From: Lonnie Abelbeck <lists@lonnie.abelbeck.com>
To: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: [patch] add support for peer names using a file in userspace
Date: Fri, 8 Dec 2017 07:42:30 -0600 [thread overview]
Message-ID: <705B40D6-4947-4E5A-A042-B0C8A0D5BB84@lonnie.abelbeck.com> (raw)
In-Reply-To: <CAHmME9pL8+FQv_oAKCFpnZQ6ew1xmoKk-RQqtDHktWARvDXH_w@mail.gmail.com>
On Dec 7, 2017, at 10:23 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> Thanks for sending this to the mailing list. Indeed it got lost in the
> fold of disorganized email filters when you sent it to me directly
> twice earlier; sorry about that.
The latest patch is reworked, disabled by default and requires =
WITH_PEERDATA=3Dyes to be enabled.
> I'm not certain this is the right approach -- having wg(8) rely on
> fixed filesystem paths, and splitting peer configuration information
> across three places (original config file, peer data file, kernel).
I'm just trying to find a solution with traction. My latest patch works =
perfectly fine on our Linux appliance, but alternate approaches could be =
a more general solution.
> I think the way forward for this kind of feature would be what I
> proposed in an earlier thread, of attaching it to the kernel object,
> just like ifalias does or netfilter's comment target. However, the
> question I'm still faced with is -- is this really necessary?
Yes, Jason, I think it is necessary.
Consider a GUI showing a list of peers that you can click on to edit, =
there needs some sort of human-memerable "name" associated with each =
peer.
Additionally, the "wg show" output is sorted by "handshake time" (a good =
thing), so remembering your peer config order does not help identifying =
the peers.
While I would be happy with a compile-time option to support peer-names =
via a userspace file (per my patch), a kernel object would be better.
Suggested configuration syntax:
1) Support either [Peer] or [Peer-some_custom_name] in "wg setconf" =
configurations.
2) Make "wg showconf" parrot back any [Peer-some_custom_name] context =
names.
3) Make "wg show" display either "peer: orQ..." or =
"peer-some_custom_name: orQ..."
4) Any spaces in the "some_custom_name" text are ignored and truncated =
to 64 characters.
Thanks for your consideration.
Lonnie
next prev parent reply other threads:[~2017-12-08 13:35 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-07 15:31 [patch] wg: " Lonnie Abelbeck
2017-12-08 4:23 ` Jason A. Donenfeld
2017-12-08 4:26 ` Jason A. Donenfeld
2017-12-08 13:42 ` Lonnie Abelbeck [this message]
2017-12-08 18:45 ` [patch] " Jason A. Donenfeld
2017-12-08 19:00 ` Lonnie Abelbeck
2017-12-08 20:39 ` Jason A. Donenfeld
2017-12-09 1:09 ` Eric Light
2017-12-09 11:32 ` Matthias Urlichs
2018-03-01 15:36 ` Damian Kaczkowski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=705B40D6-4947-4E5A-A042-B0C8A0D5BB84@lonnie.abelbeck.com \
--to=lists@lonnie.abelbeck.com \
--cc=Jason@zx2c4.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).