[PATCH net-next 0/3] net: Add sockaddr_inet unified address structure

[PATCH net-next 0/3] net: Add sockaddr_inet unified address structure

[Kees Cook]

Hi!

Repeating patch 1, as it has the rationale:

    There are cases in networking (e.g. wireguard, sctp) where a union is
    used to provide coverage for either IPv4 or IPv6 network addresses,
    and they include an embedded "struct sockaddr" as well (for "sa_family"
    and raw "sa_data" access). The current struct sockaddr contains a
    flexible array, which means these unions should not be further embedded
    in other structs because they do not technically have a fixed size (and
    are generating warnings for the coming -Wflexible-array-not-at-end flag
    addition). But the future changes to make struct sockaddr a fixed size
    (i.e. with a 14 byte sa_data member) make the "sa_data" uses with an IPv6
    address a potential place for the compiler to get upset about object size
    mismatches. Therefore, we need a sockaddr that cleanly provides both an
    sa_family member and an appropriately fixed-sized sa_data member that does
    not bloat member usage via the potential alternative of sockaddr_storage
    to cover both IPv4 and IPv6, to avoid unseemly churn in the affected code
    bases.

    Introduce sockaddr_inet as a unified structure for holding both IPv4 and
    IPv6 addresses (i.e. large enough to accommodate sockaddr_in6).

    The structure is defined in linux/in6.h since its max size is sized
    based on sockaddr_in6 and provides a more specific alternative to the
    generic sockaddr_storage for IPv4 with IPv6 address family handling.

    The "sa_family" member doesn't use the sa_family_t type to avoid needing
    layer violating header inclusions.

Also includes the replacements for wireguard and sctp.

Thanks,

-Kees

Kees Cook (3):
  ipv6: Add sockaddr_inet unified address structure
  wireguard: peer: Replace sockaddr with sockaddr_inet
  sctp: Replace sockaddr with sockaddr_inet in sctp_addr union

 drivers/net/wireguard/peer.h | 2 +-
 include/linux/in6.h          | 7 +++++++
 include/net/sctp/structs.h   | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

-- 
2.34.1

[PATCH net-next 1/3] ipv6: Add sockaddr_inet unified address structure

[Kees Cook]

There are cases in networking (e.g. wireguard, sctp) where a union is
used to provide coverage for either IPv4 or IPv6 network addresses,
and they include an embedded "struct sockaddr" as well (for "sa_family"
and raw "sa_data" access). The current struct sockaddr contains a
flexible array, which means these unions should not be further embedded
in other structs because they do not technically have a fixed size (and
are generating warnings for the coming -Wflexible-array-not-at-end flag
addition). But the future changes to make struct sockaddr a fixed size
(i.e. with a 14 byte sa_data member) make the "sa_data" uses with an IPv6
address a potential place for the compiler to get upset about object size
mismatches. Therefore, we need a sockaddr that cleanly provides both an
sa_family member and an appropriately fixed-sized sa_data member that does
not bloat member usage via the potential alternative of sockaddr_storage
to cover both IPv4 and IPv6, to avoid unseemly churn in the affected code
bases.

Introduce sockaddr_inet as a unified structure for holding both IPv4 and
IPv6 addresses (i.e. large enough to accommodate sockaddr_in6).

The structure is defined in linux/in6.h since its max size is sized
based on sockaddr_in6 and provides a more specific alternative to the
generic sockaddr_storage for IPv4 with IPv6 address family handling.

The "sa_family" member doesn't use the sa_family_t type to avoid needing
layer violating header inclusions.

Signed-off-by: Kees Cook <kees@kernel.org>
---
 include/linux/in6.h | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/include/linux/in6.h b/include/linux/in6.h
index 0777a21cbf86..403f926d33d8 100644
--- a/include/linux/in6.h
+++ b/include/linux/in6.h
@@ -18,6 +18,13 @@
 
 #include <uapi/linux/in6.h>
 
+/* Large enough to hold both sockaddr_in and sockaddr_in6. */
+struct sockaddr_inet {
+	unsigned short	sa_family;
+	char		sa_data[sizeof(struct sockaddr_in6) -
+				sizeof(unsigned short)];
+};
+
 /* IPv6 Wildcard Address (::) and Loopback Address (::1) defined in RFC2553
  * NOTE: Be aware the IN6ADDR_* constants and in6addr_* externals are defined
  * in network byte order, not in host byte order as are the IPv4 equivalents
-- 
2.34.1

[PATCH net-next 2/3] wireguard: peer: Replace sockaddr with sockaddr_inet

[Kees Cook]

As part of the removal of the variably-sized sockaddr for kernel
internals, replace struct sockaddr with sockaddr_inet in the endpoint
union.

No binary changes; the union size remains unchanged due to sockaddr_inet
matching the size of sockaddr_in6.

Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Andrew Lunn <andrew+netdev@lunn.ch>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: <wireguard@lists.zx2c4.com>
Cc: <netdev@vger.kernel.org>
---
 drivers/net/wireguard/peer.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/wireguard/peer.h b/drivers/net/wireguard/peer.h
index 76e4d3128ad4..718fb42bdac7 100644
--- a/drivers/net/wireguard/peer.h
+++ b/drivers/net/wireguard/peer.h
@@ -20,7 +20,7 @@ struct wg_device;
 
 struct endpoint {
 	union {
-		struct sockaddr addr;
+		struct sockaddr_inet addr;     /* Large enough for both address families */
 		struct sockaddr_in addr4;
 		struct sockaddr_in6 addr6;
 	};
-- 
2.34.1

[PATCH net-next 3/3] sctp: Replace sockaddr with sockaddr_inet in sctp_addr union

[Kees Cook]

As part of the removal of the variably-sized sockaddr for kernel
internals, replace struct sockaddr with sockaddr_inet in the sctp_addr
union.

