0001
0002
0003
0004
0005
0006 #include "netlink.h"
0007 #include "device.h"
0008 #include "peer.h"
0009 #include "socket.h"
0010 #include "queueing.h"
0011 #include "messages.h"
0012
0013 #include <uapi/linux/wireguard.h>
0014
0015 #include <linux/if.h>
0016 #include <net/genetlink.h>
0017 #include <net/sock.h>
0018 #include <crypto/algapi.h>
0019
0020 static struct genl_family genl_family;
0021
0022 static const struct nla_policy device_policy[WGDEVICE_A_MAX + 1] = {
0023 [WGDEVICE_A_IFINDEX] = { .type = NLA_U32 },
0024 [WGDEVICE_A_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ - 1 },
0025 [WGDEVICE_A_PRIVATE_KEY] = NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
0026 [WGDEVICE_A_PUBLIC_KEY] = NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
0027 [WGDEVICE_A_FLAGS] = { .type = NLA_U32 },
0028 [WGDEVICE_A_LISTEN_PORT] = { .type = NLA_U16 },
0029 [WGDEVICE_A_FWMARK] = { .type = NLA_U32 },
0030 [WGDEVICE_A_PEERS] = { .type = NLA_NESTED }
0031 };
0032
0033 static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] = {
0034 [WGPEER_A_PUBLIC_KEY] = NLA_POLICY_EXACT_LEN(NOISE_PUBLIC_KEY_LEN),
0035 [WGPEER_A_PRESHARED_KEY] = NLA_POLICY_EXACT_LEN(NOISE_SYMMETRIC_KEY_LEN),
0036 [WGPEER_A_FLAGS] = { .type = NLA_U32 },
0037 [WGPEER_A_ENDPOINT] = NLA_POLICY_MIN_LEN(sizeof(struct sockaddr)),
0038 [WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL] = { .type = NLA_U16 },
0039 [WGPEER_A_LAST_HANDSHAKE_TIME] = NLA_POLICY_EXACT_LEN(sizeof(struct __kernel_timespec)),
0040 [WGPEER_A_RX_BYTES] = { .type = NLA_U64 },
0041 [WGPEER_A_TX_BYTES] = { .type = NLA_U64 },
0042 [WGPEER_A_ALLOWEDIPS] = { .type = NLA_NESTED },
0043 [WGPEER_A_PROTOCOL_VERSION] = { .type = NLA_U32 }
0044 };
0045
0046 static const struct nla_policy allowedip_policy[WGALLOWEDIP_A_MAX + 1] = {
0047 [WGALLOWEDIP_A_FAMILY] = { .type = NLA_U16 },
0048 [WGALLOWEDIP_A_IPADDR] = NLA_POLICY_MIN_LEN(sizeof(struct in_addr)),
0049 [WGALLOWEDIP_A_CIDR_MASK] = { .type = NLA_U8 }
0050 };
0051
0052 static struct wg_device *lookup_interface(struct nlattr **attrs,
0053 struct sk_buff *skb)
0054 {
0055 struct net_device *dev = NULL;
0056
0057 if (!attrs[WGDEVICE_A_IFINDEX] == !attrs[WGDEVICE_A_IFNAME])
0058 return ERR_PTR(-EBADR);
0059 if (attrs[WGDEVICE_A_IFINDEX])
0060 dev = dev_get_by_index(sock_net(skb->sk),
0061 nla_get_u32(attrs[WGDEVICE_A_IFINDEX]));
0062 else if (attrs[WGDEVICE_A_IFNAME])
0063 dev = dev_get_by_name(sock_net(skb->sk),
0064 nla_data(attrs[WGDEVICE_A_IFNAME]));
0065 if (!dev)
0066 return ERR_PTR(-ENODEV);
0067 if (!dev->rtnl_link_ops || !dev->rtnl_link_ops->kind ||
0068 strcmp(dev->rtnl_link_ops->kind, KBUILD_MODNAME)) {
0069 dev_put(dev);
0070 return ERR_PTR(-EOPNOTSUPP);
0071 }
0072 return netdev_priv(dev);
0073 }
0074
0075 static int get_allowedips(struct sk_buff *skb, const u8 *ip, u8 cidr,
0076 int family)
0077 {
0078 struct nlattr *allowedip_nest;
0079
0080 allowedip_nest = nla_nest_start(skb, 0);
0081 if (!allowedip_nest)
0082 return -EMSGSIZE;
0083
0084 if (nla_put_u8(skb, WGALLOWEDIP_A_CIDR_MASK, cidr) ||
0085 nla_put_u16(skb, WGALLOWEDIP_A_FAMILY, family) ||
0086 nla_put(skb, WGALLOWEDIP_A_IPADDR, family == AF_INET6 ?
