]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.network.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
network: drop a function argument which is always constant
[thirdparty/systemd.git] / man / systemd.network.xml
CommitLineData
514094f9 1<?xml version='1.0'?>
3a54a157 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
12b42c76 3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
db9ecf05 4<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
eac684ef 5
d9b20454
ZJS		 6<refentry id="systemd.network" conditional='ENABLE_NETWORKD'
7 xmlns:xi="http://www.w3.org/2001/XInclude">
eac684ef 8
798d3a52
ZJS		 9 <refentryinfo>
10 <title>systemd.network</title>
11 <productname>systemd</productname>
798d3a52
ZJS		 12 </refentryinfo>
13
14 <refmeta>
15 <refentrytitle>systemd.network</refentrytitle>
16 <manvolnum>5</manvolnum>
17 </refmeta>
18
19 <refnamediv>
20 <refname>systemd.network</refname>
21 <refpurpose>Network configuration</refpurpose>
22 </refnamediv>
23
24 <refsynopsisdiv>
25 <para><filename><replaceable>network</replaceable>.network</filename></para>
26 </refsynopsisdiv>
27
28 <refsect1>
29 <title>Description</title>
30
d4de2b2a
ZJS		 31 <para>A plain ini-style text file that encodes network configuration for matching network interfaces,
32 used by
798d3a52 33 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
675fa6ea 34 See <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry>
d4de2b2a 35 for a general description of the syntax.</para>
798d3a52 36
bac150e9
ZJS		 37 <para>The main network file must have the extension <filename>.network</filename>; other
38 extensions are ignored. Networks are applied to links whenever the links appear.</para>
39
dc0d4078
ZJS		 40 <para>The <filename>.network</filename> files are read from the files located in the system network
41 directories <filename>/usr/lib/systemd/network</filename> and
42 <filename>/usr/local/lib/systemd/network</filename>, the volatile runtime network directory
43 <filename>/run/systemd/network</filename> and the local administration network directory
44 <filename>/etc/systemd/network</filename>. All configuration files are collectively sorted and processed
45 in lexical order, regardless of the directories in which they live. However, files with identical
3b121157
ZJS		 46 filenames replace each other. Files in <filename>/etc/</filename> have the highest priority, files in
47 <filename>/run/</filename> take precedence over files with the same name under
48 <filename>/usr/</filename>. This can be used to override a system-supplied configuration file with a local
dc0d4078
ZJS		 49 file if needed. As a special case, an empty file (file size 0) or symlink with the same name pointing to
50 <filename>/dev/null</filename> disables the configuration file entirely (it is "masked").</para>
bac150e9
ZJS		 51
52 <para>Along with the network file <filename>foo.network</filename>, a "drop-in" directory
53 <filename>foo.network.d/</filename> may exist. All files with the suffix
54 <literal>.conf</literal> from this directory will be parsed after the file itself is
55 parsed. This is useful to alter or add configuration settings, without having to modify the main
56 configuration file. Each drop-in file must have appropriate section headers.</para>
57
58 <para>In addition to <filename>/etc/systemd/network</filename>, drop-in <literal>.d</literal>
59 directories can be placed in <filename>/usr/lib/systemd/network</filename> or
60 <filename>/run/systemd/network</filename> directories. Drop-in files in
3b121157
ZJS		 61 <filename>/etc/</filename> take precedence over those in <filename>/run/</filename> which in turn
62 take precedence over those in <filename>/usr/lib/</filename>. Drop-in files under any of these
b1e91af8 63 directories take precedence over the main network file wherever located.</para>
bac150e9
ZJS		 64
65 <para>Note that an interface without any static IPv6 addresses configured, and neither DHCPv6
66 nor IPv6LL enabled, shall be considered to have no IPv6 support. IPv6 will be automatically
67 disabled for that interface by writing "1" to
68 <filename>/proc/sys/net/ipv6/conf/<replaceable>ifname</replaceable>/disable_ipv6</filename>.
