It might be advantageous to permit operators to optionally specify the
maximum number of publication points with which rpki-client will
synchronize.

For example: "doas rpki-client -m 1 -t /etc/rpki/ripe.tal" has as effect
that only RIPE NCC's repository is contacted, but none of the delegated
repositories.

This flag perhaps permits us to start shipping with a more conservative
default than 1000, like 100 or 200. It is clear that encouraging the
ecosystem to embrace 'Publish in Parent' is a saner model than everyone
running their own delegation.

Thoughts?

Kind regards,

Job

Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.98
diff -u -p -r1.98 extern.h
--- extern.h    25 Nov 2021 14:03:40 -0000      1.98
+++ extern.h    25 Nov 2021 16:08:04 -0000
@@ -624,7 +624,4 @@ int mkpath(const char *);
 /* Maximum number of concurrent rsync processes. */
 #define MAX_RSYNC_PROCESSES    16
 
-/* Maximum allowd repositories per tal */
-#define MAX_REPO_PER_TAL       1000
-
 #endif /* ! EXTERN_H */
Index: main.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/main.c,v
retrieving revision 1.166
diff -u -p -r1.166 main.c
--- main.c      25 Nov 2021 14:03:40 -0000      1.166
+++ main.c      25 Nov 2021 16:08:10 -0000
@@ -69,6 +69,7 @@ int   verbose;
 int    noop;
 int    rrdpon = 1;
 int    repo_timeout = 15*60;
+unsigned int   maxpubpoints = 1000;
 
 struct stats    stats;
 
@@ -714,7 +715,7 @@ main(int argc, char *argv[])
            "proc exec unveil", NULL) == -1)
                err(1, "pledge");
 
-       while ((c = getopt(argc, argv, "b:Bcd:e:f:jnorRs:t:T:vV")) != -1)
+       while ((c = getopt(argc, argv, "b:Bcd:e:f:jm:norRs:t:T:vV")) != -1)
                switch (c) {
                case 'b':
                        bind_addr = optarg;
@@ -738,6 +739,11 @@ main(int argc, char *argv[])
                case 'j':
                        outformats |= FORMAT_JSON;
                        break;
+               case 'm':
+                       maxpubpoints = strtonum(optarg, 0, 100000, &errs);
+                       if (errs)
+                               errx(1, "-m: %s", errs);
+                       break;
                case 'n':
                        noop = 1;
                        break;
@@ -1220,7 +1226,7 @@ usage:
        fprintf(stderr,
            "usage: rpki-client [-BcjnoRrVv] [-b sourceaddr] [-d cachedir]"
            " [-e rsync_prog]\n"
-           "                   [-s timeout] [-T table] [-t tal]"
-           " [outputdir]\n");
+           "                   [-m maxpubpoints] [-s timeout] [-T table] "
+           "[-t tal] [outputdir]\n");
        return 1;
 }
Index: repo.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/repo.c,v
retrieving revision 1.14
diff -u -p -r1.14 repo.c
--- repo.c      25 Nov 2021 14:03:40 -0000      1.14
+++ repo.c      25 Nov 2021 16:08:17 -0000
@@ -41,6 +41,7 @@ extern struct stats   stats;
 extern int             noop;
 extern int             rrdpon;
 extern int             repo_timeout;
+extern unsigned int    maxpubpoints;
 
 enum repo_state {
        REPO_LOADING = 0,
@@ -1100,12 +1101,14 @@ ta_lookup(int id, struct tal *tal)
        if ((rp->repouri = strdup(tal->descr)) == NULL)
                err(1, NULL);
 
-       if (++talrepocnt[id] >= MAX_REPO_PER_TAL) {
-               if (talrepocnt[id] == MAX_REPO_PER_TAL)
-                       warnx("too many repositories under %s", tals[id]);
+       if (talrepocnt[id] >= maxpubpoints + 1) {
+               if (talrepocnt[id] == maxpubpoints)
+                       warnx("too many publication points under %s", tals[id]);
                nofetch = 1;
        }
 
+       talrepocnt[id]++;
+
        rp->ta = ta_get(tal, nofetch);
 
        return rp;
@@ -1146,11 +1149,12 @@ repo_lookup(int id, const char *uri, con
                if ((rp->notifyuri = strdup(notify)) == NULL)
                        err(1, NULL);
 
-       if (++talrepocnt[id] >= MAX_REPO_PER_TAL) {
-               if (talrepocnt[id] == MAX_REPO_PER_TAL)
-                       warnx("too many repositories under %s", tals[id]);
+       if (talrepocnt[id] >= maxpubpoints + 1) {
+               if (talrepocnt[id] == maxpubpoints)
+                       warnx("too many publication points under %s", tals[id]);
                nofetch = 1;
        }
+       talrepocnt[id]++;
 
        /* try RRDP first if available */
        if (notify != NULL)
Index: rpki-client.8
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rpki-client.8,v
retrieving revision 1.50
diff -u -p -r1.50 rpki-client.8
--- rpki-client.8       25 Nov 2021 14:03:40 -0000      1.50
+++ rpki-client.8       25 Nov 2021 16:08:17 -0000
@@ -26,6 +26,7 @@
 .Op Fl b Ar sourceaddr
 .Op Fl d Ar cachedir
 .Op Fl e Ar rsync_prog
+.Op Fl m Ar maxpubpoints
 .Op Fl s Ar timeout
 .Op Fl T Ar table
 .Op Fl t Ar tal
@@ -124,6 +125,9 @@ If RRDP fails, RSYNC will be used.
 This is the default.
 Mutually exclusive with
 .Fl n .
+.It Fl m Ar maxpubpoints
+Maximum number of Publication Points to synchronize under each Trust Anchor.
+Defaults to 1000.
 .It Fl s Ar timeout
 Terminate after
 .Ar timeout

Reply via email to