From 78e9bb837c258ac0ec7712b3d612cc2f407e731e Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 12 Jun 2024 05:50:42 +0200 Subject: Merging upstream version 256. Signed-off-by: Daniel Baumann --- man/systemd.network.xml | 1317 +++++++++++++++++++++++++++-------------------- 1 file changed, 764 insertions(+), 553 deletions(-) (limited to 'man/systemd.network.xml') diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 5f0a703..b0efd62 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -1,6 +1,6 @@ + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> The .network files are read from the files located in the system network directories /usr/lib/systemd/network and - /usr/local/lib/systemd/network, the volatile runtime network directory - /run/systemd/network and the local administration network directory - /etc/systemd/network. All configuration files are collectively sorted and - processed in alphanumeric order, regardless of the directories in which they live. However, files - with identical filenames replace each other. It is recommended that each filename is prefixed with - a number smaller than 70 (e.g. 10-eth0.network). Otherwise, the - default .network files or those generated by + /usr/local/lib/systemd/network + , + the volatile runtime network directory /run/systemd/network and the local + administration network directory /etc/systemd/network. All configuration files are + collectively sorted and processed in alphanumeric order, regardless of the directories in which they + live. However, files with identical filenames replace each other. It is recommended that each filename is + prefixed with a number smaller than 70 (e.g. 10-eth0.network). + Otherwise, the default .network files or those generated by systemd-network-generator.service8 may take precedence over user configured files. Files in /etc/ have the highest priority, files in /run/ take precedence over files with the same name under @@ -259,16 +260,16 @@ RequiredForOnline= - Takes a boolean or a minimum operational state and an optional maximum operational - state. Please see + Takes a boolean, a minimum operational state (e.g., carrier), or a range + of operational state separated with a colon (e.g., degraded:routable). + Please see networkctl1 for possible operational states. When yes, the network is deemed required when determining whether the system is online (including when running systemd-networkd-wait-online). When no, the network is ignored when determining the online state. When a minimum operational state and an optional - maximum operational state are set, yes is implied, and this controls the - minimum and maximum operational state required for the network interface to be considered - online. + maximum operational state are set, systemd-networkd-wait-online deems that the + interface is online when the operational state is in the specified range. Defaults to yes when ActivationPolicy= is not set, or set to up, always-up, or @@ -283,6 +284,44 @@ skipped automatically by systemd-networkd-wait-online if RequiredForOnline=no. + The boolean value yes is translated as follows; + + + + + carrier, + + + + + + + degraded-carrier with RequiredFamilyForOnline=any, + + + + + + + enslaved, + + + + + + + degraded. + + + + + + + This setting can be overridden by the command line option for + systemd-networkd-wait-online. See + systemd-networkd-wait-online.service8 + for more details. + @@ -390,20 +429,28 @@ Defaults to no. Further settings for the DHCP server may be set in the [DHCPServer] section described below. - + Even if this is enabled, the DHCP server will not be started automatically and wait for the + persistent storage being ready to load/save leases in the storage, unless + RelayTarget= or PersistLeases=no are specified in the + [DHCPServer] section. It will be started after + systemd-networkd-persistent-storage.service is started, which calls + networkctl persistent-storage yes. See + networkctl1 + for more details. + + LinkLocalAddressing= - Enables link-local address autoconfiguration. Accepts , - , , and . An IPv6 link-local - address is configured when or . An IPv4 link-local - address is configured when or and when DHCPv4 - autoconfiguration has been unsuccessful for some time. (IPv4 link-local address - autoconfiguration will usually happen in parallel with repeated attempts to acquire a DHCPv4 - lease). + Enables link-local address autoconfiguration. Accepts a boolean, , + and . An IPv6 link-local address is configured when + or . An IPv4 link-local address is configured when + or and when DHCPv4 autoconfiguration has been unsuccessful for some time. + (IPv4 link-local address autoconfiguration will usually happen in parallel with repeated attempts + to acquire a DHCPv4 lease). Defaults to when KeepMaster= or Bridge= is set or when the specified @@ -661,6 +708,9 @@ Table=1234 number of dynamically created network interfaces with the same network configuration and automatic address range assignment. + If an empty string is specified, then the all previous assignments in both [Network] and + [Address] sections are cleared. + @@ -697,6 +747,17 @@ Table=1234 + + UseDomains= + + Specifies the protocol-independent default value for the same settings in + [IPv6AcceptRA], [DHCPv4], and [DHCPv6] sections below. Takes a boolean, or the special value + . See also the same setting in [DHCPv4] below. Defaults to unset. + + + + + Domains= @@ -762,26 +823,43 @@ Table=1234 - IPForward= + IPv4Forwarding= - Configures IP packet forwarding for the system. If enabled, incoming packets on any - network interface will be forwarded