82ecb4c3 69 </para>
798d3a52
ZJS		 70 </refsect1>
71
72 <refsect1>
73 <title>[Match] Section Options</title>
74
bdac5608
ZJS		 75 <para>The network file contains a [Match] section, which determines if a given network file may be
76 applied to a given device; and a [Network] section specifying how the device should be configured. The
77 first (in lexical order) of the network files that matches a given device is applied, all later files
78 are ignored, even if they match as well.</para>
79
80 <para>A network file is said to match a network interface if all matches specified by the [Match]
81 section are satisfied. When a network file does not contain valid settings in [Match] section, then the
82 file will match all interfaces and <command>systemd-networkd</command> warns about that. Hint: to avoid
83 the warning and to make it clear that all interfaces shall be matched, add the following:
84 <programlisting>Name=*</programlisting> The following keys are accepted:</para>
798d3a52
ZJS		 85
86 <variablelist class='network-directives'>
d9b20454
ZJS		 87 <xi:include href="systemd.link.xml" xpointer="mac-address" />
88 <xi:include href="systemd.link.xml" xpointer="permanent-mac-address" />
89 <xi:include href="systemd.link.xml" xpointer="path" />
90 <xi:include href="systemd.link.xml" xpointer="driver" />
91 <xi:include href="systemd.link.xml" xpointer="type" />
92 <xi:include href="systemd.link.xml" xpointer="property" />
9310bf4b 93
798d3a52
ZJS		 94 <varlistentry>
95 <term><varname>Name=</varname></term>
96 <listitem>
572b21d9
YW		 97 <para>A whitespace-separated list of shell-style globs matching the device name, as exposed
98 by the udev property <literal>INTERFACE</literal>, or device's alternative names. If the
99 list is prefixed with a "!", the test is inverted.</para>
798d3a52
ZJS		 100 </listitem>
101 </varlistentry>
44005bfb 102
78404d22 103 <varlistentry>
1bcefad9 104 <term><varname>WLANInterfaceType=</varname></term>
78404d22
YW		 105 <listitem>
106 <para>A whitespace-separated list of wireless network type. Supported values are
107 <literal>ad-hoc</literal>, <literal>station</literal>, <literal>ap</literal>,
108 <literal>ap-vlan</literal>, <literal>wds</literal>, <literal>monitor</literal>,
109 <literal>mesh-point</literal>, <literal>p2p-client</literal>, <literal>p2p-go</literal>,
110 <literal>p2p-device</literal>, <literal>ocb</literal>, and <literal>nan</literal>. If the
111 list is prefixed with a "!", the test is inverted.
112 </para>
113 </listitem>
114 </varlistentry>
d9b20454 115
8d968fdd
YW		 116 <varlistentry>
117 <term><varname>SSID=</varname></term>
118 <listitem>
119 <para>A whitespace-separated list of shell-style globs matching the SSID of the currently
120 connected wireless LAN. If the list is prefixed with a "!", the test is inverted.
121 </para>
122 </listitem>
123 </varlistentry>
d9b20454 124
277ba8d1
YW		 125 <varlistentry>
126 <term><varname>BSSID=</varname></term>
127 <listitem>
128 <para>A whitespace-separated list of hardware address of the currently connected wireless
129 LAN. Use full colon-, hyphen- or dot-delimited hexadecimal. See the example in
e9dd6984
ZJS		 130 <varname>MACAddress=</varname>. This option may appear more than once, in which case the
131 lists are merged. If the empty string is assigned to this option, the list is reset.</para>
277ba8d1
YW		 132 </listitem>
133 </varlistentry>
d9b20454
ZJS		 134
135 <xi:include href="systemd.link.xml" xpointer="host" />
136 <xi:include href="systemd.link.xml" xpointer="virtualization" />
137 <xi:include href="systemd.link.xml" xpointer="kernel-command-line" />
138 <xi:include href="systemd.link.xml" xpointer="kernel-version" />
139 <xi:include href="systemd.link.xml" xpointer="architecture" />
798d3a52
ZJS		 140 </variablelist>
141
142 </refsect1>
143
144 <refsect1>
145 <title>[Link] Section Options</title>
