Add support for wireguard peer descriptions

"wgdescr[iption] foo" to label one peer (amongst many) on a wg(4) interface,
"-wgdescr[iption]" or "wgdescr ''" to remove the label, completely analogous
to existing interface discriptions.

Idea/initial diff from Mikolaj Kucharski (OK sthen)
Tests/prodded by Hrvoje Popovski
Tweaks/manual bits from me
Feedback deraadt sthen mvs claudio
OK claudio

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index c635ede..3f03ddf 100644 (file)
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: ifconfig.8,v 1.395 2023/05/16 14:32:54 jan Exp $
+.\"    $OpenBSD: ifconfig.8,v 1.396 2023/06/01 18:57:53 kn Exp $
 .\"    $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
 .\"     $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\"     @(#)ifconfig.8 8.4 (Berkeley) 6/1/94
 .\"
-.Dd $Mdocdate: May 16 2023 $
+.Dd $Mdocdate: June 1 2023 $
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -2316,6 +2316,7 @@ Packets on a VLAN interface without a tag set will use a value of
 .Op Fl wgpeerall
 .Oo
 .Oo Fl Oc Ns Cm wgpeer Ar publickey
+.Op Oo Fl Oc Ns Cm wgdescr Ns Oo Cm iption Oc Ar value
 .Op Cm wgaip Ar allowed-ip_address/prefix
 .Op Cm wgendpoint Ar peer_address port
 .Op Cm wgpka Ar interval
@@ -2383,6 +2384,13 @@ Peer configuration options, which apply to the
 immediately preceding them,
 are as follows:
 .Bl -tag -width Ds
+.Tg wgdescription
+.It Cm wgdescr Ns Oo Cm iption Oc Ar value
+Set the peer's description.
+This can be used to label peers in situations where they may
+otherwise be difficult to distinguish.
+.It Cm -wgdescr Ns Op Cm iption
+Clear the peer description.
 .It Cm wgaip Ar allowed-ip_address/prefix
 Set the peer's IPv4 or IPv6
 .Ar allowed-ip_address

diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index 5dc9ea6..1ae9a90 100644 (file)
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: ifconfig.c,v 1.464 2023/05/16 14:32:54 jan Exp $      */
+/*     $OpenBSD: ifconfig.c,v 1.465 2023/06/01 18:57:54 kn Exp $       */
 /*     $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $      */
 
 /*
@@ -351,6 +351,7 @@ void        transceiverdump(const char *, int);
 
 /* WG */
 void   setwgpeer(const char *, int);
+void   setwgpeerdesc(const char *, int);
 void   setwgpeerep(const char *, const char *);
 void   setwgpeeraip(const char *, int);
 void   setwgpeerpsk(const char *, int);
@@ -360,6 +361,7 @@ void        setwgkey(const char *, int);
 void   setwgrtable(const char *, int);
 
 void   unsetwgpeer(const char *, int);
+void   unsetwgpeerdesc(const char *, int);
 void   unsetwgpeerpsk(const char *, int);
 void   unsetwgpeerall(const char *, int);
 
@@ -619,6 +621,8 @@ const struct        cmd {
        { "sffdump",    0,              0,              transceiverdump },
 
        { "wgpeer",     NEXTARG,        A_WIREGUARD,    setwgpeer},
+       { "wgdescription", NEXTARG,     A_WIREGUARD,    setwgpeerdesc},
+       { "wgdescr",    NEXTARG,        A_WIREGUARD,    setwgpeerdesc},
        { "wgendpoint", NEXTARG2,       A_WIREGUARD,    NULL,   setwgpeerep},
        { "wgaip",      NEXTARG,        A_WIREGUARD,    setwgpeeraip},
        { "wgpsk",      NEXTARG,        A_WIREGUARD,    setwgpeerpsk},
@@ -627,7 +631,8 @@ const struct        cmd {
        { "wgkey",      NEXTARG,        A_WIREGUARD,    setwgkey},
        { "wgrtable",   NEXTARG,        A_WIREGUARD,    setwgrtable},
        { "-wgpeer",    NEXTARG,        A_WIREGUARD,    unsetwgpeer},
-       { "-wgpsk",     0,              A_WIREGUARD,    unsetwgpeerpsk},
+       { "-wgdescription", 0,          A_WIREGUARD,    unsetwgpeerdesc},
+       { "-wgdescr",   0,              A_WIREGUARD,    unsetwgpeerdesc},
        { "-wgpeerall", 0,              A_WIREGUARD,    unsetwgpeerall},
 
 #else /* SMALL */
@@ -5735,6 +5740,15 @@ setwgpeer(const char *peerkey_b64, int param)
        wg_interface->i_peers_count++;
 }
 
