From bc84ba3ae6b5efc078df932fdfb95656f64f5b0f Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Sun, 2 Sep 2018 18:39:04 -0600 Subject: netlink: insert peer version placeholder While we don't want people to ever use old protocols, people will complain if the API "changes", so explicitly make the unset protocol mean the latest, and add a dummy mechanism of specifying the protocol on a per-peer basis, which we hope nobody actually ever uses. --- src/netlink.c | 12 ++++++++++-- src/tests/qemu/Makefile | 2 +- src/uapi/wireguard.h | 6 ++++++ 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/src/netlink.c b/src/netlink.c index 5390498..8ffaa66 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -36,7 +36,8 @@ static const struct nla_policy peer_policy[WGPEER_A_MAX + 1] = { [WGPEER_A_LAST_HANDSHAKE_TIME] = { .len = sizeof(struct timespec) }, [WGPEER_A_RX_BYTES] = { .type = NLA_U64 }, [WGPEER_A_TX_BYTES] = { .type = NLA_U64 }, - [WGPEER_A_ALLOWEDIPS] = { .type = NLA_NESTED } + [WGPEER_A_ALLOWEDIPS] = { .type = NLA_NESTED }, + [WGPEER_A_PROTOCOL_VERSION] = { .type = NLA_U32 } }; static const struct nla_policy allowedip_policy[WGALLOWEDIP_A_MAX + 1] = { @@ -128,7 +129,8 @@ static int get_peer(struct wireguard_peer *peer, unsigned int index, nla_put_u64_64bit(skb, WGPEER_A_TX_BYTES, peer->tx_bytes, WGPEER_A_UNSPEC) || nla_put_u64_64bit(skb, WGPEER_A_RX_BYTES, peer->rx_bytes, - WGPEER_A_UNSPEC)) + WGPEER_A_UNSPEC) || + nla_put_u32(skb, WGPEER_A_PROTOCOL_VERSION, 1)) goto err; read_lock_bh(&peer->endpoint_lock); @@ -363,6 +365,12 @@ static int set_peer(struct wireguard_device *wg, struct nlattr **attrs) if (attrs[WGPEER_A_FLAGS]) flags = nla_get_u32(attrs[WGPEER_A_FLAGS]); + ret = -EPFNOSUPPORT; + if (attrs[WGPEER_A_PROTOCOL_VERSION]) { + if (nla_get_u32(attrs[WGPEER_A_PROTOCOL_VERSION]) != 1) + goto out; + } + peer = pubkey_hashtable_lookup(&wg->peer_hashtable, nla_data(attrs[WGPEER_A_PUBLIC_KEY])); if (!peer) { /* Peer doesn't exist yet. Add a new one. */ diff --git a/src/tests/qemu/Makefile b/src/tests/qemu/Makefile index cef3f4b..3b840fa 100644 --- a/src/tests/qemu/Makefile +++ b/src/tests/qemu/Makefile @@ -14,7 +14,7 @@ endif ARCH := $(firstword $(subst -, ,$(CBUILD))) # Set these from the environment to override -KERNEL_VERSION ?= 4.17.12 +KERNEL_VERSION ?= 4.18.5 KERNEL_VERSION := $(KERNEL_VERSION)$(if $(DEBUG_KERNEL),$(if $(findstring -debug,$(KERNEL_VERSION)),,-debug),) BUILD_PATH ?= $(PWD)/../../../qemu-build/$(ARCH) DISTFILES_PATH ?= $(PWD)/distfiles diff --git a/src/uapi/wireguard.h b/src/uapi/wireguard.h index 8b8a1f2..90b1c1f 100644 --- a/src/uapi/wireguard.h +++ b/src/uapi/wireguard.h @@ -47,6 +47,7 @@ * 2: NLA_NESTED * ... * ... + * WGPEER_A_PROTOCOL_VERSION: NLA_U32 * 1: NLA_NESTED * ... * ... @@ -101,6 +102,10 @@ * 2: NLA_NESTED * ... * ... + * WGPEER_A_PROTOCOL_VERSION: NLA_U32, should not be set or used at all by most + * users of this API, as the most recent protocol + * will be used when this is unset. Otherwise, must + * be set to 1. * 1: NLA_NESTED * ... * ... @@ -166,6 +171,7 @@ enum wgpeer_attribute { WGPEER_A_RX_BYTES, WGPEER_A_TX_BYTES, WGPEER_A_ALLOWEDIPS, + WGPEER_A_PROTOCOL_VERSION, __WGPEER_A_LAST }; #define WGPEER_A_MAX (__WGPEER_A_LAST - 1) -- cgit v1.2.3-59-g8ed1b