From 11d9cfa5c6cb78055746f7f5be51c8be2a9af192 Mon Sep 17 00:00:00 2001 From: kn Date: Thu, 1 Jun 2023 18:57:53 +0000 Subject: [PATCH] Add support for wireguard peer descriptions "wgdescr[iption] foo" to label one peer (amongst many) on a wg(4) interface, "-wgdescr[iption]" or "wgdescr ''" to remove the label, completely analogous to existing interface discriptions. Idea/initial diff from Mikolaj Kucharski (OK sthen) Tests/prodded by Hrvoje Popovski Tweaks/manual bits from me Feedback deraadt sthen mvs claudio OK claudio --- sbin/ifconfig/ifconfig.8 | 12 ++++++++++-- sbin/ifconfig/ifconfig.c | 31 +++++++++++++++++++++++++++++-- sys/net/if_wg.c | 12 +++++++++++- sys/net/if_wg.h | 4 +++- 4 files changed, 53 insertions(+), 6 deletions(-) diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index c635ede8b4d..3f03ddf6d9d 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ifconfig.8,v 1.395 2023/05/16 14:32:54 jan Exp $ +.\" $OpenBSD: ifconfig.8,v 1.396 2023/06/01 18:57:53 kn Exp $ .\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $ .\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $ .\" @@ -31,7 +31,7 @@ .\" .\" @(#)ifconfig.8 8.4 (Berkeley) 6/1/94 .\" -.Dd $Mdocdate: May 16 2023 $ +.Dd $Mdocdate: June 1 2023 $ .Dt IFCONFIG 8 .Os .Sh NAME @@ -2316,6 +2316,7 @@ Packets on a VLAN interface without a tag set will use a value of .Op Fl wgpeerall .Oo .Oo Fl Oc Ns Cm wgpeer Ar publickey +.Op Oo Fl Oc Ns Cm wgdescr Ns Oo Cm iption Oc Ar value .Op Cm wgaip Ar allowed-ip_address/prefix .Op Cm wgendpoint Ar peer_address port .Op Cm wgpka Ar interval @@ -2383,6 +2384,13 @@ Peer configuration options, which apply to the immediately preceding them, are as follows: .Bl -tag -width Ds +.Tg wgdescription +.It Cm wgdescr Ns Oo Cm iption Oc Ar value +Set the peer's description. +This can be used to label peers in situations where they may +otherwise be difficult to distinguish. +.It Cm -wgdescr Ns Op Cm iption +Clear the peer description. .It Cm wgaip Ar allowed-ip_address/prefix Set the peer's IPv4 or IPv6 .Ar allowed-ip_address diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c index 5dc9ea641ca..1ae9a90bb82 100644 --- a/sbin/ifconfig/ifconfig.c +++ b/sbin/ifconfig/ifconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifconfig.c,v 1.464 2023/05/16 14:32:54 jan Exp $ */ +/* $OpenBSD: ifconfig.c,v 1.465 2023/06/01 18:57:54 kn Exp $ */ /* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */ /* @@ -351,6 +351,7 @@ void transceiverdump(const char *, int); /* WG */ void setwgpeer(const char *, int); +void setwgpeerdesc(const char *, int); void setwgpeerep(const char *, const char *); void setwgpeeraip(const char *, int); void setwgpeerpsk(const char *, int); @@ -360,6 +361,7 @@ void setwgkey(const char *, int); void setwgrtable(const char *, int); void unsetwgpeer(const char *, int); +void unsetwgpeerdesc(const char *, int); void unsetwgpeerpsk(const char *, int); void unsetwgpeerall(const char *, int); @@ -619,6 +621,8 @@ const struct cmd { { "sffdump", 0, 0, transceiverdump }, { "wgpeer", NEXTARG, A_WIREGUARD, setwgpeer}, + { "wgdescription", NEXTARG, A_WIREGUARD, setwgpeerdesc}, + { "wgdescr", NEXTARG, A_WIREGUARD, setwgpeerdesc}, { "wgendpoint", NEXTARG2, A_WIREGUARD, NULL, setwgpeerep}, { "wgaip", NEXTARG, A_WIREGUARD, setwgpeeraip}, { "wgpsk", NEXTARG, A_WIREGUARD, setwgpeerpsk}, @@ -627,7 +631,8 @@ const struct cmd { { "wgkey", NEXTARG, A_WIREGUARD, setwgkey}, { "wgrtable", NEXTARG, A_WIREGUARD, setwgrtable}, { "-wgpeer", NEXTARG, A_WIREGUARD, unsetwgpeer}, - { "-wgpsk", 