to any other interfaces according to the routing table. - Takes a boolean, or the values ipv4 or ipv6, which only - enable IP packet forwarding for the specified address family. This controls the - net.ipv4.ip_forward and net.ipv6.conf.all.forwarding - sysctl options of the network interface (see + Configures IPv4 packet forwarding for the interface. Takes a boolean value. This controls the + net.ipv4.conf.INTERFACE.forwarding sysctl option of + the network interface. See IP Sysctl - for details about sysctl options). Defaults to no. + for more details about the sysctl option. Defaults to true if IPMasquerade= is + enabled for IPv4, otherwise the value specified to the same setting in + networkd.conf5 + will be used. If none of them are specified, the sysctl option will not be changed. + + To control the global setting, use the same setting in + networkd.conf5. + - Note: this setting controls a global kernel option, and does so one way only: if a - network that has this setting enabled is set up the global setting is turned on. However, - it is never turned off again, even after all networks with this setting enabled are shut - down again. + + + - To allow IP packet forwarding only between specific network interfaces use a firewall. + + IPv6Forwarding= + + Configures IPv6 packet forwarding for the interface. Takes a boolean value. This controls the + net.ipv6.conf.INTERFACE.forwarding sysctl option of + the network interface. See + IP Sysctl + for more details about the sysctl option. Defaults to true if IPMasquerade= is + enabled for IPv6 or IPv6SendRA= is enabled, otherwise the value specified to the + same setting in + networkd.conf5 + will be used. If none of them are specified, the sysctl option will not be changed. + + To control the global setting, use the same setting in + networkd.conf5. - + @@ -789,13 +867,20 @@ Table=1234 IPMasquerade= Configures IP masquerading for the network interface. If enabled, packets forwarded - from the network interface will be appear as coming from the local host. Takes one of - ipv4, ipv6, both, or - no. Defaults to no. If enabled, this automatically sets - IPForward= to one of ipv4, ipv6 or - yes. - Note. Any positive boolean values such as yes or - true are now deprecated. Please use one of the values above. + from the network interface will be appear as coming from the local host. Typically, this should be + enabled on the downstream interface of routers. Takes one of ipv4, + ipv6, both, or no. Defaults to + no. Note. Any positive boolean values such as yes or + true are now deprecated. Please use one of the values above. Specifying + ipv4 or both implies IPv4Forwarding=, + unless it is explicitly specified. Similarly for IPv6Forwarding= when + ipv6 or both is specified. These implications are only on + this interface. Hence, to make the IP packet forwarding works, + IPv4Forwarding=/IPv6Forwarding= need to be enabled on an + upstream interface, or globally enabled by specifying them in + networkd.conf5. + See IPv4Forwarding=/IPv6Forwarding= in the above for more + details. @@ -823,12 +908,13 @@ Table=1234 IPv6AcceptRA= - Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the - interface. If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they - may trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or - if no routers are found on the link. The default is to disable RA reception for bridge - devices or when IP forwarding is enabled, and to enable it otherwise. Cannot be enabled on - devices aggregated in a bond device or when link-local addressing is disabled. + Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the interface. + If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they may trigger the + start of the DHCPv6 client if the relevant flags are set in the RA data, or if no routers are found + on the link. Defaults to false for bridge devices, when IP forwarding is enabled, + IPv6SendRA= or KeepMaster= is enabled. Otherwise, enabled by + default. Cannot be enabled on devices aggregated in a bond device or when link-local addressing is + disabled. Further settings for the IPv6 RA support may be configured in the [IPv6AcceptRA] section, see below. @@ -871,6 +957,18 @@ Table=1234 + + IPv6RetransmissionTimeSec= + + Configures IPv6 Retransmission Time. The time between retransmitted Neighbor + Solicitation messages. Used by address resolution and the Neighbor Unreachability + Detection algorithm. A value of zero is ignored and the kernel's current value + will be used. Defaults to unset, and the kernel's current value will be used. + + + + + IPv4ReversePathFilter= @@ -924,6 +1022,21 @@ Table=1234 + + IPv4ProxyARPPrivateVLAN= + + Takes a boolean. Configures proxy ARP private VLAN for IPv4, also known as VLAN aggregation, + private VLAN, source-port filtering, port-isolation, or MAC-forced forwarding. + + This variant of the ARP proxy technique will allow the ARP proxy to reply back to the same + interface. + + See RFC 3069. When unset, + the kernel's default will be used. + + + + IPv6ProxyNDP= @@ -965,6 +1078,9 @@ Table=1234 distributed. See DHCPPrefixDelegation= setting and the [IPv6SendRA], [IPv6Prefix], [IPv6RoutePrefix], and [DHCPPrefixDelegation] sections for more configuration options. + If enabled, IPv6Forwarding= on this interface is also enabled, unless + the setting is explicitly specified. See IPv6Forwarding= in the above for more + details. @@ -1323,13 +1439,15 @@ Table=1234 Fallback Peer Labeling rules. They will be removed when the interface is deconfigured. Failures to manage the labels will be ignored. - Warning: Once labeling