From: Theo Buehler <tb@theobuehler.org>
Subject: Re: rpki-client: detect & reject "AS0 TALs"
To: Job Snijders <job@openbsd.org>, tech@openbsd.org
Date: Mon, 2 Dec 2024 03:55:30 +0100

On Sat, Nov 30, 2024 at 02:11:08PM +0000, Lucas Gabriel Vuotto wrote:
> On Sat, Nov 30, 2024 at 01:01:20PM +0000, Job Snijders wrote:
> > Index: output.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/rpki-client/output.c,v
> > diff -u -p -r1.33 output.c
> > --- output.c	22 Feb 2024 12:49:42 -0000	1.33
> > +++ output.c	30 Nov 2024 13:00:41 -0000
> > @@ -82,6 +82,49 @@ static int	 output_finish(FILE *);
> >  static void	 sig_handler(int);
> >  static void	 set_signal_handler(void);
> >  
> > +/*
> > + * Detect & reject so-called "AS0 TALs".
> > + * AS0 TALs are TALs where for each and every subordinate ROA the asID field
> > + * set to 0. Such TALs introduce operational risk, as they change the fail-safe
> > + * from 'fail-open' to 'fail-closed'. Some context:
> > + *     https://lists.afrinic.net/pipermail/rpd/2021/013312.html
> > + *     https://lists.afrinic.net/pipermail/rpd/2021/013314.html
> > + */
> > +static void
> > +prune_as0_tals(struct vrp_tree *vrps)
> > +{
> > +	struct vrp *v, *tv;
> > +	int talid;
> > +	int is_as0_tal[TALSZ_MAX] = { 0 };
> > +
> > +	for (talid = 0; talid < talsz; talid++)
> > +		is_as0_tal[talid] = 1;
> > +
> > +	if (includeas0)
> > +		return;
> 
> Shouldn't this go before the for loop? is_as0_tal is local. Also I'd
> prefer the call to prune_as0_tals to be guarded by includeas0 instead,
> but that falls deeper into bikeshedding territory.

Yes, I think it should be moved to outputfiles(). I also wonder if we
should not call the global excludeas0, defaulting to 1 and let -0 flip
that to 0. Seems less awkward to do

	if (excludeas0)
		prune_as0_tals(v);

than

	if (!includeas0)
		prune_as0_tals(v)