "%s\n%s\n%lld\n%lld\n", rr->notifyuri, state->session_id,
 	    state->serial, (long long)rr->last_reset) < 0)
 		goto fail;