2017-10-13 15:05:18 +00:00
|
|
|
#
|
2018-05-31 01:05:51 +00:00
|
|
|
# Copyright (C) 2016-2018 Jason A. Donenfeld <Jason@zx2c4.com>
|
2017-10-13 15:05:18 +00:00
|
|
|
# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
|
|
|
|
# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
|
|
|
|
#
|
|
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
|
|
# See /LICENSE for more information.
|
|
|
|
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
include $(INCLUDE_DIR)/kernel.mk
|
|
|
|
|
|
|
|
PKG_NAME:=wireguard
|
|
|
|
|
wireguard: bump to 0.0.20190531
* tools: add wincompat layer to wg(8)
Consistent with a lot of the Windows work we've been doing this last cycle,
wg(8) now supports the WireGuard for Windows app by talking through a named
pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw.
Because programming things for Windows is pretty ugly, we've done this via a
separate standalone wincompat layer, so that we don't pollute our pretty *nix
utility.
* compat: udp_tunnel: force cast sk_data_ready
This is a hack to work around broken Android kernel wrapper scripts.
* wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel
FreeBSD had a number of kernel race conditions, some of which we can vaguely
work around. These are in the process of being fixed upstream, but probably
people won't update for a while.
* wg-quick: make darwin and freebsd path search strict like linux
Correctness.
* socket: set ignore_df=1 on xmit
This was intended from early on but didn't work on IPv6 without the ignore_df
flag. It allows sending fragments over IPv6.
* qemu: use newer iproute2 and kernel
* qemu: build iproute2 with libmnl support
* qemu: do not check for alignment with ubsan
The QEMU build system has been improved to compile newer versions. Linking
against libmnl gives us better error messages. As well, enabling the alignment
check on x86 UBSAN isn't realistic.
* wg-quick: look up existing routes properly
* wg-quick: specify protocol to ip(8), because of inconsistencies
The route inclusion check was wrong prior, and Linux 5.1 made it break
entirely. This makes a better invocation of `ip route show match`.
* netlink: use new strict length types in policy for 5.2
* kbuild: account for recent upstream changes
* zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2
The usual churn of changes required for the upcoming 5.2.
* timers: add jitter on ack failure reinitiation
Correctness tweak in the timer system.
* blake2s,chacha: latency tweak
* blake2s: shorten ssse3 loop
In every odd-numbered round, instead of operating over the state
x00 x01 x02 x03
x05 x06 x07 x04
x10 x11 x08 x09
x15 x12 x13 x14
we operate over the rotated state
x03 x00 x01 x02
x04 x05 x06 x07
x09 x10 x11 x08
x14 x15 x12 x13
The advantage here is that this requires no changes to the 'x04 x05 x06 x07'
row, which is in the critical path. This results in a noticeable latency
improvement of roughly R cycles, for R diagonal rounds in the primitive. As
well, the blake2s AVX implementation is now SSSE3 and considerably shorter.
* tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES
System integrators can now specify things like
WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init
scripts and services, or 0, or any other integer.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 16:50:33 +00:00
|
|
|
PKG_VERSION:=0.0.20190531
|
2018-08-03 20:13:13 +00:00
|
|
|
PKG_RELEASE:=1
|
2017-10-13 15:05:18 +00:00
|
|
|
|
|
|
|
PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
|
|
|
|
PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
|
wireguard: bump to 0.0.20190531
* tools: add wincompat layer to wg(8)
Consistent with a lot of the Windows work we've been doing this last cycle,
wg(8) now supports the WireGuard for Windows app by talking through a named
pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw.
Because programming things for Windows is pretty ugly, we've done this via a
separate standalone wincompat layer, so that we don't pollute our pretty *nix
utility.
* compat: udp_tunnel: force cast sk_data_ready
This is a hack to work around broken Android kernel wrapper scripts.
* wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel
FreeBSD had a number of kernel race conditions, some of which we can vaguely
work around. These are in the process of being fixed upstream, but probably
people won't update for a while.
* wg-quick: make darwin and freebsd path search strict like linux
Correctness.
* socket: set ignore_df=1 on xmit
This was intended from early on but didn't work on IPv6 without the ignore_df
flag. It allows sending fragments over IPv6.
* qemu: use newer iproute2 and kernel
* qemu: build iproute2 with libmnl support
* qemu: do not check for alignment with ubsan
The QEMU build system has been improved to compile newer versions. Linking
against libmnl gives us better error messages. As well, enabling the alignment
check on x86 UBSAN isn't realistic.
* wg-quick: look up existing routes properly
* wg-quick: specify protocol to ip(8), because of inconsistencies
The route inclusion check was wrong prior, and Linux 5.1 made it break
entirely. This makes a better invocation of `ip route show match`.
* netlink: use new strict length types in policy for 5.2
* kbuild: account for recent upstream changes
* zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2
The usual churn of changes required for the upcoming 5.2.
* timers: add jitter on ack failure reinitiation
Correctness tweak in the timer system.