is enabled for network traffic, a lot of LSM access control points in - Linux networking stack go from dormant to active. Care should be taken to avoid getting into a - situation where for example remote connectivity is broken, when the security policy hasn't been - updated to consider LSM per-packet access controls and no rules would allow any network - traffic. Also note that additional configuration with netlabelctl8 - is needed. + + Once labeling is enabled for network traffic, a lot of LSM access control points in + Linux networking stack go from dormant to active. Care should be taken to avoid getting into a + situation where for example remote connectivity is broken, when the security policy hasn't been + updated to consider LSM per-packet access controls and no rules would allow any network + traffic. Also note that additional configuration with netlabelctl8 + is needed. + Example: [Address] @@ -1601,6 +1719,18 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix + + L3MasterDevice= + + A boolean. Specifies whether the rule is to direct lookups to the tables associated with + level 3 master devices (also known as Virtual Routing and Forwarding or VRF devices). + For further details see + Virtual Routing and Forwarding (VRF). Defaults to false. + + + + + SourcePort= @@ -1714,8 +1844,10 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix Id= - The id of the next hop. Takes an integer in the range 1…4294967295. If unspecified, - then automatically chosen by kernel. + The id of the next hop. Takes an integer in the range 1…4294967295. + This is mandatory if ManageForeignNextHops=no is specified in + networkd.conf5. + Otherwise, if unspecified, an unused ID will be automatically picked. @@ -1921,7 +2053,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix ip route show table num. If unset and Type= is local, broadcast, anycast, or nat, then local is used. - In other cases, defaults to main. + In other cases, defaults to main. Ignored if L3MasterDevice= is true. @@ -2017,16 +2149,6 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix - - TTLPropagate= - - Takes a boolean. When true enables TTL propagation at Label Switched Path (LSP) egress. - When unset, the kernel's default will be used. - - - - - MTUBytes= @@ -2267,7 +2389,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix are implied and these settings in the .network file are silently ignored. Also, Hostname=, MUDURL=, - RequestAddress, + RequestAddress=, RequestOptions=, SendOption=, SendVendorOption=, @@ -2472,7 +2594,15 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix effect of the setting. If set to , the domain name received from the DHCP server will be used for routing DNS queries only, but not for searching, similarly to the effect of the setting when the argument is prefixed with - ~. Defaults to false. + ~. + + When unspecified, the value specified in the same setting in the [Network] section will be + used. When it is unspecified, the value specified in the same setting in the [DHCPv4] section in + networkd.conf5 + will be used. When it is unspecified, the value specified in the same setting in the [Network] + section in + networkd.conf5 + will be used. When none of them are specified, defaults to no. It is recommended to enable this option only on trusted networks, as setting this affects resolution of all hostnames, in particular of single-label names. It is generally @@ -2662,6 +2792,15 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix + + ServerPort= + + Set the port on which the DHCP server is listening. + + + + + DenyList= @@ -2669,7 +2808,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix prefix length after /. DHCP offers from servers in the list are rejected. Note that if AllowList= is configured then DenyList= is ignored. - Note that this filters only DHCP offers, so the filtering may not work when + Note that this filters only DHCP offers, so the filtering might not work when RapidCommit= is enabled. See also RapidCommit= in the above. @@ -2683,7 +2822,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix A whitespace-separated list of IPv4 addresses. Each address can optionally take a prefix length after /. DHCP offers from servers in the list are accepted. - Note that this filters only DHCP offers, so the filtering may not work when + Note that this filters only DHCP offers, so the filtering might not work when RapidCommit= is enabled. See also RapidCommit= in the above. @@ -3084,6 +3223,16 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix with the IPv6AcceptRA= setting described above: + + UseRedirect= + + When true (the default), Redirect message sent by the current first-hop router will be + accepted, and configures routes to redirected nodes will be configured. + + + + + Token= @@ -3274,12 +3423,25 @@ Token=prefixstable:2002:da8:1:: - UseICMP6RateLimit= + UseReachableTime= - Takes a boolean. When true, the ICMP6 rate limit received in the Router Advertisement will be set to ICMP6 - rate limit based on the advertisement. Defaults to true. + Takes a boolean. When true, the reachable time received in the Router Advertisement will be + set on the interface receiving the advertisement. It is used as the base timespan of the validity + of a neighbor entry. Defaults to true. - + + + + + + UseRetransmissionTime= + + Takes a boolean. When true, the retransmission time received in the Router Advertisement will be set + on the interface receiving the advertisement. It is used as the time between retransmissions of Neighbor + Solicitation messages to a neighbor when resolving the