├── .github ├── ISSUE_TEMPLATE │ ├── bug.yml │ └── feature-request.md └── workflows │ ├── build.yml │ └── docker.yml ├── .gitignore ├── LICENSE ├── README.md ├── ci ├── AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.gpg ├── DOCKERFILE-mipsel ├── DOCKERFILE-mtk ├── DOCKERFILE-octeon ├── DOCKERFILE-tools ├── mtk-toolchain.sh ├── octeon-toolchain.sh ├── release_body.md ├── tools-toolchain.sh └── ubnt-source.json ├── debian ├── control ├── postinst ├── postrm └── preinst ├── opt ├── vyatta │ ├── sbin │ │ └── vyatta-check-allowed-ips.pl │ └── share │ │ ├── perl5 │ │ └── Vyatta │ │ │ └── Interface.pm │ │ ├── vyatta-cfg │ │ └── templates │ │ │ ├── firewall │ │ │ └── options │ │ │ │ ├── mss-clamp │ │ │ │ └── interface-type │ │ │ │ │ └── node.def │ │ │ │ └── mss-clamp6 │ │ │ │ └── interface-type │ │ │ │ └── node.def │ │ │ └── interfaces │ │ │ └── wireguard │ │ │ ├── node.def │ │ │ └── node.tag │ │ │ ├── address │ │ │ └── node.def │ │ │ ├── bandwidth │ │ │ ├── constraint │ │ │ │ ├── class-type │ │ │ │ │ ├── node.def │ │ │ │ │ └── node.tag │ │ │ │ │ │ └── bandwidth │ │ │ │ │ │ └── node.def │ │ │ │ └── node.def │ │ │ ├── maximum │ │ │ │ └── node.def │ │ │ ├── node.def │ │ │ └── reservable │ │ │ │ └── node.def │ │ │ ├── description │ │ │ └── node.def │ │ │ ├── disable │ │ │ └── node.def │ │ │ ├── down-command │ │ │ └── node.def │ │ │ ├── firewall │ │ │ ├── in │ │ │ │ ├── ipv6-modify │ │ │ │ │ └── node.def │ │ │ │ ├── ipv6-name │ │ │ │ │ └── node.def │ │ │ │ ├── modify │ │ │ │ │ └── node.def │ │ │ │ ├── name │ │ │ │ │ └── node.def │ │ │ │ └── node.def │ │ │ ├── local │ │ │ │ ├── ipv6-name │ │ │ │ │ └── node.def │ │ │ │ ├── name │ │ │ │ │ └── node.def │ │ │ │ └── node.def │ │ │ ├── node.def │ │ │ └── out │ │ │ │ ├── ipv6-modify │ │ │ │ └── node.def │ │ │ │ ├── ipv6-name │ │ │ │ └── node.def │ │ │ │ ├── modify │ │ │ │ └── node.def │ │ │ │ ├── name │ │ │ │ └── node.def │ │ │ │ └── node.def │ │ │ ├── fwmark │ │ │ └── node.def │ │ │ ├── ip │ │ │ ├── node.def │ │ │ ├── ospf │ │ │ │ ├── authentication │ │ │ │ │ ├── md5 │ │ │ │ │ │ ├── key-id │ │ │ │ │ │ │ ├── node.def │ │ │ │ │ │ │ └── node.tag │ │ │ │ │ │ │ │ └── md5-key │ │ │ │ │ │ │ │ └── node.def │ │ │ │ │ │ └── node.def │ │ │ │ │ ├── node.def │ │ │ │ │ └── plaintext-password │ │ │ │ │ │ └── node.def │ │ │ │ ├── cost │ │ │ │ │ └── node.def │ │ │ │ ├── dead-interval │ │ │ │ │ └── node.def │ │ │ │ ├── hello-interval │ │ │ │ │ └── node.def │ │ │ │ ├── mtu-ignore │ │ │ │ │ └── node.def │ │ │ │ ├── network │ │ │ │ │ └── node.def │ │ │ │ ├── node.def │ │ │ │ ├── priority │ │ │ │ │ └── node.def │ │ │ │ ├── retransmit-interval │ │ │ │ │ └── node.def │ │ │ │ └── transmit-delay │ │ │ │ │ └── node.def │ │ │ ├── rip │ │ │ │ ├── authentication │ │ │ │ │ ├── md5 │ │ │ │ │ │ ├── node.def │ │ │ │ │ │ └── node.tag │ │ │ │ │ │ │ └── password │ │ │ │ │ │ │ └── node.def │ │ │ │ │ ├── node.def │ │ │ │ │ └── plaintext-password │ │ │ │ │ │ └── node.def │ │ │ │ ├── node.def │ │ │ │ └── split-horizon │ │ │ │ │ ├── disable │ │ │ │ │ └── node.def │ │ │ │ │ ├── node.def │ │ │ │ │ └── poison-reverse │ │ │ │ │ └── node.def │ │ │ └── source-validation │ │ │ │ └── node.def │ │ │ ├── ipv6 │ │ │ ├── node.def │ │ │ ├── ospfv3 │ │ │ │ ├── cost │ │ │ │ │ └── node.def │ │ │ │ ├── dead-interval │ │ │ │ │ └── node.def │ │ │ │ ├── hello-interval │ │ │ │ │ └── node.def │ │ │ │ ├── ifmtu │ │ │ │ │ └── node.def │ │ │ │ ├── instance-id │ │ │ │ │ └── node.def │ │ │ │ ├── mtu-ignore │ │ │ │ │ └── node.def │ │ │ │ ├── node.def │ │ │ │ ├── passive │ │ │ │ │ └── node.def │ │ │ │ ├── priority │ │ │ │ │ └── node.def │ │ │ │ ├── retransmit-interval │ │ │ │ │ └── node.def │ │ │ │ └── transmit-delay │ │ │ │ │ └── node.def │ │ │ └── ripng │ │ │ │ ├── node.def │ │ │ │ └── split-horizon │ │ │ │ ├── disable │ │ │ │ └── node.def │ │ │ │ ├── node.def │ │ │ │ └── poison-reverse │ │ │ │ └── node.def │ │ │ ├── listen-port │ │ │ └── node.def │ │ │ ├── mtu │ │ │ └── node.def │ │ │ ├── peer │ │ │ ├── node.def │ │ │ └── node.tag │ │ │ │ ├── allowed-ips │ │ │ │ └── node.def │ │ │ │ ├── description │ │ │ │ └── node.def │ │ │ │ ├── disable │ │ │ │ └── node.def │ │ │ │ ├── endpoint │ │ │ │ └── node.def │ │ │ │ ├── persistent-keepalive │ │ │ │ └── node.def │ │ │ │ └── preshared-key │ │ │ │ └── node.def │ │ │ ├── private-key │ │ │ └── node.def │ │ │ ├── route-allowed-ips │ │ │ └── node.def │ │ │ ├── traffic-policy │ │ │ ├── in │ │ │ │ └── node.def │ │ │ ├── node.def │ │ │ └── out │ │ │ │ └── node.def │ │ │ └── up-command │ │ │ └── node.def │ │ └── vyatta-op │ │ └── templates │ │ ├── clear │ │ └── interfaces │ │ │ └── wireguard │ │ │ ├── counters │ │ │ └── node.def │ │ │ ├── node.def │ │ │ └── node.tag │ │ │ ├── counters │ │ │ └── node.def │ │ │ └── node.def │ │ ├── generate │ │ └── vpn │ │ │ └── wireguard │ │ │ ├── node.def │ │ │ ├── preshared-key │ │ │ ├── node.def │ │ │ └── node.tag │ │ │ │ └── node.def │ │ │ └── private-key │ │ │ ├── node.def │ │ │ └── node.tag │ │ │ └── node.def │ │ └── show │ │ └── interfaces │ │ └── wireguard │ │ ├── allowed-ips │ │ └── node.def │ │ ├── detail │ │ └── node.def │ │ ├── endpoints │ │ └── node.def │ │ ├── fwmark │ │ └── node.def │ │ ├── latest-handshakes │ │ └── node.def │ │ ├── listen-port │ │ └── node.def │ │ ├── node.def │ │ ├── node.tag │ │ ├── allowed-ips │ │ │ └── node.def │ │ ├── brief │ │ │ └── node.def │ │ ├── capture │ │ │ ├── node.def │ │ │ ├── not │ │ │ │ ├── node.def │ │ │ │ └── port │ │ │ │ │ ├── node.def │ │ │ │ │ └── node.tag │ │ │ │ │ └── node.def │ │ │ └── port │ │ │ │ ├── node.def │ │ │ │ └── node.tag │ │ │ │ └── node.def │ │ ├── endpoints │ │ │ └── node.def │ │ ├── fwmark │ │ │ └── node.def │ │ ├── latest-handshakes │ │ │ └── node.def │ │ ├── listen-port │ │ │ └── node.def │ │ ├── node.def │ │ ├── peers │ │ │ └── node.def │ │ ├── persistent-keepalive │ │ │ └── node.def │ │ ├── preshared-keys │ │ │ └── node.def │ │ ├── private-key │ │ │ └── node.def │ │ ├── public-key │ │ │ └── node.def │ │ └── transfer │ │ │ └── node.def │ │ ├── peers │ │ └── node.def │ │ ├── persistent-keepalive │ │ └── node.def │ │ ├── preshared-keys │ │ └── node.def │ │ ├── private-key │ │ └── node.def │ │ ├── public-key │ │ └── node.def │ │ └── transfer │ │ └── node.def └── wireguard │ ├── interface.sh │ ├── is_valid_key.sh │ ├── peer.sh │ └── update_routes.sh ├── siphash_no_fallthrough.patch └── unifios ├── bases ├── udm-1.10.0-12 │ ├── buildroot-config.txt │ ├── kernel-config │ ├── prefix │ └── versions.txt ├── udm-1.10.0-8 │ ├── buildroot-config.txt │ ├── kernel-config │ ├── prefix │ └── versions.txt ├── udm-1.9.0-10 │ ├── buildroot-config.txt │ ├── kernel-config │ ├── linux-patches │ │ └── linux-0001-dtc-lexer.patch │ ├── prefix │ └── versions.txt ├── udm-se-2.2.4 │ ├── buildroot-config.txt │ ├── kernel-config │ ├── linux-patches │ │ └── linux-0001-localversion.patch │ ├── prefix │ └── versions.txt └── udr-2.2.12 │ ├── buildroot-config.txt │ ├── kernel-config │ ├── linux-patches.tar.gz │ ├── patches │ └── wireguard-linux-compat │ │ └── fix_skb_put_redefinition.patch │ ├── prefix │ └── versions.txt ├── packages ├── openresolv │ ├── Config.in │ ├── openresolv.hash │ └── openresolv.mk ├── wireguard-linux-compat │ ├── Config.in │ └── wireguard-linux-compat.mk └── wireguard-tools │ ├── Config.in │ └── wireguard-tools.mk ├── patches ├── 0001-bison-glibc-change-work-around.patch ├── 0001-m4-glibc-change-work-around.patch ├── 944-mpc-relative-literal-loads-logic-in-aarch64_classify_symbol.patch ├── add-kernel-4-19.patch ├── openresolv-package.patch └── wireguard-packages.patch └── setup_wireguard.sh /.github/ISSUE_TEMPLATE/bug.yml: -------------------------------------------------------------------------------- 1 | name: Bug Report 2 | description: File a bug report 3 | labels: [bug/possible] 4 | body: 5 | - type: markdown 6 | attributes: 7 | value: | 8 | Please fill out this form to report a bug 9 | - type: input 10 | id: package 11 | attributes: 12 | label: Package version 13 | description: Which version of this package did you use (the tag of the release) 14 | placeholder: e.g. 1.0.20210606-1 15 | validations: 16 | required: true 17 | - type: input 18 | id: firmware 19 | attributes: 20 | label: Firmware version 21 | description: Which firmware version are you running on your device 22 | placeholder: e.g. 2.0.9-hotfix1 23 | validations: 24 | required: true 25 | - type: dropdown 26 | id: device 27 | attributes: 28 | label: Device 29 | description: On which device are you running WireGuard 30 | options: 31 | - EdgeRouter X (SFP, 10 X, EP-R6) - e50 32 | - EdgeRouter Lite / PoE - e100 33 | - EdgeRouter 8 (Pro) - e200 34 | - EdgeRouter 4 / 6P / 12 - e300 35 | - EdgeRouter Infinity - e1000 36 | - UniFi Security Gateway - UGW3 37 | - UniFi Security Gateway Pro 4 - UGW4 38 | - UniFi Security Gateway XG 8 - UGWXG 39 | - Unifi Dream Machine (Pro / SE) - UDM 40 | validations: 41 | required: true 42 | - type: textarea 43 | id: description 44 | attributes: 45 | label: Issue description 46 | description: Description of the issue you are facing 47 | validations: 48 | required: true 49 | - type: textarea 50 | id: logs 51 | attributes: 52 | label: Configuration and log output 53 | description: Relevant configuration and log output. This will be automatically formatted into code, so no need for backticks. Remember to redact sensitive information like private keys and public ips. 54 | render: shell 55 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature-request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Request a feature 3 | about: Request a new feature or additional functionality 4 | labels: [enhancement] 5 | assignees: '' 6 | 7 | --- 8 | 9 | Describe the feature you would like to request in as much detail as possible. 10 | 11 | If it is specific to certain devices please let us know which. 12 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: Build kernel module and tools 2 | 3 | on: 4 | push: 5 | branches: 6 | - "master" 7 | pull_request: 8 | workflow_dispatch: 9 | 10 | env: 11 | MODULE_VERSION: "1.0.20220627" 12 | TOOLS_VERSION: "1.0.20210914" 13 | PACKAGE_RELEASE: "1" 14 | FIRMWARE_ER_v1: "v1.10.11" 15 | FIRMWARE_ER_v2: "v2.0.9" 16 | FIRMWARE_UGW: "4.4.50" 17 | 18 | jobs: 19 | headers: 20 | runs-on: ubuntu-20.04 21 | container: 22 | image: ghcr.io/fossoreslp/ubnt-build:${{ matrix.image }} 23 | env: 24 | CROSS: ${{ matrix.toolchain }} 25 | 26 | strategy: 27 | matrix: 28 | device: [e100, e200, e300, e1000, ugw3, ugw4, ugwxg] 29 | version: [1, 2] 30 | toolchain: [mips64-octeon-linux-] 31 | image: [octeon-kernel] 32 | exclude: 33 | - device: ugw3 34 | version: 2 35 | - device: ugw4 36 | version: 2 37 | - device: ugwxg 38 | version: 2 39 | include: 40 | - device: e50 41 | version: 1 42 | toolchain: mipsel-mtk-linux- 43 | image: mtk-kernel 44 | - device: e50 45 | version: 2 46 | toolchain: mipsel-linux-gnu- 47 | image: mipsel-kernel 48 | 49 | steps: 50 | - uses: actions/checkout@v2 51 | - name: Build headers 52 | run: | 53 | mkdir /headers 54 | curl -o src.tar.bz2 $(jq -r '.["${{ matrix.device }}"]["${{ matrix.version }}"]' ci/ubnt-source.json) 55 | tar -xf src.tar.bz2 --wildcards 'source/kernel_*' --strip-components 1 56 | mv kernel_* kernel.tar.gz 57 | tar -xf kernel.tar.gz --strip-components 1 58 | if [ ${{ matrix.version }} -ne 1 ]; then make ARCH=mips ubnt_er_${{ matrix.device }}_defconfig; fi; 59 | make -j$(nproc) ARCH=mips CROSS_COMPILE=$CROSS prepare modules_prepare 60 | make -j$(nproc) ARCH=mips CROSS_COMPILE=$CROSS modules #vmlinux 61 | cp Module.symvers .config /headers 62 | make mrproper 63 | make -j$(nproc) ARCH=mips O=/headers CROSS_COMPILE=$CROSS prepare modules_prepare scripts 64 | rm /headers/source /headers/Makefile 65 | # This is from alpine linux who in turn got it from 66 | # http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk 67 | find . -path './include/*' -prune -o -path './scripts/*' -prune -o -type f \( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' -o -name '*.lds' -o -name 'Platform' \) -print | cpio -pdm "/headers" 68 | cp -a scripts include "/headers" 69 | find $(find arch -name include -type d -print) -type f | cpio -pdm "/headers" 70 | tar -cf headers.tar /headers/ 71 | - name: Store headers 72 | uses: actions/upload-artifact@v2 73 | with: 74 | name: headers-${{ matrix.device }}-${{ matrix.version }} 75 | path: headers.tar 76 | 77 | module-prepare: 78 | runs-on: ubuntu-20.04 79 | container: 80 | image: buildpack-deps:focal 81 | 82 | steps: 83 | - uses: actions/checkout@v2 84 | - name: Download module source 85 | run: | 86 | curl -L -o wireguard-linux-compat-$MODULE_VERSION.tar.xz https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-$MODULE_VERSION.tar.xz 87 | curl -L -o wireguard-linux-compat-$MODULE_VERSION.tar.asc https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-$MODULE_VERSION.tar.asc 88 | unxz wireguard-linux-compat-$MODULE_VERSION.tar.xz 89 | gpgv --keyring ci/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.gpg wireguard-linux-compat-$MODULE_VERSION.tar.asc wireguard-linux-compat-$MODULE_VERSION.tar 90 | tar -xf wireguard-linux-compat-$MODULE_VERSION.tar --one-top-level=module --strip-components=1 91 | cd module 92 | sed -i 's/ --dirty//g' src/Makefile 93 | patch -p1 < ../siphash_no_fallthrough.patch 94 | - name: Upload module source 95 | uses: actions/upload-artifact@v2 96 | with: 97 | name: module-src 98 | path: module 99 | 100 | module: 101 | needs: [module-prepare, headers] 102 | runs-on: ubuntu-20.04 103 | container: 104 | image: ghcr.io/fossoreslp/ubnt-build:${{ matrix.image }} 105 | 106 | strategy: 107 | matrix: 108 | device: [e100, e200, e300, e1000, ugw3, ugw4, ugwxg] 109 | version: [1, 2] 110 | toolchain: [mips64-octeon-linux-] 111 | image: [octeon-kernel] 112 | exclude: 113 | - device: ugw3 114 | version: 2 115 | - device: ugw4 116 | version: 2 117 | - device: ugwxg 118 | version: 2 119 | include: 120 | - device: e50 121 | version: 1 122 | toolchain: mipsel-mtk-linux- 123 | image: mtk-kernel 124 | - device: e50 125 | version: 2 126 | toolchain: mipsel-mtk-linux- 127 | image: mtk-kernel 128 | 129 | steps: 130 | - uses: actions/checkout@v2 131 | - name: Restore module source 132 | uses: actions/download-artifact@v2 133 | with: 134 | name: module-src 135 | path: module 136 | - name: Restore headers 137 | uses: actions/download-artifact@v2 138 | with: 139 | name: headers-${{ matrix.device }}-${{ matrix.version }} 140 | - name: Build module 141 | run: | 142 | tar -xf headers.tar 143 | cd module/src 144 | make -j$(nproc) ARCH=mips CROSS_COMPILE=${{ matrix.toolchain }} KERNELDIR=$GITHUB_WORKSPACE/headers module 145 | ${{ matrix.toolchain }}strip --strip-debug wireguard.ko 146 | - name: Upload built module 147 | uses: actions/upload-artifact@v2 148 | with: 149 | name: module-${{ matrix.device }}-${{ matrix.version }} 150 | path: module/src/wireguard.ko 151 | 152 | tools: 153 | runs-on: ubuntu-20.04 154 | container: 155 | image: ${{ matrix.image }} 156 | 157 | strategy: 158 | matrix: 159 | include: 160 | - arch: mips 161 | target: mips-linux-musl 162 | image: lochnair/musl-buildenv:mips # Will be: mips-tools 163 | - arch: mipsel 164 | target: mipsel-linux-musl 165 | image: lochnair/musl-buildenv:mipsel # Will be: mipsel-tools 166 | steps: 167 | - uses: actions/checkout@v2 168 | - name: Build tools 169 | env: 170 | TARGET: ${{ matrix.target }} 171 | ARCH: ${{ matrix.arch }} 172 | run: | 173 | apk add gnupg 174 | curl -L -o wireguard-tools-$TOOLS_VERSION.tar.xz https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-$TOOLS_VERSION.tar.xz 175 | curl -L -o wireguard-tools-$TOOLS_VERSION.tar.asc https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-$TOOLS_VERSION.tar.asc 176 | unxz wireguard-tools-$TOOLS_VERSION.tar.xz 177 | gpgv --keyring ci/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.gpg wireguard-tools-$TOOLS_VERSION.tar.asc wireguard-tools-$TOOLS_VERSION.tar 178 | tar -xf wireguard-tools-$TOOLS_VERSION.tar 179 | mv wireguard-tools-$TOOLS_VERSION tools 180 | cd tools/src 181 | CC="$ARCH-linux-musl-gcc" LDLIBS="-static" make -j$(nproc) 182 | $ARCH-linux-musl-strip --strip-unneeded wg 183 | - name: Upload built tools 184 | uses: actions/upload-artifact@v2 185 | with: 186 | name: tools-${{ matrix.arch }} 187 | path: tools/src/wg 188 | 189 | package: 190 | needs: [module, tools] 191 | runs-on: ubuntu-20.04 192 | container: 193 | image: debian 194 | 195 | strategy: 196 | matrix: 197 | device: [e100, e200, e300, e1000, ugw3, ugw4, ugwxg] 198 | version: [1, 2] 199 | arch: [mips] 200 | exclude: 201 | - device: ugw3 202 | version: 2 203 | - device: ugw4 204 | version: 2 205 | - device: ugwxg 206 | version: 2 207 | include: 208 | - device: e50 209 | version: 1 210 | arch: mipsel 211 | - device: e50 212 | version: 2 213 | arch: mipsel 214 | steps: 215 | - uses: actions/checkout@v2 216 | - name: Download module 217 | uses: actions/download-artifact@v2 218 | with: 219 | name: module-${{ matrix.device }}-${{ matrix.version }} 220 | - name: Download tools 221 | uses: actions/download-artifact@v2 222 | with: 223 | name: tools-${{ matrix.arch }} 224 | - name: Build package 225 | run: | 226 | apt update 227 | apt install -y kmod 228 | export KERNEL=$(modinfo -F vermagic wireguard.ko | cut -d ' ' -f 1) 229 | mkdir -p pkg/usr/bin pkg/lib/modules/$KERNEL/kernel/net 230 | cp -r debian pkg/DEBIAN 231 | cp -r opt pkg/opt 232 | cp wireguard.ko pkg/lib/modules/$KERNEL/kernel/net/wireguard.ko 233 | cp wg pkg/usr/bin/wg 234 | chmod +x pkg/usr/bin/wg 235 | sed -i "s/PACKAGE_VERSION/$MODULE_VERSION/g" pkg/DEBIAN/control 236 | sed -i "s/PACKAGE_RELEASE/$PACKAGE_RELEASE/g" pkg/DEBIAN/control 237 | sed -i "s/KERNEL_VER/$KERNEL/g" pkg/DEBIAN/preinst 238 | sed -i "s/PACKAGE_ARCH/${{ matrix.arch }}/g" pkg/DEBIAN/control 239 | dpkg-deb -b -Z gzip pkg 240 | mv pkg.deb ${{ matrix.device }}-v${{ matrix.version }}-v$MODULE_VERSION-v$TOOLS_VERSION.deb 241 | - name: Upload package 242 | uses: actions/upload-artifact@v2 243 | with: 244 | name: release_${{ matrix.device }}-v${{ matrix.version }} 245 | path: ${{ matrix.device }}-v${{ matrix.version }}-v${{ env.MODULE_VERSION }}-v${{ env.TOOLS_VERSION }}.deb 246 | 247 | udm-prepare-buildroot: 248 | runs-on: ubuntu-20.04 249 | steps: 250 | - uses: actions/checkout@v2 251 | - name: Download buildroot-2017.11.1 252 | run: | 253 | curl -o buildroot.tar.bz2 https://buildroot.org/downloads/buildroot-2017.11.1.tar.bz2 254 | tar -xf buildroot.tar.bz2 255 | - name: Download WireGuard module source 256 | run: | 257 | curl -L -o wireguard-linux-compat-$MODULE_VERSION.tar.xz https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-$MODULE_VERSION.tar.xz 258 | curl -L -o wireguard-linux-compat-$MODULE_VERSION.tar.asc https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-$MODULE_VERSION.tar.asc 259 | unxz wireguard-linux-compat-$MODULE_VERSION.tar.xz 260 | gpgv --keyring ci/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.gpg wireguard-linux-compat-$MODULE_VERSION.tar.asc wireguard-linux-compat-$MODULE_VERSION.tar 261 | - name: Download WireGuard tools source 262 | run: | 263 | curl -L -o wireguard-tools-$TOOLS_VERSION.tar.xz https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-$TOOLS_VERSION.tar.xz 264 | curl -L -o wireguard-tools-$TOOLS_VERSION.tar.asc https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-$TOOLS_VERSION.tar.asc 265 | unxz wireguard-tools-$TOOLS_VERSION.tar.xz 266 | gpgv --keyring ci/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.gpg wireguard-tools-$TOOLS_VERSION.tar.asc wireguard-tools-$TOOLS_VERSION.tar 267 | - name: Copy packages 268 | run: cp -pr unifios/packages/* buildroot-2017.11.1/package 269 | - name: Copy WireGuard source 270 | run: | 271 | cp wireguard-linux-compat-$MODULE_VERSION.tar buildroot-2017.11.1/package/wireguard-linux-compat/ 272 | cp wireguard-tools-$TOOLS_VERSION.tar buildroot-2017.11.1/package/wireguard-tools/ 273 | - name: Set package versions 274 | run: | 275 | sed -i "s/PACKAGE_VERSION/$MODULE_VERSION/g" buildroot-2017.11.1/package/wireguard-linux-compat/wireguard-linux-compat.mk 276 | sed -i "s/PACKAGE_VERSION/$TOOLS_VERSION/g" buildroot-2017.11.1/package/wireguard-tools/wireguard-tools.mk 277 | - name: Patches 278 | run: | 279 | patch -p0 output/target/usr/bin/wg 358 | - name: Build bash 359 | run: cd buildroot-2017.11.1 && make bash-rebuild # -> output/target/bin/bash 360 | - name: Build resolvconf 361 | run: cd buildroot-2017.11.1 && make openresolv-rebuild # -> output/target/sbin/resolvconf 362 | - name: Build qrencode 363 | run: cd buildroot-2017.11.1 && make libqrencode-rebuild # -> output/target/usr/bin/qrencode 364 | - name: Collect tools 365 | run: | 366 | mkdir -p tools 367 | cp buildroot-2017.11.1/output/target/usr/bin/wg tools/ 368 | cp buildroot-2017.11.1/output/target/bin/bash tools/ 369 | cp buildroot-2017.11.1/output/target/usr/bin/qrencode tools/ 370 | cp buildroot-2017.11.1/output/target/sbin/resolvconf tools/ 371 | cp buildroot-2017.11.1/output/target/etc/resolvconf.conf tools/ 372 | cp buildroot-2017.11.1/output/build/wireguard-tools-$TOOLS_VERSION/src/wg-quick/linux.bash tools/wg-quick 373 | - name: Store tools 374 | uses: actions/upload-artifact@v2 375 | with: 376 | name: tools 377 | path: tools 378 | udm-package: 379 | needs: [udm-build-tools, udm-build-modules] 380 | runs-on: ubuntu-20.04 381 | steps: 382 | - uses: actions/checkout@v2 383 | - name: Prepare 384 | run: mkdir -p package package/wireguard package/wireguard/modules package/wireguard/tools package/wireguard/etc 385 | - name: Restore modules 386 | uses: actions/download-artifact@v2 387 | with: 388 | name: modules 389 | path: package/wireguard/modules 390 | - name: Restore tools 391 | uses: actions/download-artifact@v2 392 | with: 393 | name: tools 394 | path: package/wireguard/tools 395 | - name: Add setup 396 | run: cp unifios/setup_wireguard.sh package/wireguard/ 397 | - name: Fix permissions 398 | run: | 399 | mv package/wireguard/tools/resolvconf.conf package/wireguard/etc 400 | chmod +x package/wireguard/tools/* package/wireguard/setup_wireguard.sh 401 | sudo chown -R root:root package/wireguard 402 | - name: Package 403 | run: tar -C package -czf UnifiOS-$MODULE_VERSION-$TOOLS_VERSION.tar.gz ./ 404 | - name: Store package 405 | uses: actions/upload-artifact@v2 406 | with: 407 | name: release_unifios 408 | path: UnifiOS-${{ env.MODULE_VERSION }}-${{ env.TOOLS_VERSION }}.tar.gz 409 | 410 | release: 411 | runs-on: ubuntu-20.04 412 | needs: 413 | - package 414 | - udm-package 415 | 416 | steps: 417 | - uses: actions/checkout@v2 418 | - name: Create Release 419 | id: create_release 420 | uses: fossoreslp/release-artifacts@v1 421 | with: 422 | title: WireGuard ${{ env.MODULE_VERSION }} ${{ env.TOOLS_VERSION }} 423 | template: ci/release_body.md 424 | token: ${{ secrets.GITHUB_TOKEN }} 425 | variables: ${{ toJSON(env) }} 426 | -------------------------------------------------------------------------------- /.github/workflows/docker.yml: -------------------------------------------------------------------------------- 1 | name: Build docker build environments 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | jobs: 7 | # Push image to GitHub Packages. 8 | # See also https://docs.docker.com/docker-hub/builds/ 9 | build: 10 | 11 | runs-on: ubuntu-20.04 12 | 13 | strategy: 14 | matrix: 15 | tag: [mips, mipsel, mtk, octeon] 16 | type: [kernel, tools] 17 | exclude: 18 | - tag: mips 19 | type: kernel 20 | - tag: mtk 21 | type: tools 22 | - tag: octeon 23 | type: tools 24 | env: 25 | IMAGE: ghcr.io/${{ github.repository_owner }}/ubnt-build:${{ matrix.tag }}-${{ matrix.type }} 26 | 27 | steps: 28 | - uses: actions/checkout@v2 29 | 30 | - name: Build kernel environment 31 | if: ${{ matrix.type == 'kernel' }} 32 | run: docker build --pull -t "$(echo $IMAGE | tr '[:upper:]' '[:lower:]')" -f ci/DOCKERFILE-${{ matrix.tag }} . 33 | 34 | - name: Build tools environment 35 | if: ${{ matrix.type == 'tools' }} 36 | env: 37 | ARCH: ${{ matrix.tag }} 38 | TARGET: ${{ matrix.tag }}-linux-musl 39 | run: docker build --pull -t "$(echo $IMAGE | tr '[:upper:]' '[:lower:]')" -f ci/DOCKERFILE-tools . 40 | 41 | - name: Log into GitHub Container Registry 42 | # TODO: Create a PAT with `read:packages` and `write:packages` scopes and save it as an Actions secret `CR_PAT` 43 | run: echo "${{ secrets.CR_PAT }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin 44 | 45 | - name: Push image to GitHub Container Registry 46 | run: docker push "$(echo $IMAGE | tr '[:upper:]' '[:lower:]')" 47 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | package/ 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | WireGuard for Ubiquiti 2 | ====================== 3 | 4 | WireGuard for EdgeRouter, Unifi Gateway and Unifi Dream Machine 5 | 6 | For a full list of supported devices, please see the latest release at [releases](https://github.com/WireGuard/wireguard-vyatta-ubnt/releases). 7 | 8 | The installation instructions can be found in the Wiki: 9 | 10 | - [EdgeOS / UGW](https://github.com/WireGuard/wireguard-vyatta-ubnt/wiki/EdgeOS-and-Unifi-Gateway) 11 | - [UnifiOS](https://github.com/WireGuard/wireguard-vyatta-ubnt/wiki/UnifiOS-%28UDM%2C-UDR%2C-UXG%29) 12 | 13 | Credits 14 | ------- 15 | 16 | Support for EdgeOS and Unifi Gateway was originally developed by [@Lochnair](https://github.com/Lochnair). 17 | Support for UnifiOS was developed by [@tusc](https://github.com/tusc) and integrated into this repository by [@peacey](https://github.com/peacey). 18 | See the [list of contributors](https://github.com/WireGuard/wireguard-vyatta-ubnt/graphs/contributors) and the [commit history](https://github.com/WireGuard/wireguard-vyatta-ubnt/commits/master) for the many other contributions. 19 | -------------------------------------------------------------------------------- /ci/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/WireGuard/wireguard-vyatta-ubnt/e71ad148f2972cabb0941a0c91e00157c4d82f2b/ci/AB9942E6D4A4CFC3412620A749FC7012A5DE03AE.gpg -------------------------------------------------------------------------------- /ci/DOCKERFILE-mipsel: -------------------------------------------------------------------------------- 1 | FROM debian:stretch-slim 2 | 3 | # Add mipsel support and install build tools 4 | RUN dpkg --add-architecture mipsel && \ 5 | apt-get update && \ 6 | apt-get -y install \ 7 | build-essential \ 8 | curl \ 9 | dpkg-cross \ 10 | g++-mipsel-linux-gnu \ 11 | git \ 12 | bc \ 13 | bison \ 14 | flex \ 15 | cpio \ 16 | jq && \ 17 | rm -rf /var/lib/apt/lists/* 18 | 19 | ENV CROSSCOMPILE="mipsel-linux-gnu-" 20 | -------------------------------------------------------------------------------- /ci/DOCKERFILE-mtk: -------------------------------------------------------------------------------- 1 | FROM debian:stretch-slim 2 | 3 | RUN apt-get update && \ 4 | apt-get install -y \ 5 | autoconf \ 6 | automake \ 7 | bc \ 8 | bison \ 9 | build-essential \ 10 | curl \ 11 | dpkg-dev \ 12 | fakeroot \ 13 | file \ 14 | flex \ 15 | gawk \ 16 | git \ 17 | libgmp-dev \ 18 | libmpc-dev \ 19 | libmpfr-dev \ 20 | libtool \ 21 | texinfo \ 22 | cpio \ 23 | wget \ 24 | jq && \ 25 | rm -rf /var/lib/apt/lists/* 26 | 27 | ARG BINUTILS_VER=2.29.1 28 | ARG GCC_VER=4.8.5 29 | ARG GMP_VER=6.1.2 30 | ARG ISL_VER=0.18 31 | ARG MPC_VER=1.0.3 32 | ARG MPFR_VER=3.1.5 33 | 34 | ARG TARGET=mipsel-mtk-linux 35 | 36 | ENV PATH="/opt/cross/bin:${PATH}" 37 | 38 | COPY ci/mtk-toolchain.sh /build_toolchain.sh 39 | 40 | RUN chmod +x /build_toolchain.sh && /build_toolchain.sh 41 | 42 | ENV CROSSCOMPILE="mipsel-mtk-linux-" 43 | -------------------------------------------------------------------------------- /ci/DOCKERFILE-octeon: -------------------------------------------------------------------------------- 1 | FROM debian:stretch-slim 2 | 3 | RUN apt-get update && \ 4 | apt-get install -y \ 5 | autoconf \ 6 | automake \ 7 | bc \ 8 | bison \ 9 | build-essential \ 10 | curl \ 11 | dpkg-dev \ 12 | fakeroot \ 13 | file \ 14 | flex \ 15 | gawk \ 16 | git \ 17 | libgmp-dev \ 18 | libmpc-dev \ 19 | libmpfr-dev \ 20 | libtool \ 21 | texinfo \ 22 | cpio \ 23 | wget \ 24 | jq && \ 25 | rm -rf /var/lib/apt/lists/* 26 | 27 | ENV PATH="/opt/cross/bin:${PATH}" 28 | 29 | COPY ci/octeon-toolchain.sh /build_toolchain.sh 30 | 31 | RUN chmod +x /build_toolchain.sh && /build_toolchain.sh 32 | 33 | ENV CROSSCOMPILE="mips64-octeon-linux-" 34 | -------------------------------------------------------------------------------- /ci/DOCKERFILE-tools: -------------------------------------------------------------------------------- 1 | FROM alpine:3.11 2 | 3 | # Install build dependencies 4 | RUN apk add --no-cache \ 5 | --update-cache \ 6 | autoconf \ 7 | automake \ 8 | bc \ 9 | bison \ 10 | build-base \ 11 | coreutils \ 12 | curl \ 13 | file \ 14 | flex \ 15 | gawk \ 16 | git \ 17 | gmp-dev \ 18 | libtool \ 19 | linux-headers \ 20 | mpc1-dev \ 21 | mpfr-dev \ 22 | shadow \ 23 | su-exec \ 24 | texinfo \ 25 | wget \ 26 | kmod \ 27 | gnupg \ 28 | jq 29 | 30 | 31 | # Let any user elevate to root 32 | RUN chmod +s /sbin/su-exec 33 | 34 | # Fix /tmp permissions 35 | RUN chmod 777 /tmp 36 | 37 | ENV BINUTILS_VER=2.32 38 | ENV GCC_VER=8.3.0 39 | ENV GMP_VER=6.1.2 40 | ENV ISL_VER=0.19 41 | ENV KERNEL_VER=4.19.47 42 | ENV MPC_VER=1.1.0 43 | ENV MPFR_VER=4.0.2 44 | ENV MUSL_VER=1.1.22 45 | 46 | ENV PATH="/opt/cross/bin:${PATH}" 47 | 48 | ENV TARGET="$ARCH-linux-musl" 49 | 50 | COPY ci/octeon-toolchain.sh /build_toolchain.sh 51 | 52 | RUN chmod +x /build_toolchain.sh && /build_toolchain.sh 53 | -------------------------------------------------------------------------------- /ci/mtk-toolchain.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | # Based on work by github.com/Lochnair 3 | 4 | BUILD_ROOT="/usr/src/build" 5 | SRC_ROOT="/usr/src/sources" 6 | 7 | # Download source archives 8 | mkdir -p $BUILD_ROOT/binutils $BUILD_ROOT/gcc $SRC_ROOT 9 | cd /usr/src 10 | wget -nv \ 11 | http://ftp.gnu.org/gnu/binutils/binutils-$BINUTILS_VER.tar.xz \ 12 | http://ftp.gnu.org/gnu/gcc/gcc-$GCC_VER/gcc-$GCC_VER.tar.bz2 \ 13 | http://ftp.gnu.org/gnu/gmp/gmp-$GMP_VER.tar.xz \ 14 | http://isl.gforge.inria.fr/isl-$ISL_VER.tar.xz \ 15 | http://ftp.gnu.org/gnu/mpc/mpc-$MPC_VER.tar.gz \ 16 | http://ftp.gnu.org/gnu/mpfr/mpfr-$MPFR_VER.tar.xz 17 | 18 | # Extract source archives 19 | cd $SRC_ROOT 20 | for file in ../*.tar.*; do tar xf "$file"; done 21 | 22 | # Create symlinks to GCC dependencies 23 | cd $SRC_ROOT/gcc-$GCC_VER 24 | ln -s ../gmp-$GMP_VER gmp 25 | ln -s ../isl-$ISL_VER isl 26 | ln -s ../mpc-$MPC_VER mpc 27 | ln -s ../mpfr-$MPFR_VER mpfr 28 | 29 | # Fix issue with newer versions of makeinfo 30 | wget -q -O- https://trac.macports.org/raw-attachment/ticket/53076/patch-gcc48-texi.diff | patch -p1 31 | 32 | # Binutils 33 | cd $BUILD_ROOT/binutils 34 | $SRC_ROOT/binutils-$BINUTILS_VER/configure --prefix=/opt/cross --target=$TARGET --disable-multilib --disable-werror 35 | make -j$(nproc) 36 | make install 37 | 38 | # GCC - stage 1 39 | cd $BUILD_ROOT/gcc 40 | $SRC_ROOT/gcc-$GCC_VER/configure --prefix=/opt/cross --target=$TARGET --disable-fixed-point --disable-multilib --disable-sim --enable-languages=c --with-abi=32 --with-float=soft --with-mips-plt 41 | make -j$(nproc) all-gcc 42 | make install-gcc 43 | 44 | cd /root 45 | 46 | # Cleanup 47 | rm -rf /usr/src 48 | -------------------------------------------------------------------------------- /ci/octeon-toolchain.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | # Based on work by github.com/Lochnair 3 | 4 | BUILD_ROOT="/usr/src/build" 5 | SRC_ROOT="/usr/src/sources" 6 | 7 | # Download source archives 8 | mkdir -p $BUILD_ROOT/binutils $BUILD_ROOT/gcc $SRC_ROOT 9 | cd /usr/src 10 | wget -nv \ 11 | https://github.com/MarvellEmbeddedProcessors/Octeon-Toolchain/raw/master/toolchain-build-54.tar.bz2 12 | 13 | # Extract source archives 14 | cd $SRC_ROOT 15 | tar -xvf ../toolchain-build-54.tar.bz2 16 | 17 | # Move sources 18 | mv -v toolchain/gits/binutils . 19 | mv -v toolchain/gits/gcc . 20 | mv -v toolchain/src/gmp . 21 | mv -v toolchain/src/mpc . 22 | mv -v toolchain/src/mpfr . 23 | 24 | # Create symlinks to GCC dependencies 25 | cd $SRC_ROOT/gcc 26 | ln -s ../gmp gmp 27 | ln -s ../isl isl 28 | ln -s ../mpc mpc 29 | ln -s ../mpfr mpfr 30 | 31 | # Binutils 32 | cd $BUILD_ROOT/binutils 33 | $SRC_ROOT/binutils/configure --prefix=/opt/cross --target=mips64-octeon-linux --disable-multilib --disable-werror 34 | make -j$(nproc) 35 | make install 36 | 37 | # GCC - stage 1 38 | cd $BUILD_ROOT/gcc 39 | MAKEINFO=missing $SRC_ROOT/gcc/configure --prefix=/opt/cross --target=mips64-octeon-linux --disable-fixed-point --disable-multilib --disable-sim --enable-languages=c --with-abi=64 --with-float=soft --with-mips-plt 40 | make -j$(nproc) all-gcc 41 | make install-gcc 42 | 43 | cd /root 44 | 45 | # Cleanup 46 | rm -rf /usr/src 47 | -------------------------------------------------------------------------------- /ci/release_body.md: -------------------------------------------------------------------------------- 1 | Changelog 2 | ------------ 3 | ```TODO: Add changelog``` 4 | 5 | Versions 6 | --------- 7 | | Name | Version | 8 | | ------------ | ------------------ | 9 | | Module | {{MODULE_VERSION}} | 10 | | Tools | {{TOOLS_VERSION}} | 11 | | EdgeOS v1 | {{FIRMWARE_ER_v1}} | 12 | | EdgeOS v2 | {{FIRMWARE_ER_v2}} | 13 | | USG firmware | {{FIRMWARE_UGW}} | 14 | 15 | See below for binaries. 16 | 17 | **IMPORTANT:** EdgeOS devices have different packages, one for EdgeOS {{FIRMWARE_ER_v1}} (marked v1) and one for EdgeOS {{FIRMWARE_ER_v2}}. Make sure to download the right one. The installer will produce an error if you use the wrong version. 18 | 19 | Device names 20 | --------------- 21 | 22 | The naming scheme for source packages is a bit counter intuitive. Here is a list to find out which package is for your device. 23 | 24 | E50: 25 | - EdgeRouter X (ER-X) 26 | - EdgeRouter X SFP (ER-X-SFP) 27 | - EdgeRouter 10 X (ER-10X) 28 | - EdgePoint 6 (EP‑R6) 29 | 30 | E100: 31 | - EdgeRouter Lite 32 | - EdgeRouter PoE 33 | 34 | E200: 35 | - EdgeRouter 8 36 | - EdgeRouter Pro 37 | 38 | E300: 39 | - EdgeRouter 4 40 | - EdgeRouter 6P 41 | - EdgeRouter 12 42 | 43 | E1000: 44 | - EdgeRouter Infinity 45 | 46 | UGW3: 47 | - UniFi Security Gateway 48 | 49 | UGW4: 50 | - UniFi Security Gateway Pro 4 51 | 52 | UGWXG: 53 | - UniFi Security Gateway XG 8 54 | 55 | UnifiOS: 56 | - UniFi Dream Machine (UDM) 57 | - UniFi Dream Machine Pro (UDM-Pro) 58 | - UniFi Dream Machine Special Edition (UDM-SE) 59 | - UniFi Dream Router (UDR) 60 | - UniFi Next-Gen Gateway (UXG-Pro) 61 | -------------------------------------------------------------------------------- /ci/tools-toolchain.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -ex 2 | 3 | # FROM: https://github.com/Lochnair/dockerfiles/tree/musl-buildenv 4 | 5 | BUILD_ROOT="/usr/src/build" 6 | SRC_ROOT="/usr/src/sources" 7 | 8 | # Download source archives 9 | mkdir -p $BUILD_ROOT/binutils $BUILD_ROOT/gcc $BUILD_ROOT/musl $SRC_ROOT 10 | cd /usr/src 11 | wget -nv \ 12 | http://ftp.gnu.org/gnu/binutils/binutils-$BINUTILS_VER.tar.xz \ 13 | http://ftp.gnu.org/gnu/gcc/gcc-$GCC_VER/gcc-$GCC_VER.tar.xz \ 14 | http://ftp.gnu.org/gnu/gmp/gmp-$GMP_VER.tar.xz \ 15 | http://isl.gforge.inria.fr/isl-$ISL_VER.tar.xz \ 16 | https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-$KERNEL_VER.tar.xz \ 17 | http://ftp.gnu.org/gnu/mpc/mpc-$MPC_VER.tar.gz \ 18 | http://ftp.gnu.org/gnu/mpfr/mpfr-$MPFR_VER.tar.xz \ 19 | https://www.musl-libc.org/releases/musl-$MUSL_VER.tar.gz 20 | 21 | 22 | # Extract source archives 23 | cd $SRC_ROOT 24 | for file in ../*.tar.*; do tar xf "$file"; done 25 | 26 | # Create symlinks to GCC dependencies 27 | cd $SRC_ROOT/gcc-$GCC_VER 28 | ln -s ../gmp-$GMP_VER gmp 29 | ln -s ../isl-$ISL_VER isl 30 | ln -s ../mpc-$MPC_VER mpc 31 | ln -s ../mpfr-$MPFR_VER mpfr 32 | 33 | # Kernel headers 34 | cd $SRC_ROOT/linux-$KERNEL_VER 35 | make ARCH=mips INSTALL_HDR_PATH=/opt/cross/$TARGET/ headers_install 36 | 37 | # Binutils 38 | cd $BUILD_ROOT/binutils 39 | $SRC_ROOT/binutils-$BINUTILS_VER/configure --prefix=/opt/cross --target=$TARGET --disable-multilib --disable-werror 40 | make -j$(nproc) 41 | make install 42 | 43 | # GCC - stage 1 44 | cd $BUILD_ROOT/gcc 45 | $SRC_ROOT/gcc-$GCC_VER/configure --prefix=/opt/cross --target=$TARGET --disable-multilib --disable-sim --enable-languages=c,c++ --with-abi=32 --with-mips-plt 46 | make -j$(nproc) all-gcc 47 | make install-gcc 48 | 49 | # musl - stage 1 50 | cd $BUILD_ROOT/musl 51 | $SRC_ROOT/musl-$MUSL_VER/configure --prefix=/opt/cross/$TARGET/ --host=$TARGET 52 | make obj/crt/crt1.o 53 | make obj/crt/mips/crti.o 54 | make obj/crt/mips/crtn.o 55 | install obj/crt/crt1.o /opt/cross/$TARGET/lib 56 | install obj/crt/mips/* /opt/cross/$TARGET/lib 57 | $TARGET-gcc -nostdlib -nostartfiles -shared -x c /dev/null -o /opt/cross/$TARGET/lib/libc.so 58 | make install-headers 59 | 60 | # GCC - stage 2 61 | cd $BUILD_ROOT/gcc 62 | make -j$(nproc) all-target-libgcc 63 | make install-target-libgcc 64 | 65 | # musl - stage 2 66 | cd $BUILD_ROOT/musl 67 | $SRC_ROOT/musl-$MUSL_VER/configure --prefix=/opt/cross/$TARGET/ --host=$TARGET 68 | make -j$(nproc) 69 | make install 70 | 71 | # GCC - stage 3 72 | cd $BUILD_ROOT/gcc 73 | make -j$(nproc) 74 | make install 75 | cd /root 76 | 77 | # Cleanup 78 | rm -rf /usr/src 79 | -------------------------------------------------------------------------------- /ci/ubnt-source.json: -------------------------------------------------------------------------------- 1 | { 2 | "e50": { 3 | "1": "https://dl.ui.com/firmwares/edgemax/v1.10.11/gpl/GPL.ER-e50.v1.10.11.5274269.tar.bz2", 4 | "2": "https://dl.ui.com/firmwares/edgemax/v2.0.9/gpl/GPL.ER-e50.v2.0.9.5346345.tar.bz2" 5 | }, 6 | "e100": { 7 | "1": "https://dl.ui.com/firmwares/edgemax/v1.10.11/gpl/GPL.ER-e100.v1.10.11.5274249.tar.bz2", 8 | "2": "https://dl.ui.com/firmwares/edgemax/v2.0.9/gpl/GPL.ER-e100.v2.0.9.5346345.tar.bz2" 9 | }, 10 | "e200": { 11 | "1": "https://dl.ui.com/firmwares/edgemax/v1.10.11/gpl/GPL.ER-e200.v1.10.11.5274249.tar.bz2", 12 | "2": "https://dl.ui.com/firmwares/edgemax/v2.0.9/gpl/GPL.ER-e200.v2.0.9.5346345.tar.bz2" 13 | }, 14 | "e300": { 15 | "1": "https://dl.ui.com/firmwares/edgemax/v1.10.11/gpl/GPL.ER-e300.v1.10.11.5274269.tar.bz2", 16 | "2": "https://dl.ui.com/firmwares/edgemax/v2.0.9/gpl/GPL.ER-e300.v2.0.9.5346345.tar.bz2" 17 | }, 18 | "e1000": { 19 | "1": "https://dl.ui.com/firmwares/edgemax/v1.10.11/gpl/GPL.ER-e1000.v1.10.11.5274249.tar.bz2", 20 | "2": "https://dl.ui.com/firmwares/edgemax/v2.0.9/gpl/GPL.ER-e1000.v2.0.9.5346345.tar.bz2" 21 | }, 22 | "ugw3": { 23 | "1": "https://dl.ui.com/unifi/firmware/UGW3/4.4.50.5272448/GPL.UGW3.v4.4.50.5272448.tbz2" 24 | }, 25 | "ugw4": { 26 | "1": "https://dl.ui.com/unifi/firmware/UGW4/4.4.50.5272479/GPL.UGW4.v4.4.50.5272479.tbz2" 27 | }, 28 | "ugwxg": { 29 | "1": "https://dl.ui.com/unifi/firmware/UGWXG/4.4.50.5272479/GPL.UGWXG.v4.4.50.5272479.tbz2" 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | Package: wireguard 2 | Source: wireguard 3 | Version: PACKAGE_VERSION-PACKAGE_RELEASE 4 | Architecture: PACKAGE_ARCH 5 | Maintainer: Jason A. Donenfeld 6 | Section: net 7 | Homepage: https://www.wireguard.com 8 | Description: fast, modern, secure kernel VPN tunnel 9 | WireGuard is a novel VPN that runs inside the Linux Kernel and uses 10 | state-of-the-art cryptography (the "Noise" protocol). It aims to be 11 | faster, simpler, leaner, and more useful than IPSec, while avoiding 12 | the massive headache. It intends to be considerably more performant 13 | than OpenVPN. WireGuard is designed as a general purpose VPN for 14 | running on embedded interfaces and super computers alike, fit for 15 | many different circumstances. It runs over UDP. 16 | -------------------------------------------------------------------------------- /debian/postinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | depmod -a 3 | -------------------------------------------------------------------------------- /debian/postrm: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | if [ "$1" = "remove" -o "$1" = "abort-install" -o "$1" = "disappear" ] \ 3 | && [ -n "$(dpkg-divert --list wireguard)" ]; then 4 | dpkg-divert --package wireguard --rename --remove \ 5 | /opt/vyatta/share/perl5/Vyatta/Interface.pm 6 | dpkg-divert --package wireguard --rename --remove \ 7 | /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp/interface-type/node.def 8 | dpkg-divert --package wireguard --rename --remove \ 9 | /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp6/interface-type/node.def 10 | fi 11 | -------------------------------------------------------------------------------- /debian/preinst: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | case "$1" in 4 | install|upgrade) 5 | if [ "$(uname -r)" != "KERNEL_VER" ]; then 6 | echo "This package contains the wireguard kernel modules for KERNEL_VER, you're trying to install it on $(uname -r). Aborting." 