Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin/wgconfig Clarify wg(4)'s relation to WireGuard, pen...
details: https://anonhg.NetBSD.org/src/rev/9ad06f131c7a
branches: trunk
changeset: 975306:9ad06f131c7a
user: riastradh <riastradh%NetBSD.org@localhost>
date: Wed Aug 26 16:03:40 2020 +0000
description:
Clarify wg(4)'s relation to WireGuard, pending further discussion.
Still planning to replace wgconfig(8) and wg-keygen(8) by one wg(8)
tool compatible with wireguard-tools; update wg(4) for the minor
changes from the 2018-06-30 spec to the 2020-06-01 spec; &c. This just
clarifies the current state of affairs as it exists in the development
tree for now.
Mark the man page EXPERIMENTAL for extra clarity.
diffstat:
distrib/sets/lists/base/shl.mi | 11 +-
distrib/sets/lists/comp/mi | 8 +-
distrib/sets/lists/comp/shl.mi | 5 +-
distrib/sets/lists/debug/mi | 5 +-
distrib/sets/lists/debug/shl.mi | 5 +-
distrib/sets/lists/tests/mi | 35 +-
doc/CHANGES | 4 +-
etc/mtree/NetBSD.dist.tests | 4 +-
share/man/man4/wg.4 | 42 +-
sys/arch/amd64/conf/ALL | 6 +-
sys/net/if_types.h | 3 +-
sys/net/if_wg.c | 26 +-
sys/rump/net/Makefile.rumpnetcomp | 4 +-
sys/rump/net/lib/libwg/Makefile | 27 +
sys/rump/net/lib/libwg/WG.ioconf | 7 +
sys/rump/net/lib/libwg/wg_component.c | 42 +
sys/rump/net/lib/libwg/wg_user.c | 423 +++++++++++++++++++
sys/rump/net/lib/libwg/wg_user.h | 52 ++
sys/rump/net/lib/libwireguard/Makefile | 27 -
sys/rump/net/lib/libwireguard/WG.ioconf | 7 -
sys/rump/net/lib/libwireguard/wg_component.c | 42 -
sys/rump/net/lib/libwireguard/wg_user.c | 423 -------------------
sys/rump/net/lib/libwireguard/wg_user.h | 52 --
tests/net/Makefile | 4 +-
tests/net/if_wg/Makefile | 13 +
tests/net/if_wg/common.sh | 200 +++++++++
tests/net/if_wg/t_basic.sh | 485 +++++++++++++++++++++
tests/net/if_wg/t_interoperability.sh | 279 ++++++++++++
tests/net/if_wg/t_misc.sh | 600 +++++++++++++++++++++++++++
tests/net/if_wg/t_tunnel.sh | 332 ++++++++++++++
tests/net/wireguard/Makefile | 13 -
tests/net/wireguard/common.sh | 200 ---------
tests/net/wireguard/t_basic.sh | 485 ---------------------
tests/net/wireguard/t_interoperability.sh | 279 ------------
tests/net/wireguard/t_misc.sh | 600 ---------------------------
tests/net/wireguard/t_tunnel.sh | 332 --------------
usr.sbin/wg-keygen/wg-keygen.8 | 7 +-
usr.sbin/wg-userspace/wg-userspace.8 | 26 +-
usr.sbin/wg-userspace/wg-userspace.sh | 2 +-
usr.sbin/wgconfig/wgconfig.8 | 18 +-
40 files changed, 2587 insertions(+), 2548 deletions(-)
diffs (truncated from 5633 to 300 lines):
diff -r ef47a274ecd8 -r 9ad06f131c7a distrib/sets/lists/base/shl.mi
--- a/distrib/sets/lists/base/shl.mi Wed Aug 26 15:54:10 2020 +0000
+++ b/distrib/sets/lists/base/shl.mi Wed Aug 26 16:03:40 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.896 2020/08/20 21:28:00 riastradh Exp $
