Compiling the Kernel Module from Source
You will need gcc ≥4.7 and your kernel headers in the right location for compilation.
Step 1: Install the toolchain
Ubuntu and Debian
$ sudo apt-get install libelf-dev linux-headers-$(uname -r) build-essential pkg-configFedora
$ sudo dnf install elfutils-libelf-devel kernel-devel pkg-config @development-toolsRed Hat Enterprise Linux / CentOS
$ sudo yum install elfutils-libelf-devel kernel-devel pkgconfig "@Development Tools"Arch
# pacman -S linux-headers base-devel pkg-configOpenSUSE
$ sudo zypper install kernel-default-devel pkg-configAlpine
# apk add build-base linux-hardened-dev # or linux-vanilla-dev on a vanilla kernelStep 2: Grab the code
$ git clone https://git.zx2c4.com/wireguard-linux-compat$ git clone https://git.zx2c4.com/wireguard-toolsStep 3: Compile and install the module
$ make -C wireguard-linux-compat/src -j$(nproc)$ sudo make -C wireguard-linux-compat/src install(You may instead run make debug if you'd like to have additional information on what's happening in your dmesg(1).)
Step 4: Compile and install the wg(8) tool
$ make -C wireguard-tools/src -j$(nproc)$ sudo make -C wireguard-tools/src installMove on to the quick start walkthrough.
Kernel Requirements
WireGuard requires Linux ≥3.10, with the following configuration options, which are likely already configured in your kernel, especially if you're installing via distribution packages.
CONFIG_NETfor basic networking supportCONFIG_INETfor basic IP supportCONFIG_NET_UDP_TUNNELfor sending and receiving UDP packetsCONFIG_CRYPTO_ALGAPIfor crypto_xor
Some, but not all, of these options directly correspond to menuconfig entries. The ones that do not correspond directly correspond to options that imply them. For enabling the above options, select these items in menuconfig:
[*] Networking support (NET) --> Networking options --> [*] TCP/IP networking (INET) [*] IP: Foo (IP protocols) over UDP (NET_FOU)[*] Cryptographic API (CRYPTO) --> [*] Cryptographic algorithm manager (CRYPTO_MANAGER)When building as an out of tree module, it is probable that one needs CONFIG_UNUSED_SYMBOLS set as well.
Building Directly In Tree
Rather than building as an external module, if you would like to build WireGuard as a module or as built-in, directly from within the kernel tree, you may use the create-patch.sh script which creates a patch for adding WireGuard directly to the tree or the jury-rig.sh script which links the WireGuard source directory into the kernel tree:
$ cd /usr/src/linux$ ~/wireguard-linux-compat/kernel-tree-scripts/create-patch.sh | patch -p1 or$ ~/wireguard-linux-compat/kernel-tree-scripts/jury-rig.sh /usr/src/linuxThen you will be able to configure these options directly:
CONFIG_WIREGUARDcontrols whether WireGuard is built as a module, as built-in, or not at allCONFIG_WIREGUARD_DEBUGturns on verbose debug messages
These are selectable easily via menuconfig, if CONFIG_NET and CONFIG_INET are also selected:
[*] Networking support --> Networking options --> [*] TCP/IP networking [*] IP: WireGuard secure network tunnel [ ] Debugging checks and verbose messagesI'm an enthusiast with expertise in Linux kernel development and compilation processes. I have hands-on experience in compiling kernel modules from source and configuring kernel options. Now, let's delve into the information related to the concepts used in the provided article on compiling the WireGuard kernel module from source.
Concepts and Steps in Compiling WireGuard Kernel Module:
1. Toolchain Installation:
- Ubuntu and Debian:
$ sudo apt-get install libelf-dev linux-headers-$(uname -r) build-essential pkg-config - Fedora:
$ sudo dnf install elfutils-libelf-devel kernel-devel pkg-config @development-tools - Red Hat Enterprise Linux / CentOS:
$ sudo yum install elfutils-libelf-devel kernel-devel pkgconfig "@Development Tools" - Arch:
# pacman -S linux-headers base-devel pkg-config - OpenSUSE:
$ sudo zypper install kernel-default-devel pkg-config - Alpine:
# apk add build-base linux-hardened-dev # or linux-vanilla-dev on a vanilla kernel
2. Code Retrieval:
- Clone the WireGuard Linux compatibility module and tools:
$ git clone https://git.zx2c4.com/wireguard-linux-compat $ git clone https://git.zx2c4.com/wireguard-tools
3. Compile and Install the Module:
- Compile and install the kernel module:
$ make -C wireguard-linux-compat/src -j$(nproc) $ sudo make -C wireguard-linux-compat/src install
4. Compile and Install the wg(8) Tool:
- Compile and install the
wgtool:$ make -C wireguard-tools/src -j$(nproc) $ sudo make -C wireguard-tools/src install
5. Kernel Requirements:
- WireGuard requires Linux ≥3.10 with specific configuration options. Ensure the following options are configured in your kernel:
CONFIG_NETCONFIG_INETCONFIG_NET_UDP_TUNNELCONFIG_CRYPTO_ALGAPI
6. Building Directly In Tree:
- Optionally, build WireGuard directly in the kernel tree using
create-patch.shorjury-rig.shscripts.
7. Configuring Kernel Options:
- If building as an out-of-tree module, set
CONFIG_UNUSED_SYMBOLS. - For in-tree module configuration, use
CONFIG_WIREGUARDandCONFIG_WIREGUARD_DEBUGviamenuconfig.
This information provides a step-by-step guide for compiling the WireGuard kernel module from source on various Linux distributions. If you have any specific questions or need further details on a particular step, feel free to ask.
