I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > I-FreeBSD 13.2 ikhishwa ngokusekelwa kwe-Netlink ne-WireGuard

I-FreeBSD 13.2 ikhishwa ngokusekelwa kwe-Netlink ne-WireGuard

Ngemuva kwezinyanga eziyi-11 zokuthuthuka, iFreeBSD 13.2 isikhishwe. Izithombe zokufakwa zenzelwe i-amd64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv6, armv7, aarch64, kanye ne-riscv64 architectures. Ukwengeza, ukwakhiwa kulungiselelwe izinhlelo ze-virtualization (QCOW2, VHD, VMDK, eluhlaza) kanye ne-Amazon EC2, i-Google Compute Engine kanye nezindawo zamafu ze-Vagrant.

Izinguquko ezibalulekile:

  • Isebenzise ikhono lokudala izifinyezo zezinhlelo zefayela le-UFS ne-FFS ngokungena ngemvume okunikwe amandla (izibuyekezo ezithambile). Kungezwe futhi usekelo lokulondoloza ukulahlwa ngemuva (usebenzisa ukulahla ngefulege elithi "-L") ngokuqukethwe kwezinhlelo zefayela le-UFS elinyusiwe elinombhalo onikwe amandla. Ezicini ezingatholakali uma usebenzisa ijenali, kunokuhlolwa kobuqotho kwangemuva kusetshenziswa insiza ye-fsck.
  • Umshayeli we-wg osebenza ezingeni le-kernel ngokusetshenziswa kwe-interface yenethiwekhi ye-VPN WireGuard yamukelwe njengengxenye eyinhloko. Ukuze usebenzise ama-algorithms e-cryptographic adingwa umshayeli, i-FreeBSD kernel crypto subsystem API yanwetshwa, lapho kwanezelwa khona ukubopha okuvumela ukusebenzisa ama-algorithms avela kumtapo wezincwadi we-libsodium angasekelwe ku-FreeBSD nge-crypto API ejwayelekile. Phakathi nenqubo yokuthuthukiswa, ukulungiselelwa kwenziwe futhi ukuze kulinganiswe ngokulinganayo isabelo sokubethela kanye nemisebenzi yokususa ukubethela kuma-CPU cores, okunciphise ingaphezulu lokucubungula amaphakethe e-WireGuard.

    Umzamo wokugcina wokufaka i-WireGuard ku-FreeBSD wenziwe ngo-2020, kodwa waphetha ngehlazo, ngenxa yalokho ikhodi evele ingeziwe yasuswa ngenxa yekhwalithi ephansi, ukuphathwa kwebuffer ngokunganaki, ukusetshenziswa kwama-stubs esikhundleni sokuhlola, ukuqaliswa okungaphelele kwephrothokholi. kanye nokwephulwa kwelayisensi ye-GPL. Ukuqaliswa okusha okulungiselelwe ngokuhlanganyela yiqembu eliyinhloko le-FreeBSD kanye ne-WireGuard ngokufaka okuvela ku-Jason A. Donenfeld, umbhali we-VPN WireGuard, no-John H. Baldwin, unjiniyela we-FreeBSD odumile. Ukubuyekezwa okugcwele kwezinguquko kwenziwe ngosekelo lwe-FreeBSD Foundation ngaphambi kokuthi ikhodi entsha yamukelwe.

