2017-10-13 15:05:18 +00:00
|
|
|
#
|
wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit ea980fb9c6de24350976dcc6c20da2bed5fc8cb8)
2019-12-27 14:41:12 +00:00
|
|
|
# Copyright (C) 2016-2019 Jason A. Donenfeld <Jason@zx2c4.com>
|
2017-10-13 15:05:18 +00:00
|
|
|
# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
|
|
|
|
# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
|
|
|
|
#
|
|
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
|
|
# See /LICENSE for more information.
|
|
|
|
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
include $(INCLUDE_DIR)/kernel.mk
|
|
|
|
|
|
|
|
PKG_NAME:=wireguard
|
|
|
|
|
wireguard: bump to 1.0.20200611
This bump fixes breakage introduced by kernel commit 8ab8786f78c3fc930f9abf6d6d85e95567de4e1f,
which is part of the 4.14.181 kernel bump, and backported ip6_dst_lookup_flow to 4.14.
This breaks the older WireGuard version currently in 19.07.
For reference, the compilation error is the one below:
build_dir/target-x86_64_musl/linux-x86_64/wireguard-linux-compat-1.0.20200506/src/compat/compat.h:104:42: error: 'const struct ipv6_stub' has no member named 'ipv6_dst_lookup'; did you mean 'ipv6_dst_lookup_flow'?
#define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, &dst, c) + (void *)0 ?: dst
Changelogs below taken from the official release announcements.
== Changes since v1.0.20200506 ==
This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
pushed to net.git about 45 minutes ago.
* qemu: use newer iproute2 for gcc-10
* qemu: add -fcommon for compiling ping with gcc-10
These enable the test suite to compile with gcc-10.
* noise: read preshared key while taking lock
Matt noticed a benign data race when porting the Linux code to OpenBSD.
* queueing: preserve flow hash across packet scrubbing
* noise: separate receive counter from send counter
WireGuard now works with fq_codel, cake, and other qdiscs that make use of
skb->hash. This should significantly improve latency spikes related to
buffer bloat. Here's a before and after graph from some data Toke measured:
https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png
* compat: support RHEL 8 as 8.2, drop 8.1 support
* compat: support CentOS 8 explicitly
* compat: RHEL7 backported the skb hash renamings
The usual RHEL churn.
* compat: backport renamed/missing skb hash members
The new support for fq_codel and friends meant more backporting work.
* compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4
== Changes since v1.0.20200611 ==
* qemu: always use cbuild gcc rather than system gcc
* qemu: remove -Werror in order to build ancient kernels better
* qemu: patch kernels that rely on ancient make
* qemu: force 2MB pages for binutils 2.31
* qemu: use cbuild gcc for avx512 exclusion
* qemu: add extra fill in idt handler for newer binutils
* qemu: support fetching kernels for arbitrary URLs
* qemu: patch in UTS_UBUNTU_RELEASE_ABI for Ubuntu detection
* qemu: work around broken centos8 kernel
* qemu: mark per_cpu_load_addr as static for gcc-10
Our qemu test suite can now handle more kernels and more compilers. Scroll
down to the bottom of https://www.wireguard.com/build-status/ to see the
expanded array of kernels we now test against, including some distro kernels.
* compat: widen breadth of integer constants
* compat: widen breadth of memzero_explicit backport
* compat: backport skb_scrub_packet to 3.11
* compat: widen breadth of prandom_u32_max backport
* compat: narrow the breadth of iptunnel_xmit backport
* compat: backport iptunnel_xmit to 3.11
With the expanded qemu test suite, it was possible to expand our list of
mainline kernels, so the backport compat layer is now more precise.
* compat: ubuntu appears to have backported ipv6_dst_lookup_flow
* compat: bionic-hwe-5.0/disco kernel backported skb_reset_redirect and ipv6 flow
Ubuntu kernels changed recently, so this ensures we can compile with the
latest Ubuntu releases.
* compat: remove stale suse support
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit 1fd1f5e8cff18f97675ce303b05d411136b99fb0)
2020-06-18 22:06:07 +00:00
|
|
|
PKG_VERSION:=1.0.20200611
|
2018-08-03 20:13:13 +00:00
|
|
|
PKG_RELEASE:=1
|
2017-10-13 15:05:18 +00:00
|
|
|
|
wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit ea980fb9c6de24350976dcc6c20da2bed5fc8cb8)
2019-12-27 14:41:12 +00:00
|
|
|
PKG_SOURCE:=wireguard-linux-compat-$(PKG_VERSION).tar.xz
|
|
|
|
PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-linux-compat/snapshot/
|
wireguard: bump to 1.0.20200611
This bump fixes breakage introduced by kernel commit 8ab8786f78c3fc930f9abf6d6d85e95567de4e1f,
which is part of the 4.14.181 kernel bump, and backported ip6_dst_lookup_flow to 4.14.
This breaks the older WireGuard version currently in 19.07.
For reference, the compilation error is the one below:
build_dir/target-x86_64_musl/linux-x86_64/wireguard-linux-compat-1.0.20200506/src/compat/compat.h:104:42: error: 'const struct ipv6_stub' has no member named 'ipv6_dst_lookup'; did you mean 'ipv6_dst_lookup_flow'?
#define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, &dst, c) + (void *)0 ?: dst
Changelogs below taken from the official release announcements.
== Changes since v1.0.20200506 ==
This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
pushed to net.git about 45 minutes ago.
* qemu: use newer iproute2 for gcc-10
* qemu: add -fcommon for compiling ping with gcc-10
These enable the test suite to compile with gcc-10.
* noise: read preshared key while taking lock
Matt noticed a benign data race when porting the Linux code to OpenBSD.
