ProHoster > Ibhulogi > iindaba ze-intanethi > I-FreeBSD 13.2 ikhupha nge-Netlink kunye nenkxaso ye-WireGuard

I-FreeBSD 13.2 ikhupha nge-Netlink kunye nenkxaso ye-WireGuard

Emva kweenyanga ezili-11 zophuhliso, iFreeBSD 13.2 ikhutshiwe. Imifanekiso yokufakela yenzelwe i-amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64 kunye riscv64 architectures. Ukongezelela, iindibano zilungiselelwe iinkqubo ze-virtualization (QCOW2, VHD, VMDK, eluhlaza) kunye neendawo zefu Amazon EC2, Injini yeCompute yeGoogle kunye neVagrant.

Utshintsho oluphambili:

  • Ukukwazi ukwenza i-snapshots ye-UFS kunye neenkqubo zefayile ze-FFS ngokungena ngemvume kunikwe amandla (uhlaziyo oluthambileyo) luphunyeziwe. Kwakhona kongezwe inkxaso yogcino lwangasemva lweendawo zokulahla (inkunkuma ebalekayo nge-“-L” iflegi) kunye nemixholo yeenkqubo zefayile ze-UFS ezinyusiweyo xa ukubhalwa kwejenali kuvuliwe. Enye yeempawu ezingafumanekiyo xa usebenzisa ukugawulwa kwemithi kukwenziwa ngasemva kokuhlolwa kwemfezeko usebenzisa into eluncedo yefsck.
  • Ukubunjwa okusisiseko kubandakanya umqhubi we-wg osebenza kwinqanaba le-kernel kunye nokuphunyezwa konxibelelwano lwenethiwekhi ye-VPN WireGuard. Ukusebenzisa i-cryptographic algorithms efunwa ngumqhubi, i-API ye-FreeBSD kernel crypto-subsystem yandiswa, apho i-harness yongezwa evumela ukusetyenziswa kwe-algorithms kwilayibrari ye-libsodium engaxhaswanga kwi-FreeBSD nge-crypto-API eqhelekileyo. . Ngexesha lenkqubo yophuhliso, ukulungelelaniswa kwakhona kwaqhutywa ukulinganisa ngokulinganayo ukubotshwa kwepakethe yokubethela kunye nemisebenzi yokuguqulela kwi-CPU cores, eyanciphisa i-overhead xa kusetyenzwa iipakethi zeWireGuard.

    Umzamo wokugqibela wokubandakanya i-WireGuard kwi-FreeBSD yenziwa ngo-2020, kodwa yaphela kwihlazo, ngenxa yoko ikhowudi esele yongeziwe yasuswa ngenxa yomgangatho ophantsi, umsebenzi wokungakhathali kunye ne-buffers, ukusetyenziswa kwe-stubs endaweni yokuhlola, ukuphunyezwa okungaphelelanga. yeprotocol kunye nokwaphulwa kwelayisensi ye-GPL. Ukuphunyezwa okutsha kulungiselelwe ngokudibeneyo ngamaqela aphambili e-FreeBSD kunye ne-WireGuard, kunye neminikelo evela ku-Jason A. Donenfeld, umbhali we-VPN WireGuard, kunye no-John H. Baldwin, umqambi owaziwayo we-FreeBSD. Uphononongo olupheleleyo lotshintsho lwenziwe ngenkxaso ye-FreeBSD Foundation ngaphambi kokuba ikhowudi entsha yamkelwe.

