summaryrefslogtreecommitdiffstats
path: root/man/systemd.netdev.xml
diff options
context:
space:
mode:
Diffstat (limited to 'man/systemd.netdev.xml')
-rw-r--r--man/systemd.netdev.xml114
1 files changed, 82 insertions, 32 deletions
diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index 9cad358..4fba788 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -1,6 +1,6 @@
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'
@@ -571,6 +571,19 @@
<xi:include href="version-info.xml" xpointer="v248"/>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>BroadcastQueueThreshold=</varname></term>
+ <listitem>
+ <para>Controls the threshold for broadcast queueing of the macvlan device. Takes the special value
+ <literal>no</literal>, or an integer in the range 0…2147483647. When <literal>no</literal> is
+ specified, the broadcast queueing is disabled altogether. When an integer is specified, a multicast
+ address will be queued as broadcast if the number of devices using it is greater than the given
+ value. Defaults to unset, and the kernel default will be used.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
@@ -1891,13 +1904,22 @@
<varlistentry>
<term><varname>PrivateKey=</varname></term>
<listitem>
- <para>The Base64 encoded private key for the interface. It can be
- generated using the <command>wg genkey</command> command
- (see <citerefentry project="wireguard"><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
- This option or <varname>PrivateKeyFile=</varname> is mandatory to use WireGuard.
- Note that because this information is secret, you may want to set
- the permissions of the .netdev file to be owned by <literal>root:systemd-network</literal>
- with a <literal>0640</literal> file mode.</para>
+ <para>The Base64 encoded private key for the interface. It can be generated using
+ the <command>wg genkey</command> command
+ (see <citerefentry project='man-pages'><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
+ Specially, if the specified key is prefixed with <literal>@</literal>, it is interpreted as
+ the name of the credential from which the actual key shall be read. <command>systemd-networkd.service</command>
+ automatically imports credentials matching <literal>network.wireguard.*</literal>. For more details
+ on credentials, refer to
+ <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ A private key is mandatory to use WireGuard. If not set, the credential
+ <literal>network.wireguard.private.<replaceable>netdev</replaceable></literal> is used if exists.
+ I.e. for <filename>50-foobar.netdev</filename>, <literal>network.wireguard.private.50-foobar</literal>
+ is tried.</para>
+
+ <para>Note that because this information is secret, it's strongly recommended to use an (encrypted)
+ credential. Alternatively, you may want to set the permissions of the .netdev file to be owned
+ by <literal>root:systemd-network</literal> with a <literal>0640</literal> file mode.</para>
<xi:include href="version-info.xml" xpointer="v237"/>
</listitem>
@@ -1975,10 +1997,10 @@
<term><varname>PublicKey=</varname></term>
<listitem>
<para>Sets a Base64 encoded public key calculated by <command>wg pubkey</command>
- (see <citerefentry project="wireguard"><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
- from a private key, and usually transmitted out of band to the
- author of the configuration file. This option is mandatory for this
- section.</para>
+ (see <citerefentry project='man-pages'><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
+ from a private key, and usually transmitted out of band to the author of the configuration file.
+ This option honors the <literal>@</literal> prefix in the same way as the <option>PrivateKey=</option>
+ setting of the <option>[WireGuard]</option> section. This option is mandatory for this section.</para>
<xi:include href="version-info.xml" xpointer="v237"/>
</listitem>
@@ -1986,14 +2008,15 @@
<varlistentry>
<term><varname>PresharedKey=</varname></term>
<listitem>
- <para>Optional preshared key for the interface. It can be generated
- by the <command>wg genpsk</command> command. This option adds an
- additional layer of symmetric-key cryptography to be mixed into the
- already existing public-key cryptography, for post-quantum
- resistance.
- Note that because this information is secret, you may want to set
- the permissions of the .netdev file to be owned by <literal>root:systemd-network</literal>
- with a <literal>0640</literal> file mode.</para>
+ <para>Optional preshared key for the interface. It can be generated by the <command>wg genpsk</command>
+ command. This option adds an additional layer of symmetric-key cryptography to be mixed into the
+ already existing public-key cryptography, for post-quantum resistance.
+ This option honors the <literal>@</literal> prefix in the same way as the <option>PrivateKey=</option>
+ setting of the <option>[WireGuard]</option> section.</para>
+
+ <para>Note that because this information is secret, it's strongly recommended to use an (encrypted)
+ credential. Alternatively, you may want to set the permissions of the .netdev file to be owned
+ by <literal>root:systemd-network</literal> with a <literal>0640</literal> file mode.</para>
<xi:include href="version-info.xml" xpointer="v237"/>
</listitem>
@@ -2034,13 +2057,15 @@
<varlistentry>
<term><varname>Endpoint=</varname></term>
<listitem>
- <para>Sets an endpoint IP address or hostname, followed by a colon, and then
- a port number. IPv6 address must be in the square brackets. For example,
- <literal>111.222.333.444:51820</literal> for IPv4 and <literal>[1111:2222::3333]:51820</literal>
- for IPv6 address. This endpoint will be updated automatically once to
- the most recent source IP address and port of correctly
+ <para>Sets an endpoint IP address or hostname, followed by a colon, and then a port number.
+ IPv6 address must be in the square brackets. For example, <literal>111.222.333.444:51820</literal>
+ for IPv4 and <literal>[1111:2222::3333]:51820</literal> for IPv6 address. This endpoint will be
+ updated automatically once to the most recent source IP address and port of correctly
authenticated packets from the peer at configuration time.</para>
+ <para>This option honors the <literal>@</literal> prefix in the same way as the <option>PrivateKey=</option>
+ setting of the <option>[WireGuard]</option> section.</para>
+
<xi:include href="version-info.xml" xpointer="v237"/>
</listitem>
</varlistentry>
@@ -2158,6 +2183,19 @@
</varlistentry>
<varlistentry>
+ <term><varname>PeerNotifyDelaySec=</varname></term>
+ <listitem>
+ <para>Specifies the number of seconds the delay between each peer notification
+ (gratuitous ARP and unsolicited IPv6 Neighbor Advertisement) when they are issued
+ after a failover event. This delay should be a multiple of the MII link monitor
+ interval (miimon). The valid range is 0...300s. The default value is 0,
+ which means to match the value of the <varname>MIIMonitorSec=</varname>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>UpDelaySec=</varname></term>
<listitem>
<para>Specifies the delay before a link is enabled after a
@@ -2408,6 +2446,18 @@
<xi:include href="version-info.xml" xpointer="v220"/>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>ARPMissedMax=</varname></term>
+ <listitem>
+ <para>Specify the maximum number of arp interval monitor cycle
+ for missed ARP replies. If this number is exceeded, link is reported as
+ down. Defaults to unset.
+ </para>
+
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
</variablelist>
<para>For more detail information see
@@ -2884,13 +2934,13 @@ Independent=yes</programlisting>
<refsect1>
<title>See Also</title>
- <para>
- <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- </para>
+ <para><simplelist type="inline">
+ <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
+ <member><citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
+ </simplelist></para>
</refsect1>
</refentry>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 20:36:58 +0000