🥇I-WireGuard "izoza" ku-Linux kernel - ngani?

Ekupheleni kukaJulayi, abathuthukisi bomhubhe we-WireGuard VPN bahlongoza isethi yesichibi, okuzokwenza isoftware yabo ye-VPN ibe yingxenye ye-Linux kernel. Kodwa-ke, usuku oluqondile lokuqaliswa "kombono" alukaziwa. Ngezansi kokusika sizokhuluma ngaleli thuluzi ngokuningiliziwe.

/isithombe Tambako The Jaguar CC

Kafushane mayelana nephrojekthi

I-WireGuard iwumhubhe we-VPN wesizukulwane esilandelayo owakhiwe ngu-Jason A. Donenfeld, oyi-CEO ye-Edge Security. Iphrojekthi yathuthukiswa njenge yenziwe lula kanye nenye indlela esheshayo ye-OpenVPN ne-IPsec. Inguqulo yokuqala yomkhiqizo iqukethe imigqa yekhodi eyinkulungwane ezi-4 kuphela. Uma kuqhathaniswa, i-OpenVPN inemigqa engaba yizinkulungwane eziyi-120, kanye ne-IPSec - 420 ayizinkulungwane.

Ngu ngokusho abathuthukisi, i-WireGuard kulula ukuyilungisa futhi ukuphepha kwephrothokholi kufinyelelwa ngokusebenzisa i-cryptographic algorithms efakazelwe. Lapho ushintsha inethiwekhi: I-Wi-Fi, i-LTE noma i-Ethernet idinga ukuphinda ixhumeke kuseva ye-VPN njalo. Amaseva e-WireGuard awakunqamuli ukuxhumeka, ngisho noma umsebenzisi ethole ikheli elisha le-IP.

Ngaphandle kweqiniso lokuthi i-WireGuard ekuqaleni yayiklanyelwe i-Linux kernel, abathuthukisi unakekelwe futhi mayelana nenguqulo ephathekayo yethuluzi lamadivayisi we-Android. Uhlelo lokusebenza alukakakhiwa ngokugcwele, kodwa ungaluzama manje. Ukuze lokhu udinga abe omunye wabahloli.

Ngokuvamile, i-WireGuard idume kakhulu futhi ike yaba khona kwenziwe abahlinzeki abambalwa be-VPN, njenge-Mullvad ne-AzireVPN. Ishicilelwe ku-inthanethi inani elikhulu le- iziqondiso zokusetha lesi sinqumo. Ngokwesibonelo, kukhona abaqondisi, adalwe abasebenzisi, futhi kukhona imihlahlandlela, elungiselelwe ababhali balo msebenzi.

Imininingwane yobuchwepheshe

В imibhalo esemthethweni (ikhasi 18) kuyaphawulwa ukuthi ukuphuma kwe-WireGuard kuphakeme ngokuphindwe kane kune-OpenVPN: 1011 Mbit/s kuqhathaniswa no-258 Mbit/s, ngokulandelanayo. I-WireGuard futhi ingaphambi kwesixazululo esijwayelekile se-Linux IPsec - ino-881 Mbit/s. Iphinde iyidlule kalula ekusetheni.

Ngemuva kokuthi izikhiye zishintshiwe (uxhumano lwe-VPN luqaliswe kakhulu njenge-SSH) futhi uxhumano luyasungulwa, i-WireGuard iphatha yonke eminye imisebenzi ngokwayo: asikho isidingo sokukhathazeka mayelana nomzila, ukulawula isimo, njll. Imizamo eyengeziwe yokumisa izoba kuphela. kuyadingeka uma ufuna ukusebenzisa ukubethela kwe-symmetric.

/isithombe Anders Hojbjerg CC

Ukuze ufake, uzodinga ukusatshalaliswa nge-Linux kernel endala kuno-4.1. Ingatholakala kumakhosombe wokusatshalaliswa kweLinux okukhulu.

