From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26ECA2DE6FC; Thu, 4 Sep 2025 22:03:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023410; cv=none; b=LTmzEukFwookbfN21/fWWIY6DJqHKUTBmR592K25Q5iHTNfIX8MnJYFm1nYRYu/1SmZQ60rW2q4DeuuaufHIQzWz3Jx9lohSZa9W3x/FtEx2aHV4VQFXV49r1S9aCkOeRDzehAeO2QMITIdUdTUMMeEsRHVNkGwRbjUQf290xF0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023410; c=relaxed/simple; bh=04RmY4dERnT2T8QvjCbEKW4QZvKlQz3IonhiKvd3MHI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LaIQWL8K6IMOxyJ34r8tAg+KdzSsXRXf7ZofLFxJTUUq2m1DXg7JyuYL4jgkd7GbsM3LjY6y9oR8KXNnXSBL6d99gkiaEeGfth/KkuMeayXWDvUc1PqNcWOkeHZ5HQZQoVxf0BN+jgwiomMGQPak/qCpS2rWIyOUa77tg54CQTc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=cMBpPhoM; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="cMBpPhoM" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023398; bh=04RmY4dERnT2T8QvjCbEKW4QZvKlQz3IonhiKvd3MHI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cMBpPhoMmMrLIR9vCa1n8bJB+MKbrnRVkNp1CFGsyquH0uI3Ig0DjuFiCqm32v5JY Aig9+6NjCETruljoyP1DiWl68gGZkKmxpp7GAnx3meN6PrFX01L1zG2yO1uJb5Et5m r/x5lNw5CeY6RNFlJHVKOToFh4h90knOe/+aOHcuTUsQ4g0bjiewKK0MzOaUaVkSAd PBYL88Uvkmo0sYLnXb1vYQw8VN+dMkRkwZSDfDzbi5PW+BZSAMAr1Npz/8ge/oIM62 GcMaV/ZSR/xxgqMW7FE2DbAJUiPzvq5gef9lxwHlNajGtUyO2VMKW7ptTtqQBzb/nT XjVPato148qiw== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id 71C4F6013D; Thu, 4 Sep 2025 22:03:18 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id 42E82202863; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 01/14] wireguard: netlink: use WG_KEY_LEN in policies Date: Thu, 4 Sep 2025 22:02:35 +0000 Message-ID: <20250904220255.1006675-1-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable When converting the netlink policies to YNL, then the constants used in the policy has to be visible to user-space. As NOISE_*_KEY_LEN isn't visible for userspace, then change to use WG_KEY_LEN, as is also documented in the UAPI header: $ grep WG_KEY_LEN include/uapi/linux/wireguard.h * WGDEVICE_A_PRIVATE_KEY: NLA_EXACT_LEN, len WG_KEY_LEN * WGDEVICE_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN * WGPEER_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN * WGPEER_A_PRESHARED_KEY: NLA_EXACT_LEN, len WG_KEY_LEN [...] Add a couple of BUILD_BUG_ON() to ensure that they stay in sync. No behavioural changes intended. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- drivers/net/wireguard/netlink.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin= k.c index 67f962eb8b46..086edd4bb33b 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -22,8 +22,8 @@ static struct genl_family genl_family; static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] =3D { [WGDEVICE_A_IFINDEX] =3D { .type =3D NLA_U32 }, [WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D IFNAMSIZ - = 1 }, - [WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN), - [WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN), + [WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), + [WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), [WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL), [WGDEVICE_A_LISTEN_PORT] =3D { .type =3D NLA_U16 }, [WGDEVICE_A_FWMARK] =3D { .type =3D NLA_U32 }, @@ -31,8 +31,8 @@ static const struct nla_policy device_policy[WGDEVICE_A_M= AX + 1] =3D { }; =20 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D { - [WGPEER_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN), - [WGPEER_A_PRESHARED_KEY] =3D NLA_POLICY_EXACT_LEN(NOISE_SYMMETRIC_KEY_L= EN), + [WGPEER_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), + [WGPEER_A_PRESHARED_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), [WGPEER_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, __WGPEER_F_ALL), [WGPEER_A_ENDPOINT] =3D NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)), [WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] =3D { .type =3D NLA_U16 }, @@ -642,6 +642,9 @@ static struct genl_family genl_family __ro_after_init = =3D { =20 int __init wg_genetlink_init(void) { + BUILD_BUG_ON(WG_KEY_LEN !=3D NOISE_PUBLIC_KEY_LEN); + BUILD_BUG_ON(WG_KEY_LEN !=3D NOISE_SYMMETRIC_KEY_LEN); + return genl_register_family(&genl_family); } =20 --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 800352E7635; Thu, 4 Sep 2025 22:03:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023413; cv=none; b=D64ghI92RsJiYlm1rviF+C4pQFemncNh2H4URhgzdt+ftFyonm9iBA+/6tuwz/8e4AibI7bFCmxI3paTdJRnmon+lnil+ApAKIEG4/+/iLKOWndYVUokIMtlf324czehPt2tQA0kKOXQnFRhbxU9AXXP2bBdH52NGHaRDcsEH/I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023413; c=relaxed/simple; bh=HDjLGdakeEgBxhxtRpsEM7x1k+CfKJ0/LjGVCRNwVuo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SNAmPw69J21f5jRadH+0AZoblTYP1p5yMQ94IQaCVPZ7Ac0YULXYL4n8zqU0ZyMgs1LsbIM6BOOXjDQPr0PmK0le61YTxI6/btQ49kPewlN6fqjBOcmdlmIoW/ltrDsVhFjOvxrxmcKvXs0nnMFp1+kDqUq+re/6+Pxr/qBq764= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=Rd0yVeHH; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="Rd0yVeHH" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023398; bh=HDjLGdakeEgBxhxtRpsEM7x1k+CfKJ0/LjGVCRNwVuo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Rd0yVeHHooiX9mtR4bNKHCb5VbHlFdLXERrpDO1WVmzK6rTuTCs7d7nMw+ZJWxqhE HLftjA3sWz+fx3cjz2UDkwKWc5v8I7McEXT0dC3OQhasQTHzWh15Eun2Is8crv2FVY KudLfhvKtmLm+puR97UJO5zeoevDjRbZbkHnOwbkq0VyJwxRfSHxKb7/bRuPx/KnTa uy0pSwG2VhmDP8EZyRHMch+yzpGpMD4QugqfGjrA6avViSzt334Xo7UNvSgmNwy3cR t041XDKolPHUAHpxQvjSSpYEIfc2zuIm1xUD0B/7+FvoApnig7vaBF37N/BV7B0snS Zu/xlvLf1B/HQ== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id B4507601B9; Thu, 4 Sep 2025 22:03:18 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id 4C32A202886; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 02/14] wireguard: netlink: validate nested arrays in policy Date: Thu, 4 Sep 2025 22:02:36 +0000 Message-ID: <20250904220255.1006675-2-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Use NLA_POLICY_NESTED_ARRAY() to add nested array validation. No behavioural changes intended, as the nested policy is already enforced through nla_parse_nested(). This patch is an incremental step towards adopting a policy generated by ynl-gen. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- drivers/net/wireguard/netlink.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin= k.c index 086edd4bb33b..742d3f88d132 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -27,7 +27,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_M= AX + 1] =3D { [WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL), [WGDEVICE_A_LISTEN_PORT] =3D { .type =3D NLA_U16 }, [WGDEVICE_A_FWMARK] =3D { .type =3D NLA_U32 }, - [WGDEVICE_A_PEERS] =3D { .type =3D NLA_NESTED } + [WGDEVICE_A_PEERS] =3D NLA_POLICY_NESTED_ARRAY(peer_policy), }; =20 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D { @@ -39,7 +39,7 @@ static const struct nla_policy peer_policy[WGPEER_A_MAX += 1] =3D { [WGPEER_A_LAST_HANDSHAKE_TIME] =3D NLA_POLICY_EXACT_LEN(sizeof(struct _= _kernel_timespec)), [WGPEER_A_RX_BYTES] =3D { .type =3D NLA_U64 }, [WGPEER_A_TX_BYTES] =3D { .type =3D NLA_U64 }, - [WGPEER_A_ALLOWEDIPS] =3D { .type =3D NLA_NESTED }, + [WGPEER_A_ALLOWEDIPS] =3D NLA_POLICY_NESTED_ARRAY(allowedip_policy), [WGPEER_A_PROTOCOL_VERSION] =3D { .type =3D NLA_U32 } }; =20 --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DA2012EB5B3; Thu, 4 Sep 2025 22:03:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023417; cv=none; b=hS7+E3qOtYINQ4AdfmIeabLJaVgubCVN4WXJT2k7vh5wjcNwx7pjZnXqrGhkvMZilUI1It8/EQskbdiHqSVRpgSRMyYNpDS3SX/qYJnvgRksHNig2xnpKBxBKWDFNqNty63zQ7hDfUcaZTqfRgqhkUWVWwe2n99boFr/0VNHiSw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023417; c=relaxed/simple; bh=QCFaDlyh/md2+Lc75lzXQKbNKsGQzr1INvYdu0FeRNE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=X/8+hn0JWxhWqMRHyCLw/QPYTIXEkYfN6anb2EehEXqxi1Iob787uWOiTu9blV2is8PjgAk4AOX6eN5Mq375sAeO7O4sXJ2OyVZP4qGMT23bfCHC5W6AMUURSbxbkELfudXMRpmDg8S4f5MnS2C0+++PEHMkzEF76+henYyueCg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=gDwcnY+o; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="gDwcnY+o" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023399; bh=QCFaDlyh/md2+Lc75lzXQKbNKsGQzr1INvYdu0FeRNE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gDwcnY+o7hqI5cru0x/uwUcfGsE7ha5RvH38Okh387X6nLCDf7LCHq4P7oibnze0I In4e8mP293GL37+9I+CC6I17iQj5KUWXyKhjSTazQCPQXBi2SH5KBwcNnqopCSanBs X8xUn8z4N/8786YB1Sz085ljwTUbExxZgNp1cP4lerTYw9v70Eeei4hoWrZEUnYSyl 9csDRr7/2mf1VT93CGC7rdm3vsm3jrrGhTA2fgwJz7NJ2j3C9ODQJsFxsb2Ubo6Bky oC7cxPRBwGQsTwftQoSgUWOVeFd6QVswT4a0L1IevYSfTOBeDAavWjpSX8srGmhKA/ 31qkIkiWu0iGw== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id EFA2E60581; Thu, 4 Sep 2025 22:03:18 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id 561CA2028CB; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 03/14] netlink: specs: add specification for wireguard Date: Thu, 4 Sep 2025 22:02:37 +0000 Message-ID: <20250904220255.1006675-3-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This patch adds an almost complete specification for wireguard, only missing a few checks which will be added in the next patch. This makes the documentation in the UAPI header redundant, and is therefore removed. Once the header is generated from YNL, then it will include a pointer towards the spec as well. Generate wireguard.rst from this spec: $ make -C tools/net/ynl/generated/ wireguard.rst Query wireguard interface through pyynl: $ sudo ./tools/net/ynl/pyynl/cli.py --family wireguard \ --dump get-device \ --json '{"ifindex":3}' [{'fwmark': 0, 'ifindex': 3, 'ifname': 'wg-test', 'listen-port': 54318, 'peers': [{0: {'allowedips': [{0: {'cidr-mask': 0, 'family': 2, 'ipaddr': '0.0.0.0'}}, {0: {'cidr-mask': 0, 'family': 10, 'ipaddr': '::'}}], 'endpoint': b'[...]', 'last-handshake-time': {'nsec': 42, 'sec': 42}, 'persistent-keepalive-interval': 42, 'preshared-key': '[...]', 'protocol-version': 1, 'public-key': '[...]', 'rx-bytes': 42, 'tx-bytes': 42}}], 'private-key': '[...]', 'public-key': '[...]'