address or when probing the reachability of a neighbor. + Defaults to true. + + @@ -3786,6 +3948,22 @@ ServerAddress=192.168.0.1/24 + + PersistLeases= + + Takes a boolean. When true, the DHCP server will load and save leases in the persistent + storage. When false, the DHCP server will neither load nor save leases in the persistent storage. + Hence, bound leases will be lost when the interface is reconfigured e.g. by + networkctl reconfigure, or systemd-networkd.service + is restarted. That may cause address conflict on the network. So, please take an extra care when + disable this setting. When unspecified, the value specified in the same setting in + networkd.conf5, + which defaults to yes, will be used. + + + + + @@ -3851,14 +4029,29 @@ ServerAddress=192.168.0.1/24 + + ReachableTimeSec= + + + Configures the time, used in the Neighbor Unreachability Detection algorithm, for which + clients can assume a neighbor is reachable after having received a reachability confirmation. Takes + a time span in the range 0…4294967295 ms. When 0, clients will handle it as if the value wasn't + specified. Defaults to 0. + + + + + RetransmitSec= - Takes a timespan. Configures the retransmit time, used by clients to retransmit Neighbor - Solicitation messages on address resolution and the Neighbor Unreachability Detection algorithm. - An integer, the default unit is seconds, in the range 0…4294967295 msec. Defaults to 0. + + Configures the time, used in the Neighbor Unreachability Detection algorithm, for which + clients can use as retransmit time on address resolution and the Neighbor Unreachability Detection + algorithm. Takes a time span in the range 0…4294967295 ms. When 0, clients will handle it as if + the value wasn't specified. Defaults to 0. - + @@ -3974,9 +4167,9 @@ ServerAddress=192.168.0.1/24 - + - + [IPv6Prefix] Section Options One or more [IPv6Prefix] sections contain the IPv6 prefixes that are announced via Router Advertisements. See RFC 4861 for further @@ -4051,9 +4244,9 @@ ServerAddress=192.168.0.1/24 - + - + [IPv6RoutePrefix] Section Options One or more [IPv6RoutePrefix] sections contain the IPv6 prefix routes that are announced via Router Advertisements. See @@ -4083,9 +4276,9 @@ ServerAddress=192.168.0.1/24 - + - + [IPv6PREF64Prefix] Section Options One or more [IPv6PREF64Prefix] sections contain the IPv6 PREF64 (or NAT64) prefixes that are announced via Router Advertisements. See RFC 8781 for further @@ -4112,480 +4305,486 @@ ServerAddress=192.168.0.1/24 - + - + [Bridge] Section Options - The [Bridge] section accepts the following keys: - - - UnicastFlood= - - Takes a boolean. Controls whether the bridge should flood - traffic for which an FDB entry is missing and the destination - is unknown through this port. When unset, the kernel's default will be used. - - - - - - - MulticastFlood= - - Takes a boolean. Controls whether the bridge should flood - traffic for which an MDB entry is missing and the destination - is unknown through this port. When unset, the kernel's default will be used. - - - - - - - MulticastToUnicast= - - Takes a boolean. Multicast to unicast works on top of the multicast snooping feature of - the bridge. Which means unicast copies are only delivered to hosts which are interested in it. - When unset, the kernel's default will be used. - - - - - - - NeighborSuppression= - - Takes a boolean. Configures whether ARP and ND neighbor suppression is enabled for - this port. When unset, the kernel's default will be used. - - - - - - - Learning= - - Takes a boolean. Configures whether MAC address learning is enabled for - this port. When unset, the kernel's default will be used. - - - - - - - HairPin= - - Takes a boolean. Configures whether traffic may be sent back out of the port on which it - was received. When this flag is false, then the bridge will not forward traffic back out of the - receiving port. When unset, the kernel's default will be used. - - - - - - Isolated= - - Takes a boolean. Configures whether this port is isolated or not. Within a bridge, - isolated ports can only communicate with non-isolated ports. When set to true, this port can only - communicate with other ports whose Isolated setting is false. When set to false, this port - can communicate with any other ports. When unset, the kernel's default will be used. - - - - - - UseBPDU= - - Takes a boolean. Configures whether STP Bridge Protocol Data Units will be - processed by the bridge port. When unset, the kernel's default will be used. - - - - - - FastLeave= - - Takes a boolean. This flag allows the bridge to immediately stop multicast - traffic on a port that receives an IGMP Leave message. It is only used with - IGMP snooping if enabled on the bridge. When unset, the kernel's default will be used. - - - - - - AllowPortToBeRoot= - - Takes a boolean. Configures whether a given port is allowed to - become a root port. Only used when STP is enabled on the bridge. - When unset, the kernel's default will be used. - - - - - - ProxyARP= - - Takes a boolean. Configures whether proxy ARP to be enabled on this port. - When unset, the kernel's default will be used. - - - - - - ProxyARPWiFi= - - Takes a boolean. Configures whether proxy ARP to be enabled on this port - which meets extended requirements by IEEE 802.11 and Hotspot 2.0 specifications. - When unset, the kernel's default will be used. - - - - - - MulticastRouter= - - Configures this port for having multicast routers attached. A port with a multicast - router will receive all multicast traffic. Takes one of no - to disable multicast routers on this port, query to