summaryrefslogtreecommitdiffstats
path: root/man/systemd.network.xml
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-12 03:50:42 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-12 03:50:42 +0000
commit78e9bb837c258ac0ec7712b3d612cc2f407e731e (patch)
treef515d16b6efd858a9aeb5b0ef5d6f90bf288283d /man/systemd.network.xml
parentAdding debian version 255.5-1. (diff)
downloadsystemd-78e9bb837c258ac0ec7712b3d612cc2f407e731e.tar.xz
systemd-78e9bb837c258ac0ec7712b3d612cc2f407e731e.zip
Merging upstream version 256.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/systemd.network.xml')
-rw-r--r--man/systemd.network.xml1317
1 files changed, 764 insertions, 553 deletions
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index 5f0a703..b0efd62 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -1,6 +1,6 @@
<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd.network" conditional='ENABLE_NETWORKD'
@@ -39,13 +39,14 @@
<para>The <filename>.network</filename> files are read from the files located in the system network
directories <filename>/usr/lib/systemd/network</filename> and
- <filename>/usr/local/lib/systemd/network</filename>, the volatile runtime network directory
- <filename>/run/systemd/network</filename> and the local administration network directory
- <filename>/etc/systemd/network</filename>. All configuration files are collectively sorted and
- processed in alphanumeric order, regardless of the directories in which they live. However, files
- with identical filenames replace each other. It is recommended that each filename is prefixed with
- a number smaller than <literal>70</literal> (e.g. <filename>10-eth0.network</filename>). Otherwise, the
- default <filename>.network</filename> files or those generated by
+ <filename>/usr/local/lib/systemd/network</filename>
+ <xi:include href="standard-conf.xml" xpointer="usr-local-footnote" />,
+ the volatile runtime network directory <filename>/run/systemd/network</filename> and the local
+ administration network directory <filename>/etc/systemd/network</filename>. All configuration files are
+ collectively sorted and processed in alphanumeric order, regardless of the directories in which they
+ live. However, files with identical filenames replace each other. It is recommended that each filename is
+ prefixed with a number smaller than <literal>70</literal> (e.g. <filename>10-eth0.network</filename>).
+ Otherwise, the default <filename>.network</filename> files or those generated by
<citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
may take precedence over user configured files. Files in <filename>/etc/</filename> have the highest
priority, files in <filename>/run/</filename> take precedence over files with the same name under
@@ -259,16 +260,16 @@
<varlistentry>
<term><varname>RequiredForOnline=</varname></term>
<listitem>
- <para>Takes a boolean or a minimum operational state and an optional maximum operational
- state. Please see
+ <para>Takes a boolean, a minimum operational state (e.g., <literal>carrier</literal>), or a range
+ of operational state separated with a colon (e.g., <literal>degraded:routable</literal>).
+ Please see
<citerefentry><refentrytitle>networkctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for possible operational states. When <literal>yes</literal>, the network is deemed required
when determining whether the system is online (including when running
<command>systemd-networkd-wait-online</command>). When <literal>no</literal>, the network is
ignored when determining the online state. When a minimum operational state and an optional
- maximum operational state are set, <literal>yes</literal> is implied, and this controls the
- minimum and maximum operational state required for the network interface to be considered
- online.</para>
+ maximum operational state are set, <command>systemd-networkd-wait-online</command> deems that the
+ interface is online when the operational state is in the specified range.</para>
<para>Defaults to <literal>yes</literal> when <varname>ActivationPolicy=</varname> is not
set, or set to <literal>up</literal>, <literal>always-up</literal>, or
@@ -283,6 +284,44 @@
skipped automatically by <command>systemd-networkd-wait-online</command> if
<literal>RequiredForOnline=no</literal>.</para>
+ <para>The boolean value <literal>yes</literal> is translated as follows;
+ <variablelist>
+ <varlistentry>
+ <term><option>CAN devices</option></term>
+ <listitem>
+ <para><literal>carrier</literal>,</para>
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>Master devices, e.g. bond or bridge</option></term>
+ <listitem>
+ <para><literal>degraded-carrier</literal> with <varname>RequiredFamilyForOnline=any</varname>,</para>
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>Bonding port interfaces</option></term>
+ <listitem>
+ <para><literal>enslaved</literal>,</para>
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><option>Other interfaces</option></term>
+ <listitem>
+ <para><literal>degraded</literal>.</para>
+ <xi:include href="version-info.xml" xpointer="v236"/>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+
+ <para>This setting can be overridden by the command line option for
+ <command>systemd-networkd-wait-online</command>. See
+ <citerefentry><refentrytitle>systemd-networkd-wait-online.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for more details.</para>
+
<xi:include href="version-info.xml" xpointer="v236"/>
</listitem>
</varlistentry>
@@ -390,20 +429,28 @@
Defaults to <literal>no</literal>. Further settings for the DHCP server may be set in the
[DHCPServer] section described below.</para>
- <xi:include href="version-info.xml" xpointer="v215"/>
+ <para>Even if this is enabled, the DHCP server will not be started automatically and wait for the
+ persistent storage being ready to load/save leases in the storage, unless
+ <varname>RelayTarget=</varname> or <varname>PersistLeases=no</varname> are specified in the
+ [DHCPServer] section. It will be started after
+ <filename>systemd-networkd-persistent-storage.service</filename> is started, which calls
+ <command>networkctl persistent-storage yes</command>. See
+ <citerefentry><refentrytitle>networkctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ for more details.</para>
+
+ <xi:include href="version-info.xml" xpointer="v215"/>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>LinkLocalAddressing=</varname></term>
<listitem>
- <para>Enables link-local address autoconfiguration. Accepts <option>yes</option>,
- <option>no</option>, <option>ipv4</option>, and <option>ipv6</option>. An IPv6 link-local
- address is configured when <option>yes</option> or <option>ipv6</option>. An IPv4 link-local
- address is configured when <option>yes</option> or <option>ipv4</option> and when DHCPv4
- autoconfiguration has been unsuccessful for some time. (IPv4 link-local address
- autoconfiguration will usually happen in parallel with repeated attempts to acquire a DHCPv4
- lease).</para>
+ <para>Enables link-local address autoconfiguration. Accepts a boolean, <option>ipv4</option>,
+ and <option>ipv6</option>. An IPv6 link-local address is configured when <option>yes</option>
+ or <option>ipv6</option>. An IPv4 link-local address is configured when <option>yes</option>
+ or <option>ipv4</option> and when DHCPv4 autoconfiguration has been unsuccessful for some time.
+ (IPv4 link-local address autoconfiguration will usually happen in parallel with repeated attempts
+ to acquire a DHCPv4 lease).</para>
<para>Defaults to <option>no</option> when <varname>KeepMaster=</varname> or
<varname>Bridge=</varname> is set or when the specified
@@ -661,6 +708,9 @@ Table=1234</programlisting></para>
number of dynamically created network interfaces with the same network configuration and
automatic address range assignment.</para>
+ <para>If an empty string is specified, then the all previous assignments in both [Network] and
+ [Address] sections are cleared.</para>
+
<xi:include href="version-info.xml" xpointer="v211"/>
</listitem>
</varlistentry>
@@ -698,6 +748,17 @@ Table=1234</programlisting></para>
</varlistentry>
<varlistentry>
+ <term><varname>UseDomains=</varname></term>
+ <listitem>
+ <para>Specifies the protocol-independent default value for the same settings in
+ [IPv6AcceptRA], [DHCPv4], and [DHCPv6] sections below. Takes a boolean, or the special value
+ <option>route</option>. See also the same setting in [DHCPv4] below. Defaults to unset.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>Domains=</varname></term>
<listitem>
<para>A whitespace-separated list of domains which should be resolved using the DNS servers
@@ -762,26 +823,43 @@ Table=1234</programlisting></para>
</varlistentry>
<varlistentry>
- <term><varname>IPForward=</varname></term>
+ <term><varname>IPv4Forwarding=</varname></term>
<listitem>
- <para>Configures IP packet forwarding for the system. If enabled, incoming packets on any
- network interface will be forwarded to any other interfaces according to the routing table.
