him411/gl-infra-builder-FUjr
1
0
Fork 0
mirror of https://github.com/FUjr/gl-infra-builder.git synced 2025-12-16 17:15:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
main
gl-infra-builder-FUjr/patches-wlan-ap/0008-ipq807x-wireguard-support-hotplug-for-gl.patch
Dongming Han 647f7e02b2 optimize wireguard
2023-02-01 19:41:50 +08:00

269 lines
8.9 KiB
Diff
Raw Permalink Blame History

From 89bcfdc040a9c6bef54ab3a371f4e73385917df4 Mon Sep 17 00:00:00 2001
From: Jianhui Zhao <jianhui.zhao@gl-inet.com>
Date: Mon, 11 Jul 2022 17:39:47 +0800
Subject: [PATCH] ipq807x: wireguard: support hotplug for gl
Signed-off-by: Jianhui Zhao <jianhui.zhao@gl-inet.com>
Signed-off-by: Dongming Han <handongming@gl-inet.com>
---
.../patches/150-support-hotplug-for-gl.patch | 64 +++++++++++++++
...MEOUT-hotplug-after-3-consecutive-fa.patch | 30 +++++++
...d-server-not-do-handshake-initiation.patch | 26 ++++++
feeds/ipq807x/wireguard/src/src/hotplug.c | 82 +++++++++++++++++++
feeds/ipq807x/wireguard/src/src/hotplug.h | 13 +++
5 files changed, 215 insertions(+)
create mode 100644 feeds/ipq807x/wireguard/patches/150-support-hotplug-for-gl.patch
create mode 100644 feeds/ipq807x/wireguard/patches/151-trigger-REKEY_TIMEOUT-hotplug-after-3-consecutive-fa.patch
create mode 100644 feeds/ipq807x/wireguard/patches/152-make-wireguard-server-not-do-handshake-initiation.patch
create mode 100644 feeds/ipq807x/wireguard/src/src/hotplug.c
create mode 100644 feeds/ipq807x/wireguard/src/src/hotplug.h
diff --git a/feeds/ipq807x/wireguard/patches/150-support-hotplug-for-gl.patch b/feeds/ipq807x/wireguard/patches/150-support-hotplug-for-gl.patch
new file mode 100644
index 00000000..f9bb1f0d
--- /dev/null
+++ b/feeds/ipq807x/wireguard/patches/150-support-hotplug-for-gl.patch
@@ -0,0 +1,64 @@
+Index: wireguard-linux-compat-1.0.20211208/src/Kbuild
+===================================================================
+--- wireguard-linux-compat-1.0.20211208.orig/src/Kbuild
++++ wireguard-linux-compat-1.0.20211208/src/Kbuild
+@@ -7,7 +7,7 @@ ccflags-y += -Wframe-larger-than=2048
+ ccflags-$(CONFIG_WIREGUARD_DEBUG) += -DDEBUG -g
+ ccflags-$(if $(WIREGUARD_VERSION),y,) += -D'WIREGUARD_VERSION="$(WIREGUARD_VERSION)"'
+
+-wireguard-y := main.o noise.o device.o peer.o timers.o queueing.o send.o receive.o socket.o peerlookup.o allowedips.o ratelimiter.o cookie.o netlink.o
++wireguard-y := main.o noise.o device.o peer.o timers.o queueing.o send.o receive.o socket.o peerlookup.o allowedips.o ratelimiter.o cookie.o netlink.o hotplug.o
+
+ include $(src)/crypto/Kbuild.include
+ include $(src)/compat/Kbuild.include
+Index: wireguard-linux-compat-1.0.20211208/src/noise.c
+===================================================================
+--- wireguard-linux-compat-1.0.20211208.orig/src/noise.c
++++ wireguard-linux-compat-1.0.20211208/src/noise.c
+@@ -9,6 +9,7 @@
+ #include "messages.h"
+ #include "queueing.h"
+ #include "peerlookup.h"
++#include "hotplug.h"
+
+ #include <linux/rcupdate.h>
+ #include <linux/slab.h>
+@@ -819,6 +820,8 @@ bool wg_noise_handshake_begin_session(st
+ ret = wg_index_hashtable_replace(
+ handshake->entry.peer->device->index_hashtable,
