Clarify wg(4)'s relation to WireGuard, pending further discussion.

Still planning to replace wgconfig(8) and wg-keygen(8) by one wg(8)
tool compatible with wireguard-tools; update wg(4) for the minor
changes from the 2018-06-30 spec to the 2020-06-01 spec; &c.  This just
clarifies the current state of affairs as it exists in the development
tree for now.

Mark the man page EXPERIMENTAL for extra clarity.

distrib/sets/lists/base/shl.mi

@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.896 2020/08/20 21:28:00 riastradh Exp $
+# $NetBSD: shl.mi,v 1.897 2020/08/26 16:03:40 riastradh Exp $
 #
 # Note:	Don't delete entries from here - mark them as "obsolete" instead,
 #	unless otherwise stated below.
@@ -832,9 +832,12 @@
 ./usr/lib/librumpnet_vlan.so			base-rump-shlib		rump
 ./usr/lib/librumpnet_vlan.so.0			base-rump-shlib		rump
 ./usr/lib/librumpnet_vlan.so.0.0		base-rump-shlib		rump
-./usr/lib/librumpnet_wireguard.so		base-rump-shlib		rump
-./usr/lib/librumpnet_wireguard.so.0		base-rump-shlib		rump
-./usr/lib/librumpnet_wireguard.so.0.0		base-rump-shlib		rump
+./usr/lib/librumpnet_wg.so			base-rump-shlib		rump
+./usr/lib/librumpnet_wg.so.0			base-rump-shlib		rump
+./usr/lib/librumpnet_wg.so.0.0			base-rump-shlib		rump
+./usr/lib/librumpnet_wireguard.so		base-obsolete		obsolete
+./usr/lib/librumpnet_wireguard.so.0		base-obsolete		obsolete
+./usr/lib/librumpnet_wireguard.so.0.0		base-obsolete		obsolete
 ./usr/lib/librumpres.so				base-rumpclient-shlib	compatfile,rump
 ./usr/lib/librumpres.so.0			base-rumpclient-shlib	compatfile,rump
 ./usr/lib/librumpres.so.0.0			base-rumpclient-shlib	compatfile,rump

distrib/sets/lists/comp/mi

@@ -1,4 +1,4 @@
-#	$NetBSD: mi,v 1.2344 2020/08/20 21:28:00 riastradh Exp $
+#	$NetBSD: mi,v 1.2345 2020/08/26 16:03:40 riastradh Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 ./etc/mtree/set.comp				comp-sys-root
@@ -3867,8 +3867,10 @@
 ./usr/lib/librumpnet_virtif_p.a			comp-c-proflib		rump,profile
 ./usr/lib/librumpnet_vlan.a			comp-c-lib		rump
 ./usr/lib/librumpnet_vlan_p.a			comp-c-proflib		rump,profile
-./usr/lib/librumpnet_wireguard.a		comp-c-lib		rump
-./usr/lib/librumpnet_wireguard_p.a		comp-c-proflib		rump,profile
+./usr/lib/librumpnet_wg.a			comp-c-lib		rump
+./usr/lib/librumpnet_wg_p.a			comp-c-proflib		rump,profile
+./usr/lib/librumpnet_wireguard.a		comp-obsolete		obsolete
+./usr/lib/librumpnet_wireguard_p.a		comp-obsolete		obsolete
 ./usr/lib/librumpres.a				comp-c-lib		compatfile,rump
 ./usr/lib/librumpres_p.a			comp-c-proflib		compatfile,rump,profile
 ./usr/lib/librumpuser.a				comp-c-lib		compatfile,rump

distrib/sets/lists/comp/shl.mi

@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.337 2020/08/20 21:28:00 riastradh Exp $
+# $NetBSD: shl.mi,v 1.338 2020/08/26 16:03:40 riastradh Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -248,7 +248,8 @@
 ./usr/lib/librumpnet_tun_pic.a			comp-c-piclib		picinstall,rump
 ./usr/lib/librumpnet_virtif_pic.a		comp-c-piclib		picinstall,rump
 ./usr/lib/librumpnet_vlan_pic.a			comp-c-piclib		picinstall,rump
-./usr/lib/librumpnet_wireguard_pic.a		comp-c-piclib		picinstall,rump
+./usr/lib/librumpnet_wg_pic.a			comp-c-piclib		picinstall,rump
+./usr/lib/librumpnet_wireguard_pic.a		comp-obsolete		obsolete
 ./usr/lib/librumpres_pic.a			comp-c-piclib		compatfile,picinstall,rump
 ./usr/lib/librumpuser_pic.a			comp-c-piclib		compatfile,picinstall,rump
 ./usr/lib/librumpvfs_aio_pic.a			comp-c-piclib		picinstall,rump

distrib/sets/lists/debug/mi

@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.329 2020/08/20 21:28:01 riastradh Exp $
+# $NetBSD: mi,v 1.330 2020/08/26 16:03:41 riastradh Exp $
 ./etc/mtree/set.debug                           comp-sys-root
 ./usr/lib					comp-sys-usr		compatdir
 ./usr/lib/i18n/libBIG5_g.a			comp-c-debuglib		debuglib,compatfile
@@ -237,7 +237,8 @@
 ./usr/lib/librumpnet_tun_g.a			comp-c-debuglib		debuglib,rump
 ./usr/lib/librumpnet_virtif_g.a			comp-c-debuglib		debuglib,rump
 ./usr/lib/librumpnet_vlan_g.a			comp-c-debuglib		debuglib,rump
-./usr/lib/librumpnet_wireguard_g.a		comp-c-debuglib		debuglib,rump
+./usr/lib/librumpnet_wg_g.a			comp-c-debuglib		debuglib,rump
+./usr/lib/librumpnet_wireguard_g.a		comp-obsolete		obsolete
 ./usr/lib/librumpres_g.a			comp-c-debuglib		debuglib,compatfile,rump
 ./usr/lib/librumpuser_g.a			comp-c-debuglib		debuglib,compatfile,rump
 ./usr/lib/librumpvfs_aio_g.a			comp-c-debuglib		debuglib,rump