- Takes a boolean, or the values <literal>ipv4</literal> or <literal>ipv6</literal>, which only
- enable IP packet forwarding for the specified address family. This controls the
- <filename>net.ipv4.ip_forward</filename> and <filename>net.ipv6.conf.all.forwarding</filename>
- sysctl options of the network interface (see
+ <para>Configures IPv4 packet forwarding for the interface. Takes a boolean value. This controls the
+ <filename>net.ipv4.conf.<replaceable>INTERFACE</replaceable>.forwarding</filename> sysctl option of
+ the network interface. See
<ulink url="https://docs.kernel.org/networking/ip-sysctl.html">IP Sysctl</ulink>
- for details about sysctl options). Defaults to <literal>no</literal>.</para>
+ for more details about the sysctl option. Defaults to true if <varname>IPMasquerade=</varname> is
+ enabled for IPv4, otherwise the value specified to the same setting in
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ will be used. If none of them are specified, the sysctl option will not be changed.</para>
+
+ <para>To control the global setting, use the same setting in
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ </para>
- <para>Note: this setting controls a global kernel option, and does so one way only: if a
- network that has this setting enabled is set up the global setting is turned on. However,
- it is never turned off again, even after all networks with this setting enabled are shut
- down again.</para>
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
- <para>To allow IP packet forwarding only between specific network interfaces use a firewall.
+ <varlistentry>
+ <term><varname>IPv6Forwarding=</varname></term>
+ <listitem>
+ <para>Configures IPv6 packet forwarding for the interface. Takes a boolean value. This controls the
+ <filename>net.ipv6.conf.<replaceable>INTERFACE</replaceable>.forwarding</filename> sysctl option of
+ the network interface. See
+ <ulink url="https://docs.kernel.org/networking/ip-sysctl.html">IP Sysctl</ulink>
+ for more details about the sysctl option. Defaults to true if <varname>IPMasquerade=</varname> is
+ enabled for IPv6 or <varname>IPv6SendRA=</varname> is enabled, otherwise the value specified to the
+ same setting in
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ will be used. If none of them are specified, the sysctl option will not be changed.</para>
+
+ <para>To control the global setting, use the same setting in
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
</para>
- <xi:include href="version-info.xml" xpointer="v219"/>
+ <xi:include href="version-info.xml" xpointer="v256"/>
</listitem>
</varlistentry>
@@ -789,13 +867,20 @@ Table=1234</programlisting></para>
<term><varname>IPMasquerade=</varname></term>
<listitem>
<para>Configures IP masquerading for the network interface. If enabled, packets forwarded
- from the network interface will be appear as coming from the local host. Takes one of
- <literal>ipv4</literal>, <literal>ipv6</literal>, <literal>both</literal>, or
- <literal>no</literal>. Defaults to <literal>no</literal>. If enabled, this automatically sets
- <varname>IPForward=</varname> to one of <literal>ipv4</literal>, <literal>ipv6</literal> or
- <literal>yes</literal>.</para>
- <para>Note. Any positive boolean values such as <literal>yes</literal> or
- <literal>true</literal> are now deprecated. Please use one of the values above.</para>
+ from the network interface will be appear as coming from the local host. Typically, this should be
+ enabled on the downstream interface of routers. Takes one of <literal>ipv4</literal>,
+ <literal>ipv6</literal>, <literal>both</literal>, or <literal>no</literal>. Defaults to
+ <literal>no</literal>. Note. Any positive boolean values such as <literal>yes</literal> or
+ <literal>true</literal> are now deprecated. Please use one of the values above. Specifying
+ <literal>ipv4</literal> or <literal>both</literal> implies <varname>IPv4Forwarding=</varname>,
+ unless it is explicitly specified. Similarly for <varname>IPv6Forwarding=</varname> when
+ <literal>ipv6</literal> or <literal>both</literal> is specified. These implications are only on
+ this interface. Hence, to make the IP packet forwarding works,
+ <varname>IPv4Forwarding=</varname>/<varname>IPv6Forwarding=</varname> need to be enabled on an
+ upstream interface, or globally enabled by specifying them in
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ See <varname>IPv4Forwarding=</varname>/<varname>IPv6Forwarding=</varname> in the above for more
+ details.</para>
<xi:include href="version-info.xml" xpointer="v219"/>
</listitem>
@@ -823,12 +908,13 @@ Table=1234</programlisting></para>
<varlistentry>
<term><varname>IPv6AcceptRA=</varname></term>
<listitem>
- <para>Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the
- interface. If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they
- may trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or
- if no routers are found on the link. The default is to disable RA reception for bridge
- devices or when IP forwarding is enabled, and to enable it otherwise. Cannot be enabled on
- devices aggregated in a bond device or when link-local addressing is disabled.</para>
+ <para>Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the interface.
+ If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they may trigger the
+ start of the DHCPv6 client if the relevant flags are set in the RA data, or if no routers are found
+ on the link. Defaults to false for bridge devices, when IP forwarding is enabled,
+ <varname>IPv6SendRA=</varname> or <varname>KeepMaster=</varname> is enabled. Otherwise, enabled by
+ default. Cannot be enabled on devices aggregated in a bond device or when link-local addressing is
+ disabled.</para>
<para>Further settings for the IPv6 RA support may be configured in the [IPv6AcceptRA]
section, see below.</para>
@@ -872,6 +958,18 @@ Table=1234</programlisting></para>
</varlistentry>
<varlistentry>
+ <term><varname>IPv6RetransmissionTimeSec=</varname></term>
+ <listitem>
+ <para>Configures IPv6 Retransmission Time. The time between retransmitted Neighbor
+ Solicitation messages. Used by address resolution and the Neighbor Unreachability
+ Detection algorithm. A value of zero is ignored and the kernel's current value
+ will be used. Defaults to unset, and the kernel's current value will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>IPv4ReversePathFilter=</varname></term>
<listitem>
<para>Configure IPv4 Reverse Path Filtering. If enabled, when an IPv4 packet is received, the machine will first check
@@ -925,6 +1023,21 @@ Table=1234</programlisting></para>
</varlistentry>
<varlistentry>
+ <term><varname>IPv4ProxyARPPrivateVLAN=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures proxy ARP private VLAN for IPv4, also known as VLAN aggregation,
+ private VLAN, source-port filtering, port-isolation, or MAC-forced forwarding.</para>
+
+ <para>This variant of the ARP proxy technique will allow the ARP proxy to reply back to the same
+ interface.</para>
+
+ <para>See <ulink url="https://tools.ietf.org/html/rfc3069">RFC 3069</ulink>. When unset,
+ the kernel's default will be used.</para>
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>IPv6ProxyNDP=</varname></term>
<listitem>
<para>Takes a boolean. Configures proxy NDP for IPv6. Proxy NDP (Neighbor Discovery Protocol)
@@ -965,6 +1078,9 @@ Table=1234</programlisting></para>
distributed. See <varname>DHCPPrefixDelegation=</varname> setting and the [IPv6SendRA],
[IPv6Prefix], [IPv6RoutePrefix], and [DHCPPrefixDelegation] sections for more configuration
options.</para>
+ <para>If enabled, <varname>IPv6Forwarding=</varname> on this interface is also enabled, unless
+ the setting is explicitly specified. See <varname>IPv6Forwarding=</varname> in the above for more
+ details.</para>
<xi:include href="version-info.xml" xpointer="v247"/>
</listitem>
@@ -1323,13 +1439,15 @@ Table=1234</programlisting></para>
Fallback Peer Labeling</ulink> rules. They will be removed when the interface is
deconfigured. Failures to manage the labels will be ignored.</para>
- <para>Warning: Once labeling is enabled for network traffic, a lot of LSM access control points in
- Linux networking stack go from dormant to active. Care should be taken to avoid getting into a
- situation where for example remote connectivity is broken, when the security policy hasn't been
- updated to consider LSM per-packet access controls and no rules would allow any network
- traffic. Also note that additional configuration with <citerefentry
- project='man-pages'><refentrytitle>netlabelctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- is needed.</para>
+ <warning>
+ <para>Once labeling is enabled for network traffic, a lot of LSM access control points in
+ Linux networking stack go from dormant to active. Care should be taken to avoid getting into a
+ situation where for example remote connectivity is broken, when the security policy hasn't been
+ updated to consider LSM per-packet access controls and no rules would allow any network
+ traffic. Also note that additional configuration with <citerefentry
+ project='man-pages'><refentrytitle>netlabelctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ is needed.</para>
+ </warning>
<para>Example:
<programlisting>[Address]
@@ -1602,6 +1720,18 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
</varlistentry>
<varlistentry>
+ <term><varname>L3MasterDevice=</varname></term>
+ <listitem>
+ <para>A boolean. Specifies whether the rule is to direct lookups to the tables associated with
+ level 3 master devices (also known as Virtual Routing and Forwarding or VRF devices).
