ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > FreeBSD 13.2 tso tawm nrog Netlink thiab WireGuard kev txhawb nqa

FreeBSD 13.2 tso tawm nrog Netlink thiab WireGuard kev txhawb nqa

Tom qab 11 lub hlis ntawm kev txhim kho, FreeBSD 13.2 tau tso tawm. Kev teeb tsa cov duab yog tsim rau amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64 thiab riscv64 architectures. Tsis tas li ntawd, cov rooj sib txoos tau npaj rau cov tshuab virtualization (QCOW2, VHD, VMDK, raw) thiab huab cua puag ncig Amazon EC2, Google Compute Engine thiab Vagrant.

Cov kev hloov pauv tseem ceeb:

  • Lub peev xwm los tsim snapshots ntawm UFS thiab FFS cov ntaub ntawv tshuab nrog kev nkag tau qhib (qhov hloov tshiab tshiab) tau ua tiav. Kuj tseem ntxiv kev txhawb nqa rau kev txuag keeb kwm yav dhau los ntawm cov pob tseg (khiav pov tseg nrog tus chij "-L") nrog cov ntsiab lus ntawm mounted UFS cov ntaub ntawv kaw lus thaum sau ntawv tau qhib. Ib qho ntawm cov yam ntxwv uas tsis muaj nyob rau thaum siv kev txiav tawm yog kev ua haujlwm tom qab ntawm kev kuaj xyuas kev ncaj ncees siv fsck utility.
  • Cov ntsiab lus tseem ceeb suav nrog wg tsav tsheb ua haujlwm ntawm qib ntsiav nrog kev siv lub network interface rau VPN WireGuard. Txhawm rau siv cov cryptographic algorithms xav tau los ntawm tus neeg tsav tsheb, API ntawm FreeBSD kernel crypto-subsystem tau txuas ntxiv, uas muaj cov hlua txuas ntxiv uas tso cai rau kev siv cov algorithms los ntawm lub tsev qiv ntawv libsodium uas tsis txhawb nqa hauv FreeBSD los ntawm tus qauv crypto-API. . Thaum lub sijhawm kev txhim kho, kev ua kom zoo dua qub kuj tau ua kom sib npaug sib npaug ntawm kev sib txuas ntawm pob ntawv encryption thiab decryption cov haujlwm rau CPU cores, uas txo cov nyiaj siv ua haujlwm thaum ua cov pob ntawv WireGuard.

    Qhov kev sim zaum kawg suav nrog WireGuard hauv FreeBSD tau ua rau xyoo 2020, tab sis tau xaus rau hauv kev tsis txaus ntseeg, vim tias cov cai uas twb tau ntxiv lawm raug tshem tawm vim qhov tsis zoo, tsis ua haujlwm tsis zoo nrog buffers, siv cov stubs es tsis siv cov tshev, ua tsis tiav. ntawm cov txheej txheem thiab ua txhaum GPL daim ntawv tso cai. Qhov kev siv tshiab no tau koom ua ke los ntawm pawg FreeBSD thiab WireGuard kev txhim kho, nrog kev koom tes los ntawm Jason A. Donenfeld, tus sau VPN WireGuard, thiab John H. Baldwin, tus tsim tawm FreeBSD renowned. Kev tshuaj xyuas tag nrho ntawm cov kev hloov pauv tau ua nrog kev txhawb nqa ntawm FreeBSD Foundation ua ntej tau txais tsab cai tshiab.

  • Kev them nyiaj yug rau Netlink kev sib txuas lus raws tu qauv (RFC 3549), siv hauv Linux los teeb tsa kev sib cuam tshuam ntawm cov ntsiav nrog cov txheej txheem hauv cov neeg siv qhov chaw, tau ua tiav. Txoj haujlwm no tsuas yog txhawb nqa NETLINK_ROUTE tsev neeg ntawm kev ua haujlwm rau kev tswj hwm lub xeev ntawm lub network subsystem hauv cov ntsiav, uas tso cai rau FreeBSD siv Linux ip utility los ntawm iproute2 pob los tswj kev sib txuas hauv network, teeb tsa IP chaw nyob, teeb tsa kev teeb tsa thiab tswj kev ua haujlwm tom ntej. cov khoom uas khaws cov ntaub ntawv hauv xeev siv rau kev xa cov pob ntawv mus rau qhov chaw uas xav tau.
  • Txhua lub hauv paus system executables ntawm 64-ntsis platforms muaj Chaw Nyob Chaw Layout Randomization (ASLR) enabled los ntawm lub neej ntawd. Txhawm rau xaiv lov tes taw ASLR, koj tuaj yeem siv cov lus txib "proccontrol -m aslr -s disable" lossis "elfctl -e +noaslr".
  • Hauv ipfw, cov ntxhuav radix yog siv los saib MAC chaw nyob, uas tso cai rau koj los tsim cov ntxhuav nrog MAC chaw nyob thiab siv lawv los lim tsheb. Piv txwv li: ipfw rooj 1 tsim hom mac ipfw rooj 1 ntxiv 11:22:33:44:55:66/48 ipfw ntxiv skipto tablearg src-mac 'table(1)' ipfw ntxiv tsis kam src-mac 'table(1, 100 )' ipfw add deny lookup dst-mac 1
  • Kernel modules dpdk_lpm4 thiab dpdk_lpm6 tau ntxiv thiab muaj rau kev thauj khoom ntawm loader.conf nrog rau kev siv DIR-24-8 txoj kev tshawb nrhiav algorithm rau IPv4 / IPv6, uas tso cai rau koj los txhim kho kev ua haujlwm rau cov tswv nrog cov rooj sib tham loj heev ( Hauv kev ntsuam xyuas, qhov nce nrawm ntawm 25 yog pom %). Txhawm rau teeb tsa cov qauv, cov txheej txheem kev siv hluav taws xob tuaj yeem siv tau (qhov kev xaiv FIB_ALGO tau ntxiv).
  • ZFS cov ntaub ntawv siv tau raug hloov kho kom tso tawm OpenZFS 2.1.9. Zfskeys startup tsab ntawv muab tsis siv neeg thauj khoom ntawm cov yuam sij khaws cia hauv ZFS cov ntaub ntawv kaw lus. Ntxiv RC tsab ntawv tshiab zpoolreguid los muab GUID rau ib lossis ntau zpools (xws li pab tau rau cov ntaub ntawv sib koom virtualization ib puag ncig).
  • Lub Bhyve hypervisor thiab vmm module txhawb nqa ntau tshaj 15 virtual CPUs rau cov qhua system (tswj ntawm sysctl hw.vmm.maxcpu). Lub bhyve utility siv emulation ntawm virtio-input ntaus ntawv, uas koj muaj peev xwm hloov keyboard thiab nas input txheej xwm rau hauv cov qhua system.
  • Hauv KTLS, kev siv TLS raws tu qauv khiav ntawm FreeBSD kernel qib, kev txhawb nqa rau kho vajtse acceleration ntawm TLS 1.3 tau ntxiv los ntawm kev tshem tawm qee qhov haujlwm ntsig txog kev ua cov pob khoom nkag mus rau hauv daim npav network. Yav dhau los, qhov zoo sib xws tau muaj rau TLS 1.1 thiab TLS 1.2.
  • Nyob rau hauv cov ntawv pib pib loj hlob, thaum nthuav tawm cov ntaub ntawv hauv paus, nws muaj peev xwm ntxiv qhov sib pauv muab faib yog tias qhov kev faib tawm no tau pib ploj lawm (piv txwv li, muaj txiaj ntsig zoo thaum txhim kho cov duab npaj ua tiav ntawm SD card). Txhawm rau tswj qhov sib pauv loj, ib qho kev ntsuas tshiab growfs_swap_size tau ntxiv rau rc.conf.