+# $NetBSD: shl.mi,v 1.897 2020/08/26 16:03:40 riastradh Exp $
#
# Note: Don't delete entries from here - mark them as "obsolete" instead,
# unless otherwise stated below.
@@ -832,9 +832,12 @@
./usr/lib/librumpnet_vlan.so base-rump-shlib rump
./usr/lib/librumpnet_vlan.so.0 base-rump-shlib rump
./usr/lib/librumpnet_vlan.so.0.0 base-rump-shlib rump
-./usr/lib/librumpnet_wireguard.so base-rump-shlib rump
-./usr/lib/librumpnet_wireguard.so.0 base-rump-shlib rump
-./usr/lib/librumpnet_wireguard.so.0.0 base-rump-shlib rump
+./usr/lib/librumpnet_wg.so base-rump-shlib rump
+./usr/lib/librumpnet_wg.so.0 base-rump-shlib rump
+./usr/lib/librumpnet_wg.so.0.0 base-rump-shlib rump
+./usr/lib/librumpnet_wireguard.so base-obsolete obsolete
+./usr/lib/librumpnet_wireguard.so.0 base-obsolete obsolete
+./usr/lib/librumpnet_wireguard.so.0.0 base-obsolete obsolete
./usr/lib/librumpres.so base-rumpclient-shlib compatfile,rump
./usr/lib/librumpres.so.0 base-rumpclient-shlib compatfile,rump
./usr/lib/librumpres.so.0.0 base-rumpclient-shlib compatfile,rump
diff -r ef47a274ecd8 -r 9ad06f131c7a distrib/sets/lists/comp/mi
--- a/distrib/sets/lists/comp/mi Wed Aug 26 15:54:10 2020 +0000
+++ b/distrib/sets/lists/comp/mi Wed Aug 26 16:03:40 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.2344 2020/08/20 21:28:00 riastradh Exp $
+# $NetBSD: mi,v 1.2345 2020/08/26 16:03:40 riastradh Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
./etc/mtree/set.comp comp-sys-root
@@ -3867,8 +3867,10 @@
./usr/lib/librumpnet_virtif_p.a comp-c-proflib rump,profile
./usr/lib/librumpnet_vlan.a comp-c-lib rump
./usr/lib/librumpnet_vlan_p.a comp-c-proflib rump,profile
-./usr/lib/librumpnet_wireguard.a comp-c-lib rump
-./usr/lib/librumpnet_wireguard_p.a comp-c-proflib rump,profile
+./usr/lib/librumpnet_wg.a comp-c-lib rump
+./usr/lib/librumpnet_wg_p.a comp-c-proflib rump,profile
+./usr/lib/librumpnet_wireguard.a comp-obsolete obsolete
+./usr/lib/librumpnet_wireguard_p.a comp-obsolete obsolete
./usr/lib/librumpres.a comp-c-lib compatfile,rump
./usr/lib/librumpres_p.a comp-c-proflib compatfile,rump,profile
./usr/lib/librumpuser.a comp-c-lib compatfile,rump
diff -r ef47a274ecd8 -r 9ad06f131c7a distrib/sets/lists/comp/shl.mi
--- a/distrib/sets/lists/comp/shl.mi Wed Aug 26 15:54:10 2020 +0000
+++ b/distrib/sets/lists/comp/shl.mi Wed Aug 26 16:03:40 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.337 2020/08/20 21:28:00 riastradh Exp $
+# $NetBSD: shl.mi,v 1.338 2020/08/26 16:03:40 riastradh Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -248,7 +248,8 @@
./usr/lib/librumpnet_tun_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_virtif_pic.a comp-c-piclib picinstall,rump
./usr/lib/librumpnet_vlan_pic.a comp-c-piclib picinstall,rump
-./usr/lib/librumpnet_wireguard_pic.a comp-c-piclib picinstall,rump
+./usr/lib/librumpnet_wg_pic.a comp-c-piclib picinstall,rump
+./usr/lib/librumpnet_wireguard_pic.a comp-obsolete obsolete
./usr/lib/librumpres_pic.a comp-c-piclib compatfile,picinstall,rump
./usr/lib/librumpuser_pic.a comp-c-piclib compatfile,picinstall,rump
./usr/lib/librumpvfs_aio_pic.a comp-c-piclib picinstall,rump
diff -r ef47a274ecd8 -r 9ad06f131c7a distrib/sets/lists/debug/mi
--- a/distrib/sets/lists/debug/mi Wed Aug 26 15:54:10 2020 +0000
+++ b/distrib/sets/lists/debug/mi Wed Aug 26 16:03:40 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.329 2020/08/20 21:28:01 riastradh Exp $
+# $NetBSD: mi,v 1.330 2020/08/26 16:03:41 riastradh Exp $
./etc/mtree/set.debug comp-sys-root
./usr/lib comp-sys-usr compatdir
./usr/lib/i18n/libBIG5_g.a comp-c-debuglib debuglib,compatfile
@@ -237,7 +237,8 @@
./usr/lib/librumpnet_tun_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_virtif_g.a comp-c-debuglib debuglib,rump
./usr/lib/librumpnet_vlan_g.a comp-c-debuglib debuglib,rump
-./usr/lib/librumpnet_wireguard_g.a comp-c-debuglib debuglib,rump
+./usr/lib/librumpnet_wg_g.a comp-c-debuglib debuglib,rump
+./usr/lib/librumpnet_wireguard_g.a comp-obsolete obsolete
./usr/lib/librumpres_g.a comp-c-debuglib debuglib,compatfile,rump
./usr/lib/librumpuser_g.a comp-c-debuglib debuglib,compatfile,rump
./usr/lib/librumpvfs_aio_g.a comp-c-debuglib debuglib,rump
diff -r ef47a274ecd8 -r 9ad06f131c7a distrib/sets/lists/debug/shl.mi
--- a/distrib/sets/lists/debug/shl.mi Wed Aug 26 15:54:10 2020 +0000
+++ b/distrib/sets/lists/debug/shl.mi Wed Aug 26 16:03:40 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.258 2020/08/20 21:28:01 riastradh Exp $
+# $NetBSD: shl.mi,v 1.259 2020/08/26 16:03:41 riastradh Exp $
./usr/lib/libbfd_g.a comp-c-debuglib debuglib,compatfile,binutils
./usr/libdata/debug/lib base-sys-usr debug,dynamicroot,compatdir
./usr/libdata/debug/lib/libavl.so.0.0.debug comp-zfs-debug debug,dynamicroot,zfs
@@ -290,7 +290,8 @@
./usr/libdata/debug/usr/lib/librumpnet_tun.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_virtif.so.0.0.debug comp-rump-debug debug,rump
./usr/libdata/debug/usr/lib/librumpnet_vlan.so.0.0.debug comp-rump-debug debug,rump
-./usr/libdata/debug/usr/lib/librumpnet_wireguard.so.0.0.debug comp-rump-debug debug,rump
+./usr/libdata/debug/usr/lib/librumpnet_wg.so.0.0.debug comp-rump-debug debug,rump
+./usr/libdata/debug/usr/lib/librumpnet_wireguard.so.0.0.debug comp-obsolete obsolete
./usr/libdata/debug/usr/lib/librumpres.so.0.0.debug comp-rump-debug debug,compatfile,rump
./usr/libdata/debug/usr/lib/librumpuser.so.0.1.debug comp-rump-debug debug,compatfile,rump
./usr/libdata/debug/usr/lib/librumpvfs.so.0.0.debug comp-rump-debug debug,compatfile,rump
diff -r ef47a274ecd8 -r 9ad06f131c7a distrib/sets/lists/tests/mi
--- a/distrib/sets/lists/tests/mi Wed Aug 26 15:54:10 2020 +0000
+++ b/distrib/sets/lists/tests/mi Wed Aug 26 16:03:40 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.906 2020/08/24 18:41:22 riastradh Exp $
+# $NetBSD: mi,v 1.907 2020/08/26 16:03:41 riastradh Exp $
#
# Note: don't delete entries from here - mark them as "obsolete" instead.
#
@@ -3866,13 +3866,20 @@
./usr/tests/net/if_vlan/Kyuafile tests-net-tests atf,rump,kyua
./usr/tests/net/if_vlan/siocXmulti tests-net-tests atf,rump
./usr/tests/net/if_vlan/t_vlan tests-net-tests atf,rump
-./usr/tests/net/wireguard tests-net-tests compattestfile,atf
-./usr/tests/net/wireguard/Atffile tests-net-tests atf,rump
-./usr/tests/net/wireguard/Kyuafile tests-net-tests atf,rump,kyua
-./usr/tests/net/wireguard/t_basic tests-net-tests atf,rump
-./usr/tests/net/wireguard/t_interoperability tests-net-tests atf,rump
-./usr/tests/net/wireguard/t_misc tests-net-tests atf,rump
-./usr/tests/net/wireguard/t_tunnel tests-net-tests atf,rump
+./usr/tests/net/if_wg tests-net-tests compattestfile,atf
+./usr/tests/net/if_wg/Atffile tests-net-tests atf,rump
+./usr/tests/net/if_wg/Kyuafile tests-net-tests atf,rump,kyua
+./usr/tests/net/if_wg/t_basic tests-net-tests atf,rump
+./usr/tests/net/if_wg/t_interoperability tests-net-tests atf,rump
+./usr/tests/net/if_wg/t_misc tests-net-tests atf,rump
+./usr/tests/net/if_wg/t_tunnel tests-net-tests atf,rump
+./usr/tests/net/wireguard tests-obsolete obsolete