+ For further details see <ulink url="https://docs.kernel.org/networking/vrf.html">
+ Virtual Routing and Forwarding (VRF)</ulink>. Defaults to false.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>SourcePort=</varname></term>
<listitem>
<para>Specifies the source IP port or IP port range match in forwarding information base
@@ -1714,8 +1844,10 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
<varlistentry>
<term><varname>Id=</varname></term>
<listitem>
- <para>The id of the next hop. Takes an integer in the range 1…4294967295. If unspecified,
- then automatically chosen by kernel.</para>
+ <para>The id of the next hop. Takes an integer in the range 1…4294967295.
+ This is mandatory if <varname>ManageForeignNextHops=no</varname> is specified in
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ Otherwise, if unspecified, an unused ID will be automatically picked.</para>
<xi:include href="version-info.xml" xpointer="v244"/>
</listitem>
@@ -1921,7 +2053,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
<command>ip route show table <replaceable>num</replaceable></command>. If unset and
<varname>Type=</varname> is <literal>local</literal>, <literal>broadcast</literal>,
<literal>anycast</literal>, or <literal>nat</literal>, then <literal>local</literal> is used.
- In other cases, defaults to <literal>main</literal>.</para>
+ In other cases, defaults to <literal>main</literal>. Ignored if <varname>L3MasterDevice=</varname> is true.</para>
<xi:include href="version-info.xml" xpointer="v230"/>
</listitem>
@@ -2018,16 +2150,6 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
</varlistentry>
<varlistentry>
- <term><varname>TTLPropagate=</varname></term>
- <listitem>
- <para>Takes a boolean. When true enables TTL propagation at Label Switched Path (LSP) egress.
- When unset, the kernel's default will be used.</para>
-
- <xi:include href="version-info.xml" xpointer="v243"/>
- </listitem>
- </varlistentry>
-
- <varlistentry>
<term><varname>MTUBytes=</varname></term>
<listitem>
<para>The maximum transmission unit in bytes to set for the route. The usual suffixes K, M,
@@ -2267,7 +2389,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
are implied and these settings in the .network file are silently ignored. Also,
<varname>Hostname=</varname>,
<varname>MUDURL=</varname>,
- <varname>RequestAddress</varname>,
+ <varname>RequestAddress=</varname>,
<varname>RequestOptions=</varname>,
<varname>SendOption=</varname>,
<varname>SendVendorOption=</varname>,
@@ -2472,7 +2594,15 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
effect of the <option>Domains=</option> setting. If set to <option>route</option>, the domain name
received from the DHCP server will be used for routing DNS queries only, but not for searching,
similarly to the effect of the <option>Domains=</option> setting when the argument is prefixed with
- <literal>~</literal>. Defaults to false.</para>
+ <literal>~</literal>.</para>
+
+ <para>When unspecified, the value specified in the same setting in the [Network] section will be
+ used. When it is unspecified, the value specified in the same setting in the [DHCPv4] section in
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ will be used. When it is unspecified, the value specified in the same setting in the [Network]
+ section in
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ will be used. When none of them are specified, defaults to <literal>no</literal>.</para>
<para>It is recommended to enable this option only on trusted networks, as setting this
affects resolution of all hostnames, in particular of single-label names. It is generally
@@ -2663,13 +2793,22 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
</varlistentry>
<varlistentry>
+ <term><varname>ServerPort=</varname></term>
+ <listitem>
+ <para>Set the port on which the DHCP server is listening.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>DenyList=</varname></term>
<listitem>
<para>A whitespace-separated list of IPv4 addresses. Each address can optionally take a
prefix length after <literal>/</literal>. DHCP offers from servers in the list are rejected.
Note that if <varname>AllowList=</varname> is configured then <varname>DenyList=</varname> is
ignored.</para>
- <para>Note that this filters only DHCP offers, so the filtering may not work when
+ <para>Note that this filters only DHCP offers, so the filtering might not work when
<varname>RapidCommit=</varname> is enabled. See also <varname>RapidCommit=</varname> in the above.
</para>
@@ -2683,7 +2822,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
<para>A whitespace-separated list of IPv4 addresses. Each address can optionally take a
prefix length after <literal>/</literal>. DHCP offers from servers in the list are accepted.
</para>
- <para>Note that this filters only DHCP offers, so the filtering may not work when
+ <para>Note that this filters only DHCP offers, so the filtering might not work when
<varname>RapidCommit=</varname> is enabled. See also <varname>RapidCommit=</varname> in the above.
</para>
@@ -3085,6 +3224,16 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
<variablelist class='network-directives'>
<varlistentry>
+ <term><varname>UseRedirect=</varname></term>
+ <listitem>
+ <para>When true (the default), Redirect message sent by the current first-hop router will be
+ accepted, and configures routes to redirected nodes will be configured.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>Token=</varname></term>
<listitem>
<para>Specifies an optional address generation mode for the Stateless Address
@@ -3274,12 +3423,25 @@ Token=prefixstable:2002:da8:1::</programlisting></para>
</varlistentry>
<varlistentry>
- <term><varname>UseICMP6RateLimit=</varname></term>
+ <term><varname>UseReachableTime=</varname></term>
<listitem>
- <para>Takes a boolean. When true, the ICMP6 rate limit received in the Router Advertisement will be set to ICMP6
- rate limit based on the advertisement. Defaults to true.</para>
+ <para>Takes a boolean. When true, the reachable time received in the Router Advertisement will be
+ set on the interface receiving the advertisement. It is used as the base timespan of the validity
+ of a neighbor entry. Defaults to true.</para>
- <xi:include href="version-info.xml" xpointer="v255"/>
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>UseRetransmissionTime=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When true, the retransmission time received in the Router Advertisement will be set
+ on the interface receiving the advertisement. It is used as the time between retransmissions of Neighbor
+ Solicitation messages to a neighbor when resolving the address or when probing the reachability of a neighbor.
