KwiFreeBSD Ubuthathaka obuhlanu, kuquka imiba enokuthi ikhokelele ekubhaleni ngaphezulu kwedatha yenqanaba lekernel xa uthumela iipakethi ezithile zothungelwano okanye ukuvumela umsebenzisi wasekhaya ukuba andise amalungelo abo. Ubuthathaka bulungiswe kuhlaziyo 12.1-RELEASE-p5 kunye ne-11.3-RELEASE-p9.
Obona buthathaka bunobungozi () kubangelwa kukunqongophala kobungakanani bepakethe efanelekileyo yokujonga kwilayibrari ye-libalias xa kucazululwa iiheader ezithe ngqo kwiprotocol. Ithala leencwadi le-libalias lisetyenziswa kwisihluzo sepakethi ye-ipfw yokuguqulelwa kwedilesi kwaye ibandakanya imisebenzi eqhelekileyo yokutshintsha iidilesi kwiipakethi ze-IP kunye neeprothokholi zokwahlulahlula. Ubuthathaka buvumela, ngokuthumela ipakethi yenethiwekhi eyilwe ngokukodwa, ukufunda okanye ukubhala idatha kwindawo yenkumbulo yekernel (xa usebenzisa ukuphunyezwa kweNAT kwikernel) okanye inkqubo.
natd (ukuba usebenzisa isithuba somsebenzisi ukuphunyezwa kweNAT). Umba awuluchaphazeli ulungelelwaniso lwe-NAT olwakhiwe kusetyenziswa izihluzi zepakethe ze-pf kunye ne-ipf, okanye uqwalaselo lwe-ipfw olungasebenzisi i-NAT.
Obunye ubuthathaka:
- -obunye ubungozi obunokusebenziseka kude kwi-libalias enxulumene nokubalwa okungachanekanga kobude bepakethi kumphathi weFTP. Ingxaki iphelele ekuvuzeni imixholo yee-bytes ezimbalwa zedatha ukusuka kwindawo yememori ye-kernel okanye inkqubo ye-natd.
- - ubuthathaka kwimodyuli ye-cryptodev ebangelwa ukufikelela kwindawo yememori esele ikhululiwe (ukusetyenziswa-emva kokukhululeka), kunye nokuvumela inkqubo engafanelekanga ukuba ibhale ngaphezulu kweendawo ezingafanelekanga zememori ye-kernel. Njengomsebenzi wokuthintela ubuthathaka, kuyacetyiswa ukuba ukhuphe imodyuli ye-cryptodev ngomyalelo we "kldunload cryptodev" ukuba ilayishiwe (i-cryptdev ayilayishwanga ngokungagqibekanga). Imodyuli ye-cryptodev ibonelela ngezicelo zesithuba somsebenzisi kunye nokufikelela kwi-/dev/crypto interface ukufikelela kwi-hardware-accelerated cryptographic operations (/dev/crypto ayisetyenziswa kwi-AES-NI kunye ne-OpenSSL).
- - umngcipheko wesibini kwi-cryptodev, evumela umsebenzisi ongekho semthethweni ukuba aqalise ukuphahlazeka kwe-kernel ngokuthumela isicelo sokwenza umsebenzi we-cryptographic nge-MAC engalunganga. Ingxaki ibangelwa kukunqongophala kokujonga ubungakanani beqhosha le-MAC xa unikezela isithinteli ukusigcina (isikhuseli senziwe ngokusekwe kwidatha yobungakanani obunikezelwe ngumsebenzisi, ngaphandle kokujonga ubungakanani benene).
- - ubuthathaka ekuphunyezweni kwe-SCTP (iProtocol yoLawulo lokuThunyelwa koMsinga) obangelwa kukuqinisekiswa okungachanekanga kwesitshixo ekwabelwana ngaso esisetyenziswe sisandiso se-SCTP-AUTH ukuqinisekisa ukulandelelana kwe-SCTP. Isicelo sendawo sinokuhlaziya isitshixo nge-Socket API ngelixa ngaxeshanye kuphelisa uxhulumaniso lwe-SCTP, oluya kukhokelela ekufikeleleni kwindawo yememori esele ikhululiwe (ukusetyenziswa-emva kwe-free).
umthombo: opennet.ru