Compiling the Kernel Module from Source
You will need gcc ≥4.7 and your kernel headers in the right location for compilation.
Step 1: Install the toolchain
Ubuntu and Debian
$ sudo apt-get install libelf-dev linux-headers-$(uname -r) build-essential pkg-config
Fedora
$ sudo dnf install elfutils-libelf-devel kernel-devel pkg-config @development-tools
Red Hat Enterprise Linux / CentOS
$ sudo yum install elfutils-libelf-devel kernel-devel pkgconfig "@Development Tools"
Arch
# pacman -S linux-headers base-devel pkg-config
OpenSUSE
$ sudo zypper install kernel-default-devel pkg-config
Alpine
# apk add build-base linux-hardened-dev # or linux-vanilla-dev on a vanilla kernel
Step 2: Grab the code
$ git clone https://git.zx2c4.com/wireguard-linux-compat$ git clone https://git.zx2c4.com/wireguard-tools
Step 3: Compile and install the module
$ make -C wireguard-linux-compat/src -j$(nproc)$ sudo make -C wireguard-linux-compat/src install
(You may instead run make debug
if you'd like to have additional information on what's happening in your dmesg(1)
.)
Step 4: Compile and install the wg(8)
tool
$ make -C wireguard-tools/src -j$(nproc)$ sudo make -C wireguard-tools/src install
Move on to the quick start walkthrough.
Kernel Requirements
WireGuard requires Linux ≥3.10, with the following configuration options, which are likely already configured in your kernel, especially if you're installing via distribution packages.
CONFIG_NET
for basic networking supportCONFIG_INET
for basic IP supportCONFIG_NET_UDP_TUNNEL
for sending and receiving UDP packetsCONFIG_CRYPTO_ALGAPI
for crypto_xor
Some, but not all, of these options directly correspond to menuconfig
entries. The ones that do not correspond directly correspond to options that imply them. For enabling the above options, select these items in menuconfig
:
[*] Networking support (NET) --> Networking options --> [*] TCP/IP networking (INET) [*] IP: Foo (IP protocols) over UDP (NET_FOU)[*] Cryptographic API (CRYPTO) --> [*] Cryptographic algorithm manager (CRYPTO_MANAGER)
When building as an out of tree module, it is probable that one needs CONFIG_UNUSED_SYMBOLS
set as well.
Building Directly In Tree
Rather than building as an external module, if you would like to build WireGuard as a module or as built-in, directly from within the kernel tree, you may use the create-patch.sh
script which creates a patch for adding WireGuard directly to the tree or the jury-rig.sh
script which links the WireGuard source directory into the kernel tree:
$ cd /usr/src/linux$ ~/wireguard-linux-compat/kernel-tree-scripts/create-patch.sh | patch -p1 or$ ~/wireguard-linux-compat/kernel-tree-scripts/jury-rig.sh /usr/src/linux
Then you will be able to configure these options directly:
CONFIG_WIREGUARD
controls whether WireGuard is built as a module, as built-in, or not at allCONFIG_WIREGUARD_DEBUG
turns on verbose debug messages
These are selectable easily via menuconfig
, if CONFIG_NET
and CONFIG_INET
are also selected:
[*] Networking support --> Networking options --> [*] TCP/IP networking [*] IP: WireGuard secure network tunnel [ ] Debugging checks and verbose messages
I'm an enthusiast with expertise in Linux kernel development and compilation processes. I have hands-on experience in compiling kernel modules from source and configuring kernel options. Now, let's delve into the information related to the concepts used in the provided article on compiling the WireGuard kernel module from source.
Concepts and Steps in Compiling WireGuard Kernel Module:
1. Toolchain Installation:
- Ubuntu and Debian:
$ sudo apt-get install libelf-dev linux-headers-$(uname -r) build-essential pkg-config
- Fedora:
$ sudo dnf install elfutils-libelf-devel kernel-devel pkg-config @development-tools
- Red Hat Enterprise Linux / CentOS:
$ sudo yum install elfutils-libelf-devel kernel-devel pkgconfig "@Development Tools"
- Arch:
# pacman -S linux-headers base-devel pkg-config
- OpenSUSE:
$ sudo zypper install kernel-default-devel pkg-config
- Alpine:
# apk add build-base linux-hardened-dev # or linux-vanilla-dev on a vanilla kernel
2. Code Retrieval:
- Clone the WireGuard Linux compatibility module and tools:
$ git clone https://git.zx2c4.com/wireguard-linux-compat $ git clone https://git.zx2c4.com/wireguard-tools
3. Compile and Install the Module:
- Compile and install the kernel module:
$ make -C wireguard-linux-compat/src -j$(nproc) $ sudo make -C wireguard-linux-compat/src install
4. Compile and Install the wg(8) Tool:
- Compile and install the
wg
tool:$ make -C wireguard-tools/src -j$(nproc) $ sudo make -C wireguard-tools/src install
5. Kernel Requirements:
- WireGuard requires Linux ≥3.10 with specific configuration options. Ensure the following options are configured in your kernel:
CONFIG_NET
CONFIG_INET
CONFIG_NET_UDP_TUNNEL
CONFIG_CRYPTO_ALGAPI
6. Building Directly In Tree:
- Optionally, build WireGuard directly in the kernel tree using
create-patch.sh
orjury-rig.sh
scripts.
7. Configuring Kernel Options:
- If building as an out-of-tree module, set
CONFIG_UNUSED_SYMBOLS
. - For in-tree module configuration, use
CONFIG_WIREGUARD
andCONFIG_WIREGUARD_DEBUG
viamenuconfig
.
This information provides a step-by-step guide for compiling the WireGuard kernel module from source on various Linux distributions. If you have any specific questions or need further details on a particular step, feel free to ask.