+ Defaults to true.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
</listitem>
</varlistentry>
@@ -3786,6 +3948,22 @@ ServerAddress=192.168.0.1/24</programlisting>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>PersistLeases=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When true, the DHCP server will load and save leases in the persistent
+ storage. When false, the DHCP server will neither load nor save leases in the persistent storage.
+ Hence, bound leases will be lost when the interface is reconfigured e.g. by
+ <command>networkctl reconfigure</command>, or <filename>systemd-networkd.service</filename>
+ is restarted. That may cause address conflict on the network. So, please take an extra care when
+ disable this setting. When unspecified, the value specified in the same setting in
+ <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ which defaults to <literal>yes</literal>, will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
@@ -3852,13 +4030,28 @@ ServerAddress=192.168.0.1/24</programlisting>
</varlistentry>
<varlistentry>
+ <term><varname>ReachableTimeSec=</varname></term>
+
+ <listitem>
+ <para>Configures the time, used in the Neighbor Unreachability Detection algorithm, for which
+ clients can assume a neighbor is reachable after having received a reachability confirmation. Takes
+ a time span in the range 0…4294967295 ms. When 0, clients will handle it as if the value wasn't
+ specified. Defaults to 0.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>RetransmitSec=</varname></term>
- <listitem><para>Takes a timespan. Configures the retransmit time, used by clients to retransmit Neighbor
- Solicitation messages on address resolution and the Neighbor Unreachability Detection algorithm.
- An integer, the default unit is seconds, in the range 0…4294967295 msec. Defaults to 0.</para>
+ <listitem>
+ <para>Configures the time, used in the Neighbor Unreachability Detection algorithm, for which
+ clients can use as retransmit time on address resolution and the Neighbor Unreachability Detection
+ algorithm. Takes a time span in the range 0…4294967295 ms. When 0, clients will handle it as if
+ the value wasn't specified. Defaults to 0.</para>
- <xi:include href="version-info.xml" xpointer="v255"/>
+ <xi:include href="version-info.xml" xpointer="v255"/>
</listitem>
</varlistentry>
@@ -3974,9 +4167,9 @@ ServerAddress=192.168.0.1/24</programlisting>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsect1>
- <refsect1>
+ <refsect1>
<title>[IPv6Prefix] Section Options</title>
<para>One or more [IPv6Prefix] sections contain the IPv6 prefixes that are announced via Router
Advertisements. See <ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink> for further
@@ -4051,9 +4244,9 @@ ServerAddress=192.168.0.1/24</programlisting>
</listitem>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsect1>
- <refsect1>
+ <refsect1>
<title>[IPv6RoutePrefix] Section Options</title>
<para>One or more [IPv6RoutePrefix] sections contain the IPv6
prefix routes that are announced via Router Advertisements. See
@@ -4083,9 +4276,9 @@ ServerAddress=192.168.0.1/24</programlisting>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsect1>
- <refsect1>
+ <refsect1>
<title>[IPv6PREF64Prefix] Section Options</title>
<para>One or more [IPv6PREF64Prefix] sections contain the IPv6 PREF64 (or NAT64) prefixes that are announced via Router
Advertisements. See <ulink url="https://tools.ietf.org/html/rfc8781">RFC 8781</ulink> for further
@@ -4112,480 +4305,486 @@ ServerAddress=192.168.0.1/24</programlisting>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
</variablelist>
- </refsect1>
+ </refsect1>
- <refsect1>
+ <refsect1>
<title>[Bridge] Section Options</title>
- <para>The [Bridge] section accepts the following keys:</para>
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>UnicastFlood=</varname></term>
- <listitem>
- <para>Takes a boolean. Controls whether the bridge should flood
- traffic for which an FDB entry is missing and the destination
- is unknown through this port. When unset, the kernel's default will be used.
- </para>
-
- <xi:include href="version-info.xml" xpointer="v223"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>MulticastFlood=</varname></term>
- <listitem>
- <para>Takes a boolean. Controls whether the bridge should flood
- traffic for which an MDB entry is missing and the destination
- is unknown through this port. When unset, the kernel's default will be used.
- </para>
-
- <xi:include href="version-info.xml" xpointer="v242"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>MulticastToUnicast=</varname></term>
- <listitem>
- <para>Takes a boolean. Multicast to unicast works on top of the multicast snooping feature of
- the bridge. Which means unicast copies are only delivered to hosts which are interested in it.
- When unset, the kernel's default will be used.
- </para>
-
- <xi:include href="version-info.xml" xpointer="v240"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>NeighborSuppression=</varname></term>
- <listitem>
- <para>Takes a boolean. Configures whether ARP and ND neighbor suppression is enabled for
- this port. When unset, the kernel's default will be used.
- </para>
-
- <xi:include href="version-info.xml" xpointer="v242"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Learning=</varname></term>
- <listitem>
- <para>Takes a boolean. Configures whether MAC address learning is enabled for
- this port. When unset, the kernel's default will be used.
- </para>
-
- <xi:include href="version-info.xml" xpointer="v242"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>HairPin=</varname></term>
- <listitem>
- <para>Takes a boolean. Configures whether traffic may be sent back out of the port on which it
- was received. When this flag is false, then the bridge will not forward traffic back out of the
- receiving port. When unset, the kernel's default will be used.</para>
-
- <xi:include href="version-info.xml" xpointer="v223"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Isolated=</varname></term>
- <listitem>
- <para>Takes a boolean. Configures whether this port is isolated or not. Within a bridge,
- isolated ports can only communicate with non-isolated ports. When set to true, this port can only
- communicate with other ports whose Isolated setting is false. When set to false, this port
- can communicate with any other ports. When unset, the kernel's default will be used.</para>
-
- <xi:include href="version-info.xml" xpointer="v251"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>UseBPDU=</varname></term>
- <listitem>
- <para>Takes a boolean. Configures whether STP Bridge Protocol Data Units will be
- processed by the bridge port. When unset, the kernel's default will be used.</para>
-
- <xi:include href="version-info.xml" xpointer="v223"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>FastLeave=</varname></term>
- <listitem>
- <para>Takes a boolean. This flag allows the bridge to immediately stop multicast
- traffic on a port that receives an IGMP Leave message. It is only used with
- IGMP snooping if enabled on the bridge. When unset, the kernel's default will be used.</para>
-
- <xi:include href="version-info.xml" xpointer="v223"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>AllowPortToBeRoot=</varname></term>
- <listitem>
- <para>Takes a boolean. Configures whether a given port is allowed to
- become a root port. Only used when STP is enabled on the bridge.
- When unset, the kernel's default will be used.</para>
-
- <xi:include href="version-info.xml" xpointer="v223"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>ProxyARP=</varname></term>
- <listitem>
- <para>Takes a boolean. Configures whether proxy ARP to be enabled on this port.
- When unset, the kernel's default will be used.</para>
-
- <xi:include href="version-info.xml" xpointer="v243"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>ProxyARPWiFi=</varname></term>
- <listitem>
- <para>Takes a boolean. Configures whether proxy ARP to be enabled on this port
- which meets extended requirements by IEEE 802.11 and Hotspot 2.0 specifications.