7 | exit 1 8 | fi 9 | ;; 10 | esac 11 | 12 | if [ "$1" = "install" ] || dpkg --compare-versions "$(dpkg-query --showformat='${Version}' --show wireguard)" lt "0.0.20171111-1"; then 13 | dpkg-divert --package wireguard --rename \ 14 | --divert /opt/vyatta/share/perl5/Vyatta/Interface.pm.vyatta \ 15 | --add /opt/vyatta/share/perl5/Vyatta/Interface.pm 16 | fi 17 | 18 | if [ "$1" = "install" ] || dpkg --compare-versions "$(dpkg-query --showformat='${Version}' --show wireguard)" lt "0.0.20180731-1"; then 19 | dpkg-divert --package wireguard --rename \ 20 | --divert /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp/interface-type/node.def.vyatta \ 21 | --add /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp/interface-type/node.def 22 | fi 23 | 24 | if [ "$1" = "install" ] || dpkg --compare-versions "$(dpkg-query --showformat='${Version}' --show wireguard)" lt "0.0.20191219-1"; then 25 | dpkg-divert --package wireguard --rename \ 26 | --divert /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp6/interface-type/node.def.vyatta \ 27 | --add /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp6/interface-type/node.def 28 | fi 29 | -------------------------------------------------------------------------------- /opt/vyatta/sbin/vyatta-check-allowed-ips.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | use lib "/opt/vyatta/share/perl5/"; 4 | use Vyatta::Config; 5 | 6 | use NetAddr::IP qw(:lower); 7 | use Getopt::Long; 8 | 9 | use strict; 10 | 11 | sub usage { 12 | print "Usage: ${0} --intf [--peer ]\n"; 13 | exit 1; 14 | } 15 | 16 | my ($intf, $peer); 17 | 18 | GetOptions("intf=s" => \$intf, 19 | "peer=s" => \$peer, 20 | ) or usage(); 21 | 22 | usage() unless $intf; 23 | if ($intf =~ /^(wg\d{0,3})$/) { 24 | $intf = $1; 25 | } else { 26 | die "Invalid interface"; 27 | } 28 | check_peer($intf, $peer) if $intf && $peer; 29 | check_interface($intf) if $intf && !$peer; 30 | 31 | exit 0; 32 | 33 | # Validate that allowed-ips are assigned to only one peer on an interface 34 | sub check_interface { 35 | my ($intf) = @_; 36 | my @allowed_ips; 37 | my $config = new Vyatta::Config; 38 | my $path = "interfaces wireguard ${intf}"; 39 | die "${0} error: invalid interface\n" unless $config->exists($path); 40 | 41 | # Get allowed-ips for all peers on the interface 42 | $config->setLevel("${path} peer"); 43 | check_peer($intf, $_) for $config->listNodes(); 44 | push @allowed_ips, peer_allowed_ips("${path} peer ${_}") for $config->listNodes(); 45 | 46 | # Get array containing any duplicate members of @allowed_ips 47 | my @duplicates = duplicates(@allowed_ips); 48 | 49 | # If there are duplicates raise an error message for each and die. 50 | # IPv6 addresses are converted to their short format to comply with RFC5952 51 | if (@duplicates) { 52 | my $err_str; 53 | foreach (@duplicates) { 54 | $err_str .= "Error: Allowed IP " . ($_->version() == 4 ? $_ : $_->short()) . " assigned to multiple peers on interface ${intf}\n"; 55 | } 56 | die $err_str; 57 | } 58 | 59 | return; 60 | } 61 | 62 | # Validate that peer doesn't contain duplicate allowed-ips 63 | sub check_peer { 64 | my ($intf, $peer) = @_; 65 | my $config = new Vyatta::Config; 66 | my $path = "interfaces wireguard ${intf} peer ${peer}"; 67 | die "${0} error: invalid interface and/or peer\n" unless $config->exists($path); 68 | 69 | # Get allowed-ips for the peer 70 | my @allowed_ips = peer_allowed_ips($path); 71 | 72 | # Get array containing any duplicate members of @allowed_ips 73 | my @duplicates = duplicates(@allowed_ips); 74 | 75 | # If there are duplicates raise an error message for each and die. 76 | # IPv6 addresses are converted to their short format to comply with RFC5952 77 | if (@duplicates) { 78 | my $err_str; 79 | foreach (@duplicates) { 80 | $err_str .= "Error: Allowed IP " . ($_->version() == 4 ? $_ : $_->short()) . " appears multiple times on interface ${intf} peer ${peer}\n"; 81 | } 82 | die $err_str; 83 | } 84 | 85 | $config->setLevel("interfaces wireguard ${intf}"); 86 | if ($config->returnValue("route-allowed-ips") eq "true") { 87 | my $conflict = check_routes(@allowed_ips); 88 | if ($conflict) { 89 | die "Error: Allowed IP " . $conflict . " on interface ${intf} peer ${peer} conflicts with an existing route. route-allowed-ips cannot be enabled.\n"; 90 | } 91 | } 92 | 93 | return; 94 | } 95 | 96 | sub check_routes { 97 | my (@allowed_ips) = @_; 98 | 99 | $ENV{"PATH"}="/bin:/usr/bin"; 100 | my @routes = `/bin/ip route show | grep -v ${intf} | cut -d ' ' -f1`; 101 | chomp @routes; 102 | 103 | foreach my $ip (@allowed_ips) { 104 | $ip = "default" if $ip eq "0.0.0.0/0"; 105 | return $ip if grep { /^$ip/ } @routes; 106 | } 107 | return; 108 | } 109 | 110 | # Returns an array containing all allowed-ips assigned to a peer 111 | sub peer_allowed_ips { 112 | my ($peer) = @_; 113 | my @allowed_ips; 114 | 115 | my $config = new Vyatta::Config; 116 | $config->setLevel($peer); 117 | my @peer_allowed_ips = $config->returnValues("allowed-ips"); 118 | foreach (@peer_allowed_ips) { 119 | push @allowed_ips, new NetAddr::IP->new($_) for split(/,/, $_); 120 | } 121 | 122 | return @allowed_ips; 123 | } 124 | 125 | # Return an array containing any non-unique members of the provided array 126 | sub duplicates { 127 | my (@array) = @_; 128 | my %seen; 129 | 130 | return grep { $seen{ $_ }++ } @array; 131 | } 132 | -------------------------------------------------------------------------------- /opt/vyatta/share/perl5/Vyatta/Interface.pm: -------------------------------------------------------------------------------- 1 | # Author: Stephen Hemminger 2 | # Date: 2009 3 | # Description: vyatta interface management 4 | 5 | # **** License **** 6 | # This program is free software; you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License version 2 as 8 | # published by the Free Software Foundation. 9 | # 10 | # This program is distributed in the hope that it will be useful, but 11 | # WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 | # General Public License for more details. 14 | # 15 | # This code was originally developed by Vyatta, Inc. 16 | # Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. 17 | # All Rights Reserved. 18 | # **** End License **** 19 | 20 | package Vyatta::Interface; 21 | 22 | use strict; 23 | use warnings; 24 | use Vyatta::Config; 25 | use Vyatta::Misc; 26 | use base 'Exporter'; 27 | our @EXPORT = qw(IFF_UP IFF_BROADCAST IFF_DEBUG IFF_LOOPBACK 28 | IFF_POINTOPOINT IFF_RUNNING IFF_NOARP 29 | IFF_PROMISC IFF_MULTICAST); 30 | 31 | 32 | use constant { 33 | IFF_UP => 0x1, # interface is up 34 | IFF_BROADCAST => 0x2, # broadcast address valid 35 | IFF_DEBUG => 0x4, # turn on debugging 36 | IFF_LOOPBACK => 0x8, # is a loopback net 37 | IFF_POINTOPOINT => 0x10, # interface is has p-p link 38 | IFF_NOTRAILERS => 0x20, # avoid use of trailers 39 | IFF_RUNNING => 0x40, # interface RFC2863 OPER_UP 40 | IFF_NOARP => 0x80, # no ARP protocol 41 | IFF_PROMISC => 0x100, # receive all packets 42 | IFF_ALLMULTI => 0x200, # receive all multicast packets 43 | IFF_MASTER => 0x400, # master of a load balancer 44 | IFF_SLAVE => 0x800, # slave of a load balancer 45 | IFF_MULTICAST => 0x1000, # Supports multicast 46 | IFF_PORTSEL => 0x2000, # can set media type 47 | IFF_AUTOMEDIA => 0x4000, # auto media select active 48 | IFF_DYNAMIC => 0x8000, # dialup device with changing addresses 49 | IFF_LOWER_UP => 0x10000, # driver signals L1 up 50 | IFF_DORMANT => 0x20000, # driver signals dormant 51 | IFF_ECHO => 0x40000, # echo sent packets 52 | }; 53 | 54 | # 55 | # Mapping from name to attributes 56 | # path: configuration level below interfaces 57 | # vif: places to look for vif (if any) 58 | my %net_prefix = ( 59 | '^adsl[\d]+$' => { path => 'adsl', 60 | vif => 'vif', }, 61 | '^bond[\d]+$' => { path => 'bonding', 62 | vif => 'vif', }, 63 | '^br[\d]+$' => { path => 'bridge', 64 | vif => 'vif' }, 65 | '^eth[\d]+$' => { path => 'ethernet', 66 | vif => 'vif', }, 67 | '^lo$' => { path => 'loopback' }, 68 | '^ml[\d]+$' => { path => 'multilink', 69 | vif => 'vif', }, 70 | '^vtun[\d]+$' => { path => 'openvpn' }, 71 | '^v6tun[\d]+$' => { path => 'ipv6-tunnel' }, 72 | '^pptpc[\d]+$' => { path => 'pptp-client' }, 73 | '^wan[\d]+$' => { path => 'serial', 74 | vif => ( 'cisco-hdlc vif', 'ppp vif', 75 | 'frame-relay vif' ), }, 76 | '^tun[\d]+$' => { path => 'tunnel' }, 77 | '^vti[\d]+$' => { path => 'vti' }, 78 | '^wlm[\d]+$' => { path => 'wireless-modem' }, 79 | '^peth[\d]+$' => { path => 'pseudo-ethernet', 80 | vif => 'vif', }, 81 | '^wlan[\d]+$' => { path => 'wireless', vif => 'vif' }, 82 | '^ifb[\d]+$' => { path => 'input' }, 83 | '^switch[\d]+$' => { path => 'switch', vif => 'vif' }, 84 | '^l2tpeth[\d]+$' => { path => 'l2tpv3' }, 85 | '^wg[\d]+$' => { path => 'wireguard' }, 86 | ); 87 | 88 | # get list of interface types (only used in usage function) 89 | sub interface_types { 90 | my @types = map { $net_prefix{$_}{path} } keys %net_prefix; 91 | return @types; 92 | } 93 | 94 | # check to see if an address is unique in the working configuration 95 | sub is_uniq_address { 96 | my $ip = pop(@_); 97 | my @cfgifs = get_all_cfg_interfaces(); 98 | my $config = new Vyatta::Config; 99 | my %addr_hash = (); 100 | foreach my $intf ( @cfgifs ) { 101 | my $addrs = [ ]; 102 | my $path = "$intf->{'path'}"; 103 | if ($path =~ /openvpn/) { 104 | $addrs = [$config->listNodes("$path local-address")]; 105 | } else { 106 | $addrs = [$config->returnValues("$path address")]; 107 | } 108 | foreach my $addr ( @{$addrs} ){ 109 | if (not exists $addr_hash{$addr}){ 110 | $addr_hash{$addr} = { _intf => [ $intf->{name} ] }; 111 | } else { 112 | $addr_hash{$addr}->{_intf} = 113 | [ @{$addr_hash{$addr}->{_intf}}, $intf->{name} ]; 114 | } 115 | } 116 | } 117 | return ((scalar @{$addr_hash{$ip}->{_intf}}) <= 1); 118 | } 119 | 120 | # get all configured interfaces (in active or working configuration) 121 | sub get_all_cfg_interfaces { 122 | my ($in_active) = @_; 123 | my $vfunc = ($in_active ? 'listOrigNodes' : 'listNodes'); 124 | 125 | my $cfg = new Vyatta::Config; 126 | my @ret_ifs = (); 127 | for my $pfx (keys %net_prefix) { 128 | my ($type, $vif) = ($net_prefix{$pfx}->{path}, $net_prefix{$pfx}->{vif}); 129 | my @vifs = (defined($vif) 130 | ? ((ref($vif) eq 'ARRAY') ? @{$vif} 131 | : ($vif)) 132 | : ()); 133 | for my $tif ($cfg->$vfunc("interfaces $type")) { 134 | push @ret_ifs, { 'name' => $tif, 'path' => "interfaces $type $tif" }; 135 | for my $vpath (@vifs) { 136 | for my $vnum ($cfg->$vfunc("interfaces $type $tif $vpath")) { 137 | push @ret_ifs, { 'name' => "$tif.$vnum", 138 | 'path' => "interfaces $type $tif $vpath $vnum" }; 139 | } 140 | } 141 | } 142 | } 143 | 144 | # now special cases for pppo*/adsl 145 | for my $eth ($cfg->$vfunc('interfaces ethernet')) { 146 | for my $ep ($cfg->$vfunc("interfaces ethernet $eth pppoe")) { 147 | push @ret_ifs, { 'name' => "pppoe$ep", 148 | 'path' => "interfaces ethernet $eth pppoe $ep" }; 149 | } 150 | } 151 | for my $a ($cfg->$vfunc('interfaces adsl')) { 152 | for my $p ($cfg->$vfunc("interfaces adsl $a pvc")) { 153 | for my $t ($cfg->$vfunc("interfaces adsl $a pvc $p")) { 154 | if ($t eq 'classical-ipoa' or $t eq 'bridged-ethernet') { 155 | # classical-ipoa or bridged-ethernet 156 | push @ret_ifs, 157 | { 'name' => $a, 158 | 'path' => "interfaces adsl $a pvc $p $t" }; 159 | next; 160 | } 161 | # pppo[ea] 162 | for my $i ($cfg->$vfunc("interfaces adsl $a pvc $p $t")) { 163 | push @ret_ifs, 164 | { 'name' => "$t$i", 165 | 'path' => "interfaces adsl $a pvc $p $t $i" }; 166 | } 167 | } 168 | } 169 | } 170 | 171 | return @ret_ifs; 172 | } 173 | 174 | # Read ppp config to fine associated interface for ppp device 175 | sub _ppp_intf { 176 | my $dev = shift; 177 | my $intf; 178 | 179 | open (my $ppp, '<', "/etc/ppp/peers/$dev") 180 | or return; # no such device 181 | 182 | while (<$ppp>) { 183 | chomp; 184 | # looking for line like: 185 | # interface 186 | next unless /^#interface (.*)/; 187 | $intf = $1; 188 | last; 189 | } 190 | close $ppp; 191 | 192 | return $intf; 193 | } 194 | 195 | # Go path hunting to find ppp device 196 | sub ppp_path { 197 | my $self = shift; 198 | 199 | return unless ($self->{name} =~ /^(pppo[ae]s?)(\d+)/); 200 | my $type = $1; 201 | my $id = $2; 202 | 203 | my $intf = _ppp_intf($self->{name}); 204 | return unless $intf; 205 | 206 | my $config = new Vyatta::Config; 207 | if ($type eq 'pppoe') { 208 | my $path; 209 | if ($intf =~ /^(eth\d+)\.(\d+)/) { 210 | $path = "interfaces ethernet $1 vif $2 pppoe $id"; 211 | } elsif ($intf =~ /^(eth\d+)/) { 212 | $path = "interfaces ethernet $intf pppoe $id"; 213 | } elsif ($intf =~ /(peth\d+)/) { 214 | $path = "interfaces pseudo-ethernet $intf pppoe $id"; 215 | } elsif ($intf =~ /(switch\d+)/) { 216 | $path = "interfaces switch $intf pppoe $id"; 217 | } elsif ($intf =~ /(switch\d+)\.(\d+)/) { 218 | $path = "interfaces switch $1 vif $2 pppoe $id"; 219 | } elsif ($intf =~ /(bridge\d+)/) { 220 | $path = "interfaces bridge $intf pppoe $id"; 221 | } elsif ($intf =~ /(bridge\d+)\.(\d+)/) { 222 | $path = "interfaces bridge $1 vif $2 pppoe $id"; 223 | } 224 | return $path if defined $path; 225 | } 226 | 227 | return; 228 | } 229 | 230 | # new interface description object 231 | sub new { 232 | my $that = shift; 233 | my $name = pop; 234 | my $class = ref($that) || $that; 235 | my ($dev, $vif); 236 | 237 | # need argument to constructor 238 | return unless $name; 239 | 240 | # Special case for ppp devices 241 | if ($name =~ /^(pppo[ae]s?)(\d+)/ or $name =~ /^(pptp)(\d+)/ or $name =~ /^(l2tp)(\d+)/) { 242 | my $type = $1; 243 | 244 | my $self = { 245 | name => $name, 246 | type => $type, 247 | dev => $name, 248 | }; 249 | bless $self, $class; 250 | return $self; 251 | } 252 | 253 | # Strip off vif from name 254 | if ( $name =~ m/(\w+)\.(\d+)/ ) { 255 | $dev = $1; 256 | $vif = $2; 257 | } else { 258 | $dev = $name; 259 | } 260 | 261 | foreach my $prefix (keys %net_prefix) { 262 | next unless $dev =~ /$prefix/; 263 | my $type = $net_prefix{$prefix}{path}; 264 | my $vifpath = $net_prefix{$prefix}{vif}; 265 | 266 | # Interface name has vif, but this type doesn't support vif! 267 | return if ( defined($vif) && !$vifpath ); 268 | 269 | # Check path if given 270 | return if ( $#_ >= 0 && join( ' ', @_ ) ne $type ); 271 | 272 | my $path = "interfaces $type $dev"; 273 | $path .