$ sudo add-apt-repository ppa:hda-me/wireguard
$ sudo apt update
$ sudo apt install wireguard-dkms wireguard-tools

Njengabahleli be-xakep.ru inothi, ukuzihlanganisa kusuka emibhalweni yomthombo nakho kulula. Kwanele ukuvula isikhombimsebenzisi futhi ukhiqize okhiye basesidlangalaleni nabayimfihlo:

$ sudo ip link add dev wg0 type wireguard
$ wg genkey | tee privatekey | wg pubkey > publickey

I-WireGuard ayisebenzisi interface yokusebenza nomhlinzeki we-crypto I-CryptoAPI. Esikhundleni salokho, kusetshenziswa i-stream cipher I-ChaCha20, i-cryptographic ifaka lokulingisa I-Poly1305 nemisebenzi ye-cryptographic hash yokuphathelene.

Ukhiye oyimfihlo ukhiqizwa kusetshenziswa Iphrothokholi ye-Diffie-Hellman ngokusekelwe ku-elliptic curve I-Curve25519. Lapho i-hashing, basebenzisa imisebenzi ye-hash I-BLAKE2 и SiphHash. Ngenxa yefomethi yesitembu sesikhathi I-TAI64N umthetho olandelwayo ulahla amaphakethe anenani lesitembu sesikhathi esincane, ngalokho ukuvimbela i-DoS- и dlala kabusha ukuhlasela.

Kulokhu, i-WireGuard isebenzisa umsebenzi we-ioctl ukulawula i-I/O (eyake yasetshenziswa ngaphambilini isixhumanisi), okwenza ikhodi ihlanzeke futhi ibe lula. Ungaqinisekisa lokhu ngokubheka ikhodi yokumisa.

Izinhlelo zonjiniyela

Okwamanje, i-WireGuard iyimojula ye-kernel engaphandle kwesihlahla. Kodwa umbhali wephrojekthi nguJason Donenfeld kusho, ukuthi isikhathi sesifikile sokuqalisa ngokugcwele ku-Linux kernel. Ngoba ilula futhi ithembekile kunezinye izixazululo. Jason kulokhu isekela ngisho noLinus Torvalds ngokwakhe wabiza ikhodi ye-WireGuard ngokuthi “umsebenzi wobuciko.”

Kepha akekho okhuluma ngezinsuku eziqondile zokwethulwa kwe-WireGuard ku-kernel. KANYE neze lokhu kuzokwenzeka ngokukhishwa kwe-August Linux kernel 4.18. Nokho, kungenzeka ukuthi lokhu kuzokwenzeka esikhathini esizayo esiseduze: kunguqulo 4.19 noma 5.0.

Lapho i-WireGuard yengezwa ku-kernel, onjiniyela funa qedela uhlelo lokusebenza lwamadivayisi we-Android bese uqala ukubhala uhlelo lokusebenza lwe-iOS. Kukhona nezinhlelo zokuqedela ukuqaliswa ku-Go and Rust futhi kuhanjiswe ku-macOS, Windows kanye ne-BSD. Kuhlelelwe futhi ukusebenzisa i-WireGuard ukuze uthole "izinhlelo zangaphandle" ezengeziwe: I-DPDK, FPGA, kanye nezinye izinto eziningi ezithakazelisayo. Zonke zibaliwe ku uhlu lokuzokwenziwa ababhali bephrojekthi.

PS Ezinye izindatshana ezimbalwa ezivela kubhulogi yethu yebhizinisi:

Ubuchwepheshe bamafu emkhakheni wezezimali: ulwazi lwezinkampani zaseRussia

Ihlola isistimu yediski emafini

Yini efihliwe ngemuva kwegama elithi vCloud Director - ukubukeka kwangaphakathi

Isiqondiso esiyinhloko somsebenzi wethu ukuhlinzekwa kwezinsizakalo zamafu:

I-WireGuard "izoza" ku-Linux kernel - ngani?

Kafushane mayelana nephrojekthi

Imininingwane yobuchwepheshe

Izinhlelo zonjiniyela

Engeza amazwana Отменить ответ