From nobody Mon Dec  1 22:37:29 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD074219A81;
	Wed, 26 Nov 2025 17:36:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764178596; cv=none;
 b=ePS4hVlvizrfXwcenK0Wo0MTtqHZsX+qR80AUf2JLzbIhKW8+kV1aazIsl+7GZRZj64jzrRk2E71HMB6aINwqGovSlzzh9DQsBG8W6bf0JrqP8lt5TuEMx3dALyOoOqYIgEMk8JuBMa+5bfF97PaYjlwzD+zHXhFWuyww35+78s=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764178596; c=relaxed/simple;
	bh=nwU6U0G5mFVcepPTOD04SnQVVqzdXO0qsNCZo14VYXs=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=S+9SF9/doW2jPcS0Nv8NTD3w2ek3xfvtGMvRhqug/7mcCvDutnK3WBAtpETkt9dTto8/Yee980+OEw2kQp8O03nMq67MOQofDf1Z0I+GYi712+p0B/9DNSv0PwY8lAEe0DM2gafIG4uaFC66VgrPk0p5Rc+H4K5b36dL2HeKjxI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=Jspc79MS; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="Jspc79MS"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1764178585;
	bh=nwU6U0G5mFVcepPTOD04SnQVVqzdXO0qsNCZo14VYXs=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=Jspc79MStzMUv/56FaHkwfTDjkyBBSeOvGGCTXdPTXmPRHu8Uzk4UENwyz+LSZJ1U
	 diHJJmF0Tg/pO8ZiWz2dR5EMZONIBFabEVuSdPd+T7r0TSNVMchxEoiKo8HMKvQog3
	 p89rKTSDq7yApZYyltIynQyqyeYZ0UA2WLOkngFFlO34eOm6jkrGsVsSpZyP1asdnl
	 O49dWsFyqpE1P4VvXJfAjzn9B3hyAtT8JB8iY0C4mYR2qR2W9NT8a+gS8BxlKQqSER
	 ebcJBe1f/Up3uIxRV/jWrUqkMw0Gke0CAY9bjxT7HnviKeO3x0ySF35HGX9OwU31eG
	 4gBvGrm1NfOIA==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 58BD960107;
	Wed, 26 Nov 2025 17:36:25 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 8AF5220219A; Wed, 26 Nov 2025 17:35:49 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Jordan Rife <jordan@jrife.io>
Subject: [PATCH wireguard v4 01/10] wireguard: netlink: validate nested arrays
 in policy
Date: Wed, 26 Nov 2025 17:35:33 +0000
Message-ID: <20251126173546.57681-2-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251126173546.57681-1-ast@fiberby.net>
References: <20251126173546.57681-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Use NLA_POLICY_NESTED_ARRAY() to perform nested array validation
in the policy validation step.

The nested policy was already enforced through nla_parse_nested(),
however extack wasn't passed previously, so no fancy error messages.

With the nested attributes being validated directly in the policy, the
policy argument can be set to NULL in the calls to nla_parse_nested().

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index 8adeec6f94404..97723f9c7998f 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -18,6 +18,8 @@
 #include <crypto/utils.h>
=20
 static struct genl_family genl_family;
+static const struct nla_policy peer_policy[WGPEER_A_MAX + 1];
+static const struct nla_policy allowedip_policy[WGALLOWEDIP_A_MAX + 1];
=20
 static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] =3D {
 	[WGDEVICE_A_IFINDEX]		=3D { .type =3D NLA_U32 },
@@ -27,7 +29,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_M=
AX + 1] =3D {
 	[WGDEVICE_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL),
 	[WGDEVICE_A_LISTEN_PORT]	=3D { .type =3D NLA_U16 },
 	[WGDEVICE_A_FWMARK]		=3D { .type =3D NLA_U32 },
-	[WGDEVICE_A_PEERS]		=3D { .type =3D NLA_NESTED }
+	[WGDEVICE_A_PEERS]		=3D NLA_POLICY_NESTED_ARRAY(peer_policy),
 };
=20
 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D {
@@ -39,7 +41,7 @@ static const struct nla_policy peer_policy[WGPEER_A_MAX +=
 1] =3D {
 	[WGPEER_A_LAST_HANDSHAKE_TIME]			=3D NLA_POLICY_EXACT_LEN(sizeof(struct _=
_kernel_timespec)),
 	[WGPEER_A_RX_BYTES]				=3D { .type =3D NLA_U64 },
 	[WGPEER_A_TX_BYTES]				=3D { .type =3D NLA_U64 },
-	[WGPEER_A_ALLOWEDIPS]				=3D { .type =3D NLA_NESTED },
+	[WGPEER_A_ALLOWEDIPS]				=3D NLA_POLICY_NESTED_ARRAY(allowedip_policy),
 	[WGPEER_A_PROTOCOL_VERSION]			=3D { .type =3D NLA_U32 }
 };
=20
@@ -467,7 +469,7 @@ static int set_peer(struct wg_device *wg, struct nlattr=
 **attrs)
=20
 		nla_for_each_nested(attr, attrs[WGPEER_A_ALLOWEDIPS], rem) {
 			ret =3D nla_parse_nested(allowedip, WGALLOWEDIP_A_MAX,
-					       attr, allowedip_policy, NULL);
+					       attr, NULL, NULL);
 			if (ret < 0)
 				goto out;
 			ret =3D set_allowedip(peer, allowedip);
@@ -593,7 +595,7 @@ static int wg_set_device(struct sk_buff *skb, struct ge=
nl_info *info)
=20
 		nla_for_each_nested(attr, info->attrs[WGDEVICE_A_PEERS], rem) {
 			ret =3D nla_parse_nested(peer, WGPEER_A_MAX, attr,
-					       peer_policy, NULL);
+					       NULL, NULL);
 			if (ret < 0)
 				goto out;
 			ret =3D set_peer(wg, peer);
--=20
2.51.0

From nobody Mon Dec  1 22:37:29 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id E7EB52F6176;
	Wed, 26 Nov 2025 17:36:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764178597; cv=none;
 b=jX380wd7PBG1pQQyTHw+Eoeg1HgIrz9YwHKuccJ+ogFENVdRc+UARKRJXGNdisxShN5OZNd7VDXciTpsVVQKTqdqWR3lsBHaklpc1hR/PMw5b+7SqItO80uKmWqqzeWKwOO5fHIu/voBLCxHUtxutFec/oGQOIxEautvZC0nUM0=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764178597; c=relaxed/simple;
	bh=SaV6BBxIJUjAqywZ751BYca02xEI+1BIJYJbX/fknmE=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=EqNsM2ielzWqRLcKu1pVz9K3z/BXi7Tkw7hIhuhJPPTpIJvVPx08WYGovqxkAWQ9wJ4zspCuU/Xv+gXiIaEARwZUyEta6Jr1FRIwNe+lQhFbW6NX6Lj4wQC6iCMzVggKs3suhPrDDtsT/V4yryBRTivBOhQ0ZrVWQdsGejaCXRU=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=vXQc6vBD; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="vXQc6vBD"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1764178585;
	bh=SaV6BBxIJUjAqywZ751BYca02xEI+1BIJYJbX/fknmE=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=vXQc6vBD07bHLs7l4jt6QzlH7Wp4UVyZlivLHJNiuFoUItT75EwNcArXblYL6o4jL
	 X/c0zeIhl9IoeVGleBU0QBKHxQiPhwYOYduyeGciMt30s1usfm9p/Ewi4gbpYmRfdv
	 azlnW1k00ILEfVQjpAW/h/qPZylH83cZt3kLOYU24iQpmmOQDxxm8tWH7ha9PpA++8
	 4t32bvr6XurfAvLsNblh2RocHXko5uPPDpQD+KMSGi4KT2o1oPGamoGBs3kQUkwjAJ
	 CI2k60gmjx2k/4tfnitRz5L9k76zdLzpkH6v7cZl7+J913ZjdmcXmdFIQDAu5TImBm
	 Our7j2XYnqnvw==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 561E260104;
	Wed, 26 Nov 2025 17:36:24 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 0B27B20221A; Wed, 26 Nov 2025 17:35:50 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Jordan Rife <jordan@jrife.io>
Subject: [PATCH wireguard v4 02/10] wireguard: netlink: use WG_KEY_LEN in
 policies
Date: Wed, 26 Nov 2025 17:35:34 +0000
Message-ID: <20251126173546.57681-3-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251126173546.57681-1-ast@fiberby.net>
References: <20251126173546.57681-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

When converting the netlink policies to YNL, the constants used
in the policy have to be visible to userspace.

As NOISE_*_KEY_LEN isn't visible to userspace, change the policy
to use WG_KEY_LEN, as also documented in the UAPI header:

$ grep WG_KEY_LEN include/uapi/linux/wireguard.h
 *    WGDEVICE_A_PRIVATE_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
 *    WGDEVICE_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
 *            WGPEER_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
 *            WGPEER_A_PRESHARED_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
 [...]

Add a couple of BUILD_BUG_ON() to ensure that they stay in sync.

No behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index 97723f9c7998f..682678d24a9f6 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -24,8 +24,8 @@ static const struct nla_policy allowedip_policy[WGALLOWED=
IP_A_MAX + 1];
 static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] =3D {
 	[WGDEVICE_A_IFINDEX]		=3D { .type =3D NLA_U32 },
 	[WGDEVICE_A_IFNAME]		=3D { .type =3D NLA_NUL_STRING, .len =3D IFNAMSIZ - =
1 },
-	[WGDEVICE_A_PRIVATE_KEY]	=3D NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
-	[WGDEVICE_A_PUBLIC_KEY]		=3D NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
+	[WGDEVICE_A_PRIVATE_KEY]	=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGDEVICE_A_PUBLIC_KEY]		=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
 	[WGDEVICE_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL),
 	[WGDEVICE_A_LISTEN_PORT]	=3D { .type =3D NLA_U16 },
 	[WGDEVICE_A_FWMARK]		=3D { .type =3D NLA_U32 },
@@ -33,8 +33,8 @@ static const struct nla_policy device_policy[WGDEVICE_A_M=
AX + 1] =3D {
 };
=20
 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D {
-	[WGPEER_A_PUBLIC_KEY]				=3D NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
-	[WGPEER_A_PRESHARED_KEY]			=3D NLA_POLICY_EXACT_LEN(NOISE_SYMMETRIC_KEY_L=
EN),
+	[WGPEER_A_PUBLIC_KEY]				=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGPEER_A_PRESHARED_KEY]			=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
 	[WGPEER_A_FLAGS]				=3D NLA_POLICY_MASK(NLA_U32, __WGPEER_F_ALL),
 	[WGPEER_A_ENDPOINT]				=3D NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)),
 	[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]	=3D { .type =3D NLA_U16 },
@@ -643,6 +643,9 @@ static struct genl_family genl_family __ro_after_init =
=3D {
=20
 int __init wg_genetlink_init(void)
 {
+	BUILD_BUG_ON(WG_KEY_LEN !=3D NOISE_PUBLIC_KEY_LEN);
+	BUILD_BUG_ON(WG_KEY_LEN !=3D NOISE_SYMMETRIC_KEY_LEN);
+
 	return genl_register_family(&genl_family);
 }
=20
--=20
2.51.0

