openwrt/package/network/services/wireguard/Makefile

89 lines
2.5 KiB
Makefile
Raw Normal View History

#
# Copyright (C) 2016-2019 Jason A. Donenfeld <Jason@zx2c4.com>
# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=wireguard
wireguard: bump to 1.0.20200506 * compat: timeconst.h is a generated artifact Before we were trying to check for timeconst.h by looking in the kernel source directory. This isn't quite correct on configurations in which the object directory is separate from the kernel source directory, for example when using O="elsewhere" as a make option when building the kernel. The correct fix is to use $(CURDIR), which should point to where we want. * compat: use bash instead of bc for HZ-->USEC calculation This should make packaging somewhat easier, as bash is generally already available (at least for dkms), whereas bc isn't provided by distros by default in their build meta packages. * socket: remove errant restriction on looping to self It's already possible to create two different interfaces and loop packets between them. This has always been possible with tunnels in the kernel, and isn't specific to wireguard. Therefore, the networking stack already needs to deal with that. At the very least, the packet winds up exceeding the MTU and is discarded at that point. So, since this is already something that happens, there's no need to forbid the not very exceptional case of routing a packet back to the same interface; this loop is no different than others, and we shouldn't special case it, but rather rely on generic handling of loops in general. This also makes it easier to do interesting things with wireguard such as onion routing. At the same time, we add a selftest for this, ensuring that both onion routing works and infinite routing loops do not crash the kernel. We also add a test case for wireguard interfaces nesting packets and sending traffic between each other, as well as the loop in this case too. We make sure to send some throughput-heavy traffic for this use case, to stress out any possible recursion issues with the locks around workqueues. * send: cond_resched() when processing tx ringbuffers Users with pathological hardware reported CPU stalls on CONFIG_ PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning these workers would never terminate. That turned out not to be okay on systems without forced preemption. This commit adds a cond_resched() to the bottom of each loop iteration, so that these workers don't hog the core. We don't do this on encryption/decryption because the compat module here uses simd_relax, which already includes a call to schedule in preempt_enable. * selftests: initalize ipv6 members to NULL to squelch clang warning This fixes a worthless warning from clang. * send/receive: use explicit unlikely branch instead of implicit coalescing Some code readibility cleanups. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-06 22:22:46 +00:00
PKG_VERSION:=1.0.20200506
PKG_RELEASE:=1
PKG_SOURCE:=wireguard-linux-compat-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-linux-compat/snapshot/
wireguard: bump to 1.0.20200506 * compat: timeconst.h is a generated artifact Before we were trying to check for timeconst.h by looking in the kernel source directory. This isn't quite correct on configurations in which the object directory is separate from the kernel source directory, for example when using O="elsewhere" as a make option when building the kernel. The correct fix is to use $(CURDIR), which should point to where we want. * compat: use bash instead of bc for HZ-->USEC calculation This should make packaging somewhat easier, as bash is generally already available (at least for dkms), whereas bc isn't provided by distros by default in their build meta packages. * socket: remove errant restriction on looping to self It's already possible to create two different interfaces and loop packets between them. This has always been possible with tunnels in the kernel, and isn't specific to wireguard. Therefore, the networking stack already needs to deal with that. At the very least, the packet winds up exceeding the MTU and is discarded at that point. So, since this is already something that happens, there's no need to forbid the not very exceptional case of routing a packet back to the same interface; this loop is no different than others, and we shouldn't special case it, but rather rely on generic handling of loops in general. This also makes it easier to do interesting things with wireguard such as onion routing. At the same time, we add a selftest for this, ensuring that both onion routing works and infinite routing loops do not crash the kernel. We also add a test case for wireguard interfaces nesting packets and sending traffic between each other, as well as the loop in this case too. We make sure to send some throughput-heavy traffic for this use case, to stress out any possible recursion issues with the locks around workqueues. * send: cond_resched() when processing tx ringbuffers Users with pathological hardware reported CPU stalls on CONFIG_ PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning these workers would never terminate. That turned out not to be okay on systems without forced preemption. This commit adds a cond_resched() to the bottom of each loop iteration, so that these workers don't hog the core. We don't do this on encryption/decryption because the compat module here uses simd_relax, which already includes a call to schedule in preempt_enable. * selftests: initalize ipv6 members to NULL to squelch clang warning This fixes a worthless warning from clang. * send/receive: use explicit unlikely branch instead of implicit coalescing Some code readibility cleanups. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-06 22:22:46 +00:00
PKG_HASH:=98a99f2b825a82d57a7213e666f1ee4f7cc02bddb09bf4908b4b09447a8f121e
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/wireguard-linux-compat-$(PKG_VERSION)
PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
# WireGuard's makefile needs this to know where to build the kernel module
export KERNELDIR:=$(LINUX_DIR)
include $(INCLUDE_DIR)/package.mk
define Package/wireguard/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=VPN
URL:=https://www.wireguard.com
MAINTAINER:=Jason A. Donenfeld <Jason@zx2c4.com>
endef
define Package/wireguard/Default/description
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
more useful than IPSec, while avoiding the massive headache. It intends to
be considerably more performant than OpenVPN. WireGuard is designed as a
general purpose VPN for running on embedded interfaces and super computers
alike, fit for many different circumstances. It uses UDP.
endef
define Package/wireguard
$(call Package/wireguard/Default)
TITLE:=WireGuard meta-package
DEPENDS:=+wireguard-tools +kmod-wireguard
endef
include $(INCLUDE_DIR)/kernel-defaults.mk
include $(INCLUDE_DIR)/package-defaults.mk
define Build/Compile
$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
endef
define Package/wireguard/install
true
endef
define Package/wireguard/description
$(call Package/wireguard/Default/description)
endef
define KernelPackage/wireguard
SECTION:=kernel
CATEGORY:=Kernel modules
SUBMENU:=Network Support
TITLE:=WireGuard kernel module
DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
AUTOLOAD:=$(call AutoProbe,wireguard)
endef
define KernelPackage/wireguard/description
$(call Package/wireguard/Default/description)
This package provides the kernel module for WireGuard.
endef
$(eval $(call BuildPackage,wireguard))
$(eval $(call KernelPackage,wireguard))