From bf79e923167c79b2e813b7e7efda7211949d6378 Mon Sep 17 00:00:00 2001
From: Igor Ryzhov <iryzhov@nfware.com>
Date: Tue, 30 Mar 2021 00:25:19 +0300
Subject: [PATCH] lib: restore checks for duplicated prefix-list entries

The checks were incorrectly removed in commit 4d2f546f under the
assumption that it is needed only in CLI. Actually the checks are needed
for the case when the sequence number is explicitly set by a user.

Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
---
 lib/filter_nb.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)

diff --git a/lib/filter_nb.c b/lib/filter_nb.c
index bb34efd34c..50325a39f9 100644
--- a/lib/filter_nb.c
+++ b/lib/filter_nb.c
@@ -429,6 +429,45 @@ bool plist_is_dup(const struct lyd_node *dnode, struct plist_dup_args *pda)
 	return pda->pda_found;
 }
 
+static bool plist_is_dup_nb(const struct lyd_node *dnode)
+{
+	const struct lyd_node *entry_dnode =
+		yang_dnode_get_parent(dnode, "entry");
+	struct plist_dup_args pda = {};
+	int idx = 0, arg_idx = 0;
+	static const char *entries[] = {
+		"./ipv4-prefix",
+		"./ipv4-prefix-length-greater-or-equal",
+		"./ipv4-prefix-length-lesser-or-equal",
+		"./ipv6-prefix",
+		"./ipv6-prefix-length-greater-or-equal",
+		"./ipv6-prefix-length-lesser-or-equal",
+		"./any",
+		NULL
+	};
+
+	/* Initialize. */
+	pda.pda_type = yang_dnode_get_string(entry_dnode, "../type");
+	pda.pda_name = yang_dnode_get_string(entry_dnode, "../name");
+	pda.pda_entry_dnode = entry_dnode;
+
+	/* Load all values/XPaths. */
+	while (entries[idx] != NULL) {
+		if (!yang_dnode_exists(entry_dnode, entries[idx])) {
+			idx++;
+			continue;
+		}
+
+		pda.pda_xpath[arg_idx] = entries[idx];
+		pda.pda_value[arg_idx] =
+			yang_dnode_get_string(entry_dnode, entries[idx]);
+		arg_idx++;
+		idx++;
+	}
+
+	return plist_is_dup(entry_dnode, &pda);
+}
+
 /*
  * XPath: /frr-filter:lib/access-list
  */
@@ -1291,6 +1330,13 @@ lib_prefix_list_entry_ipv4_prefix_modify(struct nb_cb_modify_args *args)
 		const struct lyd_node *plist_dnode =
 			yang_dnode_get_parent(args->dnode, "prefix-list");
 
+		if (plist_is_dup_nb(args->dnode)) {
+			snprintf(args->errmsg, args->errmsg_len,
+				 "duplicated prefix list value: %s",
+				 yang_dnode_get_string(args->dnode, NULL));
+			return NB_ERR_VALIDATION;
+		}
+
 		return prefix_list_nb_validate_v4_af_type(
 			plist_dnode, args->errmsg, args->errmsg_len);
 	}
@@ -1319,6 +1365,13 @@ lib_prefix_list_entry_ipv6_prefix_modify(struct nb_cb_modify_args *args)
 		const struct lyd_node *plist_dnode =
 			yang_dnode_get_parent(args->dnode, "prefix-list");
 
+		if (plist_is_dup_nb(args->dnode)) {
+			snprintf(args->errmsg, args->errmsg_len,
+				 "duplicated prefix list value: %s",
+				 yang_dnode_get_string(args->dnode, NULL));
+			return NB_ERR_VALIDATION;
+		}
+
 		return prefix_list_nb_validate_v6_af_type(
 			plist_dnode, args->errmsg, args->errmsg_len);
 	}
@@ -1350,6 +1403,13 @@ static int lib_prefix_list_entry_ipv4_prefix_length_greater_or_equal_modify(
 		const struct lyd_node *plist_dnode =
 			yang_dnode_get_parent(args->dnode, "prefix-list");
 
+		if (plist_is_dup_nb(args->dnode)) {
+			snprintf(args->errmsg, args->errmsg_len,
+				 "duplicated prefix list value: %s",
+				 yang_dnode_get_string(args->dnode, NULL));
+			return NB_ERR_VALIDATION;
+		}
+
 		return prefix_list_nb_validate_v4_af_type(
 			plist_dnode, args->errmsg, args->errmsg_len);
 	}
@@ -1387,6 +1447,13 @@ static int lib_prefix_list_entry_ipv4_prefix_length_lesser_or_equal_modify(
 		const struct lyd_node *plist_dnode =
 			yang_dnode_get_parent(args->dnode, "prefix-list");
 
+		if (plist_is_dup_nb(args->dnode)) {
+			snprintf(args->errmsg, args->errmsg_len,
+				 "duplicated prefix list value: %s",
+				 yang_dnode_get_string(args->dnode, NULL));
+			return NB_ERR_VALIDATION;
+		}
+
 		return prefix_list_nb_validate_v4_af_type(
 			plist_dnode, args->errmsg, args->errmsg_len);
 	}
@@ -1424,6 +1491,13 @@ static int lib_prefix_list_entry_ipv6_prefix_length_greater_or_equal_modify(
 		const struct lyd_node *plist_dnode =
 			yang_dnode_get_parent(args->dnode, "prefix-list");
 
+		if (plist_is_dup_nb(args->dnode)) {
+			snprintf(args->errmsg, args->errmsg_len,
+				 "duplicated prefix list value: %s",
+				 yang_dnode_get_string(args->dnode, NULL));
+			return NB_ERR_VALIDATION;
+		}
+
 		return prefix_list_nb_validate_v6_af_type(
 			plist_dnode, args->errmsg, args->errmsg_len);
 	}
@@ -1461,6 +1535,13 @@ static int lib_prefix_list_entry_ipv6_prefix_length_lesser_or_equal_modify(
 		const struct lyd_node *plist_dnode =
 			yang_dnode_get_parent(args->dnode, "prefix-list");
 
+		if (plist_is_dup_nb(args->dnode)) {
+			snprintf(args->errmsg, args->errmsg_len,
+				 "duplicated prefix list value: %s",
+				 yang_dnode_get_string(args->dnode, NULL));
+			return NB_ERR_VALIDATION;
+		}
+
 		return prefix_list_nb_validate_v6_af_type(
 			plist_dnode, args->errmsg, args->errmsg_len);
 	}
@@ -1492,6 +1573,17 @@ static int lib_prefix_list_entry_any_create(struct nb_cb_create_args *args)
 	struct prefix_list_entry *ple;
 	int type;
 
+	if (args->event == NB_EV_VALIDATE) {
+		if (plist_is_dup_nb(args->dnode)) {
+			snprintf(args->errmsg, args->errmsg_len,
+				 "duplicated prefix list value: %s",
+				 yang_dnode_get_string(args->dnode, NULL));
+			return NB_ERR_VALIDATION;
+		}
+
+		return NB_OK;
+	}
+
 	if (args->event != NB_EV_APPLY)
 		return NB_OK;
 
-- 
2.39.5