0087 sizeof(struct in6_addr) : sizeof(struct in_addr), ip)) {
0088 nla_nest_cancel(skb, allowedip_nest);
0089 return -EMSGSIZE;
0090 }
0091
0092 nla_nest_end(skb, allowedip_nest);
0093 return 0;
0094 }
0095
0096 struct dump_ctx {
0097 struct wg_device *wg;
0098 struct wg_peer *next_peer;
0099 u64 allowedips_seq;
0100 struct allowedips_node *next_allowedip;
0101 };
0102
0103 #define DUMP_CTX(cb) ((struct dump_ctx *)(cb)->args)
0104
0105 static int
0106 get_peer(struct wg_peer *peer, struct sk_buff *skb, struct dump_ctx *ctx)
0107 {
0108
0109 struct nlattr *allowedips_nest, *peer_nest = nla_nest_start(skb, 0);
0110 struct allowedips_node *allowedips_node = ctx->next_allowedip;
0111 bool fail;
0112
0113 if (!peer_nest)
0114 return -EMSGSIZE;
0115
0116 down_read(&peer->handshake.lock);
0117 fail = nla_put(skb, WGPEER_A_PUBLIC_KEY, NOISE_PUBLIC_KEY_LEN,
0118 peer->handshake.remote_static);
0119 up_read(&peer->handshake.lock);
0120 if (fail)
0121 goto err;
0122
0123 if (!allowedips_node) {
0124 const struct __kernel_timespec last_handshake = {
0125 .tv_sec = peer->walltime_last_handshake.tv_sec,
0126 .tv_nsec = peer->walltime_last_handshake.tv_nsec
0127 };
0128
0129 down_read(&peer->handshake.lock);
0130 fail = nla_put(skb, WGPEER_A_PRESHARED_KEY,
0131 NOISE_SYMMETRIC_KEY_LEN,
0132 peer->handshake.preshared_key);
0133 up_read(&peer->handshake.lock);
0134 if (fail)
0135 goto err;
0136
0137 if (nla_put(skb, WGPEER_A_LAST_HANDSHAKE_TIME,
0138 sizeof(last_handshake), &last_handshake) ||
0139 nla_put_u16(skb, WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL,
0140 peer->persistent_keepalive_interval) ||
0141 nla_put_u64_64bit(skb, WGPEER_A_TX_BYTES, peer->tx_bytes,
0142 WGPEER_A_UNSPEC) ||
0143 nla_put_u64_64bit(skb, WGPEER_A_RX_BYTES, peer->rx_bytes,
0144 WGPEER_A_UNSPEC) ||
0145 nla_put_u32(skb, WGPEER_A_PROTOCOL_VERSION, 1))
0146 goto err;
0147
0148 read_lock_bh(&peer->endpoint_lock);
0149 if (peer->endpoint.addr.sa_family == AF_INET)
0150 fail = nla_put(skb, WGPEER_A_ENDPOINT,
0151 sizeof(peer->endpoint.addr4),
0152 &peer->endpoint.addr4);
0153 else if (peer->endpoint.addr.sa_family == AF_INET6)
0154 fail = nla_put(skb, WGPEER_A_ENDPOINT,
0155 sizeof(peer->endpoint.addr6),
0156 &peer->endpoint.addr6);
0157 read_unlock_bh(&peer->endpoint_lock);
0158 if (fail)
0159 goto err;
0160 allowedips_node =
0161 list_first_entry_or_null(&peer->allowedips_list,
0162 struct allowedips_node, peer_list);
0163 }
0164 if (!allowedips_node)
0165 goto no_allowedips;
0166 if (!ctx->allowedips_seq)
0167 ctx->allowedips_seq = peer->device->peer_allowedips.seq;
0168 else if (ctx->allowedips_seq != peer->device->peer_allowedips.seq)
0169 goto no_allowedips;
0170
0171 allowedips_nest = nla_nest_start(skb, WGPEER_A_ALLOWEDIPS);
0172 if (!allowedips_nest)
0173 goto err;
0174
0175 list_for_each_entry_from(allowedips_node, &peer->allowedips_list,
0176 peer_list) {
0177 u8 cidr, ip[16] __aligned(__alignof(u64));
0178 int family;
0179
0180 family = wg_allowedips_read_node(allowedips_node, ip, &cidr);
0181 if (get_allowedips(skb, ip, cidr, family)) {
0182 nla_nest_end(skb, allowedips_nest);
0183 nla_nest_end(skb, peer_nest);
0184 ctx->next_allowedip = allowedips_node;
0185 return -EMSGSIZE;
0186 }
0187 }
0188 nla_nest_end(skb, allowedips_nest);
0189 no_allowedips:
0190 nla_nest_end(skb, peer_nest);
0191 ctx->next_allowedip = NULL;
0192 ctx->allowedips_seq = 0;
0193 return 0;
0194 err:
0195 nla_nest_cancel(skb, peer_nest);
0196 return -EMSGSIZE;
0197 }
0198
0199 static int wg_get_device_start(struct netlink_callback *cb)
0200 {
0201 struct wg_device *wg;
0202
0203 wg = lookup_interface(genl_dumpit_info(cb)->attrs, cb->skb);
0204 if (IS_ERR(wg))
0205 return PTR_ERR(wg);
0206 DUMP_CTX(cb)->wg = wg;
0207 return 0;
0208 }
0209
0210 static int wg_get_device_dump(struct sk_buff *skb, struct netlink_callback *cb)
0211 {
0212 struct wg_peer *peer, *next_peer_cursor;
0213 struct dump_ctx *ctx = DUMP_CTX(cb);
0214 struct wg_device *wg = ctx->wg;
0215 struct nlattr *peers_nest;
0216 int ret = -EMSGSIZE;
0217 bool done = true;
0218 void *hdr;
0219
0220 rtnl_lock();
0221 mutex_lock(&wg->device_update_lock);
0222 cb->seq = wg->device_update_gen;
0223 next_peer_cursor = ctx->next_peer;
0224
0225 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
0226 &genl_family, NLM_F_MULTI, WG_CMD_GET_DEVICE);
0227 if (!hdr)
0228 goto out;
0229 genl_dump_check_consistent(cb, hdr);
0230
0231 if (!ctx->next_peer) {
0232 if (nla_put_u16(skb, WGDEVICE_A_LISTEN_PORT,
0233 wg->incoming_port) ||
0234 nla_put_u32(skb, WGDEVICE_A_FWMARK, wg->fwmark) ||
0235 nla_put_u32(skb, WGDEVICE_A_IFINDEX, wg->dev->ifindex) ||
0236 nla_put_string(skb, WGDEVICE_A_IFNAME, wg->dev->name))
0237 goto out;
0238
0239 down_read(&wg->static_identity.lock);
0240 if (wg->static_identity.has_identity) {
0241 if (nla_put(skb, WGDEVICE_A_PRIVATE_KEY,
0242 NOISE_PUBLIC_KEY_LEN,
0243 wg->static_identity.static_private) ||
0244 nla_put(skb, WGDEVICE_A_PUBLIC_KEY,
0245 NOISE_PUBLIC_KEY_LEN,
0246 wg->static_identity.static_public)) {
0247 up_read(&wg->static_identity.lock);
0248 goto out;
0249 }
0250 }
0251 up_read(&wg->static_identity.lock);
0252 }
0253
0254 peers_nest = nla_nest_start(skb, WGDEVICE_A_PEERS);
0255 if (!peers_nest)
0256 goto out;
0257 ret = 0;
0258
0259
0260
0261
0262
