6 files changed, 228 insertions, 0 deletions
diff --git a/network/amneziawg-kernel/README b/network/amneziawg-kernel/README
new file mode 100644
index 0000000000..8d5512de05
--- /dev/null
+++ b/network/amneziawg-kernel/README
@@ -0,0 +1,28 @@
+AmneziaWG is a contemporary version of the popular VPN protocol,
+WireGuard. It's a fork of WireGuard and offers protection against
+detection by Deep Packet Inspection (DPI) systems. At the same time, it
+retains the simplified architecture and high performance of the
+original.
+
+The progenitor of AmneziaWG, WireGuard, is known for its efficiency, but
+it does have issues with detection due to distinctive packet
+signatures. AmneziaWG addresses this problem by employing advanced
+obfuscation methods, allowing its traffic to blend seamlessly with
+regular internet traffic. As a result, AmneziaWG maintains high
+performance while adding an extra layer of stealth, making it a superb
+choice for those seeking a fast and discreet VPN connection.
+
+Features of AmneziaWG include:
+
+- Availability with AmneziaVPN on all platforms.
+- Low energy consumption.
+- Minimal configuration needed.
+- Undetectable by DPI analysis systems, resistant to blocking.
+- Operates over the UDP network protocol.
+
+This supplies the kernel module for AmneziaWG. You need to install
+amneziawg-tools to configure your WireGuard tunnels.
+
+To build the package for a kernel different from the running one,
+start the script setting the KERNEL variable as in
+  KERNEL=5.15.187 ./amneziawg-kernel.SlackBuild
diff --git a/network/amneziawg-kernel/amneziawg-kernel.SlackBuild b/network/amneziawg-kernel/amneziawg-kernel.SlackBuild
new file mode 100644
index 0000000000..ea1cd4e787
--- /dev/null
+++ b/network/amneziawg-kernel/amneziawg-kernel.SlackBuild
@@ -0,0 +1,106 @@
+#!/bin/bash
+
+# Slackware build script for amneziawg-kernel
+
+# Copyright 2025 Vladislav 'fsLeg' Borisov, Moscow, Russia
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
+#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PRGNAM=amneziawg-kernel
+VERSION=${VERSION:-1.0.20241112}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+PKGTYPE=${PKGTYPE:-tgz}
+
+TARNAM=amneziawg-linux-kernel-module
+KERNEL=${KERNEL:-$(uname -r)}
+KERNELSRCDIR=${KERNELSRCDIR:-/lib/modules/$KERNEL/build}
+PKGVER=${VERSION}_$(echo $KERNEL | tr - _)
+
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i586 ;;
+    arm*) ARCH=arm ;;
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PRGNAM-$PKGVER-$ARCH-$BUILD$TAG.$PKGTYPE"
+  exit 0
+fi
+
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+elif [ "$ARCH" = "aarch64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+else
+  SLKCFLAGS="-O2"
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $TARNAM-$VERSION
+tar xvf $CWD/$TARNAM-$VERSION.tar.gz
+cd $TARNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+  -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+patch -p1 < $CWD/fix-get_random_u8-absence-in-older-kernels.patch
+
+cd src
+ln -s $(readlink -f $KERNELSRCDIR) kernel
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+KERNELRELEASE=$KERNEL \
+make
+install -Dm644 -t $PKG/lib/modules/$KERNEL/extra amneziawg.ko
+cd ..