distrib/sets/lists/debug/shl.mi

@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.258 2020/08/20 21:28:01 riastradh Exp $
+# $NetBSD: shl.mi,v 1.259 2020/08/26 16:03:41 riastradh Exp $
 ./usr/lib/libbfd_g.a						comp-c-debuglib	debuglib,compatfile,binutils
 ./usr/libdata/debug/lib						base-sys-usr	debug,dynamicroot,compatdir
 ./usr/libdata/debug/lib/libavl.so.0.0.debug			comp-zfs-debug	debug,dynamicroot,zfs
@@ -290,7 +290,8 @@
 ./usr/libdata/debug/usr/lib/librumpnet_tun.so.0.0.debug		comp-rump-debug	debug,rump
 ./usr/libdata/debug/usr/lib/librumpnet_virtif.so.0.0.debug	comp-rump-debug	debug,rump
 ./usr/libdata/debug/usr/lib/librumpnet_vlan.so.0.0.debug	comp-rump-debug	debug,rump
-./usr/libdata/debug/usr/lib/librumpnet_wireguard.so.0.0.debug	comp-rump-debug	debug,rump
+./usr/libdata/debug/usr/lib/librumpnet_wg.so.0.0.debug		comp-rump-debug	debug,rump
+./usr/libdata/debug/usr/lib/librumpnet_wireguard.so.0.0.debug	comp-obsolete	obsolete
 ./usr/libdata/debug/usr/lib/librumpres.so.0.0.debug		comp-rump-debug	debug,compatfile,rump
 ./usr/libdata/debug/usr/lib/librumpuser.so.0.1.debug		comp-rump-debug	debug,compatfile,rump
 ./usr/libdata/debug/usr/lib/librumpvfs.so.0.0.debug		comp-rump-debug	debug,compatfile,rump

distrib/sets/lists/tests/mi

@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.906 2020/08/24 18:41:22 riastradh Exp $
+# $NetBSD: mi,v 1.907 2020/08/26 16:03:41 riastradh Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 #
@@ -3866,13 +3866,20 @@
 ./usr/tests/net/if_vlan/Kyuafile		tests-net-tests		atf,rump,kyua
 ./usr/tests/net/if_vlan/siocXmulti		tests-net-tests		atf,rump
 ./usr/tests/net/if_vlan/t_vlan			tests-net-tests		atf,rump
-./usr/tests/net/wireguard			tests-net-tests		compattestfile,atf
-./usr/tests/net/wireguard/Atffile		tests-net-tests		atf,rump
-./usr/tests/net/wireguard/Kyuafile		tests-net-tests		atf,rump,kyua
-./usr/tests/net/wireguard/t_basic		tests-net-tests		atf,rump
-./usr/tests/net/wireguard/t_interoperability	tests-net-tests		atf,rump
-./usr/tests/net/wireguard/t_misc		tests-net-tests		atf,rump
-./usr/tests/net/wireguard/t_tunnel		tests-net-tests		atf,rump
+./usr/tests/net/if_wg				tests-net-tests		compattestfile,atf
+./usr/tests/net/if_wg/Atffile			tests-net-tests		atf,rump
+./usr/tests/net/if_wg/Kyuafile			tests-net-tests		atf,rump,kyua
+./usr/tests/net/if_wg/t_basic			tests-net-tests		atf,rump
+./usr/tests/net/if_wg/t_interoperability	tests-net-tests		atf,rump
+./usr/tests/net/if_wg/t_misc			tests-net-tests		atf,rump
+./usr/tests/net/if_wg/t_tunnel			tests-net-tests		atf,rump
+./usr/tests/net/wireguard			tests-obsolete		obsolete
+./usr/tests/net/wireguard/Atffile		tests-obsolete		obsolete
+./usr/tests/net/wireguard/Kyuafile		tests-obsolete		obsolete
+./usr/tests/net/wireguard/t_basic		tests-obsolete		obsolete
+./usr/tests/net/wireguard/t_interoperability	tests-obsolete		obsolete
+./usr/tests/net/wireguard/t_misc		tests-obsolete		obsolete
+./usr/tests/net/wireguard/t_tunnel		tests-obsolete		obsolete
 ./usr/tests/net/in_cksum			tests-net-tests		compattestfile,atf
 ./usr/tests/net/in_cksum/Atffile		tests-net-tests		compattestfile,atf
 ./usr/tests/net/in_cksum/Kyuafile		tests-net-tests		compattestfile,atf,kyua
@@ -3953,10 +3960,14 @@
 ./usr/tests/net/sys/t_listen			tests-obsolete		obsolete
 ./usr/tests/net/sys/t_rfc6056			tests-net-tests		compattestfile,atf
 ./usr/tests/net/sys/t_socketpair		tests-obsolete		obsolete
-./usr/tests/net/wireguard			tests-net-tests		compattestfile,atf
-./usr/tests/net/wireguard/Atffile		tests-net-tests		compattestfile,atf
-./usr/tests/net/wireguard/Kyuafile		tests-net-tests		compattestfile,atf,kyua
-./usr/tests/net/wireguard/t_basic		tests-net-tests		atf,rump
+./usr/tests/net/if_wg				tests-net-tests		compattestfile,atf
+./usr/tests/net/if_wg/Atffile			tests-net-tests		compattestfile,atf
+./usr/tests/net/if_wg/Kyuafile			tests-net-tests		compattestfile,atf,kyua
+./usr/tests/net/if_wg/t_basic			tests-net-tests		atf,rump
+./usr/tests/net/wireguard			tests-obsolete		obsolete
+./usr/tests/net/wireguard/Atffile		tests-obsolete		obsolete
+./usr/tests/net/wireguard/Kyuafile		tests-obsolete		obsolete
+./usr/tests/net/wireguard/t_basic		tests-obsolete		obsolete
 ./usr/tests/opencrypto				tests-obsolete		obsolete
 ./usr/tests/rump				tests-rump-tests	compattestfile,atf
 ./usr/tests/rump/Atffile			tests-rump-tests	atf,rump

doc/CHANGES

@@ -1,4 +1,4 @@
-# LIST OF CHANGES FROM LAST RELEASE:			<$Revision: 1.2732 $>
+# LIST OF CHANGES FROM LAST RELEASE:			<$Revision: 1.2733 $>
 #
 #
 # [Note: This file does not mention every change made to the NetBSD source tree.
@@ -273,4 +273,4 @@ Changes from NetBSD 9.0 to NetBSD 10.0:
 	kernel: Add getrandom system call. [riastradh 20200813]
 	kernel: Disable COMPAT_LINUX by default [jdolecek 20200816]
 	mips: Port crash(8) to mips.  [mrg 20200816]
-	wg(4): Add support for WireGuard. [ozaki-r 20200820]
+	wg(4): Add implementation of WireGuard protocol. [ozaki-r 20200820]

etc/mtree/NetBSD.dist.tests

@@ -1,4 +1,4 @@
-#	$NetBSD: NetBSD.dist.tests,v 1.175 2020/08/20 21:28:01 riastradh Exp $
+#	$NetBSD: NetBSD.dist.tests,v 1.176 2020/08/26 16:03:41 riastradh Exp $
 