  • Ukwesekwa okusetshenzisiwe kwe-Netlink communication protocol (RFC 3549), esetshenziswa ku-Linux ukuhlela ukusebenzisana phakathi kwe-kernel nezinqubo endaweni yomsebenzisi. Le phrojekthi ikhawulelwe ekusekeleni umndeni we-NETLINK_ROUTE wemisebenzi yokuphatha isimo sesistimu engaphansi yenethiwekhi ku-kernel, evumela i-FreeBSD ukuthi isebenzise insiza ye-ip Linux kusukela kuphakheji ye-iproute2 ukuze iphathe ukuxhumana kwenethiwekhi, ukusetha amakheli e-IP, ukulungisa umzila, nokukhohlisa. izinto ze-nexhop ezigcina idatha yesimo esetshenziselwa ukudlulisela iphakethe endaweni oyifunayo.
  • Konke okusebenzisekayo kwesistimu yesisekelo kuzingxenyekazi ze-64-bit kune-Address Space Layout Randomization (ASLR) enikwe amandla ngokuzenzakalela. Ukuze ukhethe ukukhubaza i-ASLR, ungasebenzisa imiyalo ethi "proccontrol -ma aslr -s disable" noma "elfctl -e +noaslr".
  • I-ipfw isebenzisa amathebula e-Radix ukuze ubheke amakheli e-MAC, okukuvumela ukuthi udale amatafula anamakheli e-MAC futhi uwasebenzise ukuze uhlunge ithrafikhi. Isibonelo: ithebula le-ipfw 1 dala uhlobo lwe-mac ipfw ithebula 1 engeza 11:22:33:44:55:66/48 ipfw engeza i-skipto tablearg src-mac 'ithebula(1)' ipfw engeza phika i-src-mac 'ithebula(1, 100 )' ipfw add deny lookup dst-mac 1
  • Kwengezwe futhi kuyatholakala ukuthi kulayishwe nge-loader.conf amamojula e-dpdk_lpm4 kanye ne-dpdk_lpm6 kernel ngokusetshenziswa kwe-DIR-24-8 yokusesha umzila we-algorithm ye-IPv4/IPv6, ekuvumela ukuthi uthuthukise imisebenzi yomzila yabasingathi abanamatafula amakhulu kakhulu omzila (izivivinyo khombisa ukukhuphuka kwesivinini ngo-25%). Ukusetshenziswa komzila okuvamile kungasetshenziswa ukulungisa amamojula (inketho ye-FIB_ALGO yengeziwe).
  • Ukuqaliswa kwesistimu yefayela le-ZFS kubuyekeziwe ukuze kukhishwe i-OpenZFS 2.1.9. Iskripthi sokuqalisa se-zfkeys sinikeza ukulayishwa okuzenzakalelayo kokhiye abagcinwe ohlelweni lwefayela le-ZFS. Kwengezwe iskripthi esisha se-RC zpoolreguid ukuze kwabelwe i-GUID ku-zpools eyodwa noma ngaphezulu (iwusizo ezindaweni zokwenza idatha ebonakalayo, isibonelo).
  • I-hypervisor ye-Bhyve kanye nosekelo lwemojuli ye-vmm enamathisela ama-CPU abonakalayo angaphezu kuka-15 kusistimu yesivakashi (elungiswa nge-sysctl hw.vmm.maxcpu). Isisetshenziswa se-bhyve sisebenzisa ukulingisa idivayisi ye-virtio-input, ongashintsha ngayo imicimbi yekhibhodi negundane kusistimu yesivakashi.
  • I-KTLS, ukuqaliswa kwephrothokholi ye-TLS esebenza ezingeni le-FreeBSD kernel, yengeze usekelo lokusheshisa ihadiwe ye-TLS 1.3 ngokukhipha eminye imisebenzi ehlobene nokucubungula amaphakethe angenayo abethelwe emahlombe ekhadi lenethiwekhi. Ngaphambilini, lesi sici besitholakala ku-TLS 1.1 ne-TLS 1.2.
  • Kuskripthi sokuqala se-growfs, lapho kunwetshwa i-FS yempande, kuyaqinisekiswa ukuthi ukwahlukanisa okushintshiwe kuyengezwa uma ukuhlukaniswa okunjalo bekungekho ekuqaleni (ngokwesibonelo, kuyasiza lapho ufaka isithombe sesistimu esenziwe ngomumo ekhadini le-SD). Inketho entsha, i-growfs_swap_size, yengezwe ku-rc.conf ukuze ulawule usayizi wokushintsha.
