From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id ACF192D23A3;
	Wed, 29 Oct 2025 20:52:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771125; cv=none;
 b=aIw1TI+luK09pRNBh16cJGtKzzaL58/MhWLVYPqQ41DrAKoNLzd0nzhO1rt38GOsgRgZqz/QakhDZCTfGfKAdsYHGNOjI5zP2ocIjUzs8l8ZiSQVbwwgD3VHCi7ygcaRDqyVWe2COCj49RSYXk6TpNVYPO+nNoU1c4rJcpelWhU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771125; c=relaxed/simple;
	bh=ZvnGd3OsRH5v0uE+BlJB6KcPeJ9Xfxdfkx6mAE1wlyg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=D3mdg0YbonC7gB4W8vdlAavR0uCS8FT62CyF/fmB7VBDsfpMP1YjITqVTJCvSQVpmoNKato5j8qcZdXiCRejdGWJgD4APXm3+TS7MCy2QQJeRPE4m9j6AR/jc/I52y4Y8zLn2sv8CSTLZWlsilEu6aVM3oACOhYc7W3EM3gg9Ec=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=Tdw/8eFX; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="Tdw/8eFX"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771115;
	bh=ZvnGd3OsRH5v0uE+BlJB6KcPeJ9Xfxdfkx6mAE1wlyg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=Tdw/8eFXMbGY+seep/Jz0lMMj1hdIQqabslic2z+tUe4+aLGKsXif7rHeizPqsA3m
	 mai/5qLCIfshhCcibCxE5mft2FYdkZkHCnaADw3jtZJ3ajKK/Fe9wV0KJQeilXvltg
	 MfA0lZU7P94X8QMxg7YoMnyLAaacldkv6qc5xlf2ZCgkugzDF65s3I4w4PQ4vNHZDT
	 EAhRtrarcJFL+cK47/88s1ZlB0TgG7L89YmPva+b8Re39aWsrr3K7URAuZhpDyAYTb
	 S1HKPr+RfVmuL/B7jfas5Os/FP+cyNvc6zv4faVRHa/9ZCIvXbaDWuiGvpP6ddaxEa
	 BY95QkXWyUcqw==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 988D6600FF;
	Wed, 29 Oct 2025 20:51:54 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id D5AE02013B8; Wed, 29 Oct 2025 20:51:29 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 01/11] wireguard: netlink: validate nested arrays
 in policy
Date: Wed, 29 Oct 2025 20:51:09 +0000
Message-ID: <20251029205123.286115-2-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Use NLA_POLICY_NESTED_ARRAY() to perform nested array validation
in the policy validation step.

The nested policy was already enforced through nla_parse_nested(),
however extack wasn't passed previously.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index 67f962eb8b46d..9bc76e1bcba2d 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -27,7 +27,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_M=
AX + 1] =3D {
 	[WGDEVICE_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL),
 	[WGDEVICE_A_LISTEN_PORT]	=3D { .type =3D NLA_U16 },
 	[WGDEVICE_A_FWMARK]		=3D { .type =3D NLA_U32 },
-	[WGDEVICE_A_PEERS]		=3D { .type =3D NLA_NESTED }
+	[WGDEVICE_A_PEERS]		=3D NLA_POLICY_NESTED_ARRAY(peer_policy),
 };
=20
 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D {
@@ -39,7 +39,7 @@ static const struct nla_policy peer_policy[WGPEER_A_MAX +=
 1] =3D {
 	[WGPEER_A_LAST_HANDSHAKE_TIME]			=3D NLA_POLICY_EXACT_LEN(sizeof(struct _=
_kernel_timespec)),
 	[WGPEER_A_RX_BYTES]				=3D { .type =3D NLA_U64 },
 	[WGPEER_A_TX_BYTES]				=3D { .type =3D NLA_U64 },
-	[WGPEER_A_ALLOWEDIPS]				=3D { .type =3D NLA_NESTED },
+	[WGPEER_A_ALLOWEDIPS]				=3D NLA_POLICY_NESTED_ARRAY(allowedip_policy),
 	[WGPEER_A_PROTOCOL_VERSION]			=3D { .type =3D NLA_U32 }
 };
=20
@@ -467,7 +467,7 @@ static int set_peer(struct wg_device *wg, struct nlattr=
 **attrs)
=20
 		nla_for_each_nested(attr, attrs[WGPEER_A_ALLOWEDIPS], rem) {
 			ret =3D nla_parse_nested(allowedip, WGALLOWEDIP_A_MAX,
-					       attr, allowedip_policy, NULL);
+					       attr, NULL, NULL);
 			if (ret < 0)
 				goto out;
 			ret =3D set_allowedip(peer, allowedip);
@@ -593,7 +593,7 @@ static int wg_set_device(struct sk_buff *skb, struct ge=
nl_info *info)
=20
 		nla_for_each_nested(attr, info->attrs[WGDEVICE_A_PEERS], rem) {
 			ret =3D nla_parse_nested(peer, WGPEER_A_MAX, attr,
-					       peer_policy, NULL);
+					       NULL, NULL);
 			if (ret < 0)
 				goto out;
 			ret =3D set_peer(wg, peer);
--=20
2.51.0

From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A498E3168E1;
	Wed, 29 Oct 2025 20:52:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771129; cv=none;
 b=LtZeJOBz1bJlFNE7ISs2d+85HY2OrckHVF/+L6pzmaRJUaoU96B770HKcpiYwoJZblEP3mMA2zRenrxc0WVlV45Hyy/EsITvZhc0HedrgCs9T3g2vEJV5Oj09X1+ZngiX1RXys+/f+aPwUnGUiBbQe50/uPvJbLVnaRaIeqTKL0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771129; c=relaxed/simple;
	bh=mX+KG0ZtH0kO1gXWijdTLszb6v8mn2Wja2ffLzJnjLg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=n9OwpWavzdZvblfwgbPu12roKv8BkIFdMV0bUByz/iBlzRxdcAGsXIaUR78/ob4VkB1I36zAQNeSNMVTLMO0/XoUvCp8sfgoBQLaYmJqcnNMruIOdn2IlU5ViImCzkKjjiywITWatwY9ZOmksfcih2cQrI+NkWj9KD73pReSMEU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=KDsxah+r; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="KDsxah+r"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771115;
	bh=mX+KG0ZtH0kO1gXWijdTLszb6v8mn2Wja2ffLzJnjLg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=KDsxah+rRwlKMsodyDSr+4mRXhhscZjUxpem7mEGEPvake452XOBKxnXggACCFacq
	 soOuGFk1dyAUB0ucxBis28tzLw0XQ73ni0Qzr4Xcaf/5qQdlw9GtJJ8WWdUHnSOcvv
	 E3uq+aF4xmgiYIZ+sHYqVySPsrAAvm6IDNNwqL+0ZlezSv2GnDrrkVqXDzTCLqy5RX
	 ivF8ykOYQHpxCF69DuTdfttiylODAETVSVcVPoSGrjunCBTJB4dpGJVLcPm7dXHU3J
	 7EXwM97p4+vMOMQzEYlUa8uA7AlsRNbugrQVxIRxv3Tg22Ey7gnqPbxOn3CszI5ya6
	 x38SluZQG4+pQ==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 3CD646010F;
	Wed, 29 Oct 2025 20:51:55 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id E00B9202A39; Wed, 29 Oct 2025 20:51:29 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 02/11] wireguard: netlink: use WG_KEY_LEN in
 policies
Date: Wed, 29 Oct 2025 20:51:10 +0000
Message-ID: <20251029205123.286115-3-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

When converting the netlink policies to YNL, then the constants
used in the policy has to be visible to user-space.

As NOISE_*_KEY_LEN isn't visible for userspace, then change the
policy to use WG_KEY_LEN, as is also documented in the UAPI header:

$ grep WG_KEY_LEN include/uapi/linux/wireguard.h
 *    WGDEVICE_A_PRIVATE_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
 *    WGDEVICE_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
 *            WGPEER_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
 *            WGPEER_A_PRESHARED_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
 [...]

Add a couple of BUILD_BUG_ON() to ensure that they stay in sync.

No behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index 9bc76e1bcba2d..d36e94220d2c3 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -22,8 +22,8 @@ static struct genl_family genl_family;
 static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] =3D {
 	[WGDEVICE_A_IFINDEX]		=3D { .type =3D NLA_U32 },
 	[WGDEVICE_A_IFNAME]		=3D { .type =3D NLA_NUL_STRING, .len =3D IFNAMSIZ - =
1 },
-	[WGDEVICE_A_PRIVATE_KEY]	=3D NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
-	[WGDEVICE_A_PUBLIC_KEY]		=3D NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
+	[WGDEVICE_A_PRIVATE_KEY]	=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGDEVICE_A_PUBLIC_KEY]		=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
 	[WGDEVICE_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL),
 	[WGDEVICE_A_LISTEN_PORT]	=3D { .type =3D NLA_U16 },
 	[WGDEVICE_A_FWMARK]		=3D { .type =3D NLA_U32 },
@@ -31,8 +31,8 @@ static const struct nla_policy device_policy[WGDEVICE_A_M=
AX + 1] =3D {
 };
=20
 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D {
-	[WGPEER_A_PUBLIC_KEY]				=3D NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
-	[WGPEER_A_PRESHARED_KEY]			=3D NLA_POLICY_EXACT_LEN(NOISE_SYMMETRIC_KEY_L=
EN),
+	[WGPEER_A_PUBLIC_KEY]				=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGPEER_A_PRESHARED_KEY]			=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
 	[WGPEER_A_FLAGS]				=3D NLA_POLICY_MASK(NLA_U32, __WGPEER_F_ALL),
 	[WGPEER_A_ENDPOINT]				=3D NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)),
 	[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]	=3D { .type =3D NLA_U16 },
@@ -642,6 +642,9 @@ static struct genl_family genl_family __ro_after_init =
=3D {
=20
 int __init wg_genetlink_init(void)
 {
+	BUILD_BUG_ON(WG_KEY_LEN !=3D NOISE_PUBLIC_KEY_LEN);
+	BUILD_BUG_ON(WG_KEY_LEN !=3D NOISE_SYMMETRIC_KEY_LEN);
+
 	return genl_register_family(&genl_family);
 }
=20
--=20
2.51.0