0263 if (list_empty(&wg->peer_list) ||
0264 (ctx->next_peer && list_empty(&ctx->next_peer->peer_list))) {
0265 nla_nest_cancel(skb, peers_nest);
0266 goto out;
0267 }
0268 lockdep_assert_held(&wg->device_update_lock);
0269 peer = list_prepare_entry(ctx->next_peer, &wg->peer_list, peer_list);
0270 list_for_each_entry_continue(peer, &wg->peer_list, peer_list) {
0271 if (get_peer(peer, skb, ctx)) {
0272 done = false;
0273 break;
0274 }
0275 next_peer_cursor = peer;
0276 }
0277 nla_nest_end(skb, peers_nest);
0278
0279 out:
0280 if (!ret && !done && next_peer_cursor)
0281 wg_peer_get(next_peer_cursor);
0282 wg_peer_put(ctx->next_peer);
0283 mutex_unlock(&wg->device_update_lock);
0284 rtnl_unlock();
0285
0286 if (ret) {
0287 genlmsg_cancel(skb, hdr);
0288 return ret;
0289 }
0290 genlmsg_end(skb, hdr);
0291 if (done) {
0292 ctx->next_peer = NULL;
0293 return 0;
0294 }
0295 ctx->next_peer = next_peer_cursor;
0296 return skb->len;
0297
0298
0299
0300
0301
0302 }
0303
0304 static int wg_get_device_done(struct netlink_callback *cb)
0305 {
0306 struct dump_ctx *ctx = DUMP_CTX(cb);
0307
0308 if (ctx->wg)
0309 dev_put(ctx->wg->dev);
0310 wg_peer_put(ctx->next_peer);
0311 return 0;
0312 }
0313
0314 static int set_port(struct wg_device *wg, u16 port)
0315 {
0316 struct wg_peer *peer;
0317
0318 if (wg->incoming_port == port)
0319 return 0;
0320 list_for_each_entry(peer, &wg->peer_list, peer_list)
0321 wg_socket_clear_peer_endpoint_src(peer);
0322 if (!netif_running(wg->dev)) {
0323 wg->incoming_port = port;
0324 return 0;
0325 }
0326 return wg_socket_init(wg, port);
0327 }
0328
0329 static int set_allowedip(struct wg_peer *peer, struct nlattr **attrs)
0330 {
0331 int ret = -EINVAL;
0332 u16 family;
0333 u8 cidr;
0334
0335 if (!attrs[WGALLOWEDIP_A_FAMILY] || !attrs[WGALLOWEDIP_A_IPADDR] ||
0336 !attrs[WGALLOWEDIP_A_CIDR_MASK])
0337 return ret;
0338 family = nla_get_u16(attrs[WGALLOWEDIP_A_FAMILY]);
0339 cidr = nla_get_u8(attrs[WGALLOWEDIP_A_CIDR_MASK]);
0340
0341 if (family == AF_INET && cidr <= 32 &&
0342 nla_len(attrs[WGALLOWEDIP_A_IPADDR]) == sizeof(struct in_addr))
0343 ret = wg_allowedips_insert_v4(
0344 &peer->device->peer_allowedips,
0345 nla_data(attrs[WGALLOWEDIP_A_IPADDR]), cidr, peer,
0346 &peer->device->device_update_lock);
0347 else if (family == AF_INET6 && cidr <= 128 &&
0348 nla_len(attrs[WGALLOWEDIP_A_IPADDR]) == sizeof(struct in6_addr))
0349 ret = wg_allowedips_insert_v6(
0350 &peer->device->peer_allowedips,
0351 nla_data(attrs[WGALLOWEDIP_A_IPADDR]), cidr, peer,
0352 &peer->device->device_update_lock);
0353
0354 return ret;
0355 }
0356
0357 static int set_peer(struct wg_device *wg, struct nlattr **attrs)
