Re: wg ifconfing control

Reply: Vadim Goncharov : "Re: wg ifconfing control"
In reply to: Peter 'PMc' Much: "Re: wg ifconfing control"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Daniel Lovasko <daniel.lovasko_at_gmail.com>
Date: Wed, 05 Feb 2025 14:32:05 UTC

The same ioctls with wg_data_io structures could be issued from ifconfig,
just as they are from the wg utility in base. I am not arguing that wg
utility should be removed, or that the kernel access surface to WireGuard
expanded. That being said, I think a similar wg utility can be obtained
from ports (wireguard-tools).

The patch linked by Baptiste is pretty much what I was looking for. Whilst
Baptiste's setup does indeed work, what I am looking for is a similar
interface to how I configure other ifconfig _xyN interfaces in
/etc/rc.conf. Also, perhaps expanding the scope of my ask: having the
commands in ifconfig aids discoverability since the commands can be
described in the manual page of ifconfig, similar to how it is done for
other protocols.

As for the meta-debate on ifconfig itself, my goal is to *configure a
network interface* (which wg presents itself as), so ifconfig sounds to me
like the right place. Please correct me if I am wrong, but if you want to
select the MTU of a WireGuard interface, you would still use ifconfig to do
that. Having to use a single tool for all my configuration needs for wg
would be greatly appreciated, instead of relying on wg in the base,
wg-quick from wireguard-tools package to get /etc/rc.conf entries instead
of the ifconfig ones already in base, and ifconfig for particular generic
properties, without having a single non-Linux manual page dedicated to the
WireGuard subject in base. Whether the ifconfig utility does not live up to
code quality standards, or has active bugs, is a different debate
altogether.

On Mon, Feb 3, 2025 at 5:40 PM Peter 'PMc' Much <pmc@citylink.dinoex.sub.org>
wrote:

> On 2025-01-23, Bertrand Petit <freebsd-hackers@phoe.frmug.org> wrote:
> > On Thu, Jan 23, 2025 at 08:24:08AM +0000, Poul-Henning Kamp wrote:
> >>
> >> Isn't that program already horrible and complex enough, in terms
> >> of source code, manual page and command line options ?
>
> Thanks for speaking it out.
> I already moved all my bridges and guests and virtuals to netgraph,
> where I can find them again. It's much nicer to have a separate
> plane of existance where one can put things together independent
> from the ifconfig moloch.
>
> >       And buggy, see [1]. Reported Oct. 2021 and still present.
>
> Ups, is that a bug?
> I got used to the scans sometimes either returning nothing or not
> returning at all. The link itself now functioning, I thought this
> an acceptable tradeoff.
>
> cheerio,
> PMc
>
>