}] Add another allowed IP prefix: $ sudo ./tools/net/ynl/pyynl/cli.py --family wireguard \ --do set-device --json '{"ifindex":3,"peers":[ {"public-key":"6a df b1 83 a4 ..","allowedips":[ {"cidr-mask":0,"family":10,"ipaddr":"::"}]}]}' Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- Documentation/netlink/specs/wireguard.yaml | 281 +++++++++++++++++++++ MAINTAINERS | 1 + include/uapi/linux/wireguard.h | 129 ---------- 3 files changed, 282 insertions(+), 129 deletions(-) create mode 100644 Documentation/netlink/specs/wireguard.yaml diff --git a/Documentation/netlink/specs/wireguard.yaml b/Documentation/net= link/specs/wireguard.yaml new file mode 100644 index 000000000000..c6db3bbf0985 --- /dev/null +++ b/Documentation/netlink/specs/wireguard.yaml @@ -0,0 +1,281 @@ +# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cla= use) +--- +name: wireguard +protocol: genetlink-legacy + +doc: | + Netlink protocol to control WireGuard network devices. + + The below enums and macros are for interfacing with WireGuard, using gen= eric + netlink, with family WG_GENL_NAME and version WG_GENL_VERSION. It define= s two + commands: get and set. Note that while they share many common attributes, + these two commands actually accept a slightly different set of inputs and + outputs. These differences are noted under the individual attributes. +c-family-name: wg-genl-name +c-version-name: wg-genl-version +max-by-define: true + +definitions: + - + name-prefix: wg- + name: key-len + type: const + value: 32 + - + name: --kernel-timespec + type: struct + header: linux/time_types.h + members: + - + name: sec + type: u64 + doc: Number of seconds, since UNIX epoch. + - + name: nsec + type: u64 + doc: Number of nanoseconds, after the second began. + - + name: wgdevice-flags + name-prefix: wgdevice-f- + enum-name: wgdevice-flag + type: flags + entries: + - replace-peers + - + name: wgpeer-flags + name-prefix: wgpeer-f- + enum-name: wgpeer-flag + type: flags + entries: + - remove-me + - replace-allowedips + - update-only + - + name: wgallowedip-flags + name-prefix: wgallowedip-f- + enum-name: wgallowedip-flag + type: flags + entries: + - remove-me + +attribute-sets: + - + name: wgdevice + enum-name: wgdevice-attribute + name-prefix: wgdevice-a- + attributes: + - + name: unspec + type: unused + value: 0 + - + name: ifindex + type: u32 + - + name: ifname + type: string + - + name: private-key + type: binary + doc: Set to all zeros to remove. + display-hint: hex + checks: + exact-len: wg-key-len + - + name: public-key + type: binary + display-hint: hex + checks: + exact-len: wg-key-len + - + name: flags + doc: | + 0 or WGDEVICE_F_REPLACE_PEERS if all current peers + should be removed prior to adding the list below. + type: u32 + enum: wgdevice-flags + checks: + flags-mask: wgdevice-flags + - + name: listen-port + type: u16 + doc: Set as 0 to choose randomly. + - + name: fwmark + type: u32 + doc: Set as 0 to disable. + - + name: peers + type: indexed-array + sub-type: nest + nested-attributes: wgpeer + - + name: wgpeer + enum-name: wgpeer-attribute + name-prefix: wgpeer-a- + attributes: + - + name: unspec + type: unused + value: 0 + - + name: public-key + type: binary + display-hint: hex + checks: + exact-len: wg-key-len + - + name: preshared-key + type: binary + doc: Set as all zeros to remove. + display-hint: hex + checks: + exact-len: wg-key-len + - + name: flags + doc: | + 0 and/or WGPEER_F_REMOVE_ME if the specified peer should not + exist at the end of the operation, rather than added/updated + and/or WGPEER_F_REPLACE_ALLOWEDIPS if all current allowed IPs + of this peer should be removed prior to adding the list below + and/or WGPEER_F_UPDATE_ONLY if the peer should only be set if + it already exists. + type: u32 + enum: wgpeer-flags + checks: + flags-mask: wgpeer-flags + - + name: endpoint + doc: struct sockaddr_in or struct sockaddr_in6 + type: binary + - + name: persistent-keepalive-interval + type: u16 + doc: Set as 0 to disable. + - + name: last-handshake-time + type: binary + struct: --kernel-timespec + - + name: rx-bytes + type: u64 + - + name: tx-bytes + type: u64 + - + name: allowedips + type: indexed-array + sub-type: nest + nested-attributes: wgallowedip + - + name: protocol-version + type: u32 + doc: | + should not be set or used at all by most users of this API, + as the most recent protocol will be used when this is unset. + Otherwise, must be set to 1. + - + name: wgallowedip + enum-name: wgallowedip-attribute + name-prefix: wgallowedip-a- + attributes: + - + name: unspec + type: unused + value: 0 + - + name: family + type: u16 + - + name: ipaddr + type: binary + doc: struct in_addr or struct in6_add + display-hint: ipv4-or-v6 + - + name: cidr-mask + type: u8 + - + name: flags + type: u32 + doc: | + WGALLOWEDIP_F_REMOVE_ME if the specified IP should be removed; + otherwise, this IP will be added if it is not already present. + enum: wgallowedip-flags + checks: + flags-mask: wgallowedip-flags + +operations: + enum-name: wg-cmd + name-prefix: wg-cmd- + list: + - + name: get-device + value: 0 + doc: | + Retrieve WireGuard device. + + The command should be called with one but not both of: + * WGDEVICE_A_IFINDEX + * WGDEVICE_A_IFNAME + + The kernel will then return several messages (NLM_F_MULTI). + It is possible that all of the allowed IPs of a single peer will n= ot + fit within a single netlink message. In that case, the same peer w= ill + be written in the following message, except it will only contain + WGPEER_A_PUBLIC_KEY and WGPEER_A_ALLOWEDIPS. This may occur several + times in a row for the same peer. It is then up to the receiver to + coalesce adjacent peers. Likewise, it is possible that all peers w= ill + not fit within a single message. So, subsequent peers will be sent + in following messages, except those will only contain + WGDEVICE_A_IFNAME and WGDEVICE_A_PEERS. It is then up to the recei= ver + to coalesce these messages to form the complete list of peers. + + Since this is an NLA_F_DUMP command, the final message will always= be + NLMSG_DONE, even if an error occurs. However, this NLMSG_DONE mess= age + contains an integer error code. It is either zero or a negative er= ror + code corresponding to the errno. + attribute-set: wgdevice + flags: [uns-admin-perm] + + dump: + pre: wireguard-nl-get-device-start + post: wireguard-nl-get-device-done + # request only accepts ifindex | ifname, but keep .maxattr as is + request: &all-attrs + attributes: + - ifindex + - ifname + - private-key + - public-key + - flags + - listen-port + - fwmark + - peers + reply: *all-attrs + - + name: set-device + value: 1 + doc: | + Set WireGuard device. + + This command should be called with a wgdevice set, containing one = but + not both of WGDEVICE_A_IFINDEX and WGDEVICE_A_IFNAME. + + It is possible that the amount of configuration data exceeds that = of + the maximum message length accepted by the kernel. In that case, + several messages should be sent one after another, with each + successive one filling in information not contained in the prior. + Note that if WGDEVICE_F_REPLACE_PEERS is specified in the first + message, it probably should not be specified in fragments that come + after, so that the list of peers is only cleared the first time but + appended after. + Likewise for peers, if WGPEER_F_REPLACE_ALLOWEDIPS is specified in + the first message of a peer, it likely should not be specified in + subsequent fragments. + + If an error occurs, NLMSG_ERROR will reply containing an errno. + attribute-set: wgdevice + flags: [uns-admin-perm] + + do: + request: *all-attrs diff --git a/MAINTAINERS b/MAINTAINERS index b81595e9ea95..1540aa22d152 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -27168,6 +27168,7 @@ M: Jason A. Donenfeld L: wireguard@lists.zx2c4.com L: netdev@vger.kernel.org S: Maintained +F: Documentation/netlink/specs/wireguard.yaml F: drivers/net/wireguard/ F: tools/testing/selftests/wireguard/ =20 diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h index 8c26391196d5..dee4401e0b5d 100644 --- a/include/uapi/linux/wireguard.h +++ b/include/uapi/linux/wireguard.h @@ -1,135 +1,6 @@ /* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR MIT */ /* * Copyright (C) 2015-2019 Jason A. Donenfeld . All Right= s Reserved. - * - * Documentation - * =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D - * - * The below enums and macros are for interfacing with WireGuard, using ge= neric - * netlink, with family WG_GENL_NAME and version WG_GENL_VERSION. It defin= es two - * methods: get and set. Note that while they share many common attributes, - * these two functions actually accept a slightly different set of inputs = and - * outputs. - * - * WG_CMD_GET_DEVICE - * ----------------- - * - * May only be called via NLM_F_REQUEST | NLM_F_DUMP. The command should c= ontain - * one but not both of: - * - * WGDEVICE_A_IFINDEX: NLA_U32 - * WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1 - * - * The kernel will then return several messages (NLM_F_MULTI) containing t= he - * following tree of nested items: - * - * WGDEVICE_A_IFINDEX: NLA_U32 - * WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1 - * WGDEVICE_A_PRIVATE_KEY: NLA_EXACT_LEN, len WG_KEY_LEN - * WGDEVICE_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN - * WGDEVICE_A_LISTEN_PORT: NLA_U16 - * WGDEVICE_A_FWMARK: NLA_U32 - * WGDEVICE_A_PEERS: NLA_NESTED - * 0: NLA_NESTED - * WGPEER_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN - * WGPEER_A_PRESHARED_KEY: NLA_EXACT_LEN, len WG_KEY_LEN - * WGPEER_A_ENDPOINT: NLA_MIN_LEN(struct sockaddr), struct sock= addr_in or struct sockaddr_in6 - * WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: NLA_U16 - * WGPEER_A_LAST_HANDSHAKE_TIME: NLA_EXACT_LEN, struct __kernel= _timespec - * WGPEER_A_RX_BYTES: NLA_U64 - * WGPEER_A_TX_BYTES: NLA_U64 - * WGPEER_A_ALLOWEDIPS: NLA_NESTED - * 0: NLA_NESTED - * WGALLOWEDIP_A_FAMILY: NLA_U16 - * WGALLOWEDIP_A_IPADDR: NLA_MIN_LEN(struct in_addr), s= truct in_addr or struct in6_addr - * WGALLOWEDIP_A_CIDR_MASK: NLA_U8 - * 0: NLA_NESTED - * ... - * 0: NLA_NESTED - * ... - * ... - * WGPEER_A_PROTOCOL_VERSION: NLA_U32 - * 0: NLA_NESTED - * ... - * ... - * - * It is possible that all of the allowed IPs of a single peer will not - * fit within a single netlink message. In that case, the same peer will - * be written in the