= " $vifpath $vif" if defined($vif); 274 | 275 | my $self = { 276 | name => $name, 277 | type => $type, 278 | path => $path, 279 | dev => $dev, 280 | vif => $vif, 281 | }; 282 | 283 | bless $self, $class; 284 | return $self; 285 | } 286 | 287 | return; # nothing 288 | } 289 | 290 | ## Field accessors 291 | sub name { 292 | my $self = shift; 293 | return $self->{name}; 294 | } 295 | 296 | sub path { 297 | my $self = shift; 298 | my $path = $self->{path}; 299 | 300 | return $path if defined($path); 301 | 302 | # Go path hunting to find ppp device 303 | return ppp_path($self); 304 | } 305 | 306 | sub vif { 307 | my $self = shift; 308 | return $self->{vif}; 309 | } 310 | 311 | sub physicalDevice { 312 | my $self = shift; 313 | return $self->{dev}; 314 | } 315 | 316 | sub type { 317 | my $self = shift; 318 | return $self->{type}; 319 | } 320 | 321 | ## Configuration checks 322 | 323 | sub configured { 324 | my $self = shift; 325 | my $config = new Vyatta::Config; 326 | 327 | return $config->exists( $self->{path} ); 328 | } 329 | 330 | sub disabled { 331 | my $self = shift; 332 | my $config = new Vyatta::Config; 333 | 334 | $config->setLevel( $self->{path} ); 335 | return $config->exists("disable"); 336 | } 337 | 338 | sub mtu { 339 | my $self = shift; 340 | my $config = new Vyatta::Config; 341 | 342 | $config->setLevel( $self->{path} ); 343 | return $config->returnValue("mtu"); 344 | } 345 | 346 | sub using_dhcp { 347 | my $self = shift; 348 | my $config = new Vyatta::Config; 349 | $config->setLevel( $self->{path} ); 350 | 351 | my @addr = grep { $_ eq 'dhcp' } $config->returnOrigValues('address'); 352 | 353 | return if ($#addr < 0); 354 | return $addr[0]; 355 | } 356 | 357 | sub bridge_grp { 358 | my $self = shift; 359 | my $config = new Vyatta::Config; 360 | 361 | $config->setLevel( $self->{path} ); 362 | return $config->returnValue("bridge-group bridge"); 363 | } 364 | 365 | ## System checks 366 | 367 | # return array of current addresses (on system) 368 | sub address { 369 | my ($self, $type) = @_; 370 | 371 | return Vyatta::Misc::getIP($self->{name}, $type); 372 | } 373 | 374 | sub exists { 375 | my $self = shift; 376 | 377 | return ( -d "/sys/class/net/$self->{name}" ); 378 | } 379 | 380 | sub flags { 381 | my $self = shift; 382 | 383 | open my $flags, '<', "/sys/class/net/$self->{name}/flags" 384 | or return; 385 | 386 | my $val = <$flags>; 387 | chomp $val; 388 | close $flags; 389 | return hex($val); 390 | } 391 | 392 | sub carrier { 393 | my $self = shift; 394 | 395 | my $carrier; 396 | my $val; 397 | if ($self->{name} =~ /^eth(\d+)$/) { 398 | $val = `/usr/sbin/ubnt-ifctl get-carrier eth$1`; 399 | chomp $val; 400 | $val = 0 if ! defined $val; 401 | $val = 0 if $val < 0; 402 | return $val; 403 | } else { 404 | open $carrier, '<', "/sys/class/net/$self->{name}/carrier" 405 | or return; 406 | } 407 | 408 | $val = <$carrier>; 409 | $val = 0 if ! defined $val; # proc entry not readable on down interface 410 | chomp $val; 411 | close $carrier; 412 | return $val; 413 | } 414 | 415 | sub hw_address { 416 | my $self = shift; 417 | 418 | open my $addrf, '<', "/sys/class/net/$self->{name}/address" 419 | or return; 420 | my $address = <$addrf>; 421 | close $addrf; 422 | 423 | chomp $address if $address; 424 | return $address; 425 | } 426 | 427 | sub is_broadcast { 428 | my $self = shift; 429 | return $self->flags() & IFF_BROADCAST; 430 | } 431 | 432 | sub is_multicast { 433 | my $self = shift; 434 | return $self->flags() & IFF_MULTICAST; 435 | } 436 | 437 | sub is_pointtopoint { 438 | my $self = shift; 439 | return $self->flags() & IFF_POINTOPOINT; 440 | } 441 | 442 | sub is_loopback { 443 | my $self = shift; 444 | return $self->flags() & IFF_LOOPBACK; 445 | } 446 | 447 | # device exists and is online 448 | sub up { 449 | my $self = shift; 450 | my $flags = $self->flags(); 451 | 452 | return $flags && ( $flags & IFF_UP ); 453 | } 454 | 455 | # device exists and is running (ie carrier present) 456 | sub running { 457 | my $self = shift; 458 | my $flags = $self->flags(); 459 | 460 | return $flags && ( $flags & IFF_RUNNING ); 461 | } 462 | 463 | # device description information in kernel (future use) 464 | sub description { 465 | my $self = shift; 466 | 467 | return interface_description($self->{name}); 468 | } 469 | 470 | 1; 471 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp/interface-type/node.def: -------------------------------------------------------------------------------- 1 | multi: 2 | type: txt 3 | help: Interface type(s) 4 | syntax:expression: $VAR(@) in "pppoe", "pptp", "tun", "vti", "wg", "all"; \ 5 | "Interface type must be \"pppoe\", \"pptp\", \"tun\", \"vti\", \"wg\", or \"all\"" 6 | 7 | val_help: pppoe; PPPoE interfaces 8 | val_help: pptp; PPtP interfaces 9 | val_help: tun; Tunnel interfaces 10 | val_help: vti; Virtual Tunnel Interface 11 | val_help: wg; WireGuard interfaces 12 | val_help: all; All interfaces 13 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/firewall/options/mss-clamp6/interface-type/node.def: -------------------------------------------------------------------------------- 1 | multi: 2 | type: txt 3 | help: Interface type(s) 4 | syntax:expression: $VAR(@) in "pppoe", "pptp", "tun", "v6tun", "wg", "all"; \ 5 | "Interface type must be \"pppoe\", \"pptp\", \"tun\", \"v6tun\", \"wg\" or \"all\"" 6 | 7 | val_help: pppoe; PPPoE interfaces 8 | val_help: pptp; PPtP interfaces 9 | val_help: tun; Tunnel interfaces 10 | val_help: v6tun; IPv6 tunnel interfaces 11 | val_help: wg; WireGuard interfaces 12 | val_help: all; All interfaces 13 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.def: -------------------------------------------------------------------------------- 1 | tag: 2 | priority: 459 3 | type: txt 4 | help: WireGuard interface name 5 | val_help: ; WireGuard interface name 6 | syntax:expression: pattern $VAR(@) "^wg[0-9]+$" \ 7 | ; "wg must be (wg0-wg999)" 8 | 9 | end: /opt/wireguard/interface.sh "$COMMIT_ACTION" "$VAR(@)" 10 | 11 | commit:expression: $VAR(./private-key) != "" ; 12 | "Private key must be specified for $VAR(@)" 13 | 14 | commit:expression: exec "${vyatta_sbindir}/vyatta-check-allowed-ips.pl --intf $VAR(@)" 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/address/node.def: -------------------------------------------------------------------------------- 1 | multi: 2 | priority: 460 # Run after interface has been configured 3 | type: ipv4net,ipv6net 4 | val_help: ipv4net; IPv4 address and prefix length 5 | val_help: ipv6net; IPv6 address and prefix length 6 | help: IP address 7 | 8 | syntax:expression: exec "/opt/vyatta/sbin/valid_address $VAR(@)" 9 | 10 | commit:expression: exec "sudo /opt/vyatta/sbin/vyatta-interfaces.pl --valid-addr-commit $VAR(@@) --dev $VAR(../@)" 11 | 12 | create: /opt/wireguard/interface.sh "$COMMIT_ACTION" "$VAR(../@)" "address" "$VAR(@)" 13 | 14 | delete: /opt/wireguard/interface.sh "$COMMIT_ACTION" "$VAR(../@)" "address" "$VAR(@)" 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/bandwidth/constraint/class-type/node.def: -------------------------------------------------------------------------------- 1 | tag: 2 | help: DSTE Class Type name which bandwidth associated with 3 | type: txt 4 | val_help: DSTE Class Type name which bandwidth associated with 5 | commit:expression: exec "/usr/sbin/ubnt-mpls.pl --check-class-type-configured --class-type $VAR(@)" 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/bandwidth/constraint/class-type/node.tag/bandwidth/node.def: -------------------------------------------------------------------------------- 1 | help: bandwidth constraint <1-10000000000 bits> (usable units : k, m, g) 2 | type: txt 3 | val_help: bandwidth constraint <1-10000000000 bits> (usable units : k, m, g) 4 | syntax:expression: exec "/usr/sbin/ubnt-interface --check-bw '$VAR(@)'" 5 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/bandwidth/constraint/node.def: -------------------------------------------------------------------------------- 1 | help: Bandwidth constraint for interface 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/bandwidth/maximum/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Maximum bandwidth for interface 3 | syntax:expression: exec "/usr/sbin/ubnt-interface --check-bw '$VAR(@)'" 4 | val_help: <1-10000000>k; Bandwidth in Kbps 5 | val_help: <1-10000>m; Bandwidth in Mbps 6 | val_help: <1-10>g; Bandwidth in Gbps 7 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/bandwidth/node.def: -------------------------------------------------------------------------------- 1 | priority: 460 2 | help: Bandwidth parameters 3 | end: sudo /usr/sbin/ubnt-interface.pl --update-bw --if-name=$VAR(../@) \ 4 | --if-path="interfaces wireguard" \ 5 | --template-path="interfaces wireguard var" \ 6 | --cfg-root-path="interfaces wireguard $VAR(../@)" 7 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/bandwidth/reservable/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Reservable bandwidth for interface 3 | syntax:expression: exec "/usr/sbin/ubnt-interface --check-bw '$VAR(@)'" 4 | val_help: <1-10000000>k; Reservable bandwidth in Kbps 5 | val_help: <1-10000>m; Reservable bandwidth in Mbps 6 | val_help: <1-10>g; Reservable bandwidth in Gbps 7 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/description/node.def: -------------------------------------------------------------------------------- 1 | priority: 460 2 | type: txt 3 | help: Description 4 | 5 | syntax:expression: pattern $VAR(@) "^.{1,256}$" \ 6 | ; "interface description is too long (limit 256 characters)" 7 | 8 | end: /opt/wireguard/interface.sh "$COMMIT_ACTION" "$VAR(../@)" "description" 9 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/disable/node.def: -------------------------------------------------------------------------------- 1 | help: Disable interface 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/down-command/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | priority: 460 3 | help: Script or command executed before the interface goes down 4 | val_help: txt; Command 5 | val_help: txt; Executable script in /config/scripts 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/in/ipv6-modify/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Inbound IPv6 modify ruleset name for interface 3 | allowed: local -a params 4 | eval "params=($(cli-shell-api listActiveNodes firewall ipv6-modify))" 5 | echo -n "${params[@]}" 6 | 7 | update: ifname=$VAR(../../../@) 8 | /usr/sbin/ubnt-fw update-interface \ 9 | update $ifname in $VAR(@) ipv6-modify 10 | 11 | 12 | delete: ifname=$VAR(../../../@) 13 | /usr/sbin/ubnt-fw update-interface \ 14 | delete $ifname in $VAR(@) ipv6-modify 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/in/ipv6-name/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Inbound IPv6 firewall ruleset name for interface 3 | allowed: local -a params 4 | eval "params=($(cli-shell-api listActiveNodes firewall ipv6-name))" 5 | echo -n "${params[@]}" 6 | 7 | update: ifname=$VAR(../../../@) 8 | /usr/sbin/ubnt-fw update-interface \ 9 | update $ifname in $VAR(@) ipv6-name 10 | 11 | 12 | delete: ifname=$VAR(../../../@) 13 | /usr/sbin/ubnt-fw update-interface \ 14 | delete $ifname in $VAR(@) ipv6-name 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/in/modify/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Inbound IPv4 modify ruleset name for interface 3 | allowed: local -a params 4 | eval "params=($(cli-shell-api listActiveNodes firewall modify))" 5 | echo -n "${params[@]}" 6 | 7 | update: ifname=$VAR(../../../@) 8 | /usr/sbin/ubnt-fw update-interface \ 9 | update $ifname in $VAR(@) modify 10 | 11 | 12 | delete: ifname=$VAR(../../../@) 13 | /usr/sbin/ubnt-fw update-interface \ 14 | delete $ifname in $VAR(@) modify 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/in/name/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Inbound IPv4 firewall ruleset name for interface 3 | allowed: local -a params 4 | eval "params=($(cli-shell-api listActiveNodes firewall name))" 5 | echo -n "${params[@]}" 6 | 7 | update: ifname=$VAR(../../../@) 8 | /usr/sbin/ubnt-fw update-interface \ 9 | update $ifname in $VAR(@) name 10 | 11 | 12 | delete: ifname=$VAR(../../../@) 13 | /usr/sbin/ubnt-fw update-interface \ 14 | delete $ifname in $VAR(@) name 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/in/node.def: -------------------------------------------------------------------------------- 1 | help: Ruleset for forwarded packets on inbound interface 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/local/ipv6-name/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Local IPv6 firewall ruleset name for interface 3 | allowed: local -a params 4 | eval "params=($(cli-shell-api listActiveNodes firewall ipv6-name))" 5 | echo -n "${params[@]}" 6 | 7 | update: ifname=$VAR(../../../@) 8 | /usr/sbin/ubnt-fw update-interface \ 9 | update $ifname local $VAR(@) ipv6-name 10 | 11 | 12 | delete: ifname=$VAR(../../../@) 13 | /usr/sbin/ubnt-fw update-interface \ 14 | delete $ifname local $VAR(@) ipv6-name 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/local/name/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Local IPv4 firewall ruleset name for interface 3 | allowed: local -a params 4 | eval "params=($(cli-shell-api listActiveNodes firewall name))" 5 | echo -n "${params[@]}" 6 | 7 | update: ifname=$VAR(../../../@) 8 | /usr/sbin/ubnt-fw update-interface \ 9 | update $ifname local $VAR(@) name 10 | 11 | 12 | delete: ifname=$VAR(../../../@) 13 | /usr/sbin/ubnt-fw update-interface \ 14 | delete $ifname local $VAR(@) name 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/local/node.def: -------------------------------------------------------------------------------- 1 | help: Ruleset for packets destined for this router 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/node.def: -------------------------------------------------------------------------------- 1 | help: Firewall options 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/out/ipv6-modify/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Outbound IPv6 modify ruleset name for interface 3 | allowed: local -a params 4 | eval "params=($(cli-shell-api listActiveNodes firewall ipv6-modify))" 5 | echo -n "${params[@]}" 6 | 7 | update: ifname=$VAR(../../../@) 8 | /usr/sbin/ubnt-fw update-interface \ 9 | update $ifname out $VAR(@) ipv6-modify 10 | 11 | 12 | delete: ifname=$VAR(../../../@) 13 | /usr/sbin/ubnt-fw update-interface \ 14 | delete $ifname out $VAR(@) ipv6-modify 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/out/ipv6-name/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Outbound IPv6 firewall ruleset name for interface 3 | allowed: local -a params 4 | eval "params=($(cli-shell-api listActiveNodes firewall ipv6-name))" 5 | echo -n "${params[@]}" 6 | 7 | update: ifname=$VAR(../../../@) 8 | /usr/sbin/ubnt-fw update-interface \ 9 | update $ifname out $VAR(@) ipv6-name 10 | 11 | 12 | delete: ifname=$VAR(../../../@) 13 | /usr/sbin/ubnt-fw update-interface \ 14 | delete $ifname out $VAR(@) ipv6-name 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/out/modify/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Outbound IPv4 modify ruleset name for interface 3 | allowed: local -a params 4 | eval "params=($(cli-shell-api listActiveNodes firewall modify))" 5 | echo -n "${params[@]}" 6 | 7 | update: ifname=$VAR(../../../@) 8 | /usr/sbin/ubnt-fw update-interface \ 9 | update $ifname out $VAR(@) modify 10 | 11 | 12 | delete: ifname=$VAR(../../../@) 13 | /usr/sbin/ubnt-fw update-interface \ 14 | delete $ifname out $VAR(@) modify 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/out/name/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Outbound IPv4 firewall ruleset name for interface 3 | allowed: local -a params 4 | eval "params=($(cli-shell-api listActiveNodes firewall name))" 5 | echo -n "${params[@]}" 6 | 7 | update: ifname=$VAR(../../../@) 8 | /usr/sbin/ubnt-fw update-interface \ 9 | update $ifname out $VAR(@) name 10 | 11 | 12 | delete: ifname=$VAR(../../../@) 13 | /usr/sbin/ubnt-fw update-interface \ 14 | delete $ifname out $VAR(@) name 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/firewall/out/node.def: -------------------------------------------------------------------------------- 1 | help: Ruleset for forwarded packets on outbound interface 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/fwmark/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | priority: 460 3 | help: A 32-bit fwmark for outgoing packets 4 | val_help: u32:0-255; Mark for outgoing packets 5 | val_help: hex_value/hex_mask; Mark for outgoing packets with mask 6 | syntax:expression: pattern $VAR(@) "^[^!]*$" ; "Modify mark can not be inverted with '!'" 7 | syntax:expression: exec "/usr/sbin/ubnt-fw-syntax valid-mark \"$VAR(@)\"" 8 | 9 | end: /opt/wireguard/interface.sh "$COMMIT_ACTION" "$VAR(../@)" "fwmark" 10 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/node.def: -------------------------------------------------------------------------------- 1 | priority: 460 2 | help: IPv4 routing parameters 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/authentication/md5/key-id/node.def: -------------------------------------------------------------------------------- 1 | tag: 2 | type: u32 3 | help: MD5 key id 4 | 5 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 255; "ID must be between (1-255)" 6 | val_help: u32:1-255; MD5 key id 7 | 8 | commit:expression: $VAR(md5-key/) != ""; \ 9 | "Must add the md5-key for key-id $VAR(@)" 10 | 11 | update:expression: "vtysh-set -i $VAR(../../../../../@) --noerr \ 12 | -c \"interface $VAR(../../../../../@)\" \ 13 | -c \"no ip ospf authentication\"; \ 14 | vtysh-set -i $VAR(../../../../../@) \ 15 | -c \"interface $VAR(../../../../../@)\" \ 16 | -c \"ip ospf authentication message-digest\"; " 17 | delete:expression: "vtysh-set -i $VAR(../../../../../@) --noerr \ 18 | -c \"interface $VAR(../../../../../@)\" \ 19 | -c \"no ip ospf authentication\"; " 20 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/authentication/md5/key-id/node.tag/md5-key/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: MD5 key 3 | syntax:expression: pattern $VAR(@) "^[^[:space:]]{1,16}$"; "MD5 key must be 16 characters or less" 4 | val_help: MD5 Key (16 characters or less) 5 | update:expression: "vtysh-set -i $VAR(../../../../../../@) --noerr \ 6 | -c \"interface $VAR(../../../../../../@)\" \ 7 | -c \"no ip ospf message-digest-key $VAR(../@)\"; \ 8 | vtysh-set -i $VAR(../../../../../../@) \ 9 | -c \"interface $VAR(../../../../../../@)\" \ 10 | -c \"ip ospf message-digest-key $VAR(../@) md5 $VAR(@)\"; " 11 | delete:expression: "vtysh-set -i $VAR(../../../../../../@) --noerr \ 12 | -c \"interface $VAR(../../../../../../@)\" \ 13 | -c \"no ip ospf message-digest-key $VAR(../@)\"; " 14 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/authentication/md5/node.def: -------------------------------------------------------------------------------- 1 | help: MD5 parameters 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/authentication/node.def: -------------------------------------------------------------------------------- 1 | help: OSPF interface authentication 2 | 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/authentication/plaintext-password/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Plain text password 3 | syntax:expression: pattern $VAR(@) "^[^[:space:]]{1,8}$" ; "Password must be 8 characters or less" 4 | val_help: Plain text password (8 characters or less) 5 | update:expression: "vtysh-set -i $VAR(../../../../@) --noerr \ 6 | -c \"interface $VAR(../../../../@)\" \ 7 | -c \"no ip ospf authentication\"; \ 8 | vtysh-set -i $VAR(../../../../@) \ 9 | -c \"interface $VAR(../../../../@)\" \ 10 | -c \"ip ospf authentication\" \ 11 | -c \"ip ospf authentication-key $VAR(@)\"; " 12 | delete:expression: "vtysh-set -i $VAR(../../../../@) --noerr \ 13 | -c \"interface $VAR(../../../../@)\" \ 14 | -c \"no ip ospf authentication\" \ 15 | -c \"no ip ospf authentication-key\"; " 16 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/cost/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Interface cost 3 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" 4 | val_help: u32:1-65535; OSPF interface cost 5 | update:expression: "vtysh-set -i $VAR(../../../@) \ 6 | -c \"interface $VAR(../../../@)\" \ 7 | -c \"ip ospf cost $VAR(@)\"; " 8 | delete:expression: "vtysh-set -i $VAR(../../../@) --noerr \ 9 | -c \"interface $VAR(../../../@)\" \ 10 | -c \"no ip ospf cost\"; " 11 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/dead-interval/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Interval after which neighbor is dead 3 | default: 40 4 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" 5 | val_help: u32:1-65535; OSPF dead interval in seconds (default 40) 6 | create:expression: "if [ \"$VAR(@)\" -ne 40 ]; then vtysh-set -i $VAR(../../../@) \ 7 | -c \"interface $VAR(../../../@)\" \ 8 | -c \"ip ospf dead-interval $VAR(@)\"; fi;" 9 | update:expression: "vtysh-set -i $VAR(../../../@) \ 10 | -c \"interface $VAR(../../../@)\" \ 11 | -c \"ip ospf dead-interval $VAR(@)\";" 12 | delete:expression: "if [ \"$VAR(@)\" -ne 40 ]; then vtysh-set -i $VAR(../../../@) --noerr \ 13 | -c \"interface $VAR(../../../@)\" \ 14 | -c \"no ip ospf dead-interval\"; fi;" 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/hello-interval/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Interval between hello packets 3 | default: 10 4 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" 5 | val_help: u32:1-65535; Interval between OSPF hello packets in seconds (default 10) 6 | create:expression: "if [ \"$VAR(@)\" -ne 10 ]; then vtysh-set -i $VAR(../../../@) \ 7 | -c \"interface $VAR(../../../@)\" \ 8 | -c \"ip ospf hello-interval $VAR(@)\"; fi;" 9 | update:expression: "vtysh-set -i $VAR(../../../@) \ 10 | -c \"interface $VAR(../../../@)\" \ 11 | -c \"ip ospf hello-interval $VAR(@)\";" 12 | delete:expression: "if [ \"$VAR(@)\" -ne 10 ]; then vtysh-set -i $VAR(../../../@) --noerr \ 13 | -c \"interface $VAR(../../../@)\" \ 14 | -c \"no ip ospf hello-interval\"; fi;" 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/mtu-ignore/node.def: -------------------------------------------------------------------------------- 1 | help: Disable Maximum Transmission Unit (MTU) mismatch detection 2 | create:expression: "vtysh-set -i $VAR(../../../@) \ 3 | -c \"interface $VAR(../../../@)\" \ 4 | -c \"ip ospf mtu-ignore\"; " 5 | delete:expression: "vtysh-set -i $VAR(../../../@) --noerr \ 6 | -c \"interface $VAR(../../../@)\" \ 7 | -c \"no ip ospf mtu-ignore\"; " 8 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/network/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Network type 3 | syntax:expression: $VAR(@) in "broadcast", "non-broadcast", "point-to-multipoint", "point-to-point"; \ 4 | "Must be (broadcast|non-broadcast|point-to-multipoint|point-to-point)" 5 | 6 | val_help: broadcast; Broadcast network type 7 | val_help: non-broadcast; Non-broadcast network type 8 | val_help: point-to-multipoint; Point-to-multipoint network type 9 | val_help: point-to-point; Point-to-point network type 10 | update:expression: "vtysh-set -i $VAR(../../../@) \ 11 | -c \"interface $VAR(../../../@)\" \ 12 | -c \"ip ospf network $VAR(@)\"; " 13 | delete:expression: "vtysh-set -i $VAR(../../../@) --noerr \ 14 | -c \"interface $VAR(../../../@)\" \ 15 | -c \"no ip ospf network\"; " 16 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/node.def: -------------------------------------------------------------------------------- 1 | help: Open Shortest Path First (OSPF) parameters 2 | 3 | begin: if ! /etc/init.d/vyatta-quagga status ospfd > /dev/null ; then 4 | sudo /etc/init.d/vyatta-quagga start ospfd 5 | fi 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/priority/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Router priority 3 | default: 1 4 | syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255" 5 | val_help: u32:0-255; Priority (default 1) 6 | create:expression: "if [ \"$VAR(@)\" -ne 1 ]; then vtysh-set -i $VAR(../../../@) \ 7 | -c \"interface $VAR(../../../@)\" \ 8 | -c \"ip ospf priority $VAR(@)\"; fi;" 9 | update:expression: "vtysh-set -i $VAR(../../../@) \ 10 | -c \"interface $VAR(../../../@)\" \ 11 | -c \"ip ospf priority $VAR(@)\";" 12 | delete:expression: "if [ \"$VAR(@)\" -ne 1 ]; then vtysh-set -i $VAR(../../../@) --noerr \ 13 | -c \"interface $VAR(../../../@)\" \ 14 | -c \"no ip ospf priority\"; fi;" 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/retransmit-interval/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Interval between retransmitting lost link state advertisements 3 | default: 5 4 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 3-65535" 5 | val_help: u32: 1-65535; Retransmit interval in seconds (default 5) 6 | create:expression: "if [ \"$VAR(@)\" -ne 5 ]; then vtysh-set -i $VAR(../../../@) \ 7 | -c \"interface $VAR(../../../@)\" \ 8 | -c \"ip ospf retransmit-interval $VAR(@)\"; fi;" 9 | update:expression: "vtysh-set -i $VAR(../../../@) \ 10 | -c \"interface $VAR(../../../@)\" \ 11 | -c \"ip ospf retransmit-interval $VAR(@)\";" 12 | delete:expression: "if [ \"$VAR(@)\" -ne 5 ]; then vtysh-set -i $VAR(../../../@) --noerr \ 13 | -c \"interface $VAR(../../../@)\" \ 14 | -c \"no ip ospf retransmit-interval\"; fi;" 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/ospf/transmit-delay/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Link state transmit delay 3 | default: 1 4 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" 5 | val_help: u32:1-65535; Transmit delay in seconds (default 1) 6 | create:expression: "if [ \"$VAR(@)\" -ne 1 ]; then vtysh-set -i $VAR(../../../@) \ 7 | -c \"interface $VAR(../../../@)\" \ 8 | -c \"ip ospf transmit-delay $VAR(@)\"; fi;" 9 | update:expression: "vtysh-set -i $VAR(../../../@) \ 10 | -c \"interface $VAR(../../../@)\" \ 11 | -c \"ip ospf transmit-delay $VAR(@)\";" 12 | delete:expression: "if [ \"$VAR(@)\" -ne 1 ]; then vtysh-set -i $VAR(../../../@) --noerr \ 13 | -c \"interface $VAR(../../../@)\" \ 14 | -c \"no ip ospf transmit-delay\"; fi;" 15 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/rip/authentication/md5/node.def: -------------------------------------------------------------------------------- 1 | tag: 2 | type: u32 3 | help: MD5 authentication parameters 4 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 255; \ 5 | "ID must be between 1 and 255" 6 | 7 | commit:expression: $VAR(../plaintext-password/) == "" ; \ 8 | "plaintext-password already set" 9 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/rip/authentication/md5/node.tag/password/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Authentication password 3 | syntax:expression: pattern $VAR(@) "^[^[:space:]]{1,16}$" ; "MD5 key must be 16 characters or less" 4 | val_help: MD5 Key (16 characters or less) 5 | update:expression: "vtysh-set -i $VAR(../../../../../@) -c \"interface $VAR(../../../../../@)\" \ 6 | -c \"ip rip authentication mode md5\" \ 7 | -c \"ip rip authentication string $VAR(@)\"; " 8 | delete:expression: "vtysh-set -i $VAR(../../../../../@) --noerr -c \"interface $VAR(../../../../../@)\" \ 9 | -c \"no ip rip authentication mode\" \ 10 | -c \"no ip rip authentication string\"; " 11 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/rip/authentication/node.def: -------------------------------------------------------------------------------- 1 | help: Authentication method 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/rip/authentication/plaintext-password/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Plain text password 3 | syntax:expression: pattern $VAR(@) "^[^[:space:]]{1,16}$" ; "Password must be 16 characters or less" 4 | commit:expression: $VAR(../md5/) == "" ; "md5 password already set" 5 | val_help: Password (16 characters or less) 6 | update:expression: "vtysh-set -i $VAR(../../../../@) \ 7 | -c \"interface $VAR(../../../../@)\" \ 8 | -c \"ip rip authentication mode text\" \ 9 | -c \"ip rip authentication string $VAR(@)\"; " 10 | delete:expression: "vtysh-set -i $VAR(../../../../@) --noerr \ 11 | -c \"interface $VAR(../../../../@)\" \ 12 | -c \"no ip rip authentication mode\" \ 13 | -c \"no ip rip authentication string\"; " 14 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/rip/node.def: -------------------------------------------------------------------------------- 1 | help: Routing Information Protocol (RIP) 2 | 3 | begin: if ! /etc/init.d/vyatta-quagga status ripd > /dev/null ; then 4 | sudo /etc/init.d/vyatta-quagga start ripd 5 | fi 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/rip/split-horizon/disable/node.def: -------------------------------------------------------------------------------- 1 | help: Disable split horizon on specified interface 2 | commit:expression: ($VAR(../poison-reverse/) == ""); \ 3 | "You cannot have 'split-horizon poison-reverse' enabled with 'split-horizon' disabled for $VAR(../../../../@)" 4 | create:expression: "vtysh-set -i $VAR(../../../../@) --noerr \ 5 | -c \"interface $VAR(../../../../@)\" \ 6 | -c \"no ip rip split-horizon\"; " 7 | delete:expression: "vtysh-set -i $VAR(../../../../@) \ 8 | -c \"interface $VAR(../../../../@)\" \ 9 | -c \"ip rip split-horizon\"; " 10 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/rip/split-horizon/node.def: -------------------------------------------------------------------------------- 1 | help: Split horizon parameters 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/rip/split-horizon/poison-reverse/node.def: -------------------------------------------------------------------------------- 1 | help: Enable poison reverse for split-horizon 2 | 3 | commit:expression: ($VAR(../disable/) == ""); \ 4 | "You cannot have 'split-horizon poison-reverse' enabled with 'split-horizon' disabled for $VAR(../../../../@)" 5 | create:expression: "vtysh-set -i $VAR(../../../../@) --noerr \ 6 | -c \"interface $VAR(../../../../@)\" \ 7 | -c \"ip rip split-horizon poisoned\"; " 8 | delete:expression: "vtysh-set -i $VAR(../../../../@) --noerr \ 9 | -c \"interface $VAR(../../../../@)\" \ 10 | -c \"no ip rip split-horizon\" \ 11 | -c \"ip rip split-horizon\"; " 12 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ip/source-validation/node.def: -------------------------------------------------------------------------------- 1 | # rp_filter 2 | # default value - 0 3 | # The max value from conf/{all,interface}/rp_filter is used 4 | # when doing source validation on the {interface}. 5 | 6 | type: txt 7 | 8 | help: Policy for source validation by reversed path, as specified in RFC3704 9 | 10 | val_help: strict; Enable Strict Reverse Path Forwarding as defined in RFC3704 11 | val_help: loose; Enable Loose Reverse Path Forwarding as defined in RFC3704 12 | val_help: disable; No source validation 13 | 14 | syntax:expression: $VAR(@) in "strict", "loose", "disable"; "source-validation must be set to 'loose', 'strict' or 'disable'" 15 | 16 | update: 17 | read all < /proc/sys/net/ipv4/conf/all/rp_filter 18 | if [ x$VAR(@) == xstrict ]; then 19 | new=1 20 | elif [ x$VAR(@) == xloose ]; then 21 | new=2 22 | else 23 | new=0 24 | fi 25 | 26 | if [ "$all" -gt "$new" ]; then 27 | echo "Warning: global soure-validation overrides per interface" 28 | global="disable" 29 | if [ "$all" -eq 1 ]; then 30 | global=strict 31 | elif [ "$all" -eq 2 ]; then 32 | global=loose 33 | fi 34 | echo "Global value is $global" 35 | fi 36 | sudo sh -c "echo $new > \ 37 | /proc/sys/net/ipv4/conf/$VAR(../../@)/rp_filter" 38 | 39 | delete: 40 | sudo sh -c "echo 0 > /proc/sys/net/ipv4/conf/$VAR(../../@)/rp_filter" 41 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/node.def: -------------------------------------------------------------------------------- 1 | priority: 460 2 | help: IPv6 routing parameters 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/cost/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Interface cost 3 | default: 1 4 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" 5 | val_help: u32:1-65535; OSPFv3 cost 6 | update:expression: "vtysh-set -i $VAR(../../../@) \ 7 | -c \"interface $VAR(../../../@)\" \ 8 | -c \"ipv6 ospf cost $VAR(@)\"; " 9 | delete:expression: "vtysh-set -i $VAR(../../../@) --noerr \ 10 | -c \"interface $VAR(../../../@)\" \ 11 | -c \"no ipv6 ospf cost\"; " 12 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/dead-interval/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Interval after which neighbor is declared dead 3 | default: 40 4 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" 5 | val_help: u32:1-65535; Neighbor dead interval in seconds (default 40) 6 | update:expression: "vtysh-set -i $VAR(../../../@) -c \"interface $VAR(../../../@)\" \ 7 | -c \"ipv6 ospf dead-interval $VAR(@)\"; " 8 | delete:expression: "vtysh-set -i $VAR(../../../@) -c \"interface $VAR(../../../@)\" \ 9 | -c \"ipv6 ospf dead-interval 40\"; " 10 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/hello-interval/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Interval between hello packets 3 | default: 10 4 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" 5 | val_help: u32:1-65535; Interval between OSPFv3 hello packets in seconds (default 10) 6 | update:expression: "vtysh-set -i $VAR(../../../@) -c \"interface $VAR(../../../@)\" \ 7 | -c \"ipv6 ospf hello-interval $VAR(@)\"; " 8 | delete:expression: "vtysh-set -i $VAR(../../../@) -c \"interface $VAR(../../../@)\" \ 9 | -c \"ipv6 ospf hello-interval 10\"; " 10 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/ifmtu/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Interface MTU 3 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" 4 | val_help: u32:1-65535; Interface MTU 5 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/instance-id/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Instance-id 3 | default: 0 4 | syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255" 5 | val_help: u32:0-255; Instance Id (default 0) 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/mtu-ignore/node.def: -------------------------------------------------------------------------------- 1 | help: Disable Maximum Transmission Unit mismatch detection 2 | create:expression: "vtysh-set -i $VAR(../../../@) \ 3 | -c \"interface $VAR(../../../@)\" \ 4 | -c \"ipv6 ospf mtu-ignore\"; " 5 | delete:expression: "vtysh-set -i $VAR(../../../@) --noerr \ 6 | -c \"interface $VAR(../../../@)\" \ 7 | -c \"no ipv6 ospf mtu-ignore\"; " 8 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/node.def: -------------------------------------------------------------------------------- 1 | help: IPv6 Open Shortest Path First (OSPFv3) 2 | 3 | begin: if ! /etc/init.d/vyatta-quagga status ospf6d > /dev/null ; then 4 | sudo /etc/init.d/vyatta-quagga start ospf6d 5 | fi 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/passive/node.def: -------------------------------------------------------------------------------- 1 | help: Disable forming of adjacency 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/priority/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Router priority 3 | default: 1 4 | syntax:expression: $VAR(@) >= 0 && $VAR(@) <= 255; "Must be between 0-255" 5 | val_help: u32:0-255; Priority (default 1) 6 | update:expression: "vtysh-set -i $VAR(../../../@) -c \"interface $VAR(../../../@)\" \ 7 | -c \"ipv6 ospf priority $VAR(@)\"; " 8 | delete:expression: "vtysh-set -i $VAR(../../../@) -c \"interface $VAR(../../../@)\" \ 9 | -c \"ipv6 ospf priority 1\"; " 10 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/retransmit-interval/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Interval between retransmitting lost link state advertisements 3 | default: 5 4 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 3-65535" 5 | val_help: u32:1-65535; Retransmit interval in seconds (default 5) 6 | update:expression: "vtysh-set -i $VAR(../../../@) -c \"interface $VAR(../../../@)\" \ 7 | -c \"ipv6 ospf retransmit-interval $VAR(@)\"; " 8 | delete:expression: "vtysh-set -i $VAR(../../../@) -c \"interface $VAR(../../../@)\" \ 9 | -c \"ipv6 ospf retransmit-interval 5\"; " 10 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ospfv3/transmit-delay/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Link state transmit delay 3 | default: 1 4 | syntax:expression: $VAR(@) >= 1 && $VAR(@) <= 65535; "Must be between 1-65535" 5 | val_help: u32:1-65535; Link state transmit delay (default 1) 6 | update:expression: "vtysh-set -i $VAR(../../../@) -c \"interface $VAR(../../../@)\" \ 7 | -c \"ipv6 ospf transmit-delay $VAR(@)\"; " 8 | delete:expression: "vtysh-set -i $VAR(../../../@) -c \"interface $VAR(../../../@)\" \ 9 | -c \"ipv6 ospf transmit-delay 1\"; " 10 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ripng/node.def: -------------------------------------------------------------------------------- 1 | help: Routing Information Protocol (RIPng) 2 | 3 | begin: if ! /etc/init.d/vyatta-quagga status ripngd > /dev/null ; then 4 | sudo /etc/init.d/vyatta-quagga start ripngd 5 | fi 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ripng/split-horizon/disable/node.def: -------------------------------------------------------------------------------- 1 | help: Disable split horizon 2 | 3 | commit:expression: ($VAR(../poison-reverse/) == ""); \ 4 | "You cannot have 'split-horizon poison-reverse' enabled with 'split-horizon' disabled for $VAR(../../../../@)" 5 | create:expression: "vtysh-set -i $VAR(../../../../@) --noerr \ 6 | -c \"interface $VAR(../../../../@)\" \ 7 | -c \"no ipv6 rip split-horizon\"; " 8 | delete:expression: "vtysh-set -i $VAR(../../../../@) \ 9 | -c \"interface $VAR(../../../../@)\" \ 10 | -c \"ipv6 rip split-horizon\"; " 11 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ripng/split-horizon/node.def: -------------------------------------------------------------------------------- 1 | help: Split horizon parameters 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/ipv6/ripng/split-horizon/poison-reverse/node.def: -------------------------------------------------------------------------------- 1 | help: Enable poison reverse for split-horizon 2 | 3 | commit:expression: ($VAR(../disable/) == ""); \ 4 | "You cannot have 'split-horizon poison-reverse' enabled with 'split-horizon' disabled for $VAR(../../../../@)" 5 | create:expression: "vtysh-set -i $VAR(../../../../@) \ 6 | -c \"interface $VAR(../../../../@)\" \ 7 | -c \"ipv6 rip split-horizon poisoned\"; " 8 | delete:expression: "vtysh-set -i $VAR(../../../../@) --noerr \ 9 | -c \"interface $VAR(../../../../@)\" \ 10 | -c \"no ipv6 rip split-horizon\" \ 11 | -c \"ipv6 rip split-horizon\"; " 12 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/listen-port/node.def: -------------------------------------------------------------------------------- 1 | priority: 460 2 | type: u32 3 | help: Local port number to accept connections 4 | syntax:expression: $VAR(@) > 0 && $VAR(@) < 65536; 5 | "Port must be between 1 and 65535" 6 | 7 | end: /opt/wireguard/interface.sh "$COMMIT_ACTION" "$VAR(../@)" "listen-port" 8 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/mtu/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | priority: 460 3 | help: Maximum Transmission Unit (MTU) 4 | syntax:expression: $VAR(@) >= 64 && $VAR(@) <= 8024; "Must be between 64-8024" 5 | val_help: u32:64-8024; Maximum Transmission Unit (MTU) 6 | 7 | syntax:expression: exec " \ 8 | mtu=`/usr/sbin/ubnt-hal getMtu`; \ 9 | if [ $VAR(@) -gt $mtu ]; then \ 10 | echo The max allowed MTU on this platform is $mtu; \ 11 | exit 1; \ 12 | fi" 13 | 14 | default: 1420 15 | 16 | end: /opt/wireguard/interface.sh "$COMMIT_ACTION" "$VAR(../@)" "mtu" 17 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/peer/node.def: -------------------------------------------------------------------------------- 1 | tag: 2 | priority: 460 3 | type: txt 4 | help: Peer public key 5 | 6 | val_help: Base64 encoded public key 7 | 8 | syntax:expression: pattern $VAR(@) "^[0-9a-zA-Z\+/]{43}=$" ; 9 | "Key is not valid 44-character (32-bytes) base64" 10 | 11 | commit:expression: exec "${vyatta_sbindir}/vyatta-check-allowed-ips.pl --intf $VAR(../@) --peer $VAR(@)" 12 | 13 | create: /opt/wireguard/peer.sh "$COMMIT_ACTION" "$VAR(../@)" "$VAR(@)" 14 | 15 | delete: /opt/wireguard/peer.sh "$COMMIT_ACTION" "$VAR(../@)" "$VAR(@)" 16 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/peer/node.tag/allowed-ips/node.def: -------------------------------------------------------------------------------- 1 | multi: 2 | type: txt 3 | help: IP addresses allowed to traverse the peer 4 | val_help: [,x.x.x.x/x | h:h:h:h:h:h:h:h]...; Comma separated list of IP addresses to allow 5 | 6 | create: /opt/wireguard/peer.sh "$COMMIT_ACTION" "$VAR(../../@)" "$VAR(../@)" "allowed-ips" 7 | 8 | delete: /opt/wireguard/peer.sh "$COMMIT_ACTION" "$VAR(../../@)" "$VAR(../@)" "allowed-ips" 9 | 10 | syntax:expression: exec "ips=$VAR(@); for ip in ${ips//,/ }; do /opt/vyatta/sbin/vyatta-find-type.pl $ip ipv4net ipv4 ipv6net ipv6 > /dev/null; done || exit 1"; 11 | "Value must contain valid IP addresses" 12 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/peer/node.tag/description/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Description 3 | 4 | syntax:expression: pattern $VAR(@) "^.