systemd-antivirusd when?

Abomination®

For those wondering wtf is this, since the description in the article is a bit lacking:

tl;dr It is a "LAN-only VPN" so that people wiretapping your own internal ethernet network can't just see everything going on. This matters for large companies that fill entire buildings and have hundreds of systems in their own internal network.
it's usually available in high end networking equipment, and you need support for this also in the end point PC or server if you want to use it.




MACSec is standardized IEEE 802.1AE hop-by-hop encryption that enables confidentiality and integrity of data at layer 2.
It encrypts entire Ethernet packet except Source and Destination MAC addresses on any device-to-device, switch-to-switch, router-to-switch, host-to-switch directly connected wired L2 connection.

If we compare MACSec with, for example, IPsec, MACsec provides same security but on layer 2 for each hop separately. On each hop, packets are received and decrypted enabling other features like QoS and load balancing to function. Same data is again encrypted before being sent out to next device on the way towards the destination. MACsec works on host-to-switch connection and on switch-to-switch connection enabling line-rate up to 10 GigabitEthernet fast encryption.

That's something I actually want...but it's not like it doesn't already exist either...

systemd-filterouttrollsd when?

Thanks for the explanation / links, starshipeleven.

Could somebody explain why this support is added to userspace (systemd-networkd) and not to the kernel network code ?

The kernel component to MACsec appeared in 4.6, it seems. This looks to be just the user space configuration component.

The tie is getting tighter around the neck ...

choke me, daddy