From nobody Mon Dec  1 22:37:29 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C6EAE27A107;
	Wed, 26 Nov 2025 17:36:34 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764178597; cv=none;
 b=AB1FmFrPJrX7XAGKcco1/L6TFBmkU39juiLgm2wSHQUOuTQk8w8NPN0fdTOuKX+z4kd/tA31eLHhLMDIL7/ivwUOpog6y0LtrDhX9kNIwSjvjSlI01p4CCG/8q9w8msnxiYujHZsmPwSbbP3razuk5lGp83QcfX87leUsUZuWrc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764178597; c=relaxed/simple;
	bh=zqscjuT+nqAfimhDrwVoWywXFau9EeWmN4CxkPbl48Y=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=XjgtGXIhMcqPa+8o6QoBPkyVtA3rxK3yYU54/qk3QsR/e775cmIJnjtrlqHVPUW0i5wUF7IwzmRB5vJ1EvIkRIRHXi71XXw7jejPejVJXnW4BgxauKymPsZ8vKE8UhWbPqWa1iMcMowIvpcfNOsrVycREJC+7o96NbowMQ/Xdt4=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=qbY6DAwz; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="qbY6DAwz"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1764178585;
	bh=zqscjuT+nqAfimhDrwVoWywXFau9EeWmN4CxkPbl48Y=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=qbY6DAwzYHZhtxBCj+dmAIk5QdC5ttTLF2bmEYyGlT9TXjfN4KfPRX7Kkhotv6m8M
	 aYwzEzDkn30RILmkqsUod5ypOOrlNfptJg8ALkRwyo7sisJo07dUa0PGmlXhjDhzwg
	 XhnoGwjKekWyUNLIag+x7PRJNnrqTODW7fE4AN2aVX8eNxUDDC5zuo7NFr1+gfCjlf
	 w9ecv0/wdEHcxnlW4iz2GeS3LmSA+gItbUT/nZh/0JfVjisUDcZdWlCmZnjHJJO84/
	 8REpjuf4MWMg06Cy5jgBk3VNKpTj2LWogGSwXeQJDJGi6hcdjK93oSfIGbVxdx/n1A
	 ulVQDQikcfCHQ==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 24BE9600FF;
	Wed, 26 Nov 2025 17:36:25 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 7F457203189; Wed, 26 Nov 2025 17:35:50 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Jordan Rife <jordan@jrife.io>
Subject: [PATCH wireguard v4 03/10] wireguard: netlink: convert to split ops
Date: Wed, 26 Nov 2025 17:35:35 +0000
Message-ID: <20251126173546.57681-4-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251126173546.57681-1-ast@fiberby.net>
References: <20251126173546.57681-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This patch converts WireGuard from using the legacy struct genl_ops
to struct genl_split_ops, by applying the same transformation as
genl_cmd_full_to_split() would otherwise do at runtime.

WGDEVICE_A_MAX is swapped for WGDEVICE_A_PEERS, while they are
currently equivalent, then .maxattr should be the maximum attribute
that a given command supports, and not change along with WGDEVICE_A_MAX.

This is an incremental step towards adopting netlink policy code
generated by ynl-gen, ensuring that the code and spec is aligned.

This is a trivial patch with no behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index 682678d24a9f6..e7efe5f8465dc 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -616,28 +616,30 @@ static int wg_set_device(struct sk_buff *skb, struct =
genl_info *info)
 	return ret;
 }
=20
-static const struct genl_ops genl_ops[] =3D {
+static const struct genl_split_ops wireguard_nl_ops[] =3D {
 	{
 		.cmd =3D WG_CMD_GET_DEVICE,
 		.start =3D wg_get_device_start,
 		.dumpit =3D wg_get_device_dump,
 		.done =3D wg_get_device_done,
-		.flags =3D GENL_UNS_ADMIN_PERM
+		.policy =3D device_policy,
+		.maxattr =3D WGDEVICE_A_PEERS,
+		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP,
 	}, {
 		.cmd =3D WG_CMD_SET_DEVICE,
 		.doit =3D wg_set_device,
-		.flags =3D GENL_UNS_ADMIN_PERM
+		.policy =3D device_policy,
+		.maxattr =3D WGDEVICE_A_PEERS,
+		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO,
 	}
 };
=20
 static struct genl_family genl_family __ro_after_init =3D {
-	.ops =3D genl_ops,
-	.n_ops =3D ARRAY_SIZE(genl_ops),
+	.split_ops =3D wireguard_nl_ops,
+	.n_split_ops =3D ARRAY_SIZE(wireguard_nl_ops),
 	.name =3D WG_GENL_NAME,
 	.version =3D WG_GENL_VERSION,
-	.maxattr =3D WGDEVICE_A_MAX,
 	.module =3D THIS_MODULE,
-	.policy =3D device_policy,
 	.netnsok =3D true
 };
=20
--=20
2.51.0

From nobody Mon Dec  1 22:37:29 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB2A4312829;
	Wed, 26 Nov 2025 17:36:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764178602; cv=none;
 b=DG8EZJrV8yC3y/CwRwVojoX+y8dsIlwlw65VMjzY6qKTfCWeG+/ecAGE2bss2CH6HpaKWb8n2kgsM0bVSJssXqpIsk+K+2DsXEgWi1LV//VOyj9FEHqS4CATQEE77zzTJhiH0QoTb4epOUZKiEIooTQi81X3pbJuRgvyOU4YiEs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764178602; c=relaxed/simple;
	bh=Q4Z3868li/A6eo5IRbSWBw0t5W/8hZllqn00nGowgW0=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=I6EvcpILjptznD1erTVYDk9Fo4+Fm3BdgPIhSA9yg7XrqjJ5Op9rCCCaRG+JiJ8kxJE7ENe+FIsPrNj09hLMhPAY9e7MLx486tBSd+AOCPISjBEBv174Ato3nOGdyY2tum1UkVMwK/Ba/jGkXpzbDfozKagS6ycbT2N5D91aH5o=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=VFfT63/p; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="VFfT63/p"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1764178585;
	bh=Q4Z3868li/A6eo5IRbSWBw0t5W/8hZllqn00nGowgW0=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=VFfT63/ph1wB57vgLEqoDxil+r+c6Z08EeLhSUQ4Mvfk4X31y8n0CW8zVtdLCuJyC
	 5lyCCrUG5ybGLd+tbPxR5OpFzXEhFE7LdP0ZR14jQYnm+FWyDYjDwiWuIB++aaR9Pm
	 K+TWIFZY0E98RCCjJUKFkASStPApH14ZsA7xZ8bC5aK/mJ9TVK3Phe/z6+Tr6PUEdr
	 P0redFdjRLzc/WOpIXnA7H9jlsyQloRJ2tWA/cCJQafpxgjUp0Z1HwTRZxcbapvnMP
	 KUAN8jIEYcpHRn2/ur7qtJ2ywvk4Ub3GXNtW0yVdVFJXz5TuOhf7zlG8VBxQQOqVJw
	 p4BwI8KAo+/KQ==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id A590360112;
	Wed, 26 Nov 2025 17:36:25 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id EFB392032B7; Wed, 26 Nov 2025 17:35:50 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Jordan Rife <jordan@jrife.io>
Subject: [PATCH wireguard v4 04/10] wireguard: netlink: lower .maxattr for
 WG_CMD_GET_DEVICE
Date: Wed, 26 Nov 2025 17:35:36 +0000
Message-ID: <20251126173546.57681-5-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251126173546.57681-1-ast@fiberby.net>
References: <20251126173546.57681-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Previously .maxattr was shared for both WG_CMD_GET_DEVICE and
WG_CMD_SET_DEVICE. Now that it is split, then we can lower it
for WG_CMD_GET_DEVICE to follow the documentation which defines
.maxattr as WGDEVICE_A_IFNAME for WG_CMD_GET_DEVICE.

$ grep -hC5 'one but not both of:' include/uapi/linux/wireguard.h
 * WG_CMD_GET_DEVICE
 * -----------------
 *
 * May only be called via NLM_F_REQUEST | NLM_F_DUMP. The command
 * should contain one but not both of:
 *
 *    WGDEVICE_A_IFINDEX: NLA_U32
 *    WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1
 *
 * The kernel will then return several messages [...]

While other attributes weren't rejected previously, the consensus
is that nobody sends those attributes, so nothing should break.

Link: https://lore.kernel.org/r/aRyLoy2iqbkUipZW@zx2c4.com/
Suggested-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index e7efe5f8465dc..c2d0576e96f5f 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -623,7 +623,7 @@ static const struct genl_split_ops wireguard_nl_ops[] =
=3D {
 		.dumpit =3D wg_get_device_dump,
 		.done =3D wg_get_device_done,
 		.policy =3D device_policy,
-		.maxattr =3D WGDEVICE_A_PEERS,
+		.maxattr =3D WGDEVICE_A_IFNAME,
 		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP,
 	}, {
 		.cmd =3D WG_CMD_SET_DEVICE,
--=20
2.51.0

From nobody Mon Dec  1 22:37:29 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 970953126B1;
	Wed, 26 Nov 2025 17:36:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764178601; cv=none;
 b=KpFuDIgRX8VlHTo3mHa4Wt+jRnY3YlUUYjbd4a3F37yksyfO3KVvRZoLMeXCTKdtWIUQbnSIIzHT1GZNs9ufXB98xmFYr+zMkfI2ZUR+GLVD83zXNXCAO0uefiSmKwSs9JadBWqyYCxG+rYPN6flXfFTDHHo+rFWoJb07M7agPM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764178601; c=relaxed/simple;
	bh=J7Aw90iPWIcyIYczge6IK74ynr8SCXEAcsMLkOPZE0c=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=pt4P6mQA8H7p+rVRrZrsbzWQ9iQpcl76yOUw1skUZzFnuxAt9SKO6dv+ohanIuDy7rqGNNoNMVJ325qjZ5CkD3/fHkSIOVW+D6rYTXQN4S7f8evalZjJ0hGYK1l334JYMzBLqIP494H6sf+KPcM0cAbcGKL4CEFfRp8saChQakI=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=JJ0+qelS; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="JJ0+qelS"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1764178585;
	bh=J7Aw90iPWIcyIYczge6IK74ynr8SCXEAcsMLkOPZE0c=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=JJ0+qelS5DfkjQSc8eyEfqxDcVlQr6Ajq9xQD8fOQbDwYv0ICoaoThGZuOzNpd+ek
	 QBj/qm8vbEqaGnRcoxp90l0r3xdtbkoVMovcnkkA+Y2nUbftsUMjfEFfYK+BMCOu90
	 zdUCdPLaIywY62anMBuGm8n3nzeOJH6YDRZPiAYI+iqazZiyubmeVeFbRac5bqXfJ8
	 AelsCEDa6UTXpUrV1EBVInUy1g4bvaOy6SzLym3lnqjPW6YZa7ChhYaEY0noaR5GDN
	 PNJiFFSIgr+kR9argTzXYFwyEC4AvpiuG7I2iJWhZ3WUJdxyYgvxTUBQSsD+mPp4Vn
	 92MN+uLoBkuNA==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id A68C860113;
	Wed, 26 Nov 2025 17:36:25 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id 6E064203629; Wed, 26 Nov 2025 17:35:51 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Jordan Rife <jordan@jrife.io>
Subject: [PATCH wireguard v4 05/10] netlink: specs: add specification for
 wireguard
Date: Wed, 26 Nov 2025 17:35:37 +0000
Message-ID: <20251126173546.57681-6-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251126173546.57681-1-ast@fiberby.net>
References: <20251126173546.57681-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This patch adds a near[1] complete YNL specification for WireGuard,
documenting the protocol in a machine-readable format, rather than
comments in wireguard.h, and eases usage from C and non-C programming
languages alike.

