nftables is available since kernel 3.13 (released on 19 January 2014).
Major distributions have already provided nftables, and marked/called
iptables as deprecated or legacy.
Moreover, currently, iptables/libiptc backend does not support IPv6.
Hence, it is not necessary to keep iptables/libiptc backend anymore.
Let's drop it in the next release.
Note, fedora/centos have already disabled iptables/libiptc support since v249.
Also move the description of IPv4DuplicateAddressDetectionTimeoutSec=
to the section about systemd-networkd. The change of the timeout doesn't
have to be described as "incompatible". It's more of a bugfix, the previous
timeout was just strangely large and hopefully nobody relied on this detail
of implementation.
Also, reword to say that MPLSRouting= just controls enablement, nothing more.
For meson options, say '-Dfoo=' to make them visually different.
Adjust grammar and punctuation in various places.
Break very long lines where feasible.
Backticks are good in markdown files, where they signify text to be rendered
with a mono-space font. But our text files doesn't use markdown, and backticks
are just a particularly bad type of quote (ugly, assymetrical, with a special
significance in shell context). Update older NEWS entries to not use them.
Also, if a device ACL list is defined, also go via IPC (instead of
trying to patch it, as before).
The outcome is that the tighter rules continue to apply when configured.
Fixes: #35959
Previously, systemd-networkd sent machine ID as chassis ID.
Let's use application specific machine ID.
This is a kind of backward compat breaking. Hence, this also introduces
the support of $SD_LLDP_SEND_MACHINE_ID environment variable.
Closes#37613.
We nowadays expose pidfdid at various places, e.g. envvars
and dbus properties. Also the sd_notify() MAINPID= message
has been complemented with MAINPIDFDID=. But acquiring
pidfdid is actually non-trivial especially considering
the 32-bit case, hence let's introduce a public helper
in sd-daemon specifically for that purpose.
This is analogous to #36123, but for Tun/Tap interfaces created by
systemd-networkd.
If a regular user account want to control a Tun/Tap interface, then
assign the interface to a system group, e.g., vpn, and add the user
to the group.
Closes#37279.
The original timeout of 7 seconds is very long for today's networks. Reduce it
to 200ms. Note that this change also affects IPv4 link-local addressing.
