You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

116 lines
3.3 KiB

wireguard: version bump From upstream's changelog: * main: annotate init/exit functions to save memory * selftest: remove antique siphash self test * haskell: re-add updated haskell example * socket: use ip_rt_put instead of dst_release * device: avoid double icmp send on routing loop * compat: clean up cruft * global: cleanup IP header checking * compat: do not export symbols unnecessarily Various cleanups and updates. * device: netdevice destruction logic change for 4.12 When Linux 4.12 is released next week, we're good to go. * device: only use one sleep notifier Rather than have a separate sleep notification for every interface, we now have a single notifier for every interface. This improves performance, especially when creating many interfaces at once. * device: remove icmp conntrack hacks We're moving hacks upstream the proper way, and then backporting them to compat. * receive: extend rate limiting to 1 second after under load detection After we determine that we're under load, we now wait 1 second before not being under load again, a timer which is global across all interfaces on a given system. * curve25519: satisfy sparse and use short types * curve25519: keep certain sandy2x functions in C Certain functions have been made into C, which should improve stack frames and reliability. * ratelimiter: rewrite from scratch This is a big change. We no longer rely on x_tables or xt_hashlimit, instead using a super minimal and sleek token bucket ratelimiter. This works much better than the old cruft and should allow us to run more places. It also has the benefit of being global, so that it's possible to have thousands of interfaces without killing the system with separate GCs and vmallocs, which is what happened prior. * socket: verify saddr belongs to interface We now more quickly react to changes of the v4 routing table, by ensuring that the sticky source address is actually still valid. * wg-quick: properly match IPv6 endpoint wg-quick now works better with IPv6. * wg-quick: use printf -v instead of namerefs for bash 4.2 This adds support for old bash, which means wg-quick should be generically "bash 4 and up". I'm not happy about this but EL7 uses old bash, so we're stuck with it. * compat: support EL7.3 Support for RHEL, CentOS, ScientificLinux, and so forth. * compat: support Ubuntu 14.04 An old crufty Ubuntu is now supported, since it's LTS.
8 years ago
  1. #
  2. # Copyright (C) 2016-2017 Jason A. Donenfeld <Jason@zx2c4.com>
  3. # Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
  4. # Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
  5. #
  6. # This is free software, licensed under the GNU General Public License v2.
  7. # See /LICENSE for more information.
  8. include $(TOPDIR)/rules.mk
  9. include $(INCLUDE_DIR)/kernel.mk
  10. PKG_NAME:=wireguard
  11. PKG_VERSION:=0.0.20170726
  12. PKG_RELEASE:=1
  13. PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
  14. PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
  15. PKG_HASH:=db91452b6b5ec28049721a520fe4fd0683825bad45b7383d12d7b819668201db
  16. PKG_LICENSE:=GPL-2.0
  17. PKG_LICENSE_FILES:=COPYING
  18. PKG_BUILD_DIR:=$(BUILD_DIR)/WireGuard-$(PKG_VERSION)
  19. PKG_BUILD_PARALLEL:=1
  20. PKG_USE_MIPS16:=0
  21. # Wireguard's makefile needs this to know where to build the kernel module
  22. export KERNELDIR:=$(LINUX_DIR)
  23. include $(INCLUDE_DIR)/package.mk
  24. define Package/wireguard/Default
  25. SECTION:=net
  26. CATEGORY:=Network
  27. SUBMENU:=VPN
  28. URL:=https://www.wireguard.io
  29. MAINTAINER:=Baptiste Jonglez <openwrt@bitsofnetworks.org>, \
  30. Dan Luedtke <mail@danrl.com>, \
  31. Jason A. Donenfeld <Jason@zx2c4.com>
  32. endef
  33. define Package/wireguard/Default/description
  34. WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
  35. state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
  36. more useful than IPSec, while avoiding the massive headache. It intends to
  37. be considerably more performant than OpenVPN. WireGuard is designed as a
  38. general purpose VPN for running on embedded interfaces and super computers
  39. alike, fit for many different circumstances.
  40. It runs over UDP.
  41. endef
  42. define Package/wireguard
  43. $(call Package/wireguard/Default)
  44. TITLE:=Wireguard meta-package
  45. DEPENDS:=+wireguard-tools +kmod-wireguard
  46. endef
  47. include $(INCLUDE_DIR)/kernel-defaults.mk
  48. include $(INCLUDE_DIR)/package-defaults.mk
  49. # Used by Build/Compile/Default
  50. MAKE_PATH:=src/tools
  51. define Build/Compile
  52. $(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
  53. $(call Build/Compile/Default)
  54. endef
  55. define Package/wireguard/install
  56. true
  57. endef
  58. define Package/wireguard/description
  59. $(call Package/wireguard/Default/description)
  60. endef
  61. define Package/wireguard-tools
  62. $(call Package/wireguard/Default)
  63. TITLE:=Wireguard userspace control program (wg)
  64. DEPENDS:=+libmnl
  65. endef
  66. define Package/wireguard-tools/description
  67. $(call Package/wireguard/Default/description)
  68. This package provides the userspace control program for wireguard, `wg`,
  69. and a netifd protocol helper.
  70. endef
  71. define Package/wireguard-tools/install
  72. $(INSTALL_DIR) $(1)/usr/bin/
  73. $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/tools/wg $(1)/usr/bin/
  74. $(INSTALL_DIR) $(1)/lib/netifd/proto/
  75. $(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
  76. endef
  77. define KernelPackage/wireguard
  78. SECTION:=kernel
  79. CATEGORY:=Kernel modules
  80. SUBMENU:=Network Support
  81. TITLE:=Wireguard kernel module
  82. DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
  83. FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
  84. AUTOLOAD:=$(call AutoProbe,wireguard)
  85. endef
  86. define KernelPackage/wireguard/description
  87. $(call Package/wireguard/Default/description)
  88. This package provides the kernel module for wireguard.
  89. endef
  90. $(eval $(call BuildPackage,wireguard))
  91. $(eval $(call BuildPackage,wireguard-tools))
  92. $(eval $(call KernelPackage,wireguard))