On 10/4/18 3:33 PM, David Ahern wrote:

From: David Ahern <redacted>

...

This patch set addresses the problem by adding a new socket flag,
NETLINK_DUMP_STRICT_CHK, that userspace can use with setsockopt to
request strict checking of headers and attributes on dump requests and
hence unlock the ability to use kernel side filters as they are added.

...

David Ahern (20):
  netlink: Pass extack to dump handlers
  netlink: Add extack message to nlmsg_parse for invalid header length
  net: Add extack to nlmsg_parse
  net/ipv6: Refactor address dump to push inet6_fill_args to
    in6_dump_addrs
  netlink: Add new socket option to enable strict checking on dumps
  net/ipv4: Update inet_dump_ifaddr for strict data checking
  net/ipv6: Update inet6_dump_addr for strict data checking
  rtnetlink: Update rtnl_dump_ifinfo for strict data checking
  rtnetlink: Update rtnl_bridge_getlink for strict data checking
  rtnetlink: Update rtnl_stats_dump for strict data checking
  rtnetlink: Update inet6_dump_ifinfo for strict data checking
  rtnetlink: Update ipmr_rtm_dumplink for strict data checking
  rtnetlink: Update fib dumps for strict data checking
  net/neighbor: Update neigh_dump_info for strict data checking
  net/neighbor: Update neightbl_dump_info for strict data checking
  net/namespace: Update rtnl_net_dumpid for strict data checking
  net/fib_rules: Update fib_nl_dumprule for strict data checking
  net/ipv6: Update ip6addrlbl_dump for strict data checking
  net: Update netconf dump handlers for strict data checking
  net/bridge: Update br_mdb_dump for strict data checking

One thing I missed in the rfc and v1 versions is strict attribute
parsing -- ie., there should be nothing remaining after nla_parse is
done. I have a new patch that adds an nlmsg_parse_strict and
nla_parse_strict that returns -EINVAL (with extack filled in) if that
happens. The new patch pushes the set over 20.

I can peel off the first 3 patches from this set which add extack to the
dumps and down to nlmsg_parse and send those separately if preferred.