Pa FreeBSD kusatetezeka zisanu, kuphatikiza zovuta zomwe zingapangitse kuti data ikhale yocheperako potumiza mapaketi ena a netiweki kapena kulola wogwiritsa ntchito wamba kuti awonjezere mwayi wawo. Zofookazo zidakhazikika pazosintha 12.1-RELEASE-p5 ndi 11.3-RELEASE-p9.
Chiwopsezo chowopsa kwambiri () zimayamba chifukwa cha kusowa kwa paketi yoyenera kuyang'ana mulaibulale ya libalias popanga mitu yokhudzana ndi protocol. Laibulale ya libalias imagwiritsidwa ntchito muzosefera paketi ya ipfw pomasulira maadiresi ndipo imaphatikizanso ntchito zofananira zosintha ma adilesi mu mapaketi a IP ndi ma protocol. Chiwopsezochi chimalola, potumiza paketi ya netiweki yopangidwa mwapadera, kuti iwerenge kapena kulemba deta mdera la kukumbukira kernel (pogwiritsa ntchito kukhazikitsa NAT mu kernel) kapena kukonza.
natd (ngati mukugwiritsa ntchito malo ogwiritsira ntchito NAT). Vutoli silikhudza masanjidwe a NAT opangidwa pogwiritsa ntchito zosefera pakiti za pf ndi ipf, kapena masinthidwe a ipfw omwe sagwiritsa ntchito NAT.
Zofooka zina:
- - Chiwopsezo china chogwiritsidwa ntchito patali mu libalias chokhudzana ndi kuwerengera kolakwika kwa paketi mu chogwirizira cha FTP. Vuto limangokhala pakutulutsa zomwe zili mu ma byte angapo a data kuchokera kudera la kernel memory kapena natd process.
- - chiwopsezo mu gawo la cryptodev chifukwa chofikira malo okumbukira omwe adamasulidwa kale (kugwiritsa ntchito kwaulere), ndikuloleza njira yopanda pake kuti ilembetse madera osagwirizana a kernel memory. Monga njira yoletsera chiwopsezo, tikulimbikitsidwa kutsitsa gawo la cryptodev ndi lamulo la "kldunload cryptodev" ngati lidakwezedwa (cryptdev siyimayikidwa mwachisawawa). Gawo la cryptodev limapatsa ogwiritsa ntchito mwayi wogwiritsa ntchito / dev/crypto kuti athe kupeza magwiridwe antchito amtundu wa hardware (/dev/crypto sagwiritsidwa ntchito mu AES-NI ndi OpenSSL).
- - chiwopsezo chachiwiri mu cryptodev, chomwe chimalola wogwiritsa ntchito mopanda mwayi kuyambitsa kuwonongeka kwa kernel potumiza pempho kuti achite ntchito ya cryptographic ndi MAC yolakwika. Vutoli limayamba chifukwa chosowa kuyang'ana kukula kwa kiyi ya MAC pogawa buffer kuti isungidwe (chosungiracho chidapangidwa kutengera kukula kwazomwe amaperekedwa ndi ogwiritsa ntchito, osayang'ana kukula kwake).
- - chiwopsezo pakukhazikitsa protocol ya SCTP (Stream Control Transmission Protocol) chifukwa cha kutsimikizira kolakwika kwa kiyi yogawana yomwe imagwiritsidwa ntchito ndi kuwonjezera kwa SCTP-AUTH kutsimikizira kutsata kwa SCTP. Pulogalamu yakomweko imatha kusinthira makiyi kudzera pa Socket API ndikuyimitsa nthawi yomweyo kulumikizana kwa SCTP, zomwe zimabweretsa mwayi wofikira kumalo okumbukira omwe adamasulidwa kale (kugwiritsa ntchito-kwaulere).
Source: opennet.ru