- When unset, the kernel's default will be used.</para>
-
- <xi:include href="version-info.xml" xpointer="v243"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>MulticastRouter=</varname></term>
- <listitem>
- <para>Configures this port for having multicast routers attached. A port with a multicast
- router will receive all multicast traffic. Takes one of <literal>no</literal>
- to disable multicast routers on this port, <literal>query</literal> to let the system detect
- the presence of routers, <literal>permanent</literal> to permanently enable multicast traffic
- forwarding on this port, or <literal>temporary</literal> to enable multicast routers temporarily
- on this port, not depending on incoming queries. When unset, the kernel's default will be used.</para>
-
- <xi:include href="version-info.xml" xpointer="v243"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Cost=</varname></term>
- <listitem>
- <para>Sets the "cost" of sending packets of this interface.
- Each port in a bridge may have a different speed and the cost
- is used to decide which link to use. Faster interfaces
- should have lower costs. It is an integer value between 1 and
- 65535.</para>
-
- <xi:include href="version-info.xml" xpointer="v218"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Priority=</varname></term>
- <listitem>
- <para>Sets the "priority" of sending packets on this interface.
- Each port in a bridge may have a different priority which is used
- to decide which link to use. Lower value means higher priority.
- It is an integer value between 0 to 63. Networkd does not set any
- default, meaning the kernel default value of 32 is used.</para>
-
- <xi:include href="version-info.xml" xpointer="v234"/>
- </listitem>
- </varlistentry>
- </variablelist>
+ <para>The [Bridge] section accepts the following keys:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>UnicastFlood=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Controls whether the bridge should flood
+ traffic for which an FDB entry is missing and the destination
+ is unknown through this port. When unset, the kernel's default will be used.
+ </para>
+
+ <xi:include href="version-info.xml" xpointer="v223"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>MulticastFlood=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Controls whether the bridge should flood
+ traffic for which an MDB entry is missing and the destination
+ is unknown through this port. When unset, the kernel's default will be used.
+ </para>
+
+ <xi:include href="version-info.xml" xpointer="v242"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>MulticastToUnicast=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Multicast to unicast works on top of the multicast snooping feature of
+ the bridge. Which means unicast copies are only delivered to hosts which are interested in it.
+ When unset, the kernel's default will be used.
+ </para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>NeighborSuppression=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures whether ARP and ND neighbor suppression is enabled for
+ this port. When unset, the kernel's default will be used.
+ </para>
+
+ <xi:include href="version-info.xml" xpointer="v242"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Learning=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures whether MAC address learning is enabled for
+ this port. When unset, the kernel's default will be used.
+ </para>
+
+ <xi:include href="version-info.xml" xpointer="v242"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>HairPin=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures whether traffic may be sent back out of the port on which it
+ was received. When this flag is false, then the bridge will not forward traffic back out of the
+ receiving port. When unset, the kernel's default will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v223"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Isolated=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures whether this port is isolated or not. Within a bridge,
+ isolated ports can only communicate with non-isolated ports. When set to true, this port can only
+ communicate with other ports whose Isolated setting is false. When set to false, this port
+ can communicate with any other ports. When unset, the kernel's default will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>UseBPDU=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures whether STP Bridge Protocol Data Units will be
+ processed by the bridge port. When unset, the kernel's default will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v223"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>FastLeave=</varname></term>
+ <listitem>
+ <para>Takes a boolean. This flag allows the bridge to immediately stop multicast
+ traffic on a port that receives an IGMP Leave message. It is only used with
+ IGMP snooping if enabled on the bridge. When unset, the kernel's default will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v223"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>AllowPortToBeRoot=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures whether a given port is allowed to
+ become a root port. Only used when STP is enabled on the bridge.
+ When unset, the kernel's default will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v223"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>ProxyARP=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures whether proxy ARP to be enabled on this port.
+ When unset, the kernel's default will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v243"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>ProxyARPWiFi=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures whether proxy ARP to be enabled on this port
+ which meets extended requirements by IEEE 802.11 and Hotspot 2.0 specifications.
+ When unset, the kernel's default will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v243"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>MulticastRouter=</varname></term>
+ <listitem>
+ <para>Configures this port for having multicast routers attached. A port with a multicast
+ router will receive all multicast traffic. Takes one of <literal>no</literal>
+ to disable multicast routers on this port, <literal>query</literal> to let the system detect
+ the presence of routers, <literal>permanent</literal> to permanently enable multicast traffic
+ forwarding on this port, or <literal>temporary</literal> to enable multicast routers temporarily
+ on this port, not depending on incoming queries. When unset, the kernel's default will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v243"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Cost=</varname></term>
+ <listitem>
+ <para>Sets the "cost" of sending packets of this interface.
+ Each port in a bridge may have a different speed and the cost
+ is used to decide which link to use. Faster interfaces
+ should have lower costs. It is an integer value between 1 and
+ 65535.</para>
+
+ <xi:include href="version-info.xml" xpointer="v218"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Priority=</varname></term>
+ <listitem>
+ <para>Sets the "priority" of sending packets on this interface.
+ Each port in a bridge may have a different priority which is used
+ to decide which link to use. Lower value means higher priority.
+ It is an integer value between 0 to 63. Networkd does not set any
+ default, meaning the kernel default value of 32 is used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v234"/>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
+
<refsect1>
<title>[BridgeFDB] Section Options</title>
- <para>The [BridgeFDB] section manages the forwarding database table of a port and accepts the following
- keys. Specify several [BridgeFDB] sections to configure several static MAC table entries.</para>
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>MACAddress=</varname></term>
- <listitem>
- <para>As in the [Network] section. This key is mandatory.</para>
+ <para>The [BridgeFDB] section manages the forwarding database table of a port and accepts the following
+ keys. Specify several [BridgeFDB] sections to configure several static MAC table entries.</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>MACAddress=</varname></term>
+ <listitem>
+ <para>As in the [Network] section. This key is mandatory.</para>
<xi:include href="version-info.xml" xpointer="v219"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Destination=</varname></term>
- <listitem>
- <para>Takes an IP address of the destination VXLAN tunnel endpoint.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Destination=</varname></term>
+ <listitem>
+ <para>Takes an IP address of the destination VXLAN tunnel endpoint.</para>
<xi:include href="version-info.xml" xpointer="v243"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>VLANId=</varname></term>
- <listitem>
- <para>The VLAN ID for the new static MAC table entry. If
- omitted, no VLAN ID information is appended to the new static MAC
- table entry.</para>
-
- <xi:include href="version-info.xml" xpointer="v219"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>VNI=</varname></term>
- <listitem>
- <para>The VXLAN Network Identifier (or VXLAN Segment ID) to use to connect to
- the remote VXLAN tunnel endpoint. Takes a number in the range 1…16777215.
- Defaults to unset.</para>
-
- <xi:include href="version-info.xml" xpointer="v243"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>AssociatedWith=</varname></term>
- <listitem>
- <para>Specifies where the address is associated with. Takes one of <literal>use</literal>,
- <literal>self</literal>, <literal>master</literal> or <literal>router</literal>.
- <literal>use</literal> means the address is in use. User space can use this option to
- indicate to the kernel that the fdb entry is in use. <literal>self</literal> means
- the address is associated with the port drivers fdb. Usually hardware. <literal>master</literal>
- means the address is associated with master devices fdb. <literal>router</literal> means
- the destination address is associated with a router. Note that it's valid if the referenced
- device is a VXLAN type device and has route shortcircuit enabled. Defaults to <literal>self</literal>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>VLANId=</varname></term>
+ <listitem>
+ <para>The VLAN ID for the new static MAC table entry. If
+ omitted, no VLAN ID information is appended to the new static MAC
+ table entry.</para>
+
+ <xi:include href="version-info.xml" xpointer="v219"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>VNI=</varname></term>
+ <listitem>
+ <para>The VXLAN Network Identifier (or VXLAN Segment ID) to use to connect to
+ the remote VXLAN tunnel endpoint. Takes a number in the range 1…16777215.