+./usr/tests/net/wireguard/Atffile tests-obsolete obsolete
+./usr/tests/net/wireguard/Kyuafile tests-obsolete obsolete
+./usr/tests/net/wireguard/t_basic tests-obsolete obsolete
+./usr/tests/net/wireguard/t_interoperability tests-obsolete obsolete
+./usr/tests/net/wireguard/t_misc tests-obsolete obsolete
+./usr/tests/net/wireguard/t_tunnel tests-obsolete obsolete
./usr/tests/net/in_cksum tests-net-tests compattestfile,atf
./usr/tests/net/in_cksum/Atffile tests-net-tests compattestfile,atf
./usr/tests/net/in_cksum/Kyuafile tests-net-tests compattestfile,atf,kyua
@@ -3953,10 +3960,14 @@
./usr/tests/net/sys/t_listen tests-obsolete obsolete
./usr/tests/net/sys/t_rfc6056 tests-net-tests compattestfile,atf
./usr/tests/net/sys/t_socketpair tests-obsolete obsolete
-./usr/tests/net/wireguard tests-net-tests compattestfile,atf
-./usr/tests/net/wireguard/Atffile tests-net-tests compattestfile,atf
-./usr/tests/net/wireguard/Kyuafile tests-net-tests compattestfile,atf,kyua
-./usr/tests/net/wireguard/t_basic tests-net-tests atf,rump
+./usr/tests/net/if_wg tests-net-tests compattestfile,atf
+./usr/tests/net/if_wg/Atffile tests-net-tests compattestfile,atf
+./usr/tests/net/if_wg/Kyuafile tests-net-tests compattestfile,atf,kyua
+./usr/tests/net/if_wg/t_basic tests-net-tests atf,rump
+./usr/tests/net/wireguard tests-obsolete obsolete
+./usr/tests/net/wireguard/Atffile tests-obsolete obsolete
+./usr/tests/net/wireguard/Kyuafile tests-obsolete obsolete
+./usr/tests/net/wireguard/t_basic tests-obsolete obsolete
./usr/tests/opencrypto tests-obsolete obsolete
./usr/tests/rump tests-rump-tests compattestfile,atf
./usr/tests/rump/Atffile tests-rump-tests atf,rump
diff -r ef47a274ecd8 -r 9ad06f131c7a doc/CHANGES
--- a/doc/CHANGES Wed Aug 26 15:54:10 2020 +0000
+++ b/doc/CHANGES Wed Aug 26 16:03:40 2020 +0000
@@ -1,4 +1,4 @@
-# LIST OF CHANGES FROM LAST RELEASE: <$Revision: 1.2732 $>
+# LIST OF CHANGES FROM LAST RELEASE: <$Revision: 1.2733 $>
#
#
# [Note: This file does not mention every change made to the NetBSD source tree.
@@ -273,4 +273,4 @@
kernel: Add getrandom system call. [riastradh 20200813]
kernel: Disable COMPAT_LINUX by default [jdolecek 20200816]
mips: Port crash(8) to mips. [mrg 20200816]
- wg(4): Add support for WireGuard. [ozaki-r 20200820]
+ wg(4): Add implementation of WireGuard protocol. [ozaki-r 20200820]
diff -r ef47a274ecd8 -r 9ad06f131c7a etc/mtree/NetBSD.dist.tests
--- a/etc/mtree/NetBSD.dist.tests Wed Aug 26 15:54:10 2020 +0000
+++ b/etc/mtree/NetBSD.dist.tests Wed Aug 26 16:03:40 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: NetBSD.dist.tests,v 1.175 2020/08/20 21:28:01 riastradh Exp $
+# $NetBSD: NetBSD.dist.tests,v 1.176 2020/08/26 16:03:41 riastradh Exp $
./usr/libdata/debug/usr/tests
./usr/libdata/debug/usr/tests/atf
@@ -358,6 +358,7 @@
./usr/tests/net/if_tap
./usr/tests/net/if_tun
./usr/tests/net/if_vlan
+./usr/tests/net/if_wg
./usr/tests/net/in_cksum
./usr/tests/net/ipsec
./usr/tests/net/mcast
@@ -367,7 +368,6 @@
./usr/tests/net/npf
./usr/tests/net/route
./usr/tests/net/sys
-./usr/tests/net/wireguard
./usr/tests/rump
./usr/tests/rump/modautoload
./usr/tests/rump/rumpkern
diff -r ef47a274ecd8 -r 9ad06f131c7a share/man/man4/wg.4
--- a/share/man/man4/wg.4 Wed Aug 26 15:54:10 2020 +0000
+++ b/share/man/man4/wg.4 Wed Aug 26 16:03:40 2020 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: wg.4,v 1.4 2020/08/21 08:09:55 wiz Exp $
+.\" $NetBSD: wg.4,v 1.5 2020/08/26 16:03:41 riastradh Exp $
.\"
.\" Copyright (c) 2020 The NetBSD Foundation, Inc.