The generated C library will be featured in a later patch, so in
this patch I will use the in-kernel python client for examples.

This makes the documentation in the UAPI header redundant, it is
therefore removed. The in-line documentation in the spec is based
on the existing comment in wireguard.h, and once released it will
be available in the kernel documentation at:
  https://docs.kernel.org/netlink/specs/wireguard.html
  (until then run: make htmldocs)

Generate wireguard.rst from this spec:
$ make -C tools/net/ynl/generated/ wireguard.rst

Query wireguard interface through pyynl:
$ sudo ./tools/net/ynl/pyynl/cli.py --family wireguard \
                                    --dump get-device \
                                    --json '{"ifindex":3}'
[{'fwmark': 0,
  'ifindex': 3,
  'ifname': 'wg-test',
  'listen-port': 54318,
  'peers': [{0: {'allowedips': [{0: {'cidr-mask': 0,
                                     'family': 2,
                                     'ipaddr': '0.0.0.0'}},
                                {0: {'cidr-mask': 0,
                                     'family': 10,
                                     'ipaddr': '::'}}],
                 'endpoint': b'[...]',
                 'last-handshake-time': {'nsec': 42, 'sec': 42},
                 'persistent-keepalive-interval': 42,
                 'preshared-key': '[...]',
                 'protocol-version': 1,
                 'public-key': '[...]',
                 'rx-bytes': 42,
                 'tx-bytes': 42}}],
  'private-key': '[...]',
  'public-key': '[...]'}]

Add another allowed IP prefix:
$ sudo ./tools/net/ynl/pyynl/cli.py --family wireguard \
  --do set-device --json '{"ifindex":3,"peers":[
    {"public-key":"6a df b1 83 a4 ..","allowedips":[
      {"cidr-mask":0,"family":10,"ipaddr":"::"}]}]}'

[1] As can be seen above, the "endpoint" is only dumped as binary data,
    as it can't be fully described in YNL. It's either a struct
    sockaddr_in or struct sockaddr_in6 depending on the attribute length.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 Documentation/netlink/specs/wireguard.yaml | 298 +++++++++++++++++++++
 MAINTAINERS                                |   1 +
 include/uapi/linux/wireguard.h             | 129 ---------
 3 files changed, 299 insertions(+), 129 deletions(-)
 create mode 100644 Documentation/netlink/specs/wireguard.yaml