+ Defaults to unset.</para>
<xi:include href="version-info.xml" xpointer="v243"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>OutgoingInterface=</varname></term>
- <listitem>
- <para>Specifies the name or index of the outgoing interface for the VXLAN device driver to
- reach the remote VXLAN tunnel endpoint. Defaults to unset.</para>
-
- <xi:include href="version-info.xml" xpointer="v249"/>
- </listitem>
- </varlistentry>
- </variablelist>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>AssociatedWith=</varname></term>
+ <listitem>
+ <para>Specifies where the address is associated with. Takes one of <literal>use</literal>,
+ <literal>self</literal>, <literal>master</literal> or <literal>router</literal>.
+ <literal>use</literal> means the address is in use. User space can use this option to
+ indicate to the kernel that the fdb entry is in use. <literal>self</literal> means
+ the address is associated with the port drivers fdb. Usually hardware. <literal>master</literal>
+ means the address is associated with master devices fdb. <literal>router</literal> means
+ the destination address is associated with a router. Note that it's valid if the referenced
+ device is a VXLAN type device and has route shortcircuit enabled. Defaults to <literal>self</literal>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v243"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>OutgoingInterface=</varname></term>
+ <listitem>
+ <para>Specifies the name or index of the outgoing interface for the VXLAN device driver to
+ reach the remote VXLAN tunnel endpoint. Defaults to unset.</para>
+
+ <xi:include href="version-info.xml" xpointer="v249"/>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
+
<refsect1>
<title>[BridgeMDB] Section Options</title>
- <para>The [BridgeMDB] section manages the multicast membership entries forwarding database table of a port and accepts the following
- keys. Specify several [BridgeMDB] sections to configure several permanent multicast membership entries.</para>
+ <para>The [BridgeMDB] section manages the multicast membership entries forwarding database table of a port and accepts the following
+ keys. Specify several [BridgeMDB] sections to configure several permanent multicast membership entries.</para>
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>MulticastGroupAddress=</varname></term>
- <listitem>
- <para>Specifies the IPv4 or IPv6 multicast group address to add. This setting is mandatory.</para>
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>MulticastGroupAddress=</varname></term>
+ <listitem>
+ <para>Specifies the IPv4 or IPv6 multicast group address to add. This setting is mandatory.</para>
<xi:include href="version-info.xml" xpointer="v247"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>VLANId=</varname></term>
- <listitem>
- <para>The VLAN ID for the new entry. Valid ranges are 0 (no VLAN) to 4094. Optional, defaults to 0.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>VLANId=</varname></term>
+ <listitem>
+ <para>The VLAN ID for the new entry. Valid ranges are 0 (no VLAN) to 4094. Optional, defaults to 0.</para>
<xi:include href="version-info.xml" xpointer="v247"/>
- </listitem>
- </varlistentry>
- </variablelist>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
<refsect1>
<title>[LLDP] Section Options</title>
- <para>The [LLDP] section manages the Link Layer Discovery Protocol (LLDP) and accepts the following
- keys:</para>
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>MUDURL=</varname></term>
- <listitem>
- <para>When configured, the specified Manufacturer Usage Descriptions (MUD) URL will be sent in
- LLDP packets. The syntax and semantics are the same as for <varname>MUDURL=</varname> in the
- [DHCPv4] section described above.</para>
-
- <para>The MUD URLs received via LLDP packets are saved and can be read using the
- <function>sd_lldp_neighbor_get_mud_url()</function> function.</para>
-
- <xi:include href="version-info.xml" xpointer="v246"/>
- </listitem>
- </varlistentry>
- </variablelist>
+ <para>The [LLDP] section manages the Link Layer Discovery Protocol (LLDP) and accepts the following
+ keys:</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>MUDURL=</varname></term>
+ <listitem>
+ <para>When configured, the specified Manufacturer Usage Descriptions (MUD) URL will be sent in
+ LLDP packets. The syntax and semantics are the same as for <varname>MUDURL=</varname> in the
+ [DHCPv4] section described above.</para>
+
+ <para>The MUD URLs received via LLDP packets are saved and can be read using the
+ <function>sd_lldp_neighbor_get_mud_url()</function> function.</para>
+
+ <xi:include href="version-info.xml" xpointer="v246"/>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
<refsect1>
<title>[CAN] Section Options</title>
- <para>The [CAN] section manages the Controller Area Network (CAN bus) and accepts the
- following keys:</para>
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>BitRate=</varname></term>
- <listitem>
- <para>The bitrate of CAN device in bits per second. The usual SI prefixes (K, M) with the base of 1000 can
- be used here. Takes a number in the range 1…4294967295.</para>
-
- <xi:include href="version-info.xml" xpointer="v239"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>SamplePoint=</varname></term>
- <listitem>
- <para>Optional sample point in percent with one decimal (e.g. <literal>75%</literal>,
- <literal>87.5%</literal>) or permille (e.g. <literal>875‰</literal>). This will be ignored when
- <varname>BitRate=</varname> is unspecified.</para>
+ <para>The [CAN] section manages the Controller Area Network (CAN bus) and accepts the
+ following keys:</para>
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>BitRate=</varname></term>
+ <listitem>
+ <para>The bitrate of CAN device in bits per second. The usual SI prefixes (K, M) with the base of 1000 can
+ be used here. Takes a number in the range 1…4294967295.</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>SamplePoint=</varname></term>
+ <listitem>
+ <para>Optional sample point in percent with one decimal (e.g. <literal>75%</literal>,
+ <literal>87.5%</literal>) or permille (e.g. <literal>875‰</literal>). This will be ignored when
+ <varname>BitRate=</varname> is unspecified.</para>
<xi:include href="version-info.xml" xpointer="v239"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>TimeQuantaNSec=</varname></term>
- <term><varname>PropagationSegment=</varname></term>
- <term><varname>PhaseBufferSegment1=</varname></term>
- <term><varname>PhaseBufferSegment2=</varname></term>
- <term><varname>SyncJumpWidth=</varname></term>
- <listitem>
- <para>Specifies the time quanta, propagation segment, phase buffer segment 1 and 2, and the
- synchronization jump width, which allow one to define the CAN bit-timing in a hardware
- independent format as proposed by the Bosch CAN 2.0 Specification.
- <varname>TimeQuantaNSec=</varname> takes a timespan in nanoseconds.
- <varname>PropagationSegment=</varname>, <varname>PhaseBufferSegment1=</varname>,
- <varname>PhaseBufferSegment2=</varname>, and <varname>SyncJumpWidth=</varname> take number
- of time quantum specified in <varname>TimeQuantaNSec=</varname> and must be an unsigned
- integer in the range 0…4294967295. These settings except for
- <varname>SyncJumpWidth=</varname> will be ignored when <varname>BitRate=</varname> is
- specified.</para>
-
- <xi:include href="version-info.xml" xpointer="v250"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>DataBitRate=</varname></term>
- <term><varname>DataSamplePoint=</varname></term>
- <listitem>
- <para>The bitrate and sample point for the data phase, if CAN-FD is used. These settings are
- analogous to the <varname>BitRate=</varname> and <varname>SamplePoint=</varname> keys.</para>
-
- <xi:include href="version-info.xml" xpointer="v246"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>DataTimeQuantaNSec=</varname></term>
- <term><varname>DataPropagationSegment=</varname></term>
- <term><varname>DataPhaseBufferSegment1=</varname></term>
- <term><varname>DataPhaseBufferSegment2=</varname></term>
- <term><varname>DataSyncJumpWidth=</varname></term>
- <listitem>
- <para>Specifies the time quanta, propagation segment, phase buffer segment 1 and 2, and the
- synchronization jump width for the data phase, if CAN-FD is used. These settings are
- analogous to the <varname>TimeQuantaNSec=</varname> or related settings.</para>
-
- <xi:include href="version-info.xml" xpointer="v250"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>FDMode=</varname></term>
- <listitem>
- <para>Takes a boolean. When <literal>yes</literal>, CAN-FD mode is enabled for the interface.