+void
+setwgpeerdesc(const char *descr, int param)
+{
+       if (wg_peer == NULL)
+               errx(1, "wgdescr: wgpeer not set");
+       wg_peer->p_flags |= WG_PEER_SET_DESCRIPTION;
+       strlcpy(wg_peer->p_description, descr, IFDESCRSIZE);
+}
+
 void
 setwgpeeraip(const char *aip, int param)
 {
@@ -5838,6 +5852,15 @@ unsetwgpeer(const char *peerkey_b64, int param)
        wg_peer->p_flags |= WG_PEER_REMOVE;
 }
 
+void
+unsetwgpeerdesc(const char *descr, int param)
+{
+       if (wg_peer == NULL)
+               errx(1, "wgdescr: wgpeer not set");
+       wg_peer->p_flags |= WG_PEER_SET_DESCRIPTION;
+       strlcpy(wg_peer->p_description, "", IFDESCRSIZE);
+}
+
 void
 unsetwgpeerpsk(const char *value, int param)
 {
@@ -5908,6 +5931,10 @@ wg_status(int ifaliases)
                            key, sizeof(key));
                        printf("\twgpeer %s\n", key);
 
+                       if (strlen(wg_peer->p_description))
+                               printf("\t\twgdescr: %s\n",
+                                   wg_peer->p_description);
+
                        if (wg_peer->p_flags & WG_PEER_HAS_PSK)
                                printf("\t\twgpsk (present)\n");
 

diff --git a/sys/net/if_wg.c b/sys/net/if_wg.c
index 36b9ad8..951cb6f 100644 (file)
--- a/sys/net/if_wg.c
+++ b/sys/net/if_wg.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_wg.c,v 1.27 2023/05/30 08:30:01 jsg Exp $ */
+/*     $OpenBSD: if_wg.c,v 1.28 2023/06/01 18:57:53 kn Exp $ */
 
 /*
  * Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
@@ -221,6 +221,8 @@ struct wg_peer {
 
        SLIST_ENTRY(wg_peer)     p_start_list;
        int                      p_start_onlist;
+
+       char                     p_description[IFDESCRSIZE];
 };
 
 struct wg_softc {
@@ -407,6 +409,8 @@ wg_peer_create(struct wg_softc *sc, uint8_t public[WG_KEY_SIZE])
        peer->p_counters_tx = 0;
        peer->p_counters_rx = 0;
 
+       strlcpy(peer->p_description, "", IFDESCRSIZE);
+
        mtx_init(&peer->p_endpoint_mtx, IPL_NET);
        bzero(&peer->p_endpoint, sizeof(peer->p_endpoint));
 
@@ -2320,6 +2324,10 @@ wg_ioctl_set(struct wg_softc *sc, struct wg_data_io *data)
                        }
                }
 
+               if (peer_o.p_flags & WG_PEER_SET_DESCRIPTION)
+                       strlcpy(peer->p_description, peer_o.p_description,
+                           IFDESCRSIZE);
+
                aip_p = &peer_p->p_aips[0];
                for (j = 0; j < peer_o.p_aips_count; j++) {
                        if ((ret = copyin(aip_p, &aip_o, sizeof(aip_o))) != 0)
@@ -2430,6 +2438,8 @@ wg_ioctl_get(struct wg_softc *sc, struct wg_data_io *data)
                }
                peer_o.p_aips_count = aip_count;
 
+               strlcpy(peer_o.p_description, peer->p_description, IFDESCRSIZE);
+
                if ((ret = copyout(&peer_o, peer_p, sizeof(peer_o))) != 0)
                        goto unlock_and_ret_size;
 

diff --git a/sys/net/if_wg.h b/sys/net/if_wg.h
index 2b5d1e6..adb623c 100644 (file)
--- a/sys/net/if_wg.h
+++ b/sys/net/if_wg.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_wg.h,v 1.4 2020/06/22 12:20:44 jasper Exp $ */
+/*     $OpenBSD: if_wg.h,v 1.5 2023/06/01 18:57:53 kn Exp $ */
 
 /*
  * Copyright (C) 2015-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
@@ -61,6 +61,7 @@ struct wg_aip_io {
 #define WG_PEER_REPLACE_AIPS           (1 << 4)
 #define WG_PEER_REMOVE                 (1 << 5)
 #define WG_PEER_UPDATE                 (1 << 6)
+#define WG_PEER_SET_DESCRIPTION                (1 << 7)
 
 #define p_sa           p_endpoint.sa_sa
 #define p_sin          p_endpoint.sa_sin
@@ -80,6 +81,7 @@ struct wg_peer_io {
        uint64_t                p_txbytes;
        uint64_t                p_rxbytes;
        struct timespec         p_last_handshake; /* nanotime */
+       char                    p_description[IFDESCRSIZE];
        size_t                  p_aips_count;
        struct wg_aip_io        p_aips[];
 };