No error set on non-existing AS-SET

[afpd]

$ ./bgpq4 -t -j AS-BOGUS
{"NN": [
]}
$ echo $?
0
Expected value should be non-zero

[lukastribus]

No, an empty or non existing reference must not error out, otherwise people end up without filters in automated processes.

AS-MACRO's will also refer to non existing macro's or asns.

If in doubt --> don't allow anything. Not "allow everything".

[afpd]

Surely it should. How else one distinguish empty AS-SET from non-existent AS-SET?
Additionally different error code must be set for the top level non-existent AS-SET and included non-existent AS-SET.

[lukastribus]

I disagree I think the only safe way to handle wrong references (direct or indirect) is to create filters that are actually usable in devices (so they actual work) and of course, should not contain anything that is not actually allowed.

If you return non-null and/or don't output the actual ACL, a partially deployed configuration can lead to:

• a BGP configuration with a new customer ending up actually unfiltered (the worst thing that could happen if our goal is filtering)
• an update with a existing peer/customer isn't actually updated, because some downstream ASN has made a wrong reference, causing the entire prefix-list update to abort (possibly unnoticed, and your direct customer or peer isn't actually directly responsible for it)

I think this is a little more complicated than "just adopting the unix philosophy " ....

How else one distinguish empty AS-SET from non-existent AS-SET?

You shouldn't imho, not when using bgpq4 in an non-interactive way, because it will cause more (possible a lot more) harm.