git: 19c03f4ab0d6 - main - wg.4: Add some enhancements

From: Gordon Bergling <>
Date: Sun, 30 Oct 2022 13:00:03 UTC
The branch main has been updated by gbe (doc committer):


commit 19c03f4ab0d68788a561b91278fd13c760227a31
Author:     Gordon Bergling <>
AuthorDate: 2022-10-30 12:59:37 +0000
Commit:     Gordon Bergling <>
CommitDate: 2022-10-30 12:59:37 +0000

    wg.4: Add some enhancements
    - add a SPDX-License-Identifier
    - rename the title of the man page
    - use better grammar in some places
    - reword 'IPs' to 'IP addresses'
    - add a missing word in the AUTHORS section
    - use '.An -nosplit' in the AUTHORS section
    - Xr ipsec and ovpn
    Reviewed by:    pauamma, mhorne
    MFC after:      1 week
    Differential Revision:
 share/man/man4/wg.4 | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/share/man/man4/wg.4 b/share/man/man4/wg.4
index f2ae425002d7..21bb640e7b6c 100644
--- a/share/man/man4/wg.4
+++ b/share/man/man4/wg.4
@@ -1,3 +1,5 @@
+.\" SPDX-License-Identifier: BSD-2-Clause-FreeBSD
 .\" Copyright (c) 2020 Gordon Bergling <>
 .\" Redistribution and use in source and binary forms, with or without
@@ -23,12 +25,12 @@
 .\" $FreeBSD$
-.Dd October 28, 2022
+.Dd October 30, 2022
 .Dt WG 4
 .Nm wg
-.Nd "WireGuard - pseudo-device"
+.Nd "WireGuard protocol driver"
 To load the driver as a module at boot time, place the following line in
 .Xr loader.conf 5 :
@@ -44,7 +46,7 @@ protocol.
-interface recognises one or more peers, establishes a secure tunnel with
+interface recognizes one or more peers, establishes a secure tunnel with
 each on demand, and tracks each peer's UDP endpoint for exchanging encrypted
 traffic with.
@@ -72,17 +74,17 @@ interface with its own private key and with the public keys of its peers.
 In addition to the public keys, each peer pair may be configured with a
 unique pre-shared symmetric key.
 This is used in their handshake to guard against future compromise of the
-peers' encrypted tunnel if a quantum-computational attack on their
+peers' encrypted tunnel if an attack on their
 Diffie-Hellman exchange becomes feasible.
 It is optional, but recommended.
-.It Allowed IPs
+.It Allowed IP addresses
 A single
 interface may maintain concurrent tunnels connecting diverse networks.
 The interface therefore implements rudimentary routing and reverse-path
 filtering functions for its tunneled traffic.
-These functions reference a set of allowed IP ranges configured against
-each peer.
+These functions reference a set of allowed IP address ranges configured
+against each peer.
 The interface will route outbound tunneled traffic to the peer configured
 with the most specific matching allowed IP address range, or drop it
@@ -95,11 +97,11 @@ That is, tunneled traffic routed to a given peer cannot return through
 another peer of the same
-This ensures that peers cannot spoof another's traffic.
+This ensures that peers cannot spoof one another's traffic.
 .It Handshake
 Two peers handshake to mutually authenticate each other and to
 establish a shared series of secret ephemeral encryption keys.
-Any peer may initiate a handshake.
+Either peer may initiate a handshake.
 Handshakes occur only when there is traffic to send, and recur every
 two minutes during transfers.
 .It Connectionless
@@ -181,7 +183,9 @@ is not assigned to the allowed IPs of Peer X.
 .Xr inet 4 ,
 .Xr ip 4 ,
+.Xr ipsec 4 ,
 .Xr netintro 4 ,
+.Xr ovpn 4 ,
 .Xr ipf 5 ,
 .Xr pf.conf 5 ,
 .Xr ifconfig 8 ,
@@ -197,9 +201,10 @@ The
 device driver first appeared in
 .Fx 14.0 .
+.An -nosplit
-device driver written by
+device driver was written by
 .An Jason A. Donenfeld Aq Mt ,
 .An Matt Dunwoodie Aq Mt ,