  • Inkxaso ye-Netlink yonxibelelwano protocol (RFC 3549), esetyenziswa kwi-Linux ukulungelelanisa ukusebenzisana kwe-kernel kunye neenkqubo kwindawo yomsebenzisi, iphunyeziwe. Iprojekthi inqunyelwe ukuxhasa usapho lweNETLINK_ROUTE lwemisebenzi yokulawula imeko yenkqubo yothungelwano engaphantsi kwi kernel, evumela iFreeBSD ukuba isebenzise usetyenziso lwe Linux ip ukusuka kwiphakheji ye iproute2 yokulawula ujongano lomsebenzi womnatha, cwangcisa iidilesi ze IP, uqwalasele indlela kunye nokukhohlisa nexthop izinto ezigcina idata yelizwe esetyenziselwa ukuhambisa ipakethi kwindawo oyifunayo.
  • Zonke iinkqubo ezisisiseko eziphunyeziweyo kumaqonga angama-64-bit aneedilesi zokuBeka ngokungakhethiyo kweNdawo (ASLR) enikwe ngokuzenzekelayo. Ukuvala i-ASLR ngokukhetha, ungasebenzisa imiyalelo “proccontrol -m aslr -s disable” okanye “elfctl -e +noaslr”.
  • Kwi-ipfw, iitafile zeradix zisetyenziselwa ukujonga iidilesi ze-MAC, ezikuvumela ukuba wenze iitafile ngeedilesi ze-MAC kwaye uzisebenzise ukucoca i-traffic. Umzekelo: ipfw table 1 yenza uhlobo lwe mac ipfw table 1 yongeza 11:22:33:44:55:66/48 ipfw yongeza iskipto tablearg src-mac 'itafile(1)' ipfw yongeza ukukhanyela i-src-mac 'itafile(1, 100 )' ipfw yongeza ukukhanyela ukujonga dst-mac 1
  • Iimodyuli ze-Kernel dpdk_lpm4 kunye ne-dpdk_lpm6 zongeziwe kwaye ziyafumaneka ukuze zilayishwe nge-loader.conf ngokuphunyezwa kwe-DIR-24-8 indlela yokukhangela i-algorithm ye-IPv4/IPv6, ekuvumela ukuba ulungise imisebenzi yomzila yeenginginya ezineetafile ezinkulu kakhulu zokukhokela ( kwiimvavanyo, ukunyuka kwesantya se-25 kubonwa%). Ukuqwalasela iimodyuli, indlela esetyenziswayo eqhelekileyo ingasetyenziswa (i FIB_ALGO ukhetho longeziwe).
  • Ukuphunyezwa kwenkqubo yefayile ye-ZFS ihlaziywe ukuze kukhululwe i-OpenZFS 2.1.9. Iskripthi sokuqalisa se-zfskeys sibonelela ngokulayishwa ngokuzenzekelayo kwezitshixo ezigcinwe kwinkqubo yefayile ye-ZFS. Kongezwe i-script entsha ye-RC zpoolreguid ukunika i-GUID kwi-zpools enye okanye ngaphezulu (umzekelo, iluncedo kwimo ekwabelwana ngayo yokwenziwa kwedatha).
  • I-hypervisor ye-Bhyve kunye nenkxaso yemodyuli ye-vmm incamathelisa ngaphezu kwe-15 virtual CPUs kwinkqubo yeendwendwe (ilawulwa nge-sysctl hw.vmm.maxcpu). Usetyenziso lwe-bhyve luphumeza ulinganiso lwesixhobo se-virtio-input, onokuthi ngaso ubeke endaweni yebhodi yezitshixo kunye neziganeko zongeniso lwemouse kwinkqubo yeendwendwe.
  • Kwi-KTLS, ukuphunyezwa kwe-TLS protocol esebenza kwinqanaba le-kernel ye-FreeBSD, ukuxhaswa kwe-hardware acceleration ye-TLS 1.3 yongezwe ngokukhuphela imisebenzi ethile ehambelana nokucubungula iipakethi ezingenayo ezifihliweyo kwikhadi lenethiwekhi. Ngaphambili, into efanayo yayikhona kwi-TLS 1.1 kunye ne-TLS 1.2.
