aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils/wireguard-tools
Commit message (Collapse)AuthorAgeFilesLines
* wireguard-tools: allow compiling with MIPS16 instructionsRui Salvaterra2020-08-011-1/+0
| | | | | | | | | | | | | | | The wg utility compiles and runs without issues in MIPS16 mode, despite setting PKG_USE_MIPS16:=0 in the makefile. Let's remove this, allowing for a substantial size reduction of the wg executable. Since wg is a just a configuration utility, it shouldn't be performance-critical, as the crypto heavy-lifting is done on the kernel side. wg sizes for both modes: MIPS32: 64309 bytes MIPS16: 42501 bytes Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* wireguard-tools: replace backticks by $(...)Adrian Schmutzler2020-07-111-4/+4
| | | | | | This replaces deprecated backticks by more versatile $(...) syntax. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* wireguard-tools: bump to 1.0.20200513Jason A. Donenfeld2020-05-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ipc: add support for openbsd kernel implementation * ipc: cleanup openbsd support * wg-quick: add support for openbsd kernel implementation * wg-quick: cleanup openbsd support Very exciting! wg(8) and wg-quick(8) now support the kernel implementation for OpenBSD. OpenBSD is the second kernel, after Linux, to receive full fledged and supported WireGuard kernel support. We'll probably send our patch set up to the list during this next week. `ifconfig wg0 create` to make an interface, and `wg ...` like usual to configure WireGuard aspects of it, like usual. * wg-quick: support dns search domains If DNS= has a non-IP in it, it is now treated as a search domain in resolv.conf. This new feature will be rolling out across our various GUI clients in the next week or so. * Makefile: simplify silent cleaning * ipc: remove extra space * git: add gitattributes so tarball doesn't have gitignore files * terminal: specialize color_mode to stdout only Small cleanups. * highlighter: insist on 256-bit keys, not 257-bit or 258-bit The highlighter's key checker is now stricter with base64 validation. * wg-quick: android: support application whitelist Android users can now have an application whitelist instead of application blacklist. * systemd: add wg-quick.target This enables all wg-quick at .services to be restarted or managed as a unit via wg-quick.target. * Makefile: remember to install all systemd units Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard-tools: bump to 1.0.20200319Jason A. Donenfeld2020-03-211-2/+2
| | | | | | | | | | | | | | | | * netlink: initialize mostly unused field * curve25519: squelch warnings on clang Code quality improvements. * man: fix grammar in wg(8) and wg-quick(8) * man: backlink wg-quick(8) in wg(8) * man: add a warning to the SaveConfig description Man page improvements. We hope to rewrite our man pages in mdocml at some point soon. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard-tools: bump to 1.0.20200206Jason A. Donenfeld2020-02-091-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * wg-quick: android: split uids into multiple commands Newer android's ndc implementations have limits on uid size, so we have to break these into several lists. * man: document dynamic debug trick for Linux This comes up occasionally, so it may be useful to mention its possibility in the man page. At least the Arch Linux and Ubuntu kernels support dynamic debugging, so this advice will at least help somebody. So that you don't have to go digging into the commit, this adds this helpful tidbit to the man page for getting debug logs on Linux: # modprobe wireguard && echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control * extract-{handshakes,keys}: rework for upstream kernel These tools will now use the source code from the running kernel instead of from the old monolithic repo. Essential for the functioning of Wireshark. * netlink: remove libmnl requirement We no longer require libmnl. It turns out that inlining the small subset of libmnl that we actually use results in a smaller binary than the overhead of linking to the external library. And we intend to gradually morph this code into something domain specific as a libwg emerges. Performance has also increased, thanks to the inliner. On all platforms, wg(8) only needs a normal libc. Compile time on my system is still less than one second. So all in all we have: smaller binary, zero dependencies, faster performance. Packagers should no longer have their wireguard-tools package depend on libmnl. * embeddable-wg-library: use newer string_list * netlink: don't pretend that sysconf isn't a function Small cleanups. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard-tools: bump to 1.0.20200121Jason A. Donenfeld2020-01-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Makefile: remove pwd from compile output * Makefile: add standard 'all' target * Makefile: evaluate git version lazily Quality of life improvements for packagers. * ipc: simplify inflatable buffer and add fuzzer * fuzz: add generic command argument fuzzer * fuzz: add set and setconf fuzzers More fuzzers and a slicker string list implementation. These fuzzers now find themselves configuring wireguard interfaces from scratch after several million mutations, which is fun to watch. * netlink: make sure to clear return value when trying again Prior, if a dump was interrupted by a concurrent set operation, we'd try again, but forget to reset an error flag, so we'd keep trying again forever. Now we do the right thing and succeed when we succeed. * Makefile: sort inputs to linker so that build is reproducible Earlier versions of make(1) passed GLOB_NOSORT to glob(3), resulting in the linker receiving its inputs in a filesystem-dependent order. This screwed up reproducible builds. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard: skip peer config if public key of the peer is not definedFlorian Eckert2020-01-151-0/+5
| | | | | | | | | | | | | | | If a config section of a peer does not have a public key defined, the whole interface does not start. The following log is shown daemon.notice netifd: test (21071): Line unrecognized: `PublicKey=' daemon.notice netifd: test (21071): Configuration parsing erro The command 'wg show' does only show the interface name. With this change we skip the peer for this interface and emit a log message. So the other peers get configured. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* wireguard-tools: bump to 1.0.20200102Jason A. Donenfeld2020-01-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * systemd: update documentation URL * global: bump copyright Usual house keeping. * Makefile: DEBUG_TOOLS -> DEBUG and document * Makefile: port static analysis check * dns-hatchet: adjust path for new repo layout * Makefile: rework automatic version.h mangling These are some important-ish cleanups for downstream package maintainers that should make packaging this a lot smoother. * man: add documentation about removing explicit listen-port Documentation improvement. * wg-quick: linux: quote ifname for nft This should fix issues with weirdly named ifnames and odd versions of nft(8). * fuzz: find bugs in the config syntax parser * fuzz: find bugs when parsing uapi input These are two fuzzers that have been laying around without a repo for a while. Perhaps somebody with enough compute power will find bugs with them. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard: bump to 20191226Jason A. Donenfeld2019-12-273-0/+299
As announced on the mailing list, WireGuard will be in Linux 5.6. As a result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is moving to its own wireguard-tools repo. Meanwhile, the out-of-tree kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux- compat repo. Yesterday, releases were cut out of these repos, so this commit bumps packages to match. Since wg(8) and the compat kernel module are versioned and released separately, we create a wireguard-tools Makefile to contain the source for the new tools repo. Later, when OpenWRT moves permanently to Linux 5.6, we'll drop the original module package, leaving only the tools. So this commit shuffles the build definition around a bit but is basically the same idea as before. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>