ProHoster > Блог > labaran intanet > Sakin OpenWrt 21.02.0

Sakin OpenWrt 21.02.0

An gabatar da wani sabon muhimmin sakin rarrabawar OpenWrt 21.02.0, da nufin amfani da na'urorin cibiyar sadarwa daban-daban kamar na'urori masu amfani da hanyar sadarwa, masu sauyawa da wuraren shiga. OpenWrt yana goyan bayan dandamali da gine-gine daban-daban kuma yana da tsarin taro wanda ke ba da izinin haɗawa mai sauƙi da dacewa, gami da sassa daban-daban a cikin taron, wanda ke sauƙaƙa ƙirƙirar firmware da aka shirya ko hoton diski tare da saitin da ake so na pre- shigar da fakitin daidaitacce don takamaiman ayyuka. An samar da taruka don dandamali 36 masu niyya.

Daga cikin canje-canje a cikin OpenWrt 21.02.0 ana lura da waɗannan:

  • An ƙara ƙaramin buƙatun kayan masarufi. A cikin ginanniyar tsoho, saboda haɗa ƙarin tsarin kernel na Linux, ta amfani da OpenWrt yanzu yana buƙatar na'ura mai 8 MB Flash da 64 MB RAM. Idan kuna so, har yanzu kuna iya ƙirƙirar taron ku na tsiri wanda zai iya aiki akan na'urori masu 4 MB Flash da RAM 32 MB, amma aikin irin wannan taron zai iyakance, kuma ba a tabbatar da kwanciyar hankali na aiki ba.
  • Fakitin asali ya haɗa da fakiti don tallafawa fasahar tsaro mara waya ta WPA3, wanda yanzu yana samuwa ta tsohuwa duka lokacin aiki a yanayin abokin ciniki da lokacin ƙirƙirar hanyar shiga. WPA3 yana ba da kariya daga hare-haren hasashe kalmar sirri (ba za ta ba da izinin tantance kalmar sirri a yanayin layi ba) kuma tana amfani da ka'idar tabbatar da SAE. Ana ba da ikon yin amfani da WPA3 a yawancin direbobi don na'urorin mara waya.
  • Kunshin tushe ya haɗa da goyan baya ga TLS da HTTPS ta tsohuwa, wanda ke ba ku damar samun dama ga mahaɗin Yanar Gizo na LuCI akan HTTPS kuma kuyi amfani da kayan aiki kamar wget da opkg don dawo da bayanai akan rufaffen tashoshi na sadarwa. Sabar ɗin da aka sauke ta hanyar opkg ana rarraba su kuma ana canza su zuwa aika bayanai ta HTTPS ta tsohuwa. An maye gurbin ɗakin karatu na mbedTLS da aka yi amfani da shi don ɓoyewa da wolfSSL (idan ya cancanta, zaku iya shigar da ɗakunan karatu mbedTLS da OpenSSL da hannu, waɗanda ke ci gaba da bayarwa azaman zaɓuɓɓuka). Don saita tura ta atomatik zuwa HTTPS, haɗin yanar gizon yana ba da zaɓi "uhttpd.main.redirect_https=1".
  • An aiwatar da tallafi na farko don tsarin kernel na DSA (Distributed Switch Architecture), wanda ke ba da kayan aiki don daidaitawa da sarrafa ɓangarorin maɓallan Ethernet masu haɗin gwiwa, ta amfani da hanyoyin da ake amfani da su don saita mu'amalar cibiyar sadarwa ta al'ada (iproute2, ifconfig). Ana iya amfani da DSA don saita tashoshin jiragen ruwa da VLANs a madadin kayan aikin swconfig da aka bayar a baya, amma ba duk direbobin canza canjin suna goyan bayan DSA ba tukuna. A cikin sakin da aka gabatar, an kunna DSA don ath79 (TP-Link TL-WR941ND), bcm4908, gemini, kirkwood, mediatek, mvebu, octeon, ramips (mt7621) da direbobin realtek.
  • An yi canje-canje ga tsarin daidaita fayilolin da ke cikin /etc/config/network. A cikin toshe “Config Interface”, zaɓin “ifname” an canza masa suna zuwa “na’ura”, kuma a cikin “Configu Device” toshe, zaɓin “bridge” da “ifname” an canza suna zuwa “ports”. Don sababbin shigarwa, fayiloli daban-daban tare da saituna don na'urori (Layer 2, "na'urar saita" toshe) da musaya na cibiyar sadarwa (Layer 3, "Confict Interface" block) yanzu ana samar da su. Don ci gaba da dacewa da baya, goyon baya ga tsohuwar haɗin gwiwa yana riƙe, watau. saitunan da aka ƙirƙira a baya ba za su buƙaci canje-canje ba. A wannan yanayin, a cikin mahallin yanar gizon, idan an gano tsohuwar haɗin gwiwa, za a nuna shawara don ƙaura zuwa sabon tsarin, wanda ya zama dole don gyara saitunan ta hanyar haɗin yanar gizon.

