diff options
Diffstat (limited to 'upstream/debian-unstable/man5/systemd.network.5')
| -rw-r--r-- | upstream/debian-unstable/man5/systemd.network.5 | 435 |
1 files changed, 299 insertions, 136 deletions
diff --git a/upstream/debian-unstable/man5/systemd.network.5 b/upstream/debian-unstable/man5/systemd.network.5 index 934e7503..5238454e 100644 --- a/upstream/debian-unstable/man5/systemd.network.5 +++ b/upstream/debian-unstable/man5/systemd.network.5 @@ -1,5 +1,5 @@ '\" t -.TH "SYSTEMD\&.NETWORK" "5" "" "systemd 255" "systemd.network" +.TH "SYSTEMD\&.NETWORK" "5" "" "systemd 256~rc3" "systemd.network" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -447,14 +447,16 @@ Added in version 246\&. .PP \fIRequiredForOnline=\fR .RS 4 -Takes a boolean or a minimum operational state and an optional maximum operational state\&. Please see +Takes a boolean, a minimum operational state (e\&.g\&., +"carrier"), or a range of operational state separated with a colon (e\&.g\&., +"degraded:routable")\&. Please see \fBnetworkctl\fR(1) for possible operational states\&. When "yes", the network is deemed required when determining whether the system is online (including when running \fBsystemd\-networkd\-wait\-online\fR)\&. When "no", the network is ignored when determining the online state\&. When a minimum operational state and an optional maximum operational state are set, -"yes" -is implied, and this controls the minimum and maximum operational state required for the network interface to be considered online\&. +\fBsystemd\-networkd\-wait\-online\fR +deems that the interface is online when the operational state is in the specified range\&. .sp Defaults to "yes" @@ -483,6 +485,45 @@ The network will be brought up normally (as configured by if "RequiredForOnline=no"\&. .sp +The boolean value +"yes" +is translated as follows; +.PP +\fBCAN devices\fR +.RS 4 +"carrier", +.sp +Added in version 256\&. +.RE +.PP +\fBMaster devices, e\&.g\&. bond or bridge\fR +.RS 4 +"degraded\-carrier" +with +\fIRequiredFamilyForOnline=any\fR, +.sp +Added in version 256\&. +.RE +.PP +\fBBonding port interfaces\fR +.RS 4 +"enslaved", +.sp +Added in version 256\&. +.RE +.PP +\fBOther interfaces\fR +.RS 4 +"degraded"\&. +.sp +Added in version 236\&. +.RE +.sp +This setting can be overridden by the command line option for +\fBsystemd\-networkd\-wait\-online\fR\&. See +\fBsystemd-networkd-wait-online.service\fR(8) +for more details\&. +.sp Added in version 236\&. .RE .PP @@ -683,14 +724,23 @@ Takes a boolean\&. If set to "yes", DHCPv4 server will be started\&. Defaults to "no"\&. Further settings for the DHCP server may be set in the [DHCPServer] section described below\&. .sp +Even if this is enabled, the DHCP server will not be started automatically and wait for the persistent storage being ready to load/save leases in the storage, unless +\fIRelayTarget=\fR +or +\fIPersistLeases=no\fR +are specified in the [DHCPServer] section\&. It will be started after +systemd\-networkd\-persistent\-storage\&.service +is started, which calls +\fBnetworkctl persistent\-storage yes\fR\&. See +\fBnetworkctl\fR(1) +for more details\&. +.sp Added in version 215\&. .RE .PP \fILinkLocalAddressing=\fR .RS 4 -Enables link\-local address autoconfiguration\&. Accepts -\fByes\fR, -\fBno\fR, +Enables link\-local address autoconfiguration\&. Accepts a boolean, \fBipv4\fR, and \fBipv6\fR\&. An IPv6 link\-local address is configured when \fByes\fR @@ -960,6 +1010,8 @@ If the specified address is "::" (for IPv6), a new address range of the requested size is automatically allocated from a system\-wide pool of unused ranges\&. Note that the prefix length must be equal or larger than 8 for IPv4, and 64 for IPv6\&. The allocated range is checked against all current network interfaces and all known network configuration files to avoid address range conflicts\&. The default system\-wide pool consists of 192\&.168\&.0\&.0/16, 172\&.16\&.0\&.0/12 and 10\&.0\&.0\&.0/8 for IPv4, and fd00::/8 for IPv6\&. This functionality is useful to manage a large number of dynamically created network interfaces with the same network configuration and automatic address range assignment\&. .sp +If an empty string is specified, then the all previous assignments in both [Network] and [Address] sections are cleared\&. +.sp Added in version 211\&. .RE .PP @@ -989,6 +1041,14 @@ for IPv6\&. If an empty string is assigned, then the all previous assignments ar Added in version 211\&. .RE .PP +\fIUseDomains=\fR +.RS 4 +Specifies the protocol\-independent default value for the same settings in [IPv6AcceptRA], [DHCPv4], and [DHCPv6] sections below\&. Takes a boolean, or the special value +\fBroute\fR\&. See also the same setting in [DHCPv4] below\&. Defaults to unset\&. +.sp +Added in version 256\&. +.RE +.PP \fIDomains=\fR .RS 4 A whitespace\-separated list of domains which should be resolved using the DNS servers on this link\&. Each item in the list should be a domain name, optionally prefixed with a tilde ("~")\&. The domains with the prefix are called "routing\-only domains"\&. The domains without the prefix are called "search domains" and are first used as search suffixes for extending single\-label hostnames (hostnames containing no dots) to become fully qualified domain names (FQDNs)\&. If a single\-label hostname is resolved on this interface, each of the specified search domains are appended to it in turn, converting it into a fully qualified domain name, until one of them may be successfully resolved\&. @@ -1027,25 +1087,42 @@ An NTP server address (either an IP address, or a hostname)\&. This option may b Added in version 216\&. .RE .PP -\fIIPForward=\fR +\fIIPv4Forwarding=\fR .RS 4 -Configures IP packet forwarding for the system\&. If enabled, incoming packets on any network interface will be forwarded to any other interfaces according to the routing table\&. Takes a boolean, or the values -"ipv4" -or -"ipv6", which only enable IP packet forwarding for the specified address family\&. This controls the -net\&.ipv4\&.ip_forward -and -net\&.ipv6\&.conf\&.all\&.forwarding -sysctl options of the network interface (see +Configures IPv4 packet forwarding for the interface\&. Takes a boolean value\&. This controls the +net\&.ipv4\&.conf\&.