Re: final call for Ubuntu 14.04 WireGuard support

[Maykel Moya <mmoya@mmoya.org>]

Hi, Jason

On 21/7/20 15:12, Jason A. Donenfeld wrote:

> If you _are_ using WireGuard on Ubuntu 14.04 or know somebody who is,
> this would be the time to pipe up, so that we don't leave anyone
> hanging. Feel free to respond to this thread regarding ongoing
> WireGuard+14.04 usage and why updating your operating system isn't
> convenient, or send me an email privately if public disclosure of your
> infrastructure isn't an option.

A little late to the party, but anyway...

I'm one of the users of Wireguard in a Ubuntu 14.04. The big red warning
in the postinst script lead me here.

Despite being on trusty, I'm using a 4.4.0 kernel provided trough
trusty-security[1], specifically package linux-image-4.4.0-148-generic
version 4.4.0-148.174~14.04.1.

Today I upgraded the wireguard version to the latest one available in
the PPA, 1.0.20200712-1ppa1~14.04.2 and the module failed to build with
the following error:

$ cat make.log
DKMS make.log for wireguard-1.0.20200712 for kernel 4.4.0-148-generic
(x86_64)
Wed Oct  7 10:28:06 UTC 2020
make: Entering directory `/usr/src/linux-headers-4.4.0-148-generic'
  LD      /var/lib/dkms/wireguard/1.0.20200712/build/built-in.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/main.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/noise.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/device.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/peer.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/timers.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/queueing.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/send.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/receive.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/socket.o
/var/lib/dkms/wireguard/1.0.20200712/build/socket.c: In function ‘send6’:
/var/lib/dkms/wireguard/1.0.20200712/build/socket.c:139:18: error:
‘const struct ipv6_stub’ has no member named ‘ipv6_dst_lookup_flow’
   dst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(sock), sock, &fl,
                  ^
make[1]: *** [/var/lib/dkms/wireguard/1.0.20200712/build/socket.o] Error 1
make: *** [_module_/var/lib/dkms/wireguard/1.0.20200712/build] Error 2
make: Leaving directory `/usr/src/linux-headers-4.4.0-148-generic'

I saw the CI and latest wireguard-linux-compat is tested against 4.4.238.

This kernel is based on upstream 4.4.177

$ cat /proc/version_signature
Ubuntu 4.4.0-148.174~14.04.1-generic 4.4.177

Given that wireguard-linux-compat aims to support kernel versions 3.10
to 5.5, I'm writing with the hope to clarify if this bug is related to
compatibility with linux 4.4.x or something related to this specific
combination of distro provided kernel and unsupported distro.

I manage to make it work by forcing the compat definition of
ipv6_dst_lookup_flow with an ugly patch, just checking for
kernel_version 4.4.177.

--- compat.h.orig       2020-07-22 14:28:54.000000000 +0000
+++ compat.h    2020-10-07 11:00:04.385854751 +0000
@@ -94,7 +94,13 @@

 #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 17, 0) && LINUX_VERSION_CODE
>= KERNEL_VERSION(3, 16, 83)
 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup_flow(b, c, d)
-#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) || (LINUX_VERSION_CODE <
KERNEL_VERSION(5, 3, 18) && LINUX_VERSION_CODE >= KERNEL_VERSION(4,
20, 0) && !defined(ISUBUNTU1904)) || (!defined(ISRHEL8) &&
!defined(ISDEBIAN) && !defined(ISUBUNTU1804) && LINUX_VERSION_CODE <
KERNEL_VERSION(4, 19, 119) && LINUX_VERSION_CODE >= KERNEL_VERSION(4
, 15, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 181) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)) || (LINUX_VERSION_CODE <
KERNEL_VERSION(4, 9, 224) && LINUX_VERSION_CODE >= KERNEL_
VERSION(4, 5, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 224) &&
!defined(ISUBUNTU1604))
+#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5)    &&
LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18)   &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 20, 0) &&
!defined(ISUBUNTU1904)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 119) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0) && !defined(ISRHEL8) &&
!defined(ISDEBIAN) && !defined(ISUBUNTU1804)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 181) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 224)  &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 224)  &&
!defined(ISUBUNTU1604)) || \
+      (LINUX_VERSION_CODE == KERNEL_VERSION(4, 4, 177))
 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, &dst, c)
+ (void *)0 ?: dst
 #endif

Despite the outcome of this email, please consider aligning the
conditional clauses, they are much easier to read than having everything
in one line.

Given that Ubuntu defines in compat.h are solely based on kernel
versions and support for older releases will be dropped at some point, I
don't know if the decent fix for this is to change the latest clause from:

kernel_version < 4.4.224 && !ubuntu_1604

to just:

kernel_version < 4.4.224

Thanks for the great work,
maykel

[1]:
http://security.ubuntu.com/ubuntu/dists/trusty-security/main/binary-amd64/