    Misalin sabon tsarin aiki: saita sunan zaɓin na'urar 'br-lan' zaɓi nau'in 'bridge' zaɓi macaddr '00:01:02:XX:XX:XX' jerin tashoshin jiragen ruwa 'lan1' jerin tashoshin jiragen ruwa 'lan2' jerin mashigai 'lan3' jerin tashoshin jiragen ruwa 'lan4' config interface 'lan' na'urar zaɓi 'br-lan' zaɓi proto 'static' zaɓi ipaddr '192.168.1.1' zaɓi netmask '255.255.255.0' zaɓi ip6assign' 60' saita na'urar zaɓi sunan 'eth1' zaɓi macaddr '00:01:02:YY:YY:YY' config interface 'wan' option device'eth1' option proto 'dhcp' config interface 'wan6' option device'eth1' option proto'dhcpv6'

    Ta hanyar kwatanci tare da fayilolin sanyi /etc/config/network, an canza sunayen filin a cikin board.json daga "ifname" zuwa "na'ura".

  • An ƙara sabon dandamali na "realtek", wanda ke ba da damar yin amfani da OpenWrt akan na'urori masu yawa na tashoshin Ethernet, kamar D-Link, ZyXEL, ALLNET, INABA da NETGEAR Ethernet masu sauyawa.
  • An ƙara sabon bcm4908 da dandamali na rockchip don na'urori dangane da Broadcom BCM4908 da Rockchip RK33xx SoCs. An warware matsalolin tallafin na'ura don dandamali masu tallafi a baya.
  • An dakatar da goyan bayan dandalin ar71xx, a maimakon haka ya kamata a yi amfani da dandalin ath79 (don na'urori dangane da ar71xx, ana ba da shawarar sake shigar da OpenWrt daga karce). Hakanan an daina goyan bayan dandamalin cns3xxx (Cavium Networks CNS3xxx), rb532 (MikroTik RB532) da samsung (SamsungTQ210).
  • Fayilolin aikace-aikacen da za a iya aiwatarwa suna haɗawa da sarrafa hanyoyin haɗin yanar gizo a cikin yanayin PIE (Matsa-Masu-Independent Executables) tare da cikakken goyan baya don bazuwar sarari adreshi (ASLR) don yin wahalar yin amfani da rashin ƙarfi a cikin irin waɗannan aikace-aikacen.
  • Lokacin gina kernel na Linux, ana kunna zaɓuɓɓuka ta tsohuwa don tallafawa fasahar keɓance akwati, ba da damar yin amfani da kayan aikin LXC da yanayin procd-ujail a cikin OpenWrt akan yawancin dandamali.
  • Ana ba da ikon ginawa tare da goyan baya ga tsarin sarrafa damar SELinux (an kashe ta tsohuwa).
  • Sigar fakitin da aka sabunta, gami da fitar da musl libc 1.1.24, glibc 2.33, gcc 8.4.0, binutils 2.34, hostapd 2020-06-08, dnsmasq 2.85, dropbear 2020.81, busybox 1.33.1 An sabunta kwaya ta Linux zuwa sigar 5.4.143, tana jigilar tarin mara waya ta cfg80211/mac80211 daga kernel 5.10.42 da tallafin Wireguard VPN mai jigilar kaya.

source: budenet.ru

Add a comment