xfrm: add extack support to verify_newpolicy_info

	return 0;

}

static int verify_newpolicy_info(struct xfrm_userpolicy_info *p)

static int verify_newpolicy_info(struct xfrm_userpolicy_info *p,

				 struct netlink_ext_ack *extack)

{

	int ret;

		break;

	default:

		NL_SET_ERR_MSG(extack, "Invalid policy share");

		return -EINVAL;

	}

		break;

	default:

		NL_SET_ERR_MSG(extack, "Invalid policy action");

		return -EINVAL;

	}

	switch (p->sel.family) {

	case AF_INET:

		if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32)

		if (p->sel.prefixlen_d > 32 || p->sel.prefixlen_s > 32) {

			NL_SET_ERR_MSG(extack, "Invalid prefix length in selector (must be <= 32 for IPv4)");

			return -EINVAL;

		}

		break;

	case AF_INET6:

#if IS_ENABLED(CONFIG_IPV6)

		if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128)

		if (p->sel.prefixlen_d > 128 || p->sel.prefixlen_s > 128) {

			NL_SET_ERR_MSG(extack, "Invalid prefix length in selector (must be <= 128 for IPv6)");

			return -EINVAL;

		}

		break;

#else

		NL_SET_ERR_MSG(extack, "IPv6 support disabled");

		return  -EAFNOSUPPORT;

#endif

	default:

		NL_SET_ERR_MSG(extack, "Invalid selector family");

		return -EINVAL;

	}

	ret = verify_policy_dir(p->dir);

	if (ret)

		return ret;

	if (p->index && (xfrm_policy_id2dir(p->index) != p->dir))

	if (p->index && (xfrm_policy_id2dir(p->index) != p->dir)) {

		NL_SET_ERR_MSG(extack, "Policy index doesn't match direction");

		return -EINVAL;

	}

	return 0;

}

	int err;

	int excl;

	err = verify_newpolicy_info(p);

	err = verify_newpolicy_info(p, extack);

	if (err)

		return err;

	err = verify_sec_ctx_len(attrs);

	xfrm_mark_get(attrs, &mark);

	err = verify_newpolicy_info(&ua->policy);

	err = verify_newpolicy_info(&ua->policy, extack);

	if (err)

		goto free_state;

	err = verify_sec_ctx_len(attrs);

	*dir = -EINVAL;

	if (len < sizeof(*p) ||

	    verify_newpolicy_info(p))

	    verify_newpolicy_info(p, NULL))

		return NULL;

	nr = ((len - sizeof(*p)) / sizeof(*ut));