146
bdac5608 147 <para> The [Link] section accepts the following keys:</para>
798d3a52
ZJS		 148
149 <variablelist class='network-directives'>
150 <varlistentry>
151 <term><varname>MACAddress=</varname></term>
152 <listitem>
de25aae1 153 <para>The hardware address to set for the device.</para>
798d3a52
ZJS		 154 </listitem>
155 </varlistentry>
156 <varlistentry>
157 <term><varname>MTUBytes=</varname></term>
158 <listitem>
159 <para>The maximum transmission unit in bytes to set for the
160 device. The usual suffixes K, M, G, are supported and are
161 understood to the base of 1024.</para>
439689c6
SS		 162 <para>Note that if IPv6 is enabled on the interface, and the MTU is chosen
163 below 1280 (the minimum MTU for IPv6) it will automatically be increased to this value.</para>
798d3a52
ZJS		 164 </listitem>
165 </varlistentry>
99d2baa2
SS		 166 <varlistentry>
167 <term><varname>ARP=</varname></term>
168 <listitem>
9b6ffef3
YW		 169 <para>Takes a boolean. If set to true, the ARP (low-level Address Resolution Protocol)
170 for this interface is enabled. When unset, the kernel's default will be used.</para>
99d2baa2
SS		 171 <para> For example, disabling ARP is useful when creating multiple MACVLAN or VLAN virtual
172 interfaces atop a single lower-level physical interface, which will then only serve as a
173 link/"bridge" device aggregating traffic to the same physical link and not participate in
937e305e 174 the network otherwise. Defaults to unset.</para>
99d2baa2
SS		 175 </listitem>
176 </varlistentry>
e6ebebbe
SS		 177 <varlistentry>
178 <term><varname>Multicast=</varname></term>
179 <listitem>
937e305e 180 <para>Takes a boolean. If set to true, the multicast flag on the device is enabled. Defaults to unset.</para>
866e6b7a
SS		 181 </listitem>
182 </varlistentry>
183 <varlistentry>
184 <term><varname>AllMulticast=</varname></term>
185 <listitem>
9b6ffef3 186 <para>Takes a boolean. If set to true, the driver retrieves all multicast packets from the network.
937e305e
SS		 187 This happens when multicast routing is enabled. Defaults to unset.</para>
188 </listitem>
189 </varlistentry>
190 <varlistentry>
191 <term><varname>Promiscuous=</varname></term>
192 <listitem>
193 <para>Takes a boolean. If set to true, promiscuous mode of the interface is enabled.
194 Defaults to unset.</para>
e6ebebbe
SS		 195 </listitem>
196 </varlistentry>
a09dc546
DM		 197 <varlistentry>
198 <term><varname>Unmanaged=</varname></term>
199 <listitem>
9b6ffef3 200 <para>Takes a boolean. When <literal>yes</literal>, no attempts are
a09dc546
DM		 201 made to bring up or configure matching links, equivalent to
202 when there are no matching network files. Defaults to
203 <literal>no</literal>.</para>
204 <para>This is useful for preventing later matching network
205 files from interfering with certain interfaces that are fully
206 controlled by other applications.</para>
207 </listitem>
208 </varlistentry>
89fe6535
SS		 209 <varlistentry>
210 <term><varname>Group=</varname></term>
211 <listitem>
212 <para>Link groups are similar to port ranges found in managed switches.
213 When network interfaces are added to a numbered group, operations on
214 all the interfaces from that group can be performed at once. An unsigned
e9dd6984 215 integer in the range 0—4294967294. Defaults to unset.</para>
89fe6535
SS		 216 </listitem>
217 </varlistentry>
0a9fb9ba
SS		 218 <varlistentry>
219 <term><varname>TransmitQueues=</varname></term>
220 <listitem>
221 <para>Specifies the devices's number of transmit queues. An integer in the range 1...4096.
222 When unset, the kernel's default will be used.</para>
223 </listitem>
224 </varlistentry>
225 <varlistentry>
226 <term><varname>ReceiveQueues=</varname></term>
227 <listitem>
228 <para>Specifies the devices's number of receive queues. An integer in the range 1...4096.