diff --git a/Documentation/netlink/specs/wireguard.yaml b/Documentation/net=
link/specs/wireguard.yaml
new file mode 100644
index 0000000000000..30479fc6bb697
--- /dev/null
+++ b/Documentation/netlink/specs/wireguard.yaml
@@ -0,0 +1,298 @@
+# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cla=
use)
+---
+name: wireguard
+protocol: genetlink-legacy
+
+doc: |
+  **Netlink protocol to control WireGuard network devices.**
+
+  The below enums and macros are for interfacing with WireGuard, using gen=
eric
+  netlink, with family ``WG_GENL_NAME`` and version ``WG_GENL_VERSION``. It
+  defines two commands: get and set. Note that while they share many common
+  attributes, these two commands actually accept a slightly different set =
of
+  inputs and outputs. These differences are noted under the individual
+  attributes.
+c-family-name: wg-genl-name
+c-version-name: wg-genl-version
+max-by-define: true
+
+definitions:
+  -
+    name-prefix: wg-
+    name: key-len
+    type: const
+    value: 32
+  -
+    name: --kernel-timespec
+    type: struct
+    header: linux/time_types.h
+    members:
+      -
+        name: sec
+        type: u64
+        doc: Number of seconds, since UNIX epoch.
+      -
+        name: nsec
+        type: u64
+        doc: Number of nanoseconds, after the second began.
+  -
+    name: wgdevice-flags
+    name-prefix: wgdevice-f-
+    enum-name: wgdevice-flag
+    type: flags
+    entries:
+      - replace-peers
+  -
+    name: wgpeer-flags
+    name-prefix: wgpeer-f-
+    enum-name: wgpeer-flag
+    type: flags
+    entries:
+      - remove-me
+      - replace-allowedips
+      - update-only
+  -
+    name: wgallowedip-flags
+    name-prefix: wgallowedip-f-
+    enum-name: wgallowedip-flag
+    type: flags
+    entries:
+      - remove-me
+
+attribute-sets:
+  -
+    name: wgdevice
+    enum-name: wgdevice-attribute
+    name-prefix: wgdevice-a-
+    attr-cnt-name: --wgdevice-a-last
+    attributes:
+      -
+        name: unspec
+        type: unused
+        value: 0
+      -
+        name: ifindex
+        type: u32
+      -
+        name: ifname
+        type: string
+        checks:
+          max-len: 15
+      -
+        name: private-key
+        type: binary
+        doc: Set to all zeros to remove.
+        display-hint: hex
+        checks:
+          exact-len: wg-key-len
+      -
+        name: public-key
+        type: binary
+        display-hint: hex
+        checks:
+          exact-len: wg-key-len
+      -
+        name: flags
+        type: u32
+        doc: |
+          ``0`` or ``WGDEVICE_F_REPLACE_PEERS`` if all current peers shoul=
d be
+          removed prior to adding the list below.
+        enum: wgdevice-flags
+      -
+        name: listen-port
+        type: u16
+        doc: Set as ``0`` to choose randomly.
+      -
+        name: fwmark
+        type: u32
+        doc: Set as ``0`` to disable.
+      -
+        name: peers
+        type: indexed-array
+        sub-type: nest
+        nested-attributes: wgpeer
+        doc: |
+          The index/type parameter is unused on ``SET_DEVICE`` operations =
and is
+          zero on ``GET_DEVICE`` operations.
+  -
+    name: wgpeer
+    enum-name: wgpeer-attribute
+    name-prefix: wgpeer-a-
+    attr-cnt-name: --wgpeer-a-last
+    attributes:
+      -
+        name: unspec
+        type: unused
+        value: 0
+      -
+        name: public-key
+        type: binary
+        display-hint: hex
+        checks:
+          exact-len: wg-key-len
+      -
+        name: preshared-key
+        type: binary
+        doc: Set as all zeros to remove.
+        display-hint: hex
+        checks:
+          exact-len: wg-key-len
+      -
+        name: flags
+        type: u32
+        doc: |
+          ``0`` and/or ``WGPEER_F_REMOVE_ME`` if the specified peer should=
 not
+          exist at the end of the operation, rather than added/updated and=
/or
+          ``WGPEER_F_REPLACE_ALLOWEDIPS`` if all current allowed IPs of th=
is
+          peer should be removed prior to adding the list below and/or
+          ``WGPEER_F_UPDATE_ONLY`` if the peer should only be set if it al=
ready
+          exists.
+        enum: wgpeer-flags
+      -
+        name: endpoint
+        type: binary
+        doc: struct sockaddr_in or struct sockaddr_in6
+        checks:
+          min-len: 16
+      -
+        name: persistent-keepalive-interval
+        type: u16
+        doc: Set as ``0`` to disable.
+      -
+        name: last-handshake-time
+        type: binary
+        struct: --kernel-timespec
+        checks:
+          exact-len: 16
+      -
+        name: rx-bytes
+        type: u64
+      -
+        name: tx-bytes
+        type: u64
+      -
+        name: allowedips
+        type: indexed-array
+        sub-type: nest
+        nested-attributes: wgallowedip
+        doc: |
+          The index/type parameter is unused on ``SET_DEVICE`` operations =
and is
+          zero on ``GET_DEVICE`` operations.
+      -
+        name: protocol-version
+        type: u32
+        doc: |
+          Should not be set or used at all by most users of this API, as t=
he
+          most recent protocol will be used when this is unset. Otherwise,
+          must be set to ``1``.
+  -
+    name: wgallowedip
+    enum-name: wgallowedip-attribute
+    name-prefix: wgallowedip-a-
+    attr-cnt-name: --wgallowedip-a-last
+    attributes:
+      -
+        name: unspec
+        type: unused
+        value: 0
+      -
+        name: family
+        type: u16
+        doc: IP family, either ``AF_INET`` or ``AF_INET6``.
+      -
+        name: ipaddr
+        type: binary
+        doc: Either ``struct in_addr`` or ``struct in6_addr``.
+        display-hint: ipv4-or-v6
+        checks:
+          min-len: 4
+      -
+        name: cidr-mask
+        type: u8
+      -
+        name: flags
+        type: u32
+        doc: |
+          ``WGALLOWEDIP_F_REMOVE_ME`` if the specified IP should be remove=
d;
+          otherwise, this IP will be added if it is not already present.
+        enum: wgallowedip-flags
+
+operations:
+  enum-name: wg-cmd
+  name-prefix: wg-cmd-
+  list:
+    -
+      name: get-device
+      value: 0
+      doc: |
+        Retrieve WireGuard device
+        ~~~~~~~~~~~~~~~~~~~~~~~~~
+
+        The command should be called with one but not both of:
+
+        - ``WGDEVICE_A_IFINDEX``
+        - ``WGDEVICE_A_IFNAME``
+
+        The kernel will then return several messages (``NLM_F_MULTI``). It=
 is
+        possible that all of the allowed IPs of a single peer will not fit
+        within a single netlink message. In that case, the same peer will =
be
+        written in the following message, except it will only contain
+        ``WGPEER_A_PUBLIC_KEY`` and ``WGPEER_A_ALLOWEDIPS``. This may occur
+        several times in a row for the same peer. It is then up to the rec=
eiver
+        to coalesce adjacent peers. Likewise, it is possible that all peer=
s will
+        not fit within a single message. So, subsequent peers will be sent=
 in
+        following messages, except those will only contain ``WGDEVICE_A_IF=
NAME``
+        and ``WGDEVICE_A_PEERS``. It is then up to the receiver to coalesce
+        these messages to form the complete list of peers.
+
+        Since this is an ``NLA_F_DUMP`` command, the final message will al=
ways
+        be ``NLMSG_DONE``, even if an error occurs. However, this ``NLMSG_=
DONE``
+        message contains an integer error code. It is either zero or a neg=
ative
+        error code corresponding to the errno.
+      attribute-set: wgdevice
+      flags: [uns-admin-perm]
+
+      dump:
+        pre: wg-get-device-start
+        post: wg-get-device-done
+        request:
+          attributes:
+            - ifindex
+            - ifname
+        reply: &all-attrs
+          attributes:
+            - ifindex
+            - ifname
+            - private-key
+            - public-key
+            - flags
+            - listen-port
+            - fwmark
+            - peers
+    -
+      name: set-device
+      value: 1
+      doc: |
+        Set WireGuard device
+        ~~~~~~~~~~~~~~~~~~~~
+
+        This command should be called with a wgdevice set, containing one =
but
+        not both of ``WGDEVICE_A_IFINDEX`` and ``WGDEVICE_A_IFNAME``.
+
+        It is possible that the amount of configuration data exceeds that =
of the
+        maximum message length accepted by the kernel. In that case, sever=
al
+        messages should be sent one after another, with each successive one
+        filling in information not contained in the prior. Note that if
+        ``WGDEVICE_F_REPLACE_PEERS`` is specified in the first message, it
+        probably should not be specified in fragments that come after, so =
that
+        the list of peers is only cleared the first time but appended afte=
r.
+        Likewise for peers, if ``WGPEER_F_REPLACE_ALLOWEDIPS`` is specifie=
d in
+        the first message of a peer, it likely should not be specified in
+        subsequent fragments.
+
+        If an error occurs, ``NLMSG_ERROR`` will reply containing an errno.
+      attribute-set: wgdevice
+      flags: [uns-admin-perm]
+
+      do:
+        request: *all-attrs
diff --git a/MAINTAINERS b/MAINTAINERS
index e9a8d945632bf..a72fe5ce334b6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -27663,6 +27663,7 @@ M:	Jason A. Donenfeld <Jason@zx2c4.com>
 L:	wireguard@lists.zx2c4.com
 L:	netdev@vger.kernel.org
 S:	Maintained
+F:	Documentation/netlink/specs/wireguard.yaml
 F:	drivers/net/wireguard/
 F:	tools/testing/selftests/wireguard/
=20
diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h
index 8c26391196d50..dee4401e0b5df 100644
--- a/include/uapi/linux/wireguard.h
+++ b/include/uapi/linux/wireguard.h
@@ -1,135 +1,6 @@
 /* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR MIT */
 /*
  * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Right=
s Reserved.
- *
- * Documentation
- * =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
- *
- * The below enums and macros are for interfacing with WireGuard, using ge=
neric
- * netlink, with family WG_GENL_NAME and version WG_GENL_VERSION. It defin=
es two
- * methods: get and set. Note that while they share many common attributes,
- * these two functions actually accept a slightly different set of inputs =
and
- * outputs.
- *
- * WG_CMD_GET_DEVICE
- * -----------------
- *
- * May only be called via NLM_F_REQUEST | NLM_F_DUMP. The command should c=
ontain
- * one but not both of:
- *
- *    WGDEVICE_A_IFINDEX: NLA_U32
- *    WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1
- *
- * The kernel will then return several messages (NLM_F_MULTI) containing t=
he
- * following tree of nested items:
- *
- *    WGDEVICE_A_IFINDEX: NLA_U32
- *    WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1
- *    WGDEVICE_A_PRIVATE_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
- *    WGDEVICE_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
- *    WGDEVICE_A_LISTEN_PORT: NLA_U16
- *    WGDEVICE_A_FWMARK: NLA_U32
- *    WGDEVICE_A_PEERS: NLA_NESTED
- *        0: NLA_NESTED
- *            WGPEER_A_PUBLIC_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
- *            WGPEER_A_PRESHARED_KEY: NLA_EXACT_LEN, len WG_KEY_LEN
- *            WGPEER_A_ENDPOINT: NLA_MIN_LEN(struct sockaddr), struct sock=
addr_in or struct sockaddr_in6
- *            WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: NLA_U16
- *            WGPEER_A_LAST_HANDSHAKE_TIME: NLA_EXACT_LEN, struct __kernel=
_timespec
- *            WGPEER_A_RX_BYTES: NLA_U64
- *            WGPEER_A_TX_BYTES: NLA_U64
- *            WGPEER_A_ALLOWEDIPS: NLA_NESTED
- *                0: NLA_NESTED
- *                    WGALLOWEDIP_A_FAMILY: NLA_U16
- *                    WGALLOWEDIP_A_IPADDR: NLA_MIN_LEN(struct in_addr), s=
truct in_addr or struct in6_addr
- *                    WGALLOWEDIP_A_CIDR_MASK: NLA_U8
- *                0: NLA_NESTED
- *                    ...
- *                0: NLA_NESTED
- *                    ...
- *                ...
- *            WGPEER_A_PROTOCOL_VERSION: NLA_U32
- *        0: NLA_NESTED
- *            ...
- *        ...
- *
- * It is possible that all of the allowed IPs of a single peer will not
- * fit within a single netlink message. In that case, the same peer will
- * be written in the following message, except it will only contain
- * WGPEER_A_PUBLIC_KEY and WGPEER_A_ALLOWEDIPS. This may occur several
- * times in a row for the same peer. It is then up to the receiver to
- * coalesce adjacent peers. Likewise, it is possible that all peers will
- * not fit within a single message. So, subsequent peers will be sent
- * in following messages, except those will only contain WGDEVICE_A_IFNAME
- * and WGDEVICE_A_PEERS. It is then up to the receiver to coalesce these
- * messages to form the complete list of peers.
- *
- * Since this is an NLA_F_DUMP command, the final message will always be
- * NLMSG_DONE, even if an error occurs. However, this NLMSG_DONE message
- * contains an integer error code. It is either zero or a negative error
- * code corresponding to the errno.
- *
- * WG_CMD_SET_DEVICE
- * -----------------
- *
- * May only be called via NLM_F_REQUEST. The command should contain the
- * following tree of nested items, containing one but not both of
- * WGDEVICE_A_IFINDEX and WGDEVICE_A_IFNAME:
- *
- *    WGDEVICE_A_IFINDEX: NLA_U32
- *    WGDEVICE_A_IFNAME: NLA_NUL_STRING, maxlen IFNAMSIZ - 1
- *    WGDEVICE_A_FLAGS: NLA_U32, 0 or WGDEVICE_F_REPLACE_PEERS if all curr=
ent
- *                      peers should be removed prior to adding the list b=
elow.
- *    WGDEVICE_A_PRIVATE_KEY: len WG_KEY_LEN, all zeros to remove
- *    WGDEVICE_A_LISTEN_PORT: NLA_U16, 0 to choose randomly
- *    WGDEVICE_A_FWMARK: NLA_U32, 0 to disable
- *    WGDEVICE_A_PEERS: NLA_NESTED
- *        0: NLA_NESTED
- *            WGPEER_A_PUBLIC_KEY: len WG_KEY_LEN
- *            WGPEER_A_FLAGS: NLA_U32, 0 and/or WGPEER_F_REMOVE_ME if the
- *                            specified peer should not exist at the end o=
f the
- *                            operation, rather than added/updated and/or
- *                            WGPEER_F_REPLACE_ALLOWEDIPS if all current a=
llowed
- *                            IPs of this peer should be removed prior to =
adding
- *                            the list below and/or WGPEER_F_UPDATE_ONLY i=
f the
- *                            peer should only be set if it already exists.
- *            WGPEER_A_PRESHARED_KEY: len WG_KEY_LEN, all zeros to remove
- *            WGPEER_A_ENDPOINT: struct sockaddr_in or struct sockaddr_in6
- *            WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL: NLA_U16, 0 to disable
- *            WGPEER_A_ALLOWEDIPS: NLA_NESTED
- *                0: NLA_NESTED
- *                    WGALLOWEDIP_A_FAMILY: NLA_U16
- *                    WGALLOWEDIP_A_IPADDR: struct in_addr or struct in6_a=
ddr
- *                    WGALLOWEDIP_A_CIDR_MASK: NLA_U8
- *                    WGALLOWEDIP_A_FLAGS: NLA_U32, WGALLOWEDIP_F_REMOVE_M=
E if
- *                                         the specified IP should be remo=
ved;
- *                                         otherwise, this IP will be adde=
d if
- *                                         it is not already present.
- *                0: NLA_NESTED
- *                    ...
- *                0: NLA_NESTED
- *                    ...
- *                ...
- *            WGPEER_A_PROTOCOL_VERSION: NLA_U32, should not be set or use=
d at
- *                                       all by most users of this API, as=
 the
- *                                       most recent protocol will be used=
 when
- *                                       this is unset. Otherwise, must be=
 set
- *                                       to 1.
- *        0: NLA_NESTED
- *            ...
- *        ...
- *
- * It is possible that the amount of configuration data exceeds that of
- * the maximum message length accepted by the kernel. In that case, several
- * messages should be sent one after another, with each successive one
- * filling in information not contained in the prior. Note that if
- * WGDEVICE_F_REPLACE_PEERS is specified in the first message, it probably
- * should not be specified in fragments that come after, so that the list
- * of peers is only cleared the first time but appended after. Likewise for
- * peers, if WGPEER_F_REPLACE_ALLOWEDIPS is specified in the first message
- * of a peer, it likely should not be specified in subsequent fragments.
- *
- * If an error occurs, NLMSG_ERROR will reply containing an errno.
  */
=20
 #ifndef _WG_UAPI_WIREGUARD_H
--=20
2.51.0

From nobody Mon Dec  1 22:37:29 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB1DA312828;
	Wed, 26 Nov 2025 17:36:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764178600; cv=none;
 b=ByYF4WP88QTDl40VlVGVcHLJFKl8hla/kpwcOGbCXjJH6skwRvHlAgi9y7gP+AJdMxB/p7t3g0Bn6KS9fk7aYVpZnmWHtHJPvU8SC0OPh1TmVuYRvlrvR5vZoFdCQ5h21rYTMCquFeydK3yhMGnR7Dq/k2oqnOE2rDbkxw2kz7Y=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764178600; c=relaxed/simple;
	bh=FYLtqNMpFxR+mpsT+mbyaqJuN9Po8ME7GneCTwYMrs0=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=Sw+vLBNKb5KWCN3QooM9pDcDuDcI4xmYSfpdVAqITpkm6j4LWIRki4Q9bUn9+rvzChaj8JWszsU/qTK7XoG5w6fadjzI0KJSpaOhcv2H/KBX9RDfw/dMMkVjNg50eJsbBvzztXuE4U0Jan5EkWLLxUtc3172O1U12dsD8O0Oblo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=N1xYHHvQ; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="N1xYHHvQ"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1764178585;
	bh=FYLtqNMpFxR+mpsT+mbyaqJuN9Po8ME7GneCTwYMrs0=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=N1xYHHvQtMOPQcvaEiX9X9CIPWOrVphyDkAVig+MVK7eS0o/xPlHlRIDExiqyb2s1
	 b3GPJltsdtE4iy3Q0o/sMKd/msdF86i6FsmbZeo2jT4oHvo5hHY2xjynIavYb8Hg3X
	 lyBs+jZSV38OZQkN3XYHBqkH6ZzuMrYP4t92c4sUXhrcZd5VpNJY9fjhEuSCr0XqkF
	 TOxPhX4Ibom0aZQO9BQvHAXBI9vmAg0h3fFgKLrCcus98JPYcN4ydXruqNKxjDAaJb
	 N39Nj1sdEk3CUCWi9hyG1y3RUXD1ickPJRnhJQ2C9KT3Iz5eQCsKbdBR8ff/1G6plp
	 mzSwIIqgVCVlw==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id A17316010E;
	Wed, 26 Nov 2025 17:36:25 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id E40B9203866; Wed, 26 Nov 2025 17:35:51 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Jordan Rife <jordan@jrife.io>
Subject: [PATCH wireguard v4 06/10] wireguard: uapi: move enum wg_cmd
Date: Wed, 26 Nov 2025 17:35:38 +0000
Message-ID: <20251126173546.57681-7-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251126173546.57681-1-ast@fiberby.net>
References: <20251126173546.57681-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This patch moves enum wg_cmd to the end of the file, where ynl-gen
would generate it.