 ./usr/libdata/debug/usr/tests
 ./usr/libdata/debug/usr/tests/atf
@@ -358,6 +358,7 @@
 ./usr/tests/net/if_tap
 ./usr/tests/net/if_tun
 ./usr/tests/net/if_vlan
+./usr/tests/net/if_wg
 ./usr/tests/net/in_cksum
 ./usr/tests/net/ipsec
 ./usr/tests/net/mcast
@@ -367,7 +368,6 @@
 ./usr/tests/net/npf
 ./usr/tests/net/route
 ./usr/tests/net/sys
-./usr/tests/net/wireguard
 ./usr/tests/rump
 ./usr/tests/rump/modautoload
 ./usr/tests/rump/rumpkern

share/man/man4/wg.4

@@ -1,4 +1,4 @@
-.\"	$NetBSD: wg.4,v 1.4 2020/08/21 08:09:55 wiz Exp $
+.\"	$NetBSD: wg.4,v 1.5 2020/08/26 16:03:41 riastradh Exp $
 .\"
 .\" Copyright (c) 2020 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -30,7 +30,7 @@
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh NAME
 .Nm wg
-.Nd WireGuard virtual private network
+.Nd virtual private network tunnel (EXPERIMENTAL)
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh SYNOPSIS
 .Cd pseudo-device wg
@@ -38,12 +38,16 @@
 .Sh DESCRIPTION
 The
 .Nm
-interface implements the WireGuard point-to-point roaming-capable
-virtual private network tunnel, configured with
+interface implements a point-to-point roaming-capable virtual private
+network tunnel, configured with
 .Xr ifconfig 8
 and
 .Xr wgconfig 8 .
 .Pp
+.Sy WARNING:
+.Nm
+is experimental.
+.Pp
 Packets exchanged on a
 .Nm
 interface are authenticated and encrypted with a secret key negotiated
@@ -91,14 +95,14 @@ Stationary server:                         Roaming client:
 .Pp
 Generate key pairs on A and B:
 .Bd -literal -offset abcd
-A# wg-keygen > /etc/wireguard/wg0
-A# wg-keygen --pub < /etc/wireguard/wg0 > /etc/wireguard/wg0.pub
-A# cat /etc/wireguard/wg0.pub
+A# wg-keygen > /etc/wg/wg0
+A# wg-keygen --pub < /etc/wg/wg0 > /etc/wg/wg0.pub
+A# cat /etc/wg/wg0.pub
 N+B4Nelg+4ysvbLW3qenxIwrJVE9MdjMyqrIisH7V0Y=
 
-B# wg-keygen > /etc/wireguard/wg0
-B# wg-keygen --pub < /etc/wireguard/wg0 > /etc/wireguard/wg0.pub
-B# cat /etc/wireguard/wg0.pub
+B# wg-keygen > /etc/wg/wg0
+B# wg-keygen --pub < /etc/wg/wg0 > /etc/wg/wg0.pub
+B# cat /etc/wg/wg0.pub
 X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp5SU=
 .Ed
 .Pp
@@ -106,7 +110,7 @@ Configure A to listen on port 1234 and allow connections from B to
 appear in the 10.0.1.0/24 subnet:
 .Bd -literal -offset abcd
 A# ifconfig wg0 create 10.0.1.0/24
-A# wgconfig wg0 set private-key /etc/wireguard/wg0
+A# wgconfig wg0 set private-key /etc/wg/wg0
 A# wgconfig wg0 set listen-port 1234
 A# wgconfig wg0 add peer B \e
     X7EGm3T3IfodBcyilkaC89j0SH3XD6+/pwvp7Dgp5SU= \e
@@ -121,7 +125,7 @@ Configure B to connect to A at 1.2.3.4 on port 1234 and the packets can
 begin to flow:
 .Bd -literal -offset abcd
 B# ifconfig wg0 create 10.0.1.1/24
-B# wgconfig wg0 set private-key /etc/wireguard/wg0
+B# wgconfig wg0 set private-key /etc/wg/wg0
 B# wgconfig wg0 add peer A \e
     N+B4Nelg+4ysvbLW3qenxIwrJVE9MdjMyqrIisH7V0Y= \e
     --allowed-ips=10.0.1.0/32 \e
@@ -139,9 +143,19 @@ PING 10.0.1.0 (10.0.1.0): 56 data bytes
 .Sh SEE ALSO
 .Xr wg-keygen 8 ,
 .Xr wgconfig 8
+.\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
+.Sh COMPATIBILITY
+The
+.Nm
+interface aims to be compatible with the WireGuard protocol, as
+described in:
+.Pp
 .Rs
-.%T WireGuard: fast, modern, secure VPN tunnel
-.%U https://www.wireguard.com/
+.%A Jason A. Donenfeld
+.%T WireGuard: Next Generation Kernel Network Tunnel
+.%U https://web.archive.org/web/20180805103233/https://www.wireguard.com/papers/wireguard.pdf
+.%O Document ID: 4846ada1492f5d92198df154f48c3d54205657bc
+.%D 2018-06-30
 .Re
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh HISTORY

sys/arch/amd64/conf/ALL

@@ -1,4 +1,4 @@
-# $NetBSD: ALL,v 1.161 2020/08/20 21:36:11 riastradh Exp $
+# $NetBSD: ALL,v 1.162 2020/08/26 16:03:41 riastradh Exp $
 # From NetBSD: GENERIC,v 1.787 2006/10/01 18:37:54 bouyer Exp
 #
 # ALL machine description file
@@ -17,7 +17,7 @@ include 	"arch/amd64/conf/std.amd64"
 
