|net-vpn/wireguard-modules: consider checking for NET_FOU instead of NET_UDP_TUNNEL
|Jason A. Donenfeld <zx2c4>
|Runtime testing required:
Description kfm 2018-11-25 20:49:27 UTC
In trying to use wireguard under gentoo for the first time, I was warned that the NET_UDP_TUNNEL option was not in effect. Even as someone who knows their way around the Kconfig system, fulfilling this option was not trivial because the option is not under one's direct control. Instead, it was necessary to read the "depends on" declaration carefully in order to determine the correct course of action. The more user-friendly approach might be to warn of the absence of NET_FOU instead. While such may not be strictly correct, it is an option that can be directly located and toggled by the user. It would also have the ebuild accord with your upstream documentation, which - as I later discovered - directly suggests that the "IP: Foo (IP protocols) over UDP" option be enabled in menuconfig.
Comment 1 Robin Hallabro-Kokko 2020-01-13 15:39:15 UTC
Maybe it is because this bug is a bit old now - but the way I see it we could simply strip NET_UDP_TUNNEL (and maybe CRYPTO_ALGAPI as well) from the ebuild. CONFIG_WIREGUARD should select the symbols NET_UDP_TUNNEL and NET_UDP_TUNNEL automatically.
Comment 2 Robin Hallabro-Kokko 2020-01-13 15:41:48 UTC
I mean it should automatically select NET_UDP_TUNNEL and CRYPTO_ALGAPI according to Kconfig.
Comment 3 kfm 2020-06-24 19:08:18 UTC
(In reply to Robin Hallabro-Kokko from comment #1) > Maybe it is because this bug is a bit old now - but the way I see it we > could simply strip NET_UDP_TUNNEL (and maybe CRYPTO_ALGAPI as well) from the > ebuild. > > CONFIG_WIREGUARD should select the symbols NET_UDP_TUNNEL and NET_UDP_TUNNEL > automatically. Indeed, it is more convenient to use >=5.6 but some people might prefer to use a longterm kernel. The 5.4 series will be supported through to the end of 2025. Also, we now have net-vpn/wireguard-modules, so it is valid that the checks continue to be defined there. I think that my request still makes sense but it would obviously need to applied to wireguard-modules at this point.