\fIINTERFACE\fR\&.forwarding +sysctl option of the network interface\&. See \m[blue]\fBIP Sysctl\fR\m[]\&\s-2\u[7]\d\s+2 -for details about sysctl options)\&. Defaults to -"no"\&. +for more details about the sysctl option\&. Defaults to true if +\fIIPMasquerade=\fR +is enabled for IPv4, otherwise the value specified to the same setting in +\fBnetworkd.conf\fR(5) +will be used\&. If none of them are specified, the sysctl option will not be changed\&. .sp -Note: this setting controls a global kernel option, and does so one way only: if a network that has this setting enabled is set up the global setting is turned on\&. However, it is never turned off again, even after all networks with this setting enabled are shut down again\&. +To control the global setting, use the same setting in +\fBnetworkd.conf\fR(5)\&. .sp -To allow IP packet forwarding only between specific network interfaces use a firewall\&. +Added in version 256\&. +.RE +.PP +\fIIPv6Forwarding=\fR +.RS 4 +Configures IPv6 packet forwarding for the interface\&. Takes a boolean value\&. This controls the +net\&.ipv6\&.conf\&.\fIINTERFACE\fR\&.forwarding +sysctl option of the network interface\&. See +\m[blue]\fBIP Sysctl\fR\m[]\&\s-2\u[7]\d\s+2 +for more details about the sysctl option\&. Defaults to true if +\fIIPMasquerade=\fR +is enabled for IPv6 or +\fIIPv6SendRA=\fR +is enabled, otherwise the value specified to the same setting in +\fBnetworkd.conf\fR(5) +will be used\&. If none of them are specified, the sysctl option will not be changed\&. .sp -Added in version 219\&. +To control the global setting, use the same setting in +\fBnetworkd.conf\fR(5)\&. +.sp +Added in version 256\&. .RE .PP \fIIPMasquerade=\fR @@ -1055,19 +1132,13 @@ Configures IP masquerading for the network interface\&. If enabled, packets forw "ipv6", "both", or "no"\&. Defaults to -"no"\&. If enabled, this automatically sets -\fIIPForward=\fR -to one of -"ipv4", -"ipv6" -or -"yes"\&. +"no"\&. .sp Note\&. Any positive boolean values such as "yes" or "true" -are now deprecated\&. Please use one of the values in the above\&. +are now deprecated\&. Please use one of the values above\&. .sp Added in version 219\&. .RE @@ -1089,7 +1160,11 @@ Added in version 222\&. .PP \fIIPv6AcceptRA=\fR .RS 4 -Takes a boolean\&. Controls IPv6 Router Advertisement (RA) reception support for the interface\&. If true, RAs are accepted; if false, RAs are ignored\&. When RAs are accepted, they may trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or if no routers are found on the link\&. The default is to disable RA reception for bridge devices or when IP forwarding is enabled, and to enable it otherwise\&. Cannot be enabled on devices aggregated in a bond device or when link\-local addressing is disabled\&. +Takes a boolean\&. Controls IPv6 Router Advertisement (RA) reception support for the interface\&. If true, RAs are accepted; if false, RAs are ignored\&. When RAs are accepted, they may trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or if no routers are found on the link\&. Defaults to false for bridge devices, when IP forwarding is enabled, +\fIIPv6SendRA=\fR +or +\fIKeepMaster=\fR +is enabled\&. Otherwise, enabled by default\&. Cannot be enabled on devices aggregated in a bond device or when link\-local addressing is disabled\&. .sp Further settings for the IPv6 RA support may be configured in the [IPv6AcceptRA] section, see below\&. .sp @@ -1122,6 +1197,13 @@ Configures IPv6 Hop Limit\&. Takes an integer in the range 1\&...255\&. For each Added in version 228\&. .RE .PP +\fIIPv6RetransmissionTimeSec=\fR +.RS 4 +Configures IPv6 Retransmission Time\&. The time between retransmitted Neighbor Solicitation messages\&. Used by address resolution and the Neighbor Unreachability Detection algorithm\&. A value of zero is ignored and the kernel\*(Aqs current value will be used\&. Defaults to unset, and the kernel\*(Aqs current value will be used\&. +.sp +Added in version 256\&. +.RE +.PP \fIIPv4ReversePathFilter=\fR .RS 4 Configure IPv4 Reverse Path Filtering\&. If enabled, when an IPv4 packet is received, the machine will first check whether the @@ -1160,6 +1242,18 @@ Takes a boolean\&. Configures proxy ARP for IPv4\&. Proxy ARP is the technique i Added in version 233\&. .RE .PP +\fIIPv4ProxyARPPrivateVLAN=\fR +.RS 4 +Takes a boolean\&. Configures proxy ARP private VLAN for IPv4, also known as VLAN aggregation, private VLAN, source\-port filtering, port\-isolation, or MAC\-forced forwarding\&. +.sp +This variant of the ARP proxy technique will allow the ARP proxy to reply back to the same interface\&. +.sp +See +\m[blue]\fBRFC 3069\fR\m[]\&\s-2\u[10]\d\s+2\&. When unset, the kernel\*(Aqs default will be used\&. +.sp +Added in version 256\&. +.RE +.PP \fIIPv6ProxyNDP=\fR .RS 4 Takes a boolean\&. Configures proxy NDP for IPv6\&. Proxy NDP (Neighbor Discovery Protocol) is a technique for IPv6 to allow routing of addresses to a different destination when peers expect them to be present on a certain physical link\&. In this case a router answers Neighbour Advertisement messages intended for another machine by offering its own MAC address as destination\&. Unlike proxy ARP for IPv4, it is not enabled globally, but will only send Neighbour Advertisement messages for addresses in the IPv6 neighbor proxy table, which can also be shown by @@ -1442,7 +1536,7 @@ Added in version 246\&. \fIHomeAddress=\fR .RS 4 Takes a boolean\&. Designates this address the "home address" as defined in -\m[blue]\fBRFC 6275\fR\m[]\&\s-2\u[10]\d\s+2\&. Supported only on IPv6\&. Defaults to false\&. +\m[blue]\fBRFC 6275\fR\m[]\&\s-2\u[11]\d\s+2\&. Supported only on IPv6\&. Defaults to false\&. .sp Added in version 