 options 	INCLUDE_CONFIG_FILE	# embed config file in kernel binary
 
-#ident		"ALL-$Revision: 1.161 $"
+#ident		"ALL-$Revision: 1.162 $"
 
 maxusers	64		# estimated number of users
 
@@ -1641,7 +1641,7 @@ pseudo-device	npf			# NPF packet filter
 pseudo-device	kttcp
 # srt is EXPERIMENTAL
 pseudo-device	srt			# source-address-based routing
-pseudo-device	wg			# WireGuard
+pseudo-device	wg			# VPN tunnel compatible with WireGuard
 
 pseudo-device	canloop			# CAN loopback interface
 

sys/net/if_types.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: if_types.h,v 1.30 2020/08/20 21:21:32 riastradh Exp $	*/
+/*	$NetBSD: if_types.h,v 1.31 2020/08/26 16:03:41 riastradh Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993, 1994
@@ -267,6 +267,5 @@
 #define IFT_CARP	0xf8		/* Common Address Redundancy Protocol */
 #define IFT_IPSEC	0xf9		/* IPsec I/F */
 #define IFT_MBIM	0xfa		/* Mobile Broadband Interface Model */
-#define IFT_WIREGUARD	0xfb		/* WireGuard */
 
 #endif /* !_NET_IF_TYPES_H_ */

sys/net/if_wg.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: if_wg.c,v 1.23 2020/08/23 18:52:53 riastradh Exp $	*/
+/*	$NetBSD: if_wg.c,v 1.24 2020/08/26 16:03:41 riastradh Exp $	*/
 
 /*
  * Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com>
@@ -30,20 +30,18 @@
  */
 
 /*
- * This is an implementation of WireGuard, a fast, modern, secure VPN protocol,
- * for the NetBSD kernel and rump kernels.
- *
- * The implementation is based on the paper of WireGuard as of 2018-06-30 [1].
- * The paper is referred in the source code with label [W].  Also the
- * specification of the Noise protocol framework as of 2018-07-11 [2] is
- * referred with label [N].
+ * This network interface aims to implement the WireGuard protocol.
+ * The implementation is based on the paper of WireGuard as of
+ * 2018-06-30 [1].  The paper is referred in the source code with label
+ * [W].  Also the specification of the Noise protocol framework as of
+ * 2018-07-11 [2] is referred with label [N].
  *
  * [1] https://www.wireguard.com/papers/wireguard.pdf
  * [2] http://noiseprotocol.org/noise.pdf
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.23 2020/08/23 18:52:53 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.24 2020/08/26 16:03:41 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -120,7 +118,7 @@ __KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.23 2020/08/23 18:52:53 riastradh Exp $")
  * Data structures
  * - struct wg_softc is an instance of wg interfaces
  *   - It has a list of peers (struct wg_peer)
- *   - It has a kthread that sends/receives WireGuard handshake messages and
+ *   - It has a kthread that sends/receives handshake messages and
  *     runs event handlers
  *   - It has its own two routing tables: one is for IPv4 and the other IPv6
  * - struct wg_peer is a representative of a peer
@@ -3346,7 +3344,7 @@ wg_if_attach(struct wg_softc *wg)
 	wg->wg_if.if_output = wg_output;
 	wg->wg_if.if_init = wg_init;
 	wg->wg_if.if_stop = wg_stop;
-	wg->wg_if.if_type = IFT_WIREGUARD;
+	wg->wg_if.if_type = IFT_OTHER;
 	wg->wg_if.if_dlt = DLT_NULL;
 	wg->wg_if.if_softc = wg;
 	IFQ_SET_READY(&wg->wg_if.if_snd);
@@ -4399,14 +4397,14 @@ wg_stop(struct ifnet *ifp, int disable)
 }
 
 #ifdef WG_DEBUG_PARAMS
-SYSCTL_SETUP(sysctl_net_wireguard_setup, "sysctl net.wireguard setup")
+SYSCTL_SETUP(sysctl_net_wg_setup, "sysctl net.wg setup")
 {
 	const struct sysctlnode *node = NULL;
 
 	sysctl_createv(clog, 0, NULL, &node,
 	    CTLFLAG_PERMANENT,
-	    CTLTYPE_NODE, "wireguard",
-	    SYSCTL_DESCR("WireGuard"),
+	    CTLTYPE_NODE, "wg",
+	    SYSCTL_DESCR("wg(4)"),
 	    NULL, 0, NULL, 0,
 	    CTL_NET, CTL_CREATE, CTL_EOL);
 	sysctl_createv(clog, 0, &node, NULL,

sys/rump/net/Makefile.rumpnetcomp

@@ -1,11 +1,11 @@
-#	$NetBSD: Makefile.rumpnetcomp,v 1.21 2020/08/20 21:21:32 riastradh Exp $
+#	$NetBSD: Makefile.rumpnetcomp,v 1.22 2020/08/26 16:03:41 riastradh Exp $
 #
 
 .include <bsd.own.mk>
 
 RUMPNETCOMP=	agr bridge net net80211 netbt netcan netinet netinet6 netipsec
 RUMPNETCOMP+=	gif ipsec netmpls npf l2tp local pppoe shmif tap tun vlan
-RUMPNETCOMP+=	wireguard
+RUMPNETCOMP+=	wg
 
 .if ${MKSLJIT} != "no" || make(rumpdescribe)
 RUMPNETCOMP+=	bpfjit

sys/rump/net/lib/libwg/Makefile

@@ -1,11 +1,11 @@
-#	$NetBSD: Makefile,v 1.1 2020/08/20 21:28:01 riastradh Exp $
+#	$NetBSD: Makefile,v 1.1 2020/08/26 16:03:42 riastradh Exp $
 #
 
 .PATH:	${.CURDIR}/../../../../net ${.CURDIR}/../../../../netinet	\
 	${.CURDIR}/../../../../netinet6
 
-LIB=	rumpnet_wireguard
-COMMENT= WireGuard
+LIB=	rumpnet_wg
+COMMENT= virtual private network tunnel
 
