Kutulutsidwa kwatsopano kofunikira kwa kugawa kwa OpenWrt 21.02.0 kwayambika, komwe kumagwiritsidwa ntchito pazida zosiyanasiyana zama netiweki monga ma rauta, masiwichi ndi malo olowera. OpenWrt imathandizira mapulatifomu osiyanasiyana ndi zomangamanga ndipo ili ndi dongosolo la msonkhano lomwe limalola kuphatikizika kosavuta komanso kosavuta, kuphatikiza magawo osiyanasiyana pamisonkhano, zomwe zimapangitsa kuti zikhale zosavuta kupanga fimuweya yokonzeka kapena chithunzi cha disk chokhala ndi seti yofunikira ya pre-. mapaketi oikidwa osinthidwa kuti agwire ntchito zinazake. Misonkhano imapangidwira nsanja 36 zomwe mukufuna.
Zina mwa zosintha mu OpenWrt 21.02.0 zotsatirazi ndizodziwika:
- Zofunikira zochepa za hardware zawonjezeka mu kapangidwe kake kokhazikika chifukwa cha kuphatikizidwa kwa ma kernel subsystem ena. Linux OpenWrt tsopano ikufuna chipangizo chokhala ndi 8 MB ya flash memory ndi 64 MB ya RAM. Mutha kupangabe kapangidwe kanu komwe kadzagwiritsidwa ntchito pazida zokhala ndi 4 MB ya flash memory ndi 32 MB ya RAM, koma magwiridwe antchito ake adzakhala ochepa ndipo kukhazikika sikutsimikizika.
- Phukusi loyambira limaphatikizapo phukusi lothandizira ukadaulo wa chitetezo chamtaneti wa WPA3, womwe umapezeka mwachisawawa pogwira ntchito yamakasitomala komanso popanga malo ofikira. WPA3 imapereka chitetezo ku kulosera kwa mawu achinsinsi (sizingalole kulosera mawu achinsinsi pa intaneti) ndipo imagwiritsa ntchito protocol yotsimikizira ya SAE. Kutha kugwiritsa ntchito WPA3 kumaperekedwa m'madalaivala ambiri pazida zopanda zingwe.
- Phukusi loyambira limaphatikizapo chithandizo cha TLS ndi HTTPS mwachisawawa, chomwe chimakupatsani mwayi wofikira mawonekedwe a Webusaiti ya LuCI pa HTTPS ndikugwiritsa ntchito zida monga wget ndi opkg kuti mutengenso zambiri pamakina olumikizirana obisidwa. Ma seva omwe mapaketi amatsitsidwa kudzera pa opkg amagawidwa amasinthidwanso kutumiza zidziwitso kudzera pa HTTPS mwachisawawa. Laibulale ya mbedTLS yomwe imagwiritsidwa ntchito pobisalira yasinthidwa ndi wolfSSL (ngati kuli kofunikira, mutha kukhazikitsa pamanja malaibulale a mbedTLS ndi OpenSSL, omwe akupitiliza kuperekedwa ngati zosankha). Kukonzekera kutumiza ku HTTPS, mawonekedwe apaintaneti amapereka mwayi "uhttpd.main.redirect_https=1".
- Thandizo loyambirira lakhazikitsidwa ku DSA (Distributed Switch Architecture) kernel subsystem, yomwe imapereka zida zosinthira ndi kuyang'anira ma cascades a ma switch olumikizidwa a Ethernet, pogwiritsa ntchito njira zomwe zimagwiritsidwa ntchito pokonza ma network okhazikika (iproute2, ifconfig). DSA ikhoza kugwiritsidwa ntchito kukonza madoko ndi ma VLAN m'malo mwa chida cha swconfig chomwe chinaperekedwa kale, koma si madalaivala onse omwe amathandizira DSA panobe. Pakutulutsidwa komwe akufuna, DSA imathandizidwa ndi ath79 (TP-Link TL-WR941ND), bcm4908, gemini, kirkwood, mediatek, mvebu, octeon, ramips (mt7621) ndi madalaivala a realtek.