232\&. .RE @@ -1455,9 +1549,9 @@ Takes one of "both", or "none"\&. When "ipv4", performs IPv4 Address Conflict Detection\&. See -\m[blue]\fBRFC 5227\fR\m[]\&\s-2\u[11]\d\s+2\&. When +\m[blue]\fBRFC 5227\fR\m[]\&\s-2\u[12]\d\s+2\&. When "ipv6", performs IPv6 Duplicate Address Detection\&. See -\m[blue]\fBRFC 4862\fR\m[]\&\s-2\u[12]\d\s+2\&. Defaults to +\m[blue]\fBRFC 4862\fR\m[]\&\s-2\u[13]\d\s+2\&. Defaults to "ipv4" for IPv4 link\-local addresses, "ipv6" @@ -1471,7 +1565,7 @@ Added in version 232\&. \fIManageTemporaryAddress=\fR .RS 4 Takes a boolean\&. If true the kernel manage temporary addresses created from this one as template on behalf of Privacy Extensions -\m[blue]\fBRFC 3041\fR\m[]\&\s-2\u[13]\d\s+2\&. For this to become active, the use_tempaddr sysctl setting has to be set to a value greater than zero\&. The given address needs to have a prefix length of 64\&. This flag allows using privacy extensions in a manually configured network, just like if stateless auto\-configuration was active\&. Defaults to false\&. +\m[blue]\fBRFC 3041\fR\m[]\&\s-2\u[14]\d\s+2\&. For this to become active, the use_tempaddr sysctl setting has to be set to a value greater than zero\&. The given address needs to have a prefix length of 64\&. This flag allows using privacy extensions in a manually configured network, just like if stateless auto\-configuration was active\&. Defaults to false\&. .sp Added in version 232\&. .RE @@ -1502,22 +1596,34 @@ Added in version 232\&. \fINetLabel=\fR\fIlabel\fR .RS 4 This setting provides a method for integrating static and dynamic network configuration into Linux -\m[blue]\fBNetLabel\fR\m[]\&\s-2\u[14]\d\s+2 +\m[blue]\fBNetLabel\fR\m[]\&\s-2\u[15]\d\s+2 subsystem rules, used by -\m[blue]\fBLinux Security Modules (LSMs)\fR\m[]\&\s-2\u[15]\d\s+2 +\m[blue]\fBLinux Security Modules (LSMs)\fR\m[]\&\s-2\u[16]\d\s+2 for network access control\&. The label, with suitable LSM rules, can be used to control connectivity of (for example) a service with peers in the local network\&. At least with SELinux, only the ingress can be controlled but not egress\&. The benefit of using this setting is that it may be possible to apply interface independent part of NetLabel configuration at very early stage of system boot sequence, at the time when the network interfaces are not available yet, with \fBnetlabelctl\fR(8), and the per\-interface configuration with \fBsystemd\-networkd\fR once the interfaces appear later\&. Currently this feature is only implemented for SELinux\&. .sp The option expects a single NetLabel label\&. The label must conform to lexical restrictions of LSM labels\&. When an interface is configured with IP addresses, the addresses and subnetwork masks will be appended to the -\m[blue]\fBNetLabel Fallback Peer Labeling\fR\m[]\&\s-2\u[16]\d\s+2 +\m[blue]\fBNetLabel Fallback Peer Labeling\fR\m[]\&\s-2\u[17]\d\s+2 rules\&. They will be removed when the interface is deconfigured\&. Failures to manage the labels will be ignored\&. +.if n \{\ .sp -Warning: Once labeling is enabled for network traffic, a lot of LSM access control points in Linux networking stack go from dormant to active\&. Care should be taken to avoid getting into a situation where for example remote connectivity is broken, when the security policy hasn\*(Aqt been updated to consider LSM per\-packet access controls and no rules would allow any network traffic\&. Also note that additional configuration with +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBWarning\fR +.ps -1 +.br +Once labeling is enabled for network traffic, a lot of LSM access control points in Linux networking stack go from dormant to active\&. Care should be taken to avoid getting into a situation where for example remote connectivity is broken, when the security policy hasn\*(Aqt been updated to consider LSM per\-packet access controls and no rules would allow any network traffic\&. Also note that additional configuration with \fBnetlabelctl\fR(8) is needed\&. -.sp +.sp .5v +.RE Example: .sp .if n \{\ @@ -1574,7 +1680,7 @@ Added in version 252\&. \fINFTSet=\fR\fIsource\fR:\fIfamily\fR:\fItable\fR:\fIset\fR .RS 4 This setting provides a method for integrating network configuration into firewall rules with -\m[blue]\fBNFT\fR\m[]\&\s-2\u[17]\d\s+2 +\m[blue]\fBNFT\fR\m[]\&\s-2\u[18]\d\s+2 sets\&. The benefit of using the setting is that static network configuration (or dynamically obtained network addresses, see similar directives in other sections) can be used in firewall rules with the indirection of NFT set types\&. For example, access could be granted for hosts in the local subnetwork only\&. Firewall rules using IP address of an interface are also instantly updated when the network configuration changes, for example via DHCP\&. .sp This option expects a whitespace separated list of NFT set definitions\&. Each definition consists of a colon\-separated tuple of source type (one of @@ -1695,7 +1801,7 @@ Added in version 243\&. .SH "[IPV6ADDRESSLABEL] SECTION OPTIONS" .PP An [IPv6AddressLabel] section accepts the following keys\&. Specify several [IPv6AddressLabel] sections to configure several address labels\&. IPv6 address labels are used for address selection\&. See -\m[blue]\fBRFC 3484\fR\m[]\&\s-2\u[18]\d\s+2\&. Precedence is managed by userspace, and only the label itself is stored in the kernel\&. +\m[blue]\fBRFC 3484\fR\m[]\&\s-2\u[19]\d\s+2\&. Precedence is managed by userspace, and only the label itself is stored in the kernel\&. .PP \fILabel=\fR .RS 4 @@ -1719,9 +1825,9 @@ An [RoutingPolicyRule] section accepts the following settings\&. Specify several \fITypeOfService=\fR .RS 4 This specifies the Type of Service (ToS) field of packets to match; it takes an unsigned integer in the range 0\&...255\&. The field can be used to specify precedence (the first 3 bits) and ToS (the next 3 bits)\&. The field can be also used to specify Differentiated Services Code Point (DSCP) (the first 6 bits) and Explicit