 IOCONF=	WG.ioconf
 SRCS=	if_wg.c

sys/rump/net/lib/libwg/WG.ioconf

@@ -0,0 +1,7 @@
+#	$NetBSD: WG.ioconf,v 1.1 2020/08/26 16:03:42 riastradh Exp $
+
+ioconf		wg
+
+include		"conf/files"
+
+pseudo-device   wg

sys/rump/net/lib/libwg/wg_component.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: wg_component.c,v 1.1 2020/08/20 21:28:01 riastradh Exp $	*/
+/*	$NetBSD: wg_component.c,v 1.1 2020/08/26 16:03:42 riastradh Exp $	*/
 
 /*
  * Copyright (c) 2015 Internet Initiative Japan Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: wg_component.c,v 1.1 2020/08/20 21:28:01 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: wg_component.c,v 1.1 2020/08/26 16:03:42 riastradh Exp $");
 
 #include <sys/param.h>
 

sys/rump/net/lib/libwg/wg_user.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: wg_user.c,v 1.1 2020/08/20 21:28:01 riastradh Exp $	*/
+/*	$NetBSD: wg_user.c,v 1.1 2020/08/26 16:03:42 riastradh Exp $	*/
 
 /*
  * Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com>
@@ -29,7 +29,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: wg_user.c,v 1.1 2020/08/20 21:28:01 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: wg_user.c,v 1.1 2020/08/26 16:03:42 riastradh Exp $");
 
 #ifndef _KERNEL
 #include <sys/types.h>

sys/rump/net/lib/libwg/wg_user.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: wg_user.h,v 1.1 2020/08/20 21:28:01 riastradh Exp $	*/
+/*	$NetBSD: wg_user.h,v 1.1 2020/08/26 16:03:42 riastradh Exp $	*/
 
 /*
  * Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com>

sys/rump/net/lib/libwireguard/WG.ioconf

@@ -1,7 +0,0 @@
-#	$NetBSD: WG.ioconf,v 1.1 2020/08/20 21:28:01 riastradh Exp $
-
-ioconf		wg
-
-include		"conf/files"
-
-pseudo-device   wg

tests/net/Makefile

@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.35 2020/08/20 21:21:32 riastradh Exp $
+# $NetBSD: Makefile,v 1.36 2020/08/26 16:03:42 riastradh Exp $
 
 .include <bsd.own.mk>
 
@@ -8,7 +8,7 @@ TESTS_SUBDIRS=		fdpass in_cksum net sys
 .if (${MKRUMP} != "no") && !defined(BSD_MK_COMPAT_FILE)
 TESTS_SUBDIRS+=		arp bpf bpfilter can carp icmp if if_bridge if_gif
 TESTS_SUBDIRS+=		if_ipsec if_l2tp if_loop if_pppoe if_tap if_tun ipsec
-TESTS_SUBDIRS+=		mcast mpls ndp npf route if_vlan wireguard
+TESTS_SUBDIRS+=		mcast mpls ndp npf route if_vlan if_wg
 .if (${MKSLJIT} != "no")
 TESTS_SUBDIRS+=		bpfjit
 .endif

tests/net/if_wg/Makefile

@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.1 2020/08/20 21:28:01 riastradh Exp $
+# $NetBSD: Makefile,v 1.1 2020/08/26 16:03:42 riastradh Exp $
 #
 
 .include <bsd.own.mk>
 
-TESTSDIR=	${TESTSBASE}/net/wireguard
+TESTSDIR=	${TESTSBASE}/net/if_wg
 
 .for name in basic interoperability misc tunnel
 TESTS_SH+=		t_${name}

tests/net/if_wg/common.sh

@@ -1,4 +1,4 @@
-#	$NetBSD: common.sh,v 1.1 2020/08/20 21:28:01 riastradh Exp $
+#	$NetBSD: common.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $
 #
 # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com>
 # All rights reserved.
@@ -34,10 +34,10 @@ escape_key()
 setup_servers()
 {
 
-	rump_server_crypto_start $SOCK_LOCAL netinet6 wireguard
+	rump_server_crypto_start $SOCK_LOCAL netinet6 wg
 	rump_server_add_iface $SOCK_LOCAL shmif0 $BUS
 
-	rump_server_crypto_start $SOCK_PEER netinet6 wireguard
+	rump_server_crypto_start $SOCK_PEER netinet6 wg
 	rump_server_add_iface $SOCK_PEER shmif0 $BUS
 }
 

tests/net/if_wg/t_basic.sh

@@ -1,4 +1,4 @@
-#	$NetBSD: t_basic.sh,v 1.1 2020/08/20 21:28:01 riastradh Exp $
+#	$NetBSD: t_basic.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $
 #
 # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com>
 # All rights reserved.
@@ -118,14 +118,14 @@ atf_test_case wg_create_destroy cleanup
 wg_create_destroy_head()
 {
 
-	atf_set "descr" "tests to create/destroy WireGuard interfaces"
+	atf_set "descr" "tests to create/destroy wg(4) interfaces"
 	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
 }
 
 wg_create_destroy_body()
 {
 
-	rump_server_crypto_start $SOCK_LOCAL netinet6 wireguard
+	rump_server_crypto_start $SOCK_LOCAL netinet6 wg
 
 	test_create_destroy_common $SOCK_LOCAL wg0 true
 }
@@ -167,7 +167,7 @@ wg_create_destroy_peers_common()
 		inner_prefixall=128
 	fi
 
-	rump_server_crypto_start $SOCK_LOCAL netinet6 wireguard
+	rump_server_crypto_start $SOCK_LOCAL netinet6 wg
 	rump_server_add_iface $SOCK_LOCAL shmif0 $BUS
 
 	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
@@ -232,7 +232,7 @@ add_basic_test()
 	local ipv6=inet6
 
 	name="wg_basic_${inner}_over_${outer}"
-	fulldesc="Test WireGuard with ${inner} over ${outer}"
+	fulldesc="Test wg(4) with ${inner} over ${outer}"
 
 	eval inner=\$$inner
 	eval outer=\$$outer
@@ -262,7 +262,7 @@ add_payload_sizes_test()
 	local ipv6=inet6
 
 	name="wg_payload_sizes_${inner}_over_${outer}"
-	fulldesc="Test WireGuard with ${inner} over ${outer} with various payload sizes"
+	fulldesc="Test wg(4) with ${inner} over ${outer} with various payload sizes"
 
 	eval inner=\$$inner
 	eval outer=\$$outer
@@ -288,7 +288,7 @@ atf_test_case wg_multiple_interfaces cleanup
 wg_multiple_interfaces_head()
 {
 
