Gitiles
Code Review Sign In
gerrit.nordix.org / codeaurora / clo / qsdk / oss / lklm / nss-clients / 7cb5c0b7b9cf7195d61f004be492ea30e2806f31^1..7cb5c0b7b9cf7195d61f004be492ea30e2806f31 / .
commit7cb5c0b7b9cf7195d61f004be492ea30e2806f31[log] [tgz]
authorLinux Build Service Account <lnxbuild@localhost>Thu Aug 27 11:38:07 2020 -0700
committerGerrit - the friendly Code Review server <code-review@localhost>Thu Aug 27 11:38:07 2020 -0700
treeb8fbe1e22e34d6abd998354e8fda0b19e1bebf63
parent2bd5ed304a9090e36b6c978c8aadad91d166ab83 [diff]
parent818101eed9b7c8882f4255accc5391ce8d44d8a8 [diff]
Merge "[qca-nss-clients] Identifier rule support for IPv4 and IPv6."
diff --git a/netlink/nss_nlipv4.c b/netlink/nss_nlipv4.c
index 589c66b..084bab7 100644
--- a/netlink/nss_nlipv4.c
+++ b/netlink/nss_nlipv4.c

@@ -623,6 +623,27 @@
 }
 
 /*
+ * nss_nlipv4_verify_identifier()
+ *	verify and override identifier rule entries
+ */
+static int nss_nlipv4_verify_identifier(struct nss_ipv4_rule_create_msg *msg)
+{
+	struct nss_ipv4_identifier_rule *identifier = &msg->identifier;
+	const size_t rule_sz = sizeof(struct nss_ipv4_identifier_rule);
+	uint16_t valid;
+
+	/*
+	 * if identifier is not valid, set identifier rule to 0
+	 */
+	valid = msg->valid_flags & NSS_IPV4_RULE_CREATE_IDENTIFIER_VALID;
+	if (!valid) {
+		memset(identifier, 0, rule_sz);
+	}
+
+	return 0;
+}
+
+/*
  * nss_nlipv4_process_notify()
  * 	process notification messages from NSS
  */
@@ -802,6 +823,15 @@
 	}
 
 	/*
+	 * check identifier
+	 */
+	error = nss_nlipv4_verify_identifier(&nim->msg.rule_create);
+	if (error < 0) {
+		nss_nl_error("%d:invalid identifier rule information passed\n", pid);
+		goto done;
+	}
+
+	/*
 	 * copy the NL message for response
 	 */
 	resp = nss_nl_copy_msg(skb);

diff --git a/netlink/nss_nlipv6.c b/netlink/nss_nlipv6.c
index 5b2e9c4..9021da6 100644
--- a/netlink/nss_nlipv6.c
+++ b/netlink/nss_nlipv6.c

@@ -624,6 +624,27 @@
 }
 
 /*
+ * nss_nlipv6_verify_identifier()
+ *	verify and override identifier rule entries
+ */
+static int nss_nlipv6_verify_identifier(struct nss_ipv6_rule_create_msg *msg)
+{
+	struct nss_ipv6_identifier_rule *identifier = &msg->identifier;
+	const size_t rule_sz = sizeof(struct nss_ipv6_identifier_rule);
+	uint16_t valid;
+
+	/*
+	 * if identifier is not valid, set identifier rule to 0
+	 */
+	valid = msg->valid_flags & NSS_IPV6_RULE_CREATE_IDENTIFIER_VALID;
+	if (!valid) {
+		memset(identifier, 0, rule_sz);
+	}
+
+	return 0;
+}
+
+/*
  * nss_nlipv6_process_notify()
  *	process notification messages from NSS
  */
@@ -796,6 +817,15 @@
 	}
 
 	/*
+	 * check identifier
+	 */
+	error = nss_nlipv6_verify_identifier(&nim->msg.rule_create);
+	if (error < 0) {
+		nss_nl_error("%d:invalid identifier rule information passed\n", pid);
+		goto done;
+	}
+
+	/*
 	 * copy the NL message for response
 	 */
 	resp = nss_nl_copy_msg(skb);