Ku-FreeBSD ubungozi obuhlanu, okuhlanganisa izinkinga ezingase ziholele ekubhalweni phezu kwedatha yezinga le-kernel lapho kuthunyelwa amaphakethe enethiwekhi athile noma ukuvumela umsebenzisi wasendaweni ukuthi andise amalungelo akhe. Ubungozi bulungiswe kuzibuyekezo 12.1-RELEASE-p5 kanye ne-11.3-RELEASE-p9.
Ubungozi obuyingozi kakhulu () kubangelwa ukuntuleka kokuhlola usayizi wephakethe ofanele kulabhulali ye-libalias lapho kudluliswa izihloko eziqondene nephrothokholi. Umtapo wezincwadi we-libalias usetshenziswa kusihlungi sephakethe le-ipfw ukuze kuhunyushwe ikheli futhi uhlanganisa imisebenzi evamile yokushintsha amakheli kumaphakethe we-IP kanye nezivumelwano zokudlulisa. Ukuba sengozini kuvumela, ngokuthumela iphakethe lenethiwekhi eliklanywe ngokukhethekile, ukufunda noma ukubhala idatha endaweni yenkumbulo ye-kernel (uma usebenzisa ukuqaliswa kwe-NAT ku-kernel) noma inqubo.
natd (uma usebenzisa isikhala somsebenzisi ukuqaliswa kwe-NAT). Inkinga ayithinti ukulungiselelwa kwe-NAT okwakhiwe kusetshenziswa izihlungi zephakethe le-pf ne-ipf, noma ukulungiselelwa kwe-ipfw okungasebenzisi i-NAT.
Okunye ubungozi:
- - okunye ubungozi obusebenzisekayo ukude ku-libalias obuhlobene nokubalwa okungalungile kobude bephakethe kusibambi se-FTP. Inkinga ikhawulelwe ekuvuzeni okuqukethwe kwamabhayithi ambalwa edatha kusuka endaweni yenkumbulo ye-kernel noma inqubo ye-natd.
- - ukuba sengozini kumojula ye-cryptodev okubangelwa ukufinyelela endaweni yenkumbulo evele ikhululiwe (ukusetshenziswa ngemva kwamahhala), kanye nokuvumela inqubo engalungile ukuthi ibhale phezu kwezindawo ezingahleliwe zememori ye-kernel. Njengendlela yokusebenza yokuvimbela ubungozi, kunconywa ukuthi ukhiphe imojuli ye-cryptodev ngomyalo we-"kldunload cryptodev" uma ilayishiwe (i-cryptdev ayilayishwa ngokuzenzakalelayo). Imojula ye-cryptodev inikeza izinhlelo zokusebenza zesikhala somsebenzisi ngokufinyelela ku-interface /dev/crypto ukuze zifinyelele ukusebenza kwe-cryptographic okusheshiswe ngehadiwe (/dev/crypto ayisetshenziswa ku-AES-NI naku-OpenSSL).
- - ubungozi besibili ku-cryptodev, okuvumela umsebenzisi ongenalungelo ukuthi aqalise ukuphahlazeka kwe-kernel ngokuthumela isicelo sokwenza umsebenzi we-cryptographic nge-MAC engalungile. Inkinga ibangelwa ukushoda kokuhlola usayizi wokhiye we-MAC lapho kwabiwa isigcinalwazi ukuze siwugcine (isigcinalwazi sidalwe ngokusekelwe kudatha kasayizi onikezwe umsebenzisi, ngaphandle kokuhlola usayizi wangempela).
- - ukuba sengozini ekusetshenzisweni kwephrothokholi ye-SCTP (Stream Control Transmission Protocol) okubangelwa ukuqinisekiswa okungalungile kokhiye owabiwe osetshenziswa isandiso se-SCTP-AUTH ukuze kuqinisekiswe ukulandelana kwe-SCTP. Uhlelo lokusebenza lwasendaweni lungabuyekeza ukhiye nge-Socket API ngenkathi ngesikhathi esifanayo lunqamula uxhumano lwe-SCTP, okuzoholela ekufinyeleleni endaweni yememori esivele ikhululiwe (ukusebenzisa ngemva kokukhululwa).
Source: opennet.ru