  • Iskripthi sokuqalisa esisingethe siqinisekisa ukuthi i-UUID engahleliwe iyakhiqizwa uma kwenzeka ifayela /etc/hostid lingekho futhi i-UUID ayikwazi ukutholwa ku-hardware. Okunye okungeziwe yifayela /etc/machine-id elinomfanekiso ohlangene we-id yomphathi (akukho odwi).
  • Okuguquguqukayo okuyi-defaultrouter_fibN kanye ne-ipv6_defaultrouter_fibN kwengezwe ku-rc.conf, ongangeza ngayo imizila ezenzakalelayo kumathebula e-FIB ngaphandle kwaleli eliyinhloko.
  • Usekelo lwe-SHA-512/224 hashes lwengeziwe kulabhulali ye-libmd.
  • Umtapo wezincwadi we-pthread usebenzisa ukusekela kwe-semantics yemisebenzi esetshenziswa ku-Linux.
  • Usekelo lokuqopha amakholi esistimu ye-Linux lwengezwe ku-kdump. Usekelo lokulandelela i-syscall yesitayela se-Linux lwengezwe ku-kdump naku-sysdecode.
  • I-killall utility manje inamandla okuthumela isignali ezinqubweni eziboshelwe endaweni ethile (isibonelo, "killall -t pts/1").
  • Kwengezwe insiza ye-nproc ukuze kuboniswe inombolo yamayunithi wokubala atholakalayo kunqubo yamanje.
  • Usekelo lwamapharamitha e-ACS (Access Control Services) lwengezwe kunsiza ye-pciconf.
  • Ukulungiselelwa kwe-SPLIT_KERNEL_DEBUG kwengezwe ku-kernel, okuvumela ukulondoloza ulwazi lokususa iphutha lwe-kernel kanye namamojula we-kernel kumafayela ahlukene.
  • I-linux ABI isicishe iphelele ngokusekelwa kwendlela ye-vDSO (virtual dynamic shared shared), ehlinzeka ngesethi elinganiselwe yamakholi wesistimu atholakala endaweni yomsebenzisi ngaphandle kokushintsha umongo. I-linux ABI kuzinhlelo ze-ARM64 ilethwe ekulinganeni nokuqaliswa kokwakhiwa kwe-AMD64.
  • Ukusekelwa kwehadiwe okuthuthukisiwe. Ukwengezwa kokusebenza kokuqapha (hwpmc) kwama-Intel Alder Lake CPUs. Umshayeli we-iwlwifi obuyekeziwe wamakhadi angenantambo e-Intel asekelwa ama-chips amasha nezinga elingu-802.11ac. Kwengezwe umshayeli we-rtw88 wamakhadi angenantambo e-Realtek PCI. Kunwetshwe isendlalelo se-linuxkpi ukuze sisetshenziswe namashayeli e-FreeBSD Linux.
  • Umtapo wezincwadi we-OpenSSL ubuyekezwe waba yinguqulo engu-1.1.1t, i-LLVM/Π‘lang ibuyekezelwe enguqulweni engu-14.0.5, futhi iseva ye-SSH neklayenti ibuyekezelwe ku-OpenSSH 9.2p1 (inguqulo yangaphambilini yasebenzisa i-OpenSSH 8.8p1). Okunye okubuyekeziwe yi-bc 6.2.4, expat 2.5.0, ifayela 5.43, ngaphansi kuka-608, libarchive 3.6.2, sendmail 8.17.1, sqlite 3.40.1, unbound 1.17.1, zlib 1.2.13.

Ukwengeza, ihoxisiwe futhi yasuswa kusukela egatsheni le-FreeBSD 14.0 lamaphasiwedi esikhathi esisodwa we-OPIE, abashayeli be-ce ne-cp, abashayeli bamakhadi e-ISA, izinsiza ze-mergemaster kanye ne-minigzip, izingxenye ze-ATM ku-netgraph (NgATM), inqubo yangemuva ye-telnetd, kanye ne-VINUM. ikilasi ku-geom.

Source: opennet.ru

Engeza amazwana