.\" All rights reserved.
@@ -30,7 +30,7 @@
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh NAME
.Nm wg
-.Nd WireGuard virtual private network
+.Nd virtual private network tunnel (EXPERIMENTAL)
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh SYNOPSIS
.Cd pseudo-device wg
@@ -38,12 +38,16 @@
.Sh DESCRIPTION
The
.Nm
-interface implements the WireGuard point-to-point roaming-capable
-virtual private network tunnel, configured with
+interface implements a point-to-point roaming-capable virtual private
+network tunnel, configured with
.Xr ifconfig 8
and
.Xr wgconfig 8 .
.Pp
+.Sy WARNING:
+.Nm
+is experimental.
+.Pp
Packets exchanged on a
.Nm
interface are authenticated and encrypted with a secret key negotiated
@@ -91,14 +95,14 @@
.Pp
Generate key pairs on A and B:
.Bd -literal -offset abcd
-A# wg-keygen > /etc/wireguard/wg0
-A# wg-keygen --pub < /etc/wireguard/wg0 > /etc/wireguard/wg0.pub
-A# cat /etc/wireguard/wg0.pub
+A# wg-keygen > /etc/wg/wg0
+A# wg-keygen --pub < /etc/wg/wg0 > /etc/wg/wg0.pub
+A# cat /etc/wg/wg0.pub
N+B4Nelg+4ysvbLW3qenxIwrJVE9MdjMyqrIisH7V0Y=
-B# wg-keygen > /etc/wireguard/wg0
-B# wg-keygen --pub < /etc/wireguard/wg0 > /etc/wireguard/wg0.pub
-B# cat /etc/wireguard/wg0.pub
+B# wg-keygen > /etc/wg/wg0
+B# wg-keygen --pub < /etc/wg/wg0 > /etc/wg/wg0.pub
+B# cat /etc/wg/wg0.pub
X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp5SU=
.Ed
.Pp
@@ -106,7 +110,7 @@
appear in the 10.0.1.0/24 subnet:
.Bd -literal -offset abcd
A# ifconfig wg0 create 10.0.1.0/24
-A# wgconfig wg0 set private-key /etc/wireguard/wg0
+A# wgconfig wg0 set private-key /etc/wg/wg0
A# wgconfig wg0 set listen-port 1234
A# wgconfig wg0 add peer B \e
X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp5SU= \e
@@ -121,7 +125,7 @@
begin to flow:
.Bd -literal -offset abcd
B# ifconfig wg0 create 10.0.1.1/24
-B# wgconfig wg0 set private-key /etc/wireguard/wg0
+B# wgconfig wg0 set private-key /etc/wg/wg0
B# wgconfig wg0 add peer A \e
N+B4Nelg+4ysvbLW3qenxIwrJVE9MdjMyqrIisH7V0Y= \e
--allowed-ips=10.0.1.0/32 \e
@@ -139,9 +143,19 @@
.Sh SEE ALSO
.Xr wg-keygen 8 ,
.Xr wgconfig 8
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh COMPATIBILITY
+The
+.Nm
+interface aims to be compatible with the WireGuard protocol, as
+described in:
+.Pp
.Rs
-.%T WireGuard: fast, modern, secure VPN tunnel
-.%U https://www.wireguard.com/
+.%A Jason A. Donenfeld
+.%T WireGuard: Next Generation Kernel Network Tunnel
+.%U https://web.archive.org/web/20180805103233/https://www.wireguard.com/papers/wireguard.pdf
+.%O Document ID: 4846ada1492f5d92198df154f48c3d54205657bc
+.%D 2018-06-30
.Re
.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
.Sh HISTORY
diff -r ef47a274ecd8 -r 9ad06f131c7a sys/arch/amd64/conf/ALL
--- a/sys/arch/amd64/conf/ALL Wed Aug 26 15:54:10 2020 +0000
Home |
Main Index |
Thread Index |
Old Index