Congestion Notification (ECN) (the last 2 bits)\&. See -\m[blue]\fBType of Service\fR\m[]\&\s-2\u[19]\d\s+2 +\m[blue]\fBType of Service\fR\m[]\&\s-2\u[20]\d\s+2 and -\m[blue]\fBDifferentiated services\fR\m[]\&\s-2\u[20]\d\s+2 +\m[blue]\fBDifferentiated services\fR\m[]\&\s-2\u[21]\d\s+2 for more details\&. .sp Added in version 235\&. @@ -1786,6 +1892,14 @@ Specifies the outgoing device to match\&. The outgoing interface is only availab Added in version 236\&. .RE .PP +\fIL3MasterDevice=\fR +.RS 4 +A boolean\&. Specifies whether the rule is to direct lookups to the tables associated with level 3 master devices (also known as Virtual Routing and Forwarding or VRF devices)\&. For further details see +\m[blue]\fBVirtual Routing and Forwarding (VRF)\fR\m[]\&\s-2\u[22]\d\s+2\&. Defaults to false\&. +.sp +Added in version 256\&. +.RE +.PP \fISourcePort=\fR .RS 4 Specifies the source IP port or IP port range match in forwarding information base (FIB) rules\&. A port range is specified by the lower and upper port separated by a dash\&. Defaults to unset\&. @@ -1887,7 +2001,10 @@ The [NextHop] section is used to manipulate entries in the kernel\*(Aqs "nexthop .PP \fIId=\fR .RS 4 -The id of the next hop\&. Takes an integer in the range 1\&...4294967295\&. If unspecified, then automatically chosen by kernel\&. +The id of the next hop\&. Takes an integer in the range 1\&...4294967295\&. This is mandatory if +\fIManageForeignNextHops=no\fR +is specified in +\fBnetworkd.conf\fR(5)\&. Otherwise, if unspecified, an unused ID will be automatically picked\&. .sp Added in version 244\&. .RE @@ -1990,7 +2107,7 @@ Added in version 216\&. \fIIPv6Preference=\fR .RS 4 Specifies the route preference as defined in -\m[blue]\fBRFC 4191\fR\m[]\&\s-2\u[21]\d\s+2 +\m[blue]\fBRFC 4191\fR\m[]\&\s-2\u[23]\d\s+2 for Router Discovery messages\&. Which can be one of "low" the route has a lowest priority, @@ -2118,7 +2235,9 @@ is "nat", then "local" is used\&. In other cases, defaults to -"main"\&. +"main"\&. Ignored if +\fIL3MasterDevice=\fR +is true\&. .sp Added in version 230\&. .RE @@ -2197,13 +2316,6 @@ Takes a boolean\&. When true enables TCP fastopen without a cookie on a per\-rou Added in version 243\&. .RE .PP -\fITTLPropagate=\fR -.RS 4 -Takes a boolean\&. When true enables TTL propagation at Label Switched Path (LSP) egress\&. When unset, the kernel\*(Aqs default will be used\&. -.sp -Added in version 243\&. -.RE -.PP \fIMTUBytes=\fR .RS 4 The maximum transmission unit in bytes to set for the route\&. The usual suffixes K, M, G, are supported and are understood to the base of 1024\&. @@ -2280,7 +2392,7 @@ Added in version 223\&. \fIMUDURL=\fR .RS 4 When configured, the specified Manufacturer Usage Description (MUD) URL will be sent to the DHCPv4 server\&. Takes a URL of length up to 255 characters\&. A superficial verification that the string is a valid URL will be performed\&. DHCPv4 clients are intended to have at most one MUD URL associated with them\&. See -\m[blue]\fBRFC 8520\fR\m[]\&\s-2\u[22]\d\s+2\&. +\m[blue]\fBRFC 8520\fR\m[]\&\s-2\u[24]\d\s+2\&. .sp MUD is an embedded software standard defined by the IETF that allows IoT device makers to advertise device specifications, including the intended communication patterns for their device when it connects to the network\&. The network can then use this to author a context\-specific access policy, so the device functions only within those parameters\&. .sp @@ -2350,7 +2462,7 @@ Added in version 230\&. \fIRapidCommit=\fR .RS 4 Takes a boolean\&. The DHCPv4 client can obtain configuration parameters from a DHCPv4 server through a rapid two\-message exchange (discover and ack)\&. When the rapid commit option is set by both the DHCPv4 client and the DHCPv4 server, the two\-message exchange is used\&. Otherwise, the four\-message exchange (discover, offer, request, and ack) is used\&. The two\-message exchange provides faster client configuration\&. See -\m[blue]\fBRFC 4039\fR\m[]\&\s-2\u[23]\d\s+2 +\m[blue]\fBRFC 4039\fR\m[]\&\s-2\u[25]\d\s+2 for details\&. Defaults to true when \fIAnonymize=no\fR and neither @@ -2365,7 +2477,7 @@ Added in version 255\&. \fIAnonymize=\fR .RS 4 Takes a boolean\&. When true, the options sent to the DHCP server will follow the -\m[blue]\fBRFC 7844\fR\m[]\&\s-2\u[24]\d\s+2 +\m[blue]\fBRFC 7844\fR\m[]\&\s-2\u[26]\d\s+2 (Anonymity Profiles for DHCP Clients) to minimize disclosure of identifying information\&. Defaults to false\&. .sp This option should only be set to true when @@ -2388,7 +2500,7 @@ When true, are implied and these settings in the \&.network file are silently ignored\&. Also, \fIHostname=\fR, \fIMUDURL=\fR, -\fIRequestAddress\fR, +\fIRequestAddress=\fR, \fIRequestOptions=\fR, \fISendOption=\fR, \fISendVendorOption=\fR, @@ -2416,7 +2528,7 @@ Send an arbitrary raw option in the DHCPv4 request\&. Takes a DHCP option number "uint32", "ipv4address", or "string"\&. Special characters in the data string may be escaped using -\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[25]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Defaults to unset\&. +\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[27]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Defaults to unset\&. .sp Added in version 244\&. .RE @@ -2429,7 +2541,7 @@ Send an arbitrary vendor option in the DHCPv4 request\&. Takes a DHCP option num "uint32", "ipv4address", or "string"\&. Special characters in the data string may be escaped using -\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[25]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Defaults to unset\&. +\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[27]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Defaults to unset\&. .sp Added in version 246\&. .RE @@ -2557,7 +2669,14 @@ setting\&. If set to \fBroute\fR, the domain name received from the DHCP server will be used for routing DNS queries only, but not for searching, similarly to the effect of the \fBDomains=\fR