[RFC net-next 02/14] wireguard: netlink: validate nested arrays in policy

[RFC net-next 00/14] wireguard: netlink: ynl conversion · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 08/14] uapi: wireguard: generate header with ynl-gen · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 09/14] wireguard: netlink: convert to split ops · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 14/14] tools: ynl: add sample for wireguard · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 01/14] wireguard: netlink: use WG_KEY_LEN in policies · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 13/14] wireguard: netlink: enable strict genetlink validation · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 06/14] uapi: wireguard: move enum wg_cmd · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 02/14] wireguard: netlink: validate nested arrays in policy · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 10/14] wireguard: netlink: rename netlink handlers · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 07/14] uapi: wireguard: move flag enums · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 05/14] uapi: wireguard: use __*_A_MAX in enums · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 04/14] netlink: specs: wireguard: add remaining checks · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 11/14] wireguard: netlink: generate netlink code · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 03/14] netlink: specs: add specification for wireguard · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
[RFC net-next 12/14] netlink: specs: wireguard: alternative to wireguard_params.h · Asbjørn Sloth Tønnesen <hidden> · 2025-09-04
Re: [RFC net-next 00/14] wireguard: netlink: ynl conversion · "Jason A. Donenfeld" <Jason@zx2c4.com> · 2025-09-16
Re: [RFC net-next 00/14] wireguard: netlink: ynl conversion · Asbjørn Sloth Tønnesen <hidden> · 2025-09-17

From: Asbjørn Sloth Tønnesen <hidden>
Date: 2025-09-04 22:03:31
Also in: lkml
Subsystem: networking drivers, the rest, wireguard secure network tunnel · Maintainers: Andrew Lunn, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds, Jason A. Donenfeld

Use NLA_POLICY_NESTED_ARRAY() to add nested array validation.

No behavioural changes intended, as the nested policy is already
enforced through nla_parse_nested().

This patch is an incremental step towards adopting a policy
generated by ynl-gen.

Signed-off-by: Asbjørn Sloth Tønnesen <redacted>
---
 drivers/net/wireguard/netlink.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c
index 086edd4bb33b..742d3f88d132 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c

@@ -27,7 +27,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] = {
 	[WGDEVICE_A_FLAGS]		= NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL),
 	[WGDEVICE_A_LISTEN_PORT]	= { .type = NLA_U16 },
 	[WGDEVICE_A_FWMARK]		= { .type = NLA_U32 },
-	[WGDEVICE_A_PEERS]		= { .type = NLA_NESTED }
+	[WGDEVICE_A_PEERS]		= NLA_POLICY_NESTED_ARRAY(peer_policy),
 };
 
 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] = {

@@ -39,7 +39,7 @@ static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] = {
 	[WGPEER_A_LAST_HANDSHAKE_TIME]			= NLA_POLICY_EXACT_LEN(sizeof(struct __kernel_timespec)),
 	[WGPEER_A_RX_BYTES]				= { .type = NLA_U64 },
 	[WGPEER_A_TX_BYTES]				= { .type = NLA_U64 },
-	[WGPEER_A_ALLOWEDIPS]				= { .type = NLA_NESTED },
+	[WGPEER_A_ALLOWEDIPS]				= NLA_POLICY_NESTED_ARRAY(allowedip_policy),
 	[WGPEER_A_PROTOCOL_VERSION]			= { .type = NLA_U32 }
 };

-- 
2.51.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help