| Message ID | 20190531165033.20290-1-Jason@zx2c4.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [OpenWrt-Devel] wireguard: bump to 0.0.20190531 | expand |
On Fri, May 31, 2019 at 6:50 PM Jason A. Donenfeld <Jason@zx2c4.com> wrote: > > * tools: add wincompat layer to wg(8) > > Consistent with a lot of the Windows work we've been doing this last cycle, > wg(8) now supports the WireGuard for Windows app by talking through a named > pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw. > Because programming things for Windows is pretty ugly, we've done this via a > separate standalone wincompat layer, so that we don't pollute our pretty *nix > utility. > > * compat: udp_tunnel: force cast sk_data_ready > > This is a hack to work around broken Android kernel wrapper scripts. > > * wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel > > FreeBSD had a number of kernel race conditions, some of which we can vaguely > work around. These are in the process of being fixed upstream, but probably > people won't update for a while. > > * wg-quick: make darwin and freebsd path search strict like linux > > Correctness. > > * socket: set ignore_df=1 on xmit > > This was intended from early on but didn't work on IPv6 without the ignore_df > flag. It allows sending fragments over IPv6. > > * qemu: use newer iproute2 and kernel > * qemu: build iproute2 with libmnl support > * qemu: do not check for alignment with ubsan > > The QEMU build system has been improved to compile newer versions. Linking > against libmnl gives us better error messages. As well, enabling the alignment > check on x86 UBSAN isn't realistic. > > * wg-quick: look up existing routes properly > * wg-quick: specify protocol to ip(8), because of inconsistencies > > The route inclusion check was wrong prior, and Linux 5.1 made it break > entirely. This makes a better invocation of `ip route show match`. > > * netlink: use new strict length types in policy for 5.2 > * kbuild: account for recent upstream changes > * zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2 > > The usual churn of changes required for the upcoming 5.2. > > * timers: add jitter on ack failure reinitiation > > Correctness tweak in the timer system. > > * blake2s,chacha: latency tweak > * blake2s: shorten ssse3 loop > > In every odd-numbered round, instead of operating over the state > x00 x01 x02 x03 > x05 x06 x07 x04 > x10 x11 x08 x09 > x15 x12 x13 x14 > we operate over the rotated state > x03 x00 x01 x02 > x04 x05 x06 x07 > x09 x10 x11 x08 > x14 x15 x12 x13 > The advantage here is that this requires no changes to the 'x04 x05 x06 x07' > row, which is in the critical path. This results in a noticeable latency > improvement of roughly R cycles, for R diagonal rounds in the primitive. As > well, the blake2s AVX implementation is now SSSE3 and considerably shorter. > > * tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES > > System integrators can now specify things like > WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init > scripts and services, or 0, or any other integer. > > Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Patch applied to master; thx Hans > --- > package/network/services/wireguard/Makefile | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/package/network/services/wireguard/Makefile b/package/network/services/wireguard/Makefile > index c04762b..e3471d0 100644 > --- a/package/network/services/wireguard/Makefile > +++ b/package/network/services/wireguard/Makefile > @@ -11,12 +11,12 @@ include $(INCLUDE_DIR)/kernel.mk > > PKG_NAME:=wireguard > > -PKG_VERSION:=0.0.20190406 > +PKG_VERSION:=0.0.20190531 > PKG_RELEASE:=1 > > PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz > PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/ > -PKG_HASH:=2f06f3adf70b95e74a7736a22dcf6e9ef623b311a15b7d55b5474e57c3d0415b > +PKG_HASH:=8b0280322ec4c46fd1a786af4db0c4d0c600053542c4563582baac478e4127b1 > > PKG_LICENSE:=GPL-2.0 Apache-2.0 > PKG_LICENSE_FILES:=COPYING > -- > 2.21.0 > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
diff --git a/package/network/services/wireguard/Makefile b/package/network/services/wireguard/Makefile index c04762b..e3471d0 100644 --- a/package/network/services/wireguard/Makefile +++ b/package/network/services/wireguard/Makefile @@ -11,12 +11,12 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=wireguard -PKG_VERSION:=0.0.20190406 +PKG_VERSION:=0.0.20190531 PKG_RELEASE:=1 PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/ -PKG_HASH:=2f06f3adf70b95e74a7736a22dcf6e9ef623b311a15b7d55b5474e57c3d0415b +PKG_HASH:=8b0280322ec4c46fd1a786af4db0c4d0c600053542c4563582baac478e4127b1 PKG_LICENSE:=GPL-2.0 Apache-2.0 PKG_LICENSE_FILES:=COPYING
* tools: add wincompat layer to wg(8) Consistent with a lot of the Windows work we've been doing this last cycle, wg(8) now supports the WireGuard for Windows app by talking through a named pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw. Because programming things for Windows is pretty ugly, we've done this via a separate standalone wincompat layer, so that we don't pollute our pretty *nix utility. * compat: udp_tunnel: force cast sk_data_ready This is a hack to work around broken Android kernel wrapper scripts. * wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel FreeBSD had a number of kernel race conditions, some of which we can vaguely work around. These are in the process of being fixed upstream, but probably people won't update for a while. * wg-quick: make darwin and freebsd path search strict like linux Correctness. * socket: set ignore_df=1 on xmit This was intended from early on but didn't work on IPv6 without the ignore_df flag. It allows sending fragments over IPv6. * qemu: use newer iproute2 and kernel * qemu: build iproute2 with libmnl support * qemu: do not check for alignment with ubsan The QEMU build system has been improved to compile newer versions. Linking against libmnl gives us better error messages. As well, enabling the alignment check on x86 UBSAN isn't realistic. * wg-quick: look up existing routes properly * wg-quick: specify protocol to ip(8), because of inconsistencies The route inclusion check was wrong prior, and Linux 5.1 made it break entirely. This makes a better invocation of `ip route show match`. * netlink: use new strict length types in policy for 5.2 * kbuild: account for recent upstream changes * zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2 The usual churn of changes required for the upcoming 5.2. * timers: add jitter on ack failure reinitiation Correctness tweak in the timer system. * blake2s,chacha: latency tweak * blake2s: shorten ssse3 loop In every odd-numbered round, instead of operating over the state x00 x01 x02 x03 x05 x06 x07 x04 x10 x11 x08 x09 x15 x12 x13 x14 we operate over the rotated state x03 x00 x01 x02 x04 x05 x06 x07 x09 x10 x11 x08 x14 x15 x12 x13 The advantage here is that this requires no changes to the 'x04 x05 x06 x07' row, which is in the critical path. This results in a noticeable latency improvement of roughly R cycles, for R diagonal rounds in the primitive. As well, the blake2s AVX implementation is now SSSE3 and considerably shorter. * tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES System integrators can now specify things like WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init scripts and services, or 0, or any other integer. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> --- package/network/services/wireguard/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)