let the system detect - the presence of routers, permanent to permanently enable multicast traffic - forwarding on this port, or temporary to enable multicast routers temporarily - on this port, not depending on incoming queries. When unset, the kernel's default will be used. - - - - - - Cost= - - Sets the "cost" of sending packets of this interface. - Each port in a bridge may have a different speed and the cost - is used to decide which link to use. Faster interfaces - should have lower costs. It is an integer value between 1 and - 65535. - - - - - - Priority= - - Sets the "priority" of sending packets on this interface. - Each port in a bridge may have a different priority which is used - to decide which link to use. Lower value means higher priority. - It is an integer value between 0 to 63. Networkd does not set any - default, meaning the kernel default value of 32 is used. - - - - - + The [Bridge] section accepts the following keys: + + + + UnicastFlood= + + Takes a boolean. Controls whether the bridge should flood + traffic for which an FDB entry is missing and the destination + is unknown through this port. When unset, the kernel's default will be used. + + + + + + + MulticastFlood= + + Takes a boolean. Controls whether the bridge should flood + traffic for which an MDB entry is missing and the destination + is unknown through this port. When unset, the kernel's default will be used. + + + + + + + MulticastToUnicast= + + Takes a boolean. Multicast to unicast works on top of the multicast snooping feature of + the bridge. Which means unicast copies are only delivered to hosts which are interested in it. + When unset, the kernel's default will be used. + + + + + + + NeighborSuppression= + + Takes a boolean. Configures whether ARP and ND neighbor suppression is enabled for + this port. When unset, the kernel's default will be used. + + + + + + + Learning= + + Takes a boolean. Configures whether MAC address learning is enabled for + this port. When unset, the kernel's default will be used. + + + + + + + HairPin= + + Takes a boolean. Configures whether traffic may be sent back out of the port on which it + was received. When this flag is false, then the bridge will not forward traffic back out of the + receiving port. When unset, the kernel's default will be used. + + + + + + Isolated= + + Takes a boolean. Configures whether this port is isolated or not. Within a bridge, + isolated ports can only communicate with non-isolated ports. When set to true, this port can only + communicate with other ports whose Isolated setting is false. When set to false, this port + can communicate with any other ports. When unset, the kernel's default will be used. + + + + + + UseBPDU= + + Takes a boolean. Configures whether STP Bridge Protocol Data Units will be + processed by the bridge port. When unset, the kernel's default will be used. + + + + + + FastLeave= + + Takes a boolean. This flag allows the bridge to immediately stop multicast + traffic on a port that receives an IGMP Leave message. It is only used with + IGMP snooping if enabled on the bridge. When unset, the kernel's default will be used. + + + + + + AllowPortToBeRoot= + + Takes a boolean. Configures whether a given port is allowed to + become a root port. Only used when STP is enabled on the bridge. + When unset, the kernel's default will be used. + + + + + + ProxyARP= + + Takes a boolean. Configures whether proxy ARP to be enabled on this port. + When unset, the kernel's default will be used. + + + + + + ProxyARPWiFi= + + Takes a boolean. Configures whether proxy ARP to be enabled on this port + which meets extended requirements by IEEE 802.11 and Hotspot 2.0 specifications. + When unset, the kernel's default will be used. + + + + + + MulticastRouter= + + Configures this port for having multicast routers attached. A port with a multicast + router will receive all multicast traffic. Takes one of no + to disable multicast routers on this port, query to let the system detect + the presence of routers, permanent to permanently enable multicast traffic + forwarding on this port, or temporary to enable multicast routers temporarily + on this port, not depending on incoming queries. When unset, the kernel's default will be used. + + + + + + Cost= + + Sets the "cost" of sending packets of this interface. + Each port in a bridge may have a different speed and the cost + is used to decide which link to use. Faster interfaces + should have lower costs. It is an integer value between 1 and + 65535. + + + + + + Priority= + + Sets the "priority" of sending packets on this interface. + Each port in a bridge may have a different priority which is used + to decide which link to use. Lower value means higher priority. + It is an integer value between 0 to 63. Networkd does not set any + default, meaning the kernel default value of 32 is used. + + + + + + [BridgeFDB] Section Options - The [BridgeFDB] section manages the forwarding database table of a port and accepts the following - keys. Specify several [BridgeFDB] sections to configure several static MAC table entries. - - - MACAddress= - - As in the [Network] section. This key is mandatory. + The [BridgeFDB] section manages the forwarding database table of a port and accepts the following + keys. Specify several [BridgeFDB] sections to configure several static MAC table entries. + + + + MACAddress= + + As in the [Network] section. This key is mandatory. - - - - Destination= - - Takes an IP address of the destination VXLAN tunnel endpoint. + + + + Destination= + + Takes an IP address of the destination VXLAN tunnel