kernel: migrate wireguard into the kernel tree

On Linux 5.4, build WireGuard from backports. Linux 5.10 contains wireguard in-tree. Add in-kernel crypto libraries required by WireGuard along with arch-specific optimizations. Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> (cherry picked from commit 06351f1bd0) (cherry picked from commit 464451d9ab)
2021-02-19 08:22:08 -08:00
parent c0cb86e1d5
commit a701d4b841
3 changed files with 184 additions and 89 deletions
--- a/package/kernel/linux/modules/netsupport.mk
+++ b/package/kernel/linux/modules/netsupport.mk
@@ -1250,3 +1250,33 @@ define KernelPackage/netlink-diag/description
 endef

 $(eval $(call KernelPackage,netlink-diag))
+
+
+define KernelPackage/wireguard
+  SECTION:=kernel
+  CATEGORY:=Kernel modules
+  SUBMENU:=Network Support
+  TITLE:=WireGuard kernel module
+  DEPENDS:= \
+	  +kmod-crypto-lib-blake2s \
+	  +kmod-crypto-lib-chacha20poly1305 \
+	  +kmod-crypto-lib-curve25519 \
+	  +kmod-udptunnel4 \
+	  +IPV6:kmod-udptunnel6
+  KCONFIG:= \
+	  CONFIG_WIREGUARD \
+	  CONFIG_WIREGUARD_DEBUG=n
+  FILES:=$(LINUX_DIR)/drivers/net/wireguard/wireguard.ko
+  AUTOLOAD:=$(call AutoProbe,wireguard)
+endef
+
+define KernelPackage/wireguard/description
+  WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
+  state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
+  more useful than IPSec, while avoiding the massive headache. It intends to
+  be considerably more performant than OpenVPN.  WireGuard is designed as a
+  general purpose VPN for running on embedded interfaces and super computers
+  alike, fit for many different circumstances. It uses UDP.
+endef
+
+$(eval $(call KernelPackage,wireguard))