ProHoster > Blog > internet nhau > FreeBSD 13.2 kuburitswa neNetlink uye WireGuard rutsigiro

FreeBSD 13.2 kuburitswa neNetlink uye WireGuard rutsigiro

Mushure memwedzi gumi neimwe yebudiriro, FreeBSD 11 yakaburitswa. Mifananidzo yekuisa inogadzirwa amd13.2, i64, powerpc, powerpc386, powerpc64le, powerpcspe, armv64, armv6, aarch7 uye riscv64 architectures. Pamusoro pezvo, magungano akagadzirirwa virtualization masisitimu (QCOW64, VHD, VMDK, mbishi) uye makore nharaunda Amazon EC2, Google Compute Injini uye Vagrant.

Kuchinja kukuru:

  • Iko kugona kugadzira snapshots eUFS neFFS faira masisitimu ane matanda anogoneswa (zvinyoro zvigadziriso) zvaitwa. Yakawedzerawo tsigiro yekumashure kuchengetedzwa kwemarara (kumhanya marara ne "-L" mureza) nezviri mukati meUFS akaiswa mafaira masisitimu kana rejenari ichigoneswa. Chimwe chezvinhu zvisingawanikwe paunenge uchishandisa kutema matanda ndeyekumashure kwekuita kwekutendeseka cheki uchishandisa iyo fsck utility.
  • Iyo yakakosha kuumbwa inosanganisira wg mutyairi anoshanda pa kernel level nekuitwa kwe network network yeVPN WireGuard. Kuti ushandise cryptographic algorithms inodiwa nemutyairi, API yeFreeBSD kernel crypto-subsystem yakawedzerwa, iyo harness yakawedzerwa iyo inobvumira kushandiswa kwealgorithms kubva muraibhurari ye libsodium iyo isingatsigirwi muFreeBSD kuburikidza ne crypto-API yakajairwa. . Munguva yekuvandudza maitiro, optimization yakaitwa zvakare kuenzana kusungirirwa kwepakiti encryption uye decryption mabasa kuCPU cores, iyo yakadzora iyo yepamusoro pakugadzira WireGuard mapaketi.

    Kuedza kwekupedzisira kusanganisa WireGuard muFreeBSD kwakaitwa muna 2020, asi kwakapera mukunyomba, semhedzisiro iyo kodhi yatowedzerwa kare yakabviswa nekuda kwemhando yakaderera, basa rekushaya hanya nemabuffers, kushandiswa kwemastubs pachinzvimbo checheki, kusakwana kuita. yeprotocol uye kutyorwa kwerezinesi reGPL. Kuitwa kutsva uku kwakagadzirirwa pamwe chete nepakati FreeBSD neWireGuard zvikwata zvekusimudzira, nemipiro kubva kuna Jason A. Donenfeld, munyori weVPN WireGuard, uye John H. Baldwin, ane mukurumbira FreeBSD developer. Ongororo yakazara yeshanduko yakaitwa nerutsigiro rweFreeBSD Foundation isati yagamuchirwa kodhi nyowani.

  • Tsigiro yeNetlink communication protocol (RFC 3549), inoshandiswa muLinux kuronga kupindirana kwekernel nematanho munzvimbo yemushandisi, yaitwa. Iyo purojekiti inogumira pakutsigira iyo NETLINK_ROUTE mhuri yekushanda kwekutonga mamiriro eiyo network subsystem mu kernel, iyo inobvumira FreeBSD kushandisa iyo Linux ip utility kubva iproute2 package kubata network interface, kuseta IP kero, kugadzirisa nzira uye kushandura nexthop. zvinhu zvinochengeta data rehurumende rinoshandiswa kuendesa pakiti kunzvimbo yaunoda.
  • Yese base system inogadziriswa pa64-bit mapuratifomu ane Kero Space Layout Randomization (ASLR) inogoneswa nekusarudzika. Kuti usarudze kudzima ASLR, unogona kushandisa mirairo "proccontrol -m aslr -s disable" kana "elfctl -e +noaslr".
  • Mu ipfw, matafura e radix anoshandiswa kutarisa kumusoro kweMAC kero, izvo zvinokutendera iwe kugadzira matafura ane MAC kero uye woashandisa kusefa traffic. Semuenzaniso: ipfw tafura 1 gadzira mhando mac ipfw tafura 1 wedzera 11:22:33:44:55:66/48 ipfw wedzera skipto tablearg src-mac 'tafura(1)' ipfw wedzera kuramba src-mac 'tafura(1, 100 )' ipfw wedzera kuramba kutarisa dst-mac 1
  • Kernel modules dpdk_lpm4 uye dpdk_lpm6 akawedzerwa uye anowanikwa kurodha kuburikidza neloader.conf nekushandiswa kweDIR-24-8 nzira yekutsvaga algorithm yeIPv4/IPv6, iyo inobvumidza iwe kukwidziridza mabasa ekufambisa kune vanogamuchira vane matafura makuru ekufambisa ( mukuedzwa, kukurumidza kuwedzera kwe25 kunoonekwa %). Kugadzirisa mamodule, yakajairwa nzira yekushandisa inogona kushandiswa (iyo FIB_ALGO sarudzo yawedzerwa).
  • Kuitwa kweZFS faira system yakagadziridzwa kuburitsa OpenZFS 2.1.9. Iyo zfskys yekutanga script inopa otomatiki kurodha makiyi akachengetwa muZFS faira system. Yakawedzera nyowani RC script zpoolreguid yekugovera GUID kune imwe kana anopfuura zpools (semuenzaniso inobatsira kune yakagovaniswa data virtualization nharaunda).
  • Iyo Bhyve hypervisor uye vmm module inotsigira inonamatira anopfuura gumi neshanu maCPU kune yevaenzi system (inodzorwa kuburikidza ne sysctl hw.vmm.maxcpu). Iyo bhyve utility inoshandisa emulation yevirtio-input mudziyo, iyo iwe yaunogona kutsiva keyboard nembeva yekupinda zviitiko muhurongwa hwevaenzi.
  • MuKTLS, kuisirwa kweTLS protocol inoshanda paFreeBSD kernel level, rutsigiro rwekukwidziridzwa kwehardware yeTLS 1.3 yakawedzerwa nekuburitsa mamwe mashandiro ane chekuita nekugadzirisa akavharirwa mapaketi anouya kunetiweki kadhi. Pakutanga, chimiro chakafanana chaivepo cheTLS 1.1 uye TLS 1.2.
  • Mune iyo growfs yekutanga script, kana uchiwedzera iyo midzi faira system, zvinokwanisika kuwedzera shanduko yekuparadzanisa kana kupatsanurwa kwakadaro kwakamboshaikwa (semuenzaniso, zvinobatsira pakuisa yakagadzirira-yakagadzirwa system mufananidzo pane SD kadhi). Kuti udzore saizi yekuchinja, imwe parameter growfs_swap_size yawedzerwa kurc.conf.
  • Iyo hostid yekutanga script inovimbisa kuti yakasarudzika UUID inogadzirwa kana iyo /etc/hostid faira isipo uye iyo UUID haigone kuwanikwa kubva kune Hardware. Yakawedzerawo /etc/muchina-id faira ine kompakiti inomiririra yeiyo host ID (hapana hyphens).
  • Iyo defaultrouter_fibN uye ipv6_defaultrouter_fibN zvinosiyana zvawedzerwa kurc.conf, kuburikidza iyo iwe unogona kuwedzera nzira dzekutanga kumatafura eFIB kunze kweiyo yekutanga.
  • Tsigiro yeSHA-512/224 hashes yakawedzerwa kune libmd raibhurari.
  • Iyo pthread raibhurari inopa rutsigiro kune iyo semantics yemabasa anoshandiswa muLinux.
  • Yakawedzera tsigiro yekudhirodha Linux system inofona ku kdump. Yakawedzera tsigiro yeLinux-maitiro sisitimu yekufona kutsvaga kune kdump uye sysdecode.
  • Iyo killall utility ikozvino ine kugona kutumira chiratidzo kune maitiro akasungwa kune chaiyo terminal (semuenzaniso, "killall -t pts/1").
  • Yakawedzera nproc utility kuratidza huwandu hwemakomputa blocks anowanikwa kune yazvino maitiro.
  • Tsigiro yekudhirodha ACS (Access Control Services) maparamita akawedzerwa kune pciconf utility.
  • Iyo SPLIT_KERNEL_DEBUG yekumisikidza yakawedzerwa kune kernel, iyo inokutendera iwe kuchengetedza debugging ruzivo rwe kernel uye kernel module mumafaira akasiyana.
  • Iyo Linux ABI inenge yakakwana nerutsigiro rweiyo vDSO (chaiyo dynamic yakagovaniswa zvinhu) meshini, iyo inopa yakaganhurwa seti yemafoni ehurongwa anowanikwa munzvimbo yevashandisi pasina shanduko yemamiriro. Iyo Linux ABI paARM64 masisitimu yakaunzwa pakuenzanisa nekuitwa kweiyo AMD64 yekuvaka.
  • Yakavandudzwa Hardware rutsigiro. Yakawedzera performance monitoring (hwpmc) rutsigiro rweIntel Alder Lake CPUs. Iyo iwlwifi mutyairi weIntel isina waya makadhi yakagadziridzwa nerutsigiro rwemachipisi matsva uye 802.11ac standard. Yakawedzera rtw88 mutyairi weRealtek isina waya makadhi ane PCI interface. Iko kugona kweiyo linuxkpi layer yakawedzerwa kuti ishandiswe neLinux madhiraivha muFreeBSD.
  • Raibhurari yeOpenSSL yakagadziridzwa kuita vhezheni 1.1.1t, LLVM/Π‘lang kuita vhezheni 14.0.5, uye sevha yeSSH nemutengi zvakagadziridzwa kuita OpenSSH 9.2p1 (shanduro yapfuura yakashandisa OpenSSH 8.8p1). Zvimwe zvakagadziridzwa ishanduro bc 6.2.4, expat 2.5.0, faira 5.43, shoma 608, libarchive 3.6.2, sendmail 8.17.1, sqlite 3.40.1, unbound 1.17.1, zlib 1.2.13.

Pamusoro pezvo, zvakaziviswa kuti, kutanga nebazi reFreeBSD 14.0, mapassword enguva imwe OPIE, ce uye cp vatyairi, vatyairi vemakadhi eISA, mergemaster uye minigzip zvinoshandiswa, zvikamu zveATM munetgraph (NgATM), iyo telnetd yekumashure maitiro uye VINUM kirasi mu geom.

Source: opennet.ru

Voeg