endpoint. - - - - VLANId= - - The VLAN ID for the new static MAC table entry. If - omitted, no VLAN ID information is appended to the new static MAC - table entry. - - - - - - VNI= - - The VXLAN Network Identifier (or VXLAN Segment ID) to use to connect to - the remote VXLAN tunnel endpoint. Takes a number in the range 1…16777215. - Defaults to unset. - - - - - - AssociatedWith= - - Specifies where the address is associated with. Takes one of use, - self, master or router. - use means the address is in use. User space can use this option to - indicate to the kernel that the fdb entry is in use. self means - the address is associated with the port drivers fdb. Usually hardware. master - means the address is associated with master devices fdb. router means - the destination address is associated with a router. Note that it's valid if the referenced - device is a VXLAN type device and has route shortcircuit enabled. Defaults to self. + + + + VLANId= + + The VLAN ID for the new static MAC table entry. If + omitted, no VLAN ID information is appended to the new static MAC + table entry. + + + + + + VNI= + + The VXLAN Network Identifier (or VXLAN Segment ID) to use to connect to + the remote VXLAN tunnel endpoint. Takes a number in the range 1…16777215. + Defaults to unset. - - - - OutgoingInterface= - - Specifies the name or index of the outgoing interface for the VXLAN device driver to - reach the remote VXLAN tunnel endpoint. Defaults to unset. - - - - - + + + + AssociatedWith= + + Specifies where the address is associated with. Takes one of use, + self, master or router. + use means the address is in use. User space can use this option to + indicate to the kernel that the fdb entry is in use. self means + the address is associated with the port drivers fdb. Usually hardware. master + means the address is associated with master devices fdb. router means + the destination address is associated with a router. Note that it's valid if the referenced + device is a VXLAN type device and has route shortcircuit enabled. Defaults to self. + + + + + + OutgoingInterface= + + Specifies the name or index of the outgoing interface for the VXLAN device driver to + reach the remote VXLAN tunnel endpoint. Defaults to unset. + + + + + + [BridgeMDB] Section Options - The [BridgeMDB] section manages the multicast membership entries forwarding database table of a port and accepts the following - keys. Specify several [BridgeMDB] sections to configure several permanent multicast membership entries. + The [BridgeMDB] section manages the multicast membership entries forwarding database table of a port and accepts the following + keys. Specify several [BridgeMDB] sections to configure several permanent multicast membership entries. - - - MulticastGroupAddress= - - Specifies the IPv4 or IPv6 multicast group address to add. This setting is mandatory. + + + MulticastGroupAddress= + + Specifies the IPv4 or IPv6 multicast group address to add. This setting is mandatory. - - - - VLANId= - - The VLAN ID for the new entry. Valid ranges are 0 (no VLAN) to 4094. Optional, defaults to 0. + + + + VLANId= + + The VLAN ID for the new entry. Valid ranges are 0 (no VLAN) to 4094. Optional, defaults to 0. - - - + + + [LLDP] Section Options - The [LLDP] section manages the Link Layer Discovery Protocol (LLDP) and accepts the following - keys: - - - MUDURL= - - When configured, the specified Manufacturer Usage Descriptions (MUD) URL will be sent in - LLDP packets. The syntax and semantics are the same as for MUDURL= in the - [DHCPv4] section described above. - - The MUD URLs received via LLDP packets are saved and can be read using the - sd_lldp_neighbor_get_mud_url() function. - - - - - + The [LLDP] section manages the Link Layer Discovery Protocol (LLDP) and accepts the following + keys: + + + + MUDURL= + + When configured, the specified Manufacturer Usage Descriptions (MUD) URL will be sent in + LLDP packets. The syntax and semantics are the same as for MUDURL= in the + [DHCPv4] section described above. + + The MUD URLs received via LLDP packets are saved and can be read using the + sd_lldp_neighbor_get_mud_url() function. + + + + + [CAN] Section Options - The [CAN] section manages the Controller Area Network (CAN bus) and accepts the - following keys: - - - BitRate= - - The bitrate of CAN device in bits per second. The usual SI prefixes (K, M) with the base of 1000 can - be used here. Takes a number in the range 1…4294967295. - - - - - - SamplePoint= - - Optional sample point in percent with one decimal (e.g. 75%, - 87.5%) or permille (e.g. 875‰). This will be ignored when - BitRate= is unspecified. + The [CAN] section manages the Controller Area Network (CAN bus) and accepts the + following keys: + + + BitRate= + + The bitrate of CAN device in bits per second. The usual SI prefixes (K, M) with the base of 1000 can + be used here. Takes a number in the range 1…4294967295. + + + + + + SamplePoint= + + Optional sample point in percent with one decimal (e.g. 75%, + 87.5%) or permille (e.g. 875‰). This will be ignored when + BitRate= is unspecified. - - - - TimeQuantaNSec= - PropagationSegment= - PhaseBufferSegment1= - PhaseBufferSegment2= - SyncJumpWidth= - - Specifies the time quanta, propagation segment, phase buffer segment 1 and 2, and the - synchronization jump width, which allow one to define the CAN bit-timing in a hardware - independent format as proposed by the Bosch CAN 2.0 Specification. - TimeQuantaNSec= takes a timespan in nanoseconds. - PropagationSegment=, PhaseBufferSegment1=, - PhaseBufferSegment2=, and SyncJumpWidth= take