setting when the argument is prefixed with -"~"\&. Defaults to false\&. +"~"\&. +.sp +When unspecified, the value specified in the same setting in the [Network] section will be used\&. When it is unspecified, the value specified in the same setting in the [DHCPv4] section in +\fBnetworkd.conf\fR(5) +will be used\&. When it is unspecified, the value specified in the same setting in the [Network] section in +\fBnetworkd.conf\fR(5) +will be used\&. When none of them are specified, defaults to +"no"\&. .sp It is recommended to enable this option only on trusted networks, as setting this affects resolution of all hostnames, in particular of single\-label names\&. It is generally safer to use the supplied domain only as routing domain, rather than as search domain, in order to not have it affect local resolution of single\-label names\&. .sp @@ -2644,7 +2763,7 @@ will be used\&. Note, when the server provides both the Router and Classless Static Routes option, and \fIUseRoutes=\fR is enabled, the Router option is always ignored regardless of this setting\&. See -\m[blue]\fBRFC 3442\fR\m[]\&\s-2\u[26]\d\s+2\&. +\m[blue]\fBRFC 3442\fR\m[]\&\s-2\u[28]\d\s+2\&. .sp Added in version 246\&. .RE @@ -2662,7 +2781,7 @@ When true, subnets of the received IPv6 prefix are assigned to downstream interf \fIDHCPPrefixDelegation=\fR\&. See also \fIDHCPPrefixDelegation=\fR in the [Network] section, the [DHCPPrefixDelegation] section, and -\m[blue]\fBRFC 5969\fR\m[]\&\s-2\u[27]\d\s+2\&. Defaults to false\&. +\m[blue]\fBRFC 5969\fR\m[]\&\s-2\u[29]\d\s+2\&. Defaults to false\&. .sp Added in version 250\&. .RE @@ -2670,7 +2789,7 @@ Added in version 250\&. \fIIPv6OnlyMode=\fR .RS 4 When true, the DHCPv4 configuration will be delayed by the timespan provided by the DHCP server and skip to configure dynamic IPv4 network connectivity if IPv6 connectivity is provided within the timespan\&. See -\m[blue]\fBRFC 8925\fR\m[]\&\s-2\u[28]\d\s+2\&. Defaults to false\&. +\m[blue]\fBRFC 8925\fR\m[]\&\s-2\u[30]\d\s+2\&. Defaults to false\&. .sp Added in version 255\&. .RE @@ -2708,6 +2827,13 @@ Set the port from which the DHCP client packets originate\&. Added in version 233\&. .RE .PP +\fIServerPort=\fR +.RS 4 +Set the port on which the DHCP server is listening\&. +.sp +Added in version 256\&. +.RE +.PP \fIDenyList=\fR .RS 4 A whitespace\-separated list of IPv4 addresses\&. Each address can optionally take a prefix length after @@ -2717,7 +2843,7 @@ is configured then \fIDenyList=\fR is ignored\&. .sp -Note that this filters only DHCP offers, so the filtering may not work when +Note that this filters only DHCP offers, so the filtering might not work when \fIRapidCommit=\fR is enabled\&. See also \fIRapidCommit=\fR @@ -2731,7 +2857,7 @@ Added in version 246\&. A whitespace\-separated list of IPv4 addresses\&. Each address can optionally take a prefix length after "/"\&. DHCP offers from servers in the list are accepted\&. .sp -Note that this filters only DHCP offers, so the filtering may not work when +Note that this filters only DHCP offers, so the filtering might not work when \fIRapidCommit=\fR is enabled\&. See also \fIRapidCommit=\fR @@ -2754,7 +2880,7 @@ A boolean\&. When true, performs IPv4 Duplicate Address Detection to the acquired address by the DHCPv4 client\&. If duplicate is detected, the DHCPv4 client rejects the address by sending a \fBDHCPDECLINE\fR packet to the DHCP server, and tries to obtain an IP address again\&. See -\m[blue]\fBRFC 5227\fR\m[]\&\s-2\u[11]\d\s+2\&. Defaults to false\&. +\m[blue]\fBRFC 5227\fR\m[]\&\s-2\u[12]\d\s+2\&. Defaults to false\&. .sp Added in version 245\&. .RE @@ -2814,7 +2940,7 @@ Send an arbitrary vendor option in the DHCPv6 request\&. Takes an enterprise ide "ipv4address", "ipv6address", or "string"\&. Special characters in the data string may be escaped using -\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[25]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Defaults to unset\&. +\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[27]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Defaults to unset\&. .sp Added in version 246\&. .RE @@ -2822,7 +2948,7 @@ Added in version 246\&. \fIUserClass=\fR .RS 4 A DHCPv6 client can use User Class option to identify the type or category of user or applications it represents\&. The information contained in this option is a string that represents the user class of which the client is a member\&. Each class sets an identifying string of information to be used by the DHCP service to classify clients\&. Special characters in the data string may be escaped using -\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[25]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Takes a whitespace\-separated list of strings\&. Note that currently +\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[27]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Takes a whitespace\-separated list of strings\&. Note that currently \fBNUL\fR bytes are not allowed\&. .sp @@ -2848,7 +2974,7 @@ Added in version 244\&. \fIRapidCommit=\fR .RS 4 Takes a boolean\&. The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through a rapid two\-message exchange (solicit and reply)\&. When the rapid commit option is set by both the DHCPv6 client and the DHCPv6 server, the two\-message exchange is used\&. Otherwise, the four\-message exchange (solicit, advertise, request, and reply) is used\&. The two\-message exchange provides faster client configuration\&. See -\m[blue]\fBRFC 3315\fR\m[]\&\s-2\u[29]\d\s+2 +\m[blue]\fBRFC 3315\fR\m[]\&\s-2\u[31]\d\s+2 for details\&. Defaults to true, and the two\-message exchange will be used if the server support it\&. .sp Added in version 252\&. @@ -2891,7 +3017,7 @@ When true (the default), the client will request the DHCPv6 server to delegate p \fIDHCPPrefixDelegation=yes\fR\&. See also the \fIDHCPPrefixDelegation=\fR setting in the [Network] section, settings in the [DHCPPrefixDelegation] section, and -\m[blue]\fBRFC 8415\fR\m[]\&\s-2\u[30]\d\s+2\&. +\m[blue]\fBRFC 8415\fR\m[]\&\s-2\u[32]\d\s+2\&. .sp Added in version 250\&. .RE @@ -2965,7 +3091,7 @@ Added in version 250\&. \fISubnetId=\fR .RS 4 Configure a specific subnet ID on the interface from a (previously) received prefix delegation\&. You can either set "auto" (the default) or a specific subnet ID (as defined in -\m[blue]\fBRFC 4291\fR\m[]\&\s-2\u[31]\d\s+2, section 2\&.5\&.4), in which case the allowed value is hexadecimal, from 0 to 0x7fffffffffffffff inclusive\&. +\m[blue]\fBRFC 4291\fR\m[]\&\s-2\u[33]\d\s+2, section 2\&.5\&.4), in which case the allowed value is hexadecimal, from 0 to 0x7fffffffffffffff inclusive\&. .sp Added in version 246\&. .RE @@ -3047,6 +3173,13 @@ The [IPv6AcceptRA] section configures the IPv6 Router Advertisement (RA) client, \fIIPv6AcceptRA=\fR setting described above: .PP +\fIUseRedirect=\fR +.RS 4 +When true (the default), Redirect message sent by the current first\-hop router will be accepted, and configures routes to redirected nodes will be configured\&. +.sp +Added in version 256\&. +.RE +.PP \fIToken=\fR .RS 4 Specifies an optional address generation mode for the Stateless Address Autoconfiguration (SLAAC)\&. The following values are supported: @@ -3070,7 +3203,7 @@ Added in version 250\&. \fBprefixstable[:\fR\fB\fIADDRESS\fR\fR\fB][,\fR\fB\fIUUID\fR\fR\fB]\fR .RS 4 The algorithm specified in -\m[blue]\fBRFC 7217\fR\m[]\&\s-2\u[32]\d\s+2 +\m[blue]\fBRFC 7217\fR\m[]\&\s-2\u[34]\d\s+2 will be used to generate interface identifiers\&. This mode can optionally take an IPv6 address separated with a colon (":")\&. If an IPv6 address is specified, then an interface identifier is generated only when a prefix received in an RA message matches the supplied address\&. .sp This mode can also optionally take a non\-null UUID in the format which @@ -3197,11 +3330,18 @@ Takes a boolean\&. When true, the hop limit received in the Router Advertisement Added in version 255\&. .RE .PP -\fIUseICMP6RateLimit=\fR +\fIUseReachableTime=\fR .RS 4 -Takes a boolean\&. When true, the ICMP6 rate limit received in the Router Advertisement will be set to ICMP6 rate limit based on the advertisement\&. Defaults to true\&. +Takes a boolean\&. When true, the reachable time received in the Router Advertisement will be set on the interface receiving the advertisement\&. It is used as the base timespan of the validity of a neighbor entry\&. Defaults to true\&. .sp -Added in version 255\&. +Added in version 256\&. +.RE +.PP +\fIUseRetransmissionTime=\fR +.RS 4 +Takes a boolean\&. When true, the retransmission time received in the Router Advertisement will be set on the interface receiving the advertisement\&. It is used as the time between retransmissions of Neighbor Solicitation messages to a neighbor when resolving the address or when probing the reachability of a neighbor\&. Defaults to true\&. +.sp +Added in version 256\&. .RE .PP \fIUseGateway=\fR @@ -3232,7 +3372,7 @@ Added in version 254\&. When true, the IPv6 PREF64 (or NAT64) prefixes received in the Router Advertisement will be recorded and made available to client programs and displayed in the \fBnetworkctl\fR(1) status output per\-link\&. See -\m[blue]\fBRFC 8781\fR\m[]\&\s-2\u[33]\d\s+2\&. Defaults to false\&. +\m[blue]\fBRFC 8781\fR\m[]\&\s-2\u[35]\d\s+2\&. Defaults to false\&. .sp Added in version 255\&. .RE @@ -3415,7 +3555,7 @@ ServerAddress=192\&.168\&.0\&.1/24 .RE .\} .sp -are equivalent to the following\&. +are equivalent to the following: .sp .if n \{\ .RS 4 @@ -3550,7 +3690,7 @@ Added in version 226\&. Takes an IPv4 address of the boot server used by e\&.g\&. PXE boot systems\&. When specified, this address is sent in the \fBsiaddr\fR field of the DHCP message header\&. See -\m[blue]\fBRFC 2131\fR\m[]\&\s-2\u[34]\d\s+2 +\m[blue]\fBRFC 2131\fR\m[]\&\s-2\u[36]\d\s+2 for more details\&. Defaults to unset\&. .sp Added in version 251\&. @@ -3559,7 +3699,7 @@ Added in version 251\&. \fIBootServerName=\fR .RS 4 Takes a name of the boot server used by e\&.g\&. PXE boot systems\&. When specified, this name is sent in the DHCP option 66 ("TFTP server name")\&. See -\m[blue]\fBRFC 2132\fR\m[]\&\s-2\u[35]\d\s+2 +\m[blue]\fBRFC 2132\fR\m[]\&\s-2\u[37]\d\s+2 for more details\&. Defaults to unset\&. .sp Note that typically setting one of @@ -3574,7 +3714,7 @@ Added in version 251\&. \fIBootFilename=\fR .RS 4 Takes a path or URL to a file loaded by e\&.g\&. a PXE boot loader\&. When specified, this path is sent in the DHCP option 67 ("Bootfile name")\&. See -\m[blue]\fBRFC 2132\fR\m[]\&\s-2\u[35]\d\s+2 +\m[blue]\fBRFC 2132\fR\m[]\&\s-2\u[37]\d\s+2 for more details\&. Defaults to unset\&. .sp Added in version 251\&. @@ -3583,7 +3723,7 @@ Added in version 251\&. \fIIPv6OnlyPreferredSec=\fR .RS 4 Takes a timespan\&. Controls the -\m[blue]\fBRFC 8925\fR\m[]\&\s-2\u[28]\d\s+2 +\m[blue]\fBRFC 8925\fR\m[]\&\s-2\u[30]\d\s+2 IPv6\-Only Preferred option\&. Specifies the DHCPv4 option to indicate that a host supports an IPv6\-only mode and is willing to forgo obtaining an IPv4 address if the network provides IPv6 connectivity\&. Defaults to unset, and not send the option\&. The minimum allowed value is 300 seconds\&. .sp Added in version 255\&. @@ -3598,7 +3738,7 @@ Send a raw option with value via DHCPv4 server\&. Takes a DHCP option number, da "ipv4address", "ipv6address", or "string"\&. Special characters in the data string may be escaped using -\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[25]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Defaults to unset\&. +\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[27]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Defaults to unset\&. .sp Added in version 244\&. .RE @@ -3611,7 +3751,7 @@ Send a vendor option with value via DHCPv4 server\&. Takes a DHCP option number, "uint32", "ipv4address", or "string"\&. Special characters in the data string may be escaped using -\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[25]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Defaults to unset\&. +\m[blue]\fBC\-style escapes\fR\m[]\&\s-2\u[27]\d\s+2\&. This setting can be specified multiple times\&. If an empty string is specified, then all options specified earlier are cleared\&. Defaults to unset\&. .sp Added in version 246\&. .RE @@ -3632,7 +3772,7 @@ Added in version 249\&. .RS 4 Takes an IPv4 address, which must be in the format described in \fBinet_pton\fR(3)\&. Turns this DHCP server into a DHCP relay agent\&. See -\m[blue]\fBRFC 1542\fR\m[]\&\s-2\u[36]\d\s+2\&. The address is the address of DHCP server or another relay agent to forward DHCP messages to and from\&. +\m[blue]\fBRFC 1542\fR\m[]\&\s-2\u[38]\d\s+2\&. The address is the address of DHCP server or another relay agent to forward DHCP messages to and from\&. .sp Added in version 249\&. .RE @@ -3664,10 +3804,22 @@ Added in version 249\&. \fIRapidCommit=\fR .RS 4 Takes a boolean\&. When true, the server supports -\m[blue]\fBRFC 4039\fR\m[]\&\s-2\u[37]\d\s+2\&. When a client sends a DHCPDISCOVER message with the Rapid Commit option to the server, then the server will reply with a DHCPACK message to the client, instead of DHCPOFFER\&. Defaults to true\&. +\m[blue]\fBRFC 4039\fR\m[]\&\s-2\u[39]\d\s+2\&. When a client sends a DHCPDISCOVER message with the Rapid Commit option to the server, then the server will reply with a DHCPACK message to the client, instead of DHCPOFFER\&. Defaults to true\&. .sp Added in version 255\&. .RE +.PP +\fIPersistLeases=\fR +.RS 4 +Takes a boolean\&. When true, the DHCP server will load and save leases in the persistent storage\&. When false, the DHCP server will neither load nor save leases in the persistent storage\&. Hence, bound leases will be lost when the interface is reconfigured e\&.g\&. by +\fBnetworkctl reconfigure\fR, or +systemd\-networkd\&.service +is restarted\&. That may cause address conflict on the network\&. So, please take an extra care when disable this setting\&. When unspecified, the value specified in the same setting in +\fBnetworkd.conf\fR(5), which defaults to +"yes", will be used\&. +.sp +Added in version 256\&. +.RE .SH "[DHCPSERVERSTATICLEASE] SECTION OPTIONS" .PP The @@ -3716,9 +3868,16 @@ Takes a timespan\&. Configures the IPv6 router lifetime in seconds\&. The value Added in version 235\&. .RE .PP +\fIReachableTimeSec=\fR +.RS 4 +Configures the time, used in the Neighbor Unreachability Detection algorithm, for which clients can assume a neighbor is reachable after having received a reachability confirmation\&. Takes a time span in the range 0\&...4294967295 ms\&. When 0, clients will handle it as if the value wasn\*(Aqt specified\&. Defaults to 0\&. +.sp +Added in version 256\&. +.RE +.PP \fIRetransmitSec=\fR .RS 4 -Takes a timespan\&. Configures the retransmit time, used by clients to retransmit Neighbor Solicitation messages on address resolution and the Neighbor Unreachability Detection algorithm\&. An integer the default unit of seconds, in the range 0\&...4294967295 msec\&. Defaults to 0\&. +Configures the time, used in the Neighbor Unreachability Detection algorithm, for which clients can use as retransmit time on address resolution and the Neighbor Unreachability Detection algorithm\&. Takes a time span in the range 0\&...4294967295 ms\&. When 0, clients will handle it as if the value wasn\*(Aqt specified\&. Defaults to 0\&. .sp Added in version 255\&. .RE @@ -3738,7 +3897,7 @@ and added as synonyms for "medium" just to make configuration easier\&. See -\m[blue]\fBRFC 4191\fR\m[]\&\s-2\u[21]\d\s+2 +\m[blue]\fBRFC 4191\fR\m[]\&\s-2\u[23]\d\s+2 for details\&. Defaults to "medium"\&. .sp @@ -3818,8 +3977,8 @@ Added in version 235\&. .PP \fIHomeAgent=\fR .RS 4 -Takes a boolean\&. Specifies that IPv6 router advertisements which indicates to hosts that the router acts as a Home Agent and includes a Home Agent Option\&. Defaults to false\&. See -\m[blue]\fBRFC 6275\fR\m[]\&\s-2\u[10]\d\s+2 +Takes a boolean\&. Specifies that IPv6 router advertisements which indicate to hosts that the router acts as a Home Agent and includes a Home Agent option\&. Defaults to false\&. See +\m[blue]\fBRFC 6275\fR\m[]\&\s-2\u[11]\d\s+2 for further details\&. .sp Added in version 255\&. @@ -3827,7 +3986,7 @@ Added in version 255\&. .PP \fIHomeAgentLifetimeSec=\fR .RS 4 -Takes a timespan\&. Specifies the lifetime of the Home Agent\&. An integer the default unit of seconds, in the range 1\&...65535\&. Defaults to the value set to +Takes a timespan\&. Specifies the lifetime of the Home Agent\&. An integer, the default unit is seconds, in the range 1\&...65535\&. Defaults to the value set to \fIRouterLifetimeSec=\fR\&. .sp Added in version 255\&. @@ -3842,7 +4001,7 @@ Added in version 255\&. .SH "[IPV6PREFIX] SECTION OPTIONS" .PP One or more [IPv6Prefix] sections contain the IPv6 prefixes that are announced via Router Advertisements\&. See -\m[blue]\fBRFC 4861\fR\m[]\&\s-2\u[38]\d\s+2 +\m[blue]\fBRFC 4861\fR\m[]\&\s-2\u[40]\d\s+2 for further details\&. .PP \fIAddressAutoconfiguration=\fR, \fIOnLink=\fR @@ -3903,7 +4062,7 @@ Added in version 249\&. .SH "[IPV6ROUTEPREFIX] SECTION OPTIONS" .PP One or more [IPv6RoutePrefix] sections contain the IPv6 prefix routes that are announced via Router Advertisements\&. See -\m[blue]\fBRFC 4191\fR\m[]\&\s-2\u[21]\d\s+2 +\m[blue]\fBRFC 4191\fR\m[]\&\s-2\u[23]\d\s+2 for further details\&. .PP \fIRoute=\fR @@ -3926,7 +4085,7 @@ Added in version 244\&. .SH "[IPV6PREF64PREFIX] SECTION OPTIONS" .PP One or more [IPv6PREF64Prefix] sections contain the IPv6 PREF64 (or NAT64) prefixes that are announced via Router Advertisements\&. See -\m[blue]\fBRFC 8781\fR\m[]\&\s-2\u[33]\d\s+2 +\m[blue]\fBRFC 8781\fR\m[]\&\s-2\u[35]\d\s+2 for further details\&. .PP \fIPrefix=\fR @@ -5501,14 +5660,14 @@ Added in version 246\&. .RE .SH "[BRIDGEVLAN] SECTION OPTIONS" .PP -The [BridgeVLAN] section manages the VLAN ID configuration of a bridge port