On Sun, Nov 17, 2019 at 10:25:02PM +0100, Kristaps Dzonsons wrote:
> This causes validate.c's valid_cert() doc not to lie, makes the language
> consistent with other functions, and cleans a typo.
>
> In main.c, this documents tal_load_default() (which it marks static),
> moves a #define to the top of the page, and documents it too.
>
> In roa.c, this adds documentation.
> Index: validate.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/validate.c,v
> retrieving revision 1.5
> diff -u -p -u -r1.5 validate.c
> --- validate.c 8 Oct 2019 10:04:36 -0000 1.5
> +++ validate.c 17 Nov 2019 21:11:02 -0000
> @@ -106,7 +106,7 @@ valid_ip(size_t idx, enum afi afi,
> /*
> * Authenticate a trust anchor by making sure its resources are not
> * inheriting and that the SKI is unique.
> - * Returns *authsz -1 on failure.
> + * Returns *authsz or -1 on failure.
> */
> ssize_t
> valid_ta(const char *fn, const struct auth *auths,
> @@ -167,7 +167,7 @@ valid_ski_aki(const char *fn, const stru
> /*
> * Validate a non-TA certificate: make sure its IP and AS resources are
> * fully covered by those in the authority key (which must exist).
> - * Returns the parent certificate or -1 on failure.
> + * Returns the parent index or -1 on failure.
> */
> ssize_t
> valid_cert(const char *fn, const struct auth *auths,
> @@ -232,7 +232,7 @@ valid_cert(const char *fn, const struct
> /*
> * Validate our ROA: check that the SKI is unique, the AKI exists, and
> * the IP prefix is also contained.
> - * Returns zero if not valid, non-zero if valid.
> + * Returns the parent index or -1 on failure.
> */
> ssize_t
> valid_roa(const char *fn, const struct auth *auths,
> Index: main.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
> retrieving revision 1.22
> diff -u -p -u -r1.22 main.c
> --- main.c 4 Nov 2019 09:35:43 -0000 1.22
> +++ main.c 17 Nov 2019 21:19:18 -0000
> @@ -42,6 +42,11 @@
> #include "extern.h"
>
> /*
> + * Maximum number of TAL files we'll load.
> + */
> +#define TALSZ_MAX 8
> +
> +/*
> * Base directory for where we'll look for all media.
> */
> #define BASE_DIR "/var/cache/rpki-client"
> @@ -1276,9 +1281,13 @@ entity_process(int proc, int rsync, stru
> }
> }
>
> -#define TALSZ_MAX 8
> -
> -size_t
> +/*
> + * Assign filenames ending in ".tal" in "/etc/rpki" into "tals",
> + * returning the number of files found and filled-in.
> + * This may be zero.
> + * Don't exceded "max" filenames.
> + */
> +static size_t
> tal_load_default(const char *tals[], size_t max)
> {
> static const char *basedir = "/etc/rpki";
> Index: roa.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/roa.c,v
> retrieving revision 1.6
> diff -u -p -r1.6 roa.c
> --- roa.c 16 Oct 2019 17:37:46 -0000 1.6
> +++ roa.c 17 Nov 2019 21:22:40 -0000
> @@ -450,6 +450,11 @@ roa_read(int fd)
> return p;
> }
>
> +/*
> + * Add each IP address in the ROA into the VRP tree.
> + * Updates "vrps" to be the number of VRPs and "uniqs" to be the unique
> + * number of addresses.
> + */
> void
> roa_insert_vrps(struct vrp_tree *tree, struct roa *roa, size_t *vrps,
> size_t *uniqs)
Those are also OK.
--
:wq Claudio
