Ukukhishwa kwe-FreeBSD 13.2 ngokusekelwa kwe-Netlink kanye WireGuard

Ngemuva kwezinyanga eziyi-11 zokuthuthuka, iFreeBSD 13.2 isikhishwe. Izithombe zokufakwa zenzelwe i-amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64, kanye ne-riscv64 architectures. Ukwengeza, ukwakhiwa kulungiselelwe izinhlelo ze-virtualization (QCOW2, VHD, VMDK, eluhlaza) kanye ne-Amazon EC2, i-Google Compute Engine kanye nezindawo zamafu ze-Vagrant.

Izinguquko ezibalulekile:

• Isebenzise ikhono lokudala izifinyezo zezinhlelo zefayela le-UFS ne-FFS ngokungena ngemvume okunikwe amandla (izibuyekezo ezithambile). Kungezwe futhi usekelo lokulondoloza ukulahlwa ngemuva (usebenzisa ukulahla ngefulege elithi "-L") ngokuqukethwe kwezinhlelo zefayela le-UFS elinyusiwe elinombhalo onikwe amandla. Ezicini ezingatholakali uma usebenzisa ijenali, kunokuhlolwa kobuqotho kwangemuva kusetshenziswa insiza ye-fsck.
• Ukwakheka okuyinhloko kufaka phakathi umshayeli we-wg, osebenza ezingeni le-kernel futhi usebenzise isikhombimsebenzisi senethiwekhi se i-VPN WireGuardUkuze kusetshenziswe ama-algorithms e-cryptographic adingekayo omshayeli, i-FreeBSD kernel crypto subsystem API yandiswa nge-wrapper evumela ukusetshenziswa kwama-algorithms angasekelwa kusuka kulabhulali ye-libsodium nge-API ejwayelekile ye-crypto. Ngesikhathi sokuthuthukiswa, kwenziwa nokwenza ngcono ukuze kulinganiswe ngokulinganayo ukwabiwa kwemisebenzi yokubethela kanye nokususa ukubethela kuma-cores e-CPU, kunciphisa izindleko zokucubungula amaphakethe. WireGuard.