and accepts the following keys\&. Specify several [BridgeVLAN] sections to configure several VLAN entries\&. The +The [BridgeVLAN] section manages the VLAN ID configurations of a bridge master or port, and accepts the following keys\&. To make the settings in this section take an effect, \fIVLANFiltering=\fR -option has to be enabled, see the [Bridge] section in -\fBsystemd.netdev\fR(5)\&. +option has to be enabled on the bridge master, see the [Bridge] section in +\fBsystemd.netdev\fR(5)\&. If at least one valid settings specified in this section in a \&.network file for an interface, all assigned VLAN IDs on the interface that are not configured in the \&.network file will be removed\&. If VLAN IDs on an interface need to be managed by other tools, then the settings in this section cannot be used in the matching \&.network file\&. .PP \fIVLAN=\fR .RS 4 -The VLAN ID allowed on the port\&. This can be either a single ID or a range M\-N\&. Takes an integer in the range 1\&...4094\&. +The VLAN ID allowed on the port\&. This can be either a single ID or a range M\-N\&. Takes an integer in the range 1\&...4094\&. This setting can be specified multiple times\&. If an empty string is assigned, then the all previous assignments are cleared\&. .sp Added in version 231\&. .RE @@ -5519,20 +5678,19 @@ The VLAN ID specified here will be used to untag frames on egress\&. Configuring \fIEgressUntagged=\fR implicates the use of \fIVLAN=\fR -above and will enable the VLAN ID for ingress as well\&. This can be either a single ID or a range M\-N\&. +above and will enable the VLAN ID for ingress as well\&. This can be either a single ID or a range M\-N\&. This setting can be specified multiple times\&. If an empty string is assigned, then the all previous assignments are cleared\&. .sp Added in version 231\&. .RE .PP \fIPVID=\fR .RS 4 -The Port VLAN ID specified here is assigned to all untagged frames at ingress\&. -\fIPVID=\fR -can be used only once\&. Configuring +The port VLAN ID specified here is assigned to all untagged frames at ingress\&. Takes an VLAN ID or negative boolean value (e\&.g\&. +"no")\&. When false, the currently assigned port VLAN ID will be dropped\&. Configuring \fIPVID=\fR implicates the use of \fIVLAN=\fR -above and will enable the VLAN ID for ingress as well\&. +setting in the above and will enable the VLAN ID for ingress as well\&. Defaults to unset, and will keep the assigned port VLAN ID if exists\&. .sp Added in version 231\&. .RE @@ -6025,12 +6183,7 @@ nic\&. If offloading is not needed, xfrm interfaces can be assigned to the device\&. .SH "SEE ALSO" .PP -\fBsystemd\fR(1), -\fBsystemd-networkd.service\fR(8), -\fBsystemd.link\fR(5), -\fBsystemd.netdev\fR(5), -\fBsystemd-network-generator.service\fR(8), -\fBsystemd-resolved.service\fR(8) +\fBsystemd\fR(1), \fBsystemd-networkd.service\fR(8), \fBsystemd.link\fR(5), \fBsystemd.netdev\fR(5), \fBsystemd-network-generator.service\fR(8), \fBsystemd-resolved.service\fR(8) .SH "NOTES" .IP " 1." 4 System and Service Credentials @@ -6078,146 +6231,156 @@ RFC 3704 \%https://tools.ietf.org/html/rfc1027 .RE .IP "10." 4 +RFC 3069 +.RS 4 +\%https://tools.ietf.org/html/rfc3069 +.RE +.IP "11." 4 RFC 6275 .RS 4 \%https://tools.ietf.org/html/rfc6275 .RE -.IP "11." 4 +.IP "12." 4 RFC 5227 .RS 4 \%https://tools.ietf.org/html/rfc5227 .RE -.IP "12." 4 +.IP "13." 4 RFC 4862 .RS 4 \%https://tools.ietf.org/html/rfc4862 .RE -.IP "13." 4 +.IP "14." 4 RFC 3041 .RS 4 \%https://tools.ietf.org/html/rfc3041 .RE -.IP "14." 4 +.IP "15." 4 NetLabel .RS 4 \%https://docs.kernel.org/netlabel/index.html .RE -.IP "15." 4 +.IP "16." 4 Linux Security Modules (LSMs) .RS 4 \%https://en.wikipedia.org/wiki/Linux_Security_Modules .RE -.IP "16." 4 +.IP "17." 4 NetLabel Fallback Peer Labeling .RS 4 \%https://github.com/SELinuxProject/selinux-notebook/blob/main/src/network_support.md .RE -.IP "17." 4 +.IP "18." 4 NFT .RS 4 \%https://netfilter.org/projects/nftables/index.html .RE -.IP "18." 4 +.IP "19." 4 RFC 3484 .RS 4 \%https://tools.ietf.org/html/rfc3484 .RE -.IP "19." 4 +.IP "20." 4 Type of Service .RS 4 \%https://en.wikipedia.org/wiki/Type_of_service .RE -.IP "20." 4 +.IP "21." 4 Differentiated services .RS 4 \%https://en.wikipedia.org/wiki/Differentiated_services .RE -.IP "21." 4 +.IP "22." 4 +Virtual Routing and Forwarding (VRF) +.RS 4 +\%https://docs.kernel.org/networking/vrf.html +.RE +.IP "23." 4 RFC 4191 .RS 4 \%https://tools.ietf.org/html/rfc4191 .RE -.IP "22." 4 +.IP "24." 4 RFC 8520 .RS 4 \%https://tools.ietf.org/html/rfc8520 .RE -.IP "23." 4 +.IP "25." 4 RFC 4039 .RS 4 \%https://tools.ietf.org/html/rfc4039 .RE -.IP "24." 4 +.IP "26." 4 RFC 7844 .RS 4 \%https://tools.ietf.org/html/rfc7844 .RE -.IP "25." 4 +.IP "27." 4 C-style escapes .RS 4 \%https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences .RE -.IP "26." 4 +.IP "28." 4 RFC 3442 .RS 4 \%https://datatracker.ietf.org/doc/html/rfc3442 .RE -.IP "27." 4 +.IP "29." 4 RFC 5969 .RS 4 \%https://tools.ietf.org/html/rfc5969 .RE -.IP "28." 4 +.IP "30." 4 RFC 8925 .RS 4 \%https://tools.ietf.org/html/rfc8925 .RE -.IP "29." 4 +.IP "31." 4 RFC 3315 .RS 4 \%https://tools.ietf.org/html/rfc3315#section-17.2.1 .RE -.IP "30." 4 +.IP "32." 4 RFC 8415 .RS 4 \%https://www.rfc-editor.org/rfc/rfc8415.html#section-6.3 .RE -.IP "31." 4 +.IP "33." 4 RFC 4291 .RS 4 \%https://tools.ietf.org/html/rfc4291#section-2.5.4 .RE -.IP "32." 4 +.IP "34." 4 RFC 7217 .RS 4 \%https://tools.ietf.org/html/rfc7217 .RE -.IP "33." 4 +.IP "35." 4 RFC 8781 .RS 4 \%https://tools.ietf.org/html/rfc8781 .RE -.IP "34." 4 +.IP "36." 4 RFC 2131 .RS 4 \%https://www.rfc-editor.org/rfc/rfc2131.html .RE -.IP "35." 4 +.IP "37." 4 RFC 2132 .RS 4 \%https://www.rfc-editor.org/rfc/rfc2132.html .RE -.IP "36." 4 +.IP "38." 4 RFC 1542 .RS 4 \%https://tools.ietf.org/html/rfc1542 .RE -.IP "37." 4 +.IP "39." 4 RFC 4039 .RS 4 \%https://datatracker.ietf.org/doc/html/rfc4039 .RE -.IP "38." 4 +.IP "40." 4 RFC 4861 .RS 4 \%https://tools.ietf.org/html/rfc4861 |