0358 {
0359 u8 *public_key = NULL, *preshared_key = NULL;
0360 struct wg_peer *peer = NULL;
0361 u32 flags = 0;
0362 int ret;
0363
0364 ret = -EINVAL;
0365 if (attrs[WGPEER_A_PUBLIC_KEY] &&
0366 nla_len(attrs[WGPEER_A_PUBLIC_KEY]) == NOISE_PUBLIC_KEY_LEN)
0367 public_key = nla_data(attrs[WGPEER_A_PUBLIC_KEY]);
0368 else
0369 goto out;
0370 if (attrs[WGPEER_A_PRESHARED_KEY] &&
0371 nla_len(attrs[WGPEER_A_PRESHARED_KEY]) == NOISE_SYMMETRIC_KEY_LEN)
0372 preshared_key = nla_data(attrs[WGPEER_A_PRESHARED_KEY]);
0373
0374 if (attrs[WGPEER_A_FLAGS])
0375 flags = nla_get_u32(attrs[WGPEER_A_FLAGS]);
0376 ret = -EOPNOTSUPP;
0377 if (flags & ~__WGPEER_F_ALL)
0378 goto out;
0379
0380 ret = -EPFNOSUPPORT;
0381 if (attrs[WGPEER_A_PROTOCOL_VERSION]) {
0382 if (nla_get_u32(attrs[WGPEER_A_PROTOCOL_VERSION]) != 1)
0383 goto out;
0384 }
0385
0386 peer = wg_pubkey_hashtable_lookup(wg->peer_hashtable,
0387 nla_data(attrs[WGPEER_A_PUBLIC_KEY]));
0388 ret = 0;
0389 if (!peer) {
0390 if (flags & (WGPEER_F_REMOVE_ME | WGPEER_F_UPDATE_ONLY))
0391 goto out;
0392
0393
0394 flags &= ~WGPEER_F_REPLACE_ALLOWEDIPS;
0395
0396 down_read(&wg->static_identity.lock);
0397 if (wg->static_identity.has_identity &&
0398 !memcmp(nla_data(attrs[WGPEER_A_PUBLIC_KEY]),
0399 wg->static_identity.static_public,
0400 NOISE_PUBLIC_KEY_LEN)) {
0401
0402
0403
0404
0405
0406 up_read(&wg->static_identity.lock);
0407 ret = 0;
0408 goto out;
0409 }
0410 up_read(&wg->static_identity.lock);
0411
0412 peer = wg_peer_create(wg, public_key, preshared_key);
0413 if (IS_ERR(peer)) {
0414 ret = PTR_ERR(peer);
0415 peer = NULL;
0416 goto out;
0417 }
0418
0419
0420
0421 wg_peer_get(peer);
0422 }
0423
0424 if (flags & WGPEER_F_REMOVE_ME) {
0425 wg_peer_remove(peer);
0426 goto out;
0427 }
0428
0429 if (preshared_key) {
0430 down_write(&peer->handshake.lock);
0431 memcpy(&peer->handshake.preshared_key, preshared_key,
0432 NOISE_SYMMETRIC_KEY_LEN);
0433 up_write(&peer->handshake.lock);
0434 }
0435
0436 if (attrs[WGPEER_A_ENDPOINT]) {
0437 struct sockaddr *addr = nla_data(attrs[WGPEER_A_ENDPOINT]);
0438 size_t len = nla_len(attrs[WGPEER_A_ENDPOINT]);
0439 struct endpoint endpoint = { { { 0 } } };
0440
0441 if (len == sizeof(struct sockaddr_in) && addr->sa_family == AF_INET) {
0442 endpoint.addr4 = *(struct sockaddr_in *)addr;
0443 wg_socket_set_peer_endpoint(peer, &endpoint);
0444 } else if (len == sizeof(struct sockaddr_in6) && addr->sa_family == AF_INET6) {
0445 endpoint.addr6 = *(struct sockaddr_in6 *)addr;
0446 wg_socket_set_peer_endpoint(peer, &endpoint);
0447 }
0448 }
0449
0450 if (flags & WGPEER_F_REPLACE_ALLOWEDIPS)
0451 wg_allowedips_remove_by_peer(&wg->peer_allowedips, peer,
