Ngenyanga edlule, sikhulume lapha kubhulogi ngezindaba azikhiphile UDavid S. Miller, obhekele isistimu yenethiwekhi yeLinux, engithatha kuyo nezimagqabhagqabha nge ukuqaliswa kwesixhumi esibonakalayo se-VPN sephrojekthi ye-WireGuard egatsheni elilandelayo.
Ngayo ILinus Torvalds yathatha indawo yokugcina izinto, eyakha igatsha lesikhathi esizayo le-Linux 5.6 kernel nangemva kwezinguquko ezithile ngabo-1am CET ngoLwesithathu, abakwaTorvalds badonse izibuyekezo zokuxhumana ezivela endaweni kaDavid Millers, ne-WireGuard phezulu ohlwini.
Ngayo i-Linux kernel 5.6 ilindelekile ngasekupheleni kuka-Mashi noma ekuqaleni kuka-Ephreli ekugcineni izosekela ubuchwepheshe bemigudu ye-WireGuard VPN, kanye nokwesekwa kokuqala kwesandiso se-MPTCP (MultiPath TCP).
Ngaphambilini, ama-cryptographic primitives ayedingeka ukuthi i-WireGuard isebenze ayethunyelwa kusuka kumtapo wezincwadi we-Zinc kuya ku-Crypto API ejwayelekile futhi afakwa ku-kernel 5.5.
IKernel I-Linux mhlawumbe ngabe ihlinzekele u-Wireguard ukwesekwa isikhathi eside, ukube akubanga khona mpikiswano ngesisekelo sokubethela esenzelwe ngqo ubuchwepheshe be-VPN. Kuthathe cishe unyaka nohhafu ukuxazulula lokhu kungahambisani.
Le nqubo yathathwa ngokuthi ithimba le-WireGuard lizolusukumela lolu daba, selokhu ngemuva kwezingxoxo engqungqutheleni yeKernel Recipes, lapho abadali be-WireGuard ngoSepthemba bathatha isinqumo sokuyekethisa ukushintsha amabala abo ukusebenzisa i-API eyinhloko ye-Crypto, lapho onjiniyela be-WireGuard banezikhalazo maqondana nokusebenza nokuphepha okujwayelekile.
Kwanqunywa ukuthi i-API izoqhubeka nokuthuthuka, kepha njengephrojekthi ehlukile. Kamuva ngoNovemba, abathuthukisi be-kernel bazibophezela futhi bavumile ukudlulisela enye yekhodi ku-kernel enkulu. Eqinisweni, ezinye izinto zizodluliselwa ku-kernel, kepha hhayi njenge-API ehlukile, kepha njengengxenye yohlelo olungaphansi lwe-Crypto API.
U-Wireguard uthembisa ukusungulwa kokuxhumeka okusheshayo, ukusebenza okuhle, kanye nokuphathwa okuqinile, okusheshayo nokusobala kokukhipha izisu. Ngaphezu kwalokho, ubuchwepheshe bulula kakhulu ukumiswa kunamanye ubuchwepheshe be-VPN futhi busebenzisa ukuphepha ekumelaneni ne-evesdropping ngezindlela zokubethela zakamuva.
Kuwebhusayithi yabo, ithimba le-WireGuard lichaza ukuthi yini ebeka umthetho olandelwayo ngaphandle kwabanye futhi uthi:
“I-WireGuard yenzelwe ukuthunyelwa kalula futhi kube lula emqondweni.
Yenzelwe ukuthi isetshenziswe kalula emigqeni embalwa kakhulu yekhodi, futhi ihlolwe kalula ngobungozi bokuphepha.
Uma kuqhathaniswa nemidondoshiya efana ne- * Swan / IPsec noma i-OpenVPN / OpenSSL, lapho ukuhlolwa kwamakhodi amakhulu kungumsebenzi owesabekayo ngisho nasemaqenjini amakhulu ochwepheshe bezokuphepha, i-WireGuard kuhloswe ukuthi ihlolwe ngokuphelele ngabantu ngabanye.
I-Multipath TCP, Ngokolunye uhlangothi, isandiso sephrothokholi ye-TCP evumela ukuhlela ukusebenza kokuxhumeka kwe-TCP ngokulethwa kwamaphakethe ngasikhathi sinye emizileni eminingi ngokusebenzisa izixhumi ezahlukahlukene zenethiwekhi eziboshwe kumakheli e-IP ahlukile (ukusetshenziswa kokuxhumeka kwedatha okuningi ngasikhathi sinye)
I-Multipath TCP ingasetshenziswa kokubili ukunweba ukusebenza nokwandisa ukuthembeka.
Isibonelo, i-MPTCP ingasetshenziselwa ukuhlela ukudluliswa kwedatha kwi-smartphone isebenzisa izixhumanisi ze-WiFi ne-3G ngasikhathi sinye, noma ukunciphisa izindleko ngokuxhuma iseva usebenzisa izixhumanisi ezimbalwa ezishibhile esikhundleni sinye ebizayo.
Elinye icala, ngokwesibonelo, linamaseva afanele, ukushintshwa okungenamthungo kusuka ku-WLAN kuya ekuxhumekeni kweselula kungenzeka uma ibanga le-WLAN lidluliwe. Ukuhlanganisa i-Multipath TCP kwi-Linux nakho kuyasiza ngoba ubuchwepheshe beselula be-5G obuzayo budinga ubuchwepheshe.
Ekugcineni, inguqulo entsha yeLinux Kernel 5.6 kulindeleke njengoba sishilo ekuqaleni ngifikile ekupheleni kuka-Mashi (usuku lokulinga kungukuthi Umhlaka 29 Mashi) noma ekuqaleni kuka-Ephreli (April 6) yize lokhu kungahluka kancane.
Umthombo: https://git.kernel.org