From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CE7303168F2;
	Wed, 29 Oct 2025 20:52:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771130; cv=none;
 b=GvD8V2m6AbmhFtySJPklQdvl1O/XT03Cfki5Z+i536tmf887fZ1Xd8Gbjo4WaWFFQV1zj7vbbGoEsrlqJKl6AKLjw5nzjx9F/AO2wBUPRzDaF47BtkUuE+eOKzndgIv9gqFVIRkl3G1stLde+l4FU3NCz2X6YSrL5+v157h/cqQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771130; c=relaxed/simple;
	bh=LOfrWk6ONClCwAMyA52kAi+ma98US5uAFAh1afwodTg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=d+9IF6OrpGcdkivhr2+dsC3r+MJzrdDakNcFr/vVHj/XuT72qUCeNniD/YlzLLdgq4OMuyKel3Nmc0FkmlxbVVykqZLzzi9ljGeuMhXuDFb4cuZnPIl6GY7AJsOT20robUPThR3y76TKjmobQ5MqBN53IZSNzquLLo5syrLFYNc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=unybq+cU; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="unybq+cU"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771115;
	bh=LOfrWk6ONClCwAMyA52kAi+ma98US5uAFAh1afwodTg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=unybq+cU3lKbzBjiuP2eErccpA1Myxpj+7N3axyMbM8w3GhUh63idw2WV8oCTr2aZ
	 1GjoOnv8D3gCCNcW6LtrsU+b1yfOVvGctipt+FJ8wzjjNzo/Ui8TlCQ2a/0iuO4GCJ
	 D2h/icTw7XIIA71JGvqNcpH2Uc/k3054QCoLW0Gwy/TeIPG16XwTz2qqxG/4SXLkrP
	 AkI9NAI/RdNYcFY9yfu2cyivl92MCas4+j0j95jPlM6rBhPafYCK0rb9w8Ld3zpIo0
	 MXyttBLOgruB3wXSAK4vyvVD4YPE3dW7NZIzI7GvQotPCDvzTxUswmuYLcJpdRYtrw
	 RhPoDKjlt6L4A==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 3EE3D60114;
	Wed, 29 Oct 2025 20:51:55 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id EA3EF20308B; Wed, 29 Oct 2025 20:51:29 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 03/11] wireguard: netlink: enable strict genetlink
 validation
Date: Wed, 29 Oct 2025 20:51:11 +0000
Message-ID: <20251029205123.286115-4-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Wireguard is a modern enough genetlink family, that it doesn't
need resv_start_op. It already had policies in place when it was
first merged, it has also never used the reserved field, or other
things toggled by resv_start_op.

wireguard-tools have always used zero initialized memory, and
have never touched the reserved field, neither have any other
clients I have checked. Closed-source clients are much more
likely to use the embeddedable library from wireguard-tools,
than a DIY implementation using uninitialized memory.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index d36e94220d2c3..024d4a6cc74c6 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -631,7 +631,6 @@ static const struct genl_ops genl_ops[] =3D {
 static struct genl_family genl_family __ro_after_init =3D {
 	.ops =3D genl_ops,
 	.n_ops =3D ARRAY_SIZE(genl_ops),
-	.resv_start_op =3D WG_CMD_SET_DEVICE + 1,
 	.name =3D WG_GENL_NAME,
 	.version =3D WG_GENL_VERSION,
 	.maxattr =3D WGDEVICE_A_MAX,
--=20
2.51.0

From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 97C9D30CDA9;
	Wed, 29 Oct 2025 20:52:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771127; cv=none;
 b=Sx5YVuToci4YsKWEybq9WB+0jRbDMbrRrX8Z47FU4oRM9DonjruSv4PyYv6dE3HblGAzkNWfOON3Q9Lf6M1FtprBs6Xk3S6u2ka5BGIWnkwldnCW+Bj2Qe3Ygf8FtAdj4yruAhlTK2SQcVoY9R+6OuzHG+Vi8h6wALTvC/F4xoQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771127; c=relaxed/simple;
	bh=b5YaKJG39UMxPvmTC95gCu1is0/87xMLmdcgzavV/20=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=h3Gf6eztosUAhoW+LpkYi7cqWDGMYaRPorHEEXCepV1CQPZKIIvrNvUx9uuGRaJYZyNzy1MoaarKJe9BqmclEFTFffe0M9xwt+yEz1ht82gLm7JKJ0lC/yFoG3XWQ1Tp5bBKvEbmDYYgeebW5FbHPUps/LlsubSaSrJ1Mv1Zcdw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=VrNyRyS7; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="VrNyRyS7"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771115;
	bh=b5YaKJG39UMxPvmTC95gCu1is0/87xMLmdcgzavV/20=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=VrNyRyS7326Iq74aUsVqvGrnQFqd/8ONVVI5XJdptDgC2PFGp8nUq1Pcly00AcXw3
	 pyQWLljoXcabNt1z98CR9Fllrg7al/v19ZgKwMOn75xk0N76Rp4vCir0pWMq5kAD+H
	 e5T3IprTIewW09aZ97PPl0BNX8Z7OSeDOqxOwgNEWFxKYOcerHK69wvgz0ySILCxp3
	 KRODP8iy6cKFAiqua+MQUYhQOGsydlvWVyi+L/SpZM4dEbNXYzrH+Z07ykUQAJ7ZSs
	 yvgzfx25HuqwlHPqUD1NANUe1DYPswzwfm1hkfUuyx3+ahK49aHQp8ebKCYsckqlRY
	 0ErNgI246c5YQ==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 9BD6460103;
	Wed, 29 Oct 2025 20:51:54 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 00C1A203673; Wed, 29 Oct 2025 20:51:29 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 04/11] netlink: specs: add specification for
 wireguard
Date: Wed, 29 Oct 2025 20:51:12 +0000
Message-ID: <20251029205123.286115-5-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This patch adds an near[1] complete YNL specification for wireguard,
documenting the protocol in a machine-readable format, than the
comment in wireguard.h, and eases usage from C and non-C programming
languages alike.

The generated C library will be featured in the next patch, so in
this patch I will use the in-kernel python client for examples.

This makes the documentation in the UAPI header redundant, and
it is therefore removed. The in-line documentation in the spec,
is based on the existing comment in wireguard.h, and once released
then it will be available in the kernel documentation at:
  https://docs.kernel.org/netlink/specs/wireguard.html
  (until then run: make htmldocs)

Generate wireguard.rst from this spec:
$ make -C tools/net/ynl/generated/ wireguard.rst

Query wireguard interface through pyynl:
$ sudo ./tools/net/ynl/pyynl/cli.py --family wireguard \
                                    --dump get-device \
                                    --json '{"ifindex":3}'
[{'fwmark': 0,
  'ifindex': 3,
  'ifname': 'wg-test',
  'listen-port': 54318,
  'peers': [{0: {'allowedips': [{0: {'cidr-mask': 0,
                                     'family': 2,
                                     'ipaddr': '0.0.0.0'}},
                                {0: {'cidr-mask': 0,
                                     'family': 10,
                                     'ipaddr': '::'}}],
                 'endpoint': b'[...]',
                 'last-handshake-time': {'nsec': 42, 'sec': 42},
                 'persistent-keepalive-interval': 42,
                 'preshared-key': '[...]',
                 'protocol-version': 1,
                 'public-key': '[...]',
                 'rx-bytes': 42,
                 'tx-bytes': 42}}],
  'private-key': '[...]',
  'public-key': '[...]'}]

Add another allowed IP prefix:
$ sudo ./tools/net/ynl/pyynl/cli.py --family wireguard \
  --do set-device --json '{"ifindex":3,"peers":[
    {"public-key":"6a df b1 83 a4 ..","allowedips":[
      {"cidr-mask":0,"family":10,"ipaddr":"::"}]}]}'

[1] As can be seen above, the "endpoint" is only decoded as binary data,
    as it can't be described fully in YNL. It's a struct sockaddr_in or
    struct sockaddr_in6 depending on the attribute length.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 Documentation/netlink/specs/wireguard.yaml | 307 +++++++++++++++++++++
 MAINTAINERS                                |   1 +
 include/uapi/linux/wireguard.h             | 129 ---------
 3 files changed, 308 insertions(+), 129 deletions(-)
 create mode 100644 Documentation/netlink/specs/wireguard.yaml