This is an incremental step towards adopting an UAPI header generated
by ynl-gen. This is split out to keep the patches readable.

This is a trivial patch with no behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 include/uapi/linux/wireguard.h | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h
index dee4401e0b5df..3ebfffd61269a 100644
--- a/include/uapi/linux/wireguard.h
+++ b/include/uapi/linux/wireguard.h
@@ -11,13 +11,6 @@
=20
 #define WG_KEY_LEN 32
=20
-enum wg_cmd {
-	WG_CMD_GET_DEVICE,
-	WG_CMD_SET_DEVICE,
-	__WG_CMD_MAX
-};
-#define WG_CMD_MAX (__WG_CMD_MAX - 1)
-
 enum wgdevice_flag {
 	WGDEVICE_F_REPLACE_PEERS =3D 1U << 0,
 	__WGDEVICE_F_ALL =3D WGDEVICE_F_REPLACE_PEERS
@@ -73,4 +66,12 @@ enum wgallowedip_attribute {
 };
 #define WGALLOWEDIP_A_MAX (__WGALLOWEDIP_A_LAST - 1)
=20
+enum wg_cmd {
+	WG_CMD_GET_DEVICE,
+	WG_CMD_SET_DEVICE,
+
+	__WG_CMD_MAX
+};
+#define WG_CMD_MAX (__WG_CMD_MAX - 1)
+
 #endif /* _WG_UAPI_WIREGUARD_H */
--=20
2.51.0

From nobody Mon Dec  1 22:37:29 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2222312834;
	Wed, 26 Nov 2025 17:36:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764178601; cv=none;
 b=sLQwMcXEEvwRx48BNUOLHhUkjyR6y2O8T5vure85Szu/trWdXV0C+TOp7TByvb8bOT/o75MCqRMWZAFmCtomJxejIy5Ipr8ExDgt2ilT/Bz6KcV++7HgkAsHJ+WKwGWx8CKmNVpYW8gTvY180bFSajuR3HFJhmDR+FhQN57sB9Q=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764178601; c=relaxed/simple;
	bh=a62PzhsjiYPfays+dr02XXmYWYlahFKTmCbyir6Bii8=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=TS0hM8hOj5FbcYkLf3QFRnTtyNSdjdGkozGxayjiwOrhAFAZO6ukCuRrI6YT4bS4jjAIf/o6Qmv9dYxey1F9N+YTiQZnMEhnaRY5XqHSxdn+TrN+I62qWnPjb4nq8GenA4IdV7CA4vfk4zgYRLFIMY+bAfxtHuqa0gGsUzP1dc0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=nfxEgPcf; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="nfxEgPcf"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1764178585;
	bh=a62PzhsjiYPfays+dr02XXmYWYlahFKTmCbyir6Bii8=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=nfxEgPcf1A3cgqZfi3Nj/wORaVg4z6MRyrGgDL9ndXu1v19OeVEaueqqhw+fnVfdw
	 ZbyCeR1h3WSFv2A7u0aADKEwOIlBtL9aXOKEKDozGHbcWCyxwOtZZzxBA+Qo91YXJF
	 d9xX/p8kOYANMXDa/xh2G9jMil9hJGCP82Bw7d2+j3KVZNTwEIV4fVoWgRYB8RKxnh
	 APWKGhHxZVjQZ8CvzykguB9EHshNobzBem1IjWaVC9KykZIxNcC30nKDKpnx9B3uvZ
	 4Ni6Lrcf5irpFmkXAVYTiwEjkfjv/qHQAHF1VmpDjWYClmwckRA6HxhR14E1Kv0lFl
	 MBCo/HBff7oYQ==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id AE25C60115;
	Wed, 26 Nov 2025 17:36:25 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id CD969203CDB; Wed, 26 Nov 2025 17:35:52 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Jordan Rife <jordan@jrife.io>
Subject: [PATCH wireguard v4 07/10] wireguard: uapi: move flag enums
Date: Wed, 26 Nov 2025 17:35:39 +0000
Message-ID: <20251126173546.57681-8-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251126173546.57681-1-ast@fiberby.net>
References: <20251126173546.57681-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Move the wg*_flag enums, so they are defined above the attribute set
enums, where ynl-gen would place them.

This is an incremental step towards adopting an UAPI header generated
by ynl-gen. This is split out to keep the patches readable.

This is a trivial patch with no behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 include/uapi/linux/wireguard.h | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h
index 3ebfffd61269a..a2815f4f29104 100644
--- a/include/uapi/linux/wireguard.h
+++ b/include/uapi/linux/wireguard.h
@@ -15,6 +15,20 @@ enum wgdevice_flag {
 	WGDEVICE_F_REPLACE_PEERS =3D 1U << 0,
 	__WGDEVICE_F_ALL =3D WGDEVICE_F_REPLACE_PEERS
 };
+
+enum wgpeer_flag {
+	WGPEER_F_REMOVE_ME =3D 1U << 0,
+	WGPEER_F_REPLACE_ALLOWEDIPS =3D 1U << 1,
+	WGPEER_F_UPDATE_ONLY =3D 1U << 2,
+	__WGPEER_F_ALL =3D WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS |
+			 WGPEER_F_UPDATE_ONLY
+};
+
+enum wgallowedip_flag {
+	WGALLOWEDIP_F_REMOVE_ME =3D 1U << 0,
+	__WGALLOWEDIP_F_ALL =3D WGALLOWEDIP_F_REMOVE_ME
+};
+
 enum wgdevice_attribute {
 	WGDEVICE_A_UNSPEC,
 	WGDEVICE_A_IFINDEX,
@@ -29,13 +43,6 @@ enum wgdevice_attribute {
 };
 #define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1)
=20
-enum wgpeer_flag {
-	WGPEER_F_REMOVE_ME =3D 1U << 0,
-	WGPEER_F_REPLACE_ALLOWEDIPS =3D 1U << 1,
-	WGPEER_F_UPDATE_ONLY =3D 1U << 2,
-	__WGPEER_F_ALL =3D WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS |
-			 WGPEER_F_UPDATE_ONLY
-};
 enum wgpeer_attribute {
 	WGPEER_A_UNSPEC,
 	WGPEER_A_PUBLIC_KEY,
@@ -52,10 +59,6 @@ enum wgpeer_attribute {
 };
 #define WGPEER_A_MAX (__WGPEER_A_LAST - 1)
=20
-enum wgallowedip_flag {
-	WGALLOWEDIP_F_REMOVE_ME =3D 1U << 0,
-	__WGALLOWEDIP_F_ALL =3D WGALLOWEDIP_F_REMOVE_ME
-};
 enum wgallowedip_attribute {
 	WGALLOWEDIP_A_UNSPEC,
 	WGALLOWEDIP_A_FAMILY,
--=20
2.51.0

From nobody Mon Dec  1 22:37:29 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DD0F026E6E1;
	Wed, 26 Nov 2025 17:36:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764178597; cv=none;
 b=HS3zBILpE/Y0hNY3DRgGxsor2ANeSU6KcRHlLsshmP5tQfQ/9rrsRHKbeoWoOa9B8KfxfVoSzX1NqSv/zp/9Pez8P2LF/LU7j001C/Hx2aOtSWnmHHyRcy1o6ebSk6g1HLgyaFA5qWwBlr+H70TpSBNFqgQ57xKHP5Z0Wg3UZds=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764178597; c=relaxed/simple;
	bh=xKTj7/TE/z85ArmR4Vca47HnLxzTKqLA2q4OR9Y6LCE=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=oPaEj90e0favQxafnbU22CpiejSNrLC8VP1VAyO0IAcyR2a1dNmDOD9JPEa9wVxublrqB5oH6mJ4jidm0Uab+IURdY4AH+0JHhJxyp6jMK4iOPHoU4yPFcnD5XtCYmqcS7X2sWL7MtmL8HqFpblFamtGtyQH+2eM2PuUINmwQKs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=RTZ19DRD; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="RTZ19DRD"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1764178585;
	bh=xKTj7/TE/z85ArmR4Vca47HnLxzTKqLA2q4OR9Y6LCE=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=RTZ19DRDXSyxSvAUi7rvgF3QHRsTsJs0uqFaklIezDi6FfYrE/9tbm51qZgsn8sG/
	 nAO2oo5hyUvwvPc8NODO2H6L2NxwvT92tWHqtAwZTyqq5lMxn10dI15Hbqz14+i5Dg
	 wXoei3mD+lqPPgFnw4kiXSrE59iW3zKelUd68mBZ7oZ0q4ob3HCWTpNMwpLWQ4c6oo
	 XjwgRtMdBbDlGklE4xOVD+sUMYQdOKokcwjjRa2GEABmabr5I6E44coiiQCvcfuKxC
	 F9h0iNJYlcVnHf1gUmHdu1DavdmeZZ/ESr9SMnwHUc7WcpCzc522zqxTda5KDosqM6
	 j2P5BOhOFzjow==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id 1DAEF600FC;
	Wed, 26 Nov 2025 17:36:24 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id D57D1203E76; Wed, 26 Nov 2025 17:35:52 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Jordan Rife <jordan@jrife.io>
Subject: [PATCH wireguard v4 08/10] wireguard: uapi: generate header with
 ynl-gen
Date: Wed, 26 Nov 2025 17:35:40 +0000
Message-ID: <20251126173546.57681-9-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251126173546.57681-1-ast@fiberby.net>
References: <20251126173546.57681-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Use ynl-gen to generate the UAPI header for WireGuard.

The cosmetic changes in this patch confirms that the spec is aligned
with the implementation. By using the generated version, it ensures
that they stay in sync.

Changes in the generated header:
* Trivial header guard rename.
* Trivial white space changes.
* Trivial comment changes.
* Precompute bitflags in ynl-gen (see [1]).
* Drop __*_F_ALL constants (see [1]).

[1] https://lore.kernel.org/r/20251014123201.6ecfd146@kernel.org/

No behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/netlink.c |  6 +++---
 include/uapi/linux/wireguard.h  | 38 ++++++++++++++++-----------------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index c2d0576e96f5f..0ce0bda8c1ce8 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -26,7 +26,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_M=
AX + 1] =3D {
 	[WGDEVICE_A_IFNAME]		=3D { .type =3D NLA_NUL_STRING, .len =3D IFNAMSIZ - =
1 },
 	[WGDEVICE_A_PRIVATE_KEY]	=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
 	[WGDEVICE_A_PUBLIC_KEY]		=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGDEVICE_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL),
+	[WGDEVICE_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, 0x1),
 	[WGDEVICE_A_LISTEN_PORT]	=3D { .type =3D NLA_U16 },
 	[WGDEVICE_A_FWMARK]		=3D { .type =3D NLA_U32 },
 	[WGDEVICE_A_PEERS]		=3D NLA_POLICY_NESTED_ARRAY(peer_policy),
@@ -35,7 +35,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_M=
AX + 1] =3D {
 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D {
 	[WGPEER_A_PUBLIC_KEY]				=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
 	[WGPEER_A_PRESHARED_KEY]			=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGPEER_A_FLAGS]				=3D NLA_POLICY_MASK(NLA_U32, __WGPEER_F_ALL),
+	[WGPEER_A_FLAGS]				=3D NLA_POLICY_MASK(NLA_U32, 0x7),
 	[WGPEER_A_ENDPOINT]				=3D NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)),
 	[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]	=3D { .type =3D NLA_U16 },
 	[WGPEER_A_LAST_HANDSHAKE_TIME]			=3D NLA_POLICY_EXACT_LEN(sizeof(struct _=
_kernel_timespec)),
@@ -49,7 +49,7 @@ static const struct nla_policy allowedip_policy[WGALLOWED=
IP_A_MAX + 1] =3D {
 	[WGALLOWEDIP_A_FAMILY]		=3D { .type =3D NLA_U16 },
 	[WGALLOWEDIP_A_IPADDR]		=3D NLA_POLICY_MIN_LEN(sizeof(struct in_addr)),
 	[WGALLOWEDIP_A_CIDR_MASK]	=3D { .type =3D NLA_U8 },
-	[WGALLOWEDIP_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, __WGALLOWEDIP_F_ALL),
+	[WGALLOWEDIP_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, 0x1),
 };
=20
 static struct wg_device *lookup_interface(struct nlattr **attrs,
diff --git a/include/uapi/linux/wireguard.h b/include/uapi/linux/wireguard.h
index a2815f4f29104..a100b9715b083 100644
--- a/include/uapi/linux/wireguard.h
+++ b/include/uapi/linux/wireguard.h
@@ -1,32 +1,29 @@
-/* SPDX-License-Identifier: (GPL-2.0 WITH Linux-syscall-note) OR MIT */
-/*
- * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Right=
s Reserved.
- */
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl=
ause) */
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/wireguard.yaml */
+/* YNL-GEN uapi header */
+/* To regenerate run: tools/net/ynl/ynl-regen.sh */
=20
-#ifndef _WG_UAPI_WIREGUARD_H
-#define _WG_UAPI_WIREGUARD_H
+#ifndef _UAPI_LINUX_WIREGUARD_H
+#define _UAPI_LINUX_WIREGUARD_H
=20
-#define WG_GENL_NAME "wireguard"
-#define WG_GENL_VERSION 1
+#define WG_GENL_NAME	"wireguard"
+#define WG_GENL_VERSION	1
=20
-#define WG_KEY_LEN 32
+#define WG_KEY_LEN	32
=20
 enum wgdevice_flag {
-	WGDEVICE_F_REPLACE_PEERS =3D 1U << 0,
-	__WGDEVICE_F_ALL =3D WGDEVICE_F_REPLACE_PEERS
+	WGDEVICE_F_REPLACE_PEERS =3D 1,
 };
=20
 enum wgpeer_flag {
-	WGPEER_F_REMOVE_ME =3D 1U << 0,
-	WGPEER_F_REPLACE_ALLOWEDIPS =3D 1U << 1,
-	WGPEER_F_UPDATE_ONLY =3D 1U << 2,
-	__WGPEER_F_ALL =3D WGPEER_F_REMOVE_ME | WGPEER_F_REPLACE_ALLOWEDIPS |
-			 WGPEER_F_UPDATE_ONLY
+	WGPEER_F_REMOVE_ME =3D 1,
+	WGPEER_F_REPLACE_ALLOWEDIPS =3D 2,
+	WGPEER_F_UPDATE_ONLY =3D 4,
 };
=20
 enum wgallowedip_flag {
-	WGALLOWEDIP_F_REMOVE_ME =3D 1U << 0,
-	__WGALLOWEDIP_F_ALL =3D WGALLOWEDIP_F_REMOVE_ME
+	WGALLOWEDIP_F_REMOVE_ME =3D 1,
 };
=20
 enum wgdevice_attribute {
@@ -39,6 +36,7 @@ enum wgdevice_attribute {
 	WGDEVICE_A_LISTEN_PORT,
 	WGDEVICE_A_FWMARK,
 	WGDEVICE_A_PEERS,
+
 	__WGDEVICE_A_LAST
 };
 #define WGDEVICE_A_MAX (__WGDEVICE_A_LAST - 1)
@@ -55,6 +53,7 @@ enum wgpeer_attribute {
 	WGPEER_A_TX_BYTES,
 	WGPEER_A_ALLOWEDIPS,
 	WGPEER_A_PROTOCOL_VERSION,
+
 	__WGPEER_A_LAST
 };
 #define WGPEER_A_MAX (__WGPEER_A_LAST - 1)
@@ -65,6 +64,7 @@ enum wgallowedip_attribute {
 	WGALLOWEDIP_A_IPADDR,
 	WGALLOWEDIP_A_CIDR_MASK,
 	WGALLOWEDIP_A_FLAGS,
+
 	__WGALLOWEDIP_A_LAST
 };
 #define WGALLOWEDIP_A_MAX (__WGALLOWEDIP_A_LAST - 1)
@@ -77,4 +77,4 @@ enum wg_cmd {
 };
 #define WG_CMD_MAX (__WG_CMD_MAX - 1)
=20
-#endif /* _WG_UAPI_WIREGUARD_H */
+#endif /* _UAPI_LINUX_WIREGUARD_H */
--=20
2.51.0

From nobody Mon Dec  1 22:37:29 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2309312836;
	Wed, 26 Nov 2025 17:36:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764178601; cv=none;
 b=OYUXJaGW8guY2OncLSgr5n25s+ChhrRB7qfTSlB60HTFpu9YyqYpzSRusDk6wKIo7ngjU1q9oNs3ExlCbwPtIJ4K9QMqg5VOyL/etmF4JeQgUTju7U39aFTv+JUlT3Y2JbiXArqMuGLuHYavXoNZQ+9g2rrEZ41lXrD2TeUy6ac=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764178601; c=relaxed/simple;
	bh=oAc5lLTvSoXT1miS4IBqz89hqPf/jtLfqkSsakiDm5M=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=WxPsMka4XqwtyGWZdo1oL107BUxHwtCJcSUo4fTMCTCy0chO4l4cK4c4431l4Dxx32el7ZAtZRXMJlVhozH5XiL4uxpwEPFlmrENjWlmSsnOoo1qWEWrhqQTExNAg764AMxycq3TJ2nh3mmzo09rMnSKwCnP9MuYlysHjzzxybo=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=KDR6fhWd; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="KDR6fhWd"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1764178585;
	bh=oAc5lLTvSoXT1miS4IBqz89hqPf/jtLfqkSsakiDm5M=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=KDR6fhWd+xCVxkICDStMC9xcrFTkWjBCPiZ7TtPrvwmI+jFH/tL/1u+zeTSMpwFo0
	 bP2By3iG++Jrg918alD2+pIdpyxBIpDBnQm0QBOoQL2s1MX3jXXvIYQs4SlnUxSr4c
	 B9UsMlqsT+j8X+YNYE7g3e/tqaKipNXWblLj02f5qk5VYMzojbuCem1B7ltopZQmY4
	 4wcCY/Gb4XaG3WhI1j3YcHbwbjIN+HT4PZNMzPO60aQ+I+H9eEEkVLnDKVc/5TAWSu
	 8cSn05aD0yPibHN3p0HaiALlsMUhJHvfKoj6h0sFg0jcyXV/Dth6XMYzyqZVRXT+AJ
	 ZeoCw41l/QTBg==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id A06126010D;
	Wed, 26 Nov 2025 17:36:25 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id E1067204071; Wed, 26 Nov 2025 17:35:52 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Jordan Rife <jordan@jrife.io>
Subject: [PATCH wireguard v4 09/10] tools: ynl: add sample for wireguard
Date: Wed, 26 Nov 2025 17:35:41 +0000
Message-ID: <20251126173546.57681-10-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251126173546.57681-1-ast@fiberby.net>
References: <20251126173546.57681-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Add a sample application for WireGuard, using the generated C library.

The main benefit of this is to exercise the generated library,
which might be useful for future selftests.

In order to support usage with a pre-YNL wireguard.h in /usr/include,
the former header guard is added to Makefile.deps as well.

Example:
  $ make -C tools/net/ynl/lib
  $ make -C tools/net/ynl/generated
  $ make -C tools/net/ynl/samples wireguard
  $ ./tools/net/ynl/samples/wireguard
  usage: ./tools/net/ynl/samples/wireguard <ifindex|ifname>
  $ sudo ./tools/net/ynl/samples/wireguard wg-test
  Interface 3: wg-test
      Peer 6adfb183a4a2c94a2f92dab5ade762a4788[...]:
          Data: rx: 42 / tx: 42 bytes
          Allowed IPs:
              0.0.0.0/0
              ::/0

