Libnetconf running capability checking

[mukundanaresh]

I could see one defect in Libnectconf like when NETCONF server publishes its capabilities(only candiate) with Netopeer client. NC client should use those capabilities and needs to be validated the before sending to Netconf server . NC client can execute edit-config on running configuration datastore even after disabling the running capability. I dont see check like "nc_cpblts_enabled(session,NC_CAP_WRUNNING_ID); "in libnetconf src/session.c file.

Do we need to check all capabilities in libnetconf side whenever NCserver receives from NClient.

What is the difference b/w NC_NS_BASE10 and NC_CAP_BASE10_ID ?

[michalvasko]

Hi, yes, this check is not performed on the client side. It could be added, but we currently work on things with higher priorities, so we will only accept a patch if you can provide one. Anyway, the server should always check all the requests it receives, that is what that function nc_cpblts_enabled() is for.

NC_NS_BASE10 is a namespace, NC_CAP_BASE10_ID is a capability. Look into _netconfinternal.h, those two macros have different content.

Regards, Michal

[mukundanaresh]

Thanks Michel.

[mukundanaresh]

Hi Michel, If I want to disable the running,startup and candidate configuration datastores simply callling the below functions is enough nc_cpblts_remove(retval, NC_CAP_WRUNNING_ID); nc_cpblts_remove(retval, NC_CAP_CANDIDATE_ID); nc_cpblts_remove(retval, NC_CAP_STARTUP_ID);

OR nc_cpblts_remove(retval, NC_CAP_BASE10_ID); ncds_feature_enable("ietf-netconf","writable-running"); ncds_feature_enable("ietf-netconf","startup"); ncds_feature_enable("ietf-netconf","candiadate");

Please correct me if i'm wrong.

[michalvasko]

Hi, to disable datastores it should be enough to not include NC_INIT_DATASTORES in nc_init flags. Then manually create capabilities list for nc_session_accept for the unsupported ones not to be advertised.

Regards, Michal