- Zosintha zapangidwa ku syntax ya mafayilo osinthika omwe ali mu /etc/config/network. Mu "config interface" block, njira ya "ifname" yasinthidwa kukhala "chipangizo", ndipo mu "config device" block, "mlatho" ndi "ifname" zosankha zasinthidwa kukhala "madoko". Pakuyika kwatsopano, mafayilo osiyana okhala ndi zoikamo pazida (wosanjikiza 2, block "config device") ndi ma network (wosanjikiza 3, "config interface" block) tsopano apangidwa. Kusunga kugwirizana kumbuyo, kuthandizira kwa syntax yakale kumasungidwa, i.e. makonda omwe adapangidwa kale safuna kusintha. Pankhaniyi, mu mawonekedwe a intaneti, ngati mawu akale apezeka, malingaliro osamukira ku syntax yatsopano adzawonetsedwa, zomwe ndizofunikira kusintha zosintha kudzera pa intaneti.
Chitsanzo cha syntax yatsopano: config device option name 'br-lan' option type 'bridge' option macaddr '00:01:02:XX:XX:XX' list ports 'lan1' list ports 'lan2' list ports 'lan3' list ports 'lan4' config interface 'lan' option device 'br-lan' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' config device option name 'eth1' option macaddr '00 :01:02:YY:YY:YY' config interface 'wan' njira chipangizo 'eth1' njira proto 'dhcp' config interface 'wan6' njira chipangizo 'eth1' njira proto 'dhcpv6'
Poyerekeza ndi mafayilo osinthika /etc/config/network, mayina a minda omwe ali mu board.json asinthidwa kuchoka ku "ifname" kukhala "chipangizo".
- Pulatifomu yatsopano ya "realtek" yawonjezedwa, kulola OpenWrt kuti igwiritsidwe ntchito pazida zokhala ndi madoko ambiri a Ethernet, monga D-Link, ZyXEL, ALLNET, INABA ndi NETGEAR Ethernet masiwichi.
- Anawonjezera bcm4908 yatsopano ndi nsanja za rockchip pazida zozikidwa pa Broadcom BCM4908 ndi Rockchip RK33xx SoCs. Nkhani zothandizira zida zathetsedwa pamapulatifomu omwe adathandizidwa kale.
- Thandizo la nsanja ya ar71xx lathetsedwa, m'malo mwake nsanja ya ath79 iyenera kugwiritsidwa ntchito (pazida zotengera ar71xx, tikulimbikitsidwa kuyikanso OpenWrt kuchokera poyambira). Thandizo la cns3xxx (Cavium Networks CNS3xxx), rb532 (MikroTik RB532) ndi samsung (SamsungTQ210) nsanja nazonso zathetsedwa.
- Mafayilo ogwiritsiridwa ntchito a mapulogalamu omwe akuphatikizidwa pakukonza ma netiweki amapangidwa mu mawonekedwe a PIE (Position-Independent Executables) ndi chithandizo chonse cha adilesi space randomization (ASLR) kuti zikhale zovuta kugwiritsa ntchito zovuta pazogwiritsa ntchito ngati izi.
- Mukasonkhanitsa kernel Linux Mwachisawawa, zosankha zimayatsidwa kuti zithandizire ukadaulo wodzipatula wa ziwiya, zomwe zimathandiza kugwiritsa ntchito zida za LXC ndi mawonekedwe a procd-ujail mu OpenWrt pamapulatifomu ambiri.
- Kuthekera komanga ndi chithandizo cha SE forced access control system kwaperekedwaLinux (yazimitsidwa mwachisawawa).
- Mabaibulo a phukusi asinthidwa, kuphatikizapo musl libc 1.1.24, glibc 2.33, gcc 8.4.0, binutils 2.34, hostapd 2020-06-08, dnsmasq 2.85, dropbear 2020.81, ndi busybox 1.33.1. Kernel Linux yasinthidwa kukhala mtundu wa 5.4.143 ndi kutumiza kwa waya wopanda waya cfg80211/mac80211 kuchokera ku kernel 5.10.42 ndi kusamutsa thandizo VPN Wireguard.
Source: opennet.ru