* blake2s,chacha: latency tweak
* blake2s: shorten ssse3 loop
In every odd-numbered round, instead of operating over the state
x00 x01 x02 x03
x05 x06 x07 x04
x10 x11 x08 x09
x15 x12 x13 x14
we operate over the rotated state
x03 x00 x01 x02
x04 x05 x06 x07
x09 x10 x11 x08
x14 x15 x12 x13
The advantage here is that this requires no changes to the 'x04 x05 x06 x07'
row, which is in the critical path. This results in a noticeable latency
improvement of roughly R cycles, for R diagonal rounds in the primitive. As
well, the blake2s AVX implementation is now SSSE3 and considerably shorter.
* tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES
System integrators can now specify things like
WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init
scripts and services, or 0, or any other integer.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 16:50:33 +00:00
|
|
|
PKG_HASH:=8b0280322ec4c46fd1a786af4db0c4d0c600053542c4563582baac478e4127b1
|
2017-10-13 15:05:18 +00:00
|
|
|
|
|
|
|
PKG_LICENSE:=GPL-2.0 Apache-2.0
|
|
|
|
PKG_LICENSE_FILES:=COPYING
|
|
|
|
|
2017-11-11 12:01:50 +00:00
|
|
|
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/WireGuard-$(PKG_VERSION)
|
2017-10-13 15:05:18 +00:00
|
|
|
PKG_BUILD_PARALLEL:=1
|
|
|
|
PKG_USE_MIPS16:=0
|
|
|
|
|
|
|
|
# WireGuard's makefile needs this to know where to build the kernel module
|
|
|
|
export KERNELDIR:=$(LINUX_DIR)
|
|
|
|
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
|
|
|
|
define Package/wireguard/Default
|
|
|
|
SECTION:=net
|
|
|
|
CATEGORY:=Network
|
|
|
|
SUBMENU:=VPN
|
|
|
|
URL:=https://www.wireguard.com
|
2018-05-31 01:05:51 +00:00
|
|
|
MAINTAINER:=Jason A. Donenfeld <Jason@zx2c4.com> \
|
|
|
|
Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
2017-10-13 15:05:18 +00:00
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard/Default/description
|
|
|
|
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
|
|
|
|
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
|
|
|
|
more useful than IPSec, while avoiding the massive headache. It intends to
|
|
|
|
be considerably more performant than OpenVPN. WireGuard is designed as a
|
|
|
|
general purpose VPN for running on embedded interfaces and super computers
|
|
|
|
alike, fit for many different circumstances. It uses UDP.
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard
|
|
|
|
$(call Package/wireguard/Default)
|
|
|
|
TITLE:=WireGuard meta-package
|
|
|
|
DEPENDS:=+wireguard-tools +kmod-wireguard
|
|
|
|
endef
|
|
|
|
|
|
|
|
include $(INCLUDE_DIR)/kernel-defaults.mk
|
|
|
|
include $(INCLUDE_DIR)/package-defaults.mk
|
|
|
|
|
|
|
|
# Used by Build/Compile/Default
|
|
|
|
MAKE_PATH:=src/tools
|
2018-05-17 22:08:21 +00:00
|
|
|
MAKE_VARS += PLATFORM=linux
|
2017-10-13 15:05:18 +00:00
|
|
|
|
|
|
|
define Build/Compile
|
|
|
|
$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
|
|
|
|
$(call Build/Compile/Default)
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard/install
|
|
|
|
true
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard/description
|
|
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard-tools
|
|
|
|
$(call Package/wireguard/Default)
|
|
|
|
TITLE:=WireGuard userspace control program (wg)
|
|
|
|
DEPENDS:=+libmnl +ip
|
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard-tools/description
|
|
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
|
|
|
|
This package provides the userspace control program for WireGuard,
|
2018-07-01 12:40:31 +00:00
|
|
|
`wg(8)`, a netifd protocol helper, and a re-resolve watchdog script.
|
2017-10-13 15:05:18 +00:00
|
|
|
endef
|
|
|
|
|
|
|
|
define Package/wireguard-tools/install
|
|
|
|
$(INSTALL_DIR) $(1)/usr/bin/
|
|
|
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/tools/wg $(1)/usr/bin/
|
2018-07-01 12:40:31 +00:00
|
|
|
$(INSTALL_BIN) ./files/wireguard_watchdog $(1)/usr/bin/
|
2017-10-13 15:05:18 +00:00
|
|
|
$(INSTALL_DIR) $(1)/lib/netifd/proto/
|
|
|
|
$(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
|
|
|
|
endef
|
|
|
|
|
|
|
|
define KernelPackage/wireguard
|
|
|
|
SECTION:=kernel
|
|
|
|
CATEGORY:=Kernel modules
|
|
|
|
SUBMENU:=Network Support
|
|
|
|
TITLE:=WireGuard kernel module
|
|
|
|
DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
|
|
|
|
FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
|
|
|
|
AUTOLOAD:=$(call AutoProbe,wireguard)
|
|
|
|
endef
|
|
|
|
|
|
|
|
define KernelPackage/wireguard/description
|
|
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
|
|
|
|
This package provides the kernel module for WireGuard.
|
|
|
|
endef
|
|
|
|
|
|
|
|
$(eval $(call BuildPackage,wireguard))
|
|
|
|
$(eval $(call BuildPackage,wireguard-tools))
|
|
|
|
$(eval $(call KernelPackage,wireguard))
|