2017-10-13 15:05:18 +00:00
|
|
|
#
|
wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 14:41:12 +00:00
|
|
|
# Copyright (C) 2016-2019 Jason A. Donenfeld <Jason@zx2c4.com>
|
2017-10-13 15:05:18 +00:00
|
|
|
# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
|
|
|
|
# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
|
|
|
|
#
|
|
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
|
|
# See /LICENSE for more information.
|
|
|
|
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
include $(INCLUDE_DIR)/kernel.mk
|
|
|
|
|
|
|
|
PKG_NAME:=wireguard
|
|
|
|
|
wireguard: bump to 1.0.20200506
* compat: timeconst.h is a generated artifact
Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.
* compat: use bash instead of bc for HZ-->USEC calculation
This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.
* socket: remove errant restriction on looping to self
It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.
* send: cond_resched() when processing tx ringbuffers
Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.
* selftests: initalize ipv6 members to NULL to squelch clang warning
This fixes a worthless warning from clang.
* send/receive: use explicit unlikely branch instead of implicit coalescing
Some code readibility cleanups.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-06 22:22:46 +00:00
|
|
|
PKG_VERSION:=1.0.20200506
|
2018-08-03 20:13:13 +00:00
|
|
|
PKG_RELEASE:=1
|
2017-10-13 15:05:18 +00:00
|
|
|
|
wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 14:41:12 +00:00
|
|
|
PKG_SOURCE:=wireguard-linux-compat-$(PKG_VERSION).tar.xz
|
|
|
|
PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-linux-compat/snapshot/
|
wireguard: bump to 1.0.20200506
* compat: timeconst.h is a generated artifact
Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.
* compat: use bash instead of bc for HZ-->USEC calculation
This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.
* socket: remove errant restriction on looping to self
It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.
* send: cond_resched() when processing tx ringbuffers
Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.
* selftests: initalize ipv6 members to NULL to squelch clang warning
This fixes a worthless warning from clang.
* send/receive: use explicit unlikely branch instead of implicit coalescing
Some code readibility cleanups.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-06 22:22:46 +00:00
|
|
|
PKG_HASH:=98a99f2b825a82d57a7213e666f1ee4f7cc02bddb09bf4908b4b09447a8f121e
|
2017-10-13 15:05:18 +00:00
|
|
|
|
wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 14:41:12 +00:00
|
|
|
PKG_LICENSE:=GPL-2.0
|
2017-10-13 15:05:18 +00:00
|
|
|
PKG_LICENSE_FILES:=COPYING
|
|
|
|
|
wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 14:41:12 +00:00
|
|
|
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/wireguard-linux-compat-$(PKG_VERSION)
|
2017-10-13 15:05:18 +00:00
|
|
|
PKG_BUILD_PARALLEL:=1
|
|
|
|
PKG_USE_MIPS16:=0
|
|
|
|
|
|
|
|
# WireGuard's makefile needs this to know where to build the kernel module
|
|
|
|
export KERNELDIR:=$(LINUX_DIR)
|
|
|
|
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
|
|
|
|
define Package/wireguard/Default
|
|
|
|
SECTION:=net
|
|
|
|
CATEGORY:=Network
|
|
|
|
SUBMENU:=VPN
|
|
|
|
URL:=https://www.wireguard.com
|
2019-12-24 20:43:20 +00:00
|
|
|
MAINTAINER:=Jason A. Donenfeld <Jason@zx2c4.com>
|
2017-10-13 15:05:18 +00:00
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard/Default/description
|
|
|
|
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
|
|
|
|
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
|
|
|
|
more useful than IPSec, while avoiding the massive headache. It intends to
|
|
|
|
be considerably more performant than OpenVPN. WireGuard is designed as a
|
|
|
|
general purpose VPN for running on embedded interfaces and super computers
|
|
|
|
alike, fit for many different circumstances. It uses UDP.
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard
|
|
|
|
$(call Package/wireguard/Default)
|
|
|
|
TITLE:=WireGuard meta-package
|
|
|
|
DEPENDS:=+wireguard-tools +kmod-wireguard
|
|
|
|
endef
|
|
|
|
|
|
|
|
include $(INCLUDE_DIR)/kernel-defaults.mk
|
|
|
|
include $(INCLUDE_DIR)/package-defaults.mk
|
|
|
|
|
|
|
|
define Build/Compile
|
|
|
|
$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard/install
|
|
|
|
true
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard/description
|
|
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
endef
|
|
|
|
|
|
|
|
define KernelPackage/wireguard
|
|
|
|
SECTION:=kernel
|
|
|
|
CATEGORY:=Kernel modules
|
|
|
|
SUBMENU:=Network Support
|
|
|
|
TITLE:=WireGuard kernel module
|
|
|
|
DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
|
|
|
|
FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
|
|
|
|
AUTOLOAD:=$(call AutoProbe,wireguard)
|
|
|
|
endef
|
|
|
|
|
|
|
|
define KernelPackage/wireguard/description
|
|
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
|
|
|
|
This package provides the kernel module for WireGuard.
|
|
|
|
endef
|
|
|
|
|
|
|
|
$(eval $(call BuildPackage,wireguard))
|
|
|
|
$(eval $(call KernelPackage,wireguard))
|