- Note, that a bitrate and optional sample point should also be set for the CAN-FD data phase using
- the <varname>DataBitRate=</varname> and <varname>DataSamplePoint=</varname> keys, or
- <varname>DataTimeQuanta=</varname> and related settings.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>TimeQuantaNSec=</varname></term>
+ <term><varname>PropagationSegment=</varname></term>
+ <term><varname>PhaseBufferSegment1=</varname></term>
+ <term><varname>PhaseBufferSegment2=</varname></term>
+ <term><varname>SyncJumpWidth=</varname></term>
+ <listitem>
+ <para>Specifies the time quanta, propagation segment, phase buffer segment 1 and 2, and the
+ synchronization jump width, which allow one to define the CAN bit-timing in a hardware
+ independent format as proposed by the Bosch CAN 2.0 Specification.
+ <varname>TimeQuantaNSec=</varname> takes a timespan in nanoseconds.
+ <varname>PropagationSegment=</varname>, <varname>PhaseBufferSegment1=</varname>,
+ <varname>PhaseBufferSegment2=</varname>, and <varname>SyncJumpWidth=</varname> take number
+ of time quantum specified in <varname>TimeQuantaNSec=</varname> and must be an unsigned
+ integer in the range 0…4294967295. These settings except for
+ <varname>SyncJumpWidth=</varname> will be ignored when <varname>BitRate=</varname> is
+ specified.</para>
+
+ <xi:include href="version-info.xml" xpointer="v250"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>DataBitRate=</varname></term>
+ <term><varname>DataSamplePoint=</varname></term>
+ <listitem>
+ <para>The bitrate and sample point for the data phase, if CAN-FD is used. These settings are
+ analogous to the <varname>BitRate=</varname> and <varname>SamplePoint=</varname> keys.</para>
<xi:include href="version-info.xml" xpointer="v246"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>FDNonISO=</varname></term>
- <listitem>
- <para>Takes a boolean. When <literal>yes</literal>, non-ISO CAN-FD mode is enabled for the
- interface. When unset, the kernel's default will be used.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>DataTimeQuantaNSec=</varname></term>
+ <term><varname>DataPropagationSegment=</varname></term>
+ <term><varname>DataPhaseBufferSegment1=</varname></term>
+ <term><varname>DataPhaseBufferSegment2=</varname></term>
+ <term><varname>DataSyncJumpWidth=</varname></term>
+ <listitem>
+ <para>Specifies the time quanta, propagation segment, phase buffer segment 1 and 2, and the
+ synchronization jump width for the data phase, if CAN-FD is used. These settings are
+ analogous to the <varname>TimeQuantaNSec=</varname> or related settings.</para>
+
+ <xi:include href="version-info.xml" xpointer="v250"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>FDMode=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When <literal>yes</literal>, CAN-FD mode is enabled for the interface.
+ Note, that a bitrate and optional sample point should also be set for the CAN-FD data phase using
+ the <varname>DataBitRate=</varname> and <varname>DataSamplePoint=</varname> keys, or
+ <varname>DataTimeQuanta=</varname> and related settings.</para>
+
+ <xi:include href="version-info.xml" xpointer="v246"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>FDNonISO=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When <literal>yes</literal>, non-ISO CAN-FD mode is enabled for the
+ interface. When unset, the kernel's default will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v246"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>RestartSec=</varname></term>
+ <listitem>
+ <para>Automatic restart delay time. If set to a non-zero value, a restart of the CAN controller will be
+ triggered automatically in case of a bus-off condition after the specified delay time. Subsecond delays can
+ be specified using decimals (e.g. <literal>0.1s</literal>) or a <literal>ms</literal> or
+ <literal>us</literal> postfix. Using <literal>infinity</literal> or <literal>0</literal> will turn the
+ automatic restart off. By default automatic restart is disabled.</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Termination=</varname></term>
+ <listitem>
+ <para>Takes a boolean or a termination resistor value in ohm in the range 0…65535. When
+ <literal>yes</literal>, the termination resistor is set to 120 ohm. When
+ <literal>no</literal> or <literal>0</literal> is set, the termination resistor is disabled.
+ When unset, the kernel's default will be used.</para>
<xi:include href="version-info.xml" xpointer="v246"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>RestartSec=</varname></term>
- <listitem>
- <para>Automatic restart delay time. If set to a non-zero value, a restart of the CAN controller will be
- triggered automatically in case of a bus-off condition after the specified delay time. Subsecond delays can
- be specified using decimals (e.g. <literal>0.1s</literal>) or a <literal>ms</literal> or
- <literal>us</literal> postfix. Using <literal>infinity</literal> or <literal>0</literal> will turn the
- automatic restart off. By default automatic restart is disabled.</para>
-
- <xi:include href="version-info.xml" xpointer="v239"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Termination=</varname></term>
- <listitem>
- <para>Takes a boolean or a termination resistor value in ohm in the range 0…65535. When
- <literal>yes</literal>, the termination resistor is set to 120 ohm. When
- <literal>no</literal> or <literal>0</literal> is set, the termination resistor is disabled.
- When unset, the kernel's default will be used.</para>
-
- <xi:include href="version-info.xml" xpointer="v246"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>TripleSampling=</varname></term>
- <listitem>
- <para>Takes a boolean. When <literal>yes</literal>, three samples (instead of one) are used to determine
- the value of a received bit by majority rule. When unset, the kernel's default will be used.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>TripleSampling=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When <literal>yes</literal>, three samples (instead of one) are used to determine
+ the value of a received bit by majority rule. When unset, the kernel's default will be used.</para>
<xi:include href="version-info.xml" xpointer="v242"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>BusErrorReporting=</varname></term>
- <listitem>
- <para>Takes a boolean. When <literal>yes</literal>, reporting of CAN bus errors is activated
- (those include single bit, frame format, and bit stuffing errors, unable to send dominant bit,
- unable to send recessive bit, bus overload, active error announcement, error occurred on
- transmission). When unset, the kernel's default will be used. Note: in case of a CAN bus with a
- single CAN device, sending a CAN frame may result in a huge number of CAN bus errors.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>BusErrorReporting=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When <literal>yes</literal>, reporting of CAN bus errors is activated
+ (those include single bit, frame format, and bit stuffing errors, unable to send dominant bit,
+ unable to send recessive bit, bus overload, active error announcement, error occurred on
+ transmission). When unset, the kernel's default will be used. Note: in case of a CAN bus with a
+ single CAN device, sending a CAN frame may result in a huge number of CAN bus errors.</para>
<xi:include href="version-info.xml" xpointer="v248"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>ListenOnly=</varname></term>
- <listitem>
- <para>Takes a boolean. When <literal>yes</literal>, listen-only mode is enabled. When the
- interface is in listen-only mode, the interface neither transmit CAN frames nor send ACK
- bit. Listen-only mode is important to debug CAN networks without interfering with the
- communication or acknowledge the CAN frame. When unset, the kernel's default will be used.