number - of time quantum specified in TimeQuantaNSec= and must be an unsigned - integer in the range 0…4294967295. These settings except for - SyncJumpWidth= will be ignored when BitRate= is - specified. - - - - - - DataBitRate= - DataSamplePoint= - - The bitrate and sample point for the data phase, if CAN-FD is used. These settings are - analogous to the BitRate= and SamplePoint= keys. - - - - - - DataTimeQuantaNSec= - DataPropagationSegment= - DataPhaseBufferSegment1= - DataPhaseBufferSegment2= - DataSyncJumpWidth= - - Specifies the time quanta, propagation segment, phase buffer segment 1 and 2, and the - synchronization jump width for the data phase, if CAN-FD is used. These settings are - analogous to the TimeQuantaNSec= or related settings. - - - - - - FDMode= - - Takes a boolean. When yes, CAN-FD mode is enabled for the interface. - Note, that a bitrate and optional sample point should also be set for the CAN-FD data phase using - the DataBitRate= and DataSamplePoint= keys, or - DataTimeQuanta= and related settings. + + + + TimeQuantaNSec= + PropagationSegment= + PhaseBufferSegment1= + PhaseBufferSegment2= + SyncJumpWidth= + + Specifies the time quanta, propagation segment, phase buffer segment 1 and 2, and the + synchronization jump width, which allow one to define the CAN bit-timing in a hardware + independent format as proposed by the Bosch CAN 2.0 Specification. + TimeQuantaNSec= takes a timespan in nanoseconds. + PropagationSegment=, PhaseBufferSegment1=, + PhaseBufferSegment2=, and SyncJumpWidth= take number + of time quantum specified in TimeQuantaNSec= and must be an unsigned + integer in the range 0…4294967295. These settings except for + SyncJumpWidth= will be ignored when BitRate= is + specified. + + + + + + DataBitRate= + DataSamplePoint= + + The bitrate and sample point for the data phase, if CAN-FD is used. These settings are + analogous to the BitRate= and SamplePoint= keys. - - - - FDNonISO= - - Takes a boolean. When yes, non-ISO CAN-FD mode is enabled for the - interface. When unset, the kernel's default will be used. + + + + DataTimeQuantaNSec= + DataPropagationSegment= + DataPhaseBufferSegment1= + DataPhaseBufferSegment2= + DataSyncJumpWidth= + + Specifies the time quanta, propagation segment, phase buffer segment 1 and 2, and the + synchronization jump width for the data phase, if CAN-FD is used. These settings are + analogous to the TimeQuantaNSec= or related settings. + + + + + + FDMode= + + Takes a boolean. When yes, CAN-FD mode is enabled for the interface. + Note, that a bitrate and optional sample point should also be set for the CAN-FD data phase using + the DataBitRate= and DataSamplePoint= keys, or + DataTimeQuanta= and related settings. + + + + + + FDNonISO= + + Takes a boolean. When yes, non-ISO CAN-FD mode is enabled for the + interface. When unset, the kernel's default will be used. + + + + + + RestartSec= + + Automatic restart delay time. If set to a non-zero value, a restart of the CAN controller will be + triggered automatically in case of a bus-off condition after the specified delay time. Subsecond delays can + be specified using decimals (e.g. 0.1s) or a ms or + us postfix. Using infinity or 0 will turn the + automatic restart off. By default automatic restart is disabled. + + + + + + Termination= + + Takes a boolean or a termination resistor value in ohm in the range 0…65535. When + yes, the termination resistor is set to 120 ohm. When + no or 0 is set, the termination resistor is disabled. + When unset, the kernel's default will be used. - - - - RestartSec= - - Automatic restart delay time. If set to a non-zero value, a restart of the CAN controller will be - triggered automatically in case of a bus-off condition after the specified delay time. Subsecond delays can - be specified using decimals (e.g. 0.1s) or a ms or - us postfix. Using infinity or 0 will turn the - automatic restart off. By default automatic restart is disabled. - - - - - - Termination= - - Takes a boolean or a termination resistor value in ohm in the range 0…65535. When - yes, the termination resistor is set to 120 ohm. When - no or 0 is set, the termination resistor is disabled. - When unset, the kernel's default will be used. - - - - - - TripleSampling= - - Takes a boolean. When yes, three samples (instead of one) are used to determine - the value of a received bit by majority rule. When unset, the kernel's default will be used. + + + + TripleSampling= + + Takes a boolean. When yes, three samples (instead of one) are used to determine + the value of a received bit by majority rule. When unset, the kernel's default will be used. - - - - BusErrorReporting= - - Takes a boolean. When yes, reporting of CAN bus errors is activated - (those include single bit, frame format, and bit stuffing errors, unable to send dominant bit, - unable to send recessive bit, bus overload, active error announcement, error occurred on - transmission). When unset, the kernel's default will be used. Note: in case of a CAN bus with a - single CAN device, sending a CAN frame may result in a huge number of CAN bus errors. + + + + BusErrorReporting= + + Takes a boolean. When yes, reporting of CAN bus errors is activated + (those include single bit, frame format, and bit stuffing errors, unable to send dominant bit, + unable to send recessive bit, bus overload, active error announcement, error occurred on + transmission). When unset, the kernel's default will be used. Note: in case of a CAN bus with a + single CAN device, sending a CAN frame may result in a huge number of CAN bus errors. - - - - ListenOnly= - - Takes