From upstream's changelog:
* main: annotate init/exit functions to save memory
* selftest: remove antique siphash self test
* haskell: re-add updated haskell example
* socket: use ip_rt_put instead of dst_release
* device: avoid double icmp send on routing loop
* compat: clean up cruft
* global: cleanup IP header checking
* compat: do not export symbols unnecessarily
Various cleanups and updates.
* device: netdevice destruction logic change for 4.12
When Linux 4.12 is released next week, we're good to go.
* device: only use one sleep notifier
Rather than have a separate sleep notification for every interface, we now
have a single notifier for every interface. This improves performance,
especially when creating many interfaces at once.
* device: remove icmp conntrack hacks
We're moving hacks upstream the proper way, and then backporting them to
compat.
* receive: extend rate limiting to 1 second after under load detection
After we determine that we're under load, we now wait 1 second before not
being under load again, a timer which is global across all interfaces on a
given system.
* curve25519: satisfy sparse and use short types
* curve25519: keep certain sandy2x functions in C
Certain functions have been made into C, which should improve stack frames and
reliability.
* ratelimiter: rewrite from scratch
This is a big change. We no longer rely on x_tables or xt_hashlimit, instead
using a super minimal and sleek token bucket ratelimiter. This works much
better than the old cruft and should allow us to run more places. It also has
the benefit of being global, so that it's possible to have thousands of
interfaces without killing the system with separate GCs and vmallocs, which is
what happened prior.
* socket: verify saddr belongs to interface
We now more quickly react to changes of the v4 routing table, by ensuring that
the sticky source address is actually still valid.
* wg-quick: properly match IPv6 endpoint
wg-quick now works better with IPv6.
* wg-quick: use printf -v instead of namerefs for bash 4.2
This adds support for old bash, which means wg-quick should be generically
"bash 4 and up". I'm not happy about this but EL7 uses old bash, so we're
stuck with it.
* compat: support EL7.3
Support for RHEL, CentOS, ScientificLinux, and so forth.
* compat: support Ubuntu 14.04
An old crufty Ubuntu is now supported, since it's LTS.
PKG_NAME:=wireguard
-PKG_VERSION:=0.0.20170613
+PKG_VERSION:=0.0.20170628
PKG_RELEASE:=1
PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
-PKG_HASH:=88ac77569eeb79c517318d58a0954caa0a4d2a6a1694e74c2a3b1c14438ac941
+PKG_HASH:=c2cb9c05daba79389f920e57e9cdb2cf706c0b3929cb6ede89afef2684f62f2e
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
CATEGORY:=Kernel modules
SUBMENU:=Network Support
TITLE:=Wireguard kernel module
- DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4 +kmod-ipt-hashlimit
+ DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
AUTOLOAD:=$(call AutoProbe,wireguard)
endef
projects / feed / packages.git / commitdiff