diff --git a/Documentation/netlink/specs/wireguard.yaml b/Documentation/net=
link/specs/wireguard.yaml
new file mode 100644
index 0000000000000..f3226fa38095e
--- /dev/null
+++ b/Documentation/netlink/specs/wireguard.yaml
@@ -0,0 +1,307 @@
+# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cla=
use)
+---
+name: wireguard
+protocol: genetlink-legacy
+
+doc: |
+  **Netlink protocol to control WireGuard network devices.**
+
+  The below enums and macros are for interfacing with WireGuard,
+  using generic netlink, with family ``WG_GENL_NAME`` and version
+  ``WG_GENL_VERSION``. It defines two commands: get and set.
+  Note that while they share many common attributes, these two
+  commands actually accept a slightly different set of inputs and
+  outputs. These differences are noted under the individual attributes.
+c-family-name: wg-genl-name
+c-version-name: wg-genl-version
+max-by-define: true
+
+definitions:
+  -
+    name-prefix: wg-
+    name: key-len
+    type: const
+    value: 32
+  -
+    name: --kernel-timespec
+    type: struct
+    header: linux/time_types.h
+    members:
+      -
+        name: sec
+        type: u64
+        doc: Number of seconds, since UNIX epoch.
+      -
+        name: nsec
+        type: u64
+        doc: Number of nanoseconds, after the second began.
+  -
+    name: wgdevice-flags
+    name-prefix: wgdevice-f-
+    enum-name: wgdevice-flag
+    type: flags
+    entries:
+      - replace-peers
+  -
+    name: wgpeer-flags
+    name-prefix: wgpeer-f-
+    enum-name: wgpeer-flag
+    type: flags
+    entries:
+      - remove-me
+      - replace-allowedips
+      - update-only
+  -
+    name: wgallowedip-flags
+    name-prefix: wgallowedip-f-
+    enum-name: wgallowedip-flag
+    type: flags
+    entries:
+      - remove-me
+
+attribute-sets:
+  -
+    name: wgdevice
+    enum-name: wgdevice-attribute
+    name-prefix: wgdevice-a-
+    attr-cnt-name: --wgdevice-a-last
+    attributes:
+      -
+        name: unspec
+        type: unused
+        value: 0
+      -
+        name: ifindex
+        type: u32
+      -
+        name: ifname
+        type: string
+        checks:
+          max-len: 15
+      -
+        name: private-key
+        type: binary
+        doc: Set to all zeros to remove.
+        display-hint: hex
+        checks:
+          exact-len: wg-key-len
+      -
+        name: public-key
+        type: binary
+        display-hint: hex
+        checks:
+          exact-len: wg-key-len
+      -
+        name: flags
+        doc: |
+          ``0`` or ``WGDEVICE_F_REPLACE_PEERS`` if all current peers
+          should be removed prior to adding the list below.
+        type: u32
+        enum: wgdevice-flags
+        checks:
+          flags-mask: wgdevice-flags
+      -
+        name: listen-port
+        type: u16
+        doc: Set as ``0`` to choose randomly.
+      -
+        name: fwmark
+        type: u32
+        doc: Set as ``0`` to disable.
+      -
+        name: peers
+        type: indexed-array
+        sub-type: nest
+        nested-attributes: wgpeer
+        doc: The index is set as ``0`` in ``DUMP``, and unused in ``DO``.
+  -
+    name: wgpeer
+    enum-name: wgpeer-attribute
+    name-prefix: wgpeer-a-
+    attr-cnt-name: --wgpeer-a-last
+    attributes:
+      -
+        name: unspec
+        type: unused
+        value: 0
+      -
+        name: public-key
+        type: binary
+        display-hint: hex
+        checks:
+          exact-len: wg-key-len
+      -
+        name: preshared-key
+        type: binary
+        doc: Set as all zeros to remove.
+        display-hint: hex
+        checks:
+          exact-len: wg-key-len
+      -
+        name: flags
+        doc: |
+          ``0`` and/or ``WGPEER_F_REMOVE_ME`` if the specified peer should=
 not
+          exist at the end of the operation, rather than added/updated
+          and/or ``WGPEER_F_REPLACE_ALLOWEDIPS`` if all current allowed IPs
+          of this peer should be removed prior to adding the list below
+          and/or ``WGPEER_F_UPDATE_ONLY`` if the peer should only be set if
+          it already exists.
+        type: u32
+        enum: wgpeer-flags
+        checks:
+          flags-mask: wgpeer-flags
+      -
+        name: endpoint
+        doc: struct sockaddr_in or struct sockaddr_in6
+        type: binary
+        checks:
+          min-len: 16
+      -
+        name: persistent-keepalive-interval
+        type: u16
+        doc: Set as ``0`` to disable.
+      -
+        name: last-handshake-time
+        type: binary
+        struct: --kernel-timespec
+        checks:
+          exact-len: 16
+      -
+        name: rx-bytes
+        type: u64
+      -
+        name: tx-bytes
+        type: u64
+      -
+        name: allowedips
+        type: indexed-array
+        sub-type: nest
+        nested-attributes: wgallowedip
+        doc: The index is set as ``0`` in ``DUMP``, and unused in ``DO``.
+      -
+        name: protocol-version
+        type: u32
+        doc: |
+          Should not be set or used at all by most users of this API,
+          as the most recent protocol will be used when this is unset.
+          Otherwise, must be set to ``1``.
+  -
+    name: wgallowedip
+    enum-name: wgallowedip-attribute
+    name-prefix: wgallowedip-a-
+    attr-cnt-name: --wgallowedip-a-last
+    attributes:
+      -
+        name: unspec
+        type: unused
+        value: 0
+      -
+        name: family
+        type: u16
+        doc: IP family, either ``AF_INET`` or ``AF_INET6``.
+      -
+        name: ipaddr
+        type: binary
+        doc: Either ``struct in_addr`` or ``struct in6_addr``.
+        display-hint: ipv4-or-v6
+        checks:
+          min-len: 4
+      -
+        name: cidr-mask
+        type: u8
+      -
+        name: flags
+        type: u32
+        doc: |
+          ``WGALLOWEDIP_F_REMOVE_ME`` if the specified IP should be
+          removed; otherwise, this IP will be added if it is not
+          already present.
+        enum: wgallowedip-flags
+        checks:
+          flags-mask: wgallowedip-flags
+
+operations:
+  enum-name: wg-cmd
+  name-prefix: wg-cmd-
+  list:
+    -
+      name: get-device
+      value: 0
+      doc: |
+        Retrieve WireGuard device
+        ~~~~~~~~~~~~~~~~~~~~~~~~~
+
+        The command should be called with one but not both of:
+
+        - ``WGDEVICE_A_IFINDEX``
+        - ``WGDEVICE_A_IFNAME``
+
+        The kernel will then return several messages (``NLM_F_MULTI``).
+        It is possible that all of the allowed IPs of a single peer
+        will not fit within a single netlink message. In that case, the
+        same peer will be written in the following message, except it will
+        only contain ``WGPEER_A_PUBLIC_KEY`` and ``WGPEER_A_ALLOWEDIPS``.
+        This may occur several times in a row for the same peer.
+        It is then up to the receiver to coalesce adjacent peers.
+        Likewise, it is possible that all peers will not fit within a
+        single message.
+        So, subsequent peers will be sent in following messages,
+        except those will only contain ``WGDEVICE_A_IFNAME`` and
+        ``WGDEVICE_A_PEERS``. It is then up to the receiver to coalesce
+        these messages to form the complete list of peers.
+
+        While this command does accept the other ``WGDEVICE_A_*``
+        attributes, for compatibility reasons, but they are ignored
+        by this command, and should not be used in requests.
+
+        Since this is an ``NLA_F_DUMP`` command, the final message will
+        always be ``NLMSG_DONE``, even if an error occurs. However, this
+        ``NLMSG_DONE`` message contains an integer error code. It is
+        either zero or a negative error code corresponding to the errno.
+      attribute-set: wgdevice
+      flags: [uns-admin-perm]
+
+      dump:
+        pre: wireguard-nl-get-device-start
+        post: wireguard-nl-get-device-done
+        # request only uses ifindex | ifname, but keep .maxattr as is
+        request: &all-attrs
+          attributes:
+            - ifindex
+            - ifname
+            - private-key
+            - public-key
+            - flags
+            - listen-port
+            - fwmark
+            - peers
+        reply: *all-attrs
+    -
+      name: set-device
+      value: 1
+      doc: |
+        Set WireGuard device
+        ~~~~~~~~~~~~~~~~~~~~
+
+        This command should be called with a wgdevice set, containing one
+        but not both of ``WGDEVICE_A_IFINDEX`` and ``WGDEVICE_A_IFNAME``.
+
+        It is possible that the amount of configuration data exceeds that
+        of the maximum message length accepted by the kernel.
+        In that case, several messages should be sent one after another,
+        with each successive one filling in information not contained in
+        the prior.
+        Note that if ``WGDEVICE_F_REPLACE_PEERS`` is specified in the first
+        message, it probably should not be specified in fragments that come
+        after, so that the list of peers is only cleared the first time but
+        appended after.
+        Likewise for peers, if ``WGPEER_F_REPLACE_ALLOWEDIPS`` is specified
+        in the first message of a peer, it likely should not be specified
+        in subsequent fragments.
+
+        If an error occurs, ``NLMSG_ERROR`` will reply containing an errno.
+      attribute-set: wgdevice
+      flags: [uns-admin-perm]
+
+      do:
+        request: *all-attrs
diff --git a/MAINTAINERS b/MAINTAINERS
index d652f4f27756e..1bceeb4f5d122 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -27630,6 +27630,7 @@ M:	Jason A. Donenfeld <Jason@zx2c4.com>
 L:	wireguard@lists.zx2c4.com
 L:	netdev@vger.kernel.org
 S:	Maintained
+F:	Documentation/netlink/specs/wireguard.yaml
 F:	drivers/net/wireguard/
 F:	tools/testing/selftests/wireguard/
=20
diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h
index 8c26391196d50..dee4401e0b5df 100644
--- a/include/uapi/linux/wireguard.h
+++ b/include/uapi/linux/wireguard.h
@@ -1,135 +1,6 @@
 /* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR MIT */
 /*
  * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Right=
s Reserved.
- *
- * Documentation
- * =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
- *
- * The below enums and macros are for interfacing with WireGuard, using ge=
neric
- * netlink, with family WG_GENL_NAME and version WG_GENL_VERSION. It defin=
es two
- * methods: get and set. Note that while they share many common attributes,
- * these two functions actually accept a slightly different set of inputs =
and
- * outputs.
- *
- * WG_CMD_GET_DEVICE
- * -----------------
- *
- * May only be called via NLM_F_REQUEST | NLM_F_DUMP. The command should c=
ontain
- * one but not both of:
- *
- *    WGDEVICE_A_IFINDEX: NLA_U32
- *    WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1
- *
- * The kernel will then return several messages (NLM_F_MULTI) containing t=
he
- * following tree of nested items:
- *
- *    WGDEVICE_A_IFINDEX: NLA_U32
- *    WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1
- *    WGDEVICE_A_PRIVATE_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
- *    WGDEVICE_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
- *    WGDEVICE_A_LISTEN_PORT: NLA_U16
- *    WGDEVICE_A_FWMARK: NLA_U32
- *    WGDEVICE_A_PEERS: NLA_NESTED
- *        0: NLA_NESTED
- *            WGPEER_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
- *            WGPEER_A_PRESHARED_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
- *            WGPEER_A_ENDPOINT: NLA_MIN_LEN(struct sockaddr), struct sock=
addr_in or struct sockaddr_in6
- *            WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: NLA_U16
- *            WGPEER_A_LAST_HANDSHAKE_TIME: NLA_EXACT_LEN, struct __kernel=
_timespec
- *            WGPEER_A_RX_BYTES: NLA_U64
- *            WGPEER_A_TX_BYTES: NLA_U64
- *            WGPEER_A_ALLOWEDIPS: NLA_NESTED
- *                0: NLA_NESTED
- *                    WGALLOWEDIP_A_FAMILY: NLA_U16
- *                    WGALLOWEDIP_A_IPADDR: NLA_MIN_LEN(struct in_addr), s=
truct in_addr or struct in6_addr
- *                    WGALLOWEDIP_A_CIDR_MASK: NLA_U8
- *                0: NLA_NESTED
- *                    ...
- *                0: NLA_NESTED
- *                    ...
- *                ...
- *            WGPEER_A_PROTOCOL_VERSION: NLA_U32
- *        0: NLA_NESTED
- *            ...
- *        ...
- *
- * It is possible that all of the allowed IPs of a single peer will not
- * fit within a single netlink message. In that case, the same peer will
- * be written in the following message, except it will only contain
- * WGPEER_A_PUBLIC_KEY and WGPEER_A_ALLOWEDIPS. This may occur several
- * times in a row for the same peer. It is then up to the receiver to
- * coalesce adjacent peers. Likewise, it is possible that all peers will
- * not fit within a single message. So, subsequent peers will be sent
- * in following messages, except those will only contain WGDEVICE_A_IFNAME
- * and WGDEVICE_A_PEERS. It is then up to the receiver to coalesce these
- * messages to form the complete list of peers.
- *
- * Since this is an NLA_F_DUMP command, the final message will always be
- * NLMSG_DONE, even if an error occurs. However, this NLMSG_DONE message
- * contains an integer error code. It is either zero or a negative error
- * code corresponding to the errno.
- *
- * WG_CMD_SET_DEVICE
- * -----------------
- *
- * May only be called via NLM_F_REQUEST. The command should contain the
- * following tree of nested items, containing one but not both of
- * WGDEVICE_A_IFINDEX and WGDEVICE_A_IFNAME:
- *
- *    WGDEVICE_A_IFINDEX: NLA_U32
- *    WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1
- *    WGDEVICE_A_FLAGS: NLA_U32, 0 or WGDEVICE_F_REPLACE_PEERS if all curr=
ent
- *                      peers should be removed prior to adding the list b=
elow.
- *    WGDEVICE_A_PRIVATE_KEY: len WG_KEY_LEN, all zeros to remove
- *    WGDEVICE_A_LISTEN_PORT: NLA_U16, 0 to choose randomly
- *    WGDEVICE_A_FWMARK: NLA_U32, 0 to disable
- *    WGDEVICE_A_PEERS: NLA_NESTED
- *        0: NLA_NESTED
- *            WGPEER_A_PUBLIC_KEY: len WG_KEY_LEN
- *            WGPEER_A_FLAGS: NLA_U32, 0 and/or WGPEER_F_REMOVE_ME if the
- *                            specified peer should not exist at the end o=
f the
- *                            operation, rather than added/updated and/or
- *                            WGPEER_F_REPLACE_ALLOWEDIPS if all current a=
llowed
- *                            IPs of this peer should be removed prior to =
adding
- *                            the list below and/or WGPEER_F_UPDATE_ONLY i=
f the
- *                            peer should only be set if it already exists.
- *            WGPEER_A_PRESHARED_KEY: len WG_KEY_LEN, all zeros to remove
- *            WGPEER_A_ENDPOINT: struct sockaddr_in or struct sockaddr_in6
- *            WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: NLA_U16, 0 to disable
- *            WGPEER_A_ALLOWEDIPS: NLA_NESTED
- *                0: NLA_NESTED
- *                    WGALLOWEDIP_A_FAMILY: NLA_U16
- *                    WGALLOWEDIP_A_IPADDR: struct in_addr or struct in6_a=
ddr
- *                    WGALLOWEDIP_A_CIDR_MASK: NLA_U8
- *                    WGALLOWEDIP_A_FLAGS: NLA_U32, WGALLOWEDIP_F_REMOVE_M=
E if
- *                                         the specified IP should be remo=
ved;
- *                                         otherwise, this IP will be adde=
d if
- *                                         it is not already present.
- *                0: NLA_NESTED
- *                    ...
- *                0: NLA_NESTED
- *                    ...
- *                ...
- *            WGPEER_A_PROTOCOL_VERSION: NLA_U32, should not be set or use=
d at
- *                                       all by most users of this API, as=
 the
- *                                       most recent protocol will be used=
 when
- *                                       this is unset. Otherwise, must be=
 set
- *                                       to 1.
- *        0: NLA_NESTED
- *            ...
- *        ...
- *
- * It is possible that the amount of configuration data exceeds that of
- * the maximum message length accepted by the kernel. In that case, several
- * messages should be sent one after another, with each successive one
- * filling in information not contained in the prior. Note that if
- * WGDEVICE_F_REPLACE_PEERS is specified in the first message, it probably
- * should not be specified in fragments that come after, so that the list
- * of peers is only cleared the first time but appended after. Likewise for
- * peers, if WGPEER_F_REPLACE_ALLOWEDIPS is specified in the first message
- * of a peer, it likely should not be specified in subsequent fragments.
- *
- * If an error occurs, NLMSG_ERROR will reply containing an errno.
  */
=20
 #ifndef _WG_UAPI_WIREGUARD_H
--=20
2.51.0