+ &handshake->entry, &new_keypair->entry);
++
++ wireguard_hotplug(handshake->entry.peer->device->dev->name, KEYPAIR_CREATED_EVENT);
+ } else {
+ kfree_sensitive(new_keypair);
+ }
+Index: wireguard-linux-compat-1.0.20211208/src/timers.c
+===================================================================
+--- wireguard-linux-compat-1.0.20211208.orig/src/timers.c
++++ wireguard-linux-compat-1.0.20211208/src/timers.c
+@@ -8,6 +8,7 @@
+ #include "peer.h"
+ #include "queueing.h"
+ #include "socket.h"
++#include "hotplug.h"
+
+ /*
+ * - Timer for retransmitting the handshake if we don't hear back after
+@@ -60,6 +61,8 @@ static void wg_expired_retransmit_handsh
+ if (!timer_pending(&peer->timer_zero_key_material))
+ mod_peer_timer(peer, &peer->timer_zero_key_material,
+ jiffies + REJECT_AFTER_TIME * 3 * HZ);
++
++ wireguard_hotplug(peer->device->dev->name, REKEY_GIVEUP_EVENT);
+ } else {
+ ++peer->timer_handshake_attempts;
+ pr_debug("%s: Handshake for peer %llu (%pISpfsc) did not complete after %d seconds, retrying (try %d)\n",
+@@ -73,6 +76,8 @@ static void wg_expired_retransmit_handsh
+ wg_socket_clear_peer_endpoint_src(peer);
+
+ wg_packet_send_queued_handshake_initiation(peer, true);
++
++ wireguard_hotplug(peer->device->dev->name, REKEY_TIMEOUT_EVENT);
+ }
+ }
+
diff --git a/feeds/ipq807x/wireguard/patches/151-trigger-REKEY_TIMEOUT-hotplug-after-3-consecutive-fa.patch b/feeds/ipq807x/wireguard/patches/151-trigger-REKEY_TIMEOUT-hotplug-after-3-consecutive-fa.patch
new file mode 100644
index 00000000..3fcea6b9
--- /dev/null
+++ b/feeds/ipq807x/wireguard/patches/151-trigger-REKEY_TIMEOUT-hotplug-after-3-consecutive-fa.patch
@@ -0,0 +1,30 @@
+From 82d7f8de2a1b640b5545976e495b16911a105fa2 Mon Sep 17 00:00:00 2001
+From: Dongming Han <handongming@gl-inet.com>
+Date: Wed, 1 Feb 2023 19:11:20 +0800
+Subject: [PATCH] trigger REKEY_TIMEOUT hotplug after 3 consecutive failure of
+ handshake initiation
+
+detect disconnect time change from 0 ~ 2min to 15s ~ 2min15s
+Optimize the stability in packet loss environment
+---
+ src/timers.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/timers.c b/src/timers.c
+index 7f0716c..a90addf 100644
+--- a/src/timers.c
++++ b/src/timers.c
+@@ -76,8 +76,8 @@ static void wg_expired_retransmit_handshake(struct timer_list *timer)
+ wg_socket_clear_peer_endpoint_src(peer);
+
+ wg_packet_send_queued_handshake_initiation(peer, true);
+-
+- wireguard_hotplug(peer->device->dev->name, REKEY_TIMEOUT_EVENT);
++ if(peer->timer_handshake_attempts > 3)
++ wireguard_hotplug(peer->device->dev->name, REKEY_TIMEOUT_EVENT);
+ }
+ }
+
+--
+2.25.1
+
diff --git a/feeds/ipq807x/wireguard/patches/152-make-wireguard-server-not-do-handshake-initiation.patch b/feeds/ipq807x/wireguard/patches/152-make-wireguard-server-not-do-handshake-initiation.patch
new file mode 100644
index 00000000..571073dc
--- /dev/null
+++ b/feeds/ipq807x/wireguard/patches/152-make-wireguard-server-not-do-handshake-initiation.patch
@@ -0,0 +1,26 @@
+From 8bfdfc1e0546835e25ae011053ae4e52583d8220 Mon Sep 17 00:00:00 2001
+From: Dongming Han <handongming@gl-inet.com>
+Date: Wed, 1 Feb 2023 19:14:16 +0800