{1,256}$" \ 5 | ; "interface description is too long (limit 256 characters)" 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/peer/node.tag/disable/node.def: -------------------------------------------------------------------------------- 1 | help: Disable peer 2 | 3 | end: /opt/wireguard/peer.sh "$COMMIT_ACTION" "$VAR(../../@)" "$VAR(../@)" "disable" 4 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/peer/node.tag/endpoint/node.def: -------------------------------------------------------------------------------- 1 | priority: 920 2 | type: txt 3 | help: Remote endpoint 4 | 5 | end: /opt/wireguard/peer.sh "$COMMIT_ACTION" "$VAR(../../@)" "$VAR(../@)" "endpoint" 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/peer/node.tag/persistent-keepalive/node.def: -------------------------------------------------------------------------------- 1 | type: u32 2 | help: Only useful when trying to maintain a connection from behind NAT, how often to send persistent keepalive packets 3 | 4 | syntax:expression: $VAR(@) > 0 && $VAR(@) < 65536; 5 | "Value must be between 1 and 65535 seconds" 6 | 7 | end: /opt/wireguard/peer.sh "$COMMIT_ACTION" "$VAR(../../@)" "$VAR(../@)" "persistent-keepalive" 8 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/peer/node.tag/preshared-key/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Optional preshared key 3 | val_help: txt; 44-character (32-bytes) base64 key 4 | val_help: txt; File in /config/auth 5 | 6 | syntax:expression: exec "/opt/wireguard/is_valid_key.sh $VAR(@)" 7 | 8 | commit:expression: exec "/opt/wireguard/is_valid_key.sh $VAR(@)"; "Error: Preshared-key $VAR(@) not found" 9 | 10 | end: /opt/wireguard/peer.sh "$COMMIT_ACTION" "$VAR(../../@)" "$VAR(../@)" "preshared-key" 11 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/private-key/node.def: -------------------------------------------------------------------------------- 1 | priority: 460 2 | type: txt 3 | help: Private key 4 | val_help: txt; 44-character (32-bytes) base64 key 5 | val_help: txt; File in /config/auth 6 | 7 | syntax:expression: exec "/opt/wireguard/is_valid_key.sh $VAR(@)" 8 | 9 | end: /opt/wireguard/interface.sh "$COMMIT_ACTION" "$VAR(../@)" "private-key" 10 | 11 | commit:expression: exec "/opt/wireguard/is_valid_key.sh $VAR(@)"; "Error: Private key $VAR(@) not found" 12 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/route-allowed-ips/node.def: -------------------------------------------------------------------------------- 1 | priority: 460 2 | type: bool 3 | 4 | help: Automatically add the allowed IPs for all peers to the routing table for this interface. 5 | 6 | default: true 7 | 8 | val_help: true; Enable automatically adding allowed IPs to the routing table. 9 | val_help: false; Disable automatically adding allowed IPs to the routing table. 10 | 11 | end: /opt/wireguard/interface.sh "$COMMIT_ACTION" "$VAR(../@)" "route-allowed-ips" 12 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/traffic-policy/in/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Ingress traffic policy for interface 3 | allowed: sudo /usr/sbin/ubnt-tc --list-policy in 4 | update: sudo /opt/vyatta/sbin/vyatta-qos.pl --update-interface $VAR(../../@) in $VAR(@) 5 | delete: sudo /usr/sbin/ubnt-tc --delete-interface $VAR(../../@) in 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/traffic-policy/node.def: -------------------------------------------------------------------------------- 1 | priority: 460 2 | help: Traffic-policy for interface 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/traffic-policy/out/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | help: Egress traffic policy for interface 3 | allowed: sudo /usr/sbin/ubnt-tc --list-policy out 4 | update: sudo /opt/vyatta/sbin/vyatta-qos.pl --update-interface $VAR(../../@) out $VAR(@) 5 | delete: sudo /usr/sbin/ubnt-tc --delete-interface $VAR(../../@) out 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-cfg/templates/interfaces/wireguard/node.tag/up-command/node.def: -------------------------------------------------------------------------------- 1 | type: txt 2 | priority: 460 3 | help: Script or command executed after the interface went up 4 | val_help: txt; Command 5 | val_help: txt; Executable script in /config/scripts 6 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/clear/interfaces/wireguard/counters/node.def: -------------------------------------------------------------------------------- 1 | help: Clear all wireguard interfaces counters 2 | run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-interfaces.pl --action=clear --intf-type=wireguard 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/clear/interfaces/wireguard/node.def: -------------------------------------------------------------------------------- 1 | help: Clear wireguard interface information 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/clear/interfaces/wireguard/node.tag/counters/node.def: -------------------------------------------------------------------------------- 1 | help: Clear interface counters for a given wireguard interface 2 | run: sudo ${vyatta_bindir}/sudo-users/vyatta-show-interfaces.pl --action=clear --intf="$4" 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/clear/interfaces/wireguard/node.tag/node.def: -------------------------------------------------------------------------------- 1 | help: Clear interface information for a given wireguard interface 2 | allowed: ${vyatta_sbindir}/vyatta-interfaces.pl --show wireguard 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/generate/vpn/wireguard/node.def: -------------------------------------------------------------------------------- 1 | help: WireGuard key generation tool 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/generate/vpn/wireguard/preshared-key/node.def: -------------------------------------------------------------------------------- 1 | help: Generate WireGuard preshared key 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/generate/vpn/wireguard/preshared-key/node.tag/node.def: -------------------------------------------------------------------------------- 1 | help: Generate WireGuard preshared key with specified file name 2 | run: 3 | result=1; 4 | key_path=$5 5 | full_path= 6 | 7 | # Prepend /config/auth if the path is not absolute 8 | if echo $key_path | egrep -ve '^/.*' > /dev/null; then 9 | full_path=/config/auth/$key_path 10 | else 11 | full_path=$key_path 12 | fi 13 | 14 | key_dir=`dirname $full_path` 15 | if [ ! -d $key_dir ]; then 16 | echo "Directory $key_dir does not exist!" 17 | exit 1 18 | fi 19 | 20 | echo "Generating WireGuard preshared key to $full_path" 21 | sudo sh -c "umask 077; /usr/bin/wg genpsk > ${full_path}" 22 | result=$? 23 | if [ $result = 0 ]; then 24 | echo "Your new WireGuard preshared key has been generated" 25 | fi 26 | /opt/vyatta/sbin/check_file_in_config_dir "$full_path" '/config/auth' 27 | allowed: echo -n '' 28 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/generate/vpn/wireguard/private-key/node.def: -------------------------------------------------------------------------------- 1 | help: Generate WireGuard private key 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/generate/vpn/wireguard/private-key/node.tag/node.def: -------------------------------------------------------------------------------- 1 | help: Generate WireGuard private key with specified file name 2 | run: 3 | result=1; 4 | key_path=$5 5 | full_path= 6 | 7 | # Prepend /config/auth if the path is not absolute 8 | if echo $key_path | egrep -ve '^/.*' > /dev/null; then 9 | full_path=/config/auth/$key_path 10 | else 11 | full_path=$key_path 12 | fi 13 | 14 | key_dir=`dirname $full_path` 15 | if [ ! -d $key_dir ]; then 16 | echo "Directory $key_dir does not exist!" 17 | exit 1 18 | fi 19 | 20 | echo "Generating WireGuard private key to $full_path" 21 | sudo sh -c "umask 077; /usr/bin/wg genkey > ${full_path}" 22 | result=$? 23 | if [ $result = 0 ]; then 24 | echo "Your new WireGuard private key has been generated" 25 | fi 26 | /opt/vyatta/sbin/check_file_in_config_dir "$full_path" '/config/auth' 27 | allowed: echo -n '' 28 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/allowed-ips/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface allowed ips 2 | run: sudo wg show all allowed-ips 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/detail/node.def: -------------------------------------------------------------------------------- 1 | help: Show detailed WireGuard interface information 2 | run: ${vyatta_bindir}/vyatta-show-interfaces.pl --intf-type=wireguard --action=show 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/endpoints/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface endpoints 2 | run: sudo wg show all endpoints 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/fwmark/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface fwmark 2 | run: sudo wg show all fwmark 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/latest-handshakes/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface latest-handshakes 2 | run: sudo wg show all latest-handshakes 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/listen-port/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface listen port 2 | run: sudo wg show all listen-port 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface information 2 | run: ${vyatta_bindir}/vyatta-show-interfaces.pl --intf-type=wireguard --action=show-brief 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/allowed-ips/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface allowed ips 2 | run: sudo wg show "$4" allowed-ips 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/brief/node.def: -------------------------------------------------------------------------------- 1 | help: Show summary of specified WireGuard interface information 2 | run: ${vyatta_bindir}/vyatta-show-interfaces.pl --intf="$4" --action=show-brief 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/capture/node.def: -------------------------------------------------------------------------------- 1 | help: Show captured traffic on specified wireguard interface 2 | run: /opt/vyatta/bin/vyatta-tshark-interface-port.pl "$4" 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/capture/not/node.def: -------------------------------------------------------------------------------- 1 | help: Show captured traffic excluding the specified wireguard interface port 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/capture/not/port/node.def: -------------------------------------------------------------------------------- 1 | help: Show captured traffic excluding the specified wireguard interface port 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/capture/not/port/node.tag/node.def: -------------------------------------------------------------------------------- 1 | help: Show captured traffic excluding the specified wireguard interface port 2 | run: /opt/vyatta/bin/vyatta-tshark-interface-port.pl "$4" "$8" 1 3 | allowed: echo -n '<1-65535>' 4 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/capture/port/node.def: -------------------------------------------------------------------------------- 1 | help: Show captured traffic on specified wireguard interface port 2 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/capture/port/node.tag/node.def: -------------------------------------------------------------------------------- 1 | help: Show captured traffic on specified wireguard interface port 2 | run: /opt/vyatta/bin/vyatta-tshark-interface-port.pl "$4" "$7" 0 3 | allowed: echo -n '<1-65535>' 4 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/endpoints/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface endpoints 2 | run: sudo wg show "$4" endpoints 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/fwmark/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface fwmark 2 | run: sudo wg show all fwmark 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/latest-handshakes/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface latest-handshakes 2 | run: sudo wg show "$4" latest-handshakes 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/listen-port/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface listen port 2 | run: sudo wg show "$4" listen-port 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface information 2 | allowed: ${vyatta_sbindir}/vyatta-interfaces.pl --show wireguard 3 | run: ${vyatta_bindir}/vyatta-show-interfaces.pl --intf="$4" 4 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/peers/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface peers 2 | run: sudo wg show "$4" peers 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/persistent-keepalive/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface persistent keepalive 2 | run: sudo wg show "$4" persistent-keepalive 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/preshared-keys/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface preshared keys 2 | run: sudo wg show "$4" preshared-keys 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/private-key/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface private key 2 | run: sudo wg show "$4" private-key 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/public-key/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface public key 2 | run: sudo wg show "$4" public-key 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/node.tag/transfer/node.def: -------------------------------------------------------------------------------- 1 | help: Show specified wireguard interface transfer statistics 2 | run: sudo wg show "$4" transfer 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/peers/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface peers 2 | run: sudo wg show all peers 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/persistent-keepalive/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface persistent keepalive 2 | run: sudo wg show all persistent-keepalive 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/preshared-keys/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface preshared keys 2 | run: sudo wg show all preshared-keys 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/private-key/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface private key 2 | run: sudo wg show all private-key 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/public-key/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface public key 2 | run: sudo wg show all public-key 3 | -------------------------------------------------------------------------------- /opt/vyatta/share/vyatta-op/templates/show/interfaces/wireguard/transfer/node.def: -------------------------------------------------------------------------------- 1 | help: Show wireguard interface transfer statistics 2 | run: sudo wg show all transfer 3 | -------------------------------------------------------------------------------- /opt/wireguard/interface.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eEu -o pipefail 3 | shopt -s expand_aliases 4 | 5 | # Script must run as group 'vyattacfg' to prevent errors and system instability 6 | if [ "$(id -g -n)" != 'vyattacfg' ] ; then 7 | echo "This script must be executed from vyatta configuration system." 8 | exit 1 9 | fi 10 | 11 | ACTION=$1 12 | INTERFACE=$2 13 | 14 | VYATTA_API=${vyatta_sbindir}/my_cli_shell_api 15 | VYATTA_API_SLUG="interfaces wireguard $INTERFACE" 16 | alias node_exists='$VYATTA_API exists $VYATTA_API_SLUG' 17 | alias node_value='$VYATTA_API returnValue $VYATTA_API_SLUG' 18 | alias node_values='$VYATTA_API returnValues $VYATTA_API_SLUG' 19 | 20 | function cfg_address { 21 | # If address is deleted 22 | if [ "$ACTION" = DELETE ]; then 23 | OP=delete 24 | else 25 | OP=add 26 | fi 27 | # Parse all IP address on interface 28 | for ip in $(ip a show dev $INTERFACE | grep inet | awk '{print $2}'); do 29 | # If adding IP address to the interface and IP address is already setup on interface 30 | if [ $OP == "add" ] && [ $ip == "$1" ]; then 31 | # Do not process the rest of the function 32 | return 33 | fi 34 | done 35 | # Execute operation on link 36 | sudo /opt/vyatta/sbin/vyatta-address $OP $INTERFACE $1 37 | } 38 | function cfg_description { 39 | # If description has value 40 | if node_exists description; then 41 | # Set link alias 42 | ip link set dev $INTERFACE alias "$(node_value description)" 43 | else 44 | # Remove link alias 45 | sudo sh -c "echo > /sys/class/net/$INTERFACE/ifalias" 46 | fi 47 | } 48 | function cfg_fwmark { 49 | # If fwmark has value 50 | if node_exists fwmark; then 51 | # Mark packets leaving this interface 52 | sudo wg set $INTERFACE fwmark $(node_value fwmark) 53 | else 54 | # Do not mark packets leaving this interface 55 | sudo wg set $INTERFACE fwmark 0 56 | fi 57 | } 58 | function cfg_listen-port { 59 | # If listen-port has value 60 | if node_exists listen-port; then 61 | # Set listen-port 62 | sudo wg set $INTERFACE listen-port $(node_value listen-port) 63 | else 64 | # Set listen-port to random port 65 | sudo wg set $INTERFACE listen-port 0 66 | fi 67 | } 68 | function cfg_mtu { 69 | # If mtu has value 70 | if node_exists mtu; then 71 | # Set link MTU 72 | ip link set $INTERFACE mtu $(node_value mtu) 73 | fi 74 | } 75 | function cfg_private-key { 76 | # If private-key has value 77 | if node_exists private-key; then 78 | # Create variable for private-key value 79 | PRIVATE_KEY=$(node_value private-key) 80 | # If private-key is a file 81 | if [ -f "$PRIVATE_KEY" ]; then 82 | # Set private-key to file 83 | sudo wg set $INTERFACE private-key $PRIVATE_KEY 84 | else 85 | # Set private-key to value 86 | echo $PRIVATE_KEY | sudo wg set $INTERFACE private-key /proc/self/fd/0 87 | fi 88 | else 89 | # Remove private-key 90 | sudo wg set $INTERFACE private-key /dev/null 91 | fi 92 | } 93 | function cfg_route-allowed-ips { 94 | # Update routing table 95 | /opt/wireguard/update_routes.sh $INTERFACE 96 | } 97 | 98 | ## Interface option configuration 99 | # If more than two parameters are passed to this script 100 | if [ $# -gt 2 ]; then 101 | # If function exists in script, then run the function 102 | type cfg_$3 2> /dev/null | grep -q 'function' && eval "cfg_$3 ${4:-}" 103 | # Do not process the rest of the script 104 | exit 105 | fi 106 | 107 | ## Main interface configuration 108 | # If link doesn't exist 109 | if ! ip link show dev $INTERFACE &> /dev/null; then 110 | # Create link 111 | sudo ip link add dev $INTERFACE type wireguard 112 | else 113 | # Run all configured 'down' commands 114 | eval "$(node_value down-command)" > /dev/null || exit 1 115 | # Disable link 116 | sudo ip link set down dev $INTERFACE 117 | fi 118 | 119 | # If interface is deleted 120 | if [ "$ACTION" = DELETE ]; then 121 | # Delete link 122 | sudo ip link del dev $INTERFACE 123 | # Do not process the rest of the script 124 | exit 125 | fi 126 | 127 | # If disable is not set 128 | if ! node_exists disable; then 129 | # Enable link 130 | sudo ip link set up dev $INTERFACE 131 | # Update routing table 132 | /opt/wireguard/update_routes.sh "$INTERFACE" 133 | # Run all configured 'up' commands 134 | eval "$(node_value up-command) > /dev/null" || exit 1 135 | fi 136 | -------------------------------------------------------------------------------- /opt/wireguard/is_valid_key.