From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 97D2630DD31;
	Wed, 29 Oct 2025 20:52:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771126; cv=none;
 b=OoL8zsqnbUeuDOePRrHmUgYvZQs+nnqiJqYKfuQBC3dKAgFd2PvGPvGSkvLfXK1gFBf3T6w6Jxfao6lCJ1vMi7E8BCnzSrhUSTqj5/5Dnwtud1VVWIW+P6JYgaG9RoRf2gomLSWUhVUiKG/bb5Vvhz1+QdoZ05H9PpjjPAY2I2M=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771126; c=relaxed/simple;
	bh=VsJkIxyltTnLVhbvSgT+VbQ/mFovyCNU0Z7zTprAFvE=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=Nc9QjPi6UnLGRGxHFX4xR8zQPWrA9aoZSEZmQCosCYu6b9liYYNe6S1462LpyvUEsQCBFtfOldt54p2r+ewUpjbEnzqfSziCYSDmLEVFBT3oR/Z+gmxdm+GqIZtGilaCGoUBBMF5EyT2dHPqteWCBh5uUjdeHqyQVbNcghKfeiA=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=Aw+EHsEr; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="Aw+EHsEr"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771115;
	bh=VsJkIxyltTnLVhbvSgT+VbQ/mFovyCNU0Z7zTprAFvE=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=Aw+EHsErWuFEy9uJ5Ax1oeHacoQHAv+sfaDKyLIPHns0UB280bJNLd/TEt9MY8hze
	 6Ht7IjFpbObyERKmSzLI3xFukYy8y2jXxxE1CopzR8FAUKz4K4Kc0D7R4nUrOEEK2b
	 dfYpkrA1xCnybXDPe9Kr/ZyZhgSxkMf5FxovD0OTk707ZfjFyb95gLJCtRlRUTAH80
	 J8Jo06TYMrlYwC/ItaQmQQ1e2hfyT4rQIABVMMHlh01aoFgJTmwb9eS0AR57Yc0AxL
	 yL+IjguV/IYooRXxHUnOYSSSIfjlNAnjFtRqtj4ov8N8laPfoCTcaY/YpJymNnf4UY
	 M8VvA9dWZBZRQ==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 9601E600FC;
	Wed, 29 Oct 2025 20:51:54 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 0A1D8203CA2; Wed, 29 Oct 2025 20:51:30 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 05/11] uapi: wireguard: move enum wg_cmd
Date: Wed, 29 Oct 2025 20:51:13 +0000
Message-ID: <20251029205123.286115-6-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This patch moves enum wg_cmd to the end of the file, where
ynl-gen would like to generate it.

This is an incremental step towards adopting an UAPI header
generated by ynl-gen. This is split out to keep the patches readable.

This is a trivial patch with no behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 include/uapi/linux/wireguard.h | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h
index dee4401e0b5df..3ebfffd61269a 100644
--- a/include/uapi/linux/wireguard.h
+++ b/include/uapi/linux/wireguard.h
@@ -11,13 +11,6 @@
=20
 #define WG_KEY_LEN 32
=20
-enum wg_cmd {
-	WG_CMD_GET_DEVICE,
-	WG_CMD_SET_DEVICE,
-	__WG_CMD_MAX
-};
-#define WG_CMD_MAX (__WG_CMD_MAX - 1)
-
 enum wgdevice_flag {
 	WGDEVICE_F_REPLACE_PEERS =3D 1U << 0,
 	__WGDEVICE_F_ALL =3D WGDEVICE_F_REPLACE_PEERS
@@ -73,4 +66,12 @@ enum wgallowedip_attribute {
 };
 #define WGALLOWEDIP_A_MAX (__WGALLOWEDIP_A_LAST - 1)
=20
+enum wg_cmd {
+	WG_CMD_GET_DEVICE,
+	WG_CMD_SET_DEVICE,
+
+	__WG_CMD_MAX
+};
+#define WG_CMD_MAX (__WG_CMD_MAX - 1)
+
 #endif /* _WG_UAPI_WIREGUARD_H */
--=20
2.51.0

From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EDBFD1805E;
	Wed, 29 Oct 2025 20:52:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771125; cv=none;
 b=JGwuhRxNoxp+oY0pdnFXp3mv6Y6bK1HcQFzHHKLCuH8j8+W+Py79rv4WEcQ7Hr8LBmQXAyLWle+dpZemVtDmmCC+639NLbNCVOA2zjRUgfmOkD3l7cieGdd/yYh9kRJue32+Q3dPpY4lCgswCBwwHPU4utdxn3usz99Ri7Zjp4Q=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771125; c=relaxed/simple;
	bh=Q4r+8tw3iUlpircGyKS82M6l99VZlCjoo2D6/aMSs8Q=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=Ol2THUK/WiFSvAcdw+NbqwBvi2gsNN1bcR6f+XTeC6HdGqop1WtmrdCidz5BGqL15kjjiIK1W9HpWvfxtmshPLHDVUoxup740FrIPRjlaaqg1fk7kJqY61RoVJlw3w6gTVHJRsev4xqHNApz1tO7Yy3WHpNQaSeGo4XXEsWid+s=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=KiUgIivO; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="KiUgIivO"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771115;
	bh=Q4r+8tw3iUlpircGyKS82M6l99VZlCjoo2D6/aMSs8Q=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=KiUgIivOJTjUw0ybQWEjWfjAGiYd+9bmrN9hgAkh8NvhP/L6mo562D6QvVpE8QjrB
	 Cq7OgHSOAKTWH50b8wy3631pAIf1AEEH1bsVVZH31wN/Jzx6dzAEBig8GtNajqRpGU
	 R6Wh7f8cxmgT0izV0p2tpSHK5eArk72Hvapqi9CG9+OQDyUH9Kskm6QAF4wcPH7Gry
	 6KDpoy2Qt1WqY022Ykvt8uCieMQmS5lvN9SC6MaQcudQeGK84fK/WCuVME1HPwburj
	 r4ETTWdiyRPgr71EZCzauW8fNBD2OYpGYyXOsHddUkyivZ4pka/d7AHzalFLK4TJwp
	 dt1JnVySZcCdw==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 93211600C1;
	Wed, 29 Oct 2025 20:51:54 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 13BA0204DBC; Wed, 29 Oct 2025 20:51:30 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 06/11] uapi: wireguard: move flag enums
Date: Wed, 29 Oct 2025 20:51:14 +0000
Message-ID: <20251029205123.286115-7-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Move the wg*_flag enums, so that they are defined above the
attribute set enums, as ynl-gen would place them.

This is an incremental step towards adopting an UAPI header
generated by ynl-gen. This is split out to keep the patches readable.

This is a trivial patch with no behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 include/uapi/linux/wireguard.h | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h
index 3ebfffd61269a..a2815f4f29104 100644
--- a/include/uapi/linux/wireguard.h
+++ b/include/uapi/linux/wireguard.h
@@ -15,6 +15,20 @@ enum wgdevice_flag {
 	WGDEVICE_F_REPLACE_PEERS =3D 1U << 0,
 	__WGDEVICE_F_ALL =3D WGDEVICE_F_REPLACE_PEERS
 };
+
+enum wgpeer_flag {
+	WGPEER_F_REMOVE_ME =3D 1U << 0,
+	WGPEER_F_REPLACE_ALLOWEDIPS =3D 1U << 1,
+	WGPEER_F_UPDATE_ONLY =3D 1U << 2,
+	__WGPEER_F_ALL =3D WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS |
+			 WGPEER_F_UPDATE_ONLY
+};
+
+enum wgallowedip_flag {
+	WGALLOWEDIP_F_REMOVE_ME =3D 1U << 0,
+	__WGALLOWEDIP_F_ALL =3D WGALLOWEDIP_F_REMOVE_ME
+};
+
 enum wgdevice_attribute {
 	WGDEVICE_A_UNSPEC,
 	WGDEVICE_A_IFINDEX,
@@ -29,13 +43,6 @@ enum wgdevice_attribute {
 };
 #define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1)
=20
-enum wgpeer_flag {
-	WGPEER_F_REMOVE_ME =3D 1U << 0,
-	WGPEER_F_REPLACE_ALLOWEDIPS =3D 1U << 1,
-	WGPEER_F_UPDATE_ONLY =3D 1U << 2,
-	__WGPEER_F_ALL =3D WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS |
-			 WGPEER_F_UPDATE_ONLY
-};
 enum wgpeer_attribute {
 	WGPEER_A_UNSPEC,
 	WGPEER_A_PUBLIC_KEY,
@@ -52,10 +59,6 @@ enum wgpeer_attribute {
 };
 #define WGPEER_A_MAX (__WGPEER_A_LAST - 1)
=20
-enum wgallowedip_flag {
-	WGALLOWEDIP_F_REMOVE_ME =3D 1U << 0,
-	__WGALLOWEDIP_F_ALL =3D WGALLOWEDIP_F_REMOVE_ME
-};
 enum wgallowedip_attribute {
 	WGALLOWEDIP_A_UNSPEC,
 	WGALLOWEDIP_A_FAMILY,
--=20
2.51.0