  Umzamo wokugcina wokuvula WireGuard Umzamo wokuhlanganisa i-FreeBSD wenziwa ngo-2020, kodwa waphela ngempikiswano, ikhodi eseyengeziwe kakade isusiwe ngenxa yekhwalithi engeyinhle, ukuphathwa kabi kwe-buffer, ukusetshenziswa kwezingcezu esikhundleni sokuhlola, ukusetshenziswa kwephrothokholi okungaphelele, kanye nokwephulwa kwe-GPL. Ukuqaliswa okusha, okulungiselelwe ngokubambisana amaqembu okuthuthukisa i-FreeBSD ayinhloko kanye WireGuard equkethe uJason A. Donenfeld, umbhali we-VPN WireGuard, noJohn H. Baldwin, unjiniyela odumile we-FreeBSD. Ngaphambi kokuba ikhodi entsha yamukelwe, kwenziwa ukubuyekezwa okugcwele kwezinguquko ngokusekelwa yi-FreeBSD Foundation.
• Ukusekelwa kwephrothokholi yokuxhumana ye-Netlink (RFC 3549) esetshenziswa ku Linux ukuhlela ukusebenzisana phakathi kwezinqubo ze-kernel kanye nesikhala somsebenzisi. Le phrojekthi inqunyelwe ekusekeleni umndeni wemisebenzi we-NETLINK_ROUTE wokuphatha isimo sesistimu encane yenethiwekhi ku-kernel, okuvumela ukusetshenziswa ku-FreeBSD. Linux-uhlelo lokusebenza lwe-ip oluvela kuphakheji ye-iproute2 lokuphatha izixhumi zenethiwekhi, ukufakwa Amakheli e-IP, izilungiselelo zokuqondisa, kanye nokuphathwa kwezinto ze-nextforp ezigcina idatha yesimo esetshenziselwa ukudlulisa iphakethe endaweni oyifunayo.
• Konke okusebenzisekayo kwesistimu yesisekelo kuzingxenyekazi ze-64-bit kune-Address Space Layout Randomization (ASLR) enikwe amandla ngokuzenzakalela. Ukuze ukhethe ukukhubaza i-ASLR, ungasebenzisa imiyalo ethi "proccontrol -ma aslr -s disable" noma "elfctl -e +noaslr".
• I-ipfw isebenzisa amathebula e-Radix ukuze ubheke amakheli e-MAC, okukuvumela ukuthi udale amatafula anamakheli e-MAC futhi uwasebenzise ukuze uhlunge ithrafikhi. Isibonelo: ithebula le-ipfw 1 dala uhlobo lwe-mac ipfw ithebula 1 engeza 11:22:33:44:55:66/48 ipfw engeza i-skipto tablearg src-mac 'ithebula(1)' ipfw engeza phika i-src-mac 'ithebula(1, 100 )' ipfw add deny lookup dst-mac 1
• Kwengezwe futhi kuyatholakala ukuthi kulayishwe nge-loader.conf amamojula e-dpdk_lpm4 kanye ne-dpdk_lpm6 kernel ngokusetshenziswa kwe-DIR-24-8 yokusesha umzila we-algorithm ye-IPv4/IPv6, ekuvumela ukuthi uthuthukise imisebenzi yomzila yabasingathi abanamatafula amakhulu kakhulu omzila (izivivinyo khombisa ukukhuphuka kwesivinini ngo-25%). Ukusetshenziswa komzila okuvamile kungasetshenziswa ukulungisa amamojula (inketho ye-FIB_ALGO yengeziwe).
• Ukuqaliswa kwesistimu yefayela le-ZFS kubuyekeziwe ukuze kukhishwe i-OpenZFS 2.1.9. Iskripthi sokuqalisa se-zfkeys sinikeza ukulayishwa okuzenzakalelayo kokhiye abagcinwe ohlelweni lwefayela le-ZFS. Kwengezwe iskripthi esisha se-RC zpoolreguid ukuze kwabelwe i-GUID ku-zpools eyodwa noma ngaphezulu (iwusizo ezindaweni zokwenza idatha ebonakalayo, isibonelo).
• I-hypervisor ye-Bhyve kanye nosekelo lwemojuli ye-vmm enamathisela ama-CPU abonakalayo angaphezu kuka-15 kusistimu yesivakashi (elungiswa nge-sysctl hw.vmm.maxcpu). Isisetshenziswa se-bhyve sisebenzisa ukulingisa idivayisi ye-virtio-input, ongashintsha ngayo imicimbi yekhibhodi negundane kusistimu yesivakashi.
• I-KTLS, ukuqaliswa kwephrothokholi ye-TLS esebenza ezingeni le-FreeBSD kernel, yengeze usekelo lokusheshisa ihadiwe ye-TLS 1.3 ngokukhipha eminye imisebenzi ehlobene nokucubungula amaphakethe angenayo abethelwe emahlombe ekhadi lenethiwekhi. Ngaphambilini, lesi sici besitholakala ku-TLS 1.1 ne-TLS 1.2.
