ProHoster > Блог > ozi ịntanetị > FreeBSD 13.2 nwere nkwado Netlink na WireGuard

FreeBSD 13.2 nwere nkwado Netlink na WireGuard

Mgbe ọnwa 11 nke mmepe gachara, ewepụtala FreeBSD 13.2. Emepụtara onyonyo nwụnye maka amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64 na riscv64 architectures. Na mgbakwunye, akwadola mgbakọ maka sistemụ arụmọrụ (QCOW2, VHD, VMDK, raw) na gburugburu igwe ojii Amazon EC2, Google Compute Engine na Vagrant.

Mgbanwe isi:

  • Emejuputala ikike imepụta snapshots nke sistemu faịlụ UFS na FFS nwere ike itinye osisi (mmelite dị nro). Agbakwunyekwara nkwado maka nchekwa ndabere nke mkpofu (nwụfu na-eji ọkọlọtọ “-L”) yana ọdịnaya nke sistemụ faịlụ UFS etinyegoro mgbe agbanyere akwụkwọ akụkọ. Otu n'ime njirimara ndị na-adịghị mgbe ị na-eji osisi bụ n'azụ mkpegharị nke iguzosi ike n'ezi ihe site na iji fsck utility.
  • Ihe mejupụtara ya gụnyere onye ọkwọ ụgbọ ala wg na-arụ ọrụ na ọkwa kernel yana mmejuputa ihe ntanetị maka VPN WireGuard. Iji jiri algọridim cryptographic nke onye ọkwọ ụgbọ ala chọrọ, agbatịkwuru API nke FreeBSD kernel crypto-subsystem, nke etinyere ihe nkedo nke na-enye ohere iji algọridim sitere na ọba akwụkwọ libsodium na-akwadoghị na FreeBSD site na ọkọlọtọ crypto-API. . N'oge usoro mmepe, a na-arụkwa njikarịcha nke ọma iji dozie njide nke nzuzo nzuzo na ọrụ decryption na cores CPU, bụ nke belatara elu mgbe ị na-ahazi ngwugwu WireGuard.

    Mgbalị ikpeazụ itinye WireGuard na FreeBSD mere na 2020, mana ọ kwụsịrị na asịrị, n'ihi nke a wepụrụ koodu agbakwunyere n'ihi ịdị mma dị ala, ọrụ enweghị nlezianya na ndị na-echekwa ihe, iji stubs kama nyocha, mmejuputa ezughị ezu. nke protocol na imebi ikike GPL. Ndị isi FreeBSD na ndị otu mmepe WireGuard kwadoro mmemme ọhụrụ a, yana onyinye sitere na Jason A. Donenfeld, onye ode akwụkwọ VPN WireGuard, na John H. Baldwin, onye nrụpụta FreeBSD ama ama. Emere nyocha zuru oke nke mgbanwe ndị a site na nkwado nke FreeBSD Foundation tupu anabata koodu ọhụrụ ahụ.

