ProHoster > Блог > labaran intanet > FreeBSD 13.2 saki tare da Netlink da WireGuard goyon bayan

FreeBSD 13.2 saki tare da Netlink da WireGuard goyon bayan

Bayan watanni 11 na haɓaka, FreeBSD 13.2 an sake shi. Ana samar da hotunan shigarwa don amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64 da riscv64 gine-gine. Bugu da ƙari, an shirya taruka don tsarin ƙirƙira (QCOW2, VHD, VMDK, raw) da yanayin girgije Amazon EC2, Google Compute Engine da Vagrant.

Canje-canje masu mahimmanci:

  • An aiwatar da ikon ƙirƙirar hotuna na tsarin fayil na UFS da FFS tare da kunna shigar (sabuntawa mai laushi). Hakanan an ƙara goyan baya don ajiyar baya na juji (juji mai gudana tare da tutar “-L”) tare da abubuwan da ke cikin tsarin fayil ɗin UFS lokacin da aka kunna aikin jarida. Ɗaya daga cikin fasalulluka waɗanda ba a samuwa yayin amfani da shiga shine aiwatar da bayanan bayanan gaskiya ta amfani da fsck utility.
  • Babban abun da ke ciki ya haɗa da direban wg da ke aiki a matakin kernel tare da aiwatar da hanyar sadarwa don VPN WireGuard. Don amfani da algorithm ɗin ƙirƙira da direba ke buƙata, API na FreeBSD kernel crypto-subsystem an ƙara shi, wanda aka ƙara kayan aiki wanda ke ba da damar amfani da algorithms daga ɗakin karatu na libsodium waɗanda ba a tallafawa a cikin FreeBSD ta daidaitaccen crypto-API. . A yayin aiwatar da haɓakawa, an kuma aiwatar da haɓakawa don daidaita daidaitattun ɗaurin ɓoyayyen fakiti da ayyukan ɓarnawa ga kwas ɗin CPU, wanda ya rage sama da ƙasa yayin sarrafa fakitin WireGuard.

    Ƙoƙarin ƙarshe na haɗa WireGuard a cikin FreeBSD an yi shi ne a cikin 2020, amma ya ƙare a cikin abin kunya, sakamakon haka an cire lambar da aka riga aka ƙara saboda ƙarancin inganci, aikin rashin kulawa tare da buffers, amfani da stubs maimakon cak, aiwatar da rashin cikawa. na yarjejeniya da keta lasisin GPL. Sabuwar aiwatarwa an shirya shi tare da ƙungiyoyin ci gaba na FreeBSD da WireGuard, tare da gudummawa daga Jason A. Donenfeld, marubucin WireGuard VPN, da John H. Baldwin, sanannen mai haɓaka FreeBSD. An gudanar da cikakken bitar canje-canje tare da tallafin Gidauniyar FreeBSD kafin a karɓi sabuwar lambar.

