lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250904220255.1006675-4-ast@fiberby.net>
Date: Thu,  4 Sep 2025 22:02:38 +0000
From: Asbjørn Sloth Tønnesen <ast@...erby.net>
To: "Jason A. Donenfeld" <Jason@...c4.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>
Cc: Asbjørn Sloth Tønnesen <ast@...erby.net>,
	Donald Hunter <donald.hunter@...il.com>,
	Simon Horman <horms@...nel.org>,
	Jacob Keller <jacob.e.keller@...el.com>,
	Andrew Lunn <andrew+netdev@...n.ch>,
	wireguard@...ts.zx2c4.com,
	netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [RFC net-next 04/14] netlink: specs: wireguard: add remaining checks

This patch adds the remaining checks from the existing
policy code, and thereby completes the wireguard spec.

These are added separately in this RFC mainly to showcase
two difference approaches to convert them.

They require a sizeof() operations or arithmetics, both of
which can't be expressed in YNL currently.

In order to keep the C code 1:1, then in this patch they are
added as an additional UAPI header wireguard_params.h,
defining them so that ynl-gen can reference them as constants.

This approach could also allow a selftest to validate that
the value of the constant in the YNL spec, is the same as the
value in the header file.

In patch 12 in this series, this patch is reverted, and replaced
with magic numbers in the YNL checks, as an alternative.

Signed-off-by: Asbjørn Sloth Tønnesen <ast@...erby.net>
---
 Documentation/netlink/specs/wireguard.yaml | 36 ++++++++++++++++++++++
 MAINTAINERS                                |  1 +
 include/uapi/linux/wireguard_params.h      | 18 +++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 include/uapi/linux/wireguard_params.h

diff --git a/Documentation/netlink/specs/wireguard.yaml b/Documentation/netlink/specs/wireguard.yaml
index c6db3bbf0985..37011c3f158b 100644
--- a/Documentation/netlink/specs/wireguard.yaml
+++ b/Documentation/netlink/specs/wireguard.yaml
@@ -21,6 +21,34 @@ definitions:
     name: key-len
     type: const
     value: 32
+  -
+    name-prefix: --wg-
+    name: inaddr-sz
+    type: const
+    doc: Equivalent of ``sizeof(struct in_addr)``.
+    header: linux/wireguard_params.h
+    value: 4
+  -
+    name-prefix: --wg-
+    name: sockaddr-sz
+    type: const
+    doc: Equivalent of ``sizeof(struct sockaddr)``.
+    header: linux/wireguard_params.h
+    value: 16
+  -
+    name-prefix: --wg-
+    name: timespec-sz
+    type: const
+    doc: Equivalent of ``sizeof(struct __kernel_timespec)``.
+    header: linux/wireguard_params.h
+    value: 16
+  -
+    name-prefix: --wg-
+    name: ifnamlen
+    type: const
+    doc: Equivalent of ``IFNAMSIZ - 1``.
+    header: linux/wireguard_params.h
+    value: 15
   -
     name: --kernel-timespec
     type: struct
@@ -74,6 +102,8 @@ attribute-sets:
       -
         name: ifname
         type: string
+        checks:
+          max-len: --wg-ifnamlen
       -
         name: private-key
         type: binary
@@ -148,6 +178,8 @@ attribute-sets:
         name: endpoint
         doc: struct sockaddr_in or struct sockaddr_in6
         type: binary
+        checks:
+          min-len: --wg-sockaddr-sz
       -
         name: persistent-keepalive-interval
         type: u16
@@ -156,6 +188,8 @@ attribute-sets:
         name: last-handshake-time
         type: binary
         struct: --kernel-timespec
+        checks:
+          exact-len: --wg-timespec-sz
       -
         name: rx-bytes
         type: u64
@@ -191,6 +225,8 @@ attribute-sets:
         type: binary
         doc: struct in_addr or struct in6_add
         display-hint: ipv4-or-v6
+        checks:
+          min-len: --wg-inaddr-sz
       -
         name: cidr-mask
         type: u8
diff --git a/MAINTAINERS b/MAINTAINERS
index 1540aa22d152..e8360e4b55c6 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -27170,6 +27170,7 @@ L:	netdev@...r.kernel.org
 S:	Maintained
 F:	Documentation/netlink/specs/wireguard.yaml
 F:	drivers/net/wireguard/
+F:	include/uapi/linux/wireguard_params.h
 F:	tools/testing/selftests/wireguard/
 
 WISTRON LAPTOP BUTTON DRIVER
diff --git a/include/uapi/linux/wireguard_params.h b/include/uapi/linux/wireguard_params.h
new file mode 100644
index 000000000000..c218e4b8042f
--- /dev/null
+++ b/include/uapi/linux/wireguard_params.h
@@ -0,0 +1,18 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) */
+
+#ifndef _UAPI_LINUX_WIREGUARD_PARAMS_H
+#define _UAPI_LINUX_WIREGUARD_PARAMS_H
+
+#include <linux/time_types.h>
+#include <linux/if.h>
+#include <linux/in.h>
+
+/* These definitions are currently needed for definitions which can't
+ * be expressed directly in Documentation/netlink/specs/wireguard.yaml
+ */
+#define __WG_INADDR_SZ (sizeof(struct in_addr))
+#define __WG_SOCKADDR_SZ (sizeof(struct sockaddr))
+#define __WG_TIMESPEC_SZ (sizeof(struct __kernel_timespec))
+#define __WG_IFNAMLEN (IFNAMSIZ - 1)
+
+#endif /* _UAPI_LINUX_WIREGUARD_PARAMS_H */
-- 
2.51.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