Page MenuHomeVyOS Platform
Create Task
Maniphest T3202

Enable wireguard debug messages by default
Open, NormalPublicFEATURE REQUEST
Actions

Description

enable dynamic debug for wg

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Unspecified (please specify)

Event Timeline

hagbard claimed this task.Jan 9 2021, 7:35 PM
hagbard created this task.
hagbard edited projects, added VyOS 1.4 Sagitta; removed VyOS 1.3 Equuleus.
hagbard changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
hagbard added a comment.EditedJan 9 2021, 7:37 PM

output looks then like below and is being logged to ringbuffer as well as systemd-journald:

[  982.676054] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <[email protected]>. All Rights Reserved.
[ 2249.407569] wireguard: wg01: Receiving handshake initiation from peer 1 (10.100.100.1:12345)
[ 2249.407577] wireguard: wg01: Sending handshake response to peer 1 (10.100.100.1:12345)
[ 2249.408422] wireguard: wg01: Keypair 2 created for peer 1
Jan 09 19:35:57 r02 kernel: wireguard: wg01: Receiving handshake initiation from peer 1 (10.100.100.1:12345)
Jan 09 19:35:57 r02 kernel: wireguard: wg01: Sending handshake response to peer 1 (10.100.100.1:12345)
Jan 09 19:35:57 r02 kernel: wireguard: wg01: Keypair 3 created for peer 1
Jan 09 19:35:57 r02 kernel: wireguard: wg01: Receiving keepalive packet from peer 1 (10.100.100.1:12345)

Not too sure where to place the debug option, since it's enabled for the entire module and we don't have a debug command as far as I know.

set system debug wireguard might be anoption

Unknown Object (User) added a subscriber: Unknown Object (User).Jan 10 2021, 7:41 AM

Why not add this by default?

c-po added a subscriber: c-po.Jan 10 2021, 8:12 AM

+1 for default, IPsec is also very chatty

pasik added a subscriber: pasik.Jan 10 2021, 11:32 AM
hagbard added a comment.Jan 10 2021, 5:45 PM

Sounds good, syslog needs to be set to level debug for kernel facility, so it's per default only visible in the journal logs. Tested with a few tunnels, it's not very noisy, even with 20 tunnels.

hagbard renamed this task from dynamic debug for wireguard to enable wireguard debug messages per default.Jan 10 2021, 5:46 PM
hagbard triaged this task as Normal priority.
zsdc added a subscriber: zsdc.Apr 21 2023, 10:15 AM

Just in case someone wants to implement this: debugging must not be enabled by default, only on demand or via config.

Viacheslav added a project: VyOS 1.5 Circinus.Oct 4 2023, 9:33 AM
Viacheslav added a subscriber: Viacheslav.

Proposed CLI:

set system syslog global service wireguard

Expected command for debug

echo "module wireguard +p" | sudo tee /sys/kernel/debug/dynamic_debug/control

To disable

echo "module wireguard -p" | sudo tee /sys/kernel/debug/dynamic_debug/control
dmbaturin renamed this task from enable wireguard debug messages per default to Enable wireguard debug messages by default.Mar 12 2024, 6:12 PM
dmbaturin set Issue type to Unspecified (please specify).
dmbaturin added a project: Restricted Project.Thu, Apr 4, 9:46 PM