-	atf_set "descr" "tests multiple WireGuard interfaces"
+	atf_set "descr" "tests multiple wg(4) interfaces"
 	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
 }
 
@@ -314,7 +314,7 @@ wg_multiple_interfaces_body()
 	setup_servers
 	rump_server_add_iface $SOCK_LOCAL shmif1 $BUS
 
-	rump_server_crypto_start $SOCK_PEER2 netinet6 wireguard
+	rump_server_crypto_start $SOCK_PEER2 netinet6 wg
 	rump_server_add_iface $SOCK_PEER2 shmif0 $BUS
 
 	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
@@ -381,7 +381,7 @@ atf_test_case wg_multiple_peers cleanup
 wg_multiple_peers_head()
 {
 
-	atf_set "descr" "tests multiple WireGuard peers"
+	atf_set "descr" "tests multiple wg(4) peers"
 	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
 }
 
@@ -404,7 +404,7 @@ wg_multiple_peers_body()
 	setup_servers
 	rump_server_add_iface $SOCK_LOCAL shmif1 $BUS
 
-	rump_server_crypto_start $SOCK_PEER2 netinet6 wireguard
+	rump_server_crypto_start $SOCK_PEER2 netinet6 wg
 	rump_server_add_iface $SOCK_PEER2 shmif0 $BUS
 
 	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer

tests/net/if_wg/t_interoperability.sh

@@ -1,4 +1,4 @@
-#	$NetBSD: t_interoperability.sh,v 1.1 2020/08/20 21:28:01 riastradh Exp $
+#	$NetBSD: t_interoperability.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $
 #
 # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com>
 # All rights reserved.
@@ -34,12 +34,12 @@ atf_test_case wg_interoperability_basic cleanup
 wg_interoperability_basic_head()
 {
 
-	atf_set "descr" "tests of interoperability messages of the WireGuard protocol"
+	atf_set "descr" "tests of interoperability with the WireGuard protocol"
 	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
 }
 
 #
-# Set ATF_WIREGUARD_INTEROPERABILITY=yes to run the test.
+# Set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test.
 # Also to run the test, the following setups are required on the host and a peer.
 #
 # [Host]
@@ -78,12 +78,12 @@ wg_interoperability_basic_body()
 	local port=52428
 	local outfile=./out
 
-	if [ "$ATF_WIREGUARD_INTEROPERABILITY" != yes ]; then
-		atf_skip "set ATF_WIREGUARD_INTEROPERABILITY=yes to run the test"
+	if [ "$ATF_NET_IF_WG_INTEROPERABILITY" != yes ]; then
+		atf_skip "set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test"
 	fi
 
 	export RUMP_SERVER=$SOCK_LOCAL
-	rump_server_crypto_start $SOCK_LOCAL virtif wireguard netinet6
+	rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6
 	atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
 	atf_check -s exit:0 rump.ifconfig virt0 create
 	atf_check -s exit:0 rump.ifconfig virt0 $ip_local/24
@@ -116,7 +116,7 @@ atf_test_case wg_interoperability_cookie cleanup
 wg_interoperability_cookie_head()
 {
 
-	atf_set "descr" "tests of interoperability messages of the WireGuard protocol"
+	atf_set "descr" "tests of interoperability with the WireGuard protocol"
 	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
 }
 
@@ -137,12 +137,12 @@ wg_interoperability_cookie_body()
 	local outfile=./out
 	local rekey_timeout=5 # default
 
-	if [ "$ATF_WIREGUARD_INTEROPERABILITY" != yes ]; then
-		atf_skip "set ATF_WIREGUARD_INTEROPERABILITY=yes to run the test"
+	if [ "$ATF_NET_IF_WG_INTEROPERABILITY" != yes ]; then
+		atf_skip "set ATF_NET_IF_WG_INTEROPERABILITY=yes to run the test"
 	fi
 
 	export RUMP_SERVER=$SOCK_LOCAL
-	rump_server_crypto_start $SOCK_LOCAL virtif wireguard netinet6
+	rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6
 	atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
 	atf_check -s exit:0 rump.ifconfig virt0 create
 	atf_check -s exit:0 rump.ifconfig virt0 $ip_local/24
@@ -159,7 +159,7 @@ wg_interoperability_cookie_body()
 
 	# Emulate load to send back a cookie on receiving a response message
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.force_underload=1
+	    rump.sysctl -w net.wg.force_underload=1
 
 	add_peer wg0 peer0 $key_pub_peer $ip_peer:$port $ip_wg_peer/32
 
@@ -188,12 +188,12 @@ atf_test_case wg_userspace_basic cleanup
 wg_userspace_basic_head()
 {
 
-	atf_set "descr" "tests of userspace implementation of WireGuard"
+	atf_set "descr" "tests of userspace implementation of wg(4)"
 	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
 }
 
 #
-# Set ATF_WIREGUARD_USERSPACE=yes to run the test.
+# Set ATF_NET_IF_WG_USERSPACE=yes to run the test.
 # Also to run the test, the following setups are required on the host and a peer.
 #
 # [Host]
@@ -233,12 +233,12 @@ wg_userspace_basic_body()
 	local port_peer=52428
 	local outfile=./out
 
-	if [ "$ATF_WIREGUARD_USERSPACE" != yes ]; then
-		atf_skip "set ATF_WIREGUARD_USERSPACE=yes to run the test"
+	if [ "$ATF_NET_IF_WG_USERSPACE" != yes ]; then
+		atf_skip "set ATF_NET_IF_WG_USERSPACE=yes to run the test"
 	fi
 
 	export RUMP_SERVER=$SOCK_LOCAL
-	rump_server_crypto_start $SOCK_LOCAL virtif wireguard netinet6
+	rump_server_crypto_start $SOCK_LOCAL virtif wg netinet6
 	atf_check -s exit:0 rump.sysctl -q -w net.inet.ip.dad_count=0
 
