ProHoster > Blog > talafou initaneti > OpenWrt Fa'asalalauga 21.02.0

OpenWrt Fa'asalalauga 21.02.0

O se faʻasalalauga fou fou o le OpenWrt 21.02.0 tufatufaina ua faʻalauiloaina, e faʻamoemoe e faʻaoga i masini fesoʻotaʻiga eseese e pei o routers, switches ma avanoa avanoa. E lagolagoina e OpenWrt le tele o fausaga eseese ma fausaga ma e iai se faʻalapotopotoga faʻapipiʻi e mafai ai ona faigofie ma faigofie le tuʻufaʻatasia, e aofia ai vaega eseese i totonu o le faʻapotopotoga, lea e faigofie ai ona fatuina firmware saunia poʻo se ata tisiki ma le seti manaʻomia o mua- afifi fa'apipi'i fa'atatau mo galuega fa'apitoa. O fa'apotopotoga e fa'atupuina mo le 36 fa'atonuga fa'atatau.

Faatasi ai ma suiga i OpenWrt 21.02.0 o loʻo taua i lalo:

  • Ua fa'ateleina mea e mana'omia mo meafaigaluega. I le faaletonu o le fausiaina, ona o le aofia ai o isi Linux kernel subsystems, o le faʻaaogaina o OpenWrt e manaʻomia nei se masini e iai le 8 MB Flash ma le 64 MB RAM. Afai e te manaʻo ai, e mafai lava ona e faia lau lava faʻapotopotoga faʻapipiʻi e mafai ona galue i luga o masini e iai le 4 MB Flash ma le 32 MB RAM, ae o le faʻaogaina o sea faʻapotopotoga o le a faʻatapulaʻaina, ma e le faʻamaonia le faʻamautuina o le gaioiga.
  • O le afifi autu e aofia ai afifi e lagolagoina le WPA3 wireless network security technology, lea e avanoa nei e ala i le faaletonu pe a faigaluega i le tagata o tausia ma pe a fatuina se nofoaga avanoa. O le WPA3 e maua ai le puipuiga mai osofaʻiga matemateina o upu faʻamaonia (e le mafai ona faʻatagaina le matemateina o upu faʻamaonia i le offline mode) ma faʻaogaina le faʻamaoniga faʻamaonia o le SAE. O le mafai ona fa'aoga le WPA3 o lo'o tu'uina atu i le tele o ta'avale mo masini uaealesi.
  • O le pusa faavae e aofia ai le lagolago mo le TLS ma le HTTPS e ala i le faaletonu, lea e mafai ai ona e faʻaogaina le LuCI Web interface i luga o le HTTPS ma faʻaoga mea aoga e pei o le wget ma le opkg e toe aumai ai faʻamatalaga i luga o fesoʻotaʻiga faʻailoga. O 'au'aunaga lea e tufatufaina atu ai afifi e ala i le opkg e fa'afeiloa'i fo'i i le lafoina o fa'amatalaga e ala i le HTTPS e ala i le fa'aletonu. O le faletusi mbedTLS o loʻo faʻaaogaina mo faʻamatalaga ua suia e le wolfSSL (pe a manaʻomia, e mafai ona e faʻapipiʻi lima le mbedTLS ma OpenSSL faletusi, lea e faʻaauau pea ona tuʻuina atu e fai ma filifiliga). Ina ia fetuutuunai le auina atu otometi i le HTTPS, o le upega tafaʻilagi e ofoina atu le filifiliga "uhttpd.main.redirect_https=1".
  • O le lagolago muamua ua faʻatinoina mo le DSA (Distributed Switch Architecture) kernel subsystem, lea e tuʻuina atu meafaigaluega mo le faʻatulagaina ma le faʻatonutonuina o cascades o fesoʻotaʻiga Ethernet fesoʻotaʻi, faʻaogaina o masini e faʻaogaina ai fesoʻotaʻiga fesoʻotaʻiga masani (iproute2, ifconfig). E mafai ona fa'aoga le DSA e fa'atulaga ai ports ma VLAN e sui ai le meafaigaluega swconfig na ofoina muamua, ae le'o lagolagoina uma e ta'avale sui le DSA. I le tuʻuina atu, DSA ua mafai mo ath79 (TP-Link TL-WR941ND), bcm4908, gemini, kirkwood, mediatek, mvebu, octeon, ramips (mt7621) ma realtek avetaavale.
  • Ua faia suiga i le syntax o faila faatulagaina o loʻo i totonu /etc/config/network. I le "config interface" poloka, o le "ifname" filifiliga ua toe faaigoa i le "masini", ma i le poloka "config device", o le "bridge" ma le "ifname" filifiliga ua toe faaigoa i "ports". Mo faʻapipiʻi fou, faʻapipiʻi faila ma faʻatulagaga mo masini (layer 2, "config device" poloka) ma fesoʻotaʻiga fesoʻotaʻiga (layer 3, "config interface" poloka) ua gaosia nei. Ina ia faatumauina le fetaui i tua, o le lagolago mo le syntax tuai e taofia, i.e. fa'atulagaina muamua e le mana'omia ni suiga. I lenei tulaga, i luga o le upega tafaʻilagi, pe a iloa le syntax tuai, o le a faʻaalia se talosaga e malaga atu i le syntax fou, lea e manaʻomia e faʻasaʻo ai tulaga e ala i le upega tafaʻilagi.