  • An aiwatar da goyan bayan ka'idar sadarwa ta Netlink (RFC 3549), da aka yi amfani da ita a cikin Linux don tsara hulɗar kernel tare da matakai a cikin sararin mai amfani. An iyakance aikin don tallafawa dangin NETLINK_ROUTE na ayyuka don sarrafa yanayin tsarin tsarin cibiyar sadarwa a cikin kernel, wanda ke ba FreeBSD damar amfani da Linux ip utility daga kunshin iproute2 don gudanar da mu'amalar hanyar sadarwa, saita adiresoshin IP, saita hanyar sadarwa da sarrafa nexthop. abubuwan da ke adana bayanan jihar da aka yi amfani da su don watsa fakitin zuwa inda ake so.
  • Duk tsarin aiwatar da tsarin tushe akan dandamali 64-bit suna da Randomization Space Layout Randomization (ASLR) wanda aka kunna ta tsohuwa. Don musaki ASLR, zaku iya amfani da umarnin "proccontrol -m aslr -s disable" ko "elfctl -e +noaslr".
  • A cikin ipfw, ana amfani da tebur na radix don bincika adiresoshin MAC, wanda ke ba ku damar ƙirƙirar tebur tare da adiresoshin MAC kuma amfani da su don tace zirga-zirga. Misali: ipfw tebur 1 ƙirƙirar nau'in mac ipfw tebur 1 ƙara 11:22:33:44:55:66/48 ipfw ƙara skipto tablearg src-mac 'tebur (1)' ipfw ƙara src-mac' tebur (1, 100)' ipfw ƙara ƙaryata binciken dst-mac 1
  • Kernel modules dpdk_lpm4 da dpdk_lpm6 an ƙara kuma suna samuwa don yin lodi ta hanyar loader.conf tare da aiwatar da hanyar bincike na hanyar DIR-24-8 don IPv4/IPv6, wanda ke ba ku damar inganta ayyukan motsa jiki don runduna tare da manyan tebur na kewayawa ( a cikin gwaje-gwaje, ana ganin karuwar saurin 25%). Don saita samfura, ana iya amfani da daidaitaccen hanyar amfani (an ƙara zaɓin FIB_ALGO).
  • An sabunta aiwatar da tsarin fayil na ZFS don sakin OpenZFS 2.1.9. Rubutun farawa zfskeys yana ba da lodi ta atomatik na maɓallan da aka adana a cikin tsarin fayil ɗin ZFS. An ƙara sabon rubutun RC zpoolreguid don sanya GUID zuwa zpools ɗaya ko fiye (misali mai amfani ga mahallin haɓaka bayanan da aka raba).
  • Bhyve hypervisor da vmm module suna goyan bayan haɗe sama da 15 CPUs na kama-da-wane zuwa tsarin baƙo (wanda aka tsara ta sysctl hw.vmm.maxcpu). Utility na bhyve yana aiwatar da kwaikwaya na na'urar shigar da virtio, da ita zaku iya musanyawa abubuwan shigar da madannai da linzamin kwamfuta a cikin tsarin baƙi.
  • A cikin KTLS, aiwatar da ka'idar TLS da ke gudana a matakin kernel na FreeBSD, an ƙara tallafi don haɓaka kayan masarufi na TLS 1.3 ta hanyar saukar da wasu ayyuka masu alaƙa da sarrafa fakiti masu shigowa cikin rufaffen zuwa katin sadarwar. A baya can, ana samun irin wannan fasalin don TLS 1.1 da TLS 1.2.
  • A cikin rubutun farawa growfs, lokacin haɓaka tsarin fayil ɗin tushen, yana yiwuwa a ƙara ɓangaren musanyawa idan irin wannan ɓangaren ya ɓace da farko (misali, yana da amfani lokacin shigar da hoton tsarin da aka shirya akan katin SD). Don sarrafa girman musanya, an ƙara sabon siga growfs_swap_size zuwa rc.conf.
  • Rubutun farawa mai masaukin baki yana tabbatar da cewa an samar da UUID bazuwar idan fayil ɗin /etc/hostid ya ɓace kuma ba za a iya samun UUID daga kayan aikin ba. Hakanan an ƙara fayil ɗin /etc/machine-id tare da taƙaitaccen wakilcin ID ɗin mai masaukin (babu sarƙoƙi).
  • An ƙara masu canjin defaultrouter_fibN da ipv6_defaultrouter_fibN zuwa rc.conf, ta inda zaku iya ƙara tsoffin hanyoyin zuwa teburin FIB ban da na farko.
  • An ƙara tallafi don hashes SHA-512/224 zuwa ɗakin karatu na libmd.
  • Laburaren pthread yana ba da goyan baya ga fassarar ayyukan da aka yi amfani da su a cikin Linux.
  • Ƙara goyon baya don ƙaddamar da kiran tsarin Linux zuwa kdump. Ƙara goyon baya don tsarin tsarin tsarin tsarin Linux na gano kira zuwa kdump da sysdecode.
  • Mai amfani na killall yanzu yana da ikon aika sigina zuwa matakai da aka ɗaure zuwa takamaiman tasha (misali, "killall -t pts/1").
  • Ƙara nproc mai amfani don nuna adadin tubalan ƙididdiga da ke samuwa ga tsarin yanzu.
  • An ƙara goyan bayan ƙaddamar da sigogi na ACS (Sabis na Sarrafa Shiga) zuwa kayan aikin pciconf.
  • An ƙara saitin SPLIT_KERNEL_DEBUG zuwa kernel, wanda ke ba ka damar adana bayanan gyara ga kernel da kernel a cikin fayiloli daban-daban.
  • Linux ABI ya kusan cika tare da goyan baya ga tsarin vDSO (gaban abubuwa masu ƙarfi na zahiri), wanda ke ba da ƙayyadaddun tsarin kiran tsarin da ake samu a sararin mai amfani ba tare da sauya mahallin ba. An kawo Linux ABI akan tsarin ARM64 zuwa daidaito tare da aiwatar da gine-ginen AMD64.
  • Ingantattun tallafin kayan masarufi. Ƙara tallafi na saka idanu (hwpmc) don Intel Alder Lake CPUs. An sabunta direban iwlwifi na katunan mara waya ta Intel tare da goyan bayan sabbin kwakwalwan kwamfuta da ma'aunin 802.11ac. Ƙara direban rtw88 don katunan mara waya ta Realtek tare da keɓancewar PCI. An faɗaɗa ƙarfin Layer linuxkpi don amfani tare da direbobin Linux a cikin FreeBSD.
  • An sabunta ɗakin karatu na OpenSSL zuwa sigar 1.1.1t, LLVM/Clang zuwa sigar 14.0.5, kuma an sabunta uwar garken SSH da abokin ciniki zuwa OpenSSH 9.2p1 (sigar baya da aka yi amfani da OpenSSH 8.8p1). Hakanan an sabunta su ne nau'ikan bc 6.2.4, expat 2.5.0, fayil 5.43, ƙasa da 608, libarchive 3.6.2, aika saƙon 8.17.1, sqlite 3.40.1, unbound 1.17.1, zlib 1.2.13.

Bugu da ƙari, an ba da sanarwar cewa, farawa daga reshen FreeBSD 14.0, OPIE kalmomin shiga na lokaci ɗaya, ce da direbobin cp, direbobi don katunan ISA, kayan aikin haɗin gwiwa da minigzip, abubuwan ATM a cikin netgraph (NgATM), tsarin bayanan telnetd da VINUM ajin geom.

source: budenet.ru

Add a comment