+
+find $PKG -name "*.ko" -exec strip --strip-debug "{}" \;
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a \
+  COPYING README.md \
+  $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+sed "s%@KERNEL@%$KERNEL%" $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$PKGVER-$ARCH-$BUILD$TAG.$PKGTYPE
diff --git a/network/amneziawg-kernel/amneziawg-kernel.info b/network/amneziawg-kernel/amneziawg-kernel.info
new file mode 100644
index 0000000000..6cf0505c71
--- /dev/null
+++ b/network/amneziawg-kernel/amneziawg-kernel.info
@@ -0,0 +1,10 @@
+PRGNAM="amneziawg-kernel"
+VERSION="1.0.20241112"
+HOMEPAGE="https://github.com/amnezia-vpn/amneziawg-linux-kernel-module"
+DOWNLOAD="https://github.com/amnezia-vpn/amneziawg-linux-kernel-module/archive/v1.0.20241112/amneziawg-linux-kernel-module-1.0.20241112.tar.gz"
+MD5SUM="175beebdc865b828a66257146a548264"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES=""
+MAINTAINER="Vladislav 'fsLeg' Borisov"
+EMAIL="fsleg@t-rg.ws"
diff --git a/network/amneziawg-kernel/doinst.sh b/network/amneziawg-kernel/doinst.sh
new file mode 100644
index 0000000000..766ff48186
--- /dev/null
+++ b/network/amneziawg-kernel/doinst.sh
@@ -0,0 +1 @@
+chroot . /sbin/depmod -a @KERNEL@
diff --git a/network/amneziawg-kernel/fix-get_random_u8-absence-in-older-kernels.patch b/network/amneziawg-kernel/fix-get_random_u8-absence-in-older-kernels.patch
new file mode 100644
index 0000000000..d354055272
--- /dev/null
+++ b/network/amneziawg-kernel/fix-get_random_u8-absence-in-older-kernels.patch
@@ -0,0 +1,64 @@
+commit 7e7dfca6b2824e5a14c5b011a4e05aac89d85231
+Author: Iurii Egorov <ye@amnezia.org>
+Date:   Fri Nov 15 12:54:46 2024 +0300
+
+    Fix get_random_u8() absence in older kernels
+    
+    Signed-off-by: Iurii Egorov <ye@amnezia.org>
+
+diff --git a/src/netlink.c b/src/netlink.c
+index 5043bb3..29049ba 100644
+--- a/src/netlink.c
++++ b/src/netlink.c
+@@ -232,7 +232,7 @@ static inline int parse_ipv6_prefix(const char *prefix_str, struct ipv6_prefix *
+ static inline int generate_ipv6_address_with_prefix(const struct ipv6_prefix *prefix, u8 *addr)
+ {
+ 	int prefix_bytes, prefix_bits;
+-	u8 mask;
++	u8 mask, random_byte;
+ 
+ 	if (!prefix || !addr)
+ 		return -EINVAL;
+@@ -246,9 +246,10 @@ static inline int generate_ipv6_address_with_prefix(const struct ipv6_prefix *pr
+ 		get_random_bytes(addr + prefix_bytes, 16 - prefix_bytes);
+ 
+ 		if (prefix_bits != 0) {
++			get_random_bytes(&random_byte, sizeof(random_byte));
+ 			mask = (u8)(0xFF << (8 - prefix_bits));
+ 			addr[prefix_bytes] &= mask;
+-			addr[prefix_bytes] |= get_random_u8() & ~mask;
++			addr[prefix_bytes] |= random_byte & ~mask;
+ 		}
+ 	}
+ 
+diff --git a/src/patches/007-random-bytes-fix.patch b/src/patches/007-random-bytes-fix.patch
+new file mode 100644
+index 0000000..d898a79
+--- /dev/null
++++ b/src/patches/007-random-bytes-fix.patch
+@@ -0,0 +1,25 @@
++diff --git netlink.c netlink.c
++index 5043bb3..29049ba 100644
++--- netlink.c
+++++ netlink.c
++@@ -232,7 +232,7 @@ static inline int parse_ipv6_prefix(const char *prefix_str, struct ipv6_prefix *
++ static inline int generate_ipv6_address_with_prefix(const struct ipv6_prefix *prefix, u8 *addr)
++ {
++ 	int prefix_bytes, prefix_bits;
++-	u8 mask;
+++	u8 mask, random_byte;
++ 
++ 	if (!prefix || !addr)
++ 		return -EINVAL;
++@@ -246,9 +246,10 @@ static inline int generate_ipv6_address_with_prefix(const struct ipv6_prefix *pr
++ 		get_random_bytes(addr + prefix_bytes, 16 - prefix_bytes);
++ 
++ 		if (prefix_bits != 0) {
+++			get_random_bytes(&random_byte, sizeof(random_byte));
++ 			mask = (u8)(0xFF << (8 - prefix_bits));
++ 			addr[prefix_bytes] &= mask;
++-			addr[prefix_bytes] |= get_random_u8() & ~mask;
+++			addr[prefix_bytes] |= random_byte & ~mask;
++ 		}
++ 	}
++ 
diff --git a/network/amneziawg-kernel/slack-desc b/network/amneziawg-kernel/slack-desc
new file mode 100644
index 0000000000..3e6c42d5d9
--- /dev/null
+++ b/network/amneziawg-kernel/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+                |-----handy-ruler------------------------------------------------------|
+amneziawg-kernel: amneziawg-kernel (AmneziaWG Linux kernel module)
+amneziawg-kernel:
+amneziawg-kernel: AmneziaWG is a contemporary version of the popular VPN protocol,
+amneziawg-kernel: WireGuard. It's a fork of WireGuard and offers protection against
+amneziawg-kernel: detection by Deep Packet Inspection (DPI) systems. At the same time,
+amneziawg-kernel: it retains the simplified architecture and high performance of the
+amneziawg-kernel: original.
+amneziawg-kernel:
+amneziawg-kernel: This supplies the kernel module for AmneziaWG.
+amneziawg-kernel:
+amneziawg-kernel: