A stable release of the interface is available to simplify network settings - NetworkManager 1.32.0. Plugins to support VPN, OpenConnect, PPTP, OpenVPN and OpenSWAN are developed within their own development cycles.
Key innovations in NetworkManager 1.32:
- The ability to select a firewall management backend has been provided, for which a new option "[main].firewall-backend" has been added to NetworkManager.conf. By default, the “nftables” backend is set, and when the /usr/sbin/nft file is missing from the system and /usr/sbin/iptables is present, the “iptables” backend is set. In the future, it is planned to add another backend based on Firewalld. This feature can be used to configure an address translator using nftables (previously only iptables was used) when the shared access profile (shared) is enabled.
- Added new options "ethtool.pause-autoneg", "ethtool.pause-rx" and "ethtool.pause-tx" to introduce delays when receiving or sending Ethernet frames. Added options correspond to similar modes in the ethtool utility - "-pause devname [autoneg on|off] [rx on|off] [tx on|off]".
- Added the "ethernet.accept-all-mac-addresses" parameter, which allows you to set the network adapter to "promiscuous" mode to analyze transit network frames that are not addressed to the current system.
- Provided the ability to perform reverse DNS queries to set up a hostname based on the DNS name defined for the IP address given to the system. The mode is enabled using the hostname option in the profile. Previously, the getnameinfo() function was called to determine the hostname, which took into account the NSS configuration and the name specified in the /etc/hostname file (the new feature allows you to set the name only based on reverse zone resolution in DNS). To query a hostname via DNS, the systemd-resolved API is now used, and if systemd is not used, the 'nm-daemon-helper' handler is run based on the 'dns' NSS module.
- Added support for "prohibit", "blackhole", and "unreachable" routing rule types.
- Changed behavior regarding traffic rules - by default, NetworkManager now saves the qdiscs rules and traffic filters already set in the system.
- Mirroring of NetworkManager wireless connection profiles to iwd configuration files is provided.
- Added support for DHCP option 249 (Microsoft Classless Static Route).
- Added support for the "rd.net.dhcp.retry" kernel parameter to control the request for IP binding updates.
- A significant restructuring of the source texts has been carried out.
- Changes have been made to the API that should not affect compatibility with existing add-ons. For example, the handling of the PropertiesChanged signal and the D-Bus property org.freedesktop.DBus.Properties.PropertiesChanged have been deprecated for a long time. The libnm library hides structure definitions in the NMSimpleConnection, NMSetting, and NMSetting classes. The "connection.uuid" format is used as the main key for identifying the connection profile.
Additionally, we can note the release of the network configurator ConnMan 1.40, which is developed by Intel and is characterized by low consumption of system resources and the availability of flexible tools for expanding functionality through plug-ins. ConnMan is used in platforms and distributions such as Tizen, Yocto, Sailfish, Aldebaran Robotics and Nest, as well as in various consumer devices with Linux-based firmware.
Intel also published the release of the IWD 1.15 (iNet Wireless Daemon) Wi-Fi daemon, which is being developed as an alternative to wpa_supplicant for connecting Linux systems to a wireless network. IWD can be used both on its own and as a backend for the Network Manager and ConnMan network configurators. The project is suitable for use on embedded devices and is optimized for minimal memory and disk space consumption. IWD does not use external libraries and only accesses the features provided by the regular Linux kernel (the Linux kernel and Glibc are enough to work).
In the new version of ConnMan, only bug fixes related to the handling of auto-connection and disconnection status in WiFi are noted. A buffer overflow vulnerability in the DNS Proxy code has also been fixed. The new version of IWD includes support for exporting background process information, adds the ability to predict the intensity of packet arrival in VHT RX (Very High Throughput) mode, and provides support for the FT-over-DS procedure with several basic service sets (BSS).
Source: opennet.ru