+Subject: [PATCH] make wireguard server not do handshake initiation
+
+---
+ src/send.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/send.c b/src/send.c
+index 55bb0c9..9860e3f 100644
+--- a/src/send.c
++++ b/src/send.c
+@@ -23,6 +23,9 @@ static void wg_packet_send_handshake_initiation(struct wg_peer *peer)
+ {
+ struct message_handshake_initiation packet;
+
++ if (!strncmp(peer->device->dev->name, "wgs", 3))
++ return;
++
+ if (!wg_birthdate_has_expired(atomic64_read(&peer->last_sent_handshake),
+ REKEY_TIMEOUT))
+ return; /* This function is rate limited. */
+--
+2.25.1
+
diff --git a/feeds/ipq807x/wireguard/src/src/hotplug.c b/feeds/ipq807x/wireguard/src/src/hotplug.c
new file mode 100644
index 00000000..62cfe092
--- /dev/null
+++ b/feeds/ipq807x/wireguard/src/src/hotplug.c
@@ -0,0 +1,82 @@
+#include <linux/workqueue.h>
+#include <linux/netlink.h>
+#include <linux/kobject.h>
+#include <linux/skbuff.h>
+#include <linux/if.h>
+
+#define SUBSYSTEM_NAME "wireguard"
+
+#define EVENT_BUF_SIZE 2048
+
+struct wg_event {
+ struct work_struct work;
+ char ifname[IFNAMSIZ];
+ const char *action;
+};
+
+
+/* -------------------------------------------------------------------------*/
+static int bh_event_add_var(struct sk_buff *skb, int argv,
+ const char *format, ...)
+{
+ static char buf[128];
+ char *s;
+ va_list args;
+ int len;
+
+ if (argv)
+ return 0;
+
+ va_start(args, format);
+ len = vsnprintf(buf, sizeof(buf), format, args);
+ va_end(args);
+
+ if (len >= sizeof(buf)) {
+ //WARN(1, "buffer size too small\n");
+ return -ENOMEM;
+ }
+
+ s = skb_put(skb, len + 1);
+ strcpy(s, buf);
+
+ return 0;
+}
+
+static void hotplug_work(struct work_struct *work)
+{
+ struct wg_event *event = container_of(work, struct wg_event, work);
+ struct sk_buff *skb;
+
+ skb = alloc_skb(EVENT_BUF_SIZE, GFP_KERNEL);
+ if (!skb)
+ goto out_free_event;
+
+ bh_event_add_var(skb, 0, "SUBSYSTEM=%s", SUBSYSTEM_NAME);
+ bh_event_add_var(skb, 0, "ACTION=%s", event->action);
+ bh_event_add_var(skb, 0, "ifname=%s", event->ifname);
+
+ NETLINK_CB(skb).dst_group = 1;
+ broadcast_uevent(skb, 0, 1, GFP_KERNEL);
+
+out_free_event:
+ kfree(event);
+}
+
+void wireguard_hotplug(const char *ifname, const char *action)
+{
+ struct wg_event *event;
+
+ if (!strcmp(ifname, "wgserver"))
+ return;
+
+ event = kzalloc(sizeof(struct wg_event), GFP_ATOMIC);
+ if (!event)
+ return;
+
+ memcpy(event->ifname, ifname, IFNAMSIZ);
+
+ event->action = action;
+
+ INIT_WORK(&event->work, hotplug_work);
+ schedule_work(&event->work);
+}
diff --git a/feeds/ipq807x/wireguard/src/src/hotplug.h b/feeds/ipq807x/wireguard/src/src/hotplug.h
new file mode 100644
index 00000000..7fb54d9d
--- /dev/null
+++ b/feeds/ipq807x/wireguard/src/src/hotplug.h
@@ -0,0 +1,13 @@
+#ifndef __HOTPLUG_H__
+#define __HOTPLUG_H__
+
+#define REKEY_GIVEUP_EVENT "REKEY-GIVEUP"
+#define REKEY_TIMEOUT_EVENT "REKEY-TIMEOUT"
+#define KEYPAIR_CREATED_EVENT "KEYPAIR-CREATED"
+
+extern void wireguard_hotplug(const char *ifname, const char *action);
+extern void wg_hotplug_init(void);
+extern void wg_hotplug_free(void);
+
+#endif
+
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink