Kuburitswa kutsva kwakakosha kwekugovera kweOpenWrt 21.02.0 kwakaunzwa, yakanangana nekushandiswa mumidziyo yakasiyana-siyana yetiweki yakadai semarouta, maswichi nenzvimbo dzekuwana. OpenWrt inotsigira akawanda akasiyana mapuratifomu uye zvivakwa uye ine dhizaini system inobvumira muchinjika-muunganidzwa kuti uitwe zviri nyore uye zviri nyore, kusanganisira zvikamu zvakasiyana mugungano, izvo zvinoita kuti zvive nyore kugadzira yakagadzirira-yakagadzirwa firmware kana dhisiki mufananidzo une seti yaunoda. yemapakeji akafanomisikidzwa akagadzirirwa mamwe mabasa. Magungano anogadzirirwa makumi matatu nematanhatu epuratifomu.
Pakati pekuchinja muOpenWrt 21.02.0 zvinotevera zvinocherechedzwa:
- Minimum hardware zvinodiwa zvawedzerwa. Muchigadzirwa chekuvaka, nekuda kwekubatanidzwa kwekuwedzera Linux kernel subsystems, kushandisa OpenWrt ikozvino kunoda mudziyo une 8 MB Flash uye 64 MB RAM. Kana uchida, iwe unogona kugadzira yako yakabviswa-pasi musangano inogona kushanda pamidziyo ine 4 MB Flash uye 32 MB RAM, asi kushanda kwegungano rakadaro kuchave kushoma, uye kugadzikana kwekushanda hakuna kuvimbiswa.
- Iyo yakakosha pasuru inosanganisira mapakeji ekutsigira WPA3 isina waya network yekuchengetedza tekinoroji, iyo yave kuwanikwa nekusarudzika zvese kana uchishanda mumhando yevatengi uye kana uchigadzira nzvimbo yekupinda. WPA3 inopa dziviriro kubva pakufungidzira kurwiswa kwepassword (hazvizobvumiri password kufungidzira muoffline mode) uye inoshandisa iyo SAE yekusimbisa protocol. Iko kugona kushandisa WPA3 kunowanikwa mune akawanda madhiraivha ezvishandiso zvisina waya.
- Iyo base pasuru inosanganisira tsigiro yeTLS neHTTPS nekusarudzika, iyo inokutendera iwe kuti uwane iyo LuCI Webhu interface pamusoro peHTTPS uye shandisa zvinoshandiswa senge wget uye opkg kudzoreredza ruzivo pamusoro peyakavanzika nzira yekutaurirana. Masevha ayo mapakeji akadhawunirodherwa kuburikidza ne opkg anogovaniswa anochinjirwawo kutumira ruzivo kuburikidza neHTTPS nekukasira. Iyo raibhurari yembedTLS inoshandiswa kuvharidzira yakatsiviwa newolfSSL (kana zvichidikanwa, unogona kuisa nemaoko mbedTLS uye OpenSSL maraibhurari, ayo anoramba achipihwa senge sarudzo). Kugadzirisa otomatiki kutumira kuHTTPS, iyo webhu interface inopa sarudzo "uhttpd.main.redirect_https=1".
- Rutsigiro rwekutanga rwakaitwa kuDSA (Distributed Switch Architecture) kernel subsystem, iyo inopa maturusi ekugadzirisa nekugadzirisa cascades yeakabatana Ethernet switch, uchishandisa nzira dzinoshandiswa kugadzirisa zvakajairwa network interfaces (iproute2, ifconfig). DSA inogona kushandiswa kugadzirisa madoko uye maVLAN panzvimbo yeyakambopihwa swconfig chishandiso, asi kwete ese madhiraivha ekuchinja anotsigira DSA parizvino. Mukuburitswa kuri kutaurwa, DSA inogoneswa kuti ath79 (TP-Link TL-WR941ND), bcm4908, gemini, kirkwood, mediatek, mvebu, octeon, ramips (mt7621) uye vatyairi verealtek.
- Shanduko dzakaitwa kune syntax yemafaira ekugadzirisa ari mukati /etc/config/network. Mu "config interface" block, iyo "ifname" sarudzo yakatumidzwa zita rekuti "mudziyo", uye mu "config device" block, "bhiriji" uye "izita" sarudzo dzakatumidzwa zita rekuti "ports". Nekumisikidzwa kutsva, patsanura mafaera ane zvigadziriso zvemidziyo (layer 2, "config mudziyo" block) uye network interfaces (layer 3, "config interface" block) ikozvino yakagadzirwa. Kuti uchengetedze kuenderana kumashure, kutsigirwa kweiyo syntax yekare inochengetwa, i.e. zvakambosikwa zvigadziriso hazvidi shanduko. Muchiitiko ichi, muwebhu interface, kana syntax yekare yakaonekwa, chirevo chekutamira kune itsva syntax chicharatidzwa, izvo zvinodiwa kugadzirisa zvirongwa kuburikidza newebhu web interface.
Muenzaniso weiyo syntax nyowani: gadzirisa mudziyo sarudzo zita 'br-lan' sarudzo mhando 'bhiriji' sarudzo macaddr '00:01:02:XX:XX:XX' list ports 'lan1' list ports 'lan2' list ports 'lan3' list ports 'lan4' config interface 'lan' option device 'br-lan' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' config device option name 'eth1' option macaddr '00 :01:02:YY:YY:YY' config interface 'wan' sarudzo mudziyo 'eth1' sarudzo proto 'dhcp' config interface 'wan6' sarudzo mudziyo 'eth1' sarudzo proto 'dhcpv6'
Nekufananidza nemafaira ekugadzirisa /etc/config/network, mazita emunda ari mubhodhi.json akachinjwa kubva ku "ifname" kusvika "mudziyo".
- Nzvimbo itsva ye "realtek" yawedzerwa, ichibvumira OpenWrt kuti ishandiswe pamidziyo ine nhamba huru yeEthernet ports, yakadai seD-Link, ZyXEL, ALLNET, INABA uye NETGEAR Ethernet switch.
- Yakawedzera itsva bcm4908 uye rockchip mapuratifomu emidziyo yakavakirwa paBroadcom BCM4908 uye Rockchip RK33xx SoCs. Nyaya dzetsigiro dzemudziyo dzakagadziriswa pamapuratifomu akatsigirwa kare.
- Tsigiro yepuratifomu year71xx yakamiswa, panzvimbo iyo ath79 papuratifomu inofanirwa kushandiswa (yemidziyo yakavakirwa paar71xx, zvinokurudzirwa kudzoreredza OpenWrt kubva kutanga). Tsigiro ye cns3xxx (Cavium Networks CNS3xxx), rb532 (MikroTik RB532) uye samsung (SamsungTQ210) mapuratifomu zvakare akamiswa.
- Mafaira ekushandisa ezvishandiso anosanganisirwa mukugadzirisa mambure etiweki anounganidzwa muPIE (Position-Yakazvimirira Executables) modhi ine rutsigiro ruzere rwekero space randomisation (ASLR) kuita kuti zviome kushandisa kusasimba mumashandisirwo akadai.
- Kana uchivaka iyo Linux kernel, sarudzo dzinogoneswa nekusarudzika kutsigira tekinoroji yekuzviparadzanisa nevamwe, ichibvumira iyo LXC toolkit uye procd-ujail mode kuti ishandiswe muOpenWrt pamapuratifomu mazhinji.
- Iko kugona kuvaka nerutsigiro rweSELinux yekuwana control system inopihwa (yakaremara nekusarudzika).
- Shanduro dzepasuru dzakagadziridzwa, kusanganisira zvakaburitswa musl libc 1.1.24, glibc 2.33, gcc 8.4.0, binutils 2.34, hostapd 2020-06-08, dnsmasq 2.85, dropbear 2020.81, busybox1.33.1. Iyo Linux kernel yakagadziridzwa kuita vhezheni 5.4.143, ichiisa iyo cfg80211/mac80211 isina waya stack kubva ku5.10.42 kernel uye porting Wireguard VPN rutsigiro.
Source: opennet.ru