This patch adds the remaining checks from the existing
policy code, and thereby completes the wireguard spec.
These are added separately in this RFC mainly to showcase
two difference approaches to convert them.
They require a sizeof() operations or arithmetics, both of
which can't be expressed in YNL currently.
In order to keep the C code 1:1, then in this patch they are
added as an additional UAPI header wireguard_params.h,
defining them so that ynl-gen can reference them as constants.
This approach could also allow a selftest to validate that
the value of the constant in the YNL spec, is the same as the
value in the header file.
In patch 12 in this series, this patch is reverted, and replaced
with magic numbers in the YNL checks, as an alternative.
Signed-off-by: Asbjørn Sloth Tønnesen <ast@fiberby.net>
---
Documentation/netlink/specs/wireguard.yaml | 36 ++++++++++++++++++++++
MAINTAINERS | 1 +
include/uapi/linux/wireguard_params.h | 18 +++++++++++
3 files changed, 55 insertions(+)
create mode 100644 include/uapi/linux/wireguard_params.h
diff --git a/Documentation/netlink/specs/wireguard.yaml b/Documentation/netlink/specs/wireguard.yaml
index c6db3bbf0985..37011c3f158b 100644
--- a/Documentation/netlink/specs/wireguard.yaml
+++ b/Documentation/netlink/specs/wireguard.yaml
@@ -21,6 +21,34 @@ definitions:
name: key-len
type: const
value: 32
+ -
+ name-prefix: --wg-
+ name: inaddr-sz
+ type: const
+ doc: Equivalent of ``sizeof(struct in_addr)``.
+ header: linux/wireguard_params.h
+ value: 4
+ -
+ name-prefix: --wg-
+ name: sockaddr-sz
+ type: const
+ doc: Equivalent of ``sizeof(struct sockaddr)``.
+ header: linux/wireguard_params.h
+ value: 16
+ -
+ name-prefix: --wg-
+ name: timespec-sz
+ type: const
+ doc: Equivalent of ``sizeof(struct __kernel_timespec)``.
+ header: linux/wireguard_params.h
+ value: 16
+ -
+ name-prefix: --wg-
+ name: ifnamlen
+ type: const
+ doc: Equivalent of ``IFNAMSIZ - 1``.
+ header: linux/wireguard_params.h
+ value: 15
-
name: --kernel-timespec
type: struct
@@ -74,6 +102,8 @@ attribute-sets:
-
name: ifname
type: string
+ checks:
+ max-len: --wg-ifnamlen
-
name: private-key
type: binary
@@ -148,6 +178,8 @@ attribute-sets:
name: endpoint
doc: struct sockaddr_in or struct sockaddr_in6
type: binary
+ checks:
+ min-len: --wg-sockaddr-sz
-
name: persistent-keepalive-interval
type: u16
@@ -156,6 +188,8 @@ attribute-sets:
name: last-handshake-time
type: binary
struct: --kernel-timespec
+ checks:
+ exact-len: --wg-timespec-sz
-
name: rx-bytes
type: u64
@@ -191,6 +225,8 @@ attribute-sets:
type: binary
doc: struct in_addr or struct in6_add
display-hint: ipv4-or-v6
+ checks:
+ min-len: --wg-inaddr-sz
-
name: cidr-mask
type: u8
diff --git a/MAINTAINERS b/MAINTAINERS
index 1540aa22d152..e8360e4b55c6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -27170,6 +27170,7 @@ L: netdev@vger.kernel.org
S: Maintained
F: Documentation/netlink/specs/wireguard.yaml
F: drivers/net/wireguard/
+F: include/uapi/linux/wireguard_params.h
F: tools/testing/selftests/wireguard/
WISTRON LAPTOP BUTTON DRIVER
diff --git a/include/uapi/linux/wireguard_params.h b/include/uapi/linux/wireguard_params.h
new file mode 100644
index 000000000000..c218e4b8042f
--- /dev/null
+++ b/include/uapi/linux/wireguard_params.h
@@ -0,0 +1,18 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) */
+
+#ifndef _UAPI_LINUX_WIREGUARD_PARAMS_H
+#define _UAPI_LINUX_WIREGUARD_PARAMS_H
+
+#include <linux/time_types.h>
+#include <linux/if.h>
+#include <linux/in.h>
+
+/* These definitions are currently needed for definitions which can't
+ * be expressed directly in Documentation/netlink/specs/wireguard.yaml
+ */
+#define __WG_INADDR_SZ (sizeof(struct in_addr))
+#define __WG_SOCKADDR_SZ (sizeof(struct sockaddr))
+#define __WG_TIMESPEC_SZ (sizeof(struct __kernel_timespec))
+#define __WG_IFNAMLEN (IFNAMSIZ - 1)
+
+#endif /* _UAPI_LINUX_WIREGUARD_PARAMS_H */
--
2.51.0