Limit wireguard peers listing to -A or wg-interface

ifconfig(8) output can get too long when always printing `wgpeers' for all
wg(4) interfaces, so omit it output is requested and/or output is limited
to the interface group "wg" or a specific interface "wgX".

No install media size change as wireguard code is under #ifndef SMALL.

Diff from Mikolaj Kucharski <mikolaj AT kucharski DOT name>
makes Hrvoje Popovski happy
manual bits from jmc
OK sthen

2 files changed, 53 insertions, 43 deletions

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index f9b9132b4b0..8ade4a90ae6 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ifconfig.8,v 1.384 2022/06/27 16:27:03 jmc Exp $
+.\"	$OpenBSD: ifconfig.8,v 1.385 2022/10/26 17:06:31 kn Exp $
 .\"	$NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $
 .\"     $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\"     @(#)ifconfig.8	8.4 (Berkeley) 6/1/94
 .\"
-.Dd $Mdocdate: June 27 2022 $
+.Dd $Mdocdate: October 26 2022 $
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -2195,6 +2195,14 @@ Packets on a VLAN interface without a tag set will use a value of
 .Ek
 .nr nS 0
 .Pp
+Detailed peer information is available to the superuser when
+.Nm
+is run with the
+.Fl A
+flag or when passed specific
+.Ar wg-interface
+names.
+.Pp
 The following options are available for
 .Xr wg 4
 interfaces:
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index d1086816b0a..2d0a09a254d 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ifconfig.c,v 1.456 2022/07/08 07:04:54 jsg Exp $	*/
+/*	$OpenBSD: ifconfig.c,v 1.457 2022/10/26 17:06:31 kn Exp $	*/
 /*	$NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $	*/
 
 /*
@@ -363,7 +363,7 @@ void	unsetwgpeer(const char *, int);
 void	unsetwgpeerpsk(const char *, int);
 void	unsetwgpeerall(const char *, int);
 
-void	wg_status();
+void	wg_status(int);
 #else
 void	setignore(const char *, int);
 #endif
@@ -679,7 +679,7 @@ void	printgroupattribs(char *);
 void	printif(char *, int);
 void	printb_status(unsigned short, unsigned char *);
 const char *get_linkstate(int, int);
-void	status(int, struct sockaddr_dl *, int);
+void	status(int, struct sockaddr_dl *, int, int);
 __dead void	usage(void);
 const char *get_string(const char *, const char *, u_int8_t *, int *);
 int	len_string(const u_int8_t *, int);
@@ -1195,7 +1195,7 @@ printif(char *name, int ifaliases)
 				continue;
 			ifdata = ifa->ifa_data;
 			status(1, (struct sockaddr_dl *)ifa->ifa_addr,
-			    ifdata->ifi_link_state);
+			    ifdata->ifi_link_state, ifaliases);
 			count++;
 			noinet = 1;
 			continue;
@@ -3316,7 +3316,7 @@ get_linkstate(int mt, int link_state)
  * specified, show it and it only; otherwise, show them all.
  */
 void
-status(int link, struct sockaddr_dl *sdl, int ls)
+status(int link, struct sockaddr_dl *sdl, int ls, int ifaliases)
 {
 	const struct afswtch *p = afp;
 	struct ifmediareq ifmr;
@@ -3391,7 +3391,7 @@ status(int link, struct sockaddr_dl *sdl, int ls)
 	mpls_status();
 	pflow_status();
 	umb_status();
-	wg_status();
+	wg_status(ifaliases);
 #endif
 	trunk_status();
 	getifgroups();
@@ -5907,7 +5907,7 @@ process_wg_commands(void)
 }
 
 void
-wg_status(void)
+wg_status(int ifaliases)
 {
 	size_t			 i, j, last_size;
 	struct timespec		 now;
@@ -5942,45 +5942,47 @@ wg_status(void)
 		printf("\twgpubkey %s\n", key);
 	}
 
