From 79b427589cc5b4fdd2403ad2aa060b935b17e4fc Mon Sep 17 00:00:00 2001 From: Beginner <70857188+Beginner-Go@users.noreply.github.com> Date: Fri, 21 May 2021 18:57:54 +0800 Subject: [PATCH] wireguard,wireguard-tools: update to 1.0.20210424 (#6864) Co-authored-by: Tianling Shen --- package/network/services/wireguard/Makefile | 4 ++-- .../network/utils/wireguard-tools/Makefile | 23 ++++++++++++++----- .../utils/wireguard-tools/files/wireguard.sh | 3 ++- .../wireguard-tools/files/wireguard_watchdog | 8 +++---- 4 files changed, 25 insertions(+), 13 deletions(-) diff --git a/package/network/services/wireguard/Makefile b/package/network/services/wireguard/Makefile index 79a6335ca..9e18fe46a 100644 --- a/package/network/services/wireguard/Makefile +++ b/package/network/services/wireguard/Makefile @@ -11,12 +11,12 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=wireguard -PKG_VERSION:=1.0.20210219 +PKG_VERSION:=1.0.20210424 PKG_RELEASE:=1 PKG_SOURCE:=wireguard-linux-compat-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-linux-compat/snapshot/ -PKG_HASH:=99d35296b8d847a0d4db97a4dda96b464311a6354e75fe0bef6e7c4578690f00 +PKG_HASH:=8839139a53733bd20602e39cfc679a8176747dae8fe9f9c7fce28f8fba71abde PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/network/utils/wireguard-tools/Makefile b/package/network/utils/wireguard-tools/Makefile index d3d057c5d..11372f233 100644 --- a/package/network/utils/wireguard-tools/Makefile +++ b/package/network/utils/wireguard-tools/Makefile @@ -11,18 +11,17 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=wireguard-tools -PKG_VERSION:=1.0.20210315 +PKG_VERSION:=1.0.20210424 PKG_RELEASE:=1 PKG_SOURCE:=wireguard-tools-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-tools/snapshot/ -PKG_HASH:=af001d5492be6bf58ef0bebe04b446b6f50eb53e1226fab679cc34af40733a22 +PKG_HASH:=b288b0c43871d919629d7e77846ef0b47f8eeaa9ebc9cedeee8233fc6cc376ad PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING PKG_BUILD_PARALLEL:=1 -PKG_USE_MIPS16:=0 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package-defaults.mk @@ -31,13 +30,25 @@ MAKE_PATH:=src MAKE_VARS += PLATFORM=linux define Package/wireguard-tools - $(call Package/wireguard/Default) + SECTION:=net + CATEGORY:=Network + SUBMENU:=VPN + URL:=https://www.wireguard.com + MAINTAINER:=Jason A. Donenfeld TITLE:=WireGuard userspace control program (wg) - DEPENDS:=+ip + DEPENDS:= \ + +@BUSYBOX_CONFIG_IP \ + +@BUSYBOX_CONFIG_FEATURE_IP_LINK \ + +kmod-wireguard endef define Package/wireguard-tools/description - $(call Package/wireguard/Default/description) + WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes + state-of-the-art cryptography. It aims to be faster, simpler, leaner, and + more useful than IPSec, while avoiding the massive headache. It intends to + be considerably more performant than OpenVPN. WireGuard is designed as a + general purpose VPN for running on embedded interfaces and super computers + alike, fit for many different circumstances. It uses UDP. This package provides the userspace control program for WireGuard, `wg(8)`, a netifd protocol helper, and a re-resolve watchdog script. diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh index ccac34e45..63261aea7 100644 --- a/package/network/utils/wireguard-tools/files/wireguard.sh +++ b/package/network/utils/wireguard-tools/files/wireguard.sh @@ -112,6 +112,7 @@ proto_wireguard_setup() { config_get fwmark "${config}" "fwmark" config_get ip6prefix "${config}" "ip6prefix" config_get nohostroute "${config}" "nohostroute" + config_get tunlink "${config}" "tunlink" ip link del dev "${config}" 2>/dev/null ip link add dev "${config}" type wireguard @@ -173,7 +174,7 @@ proto_wireguard_setup() { sed -E 's/\[?([0-9.:a-f]+)\]?:([0-9]+)/\1 \2/' | \ while IFS=$'\t ' read -r key address port; do [ -n "${port}" ] || continue - proto_add_host_dependency "${config}" "${address}" + proto_add_host_dependency "${config}" "${address}" "${tunlink}" done fi diff --git a/package/network/utils/wireguard-tools/files/wireguard_watchdog b/package/network/utils/wireguard-tools/files/wireguard_watchdog index 5fbbeafec..c0a5a0aa3 100644 --- a/package/network/utils/wireguard-tools/files/wireguard_watchdog +++ b/package/network/utils/wireguard-tools/files/wireguard_watchdog @@ -27,7 +27,7 @@ check_peer_activity() { config_get public_key "${cfg}" "public_key" config_get endpoint_host "${cfg}" "endpoint_host" config_get endpoint_port "${cfg}" "endpoint_port" - persistent_keepalive=`wg show ${iface} persistent-keepalive | grep ${public_key} | awk '{print $2}'` + persistent_keepalive=$(wg show ${iface} persistent-keepalive | grep ${public_key} | awk '{print $2}') # only process peers with endpoints and keepalive set [ -z ${endpoint_host} ] && return 0; @@ -42,16 +42,16 @@ check_peer_activity() { [ -n "${IPV4}" -o -n "${IPV6}" ] && return 0; # re-resolve endpoint hostname if not responding for too long - last_handshake=`wg show ${iface} latest-handshakes | grep ${public_key} | awk '{print $2}'` + last_handshake=$(wg show ${iface} latest-handshakes | grep ${public_key} | awk '{print $2}') [ -z ${last_handshake} ] && return 0; - idle_seconds=$((`date +%s`-${last_handshake})) + idle_seconds=$(($(date +%s)-${last_handshake})) [ ${idle_seconds} -lt 150 ] && return 0; logger -t "wireguard_monitor" "${iface} endpoint ${endpoint_host}:${endpoint_port} is not responding for ${idle_seconds} seconds, trying to re-resolve hostname" wg set ${iface} peer ${public_key} endpoint "${endpoint_host}:${endpoint_port}" } # query ubus for all active wireguard interfaces -wg_ifaces=`ubus -S call network.interface dump | jsonfilter -e '@.interface[@.up=true]' | jsonfilter -a -e '@[@.proto="wireguard"].interface' | tr "\n" " "` +wg_ifaces=$(ubus -S call network.interface dump | jsonfilter -e '@.interface[@.up=true]' | jsonfilter -a -e '@[@.proto="wireguard"].interface' | tr "\n" " ") # check every peer in every active wireguard interface config_load network