From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3679C314D0B;
	Wed, 29 Oct 2025 20:52:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771129; cv=none;
 b=roBi3WTPrhKswS+bE/e9ScvVcBM13P+YW1X6NhcuizKc8BBMpzwOjXJlZGG32Nw3wiJWiLgDwFIPRVhUSLnP0VBkHrTvqCoi3fyL8Szl2dvH1JB1zy4qiHUyGh2c/Iu6v00TVtMqrsxKOKjo6LCiDKoAOT79WSRHH88EPBAq/ys=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771129; c=relaxed/simple;
	bh=N4BL8TP+6n+IZPExEfQmGYj3Rfu4pwie7RKJNiq0TnY=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=WbjLZ/inQK9KIuHNHlwM8DcG1LzhN9dS9IoFQi/ax8COEFNHJ7DB14Yyc3i+QltPpfH8T7iUhSgQfuIOFDHrxKSwCU/z5jpVRPrJ7GwtWaIMjKg1hFHkbwdSf1aLLNl1bZgde6/2O7+aPfqBvWMF9hxkUUouA/A1FDXuE0p90ek=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=dqYzqYc/; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="dqYzqYc/"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771115;
	bh=N4BL8TP+6n+IZPExEfQmGYj3Rfu4pwie7RKJNiq0TnY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=dqYzqYc/dnD/eD0mjCTl81RhCzah/PSf0hglvUx+Njw0fu2ik1rGMGHzizg6Ax7BD
	 fO4NfcMZOAjtBP9+fGK08oengQyBYGjiJopge2J8U6kwtf+TzSoIu/ILxOY0qgycgW
	 Q8m8YvsBnUOhwMvDzrPhHNK5YuPestecHqaiRFvO8Hb9k2HO3nsT792H8zFTP1BBsO
	 q5NAInqCdEjwb9QV7CnD46gGfs4ZPltrRRIfqgm6Of9N0aqndItS1/e21TYsgI7Rj7
	 g6KI/cin8bdK0CMFcwKeSTeKW1zoWRh9zWxElB6gVhun/c2Gci4Ozficjf4C32lAs0
	 /Fq3kllIdmT9w==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 2A0A160109;
	Wed, 29 Oct 2025 20:51:55 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 1CA0E204FBF; Wed, 29 Oct 2025 20:51:30 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 07/11] uapi: wireguard: generate header with
 ynl-gen
Date: Wed, 29 Oct 2025 20:51:15 +0000
Message-ID: <20251029205123.286115-8-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Use ynl-gen to generate the UAPI header for wireguard.

The cosmetic changes in this patch, confirms that the spec is aligned
with the implementation, and ensures that it stays in sync.

Changes in generated header:
* Trivial include guard rename.
* Trivial white space changes.
* Trivial comment changes.
* Precompute bitflags in ynl-gen (see [1]).
* Drop __*_F_ALL constants (see [1]).

[1] https://lore.kernel.org/r/20251014123201.6ecfd146@kernel.org/

No behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c |  6 +++---
 include/uapi/linux/wireguard.h  | 37 ++++++++++++++++-----------------
 2 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index 024d4a6cc74c6..86333c263e6a5 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -24,7 +24,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_M=
AX + 1] =3D {
 	[WGDEVICE_A_IFNAME]		=3D { .type =3D NLA_NUL_STRING, .len =3D IFNAMSIZ - =
1 },
 	[WGDEVICE_A_PRIVATE_KEY]	=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
 	[WGDEVICE_A_PUBLIC_KEY]		=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGDEVICE_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL),
+	[WGDEVICE_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, 0x1),
 	[WGDEVICE_A_LISTEN_PORT]	=3D { .type =3D NLA_U16 },
 	[WGDEVICE_A_FWMARK]		=3D { .type =3D NLA_U32 },
 	[WGDEVICE_A_PEERS]		=3D NLA_POLICY_NESTED_ARRAY(peer_policy),
@@ -33,7 +33,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_M=
AX + 1] =3D {
 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D {
 	[WGPEER_A_PUBLIC_KEY]				=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
 	[WGPEER_A_PRESHARED_KEY]			=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGPEER_A_FLAGS]				=3D NLA_POLICY_MASK(NLA_U32, __WGPEER_F_ALL),
+	[WGPEER_A_FLAGS]				=3D NLA_POLICY_MASK(NLA_U32, 0x7),
 	[WGPEER_A_ENDPOINT]				=3D NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)),
 	[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]	=3D { .type =3D NLA_U16 },
 	[WGPEER_A_LAST_HANDSHAKE_TIME]			=3D NLA_POLICY_EXACT_LEN(sizeof(struct _=
_kernel_timespec)),
@@ -47,7 +47,7 @@ static const struct nla_policy allowedip_policy[WGALLOWED=
IP_A_MAX + 1] =3D {
 	[WGALLOWEDIP_A_FAMILY]		=3D { .type =3D NLA_U16 },
 	[WGALLOWEDIP_A_IPADDR]		=3D NLA_POLICY_MIN_LEN(sizeof(struct in_addr)),
 	[WGALLOWEDIP_A_CIDR_MASK]	=3D { .type =3D NLA_U8 },
-	[WGALLOWEDIP_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, __WGALLOWEDIP_F_ALL),
+	[WGALLOWEDIP_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, 0x1),
 };
=20
 static struct wg_device *lookup_interface(struct nlattr **attrs,
diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h
index a2815f4f29104..dc3924d0c5524 100644
--- a/include/uapi/linux/wireguard.h
+++ b/include/uapi/linux/wireguard.h
@@ -1,32 +1,28 @@
-/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR MIT */
-/*
- * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Right=
s Reserved.
- */
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl=
ause) */
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/wireguard.yaml */
+/* YNL-GEN uapi header */
=20
-#ifndef _WG_UAPI_WIREGUARD_H
-#define _WG_UAPI_WIREGUARD_H
+#ifndef _UAPI_LINUX_WIREGUARD_H
+#define _UAPI_LINUX_WIREGUARD_H
=20
-#define WG_GENL_NAME "wireguard"
-#define WG_GENL_VERSION 1
+#define WG_GENL_NAME	"wireguard"
+#define WG_GENL_VERSION	1
=20
-#define WG_KEY_LEN 32
+#define WG_KEY_LEN	32
=20
 enum wgdevice_flag {
-	WGDEVICE_F_REPLACE_PEERS =3D 1U << 0,
-	__WGDEVICE_F_ALL =3D WGDEVICE_F_REPLACE_PEERS
+	WGDEVICE_F_REPLACE_PEERS =3D 1,
 };
=20
 enum wgpeer_flag {
-	WGPEER_F_REMOVE_ME =3D 1U << 0,
-	WGPEER_F_REPLACE_ALLOWEDIPS =3D 1U << 1,
-	WGPEER_F_UPDATE_ONLY =3D 1U << 2,
-	__WGPEER_F_ALL =3D WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS |
-			 WGPEER_F_UPDATE_ONLY
+	WGPEER_F_REMOVE_ME =3D 1,
+	WGPEER_F_REPLACE_ALLOWEDIPS =3D 2,
+	WGPEER_F_UPDATE_ONLY =3D 4,
 };
=20
 enum wgallowedip_flag {
-	WGALLOWEDIP_F_REMOVE_ME =3D 1U << 0,
-	__WGALLOWEDIP_F_ALL =3D WGALLOWEDIP_F_REMOVE_ME
+	WGALLOWEDIP_F_REMOVE_ME =3D 1,
 };
=20
 enum wgdevice_attribute {
@@ -39,6 +35,7 @@ enum wgdevice_attribute {
 	WGDEVICE_A_LISTEN_PORT,
 	WGDEVICE_A_FWMARK,
 	WGDEVICE_A_PEERS,
+
 	__WGDEVICE_A_LAST
 };
 #define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1)
@@ -55,6 +52,7 @@ enum wgpeer_attribute {
 	WGPEER_A_TX_BYTES,
 	WGPEER_A_ALLOWEDIPS,
 	WGPEER_A_PROTOCOL_VERSION,
+
 	__WGPEER_A_LAST
 };
 #define WGPEER_A_MAX (__WGPEER_A_LAST - 1)
@@ -65,6 +63,7 @@ enum wgallowedip_attribute {
 	WGALLOWEDIP_A_IPADDR,
 	WGALLOWEDIP_A_CIDR_MASK,
 	WGALLOWEDIP_A_FLAGS,
+
 	__WGALLOWEDIP_A_LAST
 };
 #define WGALLOWEDIP_A_MAX (__WGALLOWEDIP_A_LAST - 1)
@@ -77,4 +76,4 @@ enum wg_cmd {
 };
 #define WG_CMD_MAX (__WG_CMD_MAX - 1)
=20
-#endif /* _WG_UAPI_WIREGUARD_H */
+#endif /* _UAPI_LINUX_WIREGUARD_H */
--=20
2.51.0

From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A2AD23161B9;
	Wed, 29 Oct 2025 20:52:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771130; cv=none;
 b=quNnNC3X1Jx2QCvnm+NQOOvaXSCYn4BD6tNC8SEgcAfDx/6WNO176QjVq27GjsHnBUHiMZHGc3cNjLe7nc0ONFhBMws48cMz7X3GaDBdKuDNpJ0GVWE3GV2PX3sBcyI+T5gdTKTVb3U2tprUBphOJ1d/YyVO0Ye6z95bwyRDYyc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771130; c=relaxed/simple;
	bh=5pTRIlOaXCnvQr9a+6pDQBfAYdxnSC8s8hd2C76jPPg=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=CK8k1VDXX4ivh0URBxF9IwiDpPnnpxK48wEVPY/FS6CL30TGePCpn7/zQyUoXZ1YeX8Lb88cK7Dp4H2n0MoVwnydK2E02XSVNJwMJo/SsIstZJmkC0nv3kpKkForR8X4jcIcXKlNFJ9i006hSOQOIQZd1Bo7SudrabEE0Ae10GQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=LPmGxZIH; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="LPmGxZIH"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771115;
	bh=5pTRIlOaXCnvQr9a+6pDQBfAYdxnSC8s8hd2C76jPPg=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=LPmGxZIHaHnGFYdwh2l6dTCfrjKGbjSsnka3g6g+lfJDfRmt5oKwX9LYAcGdvnifw
	 +BCDmWXdwPgNPBe2FMouyIHrBVSxIV04jn6P9sbn0dKvuAMO8b/y5aQXXBHU6Am0By
	 cg0aumYWpAjrf1x94pC+MpitBBJ/he0OAlOwLqkbY/x8O0GUlDU/2XgJEuKxrtz0Ks
	 aqvYAkxetq8ut7xVZL1vWIA2JOqTPmj7IFklvMRA9amAum8zsxed3PuW3DYqw9laXr
	 gCYn7BnYGKTdiQBQTqhcrL1BtddjMOJnfyIlEDq/9cW31VWwdJkFIHWj4UPAA87Gpg
	 hd1KR52qqs6xQ==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 3280E6010D;
	Wed, 29 Oct 2025 20:51:55 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 264AB205025; Wed, 29 Oct 2025 20:51:30 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 08/11] tools: ynl: add sample for wireguard
Date: Wed, 29 Oct 2025 20:51:16 +0000
Message-ID: <20251029205123.286115-9-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Add a sample application for wireguard, using the generated C library,

The main benefit of this is to exercise the generated library,
which might be useful for future selftests.

The UAPI header is copied to tools/include/uapi/, when the header
changes ynl-gen will regenerate both copies.

