Development discussion of WireGuard
 help / color / mirror / Atom feed
From: Maykel Moya <mmoya@mmoya.org>
To: wireguard@lists.zx2c4.com
Subject: Re: final call for Ubuntu 14.04 WireGuard support
Date: Wed, 7 Oct 2020 13:15:32 +0200	[thread overview]
Message-ID: <b79d077b-4964-2df9-6ebc-ea40bd60b747@mmoya.org> (raw)
In-Reply-To: <CAHmME9rckipsdZYW+LA=x6wCMybdFFA+VqoogFXnR=kHYiCteg@mail.gmail.com>

Hi, Jason

On 21/7/20 15:12, Jason A. Donenfeld wrote:

> If you _are_ using WireGuard on Ubuntu 14.04 or know somebody who is,
> this would be the time to pipe up, so that we don't leave anyone
> hanging. Feel free to respond to this thread regarding ongoing
> WireGuard+14.04 usage and why updating your operating system isn't
> convenient, or send me an email privately if public disclosure of your
> infrastructure isn't an option.

A little late to the party, but anyway...

I'm one of the users of Wireguard in a Ubuntu 14.04. The big red warning
in the postinst script lead me here.

Despite being on trusty, I'm using a 4.4.0 kernel provided trough
trusty-security[1], specifically package linux-image-4.4.0-148-generic
version 4.4.0-148.174~14.04.1.

Today I upgraded the wireguard version to the latest one available in
the PPA, 1.0.20200712-1ppa1~14.04.2 and the module failed to build with
the following error:

$ cat make.log
DKMS make.log for wireguard-1.0.20200712 for kernel 4.4.0-148-generic
(x86_64)
Wed Oct  7 10:28:06 UTC 2020
make: Entering directory `/usr/src/linux-headers-4.4.0-148-generic'
  LD      /var/lib/dkms/wireguard/1.0.20200712/build/built-in.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/main.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/noise.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/device.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/peer.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/timers.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/queueing.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/send.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/receive.o
  CC [M]  /var/lib/dkms/wireguard/1.0.20200712/build/socket.o
/var/lib/dkms/wireguard/1.0.20200712/build/socket.c: In function ‘send6’:
/var/lib/dkms/wireguard/1.0.20200712/build/socket.c:139:18: error:
‘const struct ipv6_stub’ has no member named ‘ipv6_dst_lookup_flow’
   dst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(sock), sock, &fl,
                  ^
make[1]: *** [/var/lib/dkms/wireguard/1.0.20200712/build/socket.o] Error 1
make: *** [_module_/var/lib/dkms/wireguard/1.0.20200712/build] Error 2
make: Leaving directory `/usr/src/linux-headers-4.4.0-148-generic'

I saw the CI and latest wireguard-linux-compat is tested against 4.4.238.

This kernel is based on upstream 4.4.177

$ cat /proc/version_signature
Ubuntu 4.4.0-148.174~14.04.1-generic 4.4.177

Given that wireguard-linux-compat aims to support kernel versions 3.10
to 5.5, I'm writing with the hope to clarify if this bug is related to
compatibility with linux 4.4.x or something related to this specific
combination of distro provided kernel and unsupported distro.

I manage to make it work by forcing the compat definition of
ipv6_dst_lookup_flow with an ugly patch, just checking for
kernel_version 4.4.177.

--- compat.h.orig       2020-07-22 14:28:54.000000000 +0000
+++ compat.h    2020-10-07 11:00:04.385854751 +0000
@@ -94,7 +94,13 @@

 #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 17, 0) && LINUX_VERSION_CODE
>= KERNEL_VERSION(3, 16, 83)
 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup_flow(b, c, d)
-#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) || (LINUX_VERSION_CODE <
KERNEL_VERSION(5, 3, 18) && LINUX_VERSION_CODE >= KERNEL_VERSION(4,
20, 0) && !defined(ISUBUNTU1904)) || (!defined(ISRHEL8) &&
!defined(ISDEBIAN) && !defined(ISUBUNTU1804) && LINUX_VERSION_CODE <
KERNEL_VERSION(4, 19, 119) && LINUX_VERSION_CODE >= KERNEL_VERSION(4
, 15, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 181) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)) || (LINUX_VERSION_CODE <
KERNEL_VERSION(4, 9, 224) && LINUX_VERSION_CODE >= KERNEL_
VERSION(4, 5, 0)) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 224) &&
!defined(ISUBUNTU1604))
+#elif (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 5)    &&
LINUX_VERSION_CODE >= KERNEL_VERSION(5, 4, 0)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(5, 3, 18)   &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 20, 0) &&
!defined(ISUBUNTU1904)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 119) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0) && !defined(ISRHEL8) &&
!defined(ISDEBIAN) && !defined(ISUBUNTU1804)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 181) &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 224)  &&
LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0)) || \
+      (LINUX_VERSION_CODE < KERNEL_VERSION(4, 4, 224)  &&
!defined(ISUBUNTU1604)) || \
+      (LINUX_VERSION_CODE == KERNEL_VERSION(4, 4, 177))
 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, &dst, c)
+ (void *)0 ?: dst
 #endif

Despite the outcome of this email, please consider aligning the
conditional clauses, they are much easier to read than having everything
in one line.

Given that Ubuntu defines in compat.h are solely based on kernel
versions and support for older releases will be dropped at some point, I
don't know if the decent fix for this is to change the latest clause from:

kernel_version < 4.4.224 && !ubuntu_1604

to just:

kernel_version < 4.4.224

Thanks for the great work,
maykel

[1]:
http://security.ubuntu.com/ubuntu/dists/trusty-security/main/binary-amd64/

  parent reply	other threads:[~2020-10-07 11:15 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-21 13:12 Jason A. Donenfeld
2020-07-22 15:03 ` Jason A. Donenfeld
2020-10-07 11:15 ` Maykel Moya [this message]
2020-10-07 11:23 ` Jason A. Donenfeld
2021-12-13 14:10   ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b79d077b-4964-2df9-6ebc-ea40bd60b747@mmoya.org \
    --to=mmoya@mmoya.org \
    --cc=wireguard@lists.zx2c4.com \
    --subject='Re: final call for Ubuntu 14.04 WireGuard support' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).