 	$DEBUG && netstat -nr -f inet

tests/net/if_wg/t_misc.sh

@@ -1,4 +1,4 @@
-#	$NetBSD: t_misc.sh,v 1.1 2020/08/20 21:28:01 riastradh Exp $
+#	$NetBSD: t_misc.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $
 #
 # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com>
 # All rights reserved.
@@ -34,7 +34,7 @@ atf_test_case wg_rekey cleanup
 wg_rekey_head()
 {
 
-	atf_set "descr" "tests of rekeying of WireGuard"
+	atf_set "descr" "tests of rekeying of wg(4)"
 	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
 }
 
@@ -54,10 +54,10 @@ wg_rekey_body()
 
 	export RUMP_SERVER=$SOCK_LOCAL
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.rekey_after_time=$rekey_after_time
+	    rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
 	export RUMP_SERVER=$SOCK_PEER
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.rekey_after_time=$rekey_after_time
+	    rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
 
 	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
 	generate_keys
@@ -128,7 +128,7 @@ atf_test_case wg_handshake_timeout cleanup
 wg_handshake_timeout_head()
 {
 
-	atf_set "descr" "tests of handshake timeout of WireGuard"
+	atf_set "descr" "tests of handshake timeout of wg(4)"
 	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
 }
 
@@ -152,14 +152,14 @@ wg_handshake_timeout_body()
 
 	export RUMP_SERVER=$SOCK_LOCAL
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.rekey_timeout=$rekey_timeout
+	    rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.rekey_attempt_time=$rekey_attempt_time
+	    rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time
 	export RUMP_SERVER=$SOCK_PEER
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.rekey_timeout=$rekey_timeout
+	    rump.sysctl -w net.wg.rekey_timeout=$rekey_timeout
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.rekey_attempt_time=$rekey_attempt_time
+	    rump.sysctl -w net.wg.rekey_attempt_time=$rekey_attempt_time
 
 	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
 	generate_keys
@@ -220,7 +220,7 @@ atf_test_case wg_cookie cleanup
 wg_cookie_head()
 {
 
-	atf_set "descr" "tests of cookie messages of the WireGuard protocol"
+	atf_set "descr" "tests of cookie messages of the wg(4) protocol"
 	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
 }
 
@@ -259,7 +259,7 @@ wg_cookie_body()
 	export RUMP_SERVER=$SOCK_PEER
 	# Emulate load on the peer
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.force_underload=1
+	    rump.sysctl -w net.wg.force_underload=1
 
 	export RUMP_SERVER=$SOCK_LOCAL
 
@@ -306,7 +306,7 @@ atf_test_case wg_mobility cleanup
 wg_mobility_head()
 {
 
-	atf_set "descr" "tests of the mobility of WireGuard"
+	atf_set "descr" "tests of the mobility of wg(4)"
 	atf_set "require.progs" "rump_server" "wgconfig" "wg-keygen"
 }
 
@@ -441,7 +441,7 @@ wg_keepalive_body()
 
 	# Shorten keepalive_timeout of the peer
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.keepalive_timeout=$keepalive_timeout
+	    rump.sysctl -w net.wg.keepalive_timeout=$keepalive_timeout
 
 	export RUMP_SERVER=$SOCK_LOCAL
 
@@ -505,10 +505,10 @@ wg_psk_body()
 
 	export RUMP_SERVER=$SOCK_LOCAL
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.rekey_after_time=$rekey_after_time
+	    rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
 	export RUMP_SERVER=$SOCK_PEER
 	atf_check -s exit:0 -o ignore \
-	    rump.sysctl -w net.wireguard.rekey_after_time=$rekey_after_time
+	    rump.sysctl -w net.wg.rekey_after_time=$rekey_after_time
 
 	# It sets key_priv_local key_pub_local key_priv_peer key_pub_peer
 	generate_keys

tests/net/if_wg/t_tunnel.sh

@@ -1,4 +1,4 @@
-#	$NetBSD: t_tunnel.sh,v 1.1 2020/08/20 21:28:01 riastradh Exp $
+#	$NetBSD: t_tunnel.sh,v 1.1 2020/08/26 16:03:42 riastradh Exp $
 #
 # Copyright (c) 2018 Ryota Ozaki <ozaki.ryota@gmail.com>
 # All rights reserved.
@@ -45,11 +45,11 @@ setup_servers()
 	rump_server_start $SOCK_LOCAL netinet6
 	rump_server_add_iface $SOCK_LOCAL shmif0 $BUS_LOCAL
 
-	rump_server_crypto_start $SOCK_TUN_LOCAL netinet6 wireguard
+	rump_server_crypto_start $SOCK_TUN_LOCAL netinet6 wg
 	rump_server_add_iface $SOCK_TUN_LOCAL shmif0 $BUS_LOCAL
 	rump_server_add_iface $SOCK_TUN_LOCAL shmif1 $BUS_TUN
 
-	rump_server_crypto_start $SOCK_TUN_PEER netinet6 wireguard
+	rump_server_crypto_start $SOCK_TUN_PEER netinet6 wg
 	rump_server_add_iface $SOCK_TUN_PEER shmif0 $BUS_PEER
 	rump_server_add_iface $SOCK_TUN_PEER shmif1 $BUS_TUN
 
@@ -300,7 +300,7 @@ add_tunnel_test()
 	local ipv6=inet6
 
 	name="wg_tunnel_${inner}_over_${outer}"
-	fulldesc="Test WireGuard with ${inner} over ${outer}"
+	fulldesc="Test wg(4) with ${inner} over ${outer}"
 
 	eval inner=\$$inner
 	eval outer=\$$outer

usr.sbin/wg-keygen/wg-keygen.8

@@ -1,4 +1,4 @@
-.\"	$NetBSD: wg-keygen.8,v 1.2 2020/08/20 21:36:00 riastradh Exp $
+.\"	$NetBSD: wg-keygen.8,v 1.3 2020/08/26 16:03:42 riastradh Exp $
 .\"
 .\" Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com>
 .\" All rights reserved.
@@ -33,7 +33,7 @@
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh NAME
 .Nm wg-keygen
-.Nd generate keys for WireGuard interfaces
+.Nd generate keys for wg interfaces
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh SYNOPSIS
 .Nm
@@ -42,7 +42,8 @@
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh DESCRIPTION
 .Nm
-generates keys for WireGuard.
+generates keys for
+.Xr wg 4 .
 .Bl -tag -width abcd
 .It Nm
 Generate a private key and print it to standard output.