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eEu -o pipefail 3 | 4 | # Create variable for parameter 5 | KEY=$1 6 | # If KEY references a file, then read file into KEY 7 | [ -e "$KEY" ] && KEY=$(cat $KEY) 8 | # If KEY matches regular expression for 44 byte base64 string 9 | [[ "$KEY" =~ ^[0-9a-zA-Z/+]{43}=$ ]] 10 | # Exit with boolean results from test 11 | exit $? 12 | -------------------------------------------------------------------------------- /opt/wireguard/peer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eEu -o pipefail 3 | shopt -s expand_aliases 4 | 5 | # Script must run as group 'vyattacfg' to prevent errors and system instability 6 | if [ "$(id -g -n)" != 'vyattacfg' ] ; then 7 | echo "This script must be executed from vyatta configuration system." 8 | exit 1 9 | fi 10 | 11 | ACTION=$1 12 | INTERFACE=$2 13 | PEER=$3 14 | 15 | VYATTA_API=${vyatta_sbindir}/my_cli_shell_api 16 | VYATTA_API_SLUG="interfaces wireguard $INTERFACE peer $PEER" 17 | alias node_exists='$VYATTA_API exists $VYATTA_API_SLUG' 18 | alias node_value='$VYATTA_API returnValue $VYATTA_API_SLUG' 19 | alias node_values='$VYATTA_API returnValues $VYATTA_API_SLUG' 20 | 21 | function cfg_allowed-ips() { 22 | # If allowed-ips has values, create variable with values 23 | node_exists allowed-ips && ALLOWED=$(node_values allowed-ips | tr ' ' ',' | tr -d "'") 24 | # Set list of allowed-ips for peer 25 | sudo wg set $INTERFACE peer $PEER allowed-ips "${ALLOWED:-}" 26 | # Update routing table 27 | /opt/wireguard/update_routes.sh "$INTERFACE" 28 | } 29 | function cfg_disable() { 30 | # If disable is deleted 31 | if [ "$ACTION" = DELETE ]; then 32 | # Add peer 33 | sudo wg set $INTERFACE peer $PEER 34 | 35 | # Prevent further delete operations 36 | ACTION=SET 37 | # Setup peer 38 | cfg_allowed-ips 39 | cfg_endpoint 40 | cfg_persistent-keepalive 41 | cfg_preshared-key 42 | # If disable is set 43 | elif [ "$ACTION" = SET ]; then 44 | # Remove peer 45 | sudo wg set $INTERFACE peer $PEER remove 46 | # Update routing table 47 | /opt/wireguard/update_routes.sh "$INTERFACE" 48 | fi 49 | } 50 | function cfg_endpoint() { 51 | # If endpoint is deleted 52 | if [ "$ACTION" = DELETE ]; then 53 | # Remove peer 54 | sudo wg set $INTERFACE peer $PEER remove 55 | # Add peer 56 | sudo wg set $INTERFACE peer $PEER 57 | 58 | # Setup peer 59 | cfg_allowed-ips 60 | cfg_persistent-keepalive 61 | cfg_preshared-key 62 | # If endpoint has value and peer is not disabled 63 | elif node_exists endpoint && ! node_exists disable; then 64 | # Set endpoint 65 | sudo wg set $INTERFACE peer $PEER endpoint "$(node_value endpoint)" 66 | fi 67 | } 68 | function cfg_persistent-keepalive() { 69 | # If persistent-keepalive has value 70 | if node_exists persistent-keepalive; then 71 | # Set persistent-keepalive 72 | sudo wg set $INTERFACE peer $PEER persistent-keepalive $(node_value persistent-keepalive) 73 | else 74 | # Remove persistent-keepalive 75 | sudo wg set $INTERFACE peer $PEER persistent-keepalive 0 76 | fi 77 | } 78 | function cfg_preshared-key() { 79 | # If preshared-key has value 80 | if node_exists preshared-key; then 81 | # Create variable for preshared-key value 82 | PRESHARED_KEY=$(node_value preshared-key) 83 | # If preshared-key is a file 84 | if [ -f "$PRESHARED_KEY" ]; then 85 | # Set preshared-key to file 86 | sudo wg set $INTERFACE peer $PEER preshared-key $PRESHARED_KEY 87 | else 88 | # Set preshared-key to value 89 | echo $PRESHARED_KEY | sudo wg set $INTERFACE peer $PEER preshared-key /proc/self/fd/0 90 | fi 91 | else 92 | # Remove preshared-key 93 | sudo wg set $INTERFACE peer $PEER preshared-key /dev/null 94 | fi 95 | } 96 | 97 | ## Peer option configuration 98 | # If more than three parameters are passed to this script 99 | if [ $# -gt 3 ]; then 100 | # If function exists in script, then run the function 101 | type cfg_$4 2> /dev/null | grep -q 'function' && eval "cfg_$4 ${5:-}" 102 | # Do not process the rest of the script 103 | exit 104 | fi 105 | 106 | ## Main peer configuration 107 | # If peer is deleted or disable is true 108 | if [ "$ACTION" = DELETE ] || node_exists disable; then 109 | # If peer exists in list of peers 110 | if [[ $(sudo wg show "$INTERFACE" peers) == *"$PEER"* ]]; then 111 | # Remove peer 112 | sudo wg set $INTERFACE peer $PEER remove 113 | fi 114 | else 115 | # Add peer 116 | sudo wg set $INTERFACE peer $PEER 117 | fi 118 | -------------------------------------------------------------------------------- /opt/wireguard/update_routes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -eEu -o pipefail 3 | shopt -s expand_aliases 4 | 5 | # Script must run as group 'vyattacfg' to prevent errors and system instability 6 | if [ "$(id -g -n)" != 'vyattacfg' ] ; then 7 | echo "This script must be executed from vyatta configuration system." 8 | exit 1 9 | fi 10 | 11 | INTERFACE=$1 12 | 13 | VYATTA_API=${vyatta_sbindir}/my_cli_shell_api 14 | VYATTA_API_SLUG="interfaces wireguard $INTERFACE" 15 | alias node_exists='$VYATTA_API exists $VYATTA_API_SLUG' 16 | alias node_list='$VYATTA_API listNodes $VYATTA_API_SLUG' 17 | alias node_value='$VYATTA_API returnValue $VYATTA_API_SLUG' 18 | alias node_values='$VYATTA_API returnValues $VYATTA_API_SLUG' 19 | 20 | # Create variable for ip device 21 | DEV="dev $INTERFACE" 22 | # Create variable for ip route shorthand 23 | ROUTE_SLUG="$DEV proto boot" 24 | # Create array of all routes for interface 25 | readarray -t ROUTES < <(ip -4 route show $ROUTE_SLUG; ip -6 route show $ROUTE_SLUG) 26 | # Create array of all allowed-ips for interface 27 | ALLOWED_IPS=( $(sudo wg show $INTERFACE allowed-ips | sed 's/^.*\t//;s/ /\n/g' | sort -nr -k 2 -t /) ) 28 | # Create variable for route-allowed-ips value 29 | ROUTE_ALLOWED_IPS=$(node_value route-allowed-ips || true) 30 | 31 | # If one or more routes exist for interface 32 | if [ ${#ROUTES[@]} -gt 0 ]; then 33 | # Parse all routes for interface 34 | for route in "${ROUTES[@]}"; do 35 | # Create variable for CIDR from route 36 | cidr=$(echo "$route" | awk '{print $1}') 37 | 38 | # If allowed-ips is empty 39 | if [ ${#ALLOWED_IPS[@]} -eq 0 ] || \ 40 | # If route does not match any allowed-ips 41 | [[ ! " ${ALLOWED_IPS[@]} " =~ " ${cidr} " ]] || \ 42 | # If route-allowed-ips is false *and* route has CIDR that matches one of the allowed-ips 43 | ([ "$ROUTE_ALLOWED_IPS" == "false" ] && \ 44 | [[ " ${ALLOWED_IPS[@]} " =~ " ${cidr} " ]]); then 45 | # Delete route 46 | sudo ip route del $route $ROUTE_SLUG 47 | fi 48 | done 49 | fi 50 | 51 | # If route-allowed-ips is true 52 | if [ "${ROUTE_ALLOWED_IPS:-x}" == "true" ]; then 53 | tnum="$(node_value route-table || true)" ###### Currently not used ###### 54 | 55 | # If allowed-ips exist 56 | if [ ${#ALLOWED_IPS[@]} -gt 0 ]; then 57 | # Parse all allowed-ips 58 | for ip in ${ALLOWED_IPS[@]}; do 59 | # Peer allowed-ips that are empty will return '(none)' 60 | # If ip is '(none)', then skip to the next in the list 61 | if [ "${ip}" == "(none)" ]; then continue; fi 62 | 63 | # Create variable for route matching 64 | ROUTE_SHOW="route show match $ip" 65 | # If ip does not have a route with the interface 66 | if [[ ! "$(ip -4 $ROUTE_SHOW 2> /dev/null)" =~ "${DEV}" ]] && \ 67 | [[ ! "$(ip -6 $ROUTE_SHOW 2> /dev/null)" =~ "${DEV}" ]]; then 68 | # Create route 69 | sudo ip route add $ip $ROUTE_SLUG 70 | fi 71 | done 72 | fi 73 | fi 74 | -------------------------------------------------------------------------------- /siphash_no_fallthrough.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/compat/siphash/siphash.c b/src/compat/siphash/siphash.c 2 | index 7dc72cb..49237a5 100644 3 | --- a/src/compat/siphash/siphash.c 4 | +++ b/src/compat/siphash/siphash.c 5 | @@ -77,11 +77,11 @@ u64 __siphash_aligned(const void *data, size_t len, const siphash_key_t *key) 6 | bytemask_from_count(left))); 7 | #else 8 | switch (left) { 9 | - case 7: b |= ((u64)end[6]) << 48; fallthrough; 10 | - case 6: b |= ((u64)end[5]) << 40; fallthrough; 11 | - case 5: b |= ((u64)end[4]) << 32; fallthrough; 12 | + case 7: b |= ((u64)end[6]) << 48; 13 | + case 6: b |= ((u64)end[5]) << 40; 14 | + case 5: b |= ((u64)end[4]) << 32; 15 | case 4: b |= le32_to_cpup(data); break; 16 | - case 3: b |= ((u64)end[2]) << 16; fallthrough; 17 | + case 3: b |= ((u64)end[2]) << 16; 18 | case 2: b |= le16_to_cpup(data); break; 19 | case 1: b |= end[0]; 20 | } 21 | @@ -109,11 +109,11 @@ u64 __siphash_unaligned(const void *data, size_t len, const siphash_key_t *key) 22 | bytemask_from_count(left))); 23 | #else 24 | switch (left) { 25 | - case 7: b |= ((u64)end[6]) << 48; fallthrough; 26 | - case 6: b |= ((u64)end[5]) << 40; fallthrough; 27 | - case 5: b |= ((u64)end[4]) << 32; fallthrough; 28 | + case 7: b |= ((u64)end[6]) << 48; 29 | + case 6: b |= ((u64)end[5]) << 40; 30 | + case 5: b |= ((u64)end[4]) << 32; 31 | case 4: b |= get_unaligned_le32(end); break; 32 | - case 3: b |= ((u64)end[2]) << 16; fallthrough; 33 | + case 3: b |= ((u64)end[2]) << 16; 34 | case 2: b |= get_unaligned_le16(end); break; 35 | case 1: b |= end[0]; 36 | } 37 | @@ -269,11 +269,11 @@ u32 __hsiphash_aligned(const void *data, size_t len, const hsiphash_key_t *key) 38 | bytemask_from_count(left))); 39 | #else 40 | switch (left) { 41 | - case 7: b |= ((u64)end[6]) << 48; fallthrough; 42 | - case 6: b |= ((u64)end[5]) << 40; fallthrough; 43 | - case 5: b |= ((u64)end[4]) << 32; fallthrough; 44 | + case 7: b |= ((u64)end[6]) << 48; 45 | + case 6: b |= ((u64)end[5]) << 40; 46 | + case 5: b |= ((u64)end[4]) << 32; 47 | case 4: b |= le32_to_cpup(data); break; 48 | - case 3: b |= ((u64)end[2]) << 16; fallthrough; 49 | + case 3: b |= ((u64)end[2]) << 16; 50 | case 2: b |= le16_to_cpup(data); break; 51 | case 1: b |= end[0]; 52 | } 53 | @@ -301,11 +301,11 @@ u32 __hsiphash_unaligned(const void *data, size_t len, 54 | bytemask_from_count(left))); 55 | #else 56 | switch (left) { 57 | - case 7: b |= ((u64)end[6]) << 48; fallthrough; 58 | - case 6: b |= ((u64)end[5]) << 40; fallthrough; 59 | - case 5: b |= ((u64)end[4]) << 32; fallthrough; 60 | + case 7: b |= ((u64)end[6]) << 48; 61 | + case 6: b |= ((u64)end[5]) << 40; 62 | + case 5: b |= ((u64)end[4]) << 32; 63 | case 4: b |= get_unaligned_le32(end); break; 64 | - case 3: b |= ((u64)end[2]) << 16; fallthrough; 65 | + case 3: b |= ((u64)end[2]) << 16; 66 | case 2: b |= get_unaligned_le16(end); break; 67 | case 1: b |= end[0]; 68 | } 69 | @@ -426,7 +426,7 @@ u32 __hsiphash_aligned(const void *data, size_t len, const hsiphash_key_t *key) 70 | v0 ^= m; 71 | } 72 | switch (left) { 73 | - case 3: b |= ((u32)end[2]) << 16; fallthrough; 74 | + case 3: b |= ((u32)end[2]) << 16; 75 | case 2: b |= le16_to_cpup(data); break; 76 | case 1: b |= end[0]; 77 | } 78 | @@ -448,7 +448,7 @@ u32 __hsiphash_unaligned(const void *data, size_t len, 79 | v0 ^= m; 80 | } 81 | switch (left) { 82 | - case 3: b |= ((u32)end[2]) << 16; fallthrough; 83 | + case 3: b |= ((u32)end[2]) << 16; 84 | case 2: b |= get_unaligned_le16(end); break; 85 | case 1: b |= end[0]; 86 | } 87 | -------------------------------------------------------------------------------- /unifios/bases/udm-1.10.0-12/prefix: -------------------------------------------------------------------------------- 1 | 4.19.152-al-linux-v10.2.0 2 | -------------------------------------------------------------------------------- /unifios/bases/udm-1.10.0-12/versions.txt: -------------------------------------------------------------------------------- 1 | -v1.10.0-12.3672-bace201,-v1.10.0-13.3677-0ebe4e7,-v1.10.0-14.3682-1195971,-v1.10.0-15.3686-a2edd0c,-v1.10.0.3686-a2edd0c,-v1.10.4.3702-91ba352 2 | -------------------------------------------------------------------------------- /unifios/bases/udm-1.10.0-8/prefix: -------------------------------------------------------------------------------- 1 | 4.19.152-al-linux-v10.2.0 2 | -------------------------------------------------------------------------------- /unifios/bases/udm-1.10.0-8/versions.txt: -------------------------------------------------------------------------------- 1 | -v1.10.0-8.3636-d7f66e0,-v1.10.0-9.3648-8ab9f61,-v1.10.0-11.3661-7092871 2 | -------------------------------------------------------------------------------- /unifios/bases/udm-1.9.0-10/linux-patches/linux-0001-dtc-lexer.patch: -------------------------------------------------------------------------------- 1 | --- a/scripts/dtc/dtc-lexer.l 2021-02-03 05:03:13.000000000 -0700 2 | +++ b/scripts/dtc/dtc-lexer.l 2021-06-21 15:08:33.265930996 -0600 3 | @@ -39,7 +39,7 @@ 4 | #include "srcpos.h" 5 | #include "dtc-parser.tab.h" 6 | 7 | -YYLTYPE yylloc; 8 | +extern YYLTYPE yylloc; 9 | 10 | /* CAUTION: this will stop working if we ever use yyless() or yyunput() */ 11 | #define YY_USER_ACTION \ 12 | 13 | --- a/scripts/dtc/dtc-lexer.lex.c_shipped 2021-06-21 16:04:48.890865860 -0600 14 | +++ b/scripts/dtc/dtc-lexer.lex.c_shipped 2021-06-21 16:05:13.163909071 -0600 15 | @@ -637,7 +637,7 @@ 16 | #include "srcpos.h" 17 | #include "dtc-parser.tab.h" 18 | 19 | -YYLTYPE yylloc; 20 | +extern YYLTYPE yylloc; 21 | 22 | /* CAUTION: this will stop working if we ever use yyless() or yyunput() */ 23 | #define YY_USER_ACTION \ 24 | -------------------------------------------------------------------------------- /unifios/bases/udm-1.9.0-10/prefix: -------------------------------------------------------------------------------- 1 | 4.1.37 2 | -------------------------------------------------------------------------------- /unifios/bases/udm-1.9.0-10/versions.txt: -------------------------------------------------------------------------------- 1 | -v0.5.0-2.3464-3238f5d,-v1.9.0-1.3475-4851b2b,-v1.9.1.3427-c2181d1,-v1.9.2.3432-3f1425e,-v1.9.3.3438-50c9676 2 | -------------------------------------------------------------------------------- /unifios/bases/udm-se-2.2.4/linux-patches/linux-0001-localversion.patch: -------------------------------------------------------------------------------- 1 | --- a/localversion 2021-05-26 04:29:16.000000000 -0600 2 | +++ b/localversion 2021-07-23 16:01:53.017501275 -0600 3 | @@ -1 +1 @@ 4 | --al-linux-v10.2.0 5 | +-ui-alpine 6 | -------------------------------------------------------------------------------- /unifios/bases/udm-se-2.2.4/prefix: -------------------------------------------------------------------------------- 1 | 4.19.152-ui-alpine 2 | -------------------------------------------------------------------------------- /unifios/bases/udm-se-2.2.4/versions.txt: -------------------------------------------------------------------------------- 1 | , 2 | -------------------------------------------------------------------------------- /unifios/bases/udr-2.2.12/patches/wireguard-linux-compat/fix_skb_put_redefinition.patch: -------------------------------------------------------------------------------- 1 | --- a/src/compat/compat.h 2021-06-06 03:29:55.000000000 -0600 2 | +++ b/src/compat/compat.h 2021-11-02 17:56:06.379943874 -0600 3 | @@ -664,15 +664,6 @@ 4 | #define genl_dump_check_consistent(a, b) genl_dump_check_consistent(a, b, &genl_family) 5 | #endif 6 | 7 | -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) && !defined(ISRHEL7) 8 | -static inline void *skb_put_data(struct sk_buff *skb, const void *data, unsigned int len) 9 | -{ 10 | - void *tmp = skb_put(skb, len); 11 | - memcpy(tmp, data, len); 12 | - return tmp; 13 | -} 14 | -#endif 15 | - 16 | #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 19, 0) && !defined(ISRHEL7) 17 | #define napi_complete_done(n, work_done) napi_complete(n) 18 | #endif 19 | -------------------------------------------------------------------------------- /unifios/bases/udr-2.2.12/prefix: -------------------------------------------------------------------------------- 1 | 4.4.198-ui-mtk 2 | -------------------------------------------------------------------------------- /unifios/bases/udr-2.2.12/versions.txt: -------------------------------------------------------------------------------- 1 | , 2 | -------------------------------------------------------------------------------- /unifios/packages/openresolv/Config.in: -------------------------------------------------------------------------------- 1 | config BR2_PACKAGE_OPENRESOLV 2 | bool "openresolv" 3 | help 4 | openresolv is a resolvconf implementation which 5 | manages resolv.conf. This tool provides a dns management 6 | framework to track currently available nameservers. 7 | 8 | https://roy.marples.name/projects/openresolv 9 | -------------------------------------------------------------------------------- /unifios/packages/openresolv/openresolv.hash: -------------------------------------------------------------------------------- 1 | # Locally calculated 2 | sha256 7d74c669849183ecefdfcec30d25664b1ca24ba1ca8c2ad5de50fcaeef3b4810 openresolv-3.10.0.tar.gz 3 | sha256 384740bf5e19e7628d20f4dcc22925062fdc6020e9a6f074e567d4d797be57a0 LICENSE 4 | -------------------------------------------------------------------------------- /unifios/packages/openresolv/openresolv.mk: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # 3 | # openresolv 4 | # 5 | ################################################################################ 6 | 7 | OPENRESOLV_VERSION = 3.10.0 8 | OPENRESOLV_SITE = $(call github,rsmarples,openresolv,openresolv-$(OPENRESOLV_VERSION)) 9 | OPENRESOLV_LICENSE = BSD-2-Clause 10 | OPENRESOLV_LICENSE_FILES = LICENSE 11 | OPENRESOLV_CPE_ID_VENDOR = openresolv_project 12 | 13 | define OPENRESOLV_CONFIGURE_CMDS 14 | cd $(@D) && $(TARGET_CONFIGURE_OPTS) ./configure --sysconfdir=/etc 15 | endef 16 | 17 | define OPENRESOLV_BUILD_CMDS 18 | $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) 19 | endef 20 | 21 | define OPENRESOLV_INSTALL_TARGET_CMDS 22 | $(TARGET_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR="$(TARGET_DIR)" install 23 | endef 24 | 25 | $(eval $(generic-package)) 26 | -------------------------------------------------------------------------------- /unifios/packages/wireguard-linux-compat/Config.in: -------------------------------------------------------------------------------- 1 | config BR2_PACKAGE_WIREGUARD_LINUX_COMPAT 2 | bool "wireguard linux-compat" 3 | depends on BR2_LINUX_KERNEL 4 | # kernel module requires 3.10+ 5 | depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_10 6 | # kernel module in upstream linux since 5.6 7 | depends on !BR2_TOOLCHAIN_HEADERS_AT_LEAST_5_6 8 | help 9 | WireGuard is an extremely simple yet fast and modern VPN 10 | that utilizes state-of-the-art cryptography. It aims to be 11 | faster, simpler, leaner, and more useful than IPSec, while 12 | avoiding the massive headache. It intends to be considerably 13 | more performant than OpenVPN. WireGuard is designed as a 14 | general purpose VPN for running on embedded interfaces and 15 | super computers alike, fit for many different 16 | circumstances. 17 | 18 | Support for WireGuard is included in Linux 5.6+. This 19 | package provides a backport of the kernel support for older 20 | kernels. 21 | 22 | https://www.wireguard.com 23 | 24 | comment "wireguard-linux-compat needs a toolchain w/ headers >= 3.10" 25 | depends on BR2_LINUX_KERNEL 26 | depends on !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_10 27 | -------------------------------------------------------------------------------- /unifios/packages/wireguard-linux-compat/wireguard-linux-compat.mk: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # 3 | # wireguard 4 | # 5 | ################################################################################ 6 | 7 | WIREGUARD_LINUX_COMPAT_VERSION = PACKAGE_VERSION 8 | WIREGUARD_LINUX_COMPAT_SITE = $(TOPDIR)/package/wireguard-linux-compat 9 | WIREGUARD_LINUX_COMPAT_SITE_METHOD = file 10 | WIREGUARD_LINUX_COMPAT_SOURCE = wireguard-linux-compat-$(WIREGUARD_LINUX_COMPAT_VERSION).tar 11 | WIREGUARD_LINUX_COMPAT_LICENSE = GPL-2.0 12 | WIREGUARD_LINUX_COMPAT_LICENSE_FILES = COPYING 13 | WIREGUARD_LINUX_COMPAT_MODULE_SUBDIRS = src 14 | 15 | define WIREGUARD_LINUX_COMPAT_LINUX_CONFIG_FIXUPS 16 | $(call KCONFIG_ENABLE_OPT,CONFIG_INET) 17 | $(call KCONFIG_ENABLE_OPT,CONFIG_NET) 18 | $(call KCONFIG_ENABLE_OPT,CONFIG_NET_FOU) 19 | $(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO) 20 | $(call KCONFIG_ENABLE_OPT,CONFIG_CRYPTO_MANAGER) 21 | endef 22 | 23 | $(eval $(kernel-module)) 24 | $(eval $(generic-package)) 25 | -------------------------------------------------------------------------------- /unifios/packages/wireguard-tools/Config.in: -------------------------------------------------------------------------------- 1 | config BR2_PACKAGE_WIREGUARD_TOOLS 2 | bool "wireguard tools" 3 | # kernel module requires 3.10+, userspace makes no sense without it 4 | depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_10 5 | help 6 | WireGuard is an extremely simple yet fast and modern VPN 7 | that utilizes state-of-the-art cryptography. It aims to be 8 | faster, simpler, leaner, and more useful than IPSec, while 9 | avoiding the massive headache. It intends to be considerably 10 | more performant than OpenVPN. WireGuard is designed as a 11 | general purpose VPN for running on embedded interfaces and 12 | super computers alike, fit for many different 13 | circumstances. 14 | 15 | This package provides the userspace tooling to configure 16 | WireGuard tunnels. 17 | 18 | https://www.wireguard.com 19 | 20 | comment "wireguard-tools needs a toolchain w/ headers >= 3.10" 21 | depends on !BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_10 22 | -------------------------------------------------------------------------------- /unifios/packages/wireguard-tools/wireguard-tools.mk: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # 3 | # wireguard-tools 4 | # 5 | ################################################################################ 6 | 7 | WIREGUARD_TOOLS_VERSION = PACKAGE_VERSION 8 | WIREGUARD_TOOLS_SITE = $(TOPDIR)/package/wireguard-tools 9 | WIREGUARD_TOOLS_SITE_METHOD = file 10 | WIREGUARD_TOOLS_SOURCE = wireguard-tools-$(WIREGUARD_TOOLS_VERSION).tar 11 | WIREGUARD_TOOLS_LICENSE = GPL-2.0 12 | WIREGUARD_TOOLS_LICENSE_FILES = COPYING 13 | 14 | ifeq ($(BR2_INIT_SYSTEMD),y) 15 | WIREGUARD_TOOLS_MAKE_OPTS += WITH_SYSTEMDUNITS=yes 16 | WIREGUARD_TOOLS_DEPENDENCIES += host-pkgconf 17 | else 18 | WIREGUARD_TOOLS_MAKE_OPTS += WITH_SYSTEMDUNITS=no 19 | endif 20 | 21 | ifeq ($(BR2_PACKAGE_BASH),y) 22 | WIREGUARD_TOOLS_MAKE_OPTS += WITH_BASHCOMPLETION=yes WITH_WGQUICK=yes 23 | else 24 | WIREGUARD_TOOLS_MAKE_OPTS += WITH_BASHCOMPLETION=no WITH_WGQUICK=no 25 | endif 26 | 27 | define WIREGUARD_TOOLS_BUILD_CMDS 28 | $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) $(WIREGUARD_TOOLS_MAKE_OPTS) \ 29 | -C $(@D)/src 30 | endef 31 | 32 | define WIREGUARD_TOOLS_INSTALL_TARGET_CMDS 33 | $(TARGET_MAKE_ENV) $(TARGET_CONFIGURE_OPTS) $(MAKE) $(WIREGUARD_TOOLS_MAKE_OPTS) \ 34 | -C $(@D)/src install DESTDIR=$(TARGET_DIR) 35 | endef 36 | 37 | $(eval $(generic-package)) 38 | -------------------------------------------------------------------------------- /unifios/patches/0001-bison-glibc-change-work-around.patch: -------------------------------------------------------------------------------- 1 | Subject: Workaround change in glibc 2 | 3 | Temporary workaround to compile with glibc 2.28, which 4 | deprecated some constants 5 | 6 | Based on the workaround made for the tools/m4 package 7 | 8 | --- a/lib/stdio-impl.h 9 | +++ b/lib/stdio-impl.h 10 | @@ -18,6 +18,12 @@ 11 | the same implementation of stdio extension API, except that some fields 12 | have different naming conventions, or their access requires some casts. */ 13 | 14 | +/* Glibc 2.28 made _IO_IN_BACKUP private. For now, work around this 15 | + problem by defining it ourselves. FIXME: Do not rely on glibc 16 | + internals. */ 17 | +#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN 18 | +# define _IO_IN_BACKUP 0x100 19 | +#endif 20 | 21 | /* BSD stdio derived implementations. */ 22 | 23 | --- a/lib/fseterr.c 24 | +++ b/lib/fseterr.c 25 | @@ -29,7 +29,7 @@ 26 | /* Most systems provide FILE as a struct and the necessary bitmask in 27 | , because they need it for implementing getc() and putc() as 28 | fast macros. */ 29 | -#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 30 | +#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 31 | fp->_flags |= _IO_ERR_SEEN; 32 | #elif defined __sferror || defined __DragonFly__ /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin */ 33 | fp_->_flags |= __SERR; 34 | -------------------------------------------------------------------------------- /unifios/patches/0001-m4-glibc-change-work-around.patch: -------------------------------------------------------------------------------- 1 | 2 | Index: m4-1.4.18/lib/fflush.c 3 | =================================================================== 4 | --- m4-1.4.18.orig/lib/fflush.c 5 | +++ m4-1.4.18/lib/fflush.c 6 | @@ -33,7 +33,7 @@ 7 | #undef fflush 8 | 9 | 10 | -#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 11 | +#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 12 | 13 | /* Clear the stream's ungetc buffer, preserving the value of ftello (fp). */ 14 | static void 15 | @@ -72,7 +72,7 @@ clear_ungetc_buffer (FILE *fp) 16 | 17 | #endif 18 | 19 | -#if ! (defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */) 20 | +#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */) 21 | 22 | # if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT 23 | /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ 24 | @@ -148,7 +148,7 @@ rpl_fflush (FILE *stream) 25 | if (stream == NULL || ! freading (stream)) 26 | return fflush (stream); 27 | 28 | -#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 29 | +#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 30 | 31 | clear_ungetc_buffer_preserving_position (stream); 32 | 33 | Index: m4-1.4.18/lib/fpending.c 34 | =================================================================== 35 | --- m4-1.4.18.orig/lib/fpending.c 36 | +++ m4-1.4.18/lib/fpending.c 37 | @@ -32,7 +32,7 @@ __fpending (FILE *fp) 38 | /* Most systems provide FILE as a struct and the necessary bitmask in 39 | , because they need it for implementing getc() and putc() as 40 | fast macros. */ 41 | -#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 42 | +#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 43 | return fp->_IO_write_ptr - fp->_IO_write_base; 44 | #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ 45 | /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ 46 | Index: m4-1.4.18/lib/fpurge.c 47 | =================================================================== 48 | --- m4-1.4.18.orig/lib/fpurge.c 49 | +++ m4-1.4.18/lib/fpurge.c 50 | @@ -62,7 +62,7 @@ fpurge (FILE *fp) 51 | /* Most systems provide FILE as a struct and the necessary bitmask in 52 | , because they need it for implementing getc() and putc() as 53 | fast macros. */ 54 | -# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 55 | +# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 56 | fp->_IO_read_end = fp->_IO_read_ptr; 57 | fp->_IO_write_ptr = fp->_IO_write_base; 58 | /* Avoid memory leak when there is an active ungetc buffer. */ 59 | Index: m4-1.4.18/lib/freadahead.c 60 | =================================================================== 61 | --- m4-1.4.18.orig/lib/freadahead.c 62 | +++ m4-1.4.18/lib/freadahead.c 63 | @@ -25,7 +25,7 @@ 64 | size_t 65 | freadahead (FILE *fp) 66 | { 67 | -#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 68 | +#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 69 | if (fp->_IO_write_ptr > fp->_IO_write_base) 70 | return 0; 71 | return (fp->_IO_read_end - fp->_IO_read_ptr) 72 | Index: m4-1.4.18/lib/freading.c 73 | =================================================================== 74 | --- m4-1.4.18.orig/lib/freading.c 75 | +++ m4-1.4.18/lib/freading.c 76 | @@ -31,7 +31,7 @@ freading (FILE *fp) 77 | /* Most systems provide FILE as a struct and the necessary bitmask in 78 | , because they need it for implementing getc() and putc() as 79 | fast macros. */ 80 | -# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 81 | +# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 82 | return ((fp->_flags & _IO_NO_WRITES) != 0 83 | || ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0 84 | && fp->_IO_read_base != NULL)); 85 | Index: m4-1.4.18/lib/fseeko.c 86 | =================================================================== 87 | --- m4-1.4.18.orig/lib/fseeko.c 88 | +++ m4-1.4.18/lib/fseeko.c 89 | @@ -47,7 +47,7 @@ fseeko (FILE *fp, off_t offset, int when 90 | #endif 91 | 92 | /* These tests are based on fpurge.c. */ 93 | -#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 94 | +#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 95 | if (fp->_IO_read_end == fp->_IO_read_ptr 96 | && fp->_IO_write_ptr == fp->_IO_write_base 97 | && fp->_IO_save_base == NULL) 98 | @@ -123,7 +123,7 @@ fseeko (FILE *fp, off_t offset, int when 99 | return -1; 100 | } 101 | 102 | -#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 103 | +#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ 104 | fp->_flags &= ~_IO_EOF_SEEN; 105 | fp->_offset = pos; 106 | #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ 107 | Index: m4-1.4.18/lib/stdio-impl.h 108 | =================================================================== 109 | --- m4-1.4.18.orig/lib/stdio-impl.h 110 | +++ m4-1.4.18/lib/stdio-impl.h 111 | @@ -18,6 +18,12 @@ 112 | the same implementation of stdio extension API, except that some fields 113 | have different naming conventions, or their access requires some casts. */ 114 | 115 | +/* Glibc 2.28 made _IO_IN_BACKUP private. For now, work around this 116 | + problem by defining it ourselves. FIXME: Do not rely on glibc 117 | + internals. */ 118 | +#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN 119 | +# define _IO_IN_BACKUP 0x100 120 | +#endif 121 | 122 | /* BSD stdio derived implementations. */ 123 | 124 | -------------------------------------------------------------------------------- /unifios/patches/944-mpc-relative-literal-loads-logic-in-aarch64_classify_symbol.patch: -------------------------------------------------------------------------------- 1 | diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c 2 | index 83dbd57..fa61289 100644 3 | --- a/gcc/config/aarch64/aarch64.c 4 | +++ b/gcc/config/aarch64/aarch64.c 5 | @@ -9324,7 +9324,7 @@ aarch64_classify_symbol (rtx x, rtx offset) 6 | /* This is alright even in PIC code as the constant 7 | pool reference is always PC relative and within 8 | the same translation unit. */ 9 | - if (nopcrelative_literal_loads 10 | + if (aarch64_nopcrelative_literal_loads 11 | && CONSTANT_POOL_ADDRESS_P (x)) 12 | return SYMBOL_SMALL_ABSOLUTE; 13 | else 14 | diff --git a/gcc/testsuite/gcc.target/aarch64/pr79041.c b/gcc/testsuite/gcc.target/aarch64/pr79041.c 15 | new file mode 100644 16 | index 0000000..a23b1ae 17 | --- /dev/null 18 | +++ b/gcc/testsuite/gcc.target/aarch64/pr79041.c 19 | @@ -0,0 +1,26 @@ 20 | +/* PR target/79041. Check that we don't generate the LO12 relocations 21 | + for -mpc-relative-literal-loads. */ 22 | +/* { dg-do compile } */ 23 | +/* { dg-options "-O2 -mcmodel=large -mpc-relative-literal-loads" } */ 24 | + 25 | +extern int strcmp (const char *, const char *); 26 | +extern char *strcpy (char *, const char *); 27 | + 28 | +static struct 29 | +{ 30 | + char *b; 31 | + char *c; 32 | +} d[] = { 33 | + {"0", "000000000000000"}, {"1", "111111111111111"}, 34 | +}; 35 | + 36 | +void 37 | +e (const char *b, char *c) 38 | +{ 39 | + int i; 40 | + for (i = 0; i < 1; ++i) 41 | + if (!strcmp (d[i].b, b)) 42 | + strcpy (c, d[i].c); 43 | +} 44 | + 45 | +/* { dg-final { scan-assembler-not ":lo12:" } } */ 46 | -------------------------------------------------------------------------------- /unifios/patches/add-kernel-4-19.patch: -------------------------------------------------------------------------------- 1 | diff --git a/package/linux-headers/Config.in.host b/package/linux-headers/Config.in.host 2 | index 4d9652b..6fb948e 100644 3 | --- a/package/linux-headers/Config.in.host 4 | +++ b/package/linux-headers/Config.in.host 5 | @@ -74,6 +74,11 @@ config BR2_KERNEL_HEADERS_4_13 6 | bool "Linux 4.13.x kernel headers" 7 | select BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13 8 | 9 | +config BR2_KERNEL_HEADERS_4_19 10 | + bool "Linux 4.19.x kernel headers" 11 | + depends on !BR2_csky 12 | + select BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_19 13 | + 14 | config BR2_KERNEL_HEADERS_VERSION 15 | bool "Manually specified Linux version" 16 | 17 | @@ -96,6 +101,10 @@ choice 18 | This is used to hide/show some packages that have strict 19 | requirements on the version of kernel headers. 20 | 21 | +config BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_19 22 | + bool "4.19.x" 23 | + select BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_19 24 | + 25 | config BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_4_13 26 | bool "4.13.x" 27 | select BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13 28 | @@ -250,4 +259,5 @@ config BR2_DEFAULT_KERNEL_HEADERS 29 | default "4.11.12" if BR2_KERNEL_HEADERS_4_11 30 | default "4.12.14" if BR2_KERNEL_HEADERS_4_12 31 | default "4.13.16" if BR2_KERNEL_HEADERS_4_13 32 | + default "4.19.152" if BR2_KERNEL_HEADERS_4_19 33 | default BR2_DEFAULT_KERNEL_VERSION if BR2_KERNEL_HEADERS_VERSION 34 | diff --git a/toolchain/toolchain-common.in b/toolchain/toolchain-common.in 35 | index d87d4d7..3c15fec 100644 36 | --- a/toolchain/toolchain-common.in 37 | +++ b/toolchain/toolchain-common.in 38 | @@ -253,10 +253,15 @@ config BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13 39 | bool 40 | select BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12 41 | 42 | +config BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_19 43 | + bool 44 | + select BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13 45 | + 46 | # This order guarantees that the highest version is set, as kconfig 47 | # stops affecting a value on the first matching default. 48 | config BR2_TOOLCHAIN_HEADERS_AT_LEAST 49 | string 50 | + default "4.19" if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_19 51 | default "4.13" if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13 52 | default "4.12" if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_12 53 | default "4.11" if BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_11 54 | diff --git a/toolchain/toolchain-external/toolchain-external-custom/Config.in.options b/toolchain/toolchain-external/toolchain-external-custom/Config.in.options 55 | index a285340..72efc19 100644 56 | --- a/toolchain/toolchain-external/toolchain-external-custom/Config.in.options 57 | +++ b/toolchain/toolchain-external/toolchain-external-custom/Config.in.options 58 | @@ -93,6 +93,10 @@ choice 59 | m = ( LINUX_VERSION_CODE >> 8 ) & 0xFF 60 | p = ( LINUX_VERSION_CODE >> 0 ) & 0xFF 61 | 62 | +config BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_19 63 | + bool "4.19.x" 64 | + select BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_19 65 | + 66 | config BR2_TOOLCHAIN_EXTERNAL_HEADERS_4_13 67 | bool "4.13.x" 68 | select BR2_TOOLCHAIN_HEADERS_AT_LEAST_4_13 69 | -------------------------------------------------------------------------------- /unifios/patches/openresolv-package.patch: -------------------------------------------------------------------------------- 1 | --- src/buildroot-2017.11.1/package/Config.in 2021-06-23 10:28:35.748051977 -0500 2 | +++ buildroot-2017.11.1/package/Config.in 2021-06-23 10:29:08.964249418 -0500 3 | @@ -1733,6 +1733,7 @@ 4 | source "package/open-plc-utils/Config.in" 5 | source "package/openntpd/Config.in" 6 | source "package/openobex/Config.in" 7 | + source "package/openresolv/Config.in" 8 | source "package/openssh/Config.in" 9 | source "package/openswan/Config.in" 10 | source "package/openvpn/Config.in" 11 | -------------------------------------------------------------------------------- /unifios/patches/wireguard-packages.patch: -------------------------------------------------------------------------------- 1 | --- src/buildroot-2017.11.1/package/Config.in 2017-12-31 03:03:52.000000000 -0600 2 | +++ buildroot-2017.11.1/package/Config.in 2021-04-05 21:56:26.770366644 -0500 3 | @@ -1806,7 +1806,8 @@ 4 | source "package/wavemon/Config.in" 5 | source "package/wget/Config.in" 6 | source "package/whois/Config.in" 7 | - source "package/wireguard/Config.in" 8 | + source "package/wireguard-linux-compat/Config.in" 9 | + source "package/wireguard-tools/Config.in" 10 | source "package/wireless-regdb/Config.in" 11 | source "package/wireless_tools/Config.in" 12 | source "package/wireshark/Config.in" 13 | -------------------------------------------------------------------------------- /unifios/setup_wireguard.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # This script loads the wireguard module and copies the wireguard tools. 3 | # The built-in kernel module will be loaded if it exists. 4 | WIREGUARD="$(cd "$(dirname "$0")" && pwd -P)" 5 | 6 | # create symlinks to wireguard tools 7 | ln -sf $WIREGUARD/tools/wg-quick /usr/bin 8 | ln -sf $WIREGUARD/tools/wg /usr/bin 9 | ln -sf $WIREGUARD/tools/qrencode /usr/bin 10 | if [ ! -x "$(command -v bash)" ]; then 11 | ln -sf $WIREGUARD/tools/bash /bin 12 | fi 13 | if [ ! -x "$(command -v resolvconf)" ]; then 14 | ln -sf $WIREGUARD/tools/resolvconf /sbin 15 | if [ ! -f "/etc/resolvconf.conf" ] 16 | then 17 | ln -sf $WIREGUARD/etc/resolvconf.conf /etc 18 | fi 19 | fi 20 | 21 | # create symlink to wireguard config folder 22 | mkdir -p $WIREGUARD/etc/wireguard 23 | if [ ! -d "/etc/wireguard" ] 24 | then 25 | ln -sf $WIREGUARD/etc/wireguard /etc/wireguard 26 | fi 27 | 28 | # required by wg-quick 29 | if [ ! -d "/dev/fd" ] 30 | then 31 | ln -s /proc/self/fd /dev/fd 32 | fi 33 | 34 | #load dependent modules 35 | modprobe udp_tunnel 36 | modprobe ip6_udp_tunnel 37 | 38 | lsmod|egrep ^wireguard > /dev/null 2>&1 39 | if [ $? -eq 1 ] 40 | then 41 | ver=`uname -r` 42 | echo "loading wireguard..." 43 | if [ -e /lib/modules/$ver/extra/wireguard.ko ]; then 44 | modprobe wireguard 45 | elif [ -e $WIREGUARD/modules/wireguard-$ver.ko ]; then 46 | insmod $WIREGUARD/modules/wireguard-$ver.ko 47 | # iptable_raw required for wg-quick's use of iptables-restore 48 | insmod $WIREGUARD/modules/iptable_raw-$ver.ko 49 | insmod $WIREGUARD/modules/ip6table_raw-$ver.ko 50 | else 51 | echo "Unsupported Kernel version $ver" 52 | fi 53 | fi 54 | --------------------------------------------------------------------------------