  • Nkwado maka usoro nkwurịta okwu Netlink (RFC 3549), eji na Linux iji hazie mmekọrịta nke kernel na usoro na oghere onye ọrụ, emejuputala. Ọrụ a bụ naanị ịkwado ezinụlọ NETLINK_ROUTE nke arụ ọrụ maka ijikwa steeti subsystem nke netwọkụ na kernel, nke na-enye ohere FreeBSD iji Linux ip utility sitere na ngwugwu iproute2 iji jikwaa oghere netwọkụ, tọọ adreesị IP, hazie ụzọ na ijikwa nexthop. ihe na-echekwa data steeti ejiri maka ibufe ngwugwu gaa ebe achọrọ.
  • Sistemụ ntọala niile arụ ọrụ na nyiwe 64-bit nwere Adreesị Space Layout Randomization (ASLR) nyere na ndabara. Iji gbanyụọ ASLR, ị nwere ike iji iwu "proccontrol -m aslr -s disable" ma ọ bụ "elfctl -e +noaslr".
  • Na ipfw, a na-eji tebụl radix chọpụta adreesị MAC, nke na-enye gị ohere ịmepụta tebụl na adreesị MAC ma jiri ya nyochaa okporo ụzọ. Dịka ọmụmaatụ: ipfw table 1 mepụta ụdị mac ipfw table 1 tinye 11:22:33:44:55:66/48 ipfw tinye skipto tablearg src-mac 'table (1)' ipfw tinye deny src-mac 'tebụl (1, 100) ipfw tinye deny searchup dst-mac 1
  • Agbakwunyere modul kernel dpdk_lpm4 na dpdk_lpm6 ma dị maka nbudata site na loader.conf na mmejuputa usoro nchọta ụzọ DIR-24-8 maka IPv4/IPv6, nke na-enye gị ohere ịkwalite ọrụ ntụgharị maka ndị ọbịa nwere tebụl ntụgharị buru ibu ( na ule, a na-ahụ mmụba ọsọ nke 25%). Iji hazie modul, enwere ike iji ọrụ okporo ụzọ ọkọlọtọ (agbakwunyere nhọrọ FIB_ALGO).
  • Emelitela mmejuputa sistemụ faịlụ ZFS iji wepụta OpenZFS 2.1.9. Edemede mmalite zfskey na-enye ntinye igodo akpaka echekwara na sistemụ faịlụ ZFS. Agbakwunyere zpoolreguid script RC ọhụrụ iji kenye GUID n'otu zpools ma ọ bụ karịa (dịka ọ bara uru maka gburugburu ebe nchekwa data nkekọrịtara).
  • Bhyve hypervisor na vmm modul na-akwado itinye ihe karịrị 15 mebere CPUs na sistemụ ndị ọbịa (usoro sysctl hw.vmm.maxcpu). Ngwa bhyve na-eme emume emume emume nke ngwaọrụ ntinye virtio, nke ị nwere ike iji dochie ihe omume ndenye ahụigodo na òké n'ime sistemụ ndị ọbịa.
  • Na KTLS, mmejuputa iwu TLS na-agba ọsọ na ọkwa kernel FreeBSD, agbakwunyere nkwado maka ngwaike ngwaike nke TLS 1.3 site na iwepu ọrụ ụfọdụ metụtara nhazi ngwugwu ezoro ezo na-abata na kaadị netwọkụ. Na mbụ, ihe yiri ya dị maka TLS 1.1 na TLS 1.2.
  • N'ime edemede mmalite nke growfs, mgbe ị na-agbasa sistemụ faịlụ mgbọrọgwụ, ọ ga-ekwe omume ịgbakwunye nkebi swap ma ọ bụrụ na nkebi dị otú ahụ na-efu na mbụ (dịka ọmụmaatụ, bara uru mgbe ị na-etinye ihe oyiyi sistemụ emebere na kaadị SD). Iji jikwaa nha swap, agbakwunyela oke ọhụrụ growfs_swap_size na rc.conf.
  • Edemede mmalite nnabata nnabata na-ahụ na ewepụtara UUID enweghị usoro ma ọ bụrụ na faịlụ /etc/hostid na-efu na enweghị ike nweta UUID na ngwaike. Agbakwunyekwara faịlụ /etc/igwe-id nwere kọmpat nnọchite anya ID nnabata (enweghị hyphens).
  • Agbakwunyela mgbanwe defaultrouter_fibN na ipv6_defaultrouter_fibN na rc.conf, site na nke ị nwere ike tinye ụzọ ndabara na tebụl FIB na-abụghị nke mbụ.
  • Agbakwunyela nkwado maka hashes SHA-512/224 na ọba akwụkwọ libmd.
  • Ọbá akwụkwọ pthread na-enye nkwado maka semantics nke ọrụ ejiri na Linux.
  • Nkwado agbakwunyere maka ngbanwe oku sistemụ Linux na kdump. Nkwado agbakwunyere maka usoro ịkpọ oku ụdị Linux na kdump na sysdecode.
  • Utility killall ugbu a nwere ikike izipu mgbaama na usoro ejikọtara na ọnụ ọnụ (dịka ọmụmaatụ, “killall -t pts/1”).
  • agbakwunyere nproc utility iji gosipụta ọnụọgụ nke ngọngọ mgbako dị na usoro dị ugbu a.
  • agbakwunyela nkwado maka decoding ACS (Access Control Services) paramita na ngwa pciconf.
  • Agbakwunyela ntọala SPLIT_KERNEL_DEBUG na kernel, nke na-enye gị ohere ịchekwa ozi nbipu maka kernel na modul kernel na faịlụ dị iche iche.
  • Linux ABI fọrọ nke nta ka ọ zuo oke site na nkwado maka usoro vDSO (virtual dynamic shared things), nke na-enye obere oku sistemụ dị na oghere onye ọrụ na-enweghị ntụgharị gburugburu. E wetala Linux ABI na sistemụ ARM64 na mmejuputa ya maka ihe owuwu AMD64.
  • Nkwado ngwaike emelitere. Nkwado arụmọrụ agbakwunyere (hwpmc) maka Intel Alder Lake CPUs. Emelitela onye ọkwọ ụgbọ ala iwlwifi maka kaadị ikuku Intel site na nkwado maka ibe ọhụrụ yana ọkọlọtọ 802.11ac. agbakwunyere ọkwọ ụgbọ ala rtw88 maka kaadị ikuku Realtek nwere interface PCI. A gbasaala ike nke oyi akwa linuxkpi maka iji ndị ọkwọ ụgbọala Linux na FreeBSD.
  • Emelitela ọba akwụkwọ OpenSSL ka ọ bụrụ ụdị 1.1.1t, LLVM/Clang ruo ụdị 14.0.5, emelitela sava SSH na onye ahịa ka OpenSSH 9.2p1 (ụdị gara aga ejiri OpenSSH 8.8p1). A na-emelitekwa ụdị bc 6.2.4, expat 2.5.0, faịlụ 5.43, obere 608, libarchive 3.6.2, sendmail 8.17.1, sqlite 3.40.1, unbound 1.17.1, zlib 1.2.13.

Ọzọkwa, a mara ọkwa na, malite na FreeBSD 14.0 alaka, otu oge okwuntughe OPIE, ce na cp ọkwọ ụgbọala, ọkwọ ụgbọala maka ISA kaadị, mergemaster na minigzip utilities, ATM components in netgraph (NgATM), telnetd ndabere usoro na Klas VINUM na geom.

isi: opennet.ru

Tinye a comment