a boolean. When yes, listen-only mode is enabled. When the - interface is in listen-only mode, the interface neither transmit CAN frames nor send ACK - bit. Listen-only mode is important to debug CAN networks without interfering with the - communication or acknowledge the CAN frame. When unset, the kernel's default will be used. - + + + + ListenOnly= + + Takes a boolean. When yes, listen-only mode is enabled. When the + interface is in listen-only mode, the interface neither transmit CAN frames nor send ACK + bit. Listen-only mode is important to debug CAN networks without interfering with the + communication or acknowledge the CAN frame. When unset, the kernel's default will be used. + - - - - Loopback= - - Takes a boolean. When yes, loopback mode is enabled. When the - loopback mode is enabled, the interface treats messages transmitted by itself as received - messages. The loopback mode is important to debug CAN networks. When unset, the kernel's - default will be used. + + + + Loopback= + + Takes a boolean. When yes, loopback mode is enabled. When the + loopback mode is enabled, the interface treats messages transmitted by itself as received + messages. The loopback mode is important to debug CAN networks. When unset, the kernel's + default will be used. - - - - OneShot= - - Takes a boolean. When yes, one-shot mode is enabled. When unset, - the kernel's default will be used. + + + + OneShot= + + Takes a boolean. When yes, one-shot mode is enabled. When unset, + the kernel's default will be used. - - - - PresumeAck= - - Takes a boolean. When yes, the interface will ignore missing CAN - ACKs. When unset, the kernel's default will be used. + + + + PresumeAck= + + Takes a boolean. When yes, the interface will ignore missing CAN + ACKs. When unset, the kernel's default will be used. - - - - ClassicDataLengthCode= - - Takes a boolean. When yes, the interface will handle the 4bit data - length code (DLC). When unset, the kernel's default will be used. + + + + ClassicDataLengthCode= + + Takes a boolean. When yes, the interface will handle the 4bit data + length code (DLC). When unset, the kernel's default will be used. - - - + + + [IPoIB] Section Options - The [IPoIB] section manages the IP over Infiniband and accepts the following keys: - - - - + The [IPoIB] section manages the IP over Infiniband and accepts the following keys: + + + + + @@ -4599,7 +4798,7 @@ ServerAddress=192.168.0.1/24 Specifies the parent Queueing Discipline (qdisc). Takes one of clsact or ingress. This is mandatory. - + @@ -5855,42 +6054,54 @@ ServerAddress=192.168.0.1/24 [BridgeVLAN] Section Options - The [BridgeVLAN] section manages the VLAN ID configuration of a bridge port and accepts the - following keys. Specify several [BridgeVLAN] sections to configure several VLAN entries. The - VLANFiltering= option has to be enabled, see the [Bridge] section in - systemd.netdev5. - - - - VLAN= - - The VLAN ID allowed on the port. This can be either a single ID or a range M-N. Takes - an integer in the range 1…4094. - - - - - - EgressUntagged= - - The VLAN ID specified here will be used to untag frames on egress. Configuring - EgressUntagged= implicates the use of VLAN= above and will enable the - VLAN ID for ingress as well. This can be either a single ID or a range M-N. - - - - - - PVID= - - The Port VLAN ID specified here is assigned to all untagged frames at ingress. - PVID= can be used only once. Configuring PVID= implicates the use of - VLAN= above and will enable the VLAN ID for ingress as well. - - - - - + + The [BridgeVLAN] section manages the VLAN ID configurations of a bridge master or port, and accepts the + following keys. To make the settings in this section take an effect, + VLANFiltering= option has to be enabled on the bridge master, see the [Bridge] + section in + systemd.netdev5. + If at least one valid settings specified in this section in a .network file for an interface, all + assigned VLAN IDs on the interface that are not configured in the .network file will be removed. If + VLAN IDs on an interface need to be managed by other tools, then the settings in this section cannot + be used in the matching .network file. + + + + + VLAN= + + The VLAN ID allowed on the port. This can be either a single ID or a range M-N. Takes an + integer in the range 1…4094. This setting can be specified multiple times. If an empty string is + assigned, then the all previous assignments are cleared. + + + + + + EgressUntagged= + + The VLAN ID specified here will be used to untag frames on egress. Configuring + EgressUntagged= implicates the use of VLAN= above and will + enable the VLAN ID for ingress as well. This can be either a single ID or a range M-N. This + setting can be specified multiple times. If an empty string is assigned, then the all previous + assignments are cleared. + + + + + + PVID= + + The port VLAN ID specified here is assigned to all untagged frames at ingress. Takes an + VLAN ID or negative boolean value (e.g. no). When false, the currently + assigned port VLAN ID will be dropped. Configuring PVID= implicates the use of + VLAN= setting in the above and will enable the VLAN ID for ingress as well. + Defaults to unset, and will keep the assigned port VLAN ID if exists. + + + + + @@ -6217,14 +6428,14 @@ Xfrm=xfrm0 See Also - - systemd1, - systemd-networkd.service8, - systemd.link5, - systemd.netdev5, - systemd-network-generator.service8, - systemd-resolved.service8 - + + systemd1 + systemd-networkd.service8 + systemd.link5 + systemd.netdev5 + systemd-network-generator.service8 + systemd-resolved.service8 + -- cgit v1.2.3