Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa FreeBSD 13.2 ndi thandizo la Netlink ndi WireGuard

Kutulutsidwa kwa FreeBSD 13.2 ndi thandizo la Netlink ndi WireGuard

Pambuyo pa miyezi 11 yachitukuko, FreeBSD 13.2 yatulutsidwa. Zithunzi zoyika zimapangidwira amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64 ndi riscv64 zomangamanga. Kuphatikiza apo, misonkhano ikuluikulu yakonzedwa kuti ikhale ndi machitidwe owonera (QCOW2, VHD, VMDK, yaiwisi) ndi malo amtambo Amazon EC2, Google Compute Engine ndi Vagrant.

Zosintha zazikulu:

  • Kutha kupanga zithunzithunzi zamafayilo a UFS ndi FFS okhala ndi mitengo yololedwa (zosintha zofewa) zakhazikitsidwa. Kuthandiziranso kupulumutsa kumbuyo kwa zinyalala (kutaya zotayira ndi "-L" mbendera) ndi zomwe zili mumafayilo a UFS omwe adayikidwa pomwe zolemba zimayatsidwa. Chimodzi mwazinthu zomwe sizipezeka mukamagwiritsa ntchito kudula mitengo ndikuwunika kumbuyo kwa umphumphu pogwiritsa ntchito fsck utility.
  • Zomwe zimapangidwira zikuphatikiza dalaivala wa wg yemwe amagwira ntchito pamlingo wa kernel ndikukhazikitsa mawonekedwe a netiweki a VPN WireGuard. Kuti mugwiritse ntchito ma algorithms a cryptographic omwe dalaivala amafunikira, API ya FreeBSD kernel crypto-subsystem idawonjezeredwa, pomwe zida zidawonjezeredwa zomwe zimalola kugwiritsa ntchito ma algorithms kuchokera ku library ya libsodium zomwe sizikuthandizidwa mu FreeBSD kudzera mu crypto-API yokhazikika. . Panthawi yachitukuko, kukhathamiritsa kunkachitikanso kuti pakhale kulinganiza kumangirira kwa paketi kubisa ndi kubisa ntchito ku CPU cores, zomwe zidachepetsa kupitilira apo pokonza mapaketi a WireGuard.

    Kuyesera komaliza kuphatikizira WireGuard mu FreeBSD kudapangidwa mu 2020, koma kudachitika mwamanyazi, chifukwa chake code yomwe idawonjezedwa kale idachotsedwa chifukwa chotsika, ntchito yosasamala yokhala ndi ma buffers, kugwiritsa ntchito ma stubs m'malo mwa macheke, kukhazikitsidwa kosakwanira. za protocol ndi kuphwanya layisensi ya GPL. Kukhazikitsidwa kwatsopanoku kunakonzedwa pamodzi ndi magulu a chitukuko cha FreeBSD ndi WireGuard, ndi zopereka kuchokera kwa Jason A. Donenfeld, wolemba VPN WireGuard, ndi John H. Baldwin, wotchuka wa FreeBSD. Kuwunikira kwathunthu kwa zosinthazi kunachitika mothandizidwa ndi FreeBSD Foundation code isanavomerezedwe.