    Fa'ata'ita'iga o le fa'asologa fou: config device option name 'br-lan' option type 'bridge' option macaddr '00:01:02:XX:XX:XX' list ports 'lan1' list ports 'lan2' list ports 'lan3' lisi ports 'lan4' config interface 'lan' option device 'br-lan' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' config device option name 'eth1' option macaddr '00 :01:02:YY:YY:YY' config interface 'wan' option device 'eth1' option proto 'dhcp' config interface 'wan6' option device 'eth1' option proto 'dhcpv6'

    I le faʻatusatusaga ma faila faʻatulagaina /etc/config/network, o igoa ole fanua ile board.json ua suia mai le "ifname" i le "masini".

  • Ua fa'aopoopoina se fa'avae fou "realtek", fa'atagaina le OpenWrt e fa'aoga i masini ma le tele o ports Ethernet, e pei o D-Link, ZyXEL, ALLNET, INABA ma NETGEAR Ethernet switches.
  • Fa'aopoopo fou bcm4908 ma rockchip platforms mo masini fa'avae ile Broadcom BCM4908 ma Rockchip RK33xx SoCs. Ua uma ona foia fa'afitauli lagolago mo masini mo fa'avae sa lagolagoina muamua.
  • O le lagolago mo le ar71xx platform ua fa'agata, nai lo le ath79 platform e tatau ona fa'aoga (mo masini fa'avae i ar71xx, e fautuaina e toe fa'apipi'i OpenWrt mai le sasa). Lagolago mo le cns3xxx (Cavium Networks CNS3xxx), rb532 (MikroTik RB532) ma samsung (SamsungTQ210) faʻavae ua faʻagata foi.
  • Fa'atonu faila o talosaga o lo'o a'afia i le fa'agasologa o feso'ota'iga feso'ota'iga o lo'o tu'ufa'atasia i le PIE (Position-Independent Executables) fa'atasi ai ma le lagolago atoatoa mo le fa'aogaina o avanoa avanoa (ASLR) e fa'afaigata ai ona fa'aogaina fa'aletonu i ia talosaga.
  • I le fausiaina o le fatu Linux, o filifiliga e mafai e ala i le le mafai ona lagolagoina le faʻaogaina o tekonolosi, faʻatagaina le LXC toolkit ma le procd-ujail mode e faʻaoga i OpenWrt i luga o le tele o faʻavae.
  • O le mafai ona fausia ma le lagolago mo le SELinux access control system ua saunia (fa'aletonu ona o le faaletonu).
  • Fa'afou fa'asologa o afifi, e aofia ai fa'asalalauga fuafuaina musl libc 1.1.24, glibc 2.33, gcc 8.4.0, binutils 2.34, hostapd 2020-06-08, dnsmasq 2.85, dropbear 2020.81, busybox 1.33.1. O le fatu Linux ua toe faʻafouina i le version 5.4.143, faʻapipiʻi le cfg80211/mac80211 uaealesi faaputuga mai le 5.10.42 kernel ma le porting Wireguard VPN lagolago.

puna: opennet.ru

Faaopoopo i ai se faamatalaga