0452 &wg->device_update_lock);
0453
0454 if (attrs[WGPEER_A_ALLOWEDIPS]) {
0455 struct nlattr *attr, *allowedip[WGALLOWEDIP_A_MAX + 1];
0456 int rem;
0457
0458 nla_for_each_nested(attr, attrs[WGPEER_A_ALLOWEDIPS], rem) {
0459 ret = nla_parse_nested(allowedip, WGALLOWEDIP_A_MAX,
0460 attr, allowedip_policy, NULL);
0461 if (ret < 0)
0462 goto out;
0463 ret = set_allowedip(peer, allowedip);
0464 if (ret < 0)
0465 goto out;
0466 }
0467 }
0468
0469 if (attrs[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]) {
0470 const u16 persistent_keepalive_interval = nla_get_u16(
0471 attrs[WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL]);
0472 const bool send_keepalive =
0473 !peer->persistent_keepalive_interval &&
0474 persistent_keepalive_interval &&
0475 netif_running(wg->dev);
0476
0477 peer->persistent_keepalive_interval = persistent_keepalive_interval;
0478 if (send_keepalive)
0479 wg_packet_send_keepalive(peer);
0480 }
0481
0482 if (netif_running(wg->dev))
0483 wg_packet_send_staged_packets(peer);
0484
0485 out:
0486 wg_peer_put(peer);
0487 if (attrs[WGPEER_A_PRESHARED_KEY])
0488 memzero_explicit(nla_data(attrs[WGPEER_A_PRESHARED_KEY]),
0489 nla_len(attrs[WGPEER_A_PRESHARED_KEY]));
0490 return ret;
0491 }
0492
0493 static int wg_set_device(struct sk_buff *skb, struct genl_info *info)
0494 {
0495 struct wg_device *wg = lookup_interface(info->attrs, skb);
0496 u32 flags = 0;
0497 int ret;
0498
0499 if (IS_ERR(wg)) {
0500 ret = PTR_ERR(wg);
0501 goto out_nodev;
0502 }
0503
0504 rtnl_lock();
0505 mutex_lock(&wg->device_update_lock);
0506
0507 if (info->attrs[WGDEVICE_A_FLAGS])
0508 flags = nla_get_u32(info->attrs[WGDEVICE_A_FLAGS]);
0509 ret = -EOPNOTSUPP;
0510 if (flags & ~__WGDEVICE_F_ALL)
0511 goto out;
0512
0513 if (info->attrs[WGDEVICE_A_LISTEN_PORT] || info->attrs[WGDEVICE_A_FWMARK]) {
0514 struct net *net;
0515 rcu_read_lock();
0516 net = rcu_dereference(wg->creating_net);
0517 ret = !net || !ns_capable(net->user_ns, CAP_NET_ADMIN) ? -EPERM : 0;
0518 rcu_read_unlock();
0519 if (ret)
0520 goto out;
0521 }
0522
0523 ++wg->device_update_gen;
0524
0525 if (info->attrs[WGDEVICE_A_FWMARK]) {
0526 struct wg_peer *peer;
0527
0528 wg->fwmark = nla_get_u32(info->attrs[WGDEVICE_A_FWMARK]);
0529 list_for_each_entry(peer, &wg->peer_list, peer_list)
0530 wg_socket_clear_peer_endpoint_src(peer);
0531 }
0532
0533 if (info->attrs[WGDEVICE_A_LISTEN_PORT]) {
0534 ret = set_port(wg,
0535 nla_get_u16(info->attrs[WGDEVICE_A_LISTEN_PORT]));
0536 if (ret)
0537 goto out;
0538 }
0539
0540 if (flags & WGDEVICE_F_REPLACE_PEERS)
0541 wg_peer_remove_all(wg);
0542
0543 if (info->attrs[WGDEVICE_A_PRIVATE_KEY] &&