• Kuskripthi sokuqala se-growfs, lapho kunwetshwa i-FS yempande, kuyaqinisekiswa ukuthi ukwahlukanisa okushintshiwe kuyengezwa uma ukuhlukaniswa okunjalo bekungekho ekuqaleni (ngokwesibonelo, kuyasiza lapho ufaka isithombe sesistimu esenziwe ngomumo ekhadini le-SD). Inketho entsha, i-growfs_swap_size, yengezwe ku-rc.conf ukuze ulawule usayizi wokushintsha.
• Iskripthi sokuqalisa esisingethe siqinisekisa ukuthi i-UUID engahleliwe iyakhiqizwa uma kwenzeka ifayela /etc/hostid lingekho futhi i-UUID ayikwazi ukutholwa ku-hardware. Okunye okungeziwe yifayela /etc/machine-id elinomfanekiso ohlangene we-id yomphathi (akukho odwi).
• Okuguquguqukayo okuyi-defaultrouter_fibN kanye ne-ipv6_defaultrouter_fibN kwengezwe ku-rc.conf, ongangeza ngayo imizila ezenzakalelayo kumathebula e-FIB ngaphandle kwaleli eliyinhloko.
• Usekelo lwe-SHA-512/224 hashes lwengeziwe kulabhulali ye-libmd.
• Umtapo wolwazi we-pthread usebenzisa ukusekelwa kwencazelo yemisebenzi esetshenziswa ku Linux.
• Ukusekelwa kwezingcingo zesistimu yokubhala ikhodi kungeziwe ku-kdump. Linux. Usekelo lwezingcingo zesistimu yokulandelela ngesitayela se-kdump kanye ne-sysdecode lungeziwe. Linux.
• I-killall utility manje inamandla okuthumela isignali ezinqubweni eziboshelwe endaweni ethile (isibonelo, "killall -t pts/1").
• Kwengezwe insiza ye-nproc ukuze kuboniswe inombolo yamayunithi wokubala atholakalayo kunqubo yamanje.
• Usekelo lwamapharamitha e-ACS (Access Control Services) lwengezwe kunsiza ye-pciconf.
• Ukulungiselelwa kwe-SPLIT_KERNEL_DEBUG kwengezwe ku-kernel, okuvumela ukulondoloza ulwazi lokususa iphutha lwe-kernel kanye namamojula we-kernel kumafayela ahlukene.
• I-linux ABI isicishe iphelele ngokusekelwa kwendlela ye-vDSO (virtual dynamic shared shared), ehlinzeka ngesethi elinganiselwe yamakholi wesistimu atholakala endaweni yomsebenzisi ngaphandle kokushintsha umongo. I-linux ABI kuzinhlelo ze-ARM64 ilethwe ekulinganeni nokuqaliswa kokwakhiwa kwe-AMD64.
• Ukusekelwa kwehadiwe okuthuthukisiwe. Kwengezwe ukwesekwa kokuqapha ukusebenza (hwpmc) kwama-CPU e-Intel Alder Lake. Kubuyekezwe umshayeli we-iwlwifi wamakhadi angenantambo e-Intel ngokusekelwa kwama-chip amasha kanye nezinga le-802.11ac. Kwengezwe umshayeli we-rtw88 wamakhadi angenantambo e-Realtek ane-interface ye-PCI. Kwandiswe ungqimba lwe-linuxkpi ukuze lusetshenziswe nabashayeli be-FreeBSD. Linux.
• Umtapo wezincwadi we-OpenSSL ubuyekezwe waba yinguqulo engu-1.1.1t, i-LLVM/Сlang ibuyekezelwe enguqulweni engu-14.0.5, futhi iseva ye-SSH neklayenti ibuyekezelwe ku-OpenSSH 9.2p1 (inguqulo yangaphambilini yasebenzisa i-OpenSSH 8.8p1). Okunye okubuyekeziwe yi-bc 6.2.4, expat 2.5.0, ifayela 5.43, ngaphansi kuka-608, libarchive 3.6.2, sendmail 8.17.1, sqlite 3.40.1, unbound 1.17.1, zlib 1.2.13.

Ukwengeza, ihoxisiwe futhi yasuswa kusukela egatsheni le-FreeBSD 14.0 lamaphasiwedi esikhathi esisodwa we-OPIE, abashayeli be-ce ne-cp, abashayeli bamakhadi e-ISA, izinsiza ze-mergemaster kanye ne-minigzip, izingxenye ze-ATM ku-netgraph (NgATM), inqubo yangemuva ye-telnetd, kanye ne-VINUM. ikilasi ku-geom.

Source: opennet.ru