  • Tus hostid startup tsab ntawv ua kom ntseeg tau tias qhov random UUID yog tsim yog tias cov ntaub ntawv /etc/hostid ploj lawm thiab UUID tsis tuaj yeem tau txais los ntawm kho vajtse. Kuj tseem ntxiv cov ntaub ntawv /etc/machine-id nrog cov sawv cev ntawm tus tswv tsev ID (tsis muaj hyphens).
  • Lub defaultrouter_fibN thiab ipv6_defaultrouter_fibN hloov pauv tau ntxiv rau rc.conf, los ntawm qhov uas koj tuaj yeem ntxiv txoj hauv kev rau FIB cov rooj uas tsis yog thawj qhov.
  • Kev them nyiaj yug rau SHA-512/224 hashes tau ntxiv rau lub tsev qiv ntawv libmd.
  • Lub tsev qiv ntawv pthread muab kev txhawb nqa rau cov ntsiab lus ntawm cov haujlwm siv hauv Linux.
  • Ntxiv kev txhawb nqa rau kev txiav txim siab Linux system hu rau kdump. Ntxiv kev txhawb nqa rau Linux-style system hu tracing rau kdump thiab sysdecode.
  • Tam sim no killall utility muaj peev xwm xa cov teeb liab mus rau cov txheej txheem khi rau ib lub davhlau ya nyob twg (piv txwv li, "killall -t pts / 1").
  • Ntxiv nproc cov nqi hluav taws xob los tso saib cov lej ntawm kev suav cov blocks muaj rau cov txheej txheem tam sim no.
  • Kev them nyiaj yug rau kev txiav txim siab ACS (Access Control Services) tsis tau ntxiv rau cov khoom siv pciconf.
  • SPLIT_KERNEL_DEBUG qhov chaw tau ntxiv rau cov ntsiav, uas tso cai rau koj khaws cov ntaub ntawv debugging rau cov kernel thiab kernel modules hauv cov ntaub ntawv sib cais.
  • Lub Linux ABI yuav luag tiav nrog kev txhawb nqa rau vDSO (virtual dynamic share objects) mechanism, uas muab cov txheej txheem txwv tsis pub muaj nyob hauv cov neeg siv qhov chaw tsis muaj cov ntsiab lus hloov pauv. Linux ABI ntawm ARM64 systems tau raug coj los sib piv nrog rau kev siv rau AMD64 architecture.
  • Txhim kho kho vajtse txhawb. Ntxiv kev saib xyuas kev ua tau zoo (hwpmc) txhawb rau Intel Alder Lake CPUs. Tus tsav tsheb iwlwifi rau Intel wireless phaib tau hloov kho nrog kev txhawb nqa rau cov chips tshiab thiab tus qauv 802.11ac. Ntxiv rtw88 tsav tsheb rau Realtek wireless phaib nrog PCI interface. Lub peev xwm ntawm linuxkpi txheej tau nthuav dav siv nrog Linux tsav tsheb hauv FreeBSD.
  • Lub tsev qiv ntawv OpenSSL tau hloov kho mus rau version 1.1.1t, LLVM/Slang rau version 14.0.5, thiab SSH server thiab cov neeg siv tau raug hloov kho rau OpenSSH 9.2p1 (qhov yav dhau los version siv OpenSSH 8.8p1). Kuj tseem hloov kho yog versions bc 6.2.4, expat 2.5.0, file 5.43, tsawg 608, libarchive 3.6.2, sendmail 8.17.1, sqlite 3.40.1, unbound 1.17.1, zlib 1.2.13.

Tsis tas li ntawd, nws tau tshaj tawm tias, pib nrog FreeBSD 14.0 ceg, ib zaug passwords OPIE, ce thiab cp tsav tsheb, tsav tsheb rau ISA phaib, kev sib koom ua ke thiab minigzip utilities, ATM Cheebtsam hauv netgraph (NgATM), telnetd keeb kwm txheej txheem thiab cov VINUM chav kawm hauv geom.

Tau qhov twg los: opennet.ru

Ntxiv ib saib