0544 nla_len(info->attrs[WGDEVICE_A_PRIVATE_KEY]) ==
0545 NOISE_PUBLIC_KEY_LEN) {
0546 u8 *private_key = nla_data(info->attrs[WGDEVICE_A_PRIVATE_KEY]);
0547 u8 public_key[NOISE_PUBLIC_KEY_LEN];
0548 struct wg_peer *peer, *temp;
0549
0550 if (!crypto_memneq(wg->static_identity.static_private,
0551 private_key, NOISE_PUBLIC_KEY_LEN))
0552 goto skip_set_private_key;
0553
0554
0555
0556
0557 if (curve25519_generate_public(public_key, private_key)) {
0558 peer = wg_pubkey_hashtable_lookup(wg->peer_hashtable,
0559 public_key);
0560 if (peer) {
0561 wg_peer_put(peer);
0562 wg_peer_remove(peer);
0563 }
0564 }
0565
0566 down_write(&wg->static_identity.lock);
0567 wg_noise_set_static_identity_private_key(&wg->static_identity,
0568 private_key);
0569 list_for_each_entry_safe(peer, temp, &wg->peer_list,
0570 peer_list) {
0571 wg_noise_precompute_static_static(peer);
0572 wg_noise_expire_current_peer_keypairs(peer);
0573 }
0574 wg_cookie_checker_precompute_device_keys(&wg->cookie_checker);
0575 up_write(&wg->static_identity.lock);
0576 }
0577 skip_set_private_key:
0578
0579 if (info->attrs[WGDEVICE_A_PEERS]) {
0580 struct nlattr *attr, *peer[WGPEER_A_MAX + 1];
0581 int rem;
0582
0583 nla_for_each_nested(attr, info->attrs[WGDEVICE_A_PEERS], rem) {
0584 ret = nla_parse_nested(peer, WGPEER_A_MAX, attr,
0585 peer_policy, NULL);
0586 if (ret < 0)
0587 goto out;
0588 ret = set_peer(wg, peer);
0589 if (ret < 0)
0590 goto out;
0591 }
0592 }
0593 ret = 0;
0594
0595 out:
0596 mutex_unlock(&wg->device_update_lock);
0597 rtnl_unlock();
0598 dev_put(wg->dev);
0599 out_nodev:
0600 if (info->attrs[WGDEVICE_A_PRIVATE_KEY])
0601 memzero_explicit(nla_data(info->attrs[WGDEVICE_A_PRIVATE_KEY]),
0602 nla_len(info->attrs[WGDEVICE_A_PRIVATE_KEY]));
0603 return ret;
0604 }
0605
0606 static const struct genl_ops genl_ops[] = {
0607 {
0608 .cmd = WG_CMD_GET_DEVICE,
0609 .start = wg_get_device_start,
0610 .dumpit = wg_get_device_dump,
0611 .done = wg_get_device_done,
0612 .flags = GENL_UNS_ADMIN_PERM
0613 }, {
0614 .cmd = WG_CMD_SET_DEVICE,
0615 .doit = wg_set_device,
0616 .flags = GENL_UNS_ADMIN_PERM
0617 }
0618 };
0619
0620 static struct genl_family genl_family __ro_after_init = {
0621 .ops = genl_ops,
0622 .n_ops = ARRAY_SIZE(genl_ops),
0623 .name = WG_GENL_NAME,
0624 .version = WG_GENL_VERSION,
0625 .maxattr = WGDEVICE_A_MAX,
0626 .module = THIS_MODULE,
0627 .policy = device_policy,
0628 .netnsok = true
0629 };
0630
0631 int __init wg_genetlink_init(void)
0632 {
0633 return genl_register_family(&genl_family);
0634 }
0635
0636 void __exit wg_genetlink_uninit(void)
0637 {
0638 genl_unregister_family(&genl_family);
0639 }