following message, except it will only contain - * WGPEER_A_PUBLIC_KEY and WGPEER_A_ALLOWEDIPS. This may occur several - * times in a row for the same peer. It is then up to the receiver to - * coalesce adjacent peers. Likewise, it is possible that all peers will - * not fit within a single message. So, subsequent peers will be sent - * in following messages, except those will only contain WGDEVICE_A_IFNAME - * and WGDEVICE_A_PEERS. It is then up to the receiver to coalesce these - * messages to form the complete list of peers. - * - * Since this is an NLA_F_DUMP command, the final message will always be - * NLMSG_DONE, even if an error occurs. However, this NLMSG_DONE message - * contains an integer error code. It is either zero or a negative error - * code corresponding to the errno. - * - * WG_CMD_SET_DEVICE - * ----------------- - * - * May only be called via NLM_F_REQUEST. The command should contain the - * following tree of nested items, containing one but not both of - * WGDEVICE_A_IFINDEX and WGDEVICE_A_IFNAME: - * - * WGDEVICE_A_IFINDEX: NLA_U32 - * WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1 - * WGDEVICE_A_FLAGS: NLA_U32, 0 or WGDEVICE_F_REPLACE_PEERS if all curr= ent - * peers should be removed prior to adding the list b= elow. - * WGDEVICE_A_PRIVATE_KEY: len WG_KEY_LEN, all zeros to remove - * WGDEVICE_A_LISTEN_PORT: NLA_U16, 0 to choose randomly - * WGDEVICE_A_FWMARK: NLA_U32, 0 to disable - * WGDEVICE_A_PEERS: NLA_NESTED - * 0: NLA_NESTED - * WGPEER_A_PUBLIC_KEY: len WG_KEY_LEN - * WGPEER_A_FLAGS: NLA_U32, 0 and/or WGPEER_F_REMOVE_ME if the - * specified peer should not exist at the end o= f the - * operation, rather than added/updated and/or - * WGPEER_F_REPLACE_ALLOWEDIPS if all current a= llowed - * IPs of this peer should be removed prior to = adding - * the list below and/or WGPEER_F_UPDATE_ONLY i= f the - * peer should only be set if it already exists. - * WGPEER_A_PRESHARED_KEY: len WG_KEY_LEN, all zeros to remove - * WGPEER_A_ENDPOINT: struct sockaddr_in or struct sockaddr_in6 - * WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: NLA_U16, 0 to disable - * WGPEER_A_ALLOWEDIPS: NLA_NESTED - * 0: NLA_NESTED - * WGALLOWEDIP_A_FAMILY: NLA_U16 - * WGALLOWEDIP_A_IPADDR: struct in_addr or struct in6_a= ddr - * WGALLOWEDIP_A_CIDR_MASK: NLA_U8 - * WGALLOWEDIP_A_FLAGS: NLA_U32, WGALLOWEDIP_F_REMOVE_M= E if - * the specified IP should be remo= ved; - * otherwise, this IP will be adde= d if - * it is not already present. - * 0: NLA_NESTED - * ... - * 0: NLA_NESTED - * ... - * ... - * WGPEER_A_PROTOCOL_VERSION: NLA_U32, should not be set or use= d at - * all by most users of this API, as= the - * most recent protocol will be used= when - * this is unset. Otherwise, must be= set - * to 1. - * 0: NLA_NESTED - * ... - * ... - * - * It is possible that the amount of configuration data exceeds that of - * the maximum message length accepted by the kernel. In that case, several - * messages should be sent one after another, with each successive one - * filling in information not contained in the prior. Note that if - * WGDEVICE_F_REPLACE_PEERS is specified in the first message, it probably - * should not be specified in fragments that come after, so that the list - * of peers is only cleared the first time but appended after. Likewise for - * peers, if WGPEER_F_REPLACE_ALLOWEDIPS is specified in the first message - * of a peer, it likely should not be specified in subsequent fragments. - * - * If an error occurs, NLMSG_ERROR will reply containing an errno. */ =20 #ifndef _WG_UAPI_WIREGUARD_H --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C87E12D9795; Thu, 4 Sep 2025 22:03:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023416; cv=none; b=INhb2Wm6qbBI+4DMBVnWgQ2T1XqtrLd59XRxlSdHozTITsUYG0dKUYfox7gvLB8Ernbs+kdvLJcn6+NbPbq+q6PPWF0WRM3JGU2Ov79H6WR9eW78HTeNivH4F+OC9xU1PPLIsRjjDJGKldae3N8MVL3RSXnekSrbrTEshvjBpFk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023416; c=relaxed/simple; bh=lIP0W9G+FPRpTNak5uCbuw1zfGwr7KCy9+w0vxsXf1w=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=tOw4y9WRsSpc9uK2OF69v8vV5ueUauf4hmsbgiHK5sXnu31M68403TlPdoTVvQS/whSHPENIWcHY69rRi/QJQDq5EtPJwieB8SzZatrdZVS9/qdV+GmUheYGsjo1tkFZpa46QGuUm7vWaXQTyBTc/sUzwxaSIjwHodiuRTXrJF0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=gDt2Xqdm; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="gDt2Xqdm" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023399; bh=lIP0W9G+FPRpTNak5uCbuw1zfGwr7KCy9+w0vxsXf1w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gDt2XqdmHvuXHiqkJGbfDO5PilePBac06GFLeNlsdwxFGC+aDqvcNz42O01t0BHmg QhEizFSse1wAw5utQfNDf54Ti9deWWvnjHL+s/RDvtdTjrAcJITkQ4/DBMZWo0YCsY Iv2GPxZAk716AzY//NScucYiMjjWuc+gxXt4M7wMJ3DYUQ6dcI29yNWEAXxTuEkmBO Oc9XSo0F5tADCsjdeWvrbRPZN4a1vuRA8GIzKzM+zbUpG9Ee2tRqEZZ6yRBeZ0dU9I Ns3j0Zwiy04P4Wx4YVltt2AT2FWwgD0ik32ysJ7jGTbelsf1RFmT1w/XEed3KEP3Xa hp7f6cABdUChw== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id 1D21360588; Thu, 4 Sep 2025 22:03:19 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id 5FAF720291B; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 04/14] netlink: specs: wireguard: add remaining checks Date: Thu, 4 Sep 2025 22:02:38 +0000 Message-ID: <20250904220255.1006675-4-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This patch adds the remaining checks from the existing policy code, and thereby completes the wireguard spec. These are added separately in this RFC mainly to showcase two difference approaches to convert them. They require a sizeof() operations or arithmetics, both of which can't be expressed in YNL currently. In order to keep the C code 1:1, then in this patch they are added as an additional UAPI header wireguard_params.h, defining them so that ynl-gen can reference them as constants. This approach could also allow a selftest to validate that the value of the constant in the YNL spec, is the same as the value in the header file. In patch 12 in this series, this patch is reverted, and replaced with magic numbers in the YNL checks, as an alternative. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- Documentation/netlink/specs/wireguard.yaml | 36 ++++++++++++++++++++++ MAINTAINERS | 1 + include/uapi/linux/wireguard_params.h | 18 +++++++++++ 3 files changed, 55 insertions(+) create mode 100644 include/uapi/linux/wireguard_params.h diff --git a/Documentation/netlink/specs/wireguard.yaml b/Documentation/net= link/specs/wireguard.yaml index c6db3bbf0985..37011c3f158b 100644 --- a/Documentation/netlink/specs/wireguard.yaml +++ b/Documentation/netlink/specs/wireguard.yaml @@ -21,6 +21,34 @@ definitions: name: key-len type: const value: 32 + - + name-prefix: --wg- + name: inaddr-sz + type: const + doc: Equivalent of ``sizeof(struct in_addr)``. + header: linux/wireguard_params.h + value: 4 + - + name-prefix: --wg- + name: sockaddr-sz + type: const + doc: Equivalent of ``sizeof(struct sockaddr)``. + header: linux/wireguard_params.h + value: 16 + - + name-prefix: --wg- + name: timespec-sz + type: const + doc: Equivalent of ``sizeof(struct __kernel_timespec)``. + header: linux/wireguard_params.h + value: 16 + - + name-prefix: --wg- + name: ifnamlen + type: const + doc: Equivalent of ``IFNAMSIZ - 1``. + header: linux/wireguard_params.h + value: 15 - name: --kernel-timespec type: struct @@ -74,6 +102,8 @@ attribute-sets: - name: ifname type: string + checks: + max-len: --wg-ifnamlen - name: private-key type: binary @@ -148,6 +178,8 @@ attribute-sets: name: endpoint doc: struct sockaddr_in or struct sockaddr_in6 type: binary + checks: + min-len: --wg-sockaddr-sz - name: persistent-keepalive-interval type: u16 @@ -156,6 +188,8 @@ attribute-sets: name: last-handshake-time type: binary struct: --kernel-timespec + checks: + exact-len: --wg-timespec-sz - name: rx-bytes type: u64 @@ -191,6 +225,8 @@ attribute-sets: type: binary doc: struct in_addr or struct in6_add display-hint: ipv4-or-v6 + checks: + min-len: --wg-inaddr-sz - name: cidr-mask type: u8 diff --git a/MAINTAINERS b/MAINTAINERS index 1540aa22d152..e8360e4b55c6 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -27170,6 +27170,7 @@ L: netdev@vger.kernel.org S: Maintained F: Documentation/netlink/specs/wireguard.yaml F: drivers/net/wireguard/ +F: include/uapi/linux/wireguard_params.h F: tools/testing/selftests/wireguard/ =20 WISTRON LAPTOP BUTTON DRIVER diff --git a/include/uapi/linux/wireguard_params.h b/include/uapi/linux/wir= eguard_params.h new file mode 100644 index 000000000000..c218e4b8042f --- /dev/null +++ b/include/uapi/linux/wireguard_params.h @@ -0,0 +1,18 @@ +/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl= ause) */ + +#ifndef _UAPI_LINUX_WIREGUARD_PARAMS_H +#define _UAPI_LINUX_WIREGUARD_PARAMS_H + +#include +#include +#include + +/* These definitions are currently needed for definitions which can't + * be expressed directly in Documentation/netlink/specs/wireguard.yaml + */ +#define __WG_INADDR_SZ (sizeof(struct in_addr)) +#define __WG_SOCKADDR_SZ (sizeof(struct sockaddr)) +#define __WG_TIMESPEC_SZ (sizeof(struct __kernel_timespec)) +#define __WG_IFNAMLEN (IFNAMSIZ - 1) + +#endif /* _UAPI_LINUX_WIREGUARD_PARAMS_H */ --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 63DFE2D8DCE; Thu, 4 Sep 2025 22:03:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023415; cv=none; b=RPC5BtlVpRd3z3qQ64iRlmzPCVsKtKozHlCam08IYH4yKzlR5uY+Q5NcrfcpminFHtZLpnEsVUNRc7eaOybKGvC5D6r5uQQDcbyCm0llrrFUGrilR/20+0dlYJAIZXkLgP1NhxlpjCQ5ObbhPykMJUjbktINoexSiu97z5fCL7w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023415; c=relaxed/simple; bh=DzsomDNZcnbGdazovvDZJX7/3UaAXs2JSIxRLfRcScE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ui4Smoe1GK0HV9qiYA2oXUgesSy60g0dkYZcWxfB47Vlx/IgjkTTnORryehg7ARolLRI8KJIdAaQE6G5YGPsFQVFjuiS8NmfJ7hKuvzvUNlwfEbytBjBYshhzwHMOUn0LCkyXiot8qdRXTQdBiJsEruA8DoXn+HRjr/0Yj9kP3Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=VJuoSt1E; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="VJuoSt1E" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023399; bh=DzsomDNZcnbGdazovvDZJX7/3UaAXs2JSIxRLfRcScE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VJuoSt1Ee/U58mkZaOKJpQ0vrfpGneUFdniqX/ogifsND5yUPvDpXoY4MdgHVT+Ms 1bTwzU9AS9w/zRAYt6T5y+rTwjt9pAFI3mEn4wl0KGQF02BbVwkM1nJbFvpWw10Qym O/o4E3PvkOo3iDvD658sLCWHBAJgDqtkqZipzDJafQ+kGI6uQz+URGIm6PCLTwzFCO GBl/DkcyvXa7QeuRzCO/sw7rb+AgwvE0XpiPkNVVR4Wd27xGCh7No7wttwEz0yf7t5 +8gphHPp05XnWMXF9euuB0u7HGP0P01q4s6lYN/QdtYGtsiB0SgXDWJgnpVnOS87dZ ysnYagYi94GHA== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id 1C16060585; Thu, 4 Sep 2025 22:03:19 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id 68B65202936; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 05/14] uapi: wireguard: use __*_A_MAX in enums Date: Thu, 4 Sep 2025 22:02:39 +0000 Message-ID: <20250904220255.1006675-5-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This patch renames enum members from __*_A_LAST to __*_A_MAX. This is an incremental step towards adopting an UAPI header generated by YNL. This is a trivial patch with no behavioural changes intended. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- include/uapi/linux/wireguard.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h index dee4401e0b5d..c2bb2463211a 100644 --- a/include/uapi/linux/wireguard.h +++ b/include/uapi/linux/wireguard.h @@ -32,9 +32,10 @@ enum wgdevice_attribute { WGDEVICE_A_LISTEN_PORT, WGDEVICE_A_FWMARK, WGDEVICE_A_PEERS, - __WGDEVICE_A_LAST + + __WGDEVICE_A_MAX }; -#define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1) +#define WGDEVICE_A_MAX (__WGDEVICE_A_MAX - 1) =20 enum wgpeer_flag { WGPEER_F_REMOVE_ME =3D 1U << 0, @@ -55,9 +56,10 @@ enum wgpeer_attribute { WGPEER_A_TX_BYTES, WGPEER_A_ALLOWEDIPS, WGPEER_A_PROTOCOL_VERSION, - __WGPEER_A_LAST + + __WGPEER_A_MAX }; -#define WGPEER_A_MAX (__WGPEER_A_LAST - 1) +#define WGPEER_A_MAX (__WGPEER_A_MAX - 1) =20 enum wgallowedip_flag { WGALLOWEDIP_F_REMOVE_ME =3D 1U << 0, @@ -69,8 +71,9 @@ enum wgallowedip_attribute { WGALLOWEDIP_A_IPADDR, WGALLOWEDIP_A_CIDR_MASK, WGALLOWEDIP_A_FLAGS, - __WGALLOWEDIP_A_LAST + + __WGALLOWEDIP_A_MAX }; -#define WGALLOWEDIP_A_MAX (__WGALLOWEDIP_A_LAST - 1) +#define WGALLOWEDIP_A_MAX (__WGALLOWEDIP_A_MAX - 1) =20 #endif /* _WG_UAPI_WIREGUARD_H */ --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77A082E718B; Thu, 4 Sep 2025 22:03:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023413; cv=none; b=a+KMmOoSFiGs79nUNCZERkXjNxAuckRV0hSJun2TjAH5jLiA4zrrnqURKQAAlWLPcVKY7od1jhbPRHnq3bUnkrpMzSNDko9FAuBThwEHPKbmDSqowPMhS634CV9sknnM6U8GPG4oRJPyVCb1TrLA5qw6VzMHyqe9jzZuLBBI6gA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023413; c=relaxed/simple; bh=H49KM7APmknx805x0ucjx+wtFzxUqH6rOOG1AZweFSI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=es2Mki1mLgC8uqFgTcDoIOtAhKB440QorCYeZ1MgkEtg+5oTWLTdhZ7ANhrP9xK7aNaBDlsToTZw5zz8gBeLzwCc3LtrC9Vo0FcH3jYxxU5OMCs39kaP1GHBbgCWybngESkL+d0N6Cp8eckoHoJ3WH+RU25b2PSRPFqR3D6vbdU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=jQ3HzzKo; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="jQ3HzzKo" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023398; bh=H49KM7APmknx805x0ucjx+wtFzxUqH6rOOG1AZweFSI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jQ3HzzKoaFY8iuJCnGrGZSi2ITe5xIQi7fh3YLIETVb2MmH5171xKjL/W2AZas2Ve TV7Y5z8lD1o/vrWTPtgcl1Ic/ScuM4LzGda1GuRvpD03Mf5YLvlYx+lGSKNfc3PrRf Mc4aBprxDOLfWni9IKrFWn5cHpW9+R/8Ay4xsRJV9ATbwtl9qbscJtXtVI6s9bJ6Ol Y/R+aspXoH03gR47eucvvoGp3ekrHnJ9mEDaj7SfvZpo6pnlFOAPlh4IRAhxsO0tEw 3gyMHTbM9UtYCWpupRuXluxc3r7HMekOrjB7BC1VbGHCCOeyzCPvfuiuymEiQjRw3Y lx9Z/SkWZ/A0w== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id B7B746039A; Thu, 4 Sep 2025 22:03:18 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id 71A8020297D; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 06/14] uapi: wireguard: move enum wg_cmd Date: Thu, 4 Sep 2025 22:02:40 +0000 Message-ID: <20250904220255.1006675-6-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This patch moves enum wg_cmd to the end of the file, where ynl-gen would like to generate it. This is an incremental step towards adopting an UAPI header generated by ynl-gen. This is a trivial patch with no behavioural changes intended. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- include/uapi/linux/wireguard.h | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h index c2bb2463211a..ee63aba7f98f 100644 --- a/include/uapi/linux/wireguard.h +++ b/include/uapi/linux/wireguard.h @@ -11,13 +11,6 @@ =20 #define WG_KEY_LEN 32 =20 -enum wg_cmd { - WG_CMD_GET_DEVICE, - WG_CMD_SET_DEVICE, - __WG_CMD_MAX -}; -#define WG_CMD_MAX (__WG_CMD_MAX - 1) - enum wgdevice_flag { WGDEVICE_F_REPLACE_PEERS =3D 1U << 0, __WGDEVICE_F_ALL =3D WGDEVICE_F_REPLACE_PEERS @@ -76,4 +69,12 @@ enum wgallowedip_attribute { }; #define WGALLOWEDIP_A_MAX (__WGALLOWEDIP_A_MAX - 1) =20 +enum wg_cmd { + WG_CMD_GET_DEVICE, + WG_CMD_SET_DEVICE, + + __WG_CMD_MAX +}; +#define WG_CMD_MAX (__WG_CMD_MAX - 1) + #endif /* _WG_UAPI_WIREGUARD_H */ --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B6E3B2E975E; Thu, 4 Sep 2025 22:03:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023414; cv=none; b=iTllEApqzbrHj3Nq66+ingV6KtMcbPYXKcWqXvlN3ZSDNS9CaOco4QiwMz0g5EYQehOOq3OB4LlMjs1LZ4Ya7KDkTINVEZtHHgFdmx4XqvNUGSn2Y+xoZ+m2w3w0CYtNC81m2lswOnpVdujOBJtpxLv4MbjC64PmQ6Ded4Fo/H4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023414; c=relaxed/simple; bh=121vixZVyWdpVnNNIFvoWmdEy0OO+Zl65XWR5OE1tLw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WqB2rAxnDJDjpBEy26hLR4bNKDMy6GQ0vUCs3Is4Lox5ui8tSZGNs3IR0aAhFzZx4NRfSLrIcZN5Q5flm3fK96MTZTZPyScLh9lQ0CxFjxMkA1SaUl/9lS6UWF/ONHl7/YP3tVw0o/FCZ602WpGFtbJ20EDgdDfORNKEOJiLEDQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=FP2Bejtv; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="FP2Bejtv" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023398; bh=121vixZVyWdpVnNNIFvoWmdEy0OO+Zl65XWR5OE1tLw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FP2BejtvAsJh7YFQdMgwp8FMpDrroAdmxWJfk+VTiAEkYKkCcH4qH2rypSLSPsn70 lQTsoSNJIfmXwhsugI2uaBUJWa55ceguOolrLRq0vw1uOCtaVNe6gWdZLuOefW438P nrQtoS82nYLP5N/QMOUc7tWl0bcH8EjLynuL2sicKiuO0EuiD8PB68VnvSvToircii okZjy4jCtVJRjoXdgiHOs74fFwM2LNNIa5HjFVmWcyCj3r+nz9KOMxQAlNAVZGlAoI KusbL9Ds0xfPlvzc3vXb1BRqIY2uS01zZMR4uOC+oPTcwvY0I4SgZSPzwZp9lu5svH i9ony3xmVz6Sg== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id B7A6C60396; Thu, 4 Sep 2025 22:03:18 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id 7B28E2029CD; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 07/14] uapi: wireguard: move flag enums Date: Thu, 4 Sep 2025 22:02:41 +0000 Message-ID: <20250904220255.1006675-7-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Move the wg*_flag enums, so that they are defined above the attribute set enums, as ynl-gen would place them. While touching these lines, also pre-compute bitshifted flag values, like ynl-gen would generate them. This is an incremental step towards adopting an UAPI header generated by ynl-gen. This is a trivial patch with no behavioural changes intended. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- include/uapi/linux/wireguard.h | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h index ee63aba7f98f..623ec9527e22 100644 --- a/include/uapi/linux/wireguard.h +++ b/include/uapi/linux/wireguard.h @@ -15,6 +15,20 @@ enum wgdevice_flag { WGDEVICE_F_REPLACE_PEERS =3D 1U << 0, __WGDEVICE_F_ALL =3D WGDEVICE_F_REPLACE_PEERS }; + +enum wgpeer_flag { + WGPEER_F_REMOVE_ME =3D 1, + WGPEER_F_REPLACE_ALLOWEDIPS =3D 2, + WGPEER_F_UPDATE_ONLY =3D 4, + __WGPEER_F_ALL =3D WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS | + WGPEER_F_UPDATE_ONLY +}; + +enum wgallowedip_flag { + WGALLOWEDIP_F_REMOVE_ME =3D 1, + __WGALLOWEDIP_F_ALL =3D WGALLOWEDIP_F_REMOVE_ME +}; + enum wgdevice_attribute { WGDEVICE_A_UNSPEC, WGDEVICE_A_IFINDEX, @@ -30,13 +44,6 @@ enum wgdevice_attribute { }; #define WGDEVICE_A_MAX (__WGDEVICE_A_MAX - 1) =20 -enum wgpeer_flag { - WGPEER_F_REMOVE_ME =3D 1U << 0, - WGPEER_F_REPLACE_ALLOWEDIPS =3D 1U << 1, - WGPEER_F_UPDATE_ONLY =3D 1U << 2, - __WGPEER_F_ALL =3D WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS | - WGPEER_F_UPDATE_ONLY -}; enum wgpeer_attribute { WGPEER_A_UNSPEC, WGPEER_A_PUBLIC_KEY, @@ -54,10 +61,6 @@ enum wgpeer_attribute { }; #define WGPEER_A_MAX (__WGPEER_A_MAX - 1) =20 -enum wgallowedip_flag { - WGALLOWEDIP_F_REMOVE_ME =3D 1U << 0, - __WGALLOWEDIP_F_ALL =3D WGALLOWEDIP_F_REMOVE_ME -}; enum wgallowedip_attribute { WGALLOWEDIP_A_UNSPEC, WGALLOWEDIP_A_FAMILY, --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B70F52D6E65; Thu, 4 Sep 2025 22:03:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023407; cv=none; b=YnxUituVbhC3YtpWeE8TMN4HpHQhP8f4fxF86BnheSP5TQgbrGrUjcQXv8d/U+JGPmNSc39ZO7TwPC3RNKwX3p8H+O+w9ohbzjRrtOyGhtqz6hJ8RzPGfw3ZhOnvXxTyHCdRq88I8TMl3qi2BrP9M5hiadoIkCOwQx5IE0/RQBI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023407; c=relaxed/simple; bh=O56nXG2PIp67W8RUpsWeXklMaE5M2YiL8OY2yAjHgps=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Q3ctWrg8Z6oLLkEO/Gpe+I5lCe+ACuA2q6/a9Hi9SuENkg7ZSKupHKa1rLhCH5CT8FieCtBf9HYLFnfjfcIL4Nj/cLfK3vx/D1Qfiv927upDI+kgz2Bwj6ujcxI5KcWfJ5Ioa7oE69NL2925WI5z6pHGQpuByvQrocO6KnpmWOY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=XloSlDjE; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="XloSlDjE" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023398; bh=O56nXG2PIp67W8RUpsWeXklMaE5M2YiL8OY2yAjHgps=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XloSlDjEBfE2ov65mZY/AkKPSo8kum75TAV4IiZZE6y5QRyHv5Dk8rAYHMRXHnyLA qVz2l8xCdaRTtTwagNLF7OThfqUc10i3jVVPHCUeA0HaZJQky15k34ZfyqyCFgVDJu Jx3yC2D7pIzCni86ZFcqy5j0+tTqNxDuC+L77XBL/ddbjGuNN6T5Wmmkx573n2Xs8R bTwFVAeCx28MgnOUKMVvjZzWGTQ/qwzkR15shoHcbh1RM1nYbDROzoWpzWsi+r2T+L OU7GRAgqqzUrMXrcScQmM278fwnL+bNoJUFLPiZxYh7hSPYHJeg2qiigx2VNIMzj+U 2ZJvQLis41ENQ== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id 95E9760128; Thu, 4 Sep 2025 22:03:11 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id 84C42202A16; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 08/14] uapi: wireguard: generate header with ynl-gen Date: Thu, 4 Sep 2025 22:02:42 +0000 Message-ID: <20250904220255.1006675-8-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Use ynl-gen to generate the UAPI header for wireguard. Changes in generated header: * As __*_F_ALL are not generated by ynl-gen: * All users have been replaced by their current value. * Once the policies are also generated, then the NLA_POLICY_MASK() policies will be kept in sync. * Convert the last bit-shifted flag value in enum wgdevice_flag. * Trivial include guard rename. * Trivial white space changes. No behavioural changes intended. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- drivers/net/wireguard/netlink.c | 6 +++--- include/uapi/linux/wireguard.h | 26 +++++++++++--------------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin= k.c index 742d3f88d132..5dae2aa51346 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -24,7 +24,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_M= AX + 1] =3D { [WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D IFNAMSIZ - = 1 }, [WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), [WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), - [WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL), + [WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 1), [WGDEVICE_A_LISTEN_PORT] =3D { .type =3D NLA_U16 }, [WGDEVICE_A_FWMARK] =3D { .type =3D NLA_U32 }, [WGDEVICE_A_PEERS] =3D NLA_POLICY_NESTED_ARRAY(peer_policy), @@ -33,7 +33,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_M= AX + 1] =3D { static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D { [WGPEER_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), [WGPEER_A_PRESHARED_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), - [WGPEER_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, __WGPEER_F_ALL), + [WGPEER_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 7), [WGPEER_A_ENDPOINT] =3D NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)), [WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] =3D { .type =3D NLA_U16 }, [WGPEER_A_LAST_HANDSHAKE_TIME] =3D NLA_POLICY_EXACT_LEN(sizeof(struct _= _kernel_timespec)), @@ -47,7 +47,7 @@ static const struct nla_policy allowedip_policy[WGALLOWED= IP_A_MAX + 1] =3D { [WGALLOWEDIP_A_FAMILY] =3D { .type =3D NLA_U16 }, [WGALLOWEDIP_A_IPADDR] =3D NLA_POLICY_MIN_LEN(sizeof(struct in_addr)), [WGALLOWEDIP_A_CIDR_MASK] =3D { .type =3D NLA_U8 }, - [WGALLOWEDIP_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, __WGALLOWEDIP_F_ALL), + [WGALLOWEDIP_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 1), }; =20 static struct wg_device *lookup_interface(struct nlattr **attrs, diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h index 623ec9527e22..b83973aed9f8 100644 --- a/include/uapi/linux/wireguard.h +++ b/include/uapi/linux/wireguard.h @@ -1,32 +1,28 @@ -/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR MIT */ -/* - * Copyright (C) 2015-2019 Jason A. Donenfeld . All Right= s Reserved. - */ +/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl= ause) */ +/* Do not edit directly, auto-generated from: */ +/* Documentation/netlink/specs/wireguard.yaml */ +/* YNL-GEN uapi header */ =20 -#ifndef _WG_UAPI_WIREGUARD_H -#define _WG_UAPI_WIREGUARD_H +#ifndef _UAPI_LINUX_WIREGUARD_H +#define _UAPI_LINUX_WIREGUARD_H =20 -#define WG_GENL_NAME "wireguard" -#define WG_GENL_VERSION 1 +#define WG_GENL_NAME "wireguard" +#define WG_GENL_VERSION 1 =20 -#define WG_KEY_LEN 32 +#define WG_KEY_LEN 32 =20 enum wgdevice_flag { - WGDEVICE_F_REPLACE_PEERS =3D 1U << 0, - __WGDEVICE_F_ALL =3D WGDEVICE_F_REPLACE_PEERS + WGDEVICE_F_REPLACE_PEERS =3D 1, }; =20 enum wgpeer_flag { WGPEER_F_REMOVE_ME =3D 1, WGPEER_F_REPLACE_ALLOWEDIPS =3D 2, WGPEER_F_UPDATE_ONLY =3D 4, - __WGPEER_F_ALL =3D WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS | - WGPEER_F_UPDATE_ONLY }; =20 enum wgallowedip_flag { WGALLOWEDIP_F_REMOVE_ME =3D 1, - __WGALLOWEDIP_F_ALL =3D WGALLOWEDIP_F_REMOVE_ME }; =20 enum wgdevice_attribute { @@ -80,4 +76,4 @@ enum wg_cmd { }; #define WG_CMD_MAX (__WG_CMD_MAX - 1) =20 -#endif /* _WG_UAPI_WIREGUARD_H */ +#endif /* _UAPI_LINUX_WIREGUARD_H */ --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3598D2DA774; Thu, 4 Sep 2025 22:03:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023409; cv=none; b=MPvWtJtUppYrxgA3BhTRDpWLQPzuN5pDZOhqHV/Hn82cmrfMpmC5xUbYPlX9oAxI1IW8p5qlrOLVHobr57SZx0x8WfOcBkMoroS7WDvMqzJ5eB1krBu3ZCRJL12vTLdfGCEwxOCOpEtoeu9uNBQZmtyiYYujyXVOSA2Y1PwRKNo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023409; c=relaxed/simple; bh=kMqU8o5gtS6cIF/f8unFSWXSRJW30XLyBCaK0+2pFYQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=h4P0XVv5+3PYnLPyISIRnzqkL7yxeU5xEObYVWWfKl4ymRmfLp0KedsrCfQfUWjED3JPOHCBLapcUDPuWRp20BTfnX3aOkilS5poYdJUBnV2RVqz45axEzFbdazXv8tQSC44zcNhnUwg/6/skNS0lC6U4l/LTMGK6bPxAyTLRF4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=fJgHVluk; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="fJgHVluk" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023398; bh=kMqU8o5gtS6cIF/f8unFSWXSRJW30XLyBCaK0+2pFYQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fJgHVlukhZI9GWZafrg2HpZI0hOJlvBVMyvyhCgUJmf/nMNU6KQ8q9aK1yv9s0MY/ oijR0ZBs3qfz6ACDt8H0XHVYYKKZXICNL5SaEer62z+2khoXo5HNzpHeVPXb0Np8mQ ygK18YgAiKU+FlU659aSmCPatGd8Q7/A9BbJn4OyhmN6R5xStpCF4DFQ5WQDOyvAdJ Lm4Hm4e+sfGig/I53USQSIgxxTDo9nPWqURQ+aChL2OZiSQVGYv/J+rUrCQ5ONuO4f /ZWiGHDpw0FIFAXg4TXMOGh8Y/CUfVf5S2hyg/jV5URwNDUKvvR4tpcu5JQbUux9jY 1YQvJyT/wO6kA== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id 90D8960078; Thu, 4 Sep 2025 22:03:11 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id 90E5D202AC7; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 09/14] wireguard: netlink: convert to split ops Date: Thu, 4 Sep 2025 22:02:43 +0000 Message-ID: <20250904220255.1006675-9-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This patch converts wireguard from using legacy struct genl_ops to struct genl_split_ops, by applying the same transformation as genl_cmd_full_to_split() does. WGDEVICE_A_MAX is swapped for WGDEVICE_A_PEERS, which is currently equivalent and is what ynl-gen would generate. This is an incremental step towards adopting netlink policy code generated by ynl-gen. This is a trivial patch with no behavioural changes intended. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- drivers/net/wireguard/netlink.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin= k.c index 5dae2aa51346..1311f64d9fcf 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -614,29 +614,31 @@ static int wg_set_device(struct sk_buff *skb, struct = genl_info *info) return ret; } =20 -static const struct genl_ops genl_ops[] =3D { +static const struct genl_split_ops wireguard_nl_ops[] =3D { { .cmd =3D WG_CMD_GET_DEVICE, .start =3D wg_get_device_start, .dumpit =3D wg_get_device_dump, .done =3D wg_get_device_done, - .flags =3D GENL_UNS_ADMIN_PERM + .policy =3D device_policy, + .maxattr =3D WGDEVICE_A_PEERS, + .flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP, }, { .cmd =3D WG_CMD_SET_DEVICE, .doit =3D wg_set_device, - .flags =3D GENL_UNS_ADMIN_PERM + .policy =3D device_policy, + .maxattr =3D WGDEVICE_A_PEERS, + .flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO, } }; =20 static struct genl_family genl_family __ro_after_init =3D { - .ops =3D genl_ops, - .n_ops =3D ARRAY_SIZE(genl_ops), + .split_ops =3D wireguard_nl_ops, + .n_split_ops =3D ARRAY_SIZE(wireguard_nl_ops), .resv_start_op =3D WG_CMD_SET_DEVICE + 1, .name =3D WG_GENL_NAME, .version =3D WG_GENL_VERSION, - .maxattr =3D WGDEVICE_A_MAX, .module =3D THIS_MODULE, - .policy =3D device_policy, .netnsok =3D true }; =20 --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 799C62E7199; Thu, 4 Sep 2025 22:03:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023413; cv=none; b=XrLlC4W262fCQ+YzBmmCbKbn3+YozfZ4B7P1axKvqmLV2IGrIiWhh0WNVk79SP/nEkBbCF0ii+X/CyTvV2HhCR0acYbuZ80kB41kIV/4oTV8ngHzNynbECt+6p+feqPo2i/ZMfp4npBanjoqsSoThXR8EkKzB1n2pfE6+flmVmY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023413; c=relaxed/simple; bh=yn7KM2RELbYxnavae/6JZHbx03cZRlg0W85YqkjfB88=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=PAH2+Pko5LVo+d+EntX8+NynFnAbEDiTn7XnXaxQAJp6ttO0m4Q6W1I++a/s3719xdOgEXgvfjHrzZx9Y/tT6DiWYZL7VrrOHuGlm2180ji/fWLOrVEJkAdjJhIZVXz3s1p6XD7+q/669r7COUIYcNs6BixUVWT4i6dOAdmmVtY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=vkSHpgkP; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="vkSHpgkP" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023398; bh=yn7KM2RELbYxnavae/6JZHbx03cZRlg0W85YqkjfB88=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vkSHpgkPrmCvRkFngWuNjOpOr9SJQRjyTLDI6PBUI4cbVcVSWKlpMz5FW6iOWIbli FuMlurajhUluO78DIA4O9bm/3clTz69BF9GpcgXPVuyQUdKxbsBP3Cjjj7Yqqk7Dv0 h/A1KF1ggnmEggivHPnBmK4vIFO/cbUzprRpo0h7dKU/1dxEggmpzFQs6Y2NgZ2Mim zCKFzb7j1gHZ1M3d0OooA2nYoZ/sadsJ0CsmOyc4FFs9g4++jN0a6zWqJUuZOxa0it ETQTY7D+cH78Qa376aFHYLdcmwUZgLOaVYxLAN8W0KfO5ZX2g6cwC67FPbg/yuy0HZ 7JVw1tbRuPM2g== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id 9131B60141; Thu, 4 Sep 2025 22:03:18 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id 99F5D202AD8; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 10/14] wireguard: netlink: rename netlink handlers Date: Thu, 4 Sep 2025 22:02:44 +0000 Message-ID: <20250904220255.1006675-10-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Rename netlink handlers to use the naming expected by ynl-gen. This is an incremental step towards adopting netlink command definitions generated by ynl-gen. This is a trivial patch with no behavioural changes intended. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- drivers/net/wireguard/netlink.