On Mon, 2020-10-05 at 12:40 -0700, Jakub Kicinski wrote:
> > I would totally support doing that here in the general validation code,
> > but (again) don't really think NLMSGERR_ATTR_COOKIE is an appropriate
> > attribute for it.
>
> Hm. Perhaps we can do a partial policy dump into the extack?
Hm. I like that idea.
If we have NLMSGERR_ATTR_OFFS we could accompany that with the sub-
policy for that particular attribute, something like
[NLMSGERR_ATTR_POLICY] = nested {
[NL_POLICY_TYPE_ATTR_TYPE] = ...
[NL_POLICY_TYPE_ATTR_MASK] = ...
}
which we could basically do by factoring out the inner portion of
netlink_policy_dump_write():
attr = nla_nest_start(skb, state->attr_idx);
if (!attr)
goto nla_put_failure;
...
nla_nest_end(skb, attr);
from there into a separate function, give it the pt and the nested
attribute (what's "state->attr_idx" here) as arguments, and then we call
it with NLMSGERR_ATTR_POLICY from here, and with "state->attr_idx" from
netlink_policy_dump_write() :-)
Nice, easy & useful, maybe I'll code it up tomorrow.
> Either way, I don't feel like this series needs it.
Fair enough.
johannes