  • Thandizo la Netlink communication protocol (RFC 3549), yomwe imagwiritsidwa ntchito ku Linux kukonza kuyanjana kwa kernel ndi njira mu malo ogwiritsira ntchito, yakhazikitsidwa. Pulojekitiyi imangokhala yothandizira banja la NETLINK_ROUTE loyang'anira momwe ma netiweki amagwirira ntchito mu kernel, zomwe zimalola FreeBSD kugwiritsa ntchito Linux ip utility kuchokera pa iproute2 phukusi kuyang'anira ma network, kukhazikitsa ma adilesi a IP, kukonza njira ndikuwongolera nexthop. zinthu zomwe zimasunga zomwe boma limagwiritsa ntchito potumiza paketi kupita komwe mukufuna.
  • Zonse zokhazikitsidwa pamapulatifomu a 64-bit zili ndi Address Space Layout Randomization (ASLR) yoyatsidwa mwachisawawa. Kuti mulepheretse ASLR, mutha kugwiritsa ntchito malamulo oti "proccontrol -m aslr -s disable" kapena "elfctl -e +noaslr".
  • Mu ipfw, matebulo a radix amagwiritsidwa ntchito kuyang'ana ma adilesi a MAC, omwe amakulolani kupanga matebulo okhala ndi ma adilesi a MAC ndikuwagwiritsa ntchito kusefa magalimoto. Mwachitsanzo: ipfw tebulo 1 pangani mtundu wa mac ipfw tebulo 1 onjezerani 11:22:33:44:55:66/48 ipfw onjezerani skipto tablearg src-mac 'table(1)' ipfw add deny src-mac 'table(1, 100 )' ipfw onjezerani kukana kuyang'ana dst-mac 1
  • Kernel modules dpdk_lpm4 ndi dpdk_lpm6 awonjezedwa ndipo akupezeka kuti alowetse kudzera pa loader.conf ndi kukhazikitsa DIR-24-8 njira yofufuzira njira ya IPv4/IPv6, yomwe imakulolani kukhathamiritsa ntchito zoyendetsera makamu okhala ndi matebulo akulu kwambiri ( m'mayeso, kuthamanga kwa 25 kumawonedwa %). Kuti mukonze ma module, njira yokhazikika ingagwiritsidwe ntchito (njira ya FIB_ALGO yawonjezedwa).
  • Kukhazikitsa mafayilo a ZFS kwasinthidwa kuti amasule OpenZFS 2.1.9. Zolemba zoyambira za zfkeys zimapereka makiyi okhazikika omwe amasungidwa mu fayilo ya ZFS. Anawonjezera RC script zpoolreguid kuti apereke GUID ku zpools imodzi kapena zingapo (mwachitsanzo, zothandiza pazogawana za data).
  • The Bhyve hypervisor ndi chithandizo cha vmm module chophatikizira ma CPU pafupifupi 15 ku dongosolo la alendo (loyendetsedwa kudzera pa sysctl hw.vmm.maxcpu). Bungwe la bhyve limagwiritsa ntchito kutengera kachipangizo ka virtio-input, momwe mungasinthire zochitika za kiyibodi ndi mbewa m'gulu la alendo.
  • Ku KTLS, kukhazikitsidwa kwa protocol ya TLS yomwe ikuyenda pamlingo wa FreeBSD kernel, kuthandizira kuthamangitsa kwa hardware kwa TLS 1.3 kwawonjezedwa ndikutsitsa ntchito zina zokhudzana ndi kukonza mapaketi omwe akubwera ku netiweki. M'mbuyomu, mawonekedwe ofananawo analipo kwa TLS 1.1 ndi TLS 1.2.
  • Muzolemba zoyambira za growfs, mukakulitsa mizu yamafayilo, ndizotheka kuwonjezera magawo osinthana ngati kugawa kotereku kunali kosowa (mwachitsanzo, kothandiza pakuyika chithunzi chokonzekera pa khadi la SD). Kuti muwongolere kukula kwa kusinthana, gawo latsopano growfs_swap_size wawonjezedwa ku rc.conf.
  • Zolemba zoyambira zoyambira zimatsimikizira kuti UUID yachisawawa imapangidwa ngati fayilo / etc/hostid ikusowa ndipo UUID singapezeke kuchokera ku hardware. Anawonjezeranso fayilo /etc/machine-id yokhala ndi chiwonetsero chophatikizika cha ID yolandila (palibe ma hyphens).
  • Zosintha za defaultrouter_fibN ndi ipv6_defaultrouter_fibN zawonjezedwa ku rc.conf, momwe mungawonjezere njira zosasinthika kumatebulo a FIB kupatula oyambawo.
  • Thandizo la SHA-512/224 hashes lawonjezeredwa ku library ya libmd.
  • Laibulale ya pthread imapereka chithandizo cha semantics ya ntchito zomwe zimagwiritsidwa ntchito mu Linux.
  • Thandizo lowonjezera pakuyika makina a Linux ku kdump. Thandizo lowonjezera la machitidwe a Linux kutsata kuyimba kwa kdump ndi sysdecode.
  • Killall utility tsopano imatha kutumiza chizindikiro kumakina omwe amamangidwa kumalo enaake (mwachitsanzo, "killall -t pts/1").
  • Zowonjezera nproc kuti muwonetse kuchuluka kwa ma block block omwe akupezeka pazomwe zikuchitika.
  • Thandizo la decoding ACS (Access Control Services) lawonjezeredwa ku pciconf utility.
  • Mapangidwe a SPLIT_KERNEL_DEBUG awonjezedwa ku kernel, zomwe zimakupatsani mwayi wosunga zosintha za ma module a kernel ndi kernel m'mafayilo osiyana.
  • Linux ABI yatsala pang'ono kutha ndi chithandizo cha vDSO (zinthu zomwe zimagawana nawo), zomwe zimapereka ma foni ochepa omwe amapezeka pamalo ogwiritsira ntchito osasintha. Linux ABI pamakina a ARM64 abweretsedwa kuti agwirizane ndi kukhazikitsidwa kwa zomangamanga za AMD64.
  • Kupititsa patsogolo chithandizo cha hardware. Thandizo lowonjezera la magwiridwe antchito (hwpmc) la Intel Alder Lake CPUs. Dalaivala wa iwlwifi wa makadi opanda zingwe a Intel wasinthidwa ndi chithandizo cha tchipisi chatsopano ndi muyezo wa 802.11ac. Wowonjezera rtw88 woyendetsa wamakhadi opanda zingwe a Realtek okhala ndi mawonekedwe a PCI. Kuthekera kwa wosanjikiza wa linuxkpi wawonjezedwa kuti agwiritsidwe ntchito ndi madalaivala a Linux mu FreeBSD.
  • Laibulale ya OpenSSL yasinthidwa kukhala 1.1.1t, LLVM/Π‘lang kukhala 14.0.5, ndipo seva ya SSH ndi kasitomala zasinthidwa kukhala OpenSSH 9.2p1 (mtundu wakale udagwiritsa ntchito OpenSSH 8.8p1). Zosinthidwanso ndi mitundu ya bc 6.2.4, expat 2.5.0, fayilo 5.43, zochepa 608, libarchive 3.6.2, sendmail 8.17.1, sqlite 3.40.1, unbound 1.17.1, zlib 1.2.13.

Kuphatikiza apo, zalengezedwa kuti, kuyambira ndi nthambi ya FreeBSD 14.0, mapasiwedi anthawi imodzi OPIE, madalaivala a ce ndi cp, oyendetsa makhadi a ISA, zida za mergemaster ndi minigzip, zida za ATM mu netgraph (NgATM), njira yakumbuyo ya telnetd ndi Gulu la VINUM mu geom.

Source: opennet.ru

Kuwonjezera ndemanga