* queueing: preserve flow hash across packet scrubbing
* noise: separate receive counter from send counter
WireGuard now works with fq_codel, cake, and other qdiscs that make use of
skb->hash. This should significantly improve latency spikes related to
buffer bloat. Here's a before and after graph from some data Toke measured:
https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png
* compat: support RHEL 8 as 8.2, drop 8.1 support
* compat: support CentOS 8 explicitly
* compat: RHEL7 backported the skb hash renamings
The usual RHEL churn.
* compat: backport renamed/missing skb hash members
The new support for fq_codel and friends meant more backporting work.
* compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4
== Changes since v1.0.20200611 ==
* qemu: always use cbuild gcc rather than system gcc
* qemu: remove -Werror in order to build ancient kernels better
* qemu: patch kernels that rely on ancient make
* qemu: force 2MB pages for binutils 2.31
* qemu: use cbuild gcc for avx512 exclusion
* qemu: add extra fill in idt handler for newer binutils
* qemu: support fetching kernels for arbitrary URLs
* qemu: patch in UTS_UBUNTU_RELEASE_ABI for Ubuntu detection
* qemu: work around broken centos8 kernel
* qemu: mark per_cpu_load_addr as static for gcc-10
Our qemu test suite can now handle more kernels and more compilers. Scroll
down to the bottom of https://www.wireguard.com/build-status/ to see the
expanded array of kernels we now test against, including some distro kernels.
* compat: widen breadth of integer constants
* compat: widen breadth of memzero_explicit backport
* compat: backport skb_scrub_packet to 3.11
* compat: widen breadth of prandom_u32_max backport
* compat: narrow the breadth of iptunnel_xmit backport
* compat: backport iptunnel_xmit to 3.11
With the expanded qemu test suite, it was possible to expand our list of
mainline kernels, so the backport compat layer is now more precise.
* compat: ubuntu appears to have backported ipv6_dst_lookup_flow
* compat: bionic-hwe-5.0/disco kernel backported skb_reset_redirect and ipv6 flow
Ubuntu kernels changed recently, so this ensures we can compile with the
latest Ubuntu releases.
* compat: remove stale suse support
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit 1fd1f5e8cff18f97675ce303b05d411136b99fb0)
2020-06-18 22:06:07 +00:00
|
|
|
PKG_HASH:=9b0478c3b1f3a7b488916e632e2fcbb1383bb1a2ef294489858ce2ba1da3246d
|
2017-10-13 15:05:18 +00:00
|
|
|
|
wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit ea980fb9c6de24350976dcc6c20da2bed5fc8cb8)
2019-12-27 14:41:12 +00:00
|
|
|
PKG_LICENSE:=GPL-2.0
|
2017-10-13 15:05:18 +00:00
|
|
|
PKG_LICENSE_FILES:=COPYING
|
|
|
|
|
wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit ea980fb9c6de24350976dcc6c20da2bed5fc8cb8)
2019-12-27 14:41:12 +00:00
|
|
|
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/wireguard-linux-compat-$(PKG_VERSION)
|
2017-10-13 15:05:18 +00:00
|
|
|
PKG_BUILD_PARALLEL:=1
|
|
|
|
PKG_USE_MIPS16:=0
|
|
|
|
|
|
|
|
# WireGuard's makefile needs this to know where to build the kernel module
|
|
|
|
export KERNELDIR:=$(LINUX_DIR)
|
|
|
|
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
|
|
|
|
define Package/wireguard/Default
|
|
|
|
SECTION:=net
|
|
|
|
CATEGORY:=Network
|
|
|
|
SUBMENU:=VPN
|
|
|
|
URL:=https://www.wireguard.com
|
2018-05-31 01:05:51 +00:00
|
|
|
MAINTAINER:=Jason A. Donenfeld <Jason@zx2c4.com> \
|
|
|
|
Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
2017-10-13 15:05:18 +00:00
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard/Default/description
|
|
|
|
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
|
|
|
|
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
|
|
|
|
more useful than IPSec, while avoiding the massive headache. It intends to
|
|
|
|
be considerably more performant than OpenVPN. WireGuard is designed as a
|
|
|
|
general purpose VPN for running on embedded interfaces and super computers
|
|
|
|
alike, fit for many different circumstances. It uses UDP.
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard
|
|
|
|
$(call Package/wireguard/Default)
|
|
|
|
TITLE:=WireGuard meta-package
|
|
|
|
DEPENDS:=+wireguard-tools +kmod-wireguard
|
|
|
|
endef
|
|
|
|
|
|
|
|
include $(INCLUDE_DIR)/kernel-defaults.mk
|
|
|
|
include $(INCLUDE_DIR)/package-defaults.mk
|
|
|
|
|
|
|
|
define Build/Compile
|
|
|
|
$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard/install
|
|
|
|
true
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard/description
|
|
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
endef
|
|
|
|
|
|
|
|
define KernelPackage/wireguard
|
|
|
|
SECTION:=kernel
|
|
|
|
CATEGORY:=Kernel modules
|
|
|
|
SUBMENU:=Network Support
|
|
|
|
TITLE:=WireGuard kernel module
|
|
|
|
DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
|
|
|
|
FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
|
|
|
|
AUTOLOAD:=$(call AutoProbe,wireguard)
|
|
|
|
endef
|
|
|
|
|
|
|
|
define KernelPackage/wireguard/description
|
|
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
|
|
|
|
This package provides the kernel module for WireGuard.
|
|
|
|
endef
|
|
|
|
|
|
|
|
$(eval $(call BuildPackage,wireguard))
|
|
|
|
$(eval $(call KernelPackage,wireguard))
|