Example:
  $ make -C tools/net/ynl/lib
  $ make -C tools/net/ynl/generated
  $ make -C tools/net/ynl/samples wireguard
  $ ./tools/net/ynl/samples/wireguard
  usage: ./tools/net/ynl/samples/wireguard <ifindex|ifname>
  $ sudo ./tools/net/ynl/samples/wireguard wg-test
  Interface 3: wg-test
      Peer 6adfb183a4a2c94a2f92dab5ade762a4788[...]:
          Data: rx: 42 / tx: 42 bytes
          Allowed IPs:
              0.0.0.0/0
              ::/0

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 MAINTAINERS                          |   2 +
 tools/include/uapi/linux/wireguard.h |  79 ++++++++++++++++++++
 tools/net/ynl/samples/.gitignore     |   1 +
 tools/net/ynl/samples/wireguard.c    | 104 +++++++++++++++++++++++++++
 4 files changed, 186 insertions(+)
 create mode 100644 tools/include/uapi/linux/wireguard.h
 create mode 100644 tools/net/ynl/samples/wireguard.c

diff --git a/MAINTAINERS b/MAINTAINERS
index 1bceeb4f5d122..e7ec4cb4d044f 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -27632,6 +27632,8 @@ L:	netdev@vger.kernel.org
 S:	Maintained
 F:	Documentation/netlink/specs/wireguard.yaml
 F:	drivers/net/wireguard/
+F:	tools/include/uapi/linux/wireguard.h
+F:	tools/net/ynl/samples/wireguard.c
 F:	tools/testing/selftests/wireguard/
=20
 WISTRON LAPTOP BUTTON DRIVER
diff --git a/tools/include/uapi/linux/wireguard.h b/tools/include/uapi/linu=
x/wireguard.h
new file mode 100644
index 0000000000000..dc3924d0c5524
--- /dev/null
+++ b/tools/include/uapi/linux/wireguard.h
@@ -0,0 +1,79 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl=
ause) */
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/wireguard.yaml */
+/* YNL-GEN uapi header */
+
+#ifndef _UAPI_LINUX_WIREGUARD_H
+#define _UAPI_LINUX_WIREGUARD_H
+
+#define WG_GENL_NAME	"wireguard"
+#define WG_GENL_VERSION	1
+
+#define WG_KEY_LEN	32
+
+enum wgdevice_flag {
+	WGDEVICE_F_REPLACE_PEERS =3D 1,
+};
+
+enum wgpeer_flag {
+	WGPEER_F_REMOVE_ME =3D 1,
+	WGPEER_F_REPLACE_ALLOWEDIPS =3D 2,
+	WGPEER_F_UPDATE_ONLY =3D 4,
+};
+
+enum wgallowedip_flag {
+	WGALLOWEDIP_F_REMOVE_ME =3D 1,
+};
+
+enum wgdevice_attribute {
+	WGDEVICE_A_UNSPEC,
+	WGDEVICE_A_IFINDEX,
+	WGDEVICE_A_IFNAME,
+	WGDEVICE_A_PRIVATE_KEY,
+	WGDEVICE_A_PUBLIC_KEY,
+	WGDEVICE_A_FLAGS,
+	WGDEVICE_A_LISTEN_PORT,
+	WGDEVICE_A_FWMARK,
+	WGDEVICE_A_PEERS,
+
+	__WGDEVICE_A_LAST
+};
+#define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1)
+
+enum wgpeer_attribute {
+	WGPEER_A_UNSPEC,
+	WGPEER_A_PUBLIC_KEY,
+	WGPEER_A_PRESHARED_KEY,
+	WGPEER_A_FLAGS,
+	WGPEER_A_ENDPOINT,
+	WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL,
+	WGPEER_A_LAST_HANDSHAKE_TIME,
+	WGPEER_A_RX_BYTES,
+	WGPEER_A_TX_BYTES,
+	WGPEER_A_ALLOWEDIPS,
+	WGPEER_A_PROTOCOL_VERSION,
+
+	__WGPEER_A_LAST
+};
+#define WGPEER_A_MAX (__WGPEER_A_LAST - 1)
+
+enum wgallowedip_attribute {
+	WGALLOWEDIP_A_UNSPEC,
+	WGALLOWEDIP_A_FAMILY,
+	WGALLOWEDIP_A_IPADDR,
+	WGALLOWEDIP_A_CIDR_MASK,
+	WGALLOWEDIP_A_FLAGS,
+
+	__WGALLOWEDIP_A_LAST
+};
+#define WGALLOWEDIP_A_MAX (__WGALLOWEDIP_A_LAST - 1)
+
+enum wg_cmd {
+	WG_CMD_GET_DEVICE,
+	WG_CMD_SET_DEVICE,
+
+	__WG_CMD_MAX
+};
+#define WG_CMD_MAX (__WG_CMD_MAX - 1)
+
+#endif /* _UAPI_LINUX_WIREGUARD_H */
diff --git a/tools/net/ynl/samples/.gitignore b/tools/net/ynl/samples/.giti=
gnore
index 7f5fca7682d74..09c61e4c18cd4 100644
--- a/tools/net/ynl/samples/.gitignore
+++ b/tools/net/ynl/samples/.gitignore
@@ -7,3 +7,4 @@ rt-addr
 rt-link
 rt-route
 tc
+wireguard
diff --git a/tools/net/ynl/samples/wireguard.c b/tools/net/ynl/samples/wire=
guard.c
new file mode 100644
index 0000000000000..43f3551eb101a
--- /dev/null
+++ b/tools/net/ynl/samples/wireguard.c
@@ -0,0 +1,104 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <arpa/inet.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <ynl.h>
+
+#include "wireguard-user.h"
+
+static void print_allowed_ip(const struct wireguard_wgallowedip *aip)
+{
+	char addr_out[INET6_ADDRSTRLEN];
+
+	if (!inet_ntop(aip->family, aip->ipaddr, addr_out, sizeof(addr_out))) {
+		addr_out[0] =3D '?';
+		addr_out[1] =3D '\0';
+	}
+	printf("\t\t\t%s/%u\n", addr_out, aip->cidr_mask);
+}
+
+/* Only printing public key in this demo. For better key formatting,
+ * use the constant-time implementation as found in wireguard-tools.
+ */
+static void print_peer_header(const struct wireguard_wgpeer *peer)
+{
+	unsigned int i;
+	uint8_t *key =3D peer->public_key;
+	unsigned int len =3D peer->_len.public_key;
+
+	if (len !=3D 32)
+		return;
+	printf("\tPeer ");
+	for (i =3D 0; i < len; i++)
+		printf("%02x", key[i]);
+	printf(":\n");
+}
+
+static void print_peer(const struct wireguard_wgpeer *peer)
+{
+	unsigned int i;
+
+	print_peer_header(peer);
+	printf("\t\tData: rx: %llu / tx: %llu bytes\n",
+	       peer->rx_bytes, peer->tx_bytes);
+	printf("\t\tAllowed IPs:\n");
+	for (i =3D 0; i < peer->_count.allowedips; i++)
+		print_allowed_ip(&peer->allowedips[i]);
+}
+
+static void build_request(struct wireguard_get_device_req *req, char *arg)
+{
+	char *endptr;
+	int ifindex;
+
+	ifindex =3D strtol(arg, &endptr, 0);
+	if (endptr !=3D arg + strlen(arg) || errno !=3D 0)
+		ifindex =3D 0;
+	if (ifindex > 0)
+		wireguard_get_device_req_set_ifindex(req, ifindex);
+	else
+		wireguard_get_device_req_set_ifname(req, arg);
+}
+
+int main(int argc, char **argv)
+{
+	struct wireguard_get_device_list *devs;
+	struct wireguard_get_device_req *req;
+	struct ynl_sock *ys;
+
+	if (argc < 2) {
+		fprintf(stderr, "usage: %s <ifindex|ifname>\n", argv[0]);
+		return 1;
+	}
+
+	req =3D wireguard_get_device_req_alloc();
+	build_request(req, argv[1]);
+
+	ys =3D ynl_sock_create(&ynl_wireguard_family, NULL);
+	if (!ys)
+		return 2;
+
+	devs =3D wireguard_get_device_dump(ys, req);
+	if (!devs)
+		goto err_close;
+
+	ynl_dump_foreach(devs, d) {
+		unsigned int i;
+
+		printf("Interface %d: %s\n", d->ifindex, d->ifname);
+		for (i =3D 0; i < d->_count.peers; i++)
+			print_peer(&d->peers[i]);
+	}
+	wireguard_get_device_list_free(devs);
+	wireguard_get_device_req_free(req);
+	ynl_sock_destroy(ys);
+
+	return 0;
+
+err_close:
+	fprintf(stderr, "YNL (%d): %s\n", ys->err.code, ys->err.msg);
+	wireguard_get_device_req_free(req);
+	ynl_sock_destroy(ys);
+	return 3;
+}
--=20
2.51.0

From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3681A314D16;
	Wed, 29 Oct 2025 20:52:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771129; cv=none;
 b=PCCG87jKo8CjGcRKNUZODE7p3cLLsiLPNmYJ6Q9z1dxKyYuhmIQu/ZCrT81zOMbsp+lrCdr36VG1drXuE8RWQcfTsmHW7Gb7hkW8PlIrjEYD7khY9Le9UOyll8sOGCOOKjG1HO+xMTiOPEm9QBRKbqhUgERxWiW8KvqOcxmiVWU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771129; c=relaxed/simple;
	bh=VlEx46Bcg7sgwxSxB/rp/FiOEaMxATetMP+R+ePo8/o=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=cVlgiNqHUtjtQmtapHn6wF+wuSrfkLToSZuLjzyWEwksISYHL4YOCkZHYdsXjZ6iyEMqooXZxw46nvIUU/K9QPtnz6aTeJM5lVW02YtpPrdycgQvj3zSgXnq4dLpeIQ3IfNc3B5nFXraUxL7dT+2CQ8cBYzz/uZf+cUa1BPZRkc=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=KvcL0d9h; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="KvcL0d9h"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771115;
	bh=VlEx46Bcg7sgwxSxB/rp/FiOEaMxATetMP+R+ePo8/o=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=KvcL0d9hOsBgMZ3g9QAiuOGznkQ9tU27zh769JoH3X3kpz7YJpNcRAG9AdkWnxt/s
	 7kfxKMEtCEi8djzvqqelJD/6dQA5HjT12OiuUhZm7/iSJUMmnTr8UkvkXZxGSLzGaE
	 OnV0Bu/GjysTgWIGDm7j049ZD3H5AbyuQHSKbtUGGXyUGBbOZwV1/A59VHCDwW8ORY
	 FlfjNGMWYjvYrS7QCTDSLHHigOnzG7m3kmRxUA1kiqz627jSY4Tyv6UxI0T4+6tft6
	 M1ae9h0Q0jMdS18hPgmpPM143XvJLBELOBKeO1CCEBe+A90xVSRjcLmeUtjQTxXYJJ
	 FxB0bGcQjqGhg==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 2E61D6010A;
	Wed, 29 Oct 2025 20:51:55 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 2FD9F205047; Wed, 29 Oct 2025 20:51:30 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 09/11] wireguard: netlink: convert to split ops
Date: Wed, 29 Oct 2025 20:51:17 +0000
Message-ID: <20251029205123.286115-10-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This patch converts wireguard from using legacy struct genl_ops
to struct genl_split_ops, by applying the same transformation
as genl_cmd_full_to_split() would otherwise do at runtime.

WGDEVICE_A_MAX is swapped for WGDEVICE_A_PEERS, while they are
currently equivalent, then .maxattr should be the maximum attribute
that a given command supports, which might not be WGDEVICE_A_MAX.

