2016-07-02 10:17:29 +00:00
|
|
|
#
|
2017-02-13 21:14:04 +00:00
|
|
|
# Copyright (C) 2016-2017 Jason A. Donenfeld <Jason@zx2c4.com>
|
2016-07-02 10:17:29 +00:00
|
|
|
# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
|
2017-01-14 13:54:42 +00:00
|
|
|
# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
|
2016-07-02 10:17:29 +00:00
|
|
|
#
|
|
|
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
|
|
|
# See /LICENSE for more information.
|
|
|
|
|
|
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
|
include $(INCLUDE_DIR)/kernel.mk
|
|
|
|
|
|
|
|
|
|
PKG_NAME:=wireguard
|
|
|
|
|
|
2017-09-07 15:17:30 +00:00
|
|
|
PKG_VERSION:=0.0.20170907
|
2017-03-20 03:19:58 +00:00
|
|
|
PKG_RELEASE:=1
|
2016-07-02 10:17:29 +00:00
|
|
|
|
2016-12-16 17:22:48 +00:00
|
|
|
PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
|
2016-07-02 10:17:29 +00:00
|
|
|
PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
|
2017-09-07 15:17:30 +00:00
|
|
|
PKG_HASH:=a1ee12d60662607e4c5a19f84b5115e56f083e2600053882e161537f12d963fd
|
2016-07-02 10:17:29 +00:00
|
|
|
|
|
|
|
|
PKG_LICENSE:=GPL-2.0
|
|
|
|
|
PKG_LICENSE_FILES:=COPYING
|
|
|
|
|
|
2017-01-14 13:54:42 +00:00
|
|
|
PKG_BUILD_DIR:=$(BUILD_DIR)/WireGuard-$(PKG_VERSION)
|
2016-07-02 10:17:29 +00:00
|
|
|
PKG_BUILD_PARALLEL:=1
|
2017-01-14 13:54:42 +00:00
|
|
|
PKG_USE_MIPS16:=0
|
2016-07-02 10:17:29 +00:00
|
|
|
|
|
|
|
|
# Wireguard's makefile needs this to know where to build the kernel module
|
|
|
|
|
export KERNELDIR:=$(LINUX_DIR)
|
|
|
|
|
|
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
|
|
|
|
|
|
define Package/wireguard/Default
|
|
|
|
|
SECTION:=net
|
|
|
|
|
CATEGORY:=Network
|
2017-02-18 00:49:46 +00:00
|
|
|
SUBMENU:=VPN
|
2016-07-02 10:17:29 +00:00
|
|
|
URL:=https://www.wireguard.io
|
2016-12-20 10:06:56 +00:00
|
|
|
MAINTAINER:=Baptiste Jonglez <openwrt@bitsofnetworks.org>, \
|
2017-09-07 15:17:30 +00:00
|
|
|
Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> \
|
2017-02-13 21:14:04 +00:00
|
|
|
Dan Luedtke <mail@danrl.com>, \
|
|
|
|
|
Jason A. Donenfeld <Jason@zx2c4.com>
|
2016-07-02 10:17:29 +00:00
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
define Package/wireguard/Default/description
|
|
|
|
|
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
|
|
|
|
|
state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
|
|
|
|
|
more useful than IPSec, while avoiding the massive headache. It intends to
|
|
|
|
|
be considerably more performant than OpenVPN. WireGuard is designed as a
|
|
|
|
|
general purpose VPN for running on embedded interfaces and super computers
|
|
|
|
|
alike, fit for many different circumstances.
|
|
|
|
|
It runs over UDP.
|
|
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
define Package/wireguard
|
|
|
|
|
$(call Package/wireguard/Default)
|
|
|
|
|
TITLE:=Wireguard meta-package
|
|
|
|
|
DEPENDS:=+wireguard-tools +kmod-wireguard
|
|
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
include $(INCLUDE_DIR)/kernel-defaults.mk
|
|
|
|
|
include $(INCLUDE_DIR)/package-defaults.mk
|
|
|
|
|
|
|
|
|
|
# Used by Build/Compile/Default
|
|
|
|
|
MAKE_PATH:=src/tools
|
|
|
|
|
|
|
|
|
|
define Build/Compile
|
2016-07-23 12:02:21 +00:00
|
|
|
$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
|
2016-07-02 10:17:29 +00:00
|
|
|
$(call Build/Compile/Default)
|
|
|
|
|
endef
|
|
|
|
|
|
2017-02-21 11:37:22 +00:00
|
|
|
define Package/wireguard/install
|
|
|
|
|
true
|
|
|
|
|
endef
|
|
|
|
|
|
2016-07-02 10:17:29 +00:00
|
|
|
define Package/wireguard/description
|
|
|
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
define Package/wireguard-tools
|
|
|
|
|
$(call Package/wireguard/Default)
|
|
|
|
|
TITLE:=Wireguard userspace control program (wg)
|
2016-12-20 10:06:56 +00:00
|
|
|
DEPENDS:=+libmnl
|
2016-07-02 10:17:29 +00:00
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
define Package/wireguard-tools/description
|
|
|
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
|
|
2016-11-15 15:45:12 +00:00
|
|
|
This package provides the userspace control program for wireguard, `wg`,
|
|
|
|
|
and a netifd protocol helper.
|
2016-07-02 10:17:29 +00:00
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
define Package/wireguard-tools/install
|
|
|
|
|
$(INSTALL_DIR) $(1)/usr/bin/
|
|
|
|
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/tools/wg $(1)/usr/bin/
|
2016-11-16 10:02:44 +00:00
|
|
|
$(INSTALL_DIR) $(1)/lib/netifd/proto/
|
2016-11-15 15:45:12 +00:00
|
|
|
$(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
|
2016-07-02 10:17:29 +00:00
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
define KernelPackage/wireguard
|
|
|
|
|
SECTION:=kernel
|
|
|
|
|
CATEGORY:=Kernel modules
|
|
|
|
|
SUBMENU:=Network Support
|
|
|
|
|
TITLE:=Wireguard kernel module
|
wireguard: version bump
From upstream's changelog:
* main: annotate init/exit functions to save memory
* selftest: remove antique siphash self test
* haskell: re-add updated haskell example
* socket: use ip_rt_put instead of dst_release
* device: avoid double icmp send on routing loop
* compat: clean up cruft
* global: cleanup IP header checking
* compat: do not export symbols unnecessarily
Various cleanups and updates.
* device: netdevice destruction logic change for 4.12
When Linux 4.12 is released next week, we're good to go.
* device: only use one sleep notifier
Rather than have a separate sleep notification for every interface, we now
have a single notifier for every interface. This improves performance,
especially when creating many interfaces at once.
* device: remove icmp conntrack hacks
We're moving hacks upstream the proper way, and then backporting them to
compat.
* receive: extend rate limiting to 1 second after under load detection
After we determine that we're under load, we now wait 1 second before not
being under load again, a timer which is global across all interfaces on a
given system.
* curve25519: satisfy sparse and use short types
* curve25519: keep certain sandy2x functions in C
Certain functions have been made into C, which should improve stack frames and
reliability.
* ratelimiter: rewrite from scratch
This is a big change. We no longer rely on x_tables or xt_hashlimit, instead
using a super minimal and sleek token bucket ratelimiter. This works much
better than the old cruft and should allow us to run more places. It also has
the benefit of being global, so that it's possible to have thousands of
interfaces without killing the system with separate GCs and vmallocs, which is
what happened prior.
* socket: verify saddr belongs to interface
We now more quickly react to changes of the v4 routing table, by ensuring that
the sticky source address is actually still valid.
* wg-quick: properly match IPv6 endpoint
wg-quick now works better with IPv6.
* wg-quick: use printf -v instead of namerefs for bash 4.2
This adds support for old bash, which means wg-quick should be generically
"bash 4 and up". I'm not happy about this but EL7 uses old bash, so we're
stuck with it.
* compat: support EL7.3
Support for RHEL, CentOS, ScientificLinux, and so forth.
* compat: support Ubuntu 14.04
An old crufty Ubuntu is now supported, since it's LTS.
2017-06-28 12:57:04 +00:00
|
|
|
DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
|
2016-07-02 10:17:29 +00:00
|
|
|
FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
|
2017-01-10 20:01:12 +00:00
|
|
|
AUTOLOAD:=$(call AutoProbe,wireguard)
|
2016-07-02 10:17:29 +00:00
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
define KernelPackage/wireguard/description
|
|
|
|
|
$(call Package/wireguard/Default/description)
|
|
|
|
|
|
|
|
|
|
This package provides the kernel module for wireguard.
|
|
|
|
|
endef
|
|
|
|
|
|
|
|
|
|
$(eval $(call BuildPackage,wireguard))
|
|
|
|
|
$(eval $(call BuildPackage,wireguard-tools))
|
|
|
|
|
$(eval $(call KernelPackage,wireguard))
|
