From nobody Thu Sep 19 11:06:59 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X8Xlx33gnz5WFJF for ; Thu, 19 Sep 2024 11:07:09 +0000 (UTC) (envelope-from mail@osfux.nl) Received: from vm1982.osfux.nl (vm1982.osfux.nl [79.99.187.212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4X8Xlw36v0z4bgW for ; Thu, 19 Sep 2024 11:07:08 +0000 (UTC) (envelope-from mail@osfux.nl) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=osfux.nl header.s=default header.b=ciLaS77b; dmarc=pass (policy=reject) header.from=osfux.nl; spf=pass (mx1.freebsd.org: domain of mail@osfux.nl designates 79.99.187.212 as permitted sender) smtp.mailfrom=mail@osfux.nl Received: from vm1982.osfux.nl (localhost [127.0.0.1]) by vm1982.osfux.nl (Postfix) with ESMTP id BA5C180 for ; Thu, 19 Sep 2024 13:06:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=osfux.nl; s=default; t=1726744019; bh=GJYZSEX7izS/44WZcKfu8o+W11Lsj/zaf18fmIphb20=; h=Date:To:From:Subject; b=ciLaS77b6ne5fC34q6wbeid0+PpP/DZCprI7IChS52UWh6xjo9bF3puGVvY/wKQop lUrZm7BQaYuzVTtZoSTi26tqHLDKKCYQFrK+UzQ8Ormb0nqdN0YmOkAJLv9kMo9VuH mCz5HkOCmtb/UvZf6+3ONKrhs2A+IPDcWuTSnGbqiofzM+g2X8TXG6YKgpVRweoLvS vk3hnA4UyultyvmDQROMQcYZ2vQm/TV45S+wwY3DNYfsmoSBMUmQtbNzgNcsQz0tud GAXFqthK59G20Ivy659CFo56nJU0n5GqbFRUZSYm0YwUY5lZEyZtJBTI/yFnsEk5SI OKmbC8iH12TehrWoDGR+kR5nsUeYCW674FgTf9VEOlyeYIVjyZg/bNuX0ERTvlqrkC 8/x3/o7VszikpMxEFhqLolj3kaQy+w53h9wMmNax81p+UH2XJa64OyPzkGk+/2B1Q3 HjPBTr9kNGzLW6yB+H816Wa3w2Ik/8b6pMnNGZw7j48uGw6bABJnlhVQU9BJxozBUk JbGNu62qAIGvgYFpUneYTAxhkY0hmfcm41bzQ8tgKPf6eEbRMg+Tbtnnvhq5vt9DJL q1jXJK2QMGaXKPkX8NA74YygusTdgulJExty3kSrK35g6/5bFrVywsYXqeO1qaRE/t Rns6zJS8FAgYbFxL772pXebw= X-Spam-Status: No, score=0.0 required=5.0 tests=none shortcircuit=no X-Spam-Checker-Version: SpamAssassin 4.0.0 Received: from [0.0.0.0] (unknown [193.187.128.159]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by vm1982.osfux.nl (Postfix) with ESMTPSA for ; Thu, 19 Sep 2024 13:06:59 +0200 (CEST) Message-ID: Date: Thu, 19 Sep 2024 13:06:59 +0200 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-stable@freebsd.org Sender: owner-freebsd-stable@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: freebsd-stable@freebsd.org From: fuxjez Subject: Controlling verbosity of wireguard logs Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-3.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[osfux.nl,reject]; R_DKIM_ALLOW(-0.20)[osfux.nl:s=default]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:8315, ipnet:79.99.184.0/21, country:NL]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+]; MID_RHS_MATCH_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-stable@freebsd.org]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; DKIM_TRACE(0.00)[osfux.nl:+] X-Rspamd-Queue-Id: 4X8Xlw36v0z4bgW X-Spamd-Bar: --- Hi List, Somebody managed to get Wireguard logging running vebosely on 14.1? I've tried setting the LOG_LEVEL (mentioned in the wg 8 manpage, albeit directed at "userspace implementations") to debug, but I wasn't able to identify any ip information (for instance) looking at the debug information generated :( I've only managed to find information regarding linux WG implementations that generate verbose logging ( https://superuser.com/questions/1774092/wireguard-connectivity-between-handshakes for instance ). On FreeBSD 14.1 I've tried enabling the debug logging required like this: === LOG_LEVEL=verbose /sbin/ifconfig wg0 debug LOG_LEVEL=DEBUG /sbin/ifconfig wg0 debug LOG_LEVEL=debug /sbin/ifconfig wg0 debug === but the only generated messages I'm seeing are regarding wireguard handshakes / wireguard keepalive functionality. I tried simulating faulty connection attempts by connecting to the wg endpoint using an "invalid" publickey. With LOG_LEVEL=debug this only generates: wg0: Invalid initiation MAC messages in the logs. I'm after the source ip addresses that fail to establish correct crypto with this servers' wg endpoint so the messages do not contain sufficient information for my purposes. Any thoughts? Feedback appreciated! ruben