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 MAINTAINERS                       |   1 +
 tools/net/ynl/Makefile.deps       |   2 +
 tools/net/ynl/samples/.gitignore  |   1 +
 tools/net/ynl/samples/wireguard.c | 104 ++++++++++++++++++++++++++++++
 4 files changed, 108 insertions(+)
 create mode 100644 tools/net/ynl/samples/wireguard.c

diff --git a/MAINTAINERS b/MAINTAINERS
index a72fe5ce334b6..dfc7b7a017561 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -27665,6 +27665,7 @@ L:	netdev@vger.kernel.org
 S:	Maintained
 F:	Documentation/netlink/specs/wireguard.yaml
 F:	drivers/net/wireguard/
+F:	tools/net/ynl/samples/wireguard.c
 F:	tools/testing/selftests/wireguard/
=20
 WISTRON LAPTOP BUTTON DRIVER
diff --git a/tools/net/ynl/Makefile.deps b/tools/net/ynl/Makefile.deps
index 865fd2e8519ed..a9a5348b31a3b 100644
--- a/tools/net/ynl/Makefile.deps
+++ b/tools/net/ynl/Makefile.deps
@@ -48,3 +48,5 @@ CFLAGS_tc:=3D $(call get_hdr_inc,__LINUX_RTNETLINK_H,rtne=
tlink.h) \
 	$(call get_hdr_inc,_TC_SKBEDIT_H,tc_act/tc_skbedit.h) \
 	$(call get_hdr_inc,_TC_TUNNEL_KEY_H,tc_act/tc_tunnel_key.h)
 CFLAGS_tcp_metrics:=3D$(call get_hdr_inc,_LINUX_TCP_METRICS_H,tcp_metrics.=
h)
+CFLAGS_wireguard:=3D$(call get_hdr_inc,_LINUX_WIREGUARD_H,wireguard.h) \
+	-D _WG_UAPI_WIREGUARD_H # alternate pre-YNL guard
diff --git a/tools/net/ynl/samples/.gitignore b/tools/net/ynl/samples/.giti=
gnore
index 05087ee323ba2..6fbed294feac0 100644
--- a/tools/net/ynl/samples/.gitignore
+++ b/tools/net/ynl/samples/.gitignore
@@ -8,3 +8,4 @@ rt-link
 rt-route
 tc
 tc-filter-add
+wireguard
diff --git a/tools/net/ynl/samples/wireguard.c b/tools/net/ynl/samples/wire=
guard.c
new file mode 100644
index 0000000000000..43f3551eb101a
--- /dev/null
+++ b/tools/net/ynl/samples/wireguard.c
@@ -0,0 +1,104 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <arpa/inet.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <ynl.h>
+
+#include "wireguard-user.h"
+
+static void print_allowed_ip(const struct wireguard_wgallowedip *aip)
+{
+	char addr_out[INET6_ADDRSTRLEN];
+
+	if (!inet_ntop(aip->family, aip->ipaddr, addr_out, sizeof(addr_out))) {
+		addr_out[0] =3D '?';
+		addr_out[1] =3D '\0';
+	}
+	printf("\t\t\t%s/%u\n", addr_out, aip->cidr_mask);
+}
+
+/* Only printing public key in this demo. For better key formatting,
+ * use the constant-time implementation as found in wireguard-tools.
+ */
+static void print_peer_header(const struct wireguard_wgpeer *peer)
+{
+	unsigned int i;
+	uint8_t *key =3D peer->public_key;
+	unsigned int len =3D peer->_len.public_key;
+
+	if (len !=3D 32)
+		return;
+	printf("\tPeer ");
+	for (i =3D 0; i < len; i++)
+		printf("%02x", key[i]);
+	printf(":\n");
+}
+
+static void print_peer(const struct wireguard_wgpeer *peer)
+{
+	unsigned int i;
+
+	print_peer_header(peer);
+	printf("\t\tData: rx: %llu / tx: %llu bytes\n",
+	       peer->rx_bytes, peer->tx_bytes);
+	printf("\t\tAllowed IPs:\n");
+	for (i =3D 0; i < peer->_count.allowedips; i++)
+		print_allowed_ip(&peer->allowedips[i]);
+}
+
+static void build_request(struct wireguard_get_device_req *req, char *arg)
+{
+	char *endptr;
+	int ifindex;
+
+	ifindex =3D strtol(arg, &endptr, 0);
+	if (endptr !=3D arg + strlen(arg) || errno !=3D 0)
+		ifindex =3D 0;
+	if (ifindex > 0)
+		wireguard_get_device_req_set_ifindex(req, ifindex);
+	else
+		wireguard_get_device_req_set_ifname(req, arg);
+}
+
+int main(int argc, char **argv)
+{
+	struct wireguard_get_device_list *devs;
+	struct wireguard_get_device_req *req;
+	struct ynl_sock *ys;
+
+	if (argc < 2) {
+		fprintf(stderr, "usage: %s <ifindex|ifname>\n", argv[0]);
+		return 1;
+	}
+
+	req =3D wireguard_get_device_req_alloc();
+	build_request(req, argv[1]);
+
+	ys =3D ynl_sock_create(&ynl_wireguard_family, NULL);
+	if (!ys)
+		return 2;
+
+	devs =3D wireguard_get_device_dump(ys, req);
+	if (!devs)
+		goto err_close;
+
+	ynl_dump_foreach(devs, d) {
+		unsigned int i;
+
+		printf("Interface %d: %s\n", d->ifindex, d->ifname);
+		for (i =3D 0; i < d->_count.peers; i++)
+			print_peer(&d->peers[i]);
+	}
+	wireguard_get_device_list_free(devs);
+	wireguard_get_device_req_free(req);
+	ynl_sock_destroy(ys);
+
+	return 0;
+
+err_close:
+	fprintf(stderr, "YNL (%d): %s\n", ys->err.code, ys->err.msg);
+	wireguard_get_device_req_free(req);
+	ynl_sock_destroy(ys);
+	return 3;
+}
--=20
2.51.0

From nobody Mon Dec  1 22:37:29 2025
Received: from mail1.fiberby.net (mail1.fiberby.net [193.104.135.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 76F87311C37;
	Wed, 26 Nov 2025 17:36:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=193.104.135.124
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1764178600; cv=none;
 b=dYBPP7nm+fPtEZ48l1y3irEvH85Zs4HMMYFNrgfSwMulw3OgONT9H7ND42SSqMUSd+pKFx/zz34HQGgUlq5RWzMx13KA5a2Ry3FoGj1bS/gZhYCNfbTMUeaFgcnTyO3oMGtWRRXGuS51aD1pg4ML7yrg8BNxuVgMxlTWlAIj6sI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1764178600; c=relaxed/simple;
	bh=6za08evM4/3iaYHy0vKK/WiWcDhIqI4gEH19T3HckHY=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version:Content-Type;
 b=EFrMjly2PcQ9vcPvZ0lhgznjs7YsXpxIhe2PMKUS7KmXp5r2KJKw9smBMuNVqkB6HEDBSpV2ZsDvCXRAYaP++PqsttFvvuayv+p2BcHbVBN1c01aq2d/hS8jSdztAUbSWe5qvwAaSlDlBWmFlYKgZ8z1srOrl09GhWYrMCozE9o=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net;
 spf=pass smtp.mailfrom=fiberby.net;
 dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b=vgCSQK0f; arc=none smtp.client-ip=193.104.135.124
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=fiberby.net
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=fiberby.net header.i=@fiberby.net
 header.b="vgCSQK0f"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fiberby.net;
	s=202008; t=1764178585;
	bh=6za08evM4/3iaYHy0vKK/WiWcDhIqI4gEH19T3HckHY=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=vgCSQK0f2u+8HNOs9XHRFoCxwd9eR7SbzRGb+0VcZec/7kLtrSQ70D/ug72Yn4957
	 1flU/psoPx3wPm+BV1zjUNxmPQ5H8BvaGFjLM45jgOHdkHjwOdF14M81LfMpnNLyGp
	 oVnBlqj+hhgnp0zT0oXT8ReWxIyn1pThHRAZDGOuPk+5no1N2BKiiwb2LPlYgXd3x3
	 JNpxvIBwTQPNt8U2SzjFRu/JzFtRwpbJXS1/xPDxvRY+w3sz/8CknW0vGYq9yb3Juw
	 3JbY1HnslZEkjc30ZjCnvyOTqf5jK22PvKZF8CD6qPSm56cL7CM+HlXHbrOgD2IUwg
	 dwX/94osRMQBw==
Received: from x201s (193-104-135-243.ip4.fiberby.net [193.104.135.243])
	by mail1.fiberby.net (Postfix) with ESMTPSA id A1EFC6010F;
	Wed, 26 Nov 2025 17:36:25 +0000 (UTC)
Received: by x201s (Postfix, from userid 1000)
	id ECDB8204309; Wed, 26 Nov 2025 17:35:52 +0000 (UTC)
From: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: =?UTF-8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= <ast@fiberby.net>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>,
	Donald Hunter <donald.hunter@gmail.com>,
	Simon Horman <horms@kernel.org>,
	Jacob Keller <jacob.e.keller@intel.com>,
	Andrew Lunn <andrew+netdev@lunn.ch>,
	wireguard@lists.zx2c4.com,
	netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	Jordan Rife <jordan@jrife.io>
Subject: [PATCH wireguard v4 10/10] wireguard: netlink: generate netlink code
Date: Wed, 26 Nov 2025 17:35:42 +0000
Message-ID: <20251126173546.57681-11-ast@fiberby.net>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251126173546.57681-1-ast@fiberby.net>
References: <20251126173546.57681-1-ast@fiberby.net>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

This patch adopts netlink policies and command definitions
generated by ynl-gen, thus completing the conversion to YNL.

Given that the old and new policies are functionally identical
and have just been moved to a new file, it serves to verify
that the policies generated from the spec are identical to the
previous policy code.

The following functions are renamed:
  wg_get_device_dump() -> wg_get_device_dumpit()
  wg_set_device()      -> wg_set_device_doit()

The new files are covered by the existing drivers/net/wireguard/
pattern in MAINTAINERS.

No behavioural changes intended.

Signed-off-by: Asbj=C3=B8rn Sloth T=C3=B8nnesen <ast@fiberby.net>
---
 drivers/net/wireguard/Makefile            |  2 +-
 drivers/net/wireguard/generated/netlink.c | 73 +++++++++++++++++++++++
 drivers/net/wireguard/generated/netlink.h | 30 ++++++++++
 drivers/net/wireguard/netlink.c           | 60 ++-----------------
 4 files changed, 109 insertions(+), 56 deletions(-)
 create mode 100644 drivers/net/wireguard/generated/netlink.c
 create mode 100644 drivers/net/wireguard/generated/netlink.h