  • Kwiskripthi sokuqalwa kwe-growfs, xa ukhulisa inkqubo yefayile yeengcambu, kuyenzeka ukongeza isahlulo sokutshintsha ukuba ulwahlulo olunjalo belulahlekile ekuqaleni (umzekelo, luncedo xa ufaka umfanekiso osele ulungile wenkqubo kwikhadi le-SD). Ukulawula ubungakanani botshintshiselwano, iparameter entsha growfs_swap_size yongezwe kwi-rc.conf.
  • Iskripthi sokuqalwa kwe-hostid siqinisekisa ukuba i-UUID engahleliwe yenziwe ukuba ifayile /etc/hostid ayikho kwaye i-UUID ayinakufunyanwa kwi-hardware. Kwakhona kongezwe ifayile ye-id /etc/machine-id kunye nomboniso ohlangeneyo we-ID yenginginya (akukho qhagamshela).
  • I-defaultrouter_fibN kunye ne-ipv6_defaultrouter_fibN variables zongezwe kwi-rc.conf, apho unokongeza iindlela ezingagqibekanga kwiitafile zeFIB ngaphandle kweyokuqala.
  • Inkxaso ye-SHA-512/224 hashes yongezwe kwilayibrari ye-libmd.
  • Ilayibrari yepthread ibonelela ngenkxaso yeesemantics yemisebenzi esetyenziswa kwiLinux.
  • Inkxaso eyongeziweyo yenkqubo yeLinux yokufowuna kwi-kdump. Inkxaso eyongeziweyo ye-Linux-style yokulandelela umnxeba kwi-kdump kunye ne-sysdecode.
  • I-killall utility ngoku inamandla okuthumela umqondiso kwiinkqubo ezibotshelelwe kwi-terminal ethile (umzekelo, "killall -t pts/1").
  • Kongezwe into eluncedo ye-nproc ukubonisa inani leebhloko zokubala ezikhoyo kwinkqubo yangoku.
  • Inkxaso ye-decoding ACS (IiNkonzo zoLawulo lokuFikelela) iparameters yongezwe kwi-pciconf utility.
  • I-SPLIT_KERNEL_DEBUG isicwangciso songeziwe kwi-kernel, ekuvumela ukuba ugcine ulwazi lolungiso lwe-kernel kunye neemodyuli ze-kernel kwiifayile ezahlukeneyo.
  • I-Linux ABI iphantse yagqitywa ngenkxaso ye-vDSO (izinto eziguqukayo ezibonakalayo) indlela, ebonelela ngeseti elinganiselweyo yeefowuni ezifumaneka kwindawo yomsebenzisi ngaphandle kokutshintsha umxholo. I-Linux ABI kwiinkqubo ze-ARM64 iziswe kumlinganiso kunye nokuphunyezwa koyilo lwe-AMD64.
  • Inkxaso yehardware ephuculweyo. Inkxaso yokubekwa esweni kokusebenza (hwpmc) ye-Intel Alder Lake CPUs. Umqhubi we-iwlwifi wamakhadi e-Intel angenazintambo uhlaziywe ngenkxaso yeetshiphusi ezintsha kunye nomgangatho we-802.11ac. Kongezwe umqhubi we-rtw88 wamakhadi e-Realtek angenazingcingo ane-PCI interface. Izakhono zomaleko we-linuxkpi zandisiwe ukuze zisetyenziswe nabaqhubi beLinux kwiFreeBSD.
  • Ithala leencwadi le-OpenSSL lihlaziywe ukuba libe kuguqulelo 1.1.1t, LLVM/Сlang kuguqulelo 14.0.5, kwaye iseva ye-SSH nomxhasi zihlaziywe ukuba zibe yi-OpenSSH 9.2p1 (uguqulelo lwangaphambili lusetyenziswe i-OpenSSH 8.8p1). Kwakhona zihlaziywa iinguqulelo bc 6.2.4, expat 2.5.0, ifayile 5.43, ngaphantsi 608, libarchive 3.6.2, sendmail 8.17.1, sqlite 3.40.1, unbound 1.17.1, zlib 1.2.13.

Ukongeza, kuye kwabhengezwa ukuba, ukuqala ngesebe le-FreeBSD 14.0, iipassword zexesha elinye i-OPIE, i-ce kunye nabaqhubi be-cp, abaqhubi bamakhadi e-ISA, i-mergemaster kunye ne-minigzip utilities, amacandelo e-ATM kwi-netgraph (NgATM), inkqubo yangasemva ye-telnetd kunye Iklasi yeVINUM kwi-geom.

umthombo: opennet.ru

Yongeza izimvo