[RFC net-next 02/14] wireguard: netlink: validate nested arrays in policy
From: Asbjørn Sloth Tønnesen
Date: Thu Sep 04 2025 - 18:06:47 EST
Use NLA_POLICY_NESTED_ARRAY() to add nested array validation.
No behavioural changes intended, as the nested policy is already
enforced through nla_parse_nested().
This patch is an incremental step towards adopting a policy
generated by ynl-gen.
Signed-off-by: Asbjørn Sloth Tønnesen <ast@xxxxxxxxxxx>
---
drivers/net/wireguard/netlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c
index 086edd4bb33b..742d3f88d132 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -27,7 +27,7 @@ static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] = {
[WGDEVICE_A_FLAGS] = NLA_POLICY_MASK(NLA_U32, __WGDEVICE_F_ALL),
[WGDEVICE_A_LISTEN_PORT] = { .type = NLA_U16 },
[WGDEVICE_A_FWMARK] = { .type = NLA_U32 },
- [WGDEVICE_A_PEERS] = { .type = NLA_NESTED }
+ [WGDEVICE_A_PEERS] = NLA_POLICY_NESTED_ARRAY(peer_policy),
};
static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] = {
@@ -39,7 +39,7 @@ static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] = {
[WGPEER_A_LAST_HANDSHAKE_TIME] = NLA_POLICY_EXACT_LEN(sizeof(struct __kernel_timespec)),
[WGPEER_A_RX_BYTES] = { .type = NLA_U64 },
[WGPEER_A_TX_BYTES] = { .type = NLA_U64 },
- [WGPEER_A_ALLOWEDIPS] = { .type = NLA_NESTED },
+ [WGPEER_A_ALLOWEDIPS] = NLA_POLICY_NESTED_ARRAY(allowedip_policy),
[WGPEER_A_PROTOCOL_VERSION] = { .type = NLA_U32 }
};
--
2.51.0