No binary changes; the union size remains unchanged due to sockaddr_inet
matching the size of sockaddr_in6.

Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Cc: Xin Long <lucien.xin@gmail.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Simon Horman <horms@kernel.org>
Cc: <linux-sctp@vger.kernel.org>
Cc: <netdev@vger.kernel.org>
---
 include/net/sctp/structs.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 1ad7ce71d0a7..8a540ad9b509 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -51,9 +51,9 @@
  * We should wean ourselves off this.
  */
 union sctp_addr {
+	struct sockaddr_inet sa;	/* Large enough for both address families */
 	struct sockaddr_in v4;
 	struct sockaddr_in6 v6;
-	struct sockaddr sa;
 };
 
 /* Forward declarations for data structures. */
-- 
2.34.1

Re: [PATCH net-next 0/3] net: Add sockaddr_inet unified address structure

[Simon Horman]

+ Iwashima-san and Willem

  This series looks like something you should review

On Tue, Jul 22, 2025 at 10:18:30AM -0700, Kees Cook wrote:
> Hi!
> 
> Repeating patch 1, as it has the rationale:
> 
>     There are cases in networking (e.g. wireguard, sctp) where a union is
>     used to provide coverage for either IPv4 or IPv6 network addresses,
>     and they include an embedded "struct sockaddr" as well (for "sa_family"
>     and raw "sa_data" access). The current struct sockaddr contains a
>     flexible array, which means these unions should not be further embedded
>     in other structs because they do not technically have a fixed size (and
>     are generating warnings for the coming -Wflexible-array-not-at-end flag
>     addition). But the future changes to make struct sockaddr a fixed size
>     (i.e. with a 14 byte sa_data member) make the "sa_data" uses with an IPv6
>     address a potential place for the compiler to get upset about object size
>     mismatches. Therefore, we need a sockaddr that cleanly provides both an
>     sa_family member and an appropriately fixed-sized sa_data member that does
>     not bloat member usage via the potential alternative of sockaddr_storage
>     to cover both IPv4 and IPv6, to avoid unseemly churn in the affected code
>     bases.
> 
>     Introduce sockaddr_inet as a unified structure for holding both IPv4 and
>     IPv6 addresses (i.e. large enough to accommodate sockaddr_in6).
> 
>     The structure is defined in linux/in6.h since its max size is sized
>     based on sockaddr_in6 and provides a more specific alternative to the
>     generic sockaddr_storage for IPv4 with IPv6 address family handling.
> 
>     The "sa_family" member doesn't use the sa_family_t type to avoid needing
>     layer violating header inclusions.
> 
> Also includes the replacements for wireguard and sctp.
> 
> Thanks,
> 
> -Kees
> 
> Kees Cook (3):
>   ipv6: Add sockaddr_inet unified address structure
>   wireguard: peer: Replace sockaddr with sockaddr_inet
>   sctp: Replace sockaddr with sockaddr_inet in sctp_addr union
> 
>  drivers/net/wireguard/peer.h | 2 +-
>  include/linux/in6.h          | 7 +++++++
>  include/net/sctp/structs.h   | 2 +-
>  3 files changed, 9 insertions(+), 2 deletions(-)
> 
> -- 
> 2.34.1
> 

Re: [PATCH net-next 0/3] net: Add sockaddr_inet unified address structure

[patchwork-bot+netdevbpf]

Hello:

This series was applied to netdev/net-next.git (main)
by Jakub Kicinski <kuba@kernel.org>:

On Tue, 22 Jul 2025 10:18:30 -0700 you wrote:
> Hi!
> 
> Repeating patch 1, as it has the rationale:
> 
>     There are cases in networking (e.g. wireguard, sctp) where a union is
>     used to provide coverage for either IPv4 or IPv6 network addresses,
>     and they include an embedded "struct sockaddr" as well (for "sa_family"
>     and raw "sa_data" access). The current struct sockaddr contains a
>     flexible array, which means these unions should not be further embedded
>     in other structs because they do not technically have a fixed size (and
>     are generating warnings for the coming -Wflexible-array-not-at-end flag
>     addition). But the future changes to make struct sockaddr a fixed size
>     (i.e. with a 14 byte sa_data member) make the "sa_data" uses with an IPv6
>     address a potential place for the compiler to get upset about object size
>     mismatches. Therefore, we need a sockaddr that cleanly provides both an
>     sa_family member and an appropriately fixed-sized sa_data member that does
>     not bloat member usage via the potential alternative of sockaddr_storage
>     to cover both IPv4 and IPv6, to avoid unseemly churn in the affected code
>     bases.
> 
> [...]

Here is the summary with links:
  - [net-next,1/3] ipv6: Add sockaddr_inet unified address structure
    https://git.kernel.org/netdev/net-next/c/463deed51796
  - [net-next,2/3] wireguard: peer: Replace sockaddr with sockaddr_inet
    https://git.kernel.org/netdev/net-next/c/9203e0a82c0b
  - [net-next,3/3] sctp: Replace sockaddr with sockaddr_inet in sctp_addr union
    https://git.kernel.org/netdev/net-next/c/511d10b4c2f9

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html