usr.sbin/wg-userspace/wg-userspace.8

@@ -1,4 +1,4 @@
-.\"	$NetBSD: wg-userspace.8,v 1.2 2020/08/20 22:17:16 riastradh Exp $
+.\"	$NetBSD: wg-userspace.8,v 1.3 2020/08/26 16:03:42 riastradh Exp $
 .\"
 .\" Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com>
 .\" All rights reserved.
@@ -33,7 +33,7 @@
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh NAME
 .Nm wg-userspace
-.Nd manipulate WireGuard userspace instances
+.Nd manipulate wg userspace instances (EXPERIMENTAL)
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh SYNOPSIS
 .Ar id
@@ -42,39 +42,45 @@
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh DESCRIPTION
 .Nm
-is used to create, destroy and configure WireGuard userspace instances.
+is used to create, destroy and configure
+.Xr wg 4
+userspace instances.
+.Pp
+.Sy WARNING:
+.Nm
+is experimental.
 .Pp
 The following commands are supported:
 .Bl -tag -width "destroy"
 .It Cm create
-Create a WireGuard interface.
+Create an interface.
 The interface will appear as
 .Li tun Ns Ar id
 to the rest of the system, and will be served by a rump server in whose
 context the interface appears as
 .Li wg Ns Ar id .
 .It Cm destroy
-Destroy a WireGuard interface and stop the rump server behind it.
+Destroy an interface and stop the rump server behind it.
 .It Cm ifconfig Ar wgN Ar args...
 Run
 .Xr ifconfig 8
-in the context of the WireGuard interface's rump server.
+in the context of the interface's rump server.
 For example,
 .Bd -literal -compact
 	# wg-userspace 0 ifconfig wg0 10.0.1.0/24
 .Ed
-will set the WireGuard interface's IP address.
+will set the interface's IP address.
 .It Cm wgconfig Ar wgN Ar args...
 Run
 .Xr wgconfig 8
-in the context of the WireGuard interface's rump server.
+in the context of the interface's rump server.
 For example,
 .Bd -literal -compact
 	# wg-userspace 0 wgconfig wg0 set listen-port 1234
 .Ed
-will set the WireGuard interface's listening port.
+will set the interface's listening port.
 .It Cm debug Ar command Op Ar args...
-Run an arbitrary command in the context of the WireGuard interface's
+Run an arbitrary command in the context of the interface's
 rump server, using
 .Xr rumphijack 3 .
 .El

usr.sbin/wg-userspace/wg-userspace.sh

@@ -2,7 +2,7 @@
 
 RUMPLIBS="-lrumpnet -lrumpnet_net -lrumpnet_netinet \
     -lrumpdev -lrumpvfs -lrumpdev_opencrypto -lrumpkern_z \
-    -lrumpkern_crypto -lrumpnet_wireguard -lrumpnet_netinet6"
+    -lrumpkern_crypto -lrumpnet_wg -lrumpnet_netinet6"
 HIJACKING="env LD_PRELOAD=/usr/lib/librumphijack.so \
     RUMPHIJACK=path=/rump,socket=all:nolocal,sysctl=yes"
 

usr.sbin/wgconfig/wgconfig.8

@@ -1,4 +1,4 @@
-.\"	$NetBSD: wgconfig.8,v 1.9 2020/08/21 03:44:58 uwe Exp $
+.\"	$NetBSD: wgconfig.8,v 1.10 2020/08/26 16:03:42 riastradh Exp $
 .\"
 .\" Copyright (C) Ryota Ozaki <ozaki.ryota@gmail.com>
 .\" All rights reserved.
@@ -33,7 +33,7 @@
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh NAME
 .Nm wgconfig
-.Nd configure WireGuard interface parameters
+.Nd configure wg interface parameters
 .\"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
 .Sh SYNOPSIS
 .Nm
@@ -74,7 +74,7 @@
 .Sh DESCRIPTION
 The
 .Nm
-utility is used to configure or display a WireGuard
+utility is used to configure or display a
 .Xr wg 4
 interface's parameters and status.
 Every
@@ -91,7 +91,7 @@ have a fixed endpoint IP address and a preshared secret key.
 The following commands are supported:
 .Bl -tag -width abcd
 .It Cm "show all"
-Show all WireGuard peers.
+Show all peers.
 No secret keys are included in the output.
 .It Cm "show peer" Ar name Op Fl Fl show-preshared-key
 Show the peer named
@@ -117,7 +117,7 @@ to the base64-encoded private key in the file at
 .It Cm "set listen-port" Ar port
 Set the UDP port number that
 .Li wg Ns Ar N\|
-listens for incoming WireGuard sessions on.
+listens for incoming sessions on.
 This allows a peer to start a new session without having a specific
 endpoint IP address configured.
 .It Cm "add peer" Ar name Ar pubkey Op Ar options ...
@@ -146,14 +146,16 @@ Set a secret preshared key generated by
 If the preshared key can be arranged in advance on a medium not subject
 to eavesdropping, then it defends against possible future quantum
 cryptanalysis of the X25519 key agreement.
-WireGuard still uses X25519 key agreements in order to erase past
+.Nm
+still uses X25519 key agreements in order to erase past
 session keys so that past session transcripts remain secret should one
 of the endpoints be compromised in the future; the preshared key is an
 additional measure on top.
 .It Fl Fl endpoint Ns Li \&= Ns Ar ip Ns Li \&: Ns Ar port
 Set the peer's endpoint address outside the tunnel.
-This is optional for a VPN server if the WireGuard interface is
-configured to listen on a port number.
+This is optional for a VPN server if the
+.Nm
+interface is configured to listen on a port number.
 .It Fl Fl allowed-ips Ns Li \&= Ns Ar ip1 Ns Li \&/ Ns Ar cidr1 Ns \
     Op Li \&, Ns Ar ip2 Ns Li \&/ Ns Ar cidr2 Ns Li \&, Ns Ar ...
 Set the IP address ranges that the peer is allowed to select inside the