Cov lus txib "rho tawm" tau ntxiv rau lub networkctl qhov hluav taws xob kom tshem tawm cov khoom siv hauv lub network, nrog rau "-stats" kev xaiv los tso saib cov ntaub ntawv txheeb cais;
SpeedMeter thiab SpeedMeterIntervalSec nqis tau ntxiv rau networkd.conf rau ib ntus ntsuas qhov kev nkag mus ntawm network interfaces. Cov txheeb cais tau los ntawm kev ntsuas cov txiaj ntsig tuaj yeem pom hauv cov zis ntawm 'networkctl raws li txoj cai' hais kom ua;
Ntxiv cov nqi hluav taws xob tshiab systemd-network-generator rau tsim cov ntaub ntawv
.network, .netdev thiab .link raws li IP chaw dhau los thaum pib ntawm Linux ntsiav kab hais kom ua hauv Dracut nqis hom;
sysctl "kernel.pid_max" tus nqi ntawm 64-ntsis tshuab tam sim no tau teeb tsa los ntawm lub neej ntawd rau 4194304 (22-ntsis PIDs tsis yog 16-ntsis), uas txo qhov yuav tshwm sim ntawm kev sib tsoo thaum muab PIDs, nce qhov txwv ntawm tus lej ntawm ib txhij. khiav cov txheej txheem, thiab muaj kev cuam tshuam zoo rau kev ruaj ntseg. Qhov kev hloov pauv tuaj yeem ua rau muaj teeb meem sib raug zoo, tab sis cov teeb meem no tseem tsis tau tshaj tawm hauv kev xyaum;
Los ntawm lub neej ntawd, qhov tsim theem hloov mus rau qhov sib koom ua ke hierarchy cgroups-v2 ("-Ddefault-hierarchy = unified"). Yav dhau los, lub neej ntawd yog hom hybrid ("-Ddefault-hierarchy = hybrid");
Tus cwj pwm ntawm lub kaw lus hu rau lim (SystemCallFilter) tau hloov pauv, uas, nyob rau hauv rooj plaub ntawm kev txwv tsis pub hu xov tooj, tam sim no xaus tag nrho cov txheej txheem, tsis yog cov xov ntawm tus kheej, txij li kev txiav cov xov ntawm tus kheej tuaj yeem ua rau muaj teeb meem tsis tuaj yeem. Cov kev hloov pauv tsuas yog siv yog tias koj muaj Linux ntsiav 4.14+ thiab libseccomp 2.4.0+;
Unprivileged cov kev pab cuam tau muab lub peev xwm xa ICMP Echo (ping) pob ntawv los ntawm kev teeb tsa sysctl "net.ipv4.ping_group_range" rau tag nrho cov pab pawg (rau txhua tus txheej txheem);
Txhawm rau ua kom cov txheej txheem tsim, tiam neeg phau ntawv tau raug tso tseg los ntawm lub neej ntawd (kom tsim cov ntaub ntawv tag nrho, koj yuav tsum siv qhov kev xaiv "-Dman=true" lossis "-Dhtml=true" rau phau ntawv hauv html hom). Txhawm rau kom yooj yim saib cov ntaub ntawv, ob daim ntawv suav nrog: tsim / txiv neej / txiv neej thiab tsim / txiv neej / html rau tsim thiab saib ua ntej phau ntawv nyiam;
Txhawm rau ua cov npe sau nrog cov cim los ntawm cov tsiaj ntawv hauv tebchaws, lub tsev qiv ntawv libidn2 yog siv los ntawm lub neej ntawd (kom rov qab libidn, siv qhov "-Dlibidn = tseeb" kev xaiv);
Kev them nyiaj yug rau /usr/sbin/halt.local executable cov ntaub ntawv, uas muab functionality uas tsis tau dav faib nyob rau hauv distributions, twb txiav lawm. Txhawm rau teeb tsa cov lus txib thaum kaw, nws raug nquahu kom siv cov ntawv sau hauv /usr/lib/systemd/system-shutdown/ lossis txhais ib chav tshiab uas nyob ntawm final.target;
Nyob rau theem kawg ntawm kev kaw, systemd tam sim no cia li nce lub cav theem hauv sysctl "kernel.printk", uas daws qhov teeb meem nrog kev nthuav tawm hauv cov xwm txheej cav uas tshwm sim hauv cov theem tom qab ntawm kev kaw, thaum cov kev nkag mus tsis tu ncua daemons tau ua tiav. ;
Xyuas kom meej tias qhov kev ua haujlwm tsis sib xws hauv sysctl.d/ cov ntaub ntawv raug tsis quav ntsej yog tias lub npe sib txawv pib nrog tus cim "-";
kev pab cuam systemd-random-seed.service tam sim no tag nrho lub luag haujlwm rau kev pib lub pas dej ua ke ntawm lub Linux ntsiav pseudorandom tooj generator. Cov kev pabcuam uas yuav tsum tau pib ua kom raug /dev/urandom yuav tsum tau pib tom qab systemd-random-seed.service;
Lub systemd-boot khau raj loader muab lub peev xwm xaiv tau los txhawb noob file nrog random ib ntus hauv EFI System Partition (ESP);
Ntxiv qhov kev xaiv keyfile-timeout rau /etc/crypttab kom teem sijhawm ntev npaum li cas lub cuab yeej nrog tus yuam sij encryption yuav tos ua ntej kev tshoov siab rau tus password kom nkag mus rau qhov muab faib encrypted;
Ntxiv IOWeight kev xaiv los teeb tsa qhov hnyav I / O rau BFQ teem sijhawm;
systemd-resolved ntxiv ' nruj' hom rau DNS-tshaj-TLS thiab siv lub peev xwm los cache tsuas yog cov lus teb zoo DNS ("Cache tsis-negative" hauv solved.conf);
Rau VXLAN, systemd-networkd tau ntxiv qhov kev xaiv GenericProtocolExtension kom pab tau VXLAN raws tu qauv txuas ntxiv. Rau VXLAN thiab GENEVE, qhov kev xaiv IPDoNotFragment tau ntxiv los teeb tsa fragmentation txwv tsis pub tus chij rau cov pob ntawv tawm;
Hauv systemd-networkd, nyob rau hauv seem "[Route]", qhov kev xaiv FastOpenNoCookie tau tshwm sim los ua kom cov txheej txheem qhib TCP kev sib txuas sai sai (TFO - TCP Fast Open, RFC 7413) cuam tshuam rau tus kheej txoj kev, nrog rau TTLPropagate kev xaiv txhawm rau teeb tsa TTL LSP (Label Hloov Path ). Qhov "Type" kev xaiv muab kev txhawb nqa rau hauv zos, tshaj tawm hauv xov tooj cua, anycast, multicast, ib qho thiab xresolve routing hom;
Systemd-networkd muaj qhov kev xaiv DefaultRouteOnDevice nyob rau hauv seem "[Network]" kom tau txais kev teeb tsa lub neej ntawd rau ib qho khoom siv network;
Systemd-networkd tau ntxiv ProxyARP thiab
ProxyARPWifi rau kev teeb tsa tus neeg sawv cev ARP tus cwj pwm, MulticastRouter rau kev teeb tsa kev tsis sib haum xeeb hauv hom multicast, MulticastIGMPVersion rau kev hloov IGMP (Internet Group Management Protocol) version rau multicast;
Systemd-networkd tau ntxiv Local, Peer thiab PeerPort kev xaiv rau FooOverUDP tunnels los teeb tsa cov chaw nyob hauv zos thiab thaj chaw deb IP, nrog rau tus lej chaw nres nkoj network. Rau TUN qhov, qhov kev xaiv VnetHeader tau ntxiv los txhim kho GSO (Generic Segment Offload) kev txhawb nqa;
Hauv systemd-networkd, ib qho kev xaiv AssignToLoopback tau ntxiv rau qhov tunnels, uas tswj xyuas seb qhov kawg ntawm lub qhov yog muab rau lub loopback ntaus ntawv "lo";
systemd-networkd cia li qhib lub IPv6 pawg yog tias nws raug thaiv los ntawm sysctl disable_ipv6 - IPv6 tau qhib yog tias IPv6 chaw (zoo li qub lossis DHCPv6) tau txhais rau lub network interface, txwv tsis pub tus nqi sysctl twb tsis hloov;
Vulnerability kho CVE-2019-15718, tshwm sim los ntawm kev tsis muaj kev tswj xyuas rau D-Bus interface systemd- daws teeb meem. Qhov teeb meem tso cai rau tus neeg siv tsis tau txais txiaj ntsig los ua cov haujlwm uas tsuas yog muaj rau cov thawj coj, xws li hloov DNS chaw thiab coj cov lus nug DNS mus rau lub server tsis zoo;
Vulnerability kho CVE-2019-9619cuam ββtshuam rau kev tsis ua pam_systemd rau cov kev sib tham tsis sib tham, uas tso cai rau spoofing ntawm qhov kev sib tham nquag.