-	wg_peer = &wg_interface->i_peers[0];
-	for (i = 0; i < wg_interface->i_peers_count; i++) {
-		b64_ntop(wg_peer->p_public, WG_KEY_LEN,
-		    key, sizeof(key));
-		printf("\twgpeer %s\n", key);
-
-		if (wg_peer->p_flags & WG_PEER_HAS_PSK)
-			printf("\t\twgpsk (present)\n");
-
-		if (wg_peer->p_flags & WG_PEER_HAS_PKA && wg_peer->p_pka)
-			printf("\t\twgpka %u (sec)\n", wg_peer->p_pka);
-
-		if (wg_peer->p_flags & WG_PEER_HAS_ENDPOINT) {
-			if (getnameinfo(&wg_peer->p_sa, wg_peer->p_sa.sa_len,
-			    hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
-			    NI_NUMERICHOST | NI_NUMERICSERV) == 0)
-				printf("\t\twgendpoint %s %s\n", hbuf, sbuf);
-			else
-				printf("\t\twgendpoint unable to print\n");
-		}
+	if (ifaliases) {
+		wg_peer = &wg_interface->i_peers[0];
+		for (i = 0; i < wg_interface->i_peers_count; i++) {
+			b64_ntop(wg_peer->p_public, WG_KEY_LEN,
+			    key, sizeof(key));
+			printf("\twgpeer %s\n", key);
+
+			if (wg_peer->p_flags & WG_PEER_HAS_PSK)
+				printf("\t\twgpsk (present)\n");
+
+			if (wg_peer->p_flags & WG_PEER_HAS_PKA && wg_peer->p_pka)
+				printf("\t\twgpka %u (sec)\n", wg_peer->p_pka);
+
+			if (wg_peer->p_flags & WG_PEER_HAS_ENDPOINT) {
+				if (getnameinfo(&wg_peer->p_sa, wg_peer->p_sa.sa_len,
+				    hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
+				    NI_NUMERICHOST | NI_NUMERICSERV) == 0)
+					printf("\t\twgendpoint %s %s\n", hbuf, sbuf);
+				else
+					printf("\t\twgendpoint unable to print\n");
+			}
 
-		printf("\t\ttx: %llu, rx: %llu\n",
-		    wg_peer->p_txbytes, wg_peer->p_rxbytes);
+			printf("\t\ttx: %llu, rx: %llu\n",
+			    wg_peer->p_txbytes, wg_peer->p_rxbytes);
 
-		if (wg_peer->p_last_handshake.tv_sec != 0) {
-			timespec_get(&now, TIME_UTC);
-			printf("\t\tlast handshake: %lld seconds ago\n",
-			    now.tv_sec - wg_peer->p_last_handshake.tv_sec);
-		}
+			if (wg_peer->p_last_handshake.tv_sec != 0) {
+				timespec_get(&now, TIME_UTC);
+				printf("\t\tlast handshake: %lld seconds ago\n",
+				    now.tv_sec - wg_peer->p_last_handshake.tv_sec);
+			}
 
 
-		wg_aip = &wg_peer->p_aips[0];
-		for (j = 0; j < wg_peer->p_aips_count; j++) {
-			inet_ntop(wg_aip->a_af, &wg_aip->a_addr,
-			    hbuf, sizeof(hbuf));
-			printf("\t\twgaip %s/%d\n", hbuf, wg_aip->a_cidr);
-			wg_aip++;
+			wg_aip = &wg_peer->p_aips[0];
+			for (j = 0; j < wg_peer->p_aips_count; j++) {
+				inet_ntop(wg_aip->a_af, &wg_aip->a_addr,
+				    hbuf, sizeof(hbuf));
+				printf("\t\twgaip %s/%d\n", hbuf, wg_aip->a_cidr);
+				wg_aip++;
+			}
+			wg_peer = (struct wg_peer_io *)wg_aip;
 		}
-		wg_peer = (struct wg_peer_io *)wg_aip;
 	}
 out:
 	free(wgdata.wgd_interface);