diff --git a/drivers/net/wireguard/Makefile b/drivers/net/wireguard/Makefile
index dbe1f8514efc3..00cbcc9ab69da 100644
--- a/drivers/net/wireguard/Makefile
+++ b/drivers/net/wireguard/Makefile
@@ -13,5 +13,5 @@ wireguard-y +=3D peerlookup.o
 wireguard-y +=3D allowedips.o
 wireguard-y +=3D ratelimiter.o
 wireguard-y +=3D cookie.o
-wireguard-y +=3D netlink.o
+wireguard-y +=3D netlink.o generated/netlink.o
 obj-$(CONFIG_WIREGUARD) :=3D wireguard.o
diff --git a/drivers/net/wireguard/generated/netlink.c b/drivers/net/wiregu=
ard/generated/netlink.c
new file mode 100644
index 0000000000000..3ef8c29908c28
--- /dev/null
+++ b/drivers/net/wireguard/generated/netlink.c
@@ -0,0 +1,73 @@
+// SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl=
ause)
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/wireguard.yaml */
+/* YNL-GEN kernel source */
+/* YNL-ARG --function-prefix wg */
+/* To regenerate run: tools/net/ynl/ynl-regen.sh */
+
+#include <net/netlink.h>
+#include <net/genetlink.h>
+
+#include "netlink.h"
+
+#include <uapi/linux/wireguard.h>
+#include <linux/time_types.h>
+
+/* Common nested types */
+const struct nla_policy wireguard_wgallowedip_nl_policy[WGALLOWEDIP_A_FLAG=
S + 1] =3D {
+	[WGALLOWEDIP_A_FAMILY] =3D { .type =3D NLA_U16, },
+	[WGALLOWEDIP_A_IPADDR] =3D NLA_POLICY_MIN_LEN(4),
+	[WGALLOWEDIP_A_CIDR_MASK] =3D { .type =3D NLA_U8, },
+	[WGALLOWEDIP_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1),
+};
+
+const struct nla_policy wireguard_wgpeer_nl_policy[WGPEER_A_PROTOCOL_VERSI=
ON + 1] =3D {
+	[WGPEER_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGPEER_A_PRESHARED_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGPEER_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x7),
+	[WGPEER_A_ENDPOINT] =3D NLA_POLICY_MIN_LEN(16),
+	[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] =3D { .type =3D NLA_U16, },
+	[WGPEER_A_LAST_HANDSHAKE_TIME] =3D NLA_POLICY_EXACT_LEN(16),
+	[WGPEER_A_RX_BYTES] =3D { .type =3D NLA_U64, },
+	[WGPEER_A_TX_BYTES] =3D { .type =3D NLA_U64, },
+	[WGPEER_A_ALLOWEDIPS] =3D NLA_POLICY_NESTED_ARRAY(wireguard_wgallowedip_n=
l_policy),
+	[WGPEER_A_PROTOCOL_VERSION] =3D { .type =3D NLA_U32, },
+};
+
+/* WG_CMD_GET_DEVICE - dump */
+static const struct nla_policy wireguard_get_device_nl_policy[WGDEVICE_A_I=
FNAME + 1] =3D {
+	[WGDEVICE_A_IFINDEX] =3D { .type =3D NLA_U32, },
+	[WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D 15, },
+};
+
+/* WG_CMD_SET_DEVICE - do */
+static const struct nla_policy wireguard_set_device_nl_policy[WGDEVICE_A_P=
EERS + 1] =3D {
+	[WGDEVICE_A_IFINDEX] =3D { .type =3D NLA_U32, },
+	[WGDEVICE_A_IFNAME] =3D { .type =3D NLA_NUL_STRING, .len =3D 15, },
+	[WGDEVICE_A_PRIVATE_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGDEVICE_A_PUBLIC_KEY] =3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
+	[WGDEVICE_A_FLAGS] =3D NLA_POLICY_MASK(NLA_U32, 0x1),
+	[WGDEVICE_A_LISTEN_PORT] =3D { .type =3D NLA_U16, },
+	[WGDEVICE_A_FWMARK] =3D { .type =3D NLA_U32, },
+	[WGDEVICE_A_PEERS] =3D NLA_POLICY_NESTED_ARRAY(wireguard_wgpeer_nl_policy=
),
+};
+
+/* Ops table for wireguard */
+const struct genl_split_ops wireguard_nl_ops[2] =3D {
+	{
+		.cmd		=3D WG_CMD_GET_DEVICE,
+		.start		=3D wg_get_device_start,
+		.dumpit		=3D wg_get_device_dumpit,
+		.done		=3D wg_get_device_done,
+		.policy		=3D wireguard_get_device_nl_policy,
+		.maxattr	=3D WGDEVICE_A_IFNAME,
+		.flags		=3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP,
+	},
+	{
+		.cmd		=3D WG_CMD_SET_DEVICE,
+		.doit		=3D wg_set_device_doit,
+		.policy		=3D wireguard_set_device_nl_policy,
+		.maxattr	=3D WGDEVICE_A_PEERS,
+		.flags		=3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO,
+	},
+};
diff --git a/drivers/net/wireguard/generated/netlink.h b/drivers/net/wiregu=
ard/generated/netlink.h
new file mode 100644
index 0000000000000..5dc977ee9e7c9
--- /dev/null
+++ b/drivers/net/wireguard/generated/netlink.h
@@ -0,0 +1,30 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Cl=
ause) */
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/wireguard.yaml */
+/* YNL-GEN kernel header */
+/* YNL-ARG --function-prefix wg */
+/* To regenerate run: tools/net/ynl/ynl-regen.sh */
+
+#ifndef _LINUX_WIREGUARD_GEN_H
+#define _LINUX_WIREGUARD_GEN_H
+
+#include <net/netlink.h>
+#include <net/genetlink.h>
+
+#include <uapi/linux/wireguard.h>
+#include <linux/time_types.h>
+
+/* Common nested types */
+extern const struct nla_policy wireguard_wgallowedip_nl_policy[WGALLOWEDIP=
_A_FLAGS + 1];
+extern const struct nla_policy wireguard_wgpeer_nl_policy[WGPEER_A_PROTOCO=
L_VERSION + 1];
+
+/* Ops table for wireguard */
+extern const struct genl_split_ops wireguard_nl_ops[2];
+
+int wg_get_device_start(struct netlink_callback *cb);
+int wg_get_device_done(struct netlink_callback *cb);
+
+int wg_get_device_dumpit(struct sk_buff *skb, struct netlink_callback *cb);
+int wg_set_device_doit(struct sk_buff *skb, struct genl_info *info);
+
+#endif /* _LINUX_WIREGUARD_GEN_H */
diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlin=
k.c
index 0ce0bda8c1ce8..1da7e98d0d509 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -9,6 +9,7 @@
 #include "socket.h"
 #include "queueing.h"
 #include "messages.h"
+#include "generated/netlink.h"
=20
 #include <uapi/linux/wireguard.h>
=20
@@ -18,39 +19,6 @@
 #include <crypto/utils.h>
=20
 static struct genl_family genl_family;
-static const struct nla_policy peer_policy[WGPEER_A_MAX + 1];
-static const struct nla_policy allowedip_policy[WGALLOWEDIP_A_MAX + 1];
-
-static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] =3D {
-	[WGDEVICE_A_IFINDEX]		=3D { .type =3D NLA_U32 },
-	[WGDEVICE_A_IFNAME]		=3D { .type =3D NLA_NUL_STRING, .len =3D IFNAMSIZ - =
1 },
-	[WGDEVICE_A_PRIVATE_KEY]	=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGDEVICE_A_PUBLIC_KEY]		=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGDEVICE_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, 0x1),
-	[WGDEVICE_A_LISTEN_PORT]	=3D { .type =3D NLA_U16 },
-	[WGDEVICE_A_FWMARK]		=3D { .type =3D NLA_U32 },
-	[WGDEVICE_A_PEERS]		=3D NLA_POLICY_NESTED_ARRAY(peer_policy),
-};
-
-static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] =3D {
-	[WGPEER_A_PUBLIC_KEY]				=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGPEER_A_PRESHARED_KEY]			=3D NLA_POLICY_EXACT_LEN(WG_KEY_LEN),
-	[WGPEER_A_FLAGS]				=3D NLA_POLICY_MASK(NLA_U32, 0x7),
-	[WGPEER_A_ENDPOINT]				=3D NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)),
-	[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]	=3D { .type =3D NLA_U16 },
-	[WGPEER_A_LAST_HANDSHAKE_TIME]			=3D NLA_POLICY_EXACT_LEN(sizeof(struct _=
_kernel_timespec)),
-	[WGPEER_A_RX_BYTES]				=3D { .type =3D NLA_U64 },
-	[WGPEER_A_TX_BYTES]				=3D { .type =3D NLA_U64 },
-	[WGPEER_A_ALLOWEDIPS]				=3D NLA_POLICY_NESTED_ARRAY(allowedip_policy),
-	[WGPEER_A_PROTOCOL_VERSION]			=3D { .type =3D NLA_U32 }
-};
-
-static const struct nla_policy allowedip_policy[WGALLOWEDIP_A_MAX + 1] =3D=
 {
-	[WGALLOWEDIP_A_FAMILY]		=3D { .type =3D NLA_U16 },
-	[WGALLOWEDIP_A_IPADDR]		=3D NLA_POLICY_MIN_LEN(sizeof(struct in_addr)),
-	[WGALLOWEDIP_A_CIDR_MASK]	=3D { .type =3D NLA_U8 },
-	[WGALLOWEDIP_A_FLAGS]		=3D NLA_POLICY_MASK(NLA_U32, 0x1),
-};
=20
 static struct wg_device *lookup_interface(struct nlattr **attrs,
 					  struct sk_buff *skb)
@@ -199,7 +167,7 @@ get_peer(struct wg_peer *peer, struct sk_buff *skb, str=
uct dump_ctx *ctx)
 	return -EMSGSIZE;
 }
=20
-static int wg_get_device_start(struct netlink_callback *cb)
+int wg_get_device_start(struct netlink_callback *cb)
 {
 	struct wg_device *wg;
=20
@@ -210,7 +178,7 @@ static int wg_get_device_start(struct netlink_callback =
*cb)
 	return 0;
 }
=20
-static int wg_get_device_dump(struct sk_buff *skb, struct netlink_callback=
 *cb)
+int wg_get_device_dumpit(struct sk_buff *skb, struct netlink_callback *cb)
 {
 	struct wg_peer *peer, *next_peer_cursor;
 	struct dump_ctx *ctx =3D DUMP_CTX(cb);
@@ -304,7 +272,7 @@ static int wg_get_device_dump(struct sk_buff *skb, stru=
ct netlink_callback *cb)
 	 */
 }
=20
-static int wg_get_device_done(struct netlink_callback *cb)
+int wg_get_device_done(struct netlink_callback *cb)
 {
 	struct dump_ctx *ctx =3D DUMP_CTX(cb);
=20
@@ -502,7 +470,7 @@ static int set_peer(struct wg_device *wg, struct nlattr=
 **attrs)
 	return ret;
 }
=20
-static int wg_set_device(struct sk_buff *skb, struct genl_info *info)
+int wg_set_device_doit(struct sk_buff *skb, struct genl_info *info)
 {
 	struct wg_device *wg =3D lookup_interface(info->attrs, skb);
 	u32 flags =3D 0;
@@ -616,24 +584,6 @@ static int wg_set_device(struct sk_buff *skb, struct g=
enl_info *info)
 	return ret;
 }
=20
-static const struct genl_split_ops wireguard_nl_ops[] =3D {
-	{
-		.cmd =3D WG_CMD_GET_DEVICE,
-		.start =3D wg_get_device_start,
-		.dumpit =3D wg_get_device_dump,
-		.done =3D wg_get_device_done,
-		.policy =3D device_policy,
-		.maxattr =3D WGDEVICE_A_IFNAME,
-		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DUMP,
-	}, {
-		.cmd =3D WG_CMD_SET_DEVICE,
-		.doit =3D wg_set_device,
-		.policy =3D device_policy,
-		.maxattr =3D WGDEVICE_A_PEERS,
-		.flags =3D GENL_UNS_ADMIN_PERM | GENL_CMD_CAP_DO,
-	}
-};
-
 static struct genl_family genl_family __ro_after_init =3D {
 	.split_ops =3D wireguard_nl_ops,
 	.n_split_ops =3D ARRAY_SIZE(wireguard_nl_ops),
--=20
2.51.0