bf52c968e8
* Zinc no longer ships generated assembly code. Rather, we now bundle in the original perlasm generator for it. The primary purpose of this snapshot is to get testing of this. * Clarify the peer removal logic and make lifetimes more precise. * Use READ_ONCE for is_valid and is_dead. * No need to use atomic when the recounter is mutex protected. * Fix up macros and annotations in allowedips. * Increment drop counter when staged packets are dropped. * Use static constants instead of enums for 64-bit values in selftest. * Mark large constants as ULL in poly1305-donna64. * Fix sparse warnings in allowedips debugging code. * Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can carefully control the lifetime of these functions and ensure they never execute after dropping the last reference. * Cleanup hashing in ratelimiter. * Do not guard timer removals, since del_timer is always okay. * We now check for PM_AUTOSLEEP, which makes the clear*on-suspend decision a bit more general. * Set csum_level to ~0, since the poly1305 authenticator certainly means that no data was modified in transit. * Use CHECKSUM_PARTIAL check for skb_checksum_help instead of skb_checksum_setup check. * wg.8: specify that wg(8) shows runtime info too * wg.8: AllowedIPs isn't actually required * keygen-html: add missing glue macro * wg-quick: android: do not choke on empty allowed-ips Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
116 lines
3.4 KiB
Makefile
116 lines
3.4 KiB
Makefile
#
|
|
# Copyright (C) 2016-2018 Jason A. Donenfeld <Jason@zx2c4.com>
|
|
# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
|
|
# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
include $(INCLUDE_DIR)/kernel.mk
|
|
|
|
PKG_NAME:=wireguard
|
|
|
|
PKG_VERSION:=0.0.20181115
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
|
|
PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
|
|
PKG_HASH:=11292c7e86fce6fb0d9fd170389d2afc609bda963a7faf1fd713e11c2af53085
|
|
|
|
PKG_LICENSE:=GPL-2.0 Apache-2.0
|
|
PKG_LICENSE_FILES:=COPYING
|
|
|
|
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/WireGuard-$(PKG_VERSION)
|
|
PKG_BUILD_PARALLEL:=1
|
|
PKG_USE_MIPS16:=0
|
|
|
|
# WireGuard's makefile needs this to know where to build the kernel module
|
|
export KERNELDIR:=$(LINUX_DIR)
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/wireguard/Default
|
|
SECTION:=net
|
|
CATEGORY:=Network
|
|
SUBMENU:=VPN
|
|
URL:=https://www.wireguard.com
|
|
MAINTAINER:=Jason A. Donenfeld <Jason@zx2c4.com> \
|
|
Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
|
endef
|
|
|
|
define Package/wireguard/Default/description
|
|
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
|
|
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
|
|
more useful than IPSec, while avoiding the massive headache. It intends to
|
|
be considerably more performant than OpenVPN. WireGuard is designed as a
|
|
general purpose VPN for running on embedded interfaces and super computers
|
|
alike, fit for many different circumstances. It uses UDP.
|
|
endef
|
|
|
|
define Package/wireguard
|
|
$(call Package/wireguard/Default)
|
|
TITLE:=WireGuard meta-package
|
|
DEPENDS:=+wireguard-tools +kmod-wireguard
|
|
endef
|
|
|
|
include $(INCLUDE_DIR)/kernel-defaults.mk
|
|
include $(INCLUDE_DIR)/package-defaults.mk
|
|
|
|
# Used by Build/Compile/Default
|
|
MAKE_PATH:=src/tools
|
|
MAKE_VARS += PLATFORM=linux
|
|
|
|
define Build/Compile
|
|
$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
|
|
$(call Build/Compile/Default)
|
|
endef
|
|
|
|
define Package/wireguard/install
|
|
true
|
|
endef
|
|
|
|
define Package/wireguard/description
|
|
$(call Package/wireguard/Default/description)
|
|
endef
|
|
|
|
define Package/wireguard-tools
|
|
$(call Package/wireguard/Default)
|
|
TITLE:=WireGuard userspace control program (wg)
|
|
DEPENDS:=+libmnl +ip
|
|
endef
|
|
|
|
define Package/wireguard-tools/description
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
This package provides the userspace control program for WireGuard,
|
|
`wg(8)`, a netifd protocol helper, and a re-resolve watchdog script.
|
|
endef
|
|
|
|
define Package/wireguard-tools/install
|
|
$(INSTALL_DIR) $(1)/usr/bin/
|
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/tools/wg $(1)/usr/bin/
|
|
$(INSTALL_BIN) ./files/wireguard_watchdog $(1)/usr/bin/
|
|
$(INSTALL_DIR) $(1)/lib/netifd/proto/
|
|
$(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
|
|
endef
|
|
|
|
define KernelPackage/wireguard
|
|
SECTION:=kernel
|
|
CATEGORY:=Kernel modules
|
|
SUBMENU:=Network Support
|
|
TITLE:=WireGuard kernel module
|
|
DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
|
|
FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
|
|
AUTOLOAD:=$(call AutoProbe,wireguard)
|
|
endef
|
|
|
|
define KernelPackage/wireguard/description
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
This package provides the kernel module for WireGuard.
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,wireguard))
|
|
$(eval $(call BuildPackage,wireguard-tools))
|
|
$(eval $(call KernelPackage,wireguard))
|