From nobody Fri Nov 11 22:56:01 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4N8DZp0XSmz4YW4K; Fri, 11 Nov 2022 22:56:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4N8DZn756Pz3Mf1; Fri, 11 Nov 2022 22:56:01 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668207362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QVVnG4kiUhywO3NoZmPYEPeOIPmSmiYu+Jf389VJiUs=; b=SXxXBncrtuKBG/OcHGymcQtXQbNGZP5bXK97SG+RQSm1sQGRBw8X3Gc/yMWOlvyLICwrDF t9gqUMSsY++RcUCwqT+53IKGjdxSfi8G9Az8De8AxWravtQMiVtokYOyKQROTrM0PfZLwN F1Ry0jqg0PnvWzblq7eASaKlUELW88SLy5JHqLAKWk84vJNULG3SHLxPl60DbjxAfiSGeN GnsUPJzzP6eZravxd57Sl9xGPgjXJav0QELEZaePkIw57YDdILct0gPc/NtSF7fAHd8P9n hqI53CQg2SrbTs/AH+opGUuX4wTSYFtcHoZckBzJ5saGo+/igjjpq5+5zciClA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1668207362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=QVVnG4kiUhywO3NoZmPYEPeOIPmSmiYu+Jf389VJiUs=; b=NE6/xHkB7hwx3fJcunwuXqzDyBXJYqQ2JeffolIBnd86ddE6cg6RC3g3jQeprKcvsabJKj Gz2u5ECNvYyEuKApIrLNYz9E2GPmtmSI5/mbkSIFDEz5DoQXIJqIBIdnjSPDi8n8GNu/1H nvqbBjzCpleR2W16Hj9Uy8XEto8LTY/772pfA2t6LTnIxjhSdJgHQoGmsQ84Mkn3p/w4TB oM/3sdXlCbXAFOTt3TQufQS1Ucnb4sCfwp7OlTYp/uFAKqBQA+Jdtarf5FDJj0Gui7DotB 7mp+RrF0qUs0eX17EODQgs8O+axQNYBaZx6Z9ckgpuRxen7QrMDGsNUorzQ0zg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1668207362; a=rsa-sha256; cv=none; b=A40iV1TwWgBk6NpgU/UfTe5cpZk9e3riI0woB84rQLJO77KXjsuHxy1KQhXzy02ciSsYYs +/dyEMWGDoEPL9aLZepd/Vn8p9lgtikQf2ZyFPZpPDZDMXTycGMW0wMBp3G4ZyANUT5IGE yLf4+jFrJSde1YP98l5Jh6B4pHHC72ur1yVV6oEyqWkyyRmfHpMZUHkbc3yTxFalby1Wdv AJyxMHOhXHoWd+FOOPXZzxfhW71bv00rD8ASWO+mNSvlkaTyc3w+IiQCReuhQFu8/cX1aM VtHC2NwtLOkJ6zhvIHy7kB9SMbXfRYExOn9KDOxXSoyth5GBAfsJBqBSwCovzA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4N8DZn666tz112P; Fri, 11 Nov 2022 22:56:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 2ABMu1gB076643; Fri, 11 Nov 2022 22:56:01 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 2ABMu1fu076642; Fri, 11 Nov 2022 22:56:01 GMT (envelope-from git) Date: Fri, 11 Nov 2022 22:56:01 GMT Message-Id: <202211112256.2ABMu1fu076642@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Gordon Bergling Subject: git: 78d36c860239 - stable/13 - wg.4: Add some enhancements List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gbe X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 78d36c860239d9cbfa23ea6c96dc07ee9f9844ad Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by gbe (doc committer): URL: https://cgit.FreeBSD.org/src/commit/?id=78d36c860239d9cbfa23ea6c96dc07ee9f9844ad commit 78d36c860239d9cbfa23ea6c96dc07ee9f9844ad Author: Gordon Bergling AuthorDate: 2022-10-30 12:59:37 +0000 Commit: Gordon Bergling CommitDate: 2022-11-11 22:55:16 +0000 wg.4: Add some enhancements - add a SPDX-License-Identifier - rename the title of the man page - use better grammar in some places - reword 'IPs' to 'IP addresses' - add a missing word in the AUTHORS section - use '.An -nosplit' in the AUTHORS section - Xr ipsec and ovpn Reviewed by: pauamma, mhorne Differential Revision: https://reviews.freebsd.org/D37205 (cherry picked from commit 19c03f4ab0d68788a561b91278fd13c760227a31) --- share/man/man4/wg.4 | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/share/man/man4/wg.4 b/share/man/man4/wg.4 index f2ae425002d7..21bb640e7b6c 100644 --- a/share/man/man4/wg.4 +++ b/share/man/man4/wg.4 @@ -1,3 +1,5 @@ +.\" SPDX-License-Identifier: BSD-2-Clause-FreeBSD +.\" .\" Copyright (c) 2020 Gordon Bergling .\" .\" Redistribution and use in source and binary forms, with or without @@ -23,12 +25,12 @@ .\" .\" $FreeBSD$ .\" -.Dd October 28, 2022 +.Dd October 30, 2022 .Dt WG 4 .Os .Sh NAME .Nm wg -.Nd "WireGuard - pseudo-device" +.Nd "WireGuard protocol driver" .Sh SYNOPSIS To load the driver as a module at boot time, place the following line in .Xr loader.conf 5 : @@ -44,7 +46,7 @@ protocol. .Pp A .Nm -interface recognises one or more peers, establishes a secure tunnel with +interface recognizes one or more peers, establishes a secure tunnel with each on demand, and tracks each peer's UDP endpoint for exchanging encrypted traffic with. .Pp @@ -72,17 +74,17 @@ interface with its own private key and with the public keys of its peers. In addition to the public keys, each peer pair may be configured with a unique pre-shared symmetric key. This is used in their handshake to guard against future compromise of the -peers' encrypted tunnel if a quantum-computational attack on their +peers' encrypted tunnel if an attack on their Diffie-Hellman exchange becomes feasible. It is optional, but recommended. -.It Allowed IPs +.It Allowed IP addresses A single .Nm interface may maintain concurrent tunnels connecting diverse networks. The interface therefore implements rudimentary routing and reverse-path filtering functions for its tunneled traffic. -These functions reference a set of allowed IP ranges configured against -each peer. +These functions reference a set of allowed IP address ranges configured +against each peer. .Pp The interface will route outbound tunneled traffic to the peer configured with the most specific matching allowed IP address range, or drop it @@ -95,11 +97,11 @@ That is, tunneled traffic routed to a given peer cannot return through another peer of the same .Nm interface. -This ensures that peers cannot spoof another's traffic. +This ensures that peers cannot spoof one another's traffic. .It Handshake Two peers handshake to mutually authenticate each other and to establish a shared series of secret ephemeral encryption keys. -Any peer may initiate a handshake. +Either peer may initiate a handshake. Handshakes occur only when there is traffic to send, and recur every two minutes during transfers. .It Connectionless @@ -181,7 +183,9 @@ is not assigned to the allowed IPs of Peer X. .Sh SEE ALSO .Xr inet 4 , .Xr ip 4 , +.Xr ipsec 4 , .Xr netintro 4 , +.Xr ovpn 4 , .Xr ipf 5 , .Xr pf.conf 5 , .Xr ifconfig 8 , @@ -197,9 +201,10 @@ The device driver first appeared in .Fx 14.0 . .Sh AUTHORS +.An -nosplit The .Nm -device driver written by +device driver was written by .An Jason A. Donenfeld Aq Mt Jason@zx2c4.com , .An Matt Dunwoodie Aq Mt ncon@nconroy.net , and