0, A_WIREGUARD, unsetwgpeerpsk}, + { "-wgdescription", 0, A_WIREGUARD, unsetwgpeerdesc}, + { "-wgdescr", 0, A_WIREGUARD, unsetwgpeerdesc}, { "-wgpeerall", 0, A_WIREGUARD, unsetwgpeerall}, #else /* SMALL */ @@ -5735,6 +5740,15 @@ setwgpeer(const char *peerkey_b64, int param) wg_interface->i_peers_count++; } +void +setwgpeerdesc(const char *descr, int param) +{ + if (wg_peer == NULL) + errx(1, "wgdescr: wgpeer not set"); + wg_peer->p_flags |= WG_PEER_SET_DESCRIPTION; + strlcpy(wg_peer->p_description, descr, IFDESCRSIZE); +} + void setwgpeeraip(const char *aip, int param) { @@ -5838,6 +5852,15 @@ unsetwgpeer(const char *peerkey_b64, int param) wg_peer->p_flags |= WG_PEER_REMOVE; } +void +unsetwgpeerdesc(const char *descr, int param) +{ + if (wg_peer == NULL) + errx(1, "wgdescr: wgpeer not set"); + wg_peer->p_flags |= WG_PEER_SET_DESCRIPTION; + strlcpy(wg_peer->p_description, "", IFDESCRSIZE); +} + void unsetwgpeerpsk(const char *value, int param) { @@ -5908,6 +5931,10 @@ wg_status(int ifaliases) key, sizeof(key)); printf("\twgpeer %s\n", key); + if (strlen(wg_peer->p_description)) + printf("\t\twgdescr: %s\n", + wg_peer->p_description); + if (wg_peer->p_flags & WG_PEER_HAS_PSK) printf("\t\twgpsk (present)\n"); diff --git a/sys/net/if_wg.c b/sys/net/if_wg.c index 36b9ad8ca32..951cb6f1df0 100644 --- a/sys/net/if_wg.c +++ b/sys/net/if_wg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_wg.c,v 1.27 2023/05/30 08:30:01 jsg Exp $ */ +/* $OpenBSD: if_wg.c,v 1.28 2023/06/01 18:57:53 kn Exp $ */ /* * Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. @@ -221,6 +221,8 @@ struct wg_peer { SLIST_ENTRY(wg_peer) p_start_list; int p_start_onlist; + + char p_description[IFDESCRSIZE]; }; struct wg_softc { @@ -407,6 +409,8 @@ wg_peer_create(struct wg_softc *sc, uint8_t public[WG_KEY_SIZE]) peer->p_counters_tx = 0; peer->p_counters_rx = 0; + strlcpy(peer->p_description, "", IFDESCRSIZE); + mtx_init(&peer->p_endpoint_mtx, IPL_NET); bzero(&peer->p_endpoint, sizeof(peer->p_endpoint)); @@ -2320,6 +2324,10 @@ wg_ioctl_set(struct wg_softc *sc, struct wg_data_io *data) } } + if (peer_o.p_flags & WG_PEER_SET_DESCRIPTION) + strlcpy(peer->p_description, peer_o.p_description, + IFDESCRSIZE); + aip_p = &peer_p->p_aips[0]; for (j = 0; j < peer_o.p_aips_count; j++) { if ((ret = copyin(aip_p, &aip_o, sizeof(aip_o))) != 0) @@ -2430,6 +2438,8 @@ wg_ioctl_get(struct wg_softc *sc, struct wg_data_io *data) } peer_o.p_aips_count = aip_count; + strlcpy(peer_o.p_description, peer->p_description, IFDESCRSIZE); + if ((ret = copyout(&peer_o, peer_p, sizeof(peer_o))) != 0) goto unlock_and_ret_size; diff --git a/sys/net/if_wg.h b/sys/net/if_wg.h index 2b5d1e646a0..adb623ce2da 100644 --- a/sys/net/if_wg.h +++ b/sys/net/if_wg.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_wg.h,v 1.4 2020/06/22 12:20:44 jasper Exp $ */ +/* $OpenBSD: if_wg.h,v 1.5 2023/06/01 18:57:53 kn Exp $ */ /* * Copyright (C) 2015-2020 Jason A. Donenfeld . All Rights Reserved. @@ -61,6 +61,7 @@ struct wg_aip_io { #define WG_PEER_REPLACE_AIPS (1 << 4) #define WG_PEER_REMOVE (1 << 5) #define WG_PEER_UPDATE (1 << 6) +#define WG_PEER_SET_DESCRIPTION (1 << 7) #define p_sa p_endpoint.sa_sa #define p_sin p_endpoint.sa_sin @@ -80,6 +81,7 @@ struct wg_peer_io { uint64_t p_txbytes; uint64_t p_rxbytes; struct timespec p_last_handshake; /* nanotime */ + char p_description[IFDESCRSIZE]; size_t p_aips_count; struct wg_aip_io p_aips[]; }; -- 2.20.1