This is an incremental step towards adopting netlink policy code
generated by ynl-gen, ensuring that the code and spec is aligned.

This is a trivial patch with no behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index 86333c263e6a5..2acd651f4c71f 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -614,28 +614,30 @@ static int wg_set_device(struct sk_buff *skb, struct =
genl_info *info)
 	return ret;
 }
=20
-static const struct genl_ops genl_ops[] =3D {
+static const struct genl_split_ops wireguard_nl_ops[] =3D {
 	{
 		.cmd =3D WG_CMD_GET_DEVICE,
 		.start =3D wg_get_device_start,
 		.dumpit =3D wg_get_device_dump,
 		.done =3D wg_get_device_done,
-		.flags =3D GENL_UNS_ADMIN_PERM
+		.policy =3D device_policy,
+		.maxattr =3D WGDEVICE_A_PEERS,
+		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP,
 	}, {
 		.cmd =3D WG_CMD_SET_DEVICE,
 		.doit =3D wg_set_device,
-		.flags =3D GENL_UNS_ADMIN_PERM
+		.policy =3D device_policy,
+		.maxattr =3D WGDEVICE_A_PEERS,
+		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO,
 	}
 };
=20
 static struct genl_family genl_family __ro_after_init =3D {
-	.ops =3D genl_ops,
-	.n_ops =3D ARRAY_SIZE(genl_ops),
+	.split_ops =3D wireguard_nl_ops,
+	.n_split_ops =3D ARRAY_SIZE(wireguard_nl_ops),
 	.name =3D WG_GENL_NAME,
 	.version =3D WG_GENL_VERSION,
-	.maxattr =3D WGDEVICE_A_MAX,
 	.module =3D THIS_MODULE,
-	.policy =3D device_policy,
 	.netnsok =3D true
 };
=20
--=20
2.51.0

From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 09577318131;
	Wed, 29 Oct 2025 20:52:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771130; cv=none;
 b=lNMXekUbTu2u4z2HYtmDazO/1yifSHZCTaaFlvD6tN4gA/lalIKu5IfYyQudcmRzo5jW+SKAxG4LnClyBUNVkq2Ibo1tIOZQceDsHEN7UZe8Z3xeB52l3ialf5JVyUDgnpofKTLtQQlELy/u9TJMuH5DvNps1A3jHqPhAZrIc88=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771130; c=relaxed/simple;
	bh=G6B9J4EFEEVsfO2q26kNRn3J/w/fTGOOcTyQ5Jt5xMY=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=OO+8WX9YYyLV+FH2zs/x4gktxjyDKAI1Eo79izcvbdhmXJh7IBOhZpIcLdK7/ImGpSsX+WTovyvtn1Ai1cF9rGE8gFFBCAjyM2cn6NejZDV7jOUFeLbBCzGYXJRv+2APV1xynO2jromgTTjc0uryD7X+aaEaiW61QKh0Oh24R8Y=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=ZcOzT0hS; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="ZcOzT0hS"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771115;
	bh=G6B9J4EFEEVsfO2q26kNRn3J/w/fTGOOcTyQ5Jt5xMY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=ZcOzT0hSrfwSqgO1FQ6dc+j6C62GBAb5ub7P78/gbSO6/NPwu6L1Ej/ElH5LrX4U3
	 JiF1VNan1gP3H7ewEWLzhcBRFFegbEJO8nQ0y8CnAk22vBYNE3aJFiIHwNI4HW70Ic
	 K8IJiEpO3nVbjMkk34mj0xHbwoJmHXdc2Zl8CuAGC/QLRChrncykxCWbDyn4g/0x9E
	 CiTHHP8BDs94S7xZp5JH0a6u0x9cXCjciBN1CbL02B266K/d9TnlmM0Rqr3LtRR+im
	 WWDWb8HvIPOvA6oSFtD+qXQleR6oOm5ZREZqUp6O9E278D9FaIxHvdUmOKDutxRWsW
	 pkQaAK679BSIw==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 3D3A760112;
	Wed, 29 Oct 2025 20:51:55 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 39955205085; Wed, 29 Oct 2025 20:51:30 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 10/11] wireguard: netlink: rename netlink handlers
Date: Wed, 29 Oct 2025 20:51:18 +0000
Message-ID: <20251029205123.286115-11-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Rename netlink handlers to use the naming expected by ynl-gen.

This is an incremental step towards adopting netlink command
definitions generated by ynl-gen.

This is a trivial patch with no behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index 2acd651f4c71f..3595349448b2c 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -197,7 +197,7 @@ get_peer(struct wg_peer *peer, struct sk_buff *skb, str=
uct dump_ctx *ctx)
 	return -EMSGSIZE;
 }
=20
-static int wg_get_device_start(struct netlink_callback *cb)
+static int wireguard_nl_get_device_start(struct netlink_callback *cb)
 {
 	struct wg_device *wg;
=20
@@ -208,7 +208,8 @@ static int wg_get_device_start(struct netlink_callback =
*cb)
 	return 0;
 }
=20
-static int wg_get_device_dump(struct sk_buff *skb, struct netlink_callback=
 *cb)
+static int wireguard_nl_get_device_dumpit(struct sk_buff *skb,
+					  struct netlink_callback *cb)
 {
 	struct wg_peer *peer, *next_peer_cursor;
 	struct dump_ctx *ctx =3D DUMP_CTX(cb);
@@ -302,7 +303,7 @@ static int wg_get_device_dump(struct sk_buff *skb, stru=
ct netlink_callback *cb)
 	 */
 }
=20
-static int wg_get_device_done(struct netlink_callback *cb)
+static int wireguard_nl_get_device_done(struct netlink_callback *cb)
 {
 	struct dump_ctx *ctx =3D DUMP_CTX(cb);
=20
@@ -500,7 +501,8 @@ static int set_peer(struct wg_device *wg, struct nlattr=
 **attrs)
 	return ret;
 }
=20
-static int wg_set_device(struct sk_buff *skb, struct genl_info *info)
+static int wireguard_nl_set_device_doit(struct sk_buff *skb,
+					struct genl_info *info)
 {
 	struct wg_device *wg =3D lookup_interface(info->attrs, skb);
 	u32 flags =3D 0;
@@ -617,15 +619,15 @@ static int wg_set_device(struct sk_buff *skb, struct =
genl_info *info)
 static const struct genl_split_ops wireguard_nl_ops[] =3D {
 	{
 		.cmd =3D WG_CMD_GET_DEVICE,
-		.start =3D wg_get_device_start,
-		.dumpit =3D wg_get_device_dump,
-		.done =3D wg_get_device_done,
+		.start =3D wireguard_nl_get_device_start,
+		.dumpit =3D wireguard_nl_get_device_dumpit,
+		.done =3D wireguard_nl_get_device_done,
 		.policy =3D device_policy,
 		.maxattr =3D WGDEVICE_A_PEERS,
 		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP,
 	}, {
 		.cmd =3D WG_CMD_SET_DEVICE,
-		.doit =3D wg_set_device,
+		.doit =3D wireguard_nl_set_device_doit,
 		.policy =3D device_policy,
 		.maxattr =3D WGDEVICE_A_PEERS,
 		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO,
--=20
2.51.0

From nobody Sun Dec 14 11:20:27 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8F6F21579F;
	Wed, 29 Oct 2025 20:52:03 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1761771126; cv=none;
 b=IFA4ubglqb3pxfR+2ZDsnGeX6v2LimWy+4I7ecQcYKOBW1YpG+q0cd1rFU6YdP4GNUpMLFA4/e1GOC+EsrfFLbPBkKNcRm5MAAsONw4an2F8kEu0xbrUOnqDfHhIJFjV4gqcWSb3PLFle8z3bxI2QgzaDRqegOfyiZDtcijFHm0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1761771126; c=relaxed/simple;
	bh=g2SHB4PnH0hDBL3b9a+DJ5x0q3Pv/jEP1n8tR7d2V6g=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=uARQ2UmnrZ1lTZpI0AJYjBU/mLFVd0/KjO3o8wIjXfExrAvuIIpWnuleY7UUZPtHd8d8jRK11ZaTE24WQ5XN0PrmROpZsHcjAyxLdqC+U4fiAVg0kJqeuGQW36zXxtaCkLAZN0jVSB55wLIlQjQGXBFAyG6SZ8K8dSE7p8X57P8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=pmJj1ycp; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="pmJj1ycp"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1761771114;
	bh=g2SHB4PnH0hDBL3b9a+DJ5x0q3Pv/jEP1n8tR7d2V6g=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=pmJj1ycpmKtHzpuaS1Syo9qelDfSFgfrgwobHNVASfEdcJ8H/eX17sCxMsFEs27Yc
	 3SaPAEMpcBEtc9dclSVsQ2Qa1Wsbx/C5qGeoxr3yiqHdpG12SiPQxKQDXmOzPs4V73
	 vBR8U6kkr6Bzprptt1K9kOiIvU3Y/rLyPxIDHq8IXlvxrBnsHKVdo9a7KrR6VheDk3
	 mHFht4+EQhPwzXj7wOXOL4y+Tt9oO8q+teBrM+z62xsxfHiQj2kUZcCXtWp4dBTWUn
	 kDksKJJABgUJ+/UMYa1zp8zyGQsJTcJ+kVQp835FotPWrIMXdGesYFYd/tU9IBIukg
	 1dAP34jR2wEoA==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 906316000C;
	Wed, 29 Oct 2025 20:51:54 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 43652205372; Wed, 29 Oct 2025 20:51:30 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH net-next v1 11/11] wireguard: netlink: generate netlink code
Date: Wed, 29 Oct 2025 20:51:19 +0000
Message-ID: <20251029205123.286115-12-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251029205123.286115-1-ast@fiberby.net>
References: <20251029205123.286115-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This patch adopts netlink policy and command definitions as
generated by ynl-gen, thus completing the conversion to YNL.

Given that the old and new policy is functionally identical, and
just moved to a new file, then it serves to verify that the policy
in the spec in identical to the previous policy code.

No behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/Makefile      |  1 +
 drivers/net/wireguard/netlink.c     | 62 +++--------------------
 drivers/net/wireguard/netlink_gen.c | 77 +++++++++++++++++++++++++++++
 drivers/net/wireguard/netlink_gen.h | 29 +++++++++++
 4 files changed, 114 insertions(+), 55 deletions(-)
 create mode 100644 drivers/net/wireguard/netlink_gen.c
 create mode 100644 drivers/net/wireguard/netlink_gen.h

diff --git a/drivers/net/wireguard/Makefile b/drivers/net/wireguard/Makefile
index dbe1f8514efc3..ae4b479cddbda 100644
--- a/drivers/net/wireguard/Makefile
+++ b/drivers/net/wireguard/Makefile
@@ -14,4 +14,5 @@ wireguard-y +=3D allowedips.o
 wireguard-y +=3D ratelimiter.o
 wireguard-y +=3D cookie.o
 wireguard-y +=3D netlink.o
+wireguard-y +=3D netlink_gen.o
 obj-$(CONFIG_WIREGUARD) :=3D wireguard.o
diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index 3595349448b2c..6a7e522e3a78e 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -9,6 +9,7 @@
 #include "socket.h"
 #include "queueing.h"
 #include "messages.h"
+#include "netlink_gen.h"
=20
 #include <uapi/linux/wireguard.h>
=20
@@ -19,37 +20,6 @@
=20
 static struct genl_family genl_family;
=20
-static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] =3D {
-	[WGDEVICE_A_IFINDEX]		=3D { .type =3D NLA_U32 },
-	[WGDEVICE_A_IFNAME]		=3D { .type =3D NLA_NUL_STRING, .len =3D IFNAMSIZ - =
1 },
-	[WGDEVICE_A_PRIVATE_KEY]	=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGDEVICE_A_PUBLIC_KEY]		=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGDEVICE_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, 0x1),
-	[WGDEVICE_A_LISTEN_PORT]	=3D { .type =3D NLA_U16 },
-	[WGDEVICE_A_FWMARK]		=3D { .type =3D NLA_U32 },
-	[WGDEVICE_A_PEERS]		=3D NLA_POLICY_NESTED_ARRAY(peer_policy),
-};
-
-static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D {
-	[WGPEER_A_PUBLIC_KEY]				=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGPEER_A_PRESHARED_KEY]			=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGPEER_A_FLAGS]				=3D NLA_POLICY_MASK(NLA_U32, 0x7),
-	[WGPEER_A_ENDPOINT]				=3D NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)),
-	[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]	=3D { .type =3D NLA_U16 },
-	[WGPEER_A_LAST_HANDSHAKE_TIME]			=3D NLA_POLICY_EXACT_LEN(sizeof(struct _=
_kernel_timespec)),
-	[WGPEER_A_RX_BYTES]				=3D { .type =3D NLA_U64 },
-	[WGPEER_A_TX_BYTES]				=3D { .type =3D NLA_U64 },
-	[WGPEER_A_ALLOWEDIPS]				=3D NLA_POLICY_NESTED_ARRAY(allowedip_policy),
-	[WGPEER_A_PROTOCOL_VERSION]			=3D { .type =3D NLA_U32 }
-};
-
-static const struct nla_policy allowedip_policy[WGALLOWEDIP_A_MAX + 1] =3D=
 {
-	[WGALLOWEDIP_A_FAMILY]		=3D { .type =3D NLA_U16 },
-	[WGALLOWEDIP_A_IPADDR]		=3D NLA_POLICY_MIN_LEN(sizeof(struct in_addr)),
-	[WGALLOWEDIP_A_CIDR_MASK]	=3D { .type =3D NLA_U8 },
-	[WGALLOWEDIP_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, 0x1),
-};
-
 static struct wg_device *lookup_interface(struct nlattr **attrs,
 					  struct sk_buff *skb)
 {
@@ -197,7 +167,7 @@ get_peer(struct wg_peer *peer, struct sk_buff *skb, str=
uct dump_ctx *ctx)
 	return -EMSGSIZE;
 }
=20
-static int wireguard_nl_get_device_start(struct netlink_callback *cb)
+int wireguard_nl_get_device_start(struct netlink_callback *cb)
 {
 	struct wg_device *wg;
=20
@@ -208,8 +178,8 @@ static int wireguard_nl_get_device_start(struct netlink=
_callback *cb)
 	return 0;
 }
=20
-static int wireguard_nl_get_device_dumpit(struct sk_buff *skb,
-					  struct netlink_callback *cb)
+int wireguard_nl_get_device_dumpit(struct sk_buff *skb,
+				   struct netlink_callback *cb)
 {
 	struct wg_peer *peer, *next_peer_cursor;
 	struct dump_ctx *ctx =3D DUMP_CTX(cb);
@@ -303,7 +273,7 @@ static int wireguard_nl_get_device_dumpit(struct sk_buf=
f *skb,
 	 */
 }
=20
-static int wireguard_nl_get_device_done(struct netlink_callback *cb)
+int wireguard_nl_get_device_done(struct netlink_callback *cb)
 {
 	struct dump_ctx *ctx =3D DUMP_CTX(cb);
=20
@@ -501,8 +471,8 @@ static int set_peer(struct wg_device *wg, struct nlattr=
 **attrs)
 	return ret;
 }
=20
-static int wireguard_nl_set_device_doit(struct sk_buff *skb,
-					struct genl_info *info)
+int wireguard_nl_set_device_doit(struct sk_buff *skb,
+				 struct genl_info *info)
 {
 	struct wg_device *wg =3D lookup_interface(info->attrs, skb);
 	u32 flags =3D 0;
@@ -616,24 +586,6 @@ static int wireguard_nl_set_device_doit(struct sk_buff=
 *skb,
 	return ret;
 }
=20
-static const struct genl_split_ops wireguard_nl_ops[] =3D {
-	{
-		.cmd =3D WG_CMD_GET_DEVICE,
-		.start =3D wireguard_nl_get_device_start,
-		.dumpit =3D wireguard_nl_get_device_dumpit,
-		.done =3D wireguard_nl_get_device_done,
-		.policy =3D device_policy,
-		.maxattr =3D WGDEVICE_A_PEERS,
-		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP,
-	}, {
-		.cmd =3D WG_CMD_SET_DEVICE,
-		.doit =3D wireguard_nl_set_device_doit,
-		.policy =3D device_policy,
-		.maxattr =3D WGDEVICE_A_PEERS,
-		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO,
-	}
-};
-
 static struct genl_family genl_family __ro_after_init =3D {
 	.split_ops =3D wireguard_nl_ops,
 	.n_split_ops =3D ARRAY_SIZE(wireguard_nl_ops),
diff --git a/drivers/net/wireguard/netlink_gen.c b/drivers/net/wireguard/ne=
tlink_gen.c
new file mode 100644
index 0000000000000..f95fa133778f1
--- /dev/null
+++ b/drivers/net/wireguard/netlink_gen.c
@@ -0,0 +1,77 @@
+// SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl=
ause)
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/wireguard.yaml */
+/* YNL-GEN kernel source */
+
+#include <net/netlink.h>
+#include <net/genetlink.h>
+
+#include "netlink_gen.h"
+
+#include <uapi/linux/wireguard.h>
+#include <linux/time_types.h>
+
+/* Common nested types */
+const struct nla_policy wireguard_wgallowedip_nl_policy[WGALLOWEDIP_A_FLAG=
S + 1] =3D {
+	[WGALLOWEDIP_A_FAMILY] =3D { .type =3D NLA_U16, },
+	[WGALLOWEDIP_A_IPADDR] =3D NLA_POLICY_MIN_LEN(4),
+	[WGALLOWEDIP_A_CIDR_MASK] =3D { .type =3D NLA_U8, },
+	[WGALLOWEDIP_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1),
+};
+
+const struct nla_policy wireguard_wgpeer_nl_policy[WGPEER_A_PROTOCOL_VERSI=
ON + 1] =3D {
+	[WGPEER_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGPEER_A_PRESHARED_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGPEER_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x7),
+	[WGPEER_A_ENDPOINT] =3D NLA_POLICY_MIN_LEN(16),
+	[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] =3D { .type =3D NLA_U16, },
+	[WGPEER_A_LAST_HANDSHAKE_TIME] =3D NLA_POLICY_EXACT_LEN(16),
+	[WGPEER_A_RX_BYTES] =3D { .type =3D NLA_U64, },
+	[WGPEER_A_TX_BYTES] =3D { .type =3D NLA_U64, },
+	[WGPEER_A_ALLOWEDIPS] =3D NLA_POLICY_NESTED_ARRAY(wireguard_wgallowedip_n=
l_policy),
+	[WGPEER_A_PROTOCOL_VERSION] =3D { .type =3D NLA_U32, },
+};
+
+/* WG_CMD_GET_DEVICE - dump */
+static const struct nla_policy wireguard_get_device_nl_policy[WGDEVICE_A_P=
EERS + 1] =3D {
+	[WGDEVICE_A_IFINDEX] =3D { .type =3D NLA_U32, },
+	[WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D 15, },
+	[WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1),
+	[WGDEVICE_A_LISTEN_PORT] =3D { .type =3D NLA_U16, },
+	[WGDEVICE_A_FWMARK] =3D { .type =3D NLA_U32, },
+	[WGDEVICE_A_PEERS] =3D NLA_POLICY_NESTED_ARRAY(wireguard_wgpeer_nl_policy=
),
+};
+
+/* WG_CMD_SET_DEVICE - do */
+static const struct nla_policy wireguard_set_device_nl_policy[WGDEVICE_A_P=
EERS + 1] =3D {
+	[WGDEVICE_A_IFINDEX] =3D { .type =3D NLA_U32, },
+	[WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D 15, },
+	[WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1),
+	[WGDEVICE_A_LISTEN_PORT] =3D { .type =3D NLA_U16, },
+	[WGDEVICE_A_FWMARK] =3D { .type =3D NLA_U32, },
+	[WGDEVICE_A_PEERS] =3D NLA_POLICY_NESTED_ARRAY(wireguard_wgpeer_nl_policy=
),
+};
+
+/* Ops table for wireguard */
+const struct genl_split_ops wireguard_nl_ops[2] =3D {
+	{
+		.cmd		=3D WG_CMD_GET_DEVICE,
+		.start		=3D wireguard_nl_get_device_start,
+		.dumpit		=3D wireguard_nl_get_device_dumpit,
+		.done		=3D wireguard_nl_get_device_done,
+		.policy		=3D wireguard_get_device_nl_policy,
+		.maxattr	=3D WGDEVICE_A_PEERS,
+		.flags		=3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP,
+	},
+	{
+		.cmd		=3D WG_CMD_SET_DEVICE,
+		.doit		=3D wireguard_nl_set_device_doit,
+		.policy		=3D wireguard_set_device_nl_policy,
+		.maxattr	=3D WGDEVICE_A_PEERS,
+		.flags		=3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO,
+	},
+};
diff --git a/drivers/net/wireguard/netlink_gen.h b/drivers/net/wireguard/ne=
tlink_gen.h
new file mode 100644
index 0000000000000..e635b1f5f0df5
--- /dev/null
+++ b/drivers/net/wireguard/netlink_gen.h
@@ -0,0 +1,29 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl=
ause) */
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/wireguard.yaml */
+/* YNL-GEN kernel header */
+
+#ifndef _LINUX_WIREGUARD_GEN_H
+#define _LINUX_WIREGUARD_GEN_H
+
+#include <net/netlink.h>
+#include <net/genetlink.h>
+
+#include <uapi/linux/wireguard.h>
+#include <linux/time_types.h>
+
+/* Common nested types */
+extern const struct nla_policy wireguard_wgallowedip_nl_policy[WGALLOWEDIP=
_A_FLAGS + 1];
+extern const struct nla_policy wireguard_wgpeer_nl_policy[WGPEER_A_PROTOCO=
L_VERSION + 1];
+
+/* Ops table for wireguard */
+extern const struct genl_split_ops wireguard_nl_ops[2];
+
+int wireguard_nl_get_device_start(struct netlink_callback *cb);
+int wireguard_nl_get_device_done(struct netlink_callback *cb);
+
+int wireguard_nl_get_device_dumpit(struct sk_buff *skb,
+				   struct netlink_callback *cb);
+int wireguard_nl_set_device_doit(struct sk_buff *skb, struct genl_info *in=
fo);
+
+#endif /* _LINUX_WIREGUARD_GEN_H */
--=20
2.51.0