- </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>ListenOnly=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When <literal>yes</literal>, listen-only mode is enabled. When the
+ interface is in listen-only mode, the interface neither transmit CAN frames nor send ACK
+ bit. Listen-only mode is important to debug CAN networks without interfering with the
+ communication or acknowledge the CAN frame. When unset, the kernel's default will be used.
+ </para>
<xi:include href="version-info.xml" xpointer="v246"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>Loopback=</varname></term>
- <listitem>
- <para>Takes a boolean. When <literal>yes</literal>, loopback mode is enabled. When the
- loopback mode is enabled, the interface treats messages transmitted by itself as received
- messages. The loopback mode is important to debug CAN networks. When unset, the kernel's
- default will be used.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Loopback=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When <literal>yes</literal>, loopback mode is enabled. When the
+ loopback mode is enabled, the interface treats messages transmitted by itself as received
+ messages. The loopback mode is important to debug CAN networks. When unset, the kernel's
+ default will be used.</para>
<xi:include href="version-info.xml" xpointer="v250"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>OneShot=</varname></term>
- <listitem>
- <para>Takes a boolean. When <literal>yes</literal>, one-shot mode is enabled. When unset,
- the kernel's default will be used.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>OneShot=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When <literal>yes</literal>, one-shot mode is enabled. When unset,
+ the kernel's default will be used.</para>
<xi:include href="version-info.xml" xpointer="v250"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>PresumeAck=</varname></term>
- <listitem>
- <para>Takes a boolean. When <literal>yes</literal>, the interface will ignore missing CAN
- ACKs. When unset, the kernel's default will be used.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>PresumeAck=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When <literal>yes</literal>, the interface will ignore missing CAN
+ ACKs. When unset, the kernel's default will be used.</para>
<xi:include href="version-info.xml" xpointer="v250"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>ClassicDataLengthCode=</varname></term>
- <listitem>
- <para>Takes a boolean. When <literal>yes</literal>, the interface will handle the 4bit data
- length code (DLC). When unset, the kernel's default will be used.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>ClassicDataLengthCode=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When <literal>yes</literal>, the interface will handle the 4bit data
+ length code (DLC). When unset, the kernel's default will be used.</para>
<xi:include href="version-info.xml" xpointer="v250"/>
- </listitem>
- </varlistentry>
- </variablelist>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
<refsect1>
<title>[IPoIB] Section Options</title>
- <para>The [IPoIB] section manages the IP over Infiniband and accepts the following keys:</para>
- <variablelist class='network-directives'>
- <xi:include href="systemd.netdev.xml" xpointer="ipoib_mode" />
- <xi:include href="systemd.netdev.xml" xpointer="ipoib_umcast" />
- </variablelist>
+ <para>The [IPoIB] section manages the IP over Infiniband and accepts the following keys:</para>
+
+ <variablelist class='network-directives'>
+ <xi:include href="systemd.netdev.xml" xpointer="ipoib_mode" />
+ <xi:include href="systemd.netdev.xml" xpointer="ipoib_umcast" />
+ </variablelist>
</refsect1>
<refsect1>
@@ -4599,7 +4798,7 @@ ServerAddress=192.168.0.1/24</programlisting>
<para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>clsact</literal>
or <literal>ingress</literal>. This is mandatory.</para>
- <xi:include href="version-info.xml" xpointer="v244"/>
+ <xi:include href="version-info.xml" xpointer="v244"/>
</listitem>
</varlistentry>
@@ -5855,42 +6054,54 @@ ServerAddress=192.168.0.1/24</programlisting>
<refsect1>
<title>[BridgeVLAN] Section Options</title>
- <para>The [BridgeVLAN] section manages the VLAN ID configuration of a bridge port and accepts the
- following keys. Specify several [BridgeVLAN] sections to configure several VLAN entries. The
- <varname>VLANFiltering=</varname> option has to be enabled, see the [Bridge] section in
- <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
-
- <variablelist class='network-directives'>
- <varlistentry>
- <term><varname>VLAN=</varname></term>
- <listitem>
- <para>The VLAN ID allowed on the port. This can be either a single ID or a range M-N. Takes
- an integer in the range 1…4094.</para>
-
- <xi:include href="version-info.xml" xpointer="v231"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>EgressUntagged=</varname></term>
- <listitem>
- <para>The VLAN ID specified here will be used to untag frames on egress. Configuring
- <varname>EgressUntagged=</varname> implicates the use of <varname>VLAN=</varname> above and will enable the
- VLAN ID for ingress as well. This can be either a single ID or a range M-N.</para>
-
- <xi:include href="version-info.xml" xpointer="v231"/>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><varname>PVID=</varname></term>
- <listitem>
- <para>The Port VLAN ID specified here is assigned to all untagged frames at ingress.
- <varname>PVID=</varname> can be used only once. Configuring <varname>PVID=</varname> implicates the use of
- <varname>VLAN=</varname> above and will enable the VLAN ID for ingress as well.</para>
-
- <xi:include href="version-info.xml" xpointer="v231"/>
- </listitem>
- </varlistentry>
- </variablelist>
+ <para>
+ The [BridgeVLAN] section manages the VLAN ID configurations of a bridge master or port, and accepts the
+ following keys. To make the settings in this section take an effect,
+ <varname>VLANFiltering=</varname> option has to be enabled on the bridge master, see the [Bridge]
+ section in
+ <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ If at least one valid settings specified in this section in a .network file for an interface, all
+ assigned VLAN IDs on the interface that are not configured in the .network file will be removed. If
+ VLAN IDs on an interface need to be managed by other tools, then the settings in this section cannot
+ be used in the matching .network file.
+ </para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>VLAN=</varname></term>
+ <listitem>
+ <para>The VLAN ID allowed on the port. This can be either a single ID or a range M-N. Takes an
+ integer in the range 1…4094. This setting can be specified multiple times. If an empty string is
+ assigned, then the all previous assignments are cleared.</para>
+
+ <xi:include href="version-info.xml" xpointer="v231"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>EgressUntagged=</varname></term>
+ <listitem>
+ <para>The VLAN ID specified here will be used to untag frames on egress. Configuring
+ <varname>EgressUntagged=</varname> implicates the use of <varname>VLAN=</varname> above and will
+ enable the VLAN ID for ingress as well. This can be either a single ID or a range M-N. This
+ setting can be specified multiple times. If an empty string is assigned, then the all previous
+ assignments are cleared.</para>
+
+ <xi:include href="version-info.xml" xpointer="v231"/>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>PVID=</varname></term>
+ <listitem>
+ <para>The port VLAN ID specified here is assigned to all untagged frames at ingress. Takes an
+ VLAN ID or negative boolean value (e.g. <literal>no</literal>). When false, the currently
+ assigned port VLAN ID will be dropped. Configuring <varname>PVID=</varname> implicates the use of
+ <varname>VLAN=</varname> setting in the above and will enable the VLAN ID for ingress as well.
+ Defaults to unset, and will keep the assigned port VLAN ID if exists.</para>
+
+ <xi:include href="version-info.xml" xpointer="v231"/>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
<refsect1>
@@ -6217,14 +6428,14 @@ Xfrm=xfrm0</programlisting>
<refsect1>
<title>See Also</title>
- <para>
- <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- </para>
+ <para><simplelist type="inline">
+ <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
+ </simplelist></para>
</refsect1>
</refentry>