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin= k.c index 1311f64d9fcf..a61e1c5c7850 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -197,7 +197,7 @@ get_peer(struct wg_peer *peer, struct sk_buff *skb, str= uct dump_ctx *ctx) return -EMSGSIZE; } =20 -static int wg_get_device_start(struct netlink_callback *cb) +static int wireguard_nl_get_device_start(struct netlink_callback *cb) { struct wg_device *wg; =20 @@ -208,7 +208,8 @@ static int wg_get_device_start(struct netlink_callback = *cb) return 0; } =20 -static int wg_get_device_dump(struct sk_buff *skb, struct netlink_callback= *cb) +static int wireguard_nl_get_device_dumpit(struct sk_buff *skb, + struct netlink_callback *cb) { struct wg_peer *peer, *next_peer_cursor; struct dump_ctx *ctx =3D DUMP_CTX(cb); @@ -302,7 +303,7 @@ static int wg_get_device_dump(struct sk_buff *skb, stru= ct netlink_callback *cb) */ } =20 -static int wg_get_device_done(struct netlink_callback *cb) +static int wireguard_nl_get_device_done(struct netlink_callback *cb) { struct dump_ctx *ctx =3D DUMP_CTX(cb); =20 @@ -500,7 +501,8 @@ static int set_peer(struct wg_device *wg, struct nlattr= **attrs) return ret; } =20 -static int wg_set_device(struct sk_buff *skb, struct genl_info *info) +static int wireguard_nl_set_device_doit(struct sk_buff *skb, + struct genl_info *info) { struct wg_device *wg =3D lookup_interface(info->attrs, skb); u32 flags =3D 0; @@ -617,15 +619,15 @@ static int wg_set_device(struct sk_buff *skb, struct = genl_info *info) static const struct genl_split_ops wireguard_nl_ops[] =3D { { .cmd =3D WG_CMD_GET_DEVICE, - .start =3D wg_get_device_start, - .dumpit =3D wg_get_device_dump, - .done =3D wg_get_device_done, + .start =3D wireguard_nl_get_device_start, + .dumpit =3D wireguard_nl_get_device_dumpit, + .done =3D wireguard_nl_get_device_done, .policy =3D device_policy, .maxattr =3D WGDEVICE_A_PEERS, .flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP, }, { .cmd =3D WG_CMD_SET_DEVICE, - .doit =3D wg_set_device, + .doit =3D wireguard_nl_set_device_doit, .policy =3D device_policy, .maxattr =3D WGDEVICE_A_PEERS, .flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO, --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 850392EAD0C; Thu, 4 Sep 2025 22:03:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023418; cv=none; b=Gg+LmOBhauHOoXxdx81o6rJYGY5b4WvMsaREDNthFQq1pDtwv/j82G8taaWmjlfvktiXXq97Bvyt8o1evsYzZuE/HNwMwVjGTOvXYsiyxKWGGVkKepZL7MYl5lUutPCUDmNQiHwwusV2gEWki7PhrSyss96SVNNM3qI5McwJ94U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023418; c=relaxed/simple; bh=CZfJGhxx2Urse7IIvrAANP7Ykko7twy1ZvK+VyL/1yw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DCnK5E0j9QQ+u8t96SadxbrhXm9xvlk9WTKKPEH5KCTrJpqG4C7LLFXsjhU15pCyBWM/u5uVJ7Ng8orelRpc+lKZQpyvyB5PdGotj5dI4u9DM5w6h2sv663bcWHRDwQ1Iv1EC0cfv5zJEpo88eNaDNU7qXafnFXdOBL6zkNeVOI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=fsI1f4GP; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="fsI1f4GP" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023399; bh=CZfJGhxx2Urse7IIvrAANP7Ykko7twy1ZvK+VyL/1yw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fsI1f4GP+qh01LFPFcuYYYU0ATSPPw83yELFdjpu3sTVHN6yqQsnG2j14TZHkdaKe f3PUU32Z8lVjurWzQz9R8Cn6WCTbvp/RqoDsrN7pqzfK+0cCeIi9AV8C+urTdktmcf Mv8j/TZGZcZRkl2Kn1A2LkSCidzM+OXnFV0kHvGlFfUQJVIdEA6YYIeSnNlUCmt+QO 3BVa/jWLHje40St4wLludvexACF2gGrq/yTDeNTZ8z0hBQg24B7JbB+4y2zSnL9ZN0 EZ5IoAWNuhYUU072L2nvOYAXnKTCrzZJu7Jz6oeK0H+zDF4oJN5j60CbHNmifC0RBo ud/pE7S6JVGvg== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id 1C8E460587; Thu, 4 Sep 2025 22:03:19 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id A3DB0202AE3; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 11/14] wireguard: netlink: generate netlink code Date: Thu, 4 Sep 2025 22:02:45 +0000 Message-ID: <20250904220255.1006675-11-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This patch adopts netlink policy and command definitions as generated by ynl-gen. No behavioural changes intended. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- drivers/net/wireguard/Makefile | 1 + drivers/net/wireguard/netlink.c | 69 +++++-------------------- drivers/net/wireguard/netlink_gen.c | 78 +++++++++++++++++++++++++++++ drivers/net/wireguard/netlink_gen.h | 30 +++++++++++ 4 files changed, 121 insertions(+), 57 deletions(-) create mode 100644 drivers/net/wireguard/netlink_gen.c create mode 100644 drivers/net/wireguard/netlink_gen.h diff --git a/drivers/net/wireguard/Makefile b/drivers/net/wireguard/Makefile index dbe1f8514efc..ae4b479cddbd 100644 --- a/drivers/net/wireguard/Makefile +++ b/drivers/net/wireguard/Makefile @@ -14,4 +14,5 @@ wireguard-y +=3D allowedips.o wireguard-y +=3D ratelimiter.o wireguard-y +=3D cookie.o wireguard-y +=3D netlink.o +wireguard-y +=3D netlink_gen.o obj-$(CONFIG_WIREGUARD) :=3D wireguard.o diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin= k.c index a61e1c5c7850..0e34817126b9 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -9,6 +9,7 @@ #include "socket.h" #include "queueing.h" #include "messages.h" +#include "netlink_gen.h" =20 #include =20 @@ -19,37 +20,6 @@ =20 static struct genl_family genl_family; =20 -static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] =3D { - [WGDEVICE_A_IFINDEX] =3D { .type =3D NLA_U32 }, - [WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D IFNAMSIZ - = 1 }, - [WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), - [WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), - [WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 1), - [WGDEVICE_A_LISTEN_PORT] =3D { .type =3D NLA_U16 }, - [WGDEVICE_A_FWMARK] =3D { .type =3D NLA_U32 }, - [WGDEVICE_A_PEERS] =3D NLA_POLICY_NESTED_ARRAY(peer_policy), -}; - -static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D { - [WGPEER_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), - [WGPEER_A_PRESHARED_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), - [WGPEER_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 7), - [WGPEER_A_ENDPOINT] =3D NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)), - [WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] =3D { .type =3D NLA_U16 }, - [WGPEER_A_LAST_HANDSHAKE_TIME] =3D NLA_POLICY_EXACT_LEN(sizeof(struct _= _kernel_timespec)), - [WGPEER_A_RX_BYTES] =3D { .type =3D NLA_U64 }, - [WGPEER_A_TX_BYTES] =3D { .type =3D NLA_U64 }, - [WGPEER_A_ALLOWEDIPS] =3D NLA_POLICY_NESTED_ARRAY(allowedip_policy), - [WGPEER_A_PROTOCOL_VERSION] =3D { .type =3D NLA_U32 } -}; - -static const struct nla_policy allowedip_policy[WGALLOWEDIP_A_MAX + 1] =3D= { - [WGALLOWEDIP_A_FAMILY] =3D { .type =3D NLA_U16 }, - [WGALLOWEDIP_A_IPADDR] =3D NLA_POLICY_MIN_LEN(sizeof(struct in_addr)), - [WGALLOWEDIP_A_CIDR_MASK] =3D { .type =3D NLA_U8 }, - [WGALLOWEDIP_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 1), -}; - static struct wg_device *lookup_interface(struct nlattr **attrs, struct sk_buff *skb) { @@ -197,7 +167,7 @@ get_peer(struct wg_peer *peer, struct sk_buff *skb, str= uct dump_ctx *ctx) return -EMSGSIZE; } =20 -static int wireguard_nl_get_device_start(struct netlink_callback *cb) +int wireguard_nl_get_device_start(struct netlink_callback *cb) { struct wg_device *wg; =20 @@ -208,8 +178,8 @@ static int wireguard_nl_get_device_start(struct netlink= _callback *cb) return 0; } =20 -static int wireguard_nl_get_device_dumpit(struct sk_buff *skb, - struct netlink_callback *cb) +int wireguard_nl_get_device_dumpit(struct sk_buff *skb, + struct netlink_callback *cb) { struct wg_peer *peer, *next_peer_cursor; struct dump_ctx *ctx =3D DUMP_CTX(cb); @@ -303,7 +273,7 @@ static int wireguard_nl_get_device_dumpit(struct sk_buf= f *skb, */ } =20 -static int wireguard_nl_get_device_done(struct netlink_callback *cb) +int wireguard_nl_get_device_done(struct netlink_callback *cb) { struct dump_ctx *ctx =3D DUMP_CTX(cb); =20 @@ -468,7 +438,9 @@ static int set_peer(struct wg_device *wg, struct nlattr= **attrs) =20 nla_for_each_nested(attr, attrs[WGPEER_A_ALLOWEDIPS], rem) { ret =3D nla_parse_nested(allowedip, WGALLOWEDIP_A_MAX, - attr, allowedip_policy, NULL); + attr, + wireguard_wgallowedip_nl_policy, + NULL); if (ret < 0) goto out; ret =3D set_allowedip(peer, allowedip); @@ -501,8 +473,8 @@ static int set_peer(struct wg_device *wg, struct nlattr= **attrs) return ret; } =20 -static int wireguard_nl_set_device_doit(struct sk_buff *skb, - struct genl_info *info) +int wireguard_nl_set_device_doit(struct sk_buff *skb, + struct genl_info *info) { struct wg_device *wg =3D lookup_interface(info->attrs, skb); u32 flags =3D 0; @@ -595,7 +567,8 @@ static int wireguard_nl_set_device_doit(struct sk_buff = *skb, =20 nla_for_each_nested(attr, info->attrs[WGDEVICE_A_PEERS], rem) { ret =3D nla_parse_nested(peer, WGPEER_A_MAX, attr, - peer_policy, NULL); + wireguard_wgpeer_nl_policy, + NULL); if (ret < 0) goto out; ret =3D set_peer(wg, peer); @@ -616,24 +589,6 @@ static int wireguard_nl_set_device_doit(struct sk_buff= *skb, return ret; } =20 -static const struct genl_split_ops wireguard_nl_ops[] =3D { - { - .cmd =3D WG_CMD_GET_DEVICE, - .start =3D wireguard_nl_get_device_start, - .dumpit =3D wireguard_nl_get_device_dumpit, - .done =3D wireguard_nl_get_device_done, - .policy =3D device_policy, - .maxattr =3D WGDEVICE_A_PEERS, - .flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP, - }, { - .cmd =3D WG_CMD_SET_DEVICE, - .doit =3D wireguard_nl_set_device_doit, - .policy =3D device_policy, - .maxattr =3D WGDEVICE_A_PEERS, - .flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO, - } -}; - static struct genl_family genl_family __ro_after_init =3D { .split_ops =3D wireguard_nl_ops, .n_split_ops =3D ARRAY_SIZE(wireguard_nl_ops), diff --git a/drivers/net/wireguard/netlink_gen.c b/drivers/net/wireguard/ne= tlink_gen.c new file mode 100644 index 000000000000..75f5b4b297a9 --- /dev/null +++ b/drivers/net/wireguard/netlink_gen.c @@ -0,0 +1,78 @@ +// SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl= ause) +/* Do not edit directly, auto-generated from: */ +/* Documentation/netlink/specs/wireguard.yaml */ +/* YNL-GEN kernel source */ + +#include +#include + +#include "netlink_gen.h" + +#include +#include +#include + +/* Common nested types */ +const struct nla_policy wireguard_wgallowedip_nl_policy[WGALLOWEDIP_A_FLAG= S + 1] =3D { + [WGALLOWEDIP_A_FAMILY] =3D { .type =3D NLA_U16, }, + [WGALLOWEDIP_A_IPADDR] =3D NLA_POLICY_MIN_LEN(__WG_INADDR_SZ), + [WGALLOWEDIP_A_CIDR_MASK] =3D { .type =3D NLA_U8, }, + [WGALLOWEDIP_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1), +}; + +const struct nla_policy wireguard_wgpeer_nl_policy[WGPEER_A_PROTOCOL_VERSI= ON + 1] =3D { + [WGPEER_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), + [WGPEER_A_PRESHARED_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), + [WGPEER_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x7), + [WGPEER_A_ENDPOINT] =3D NLA_POLICY_MIN_LEN(__WG_SOCKADDR_SZ), + [WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] =3D { .type =3D NLA_U16, }, + [WGPEER_A_LAST_HANDSHAKE_TIME] =3D NLA_POLICY_EXACT_LEN(__WG_TIMESPEC_SZ), + [WGPEER_A_RX_BYTES] =3D { .type =3D NLA_U64, }, + [WGPEER_A_TX_BYTES] =3D { .type =3D NLA_U64, }, + [WGPEER_A_ALLOWEDIPS] =3D NLA_POLICY_NESTED_ARRAY(wireguard_wgallowedip_n= l_policy), + [WGPEER_A_PROTOCOL_VERSION] =3D { .type =3D NLA_U32, }, +}; + +/* WG_CMD_GET_DEVICE - dump */ +static const struct nla_policy wireguard_get_device_nl_policy[WGDEVICE_A_P= EERS + 1] =3D { + [WGDEVICE_A_IFINDEX] =3D { .type =3D NLA_U32, }, + [WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D __WG_IFNAMLE= N, }, + [WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), + [WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), + [WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1), + [WGDEVICE_A_LISTEN_PORT] =3D { .type =3D NLA_U16, }, + [WGDEVICE_A_FWMARK] =3D { .type =3D NLA_U32, }, + [WGDEVICE_A_PEERS] =3D NLA_POLICY_NESTED_ARRAY(wireguard_wgpeer_nl_policy= ), +}; + +/* WG_CMD_SET_DEVICE - do */ +static const struct nla_policy wireguard_set_device_nl_policy[WGDEVICE_A_P= EERS + 1] =3D { + [WGDEVICE_A_IFINDEX] =3D { .type =3D NLA_U32, }, + [WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D __WG_IFNAMLE= N, }, + [WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), + [WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), + [WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1), + [WGDEVICE_A_LISTEN_PORT] =3D { .type =3D NLA_U16, }, + [WGDEVICE_A_FWMARK] =3D { .type =3D NLA_U32, }, + [WGDEVICE_A_PEERS] =3D NLA_POLICY_NESTED_ARRAY(wireguard_wgpeer_nl_policy= ), +}; + +/* Ops table for wireguard */ +const struct genl_split_ops wireguard_nl_ops[2] =3D { + { + .cmd =3D WG_CMD_GET_DEVICE, + .start =3D wireguard_nl_get_device_start, + .dumpit =3D wireguard_nl_get_device_dumpit, + .done =3D wireguard_nl_get_device_done, + .policy =3D wireguard_get_device_nl_policy, + .maxattr =3D WGDEVICE_A_PEERS, + .flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP, + }, + { + .cmd =3D WG_CMD_SET_DEVICE, + .doit =3D wireguard_nl_set_device_doit, + .policy =3D wireguard_set_device_nl_policy, + .maxattr =3D WGDEVICE_A_PEERS, + .flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO, + }, +}; diff --git a/drivers/net/wireguard/netlink_gen.h b/drivers/net/wireguard/ne= tlink_gen.h new file mode 100644 index 000000000000..a067ab0d61b6 --- /dev/null +++ b/drivers/net/wireguard/netlink_gen.h @@ -0,0 +1,30 @@ +/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl= ause) */ +/* Do not edit directly, auto-generated from: */ +/* Documentation/netlink/specs/wireguard.yaml */ +/* YNL-GEN kernel header */ + +#ifndef _LINUX_WIREGUARD_GEN_H +#define _LINUX_WIREGUARD_GEN_H + +#include +#include + +#include +#include +#include + +/* Common nested types */ +extern const struct nla_policy wireguard_wgallowedip_nl_policy[WGALLOWEDIP= _A_FLAGS + 1]; +extern const struct nla_policy wireguard_wgpeer_nl_policy[WGPEER_A_PROTOCO= L_VERSION + 1]; + +/* Ops table for wireguard */ +extern const struct genl_split_ops wireguard_nl_ops[2]; + +int wireguard_nl_get_device_start(struct netlink_callback *cb); +int wireguard_nl_get_device_done(struct netlink_callback *cb); + +int wireguard_nl_get_device_dumpit(struct sk_buff *skb, + struct netlink_callback *cb); +int wireguard_nl_set_device_doit(struct sk_buff *skb, struct genl_info *in= fo); + +#endif /* _LINUX_WIREGUARD_GEN_H */ --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 71BCF2EBDD9; Thu, 4 Sep 2025 22:03:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023416; cv=none; b=cKVd+xABaA/1WNWb4Ubm+HL9wcI7HQaCLC9Xl48ACeNH98WZ7W+AifG/IRHEhxUI2VYN3X3zJMy1zHdOjL5qt9Bj3Om4YWr5IcEGpuOm4pfLgkZWlTYx0IjJYyake8ye8U7l7o/pLIZV52G4/m4JWSMjP08T98bMpUEYXnqkuEA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023416; c=relaxed/simple; bh=CO/vHSTBdTAo/V5DNoVuti5MiqLKMG3c1AdHyp2ogNE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=LrVpfj60VFoa+rFQqUBn3hbUdDPuMfJfUJQ81NgHtxSIYDtp6s69+ufz0mY26d4VZPQagBOqtRv4UkI4lpwOH48o8gs1xBJBg6UwkUtVGh5HySfX1AtqqND+xQ6u0mSAu/XYhvsT5efdrhbXCrECMt8NQBKYYZlc7y9CoZd7V2Q= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=pdA9hRop; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="pdA9hRop" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023399; bh=CO/vHSTBdTAo/V5DNoVuti5MiqLKMG3c1AdHyp2ogNE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pdA9hRopUBhN4otUAIQhIHglPx8eiFkCbH18XD6SfoVQ6M45e+XGflfRTxI9k+S/Q CplL+4deR/eoPTryNZoP/mFcwShrsLQQ5U80CEhgz+s8qSpnqW3q7q8RIUfZ+qhWcl QPs9BXFt55PMn2e4ssRLz1fVY3hjwRUYp7TwvygJuP+4OPgzn2gErh+YwK4ot3EXbD ZGhbmLLbNqUZerPP9i+kNByPvkaV+hkNsWp7Vaulo4a1yGxmle6rE3WnYTyILFLAPl 81o52p5ES2NUE87ZpyaGrrxnPMZM3ZDf3eyge88UUKdQAAkK0NI2m6LnSyYbuyK4EK e1jQyea+Sd9gQ== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id 1D3E360589; Thu, 4 Sep 2025 22:03:19 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id AD997202B05; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 12/14] netlink: specs: wireguard: alternative to wireguard_params.h Date: Thu, 4 Sep 2025 22:02:46 +0000 Message-ID: <20250904220255.1006675-12-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an alternative to the approach taken in patch 04, Use magic constants in C as well, and thereby obfuscate their origin. If this is preferred then I will split and squash this patch into the previous commits, so that it's done like this in the original specification patch. Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- Documentation/netlink/specs/wireguard.yaml | 36 +++------------------- drivers/net/wireguard/netlink_gen.c | 11 +++---- drivers/net/wireguard/netlink_gen.h | 1 - include/uapi/linux/wireguard_params.h | 18 ----------- 4 files changed, 9 insertions(+), 57 deletions(-) delete mode 100644 include/uapi/linux/wireguard_params.h diff --git a/Documentation/netlink/specs/wireguard.yaml b/Documentation/net= link/specs/wireguard.yaml index 37011c3f158b..bb44171d9ac5 100644 --- a/Documentation/netlink/specs/wireguard.yaml +++ b/Documentation/netlink/specs/wireguard.yaml @@ -21,34 +21,6 @@ definitions: name: key-len type: const value: 32 - - - name-prefix: --wg- - name: inaddr-sz - type: const - doc: Equivalent of ``sizeof(struct in_addr)``. - header: linux/wireguard_params.h - value: 4 - - - name-prefix: --wg- - name: sockaddr-sz - type: const - doc: Equivalent of ``sizeof(struct sockaddr)``. - header: linux/wireguard_params.h - value: 16 - - - name-prefix: --wg- - name: timespec-sz - type: const - doc: Equivalent of ``sizeof(struct __kernel_timespec)``. - header: linux/wireguard_params.h - value: 16 - - - name-prefix: --wg- - name: ifnamlen - type: const - doc: Equivalent of ``IFNAMSIZ - 1``. - header: linux/wireguard_params.h - value: 15 - name: --kernel-timespec type: struct @@ -103,7 +75,7 @@ attribute-sets: name: ifname type: string checks: - max-len: --wg-ifnamlen + max-len: 15 - name: private-key type: binary @@ -179,7 +151,7 @@ attribute-sets: doc: struct sockaddr_in or struct sockaddr_in6 type: binary checks: - min-len: --wg-sockaddr-sz + min-len: 16 - name: persistent-keepalive-interval type: u16 @@ -189,7 +161,7 @@ attribute-sets: type: binary struct: --kernel-timespec checks: - exact-len: --wg-timespec-sz + exact-len: 16 - name: rx-bytes type: u64 @@ -226,7 +198,7 @@ attribute-sets: doc: struct in_addr or struct in6_add display-hint: ipv4-or-v6 checks: - min-len: --wg-inaddr-sz + min-len: 4 - name: cidr-mask type: u8 diff --git a/drivers/net/wireguard/netlink_gen.c b/drivers/net/wireguard/ne= tlink_gen.c index 75f5b4b297a9..f95fa133778f 100644 --- a/drivers/net/wireguard/netlink_gen.c +++ b/drivers/net/wireguard/netlink_gen.c @@ -9,13 +9,12 @@ #include "netlink_gen.h" =20 #include -#include #include =20 /* Common nested types */ const struct nla_policy wireguard_wgallowedip_nl_policy[WGALLOWEDIP_A_FLAG= S + 1] =3D { [WGALLOWEDIP_A_FAMILY] =3D { .type =3D NLA_U16, }, - [WGALLOWEDIP_A_IPADDR] =3D NLA_POLICY_MIN_LEN(__WG_INADDR_SZ), + [WGALLOWEDIP_A_IPADDR] =3D NLA_POLICY_MIN_LEN(4), [WGALLOWEDIP_A_CIDR_MASK] =3D { .type =3D NLA_U8, }, [WGALLOWEDIP_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1), }; @@ -24,9 +23,9 @@ const struct nla_policy wireguard_wgpeer_nl_policy[WGPEER= _A_PROTOCOL_VERSION + 1 [WGPEER_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), [WGPEER_A_PRESHARED_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), [WGPEER_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x7), - [WGPEER_A_ENDPOINT] =3D NLA_POLICY_MIN_LEN(__WG_SOCKADDR_SZ), + [WGPEER_A_ENDPOINT] =3D NLA_POLICY_MIN_LEN(16), [WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] =3D { .type =3D NLA_U16, }, - [WGPEER_A_LAST_HANDSHAKE_TIME] =3D NLA_POLICY_EXACT_LEN(__WG_TIMESPEC_SZ), + [WGPEER_A_LAST_HANDSHAKE_TIME] =3D NLA_POLICY_EXACT_LEN(16), [WGPEER_A_RX_BYTES] =3D { .type =3D NLA_U64, }, [WGPEER_A_TX_BYTES] =3D { .type =3D NLA_U64, }, [WGPEER_A_ALLOWEDIPS] =3D NLA_POLICY_NESTED_ARRAY(wireguard_wgallowedip_n= l_policy), @@ -36,7 +35,7 @@ const struct nla_policy wireguard_wgpeer_nl_policy[WGPEER= _A_PROTOCOL_VERSION + 1 /* WG_CMD_GET_DEVICE - dump */ static const struct nla_policy wireguard_get_device_nl_policy[WGDEVICE_A_P= EERS + 1] =3D { [WGDEVICE_A_IFINDEX] =3D { .type =3D NLA_U32, }, - [WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D __WG_IFNAMLE= N, }, + [WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D 15, }, [WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), [WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), [WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1), @@ -48,7 +47,7 @@ static const struct nla_policy wireguard_get_device_nl_po= licy[WGDEVICE_A_PEERS + /* WG_CMD_SET_DEVICE - do */ static const struct nla_policy wireguard_set_device_nl_policy[WGDEVICE_A_P= EERS + 1] =3D { [WGDEVICE_A_IFINDEX] =3D { .type =3D NLA_U32, }, - [WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D __WG_IFNAMLE= N, }, + [WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D 15, }, [WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), [WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN), [WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1), diff --git a/drivers/net/wireguard/netlink_gen.h b/drivers/net/wireguard/ne= tlink_gen.h index a067ab0d61b6..e635b1f5f0df 100644 --- a/drivers/net/wireguard/netlink_gen.h +++ b/drivers/net/wireguard/netlink_gen.h @@ -10,7 +10,6 @@ #include =20 #include -#include #include =20 /* Common nested types */ diff --git a/include/uapi/linux/wireguard_params.h b/include/uapi/linux/wir= eguard_params.h deleted file mode 100644 index c218e4b8042f..000000000000 --- a/include/uapi/linux/wireguard_params.h +++ /dev/null @@ -1,18 +0,0 @@ -/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl= ause) */ - -#ifndef _UAPI_LINUX_WIREGUARD_PARAMS_H -#define _UAPI_LINUX_WIREGUARD_PARAMS_H - -#include -#include -#include - -/* These definitions are currently needed for definitions which can't - * be expressed directly in Documentation/netlink/specs/wireguard.yaml - */ -#define __WG_INADDR_SZ (sizeof(struct in_addr)) -#define __WG_SOCKADDR_SZ (sizeof(struct sockaddr)) -#define __WG_TIMESPEC_SZ (sizeof(struct __kernel_timespec)) -#define __WG_IFNAMLEN (IFNAMSIZ - 1) - -#endif /* _UAPI_LINUX_WIREGUARD_PARAMS_H */ --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9FE462DF124; Thu, 4 Sep 2025 22:03:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023411; cv=none; b=BJSJmK+2aPQQCo74wNL66vAXTXvtIYVeE++oFTVlQ7C8+bsOx9g7FYzzw17abT22vzFQERbz1i079LzdkhfhEJAwFBoU7srWWgX2Fr/cAKNHxJW6j4B/w7bVopBAiIStOwvE6c0YAQSLckQf/S/Lr4lnhmhW/MtBbKR7x3c9BJk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023411; c=relaxed/simple; bh=ECNMbXl3XLvGt4tALH0EaehkGJdjFoR5BhZ1oyO4DKU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=rGkQUTnhAnMJ7uTP7CnFVpYVTp82biD5ta8zc+mBJ367EY3BcmfM392TZ5hb6xtxTIa2nQ8IL0KW+mH9GGHaGMrHZB5knVzCTa6u6iVhAYNiUkdZ6fRNRVhY86SEzwH3yOeCmBs9wLzrVTdQjZCHWAqZL+v+S4rBZKooyA4iFDI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=bzZnJJFp; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="bzZnJJFp" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023398; bh=ECNMbXl3XLvGt4tALH0EaehkGJdjFoR5BhZ1oyO4DKU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bzZnJJFp7x0TGcadOB6VkbUDx+lay5/40mepR8zc6VCVjxCiyGL1QiULRw/Qu5U+Q 8sw45x379bEcIu1SInV5H3yjZMonFjOgEljmG1gq8bpwpUi5lt9gXhx9oaNJap74aw xWxmOt1wAzXn2jCnjUrYVRCXC0ONm++TMeUForqMPkyncIpBCWgA0n503NU1oX9F+P qdHIz3R6B70msIoQIgUHFK43EypLTIZpH/2F52eMyojuHzFplUukL6A/shfIw4ufK3 oz542vZ+n5Scvs0qw08/EUJGQXtIPQSyQcyv307bYeSa6mp4iF6leJdXNOWyHBZI+5 DRPwypK2RjabQ== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id 5D3096013C; Thu, 4 Sep 2025 22:03:18 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id B6C0E202B2F; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 13/14] wireguard: netlink: enable strict genetlink validation Date: Thu, 4 Sep 2025 22:02:47 +0000 Message-ID: <20250904220255.1006675-13-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Wireguard is a modern enough genetlink family, that it doesn't need resv_start_op. It already had policies in place when it was first merged, it has also never used reserved fields, or other things toggled by resv_start_op. [TODO: before v1, also test with ancient wireguard-tools versions] Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- drivers/net/wireguard/netlink.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin= k.c index 0e34817126b9..67c448eef25d 100644 --- a/drivers/net/wireguard/netlink.c +++ b/drivers/net/wireguard/netlink.c @@ -592,7 +592,6 @@ int wireguard_nl_set_device_doit(struct sk_buff *skb, static struct genl_family genl_family __ro_after_init =3D { .split_ops =3D wireguard_nl_ops, .n_split_ops =3D ARRAY_SIZE(wireguard_nl_ops), - .resv_start_op =3D WG_CMD_SET_DEVICE + 1, .name =3D WG_GENL_NAME, .version =3D WG_GENL_VERSION, .module =3D THIS_MODULE, --=20 2.51.0 From nobody Fri Oct 3 05:26:15 2025 Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 26E2A2DE6FA; Thu, 4 Sep 2025 22:03:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=193.104.135.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023411; cv=none; b=VC27VrXnySinll455Bd+sYezG6RWCLqusr2/+2nFz7g85+M56yuETNQ9n5wFuyGShZQkMRjrXcAx17iaJobfRx0C7BKzWLOqXEEdbRrxJi6PvZ/f7cyceck4czdWeTICRLmddLORkvUtyvjU0zHA8Dkqh1uZBLUdv81phDaDQkE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1757023411; c=relaxed/simple; bh=oSNm5eg5gYI2AKFp3yCBDv0gEfrms2mI0sAqlg7aafw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JHs/Fn7XtRdDegB7CAmtiT6T/CJAMJe2A180E7VfmtSb/q1KIiIvrKQ4hswxuW8vMAsNEYBw1woPcUvPt3c9LmxfWYU8GakhZAUJgGgYYlswYuFEUUYl34V7t/IULIPORBt/reda3Ikw/QsCmeqeJG2X1HITWbqle868inrrAsI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net; spf=pass smtp.mailfrom=fiberby.net; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b=fHcq7dvZ; arc=none smtp.client-ip=193.104.135.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=fiberby.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fiberby.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net header.b="fHcq7dvZ" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net; s=202008; t=1757023398; bh=oSNm5eg5gYI2AKFp3yCBDv0gEfrms2mI0sAqlg7aafw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=fHcq7dvZI6pvfn8YL/iDtqOpQcwj+xwC5DO1di5HGCXTjbl78kQhVe0DNSZMfwjKq VRdyUOTMBDLGqCY9EvGXVi9Jx+alo7VSBMaFNyjoeNpsznTLk/3hh3X2+1wtxlKcs3 LRD8A66nzCJDkDXfWLGVAmAk5ZHGrTccrGbEzlgqte93tBB6KV5eIGW7m4Z6XPwYAB dlTpayTugJX9t+AeKLLYc5mkl9wfAZByXV17/RIUIQ19TFrAwtUiuaFjAGxU1M6tXr eHcBH5VVnGV0+ao/HkMZSnCiWcv2oYOsIRyDJoddw1pCGYw+NcIFiO17xs8CLIYPD7 lPUUD1QZbIsYg== Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243]) by mail1.fiberby.net (Postfix) with ESMTPSA id 4F3066013A; Thu, 4 Sep 2025 22:03:18 +0000 (UTC) Received: by x201s (Postfix, from userid 1000) id BFE61202B39; Thu, 04 Sep 2025 22:02:58 +0000 (UTC) From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= To: "Jason A. Donenfeld" , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= , Donald Hunter , Simon Horman , Jacob Keller , Andrew Lunn , wireguard@lists.zx2c4.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC net-next 14/14] tools: ynl: add sample for wireguard Date: Thu, 4 Sep 2025 22:02:48 +0000 Message-ID: <20250904220255.1006675-14-ast@fiberby.net> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20250904-wg-ynl-rfc@fiberby.net> References: <20250904-wg-ynl-rfc@fiberby.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Add a sample application using the generated C library. Example: [install uapi headers, then] $ make -C tools/net/ynl/lib $ make -C tools/net/ynl/generated $ make -C tools/net/ynl/samples wireguard $ ./tools/net/ynl/samples/wireguard usage: ./tools/net/ynl/samples/wireguard $ sudo ./tools/net/ynl/samples/wireguard wg-test Interface 3: wg-test Peer 6adfb183a4a2c94a2f92dab5ade762a4788[...]: Data: rx: 42 / tx: 42 bytes Allowed IPs: 0.0.0.0/0 ::/0 Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen --- MAINTAINERS | 1 + tools/net/ynl/samples/.gitignore | 1 + tools/net/ynl/samples/wireguard.c | 104 ++++++++++++++++++++++++++++++ 3 files changed, 106 insertions(+) create mode 100644 tools/net/ynl/samples/wireguard.c diff --git a/MAINTAINERS b/MAINTAINERS index e8360e4b55c6..dafc374b25d0 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -27171,6 +27171,7 @@ S: Maintained F: Documentation/netlink/specs/wireguard.yaml F: drivers/net/wireguard/ F: include/uapi/linux/wireguard_params.h +F: tools/net/ynl/samples/wireguard.c F: tools/testing/selftests/wireguard/ =20 WISTRON LAPTOP BUTTON DRIVER diff --git a/tools/net/ynl/samples/.gitignore b/tools/net/ynl/samples/.giti= gnore index 7f5fca7682d7..09c61e4c18cd 100644 --- a/tools/net/ynl/samples/.gitignore +++ b/tools/net/ynl/samples/.gitignore @@ -7,3 +7,4 @@ rt-addr rt-link rt-route tc +wireguard diff --git a/tools/net/ynl/samples/wireguard.c b/tools/net/ynl/samples/wire= guard.c new file mode 100644 index 000000000000..f1549e585949 --- /dev/null +++ b/tools/net/ynl/samples/wireguard.c @@ -0,0 +1,104 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include +#include +#include + +#include "wireguard-user.h" + +static void print_allowed_ip(const struct wireguard_wgallowedip *aip) +{ + char addr_out[INET6_ADDRSTRLEN]; + + if (!inet_ntop(aip->family, aip->ipaddr, addr_out, sizeof(addr_out))) { + addr_out[0] =3D '?'; + addr_out[1] =3D '\0'; + } + printf("\t\t\t%s/%u\n", addr_out, aip->cidr_mask); +} + +/* Only printing public key in this demo. For better key formatting, + * use constant-time implementation as found in wireguard-tools. + */ +static void print_peer_header(const struct wireguard_wgpeer *peer) +{ + unsigned int i; + uint8_t *key =3D peer->public_key; + unsigned int len =3D peer->_len.public_key; + + if (len !=3D 32) + return; + printf("\tPeer "); + for (i =3D 0; i < len; i++) + printf("%02x", key[i]); + printf(":\n"); +} + +static void print_peer(const struct wireguard_wgpeer *peer) +{ + unsigned int i; + + print_peer_header(peer); + printf("\t\tData: rx: %llu / tx: %llu bytes\n", + peer->rx_bytes, peer->tx_bytes); + printf("\t\tAllowed IPs:\n"); + for (i =3D 0; i < peer->_count.allowedips; i++) + print_allowed_ip(&peer->allowedips[i]); +} + +static void build_request(struct wireguard_get_device_req *req, char *arg) +{ + char *endptr; + int ifindex; + + ifindex =3D strtol(arg, &endptr, 0); + if (endptr !=3D arg + strlen(arg) || errno !=3D 0) + ifindex =3D 0; + if (ifindex > 0) + wireguard_get_device_req_set_ifindex(req, ifindex); + else + wireguard_get_device_req_set_ifname(req, arg); +} + +int main(int argc, char **argv) +{ + struct wireguard_get_device_list *devs; + struct wireguard_get_device_req *req; + struct ynl_sock *ys; + + if (argc < 2) { + fprintf(stderr, "usage: %s \n", argv[0]); + return 1; + } + + req =3D wireguard_get_device_req_alloc(); + build_request(req, argv[1]); + + ys =3D ynl_sock_create(&ynl_wireguard_family, NULL); + if (!ys) + return 2; + + devs =3D wireguard_get_device_dump(ys, req); + if (!devs) + goto err_close; + + ynl_dump_foreach(devs, d) { + unsigned int i; + + printf("Interface %d: %s\n", d->ifindex, d->ifname); + for (i =3D 0; i < d->_count.peers; i++) + print_peer(&d->peers[i]); + } + wireguard_get_device_list_free(devs); + wireguard_get_device_req_free(req); + ynl_sock_destroy(ys); + + return 0; + +err_close: + fprintf(stderr, "YNL (%d): %s\n", ys->err.code, ys->err.msg); + wireguard_get_device_req_free(req); + ynl_sock_destroy(ys); + return 3; +} --=20 2.51.0