mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-25 08:21:14 +00:00
549d44736a
* allowedips: initialize list head when removing intermediate nodes Fix for an important regression in removing allowed IPs from the last snapshot. We have new test cases to catch these in the future as well. * tools: warn if an AllowedIP has a nonzero host part If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8) will now print a warning. Even though we mask this automatically down to 192.168.1.0/24, usually when people specify it like this, it's a mistake. * wg-quick: add 'strip' subcommand The new strip subcommand prints the config file to stdout after stripping it of all wg-quick-specific options. This enables tricks such as: `wg addconf $DEV <(wg-quick strip $DEV)`. * tools: avoid unneccessary next_peer assignments in sort_peers() Small C optimization the compiler was probably already doing. * peerlookup: rename from hashtables * allowedips: do not use __always_inline * device: use skb accessor functions where possible Suggested tweaks from Dave Miller. * blake2s: simplify * blake2s: remove outlen parameter from final The blake2s implementation has been simplified, since we don't use any of the fancy tree hashing parameters or the like. We also no longer separate the output length at initialization time from the output length at finalization time. * global: the _bh variety of rcu helpers have been unified * compat: nf_nat_core.h was removed upstream * compat: backport skb_mark_not_on_list The usual assortment of compat fixes for Linux 5.1. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
117 lines
3.4 KiB
Makefile
117 lines
3.4 KiB
Makefile
#
|
|
# Copyright (C) 2016-2018 Jason A. Donenfeld <Jason@zx2c4.com>
|
|
# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
|
|
# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
include $(INCLUDE_DIR)/kernel.mk
|
|
|
|
PKG_NAME:=wireguard
|
|
|
|
PKG_VERSION:=0.0.20190406
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
|
|
PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
|
|
PKG_HASH:=2f06f3adf70b95e74a7736a22dcf6e9ef623b311a15b7d55b5474e57c3d0415b
|
|
|
|
PKG_LICENSE:=GPL-2.0 Apache-2.0
|
|
PKG_LICENSE_FILES:=COPYING
|
|
|
|
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/WireGuard-$(PKG_VERSION)
|
|
PKG_BUILD_PARALLEL:=1
|
|
PKG_USE_MIPS16:=0
|
|
|
|
# WireGuard's makefile needs this to know where to build the kernel module
|
|
export KERNELDIR:=$(LINUX_DIR)
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/wireguard/Default
|
|
SECTION:=net
|
|
CATEGORY:=Network
|
|
SUBMENU:=VPN
|
|
URL:=https://www.wireguard.com
|
|
MAINTAINER:=Jason A. Donenfeld <Jason@zx2c4.com> \
|
|
Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
endef
|
|
|
|
define Package/wireguard/Default/description
|
|
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
|
|
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
|
|
more useful than IPSec, while avoiding the massive headache. It intends to
|
|
be considerably more performant than OpenVPN. WireGuard is designed as a
|
|
general purpose VPN for running on embedded interfaces and super computers
|
|
alike, fit for many different circumstances. It uses UDP.
|
|
endef
|
|
|
|
define Package/wireguard
|
|
$(call Package/wireguard/Default)
|
|
TITLE:=WireGuard meta-package
|
|
DEPENDS:=+wireguard-tools +kmod-wireguard
|
|
endef
|
|
|
|
include $(INCLUDE_DIR)/kernel-defaults.mk
|
|
include $(INCLUDE_DIR)/package-defaults.mk
|
|
|
|
# Used by Build/Compile/Default
|
|
MAKE_PATH:=src/tools
|
|
MAKE_VARS += PLATFORM=linux
|
|
|
|
define Build/Compile
|
|
$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
|
|
$(call Build/Compile/Default)
|
|
endef
|
|
|
|
define Package/wireguard/install
|
|
true
|
|
endef
|
|
|
|
define Package/wireguard/description
|
|
$(call Package/wireguard/Default/description)
|
|
endef
|
|
|
|
define Package/wireguard-tools
|
|
$(call Package/wireguard/Default)
|
|
TITLE:=WireGuard userspace control program (wg)
|
|
DEPENDS:=+libmnl +ip
|
|
endef
|
|
|
|
define Package/wireguard-tools/description
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
This package provides the userspace control program for WireGuard,
|
|
`wg(8)`, a netifd protocol helper, and a re-resolve watchdog script.
|
|
endef
|
|
|
|
define Package/wireguard-tools/install
|
|
$(INSTALL_DIR) $(1)/usr/bin/
|
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/tools/wg $(1)/usr/bin/
|
|
$(INSTALL_BIN) ./files/wireguard_watchdog $(1)/usr/bin/
|
|
$(INSTALL_DIR) $(1)/lib/netifd/proto/
|
|
$(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
|
|
endef
|
|
|
|
define KernelPackage/wireguard
|
|
SECTION:=kernel
|
|
CATEGORY:=Kernel modules
|
|
SUBMENU:=Network Support
|
|
TITLE:=WireGuard kernel module
|
|
DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
|
|
FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
|
|
AUTOLOAD:=$(call AutoProbe,wireguard)
|
|
endef
|
|
|
|
define KernelPackage/wireguard/description
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
This package provides the kernel module for WireGuard.
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,wireguard))
|
|
$(eval $(call BuildPackage,wireguard-tools))
|
|
$(eval $(call KernelPackage,wireguard))
|