229 When unset, the kernel's default will be used.</para>
230 </listitem>
231 </varlistentry>
c1a38904
MTL		 232 <varlistentry>
233 <term><varname>RequiredForOnline=</varname></term>
234 <listitem>
75cd4a5d
DDM		 235 <para>Takes a boolean or a minimum operational state and an optional maximum operational state.
236 Please see <citerefentry><refentrytitle>networkctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
8d6082e4
YW		 237 for possible operational states. When <literal>yes</literal>, the network is deemed required when
238 determining whether the system is online when running
239 <command>systemd-networkd-wait-online</command>. When <literal>no</literal>, the network is ignored
75cd4a5d
DDM		 240 when checking for online state. When a minimum operational state and an optional maximum operational
241 state are set, <literal>yes</literal> is implied, and this controls the minimum and maximum
242 operational state required for the network interface to be considered online.
8d6082e4
YW		 243 Defaults to <literal>yes</literal>.</para>
244
c1a38904
MTL		 245 <para>The network will be brought up normally in all cases, but in
246 the event that there is no address being assigned by DHCP or the
247 cable is not plugged in, the link will simply remain offline and be
8d6082e4 248 skipped automatically by <command>systemd-networkd-wait-online</command>
ca92fe36 249 if <literal>RequiredForOnline=no</literal>.</para>
c1a38904
MTL		 250 </listitem>
251 </varlistentry>
798d3a52
ZJS		 252 </variablelist>
253 </refsect1>
254
518cd6b5
SS		 255 <refsect1>
256 <title>[SR-IOV] Section Options</title>
bdac5608
ZJS		 257 <para>The [SR-IOV] section accepts the following keys. Specify several [SR-IOV] sections to configure
258 several SR-IOVs. SR-IOV provides the ability to partition a single physical PCI resource into virtual
259 PCI functions which can then be injected into a VM. In the case of network VFs, SR-IOV improves
260 north-south network performance (that is, traffic with endpoints outside the host machine) by allowing
261 traffic to bypass the host machine’s network stack.</para>
518cd6b5
SS		 262
263 <variablelist class='network-directives'>
264 <varlistentry>
265 <term><varname>VirtualFunction=</varname></term>
266 <listitem>
267 <para>Specifies a Virtual Function (VF), lightweight PCIe function designed solely to move data
268 in and out. Takes an unsigned integer in the range 0..2147483646. This option is compulsory.</para>
269 </listitem>
270 </varlistentry>
271
272 <varlistentry>
273 <term><varname>VLANId=</varname></term>
274 <listitem>
275 <para>Specifies VLAN ID of the virtual function. Takes an unsigned integer in the range 1..4095.</para>
276 </listitem>
277 </varlistentry>
278
279 <varlistentry>
280 <term><varname>QualityOfService=</varname></term>
281 <listitem>
282 <para>Specifies quality of service of the virtual function. Takes an unsigned integer in the range 1..4294967294.</para>
283 </listitem>
e64b31c8
YW		 284 </varlistentry>
285
286 <varlistentry>
287 <term><varname>VLANProtocol=</varname></term>
288 <listitem>
289 <para>Specifies VLAN protocol of the virtual function. Takes <literal>802.1Q</literal> or
290 <literal>802.1ad</literal>.</para>
291 </listitem>
518cd6b5
SS		 292 </varlistentry>
293
294 <varlistentry>
295 <term><varname>MACSpoofCheck=</varname></term>
296 <listitem>
297 <para>Takes a boolean. Controls the MAC spoof checking. When unset, the kernel's default will be used.</para>
298 </listitem>
299 </varlistentry>
300
301 <varlistentry>
302 <term><varname>QueryReceiveSideScaling=</varname></term>
303 <listitem>
304 <para>Takes a boolean. Toggle the ability of querying the receive side scaling (RSS)
305 configuration of the virtual function (VF). The VF RSS information like RSS hash key may be
306 considered sensitive on some devices where this information is shared between VF and the
307 physical function (PF). When unset, the kernel's default will be used.</para>
308 </listitem>
309 </varlistentry>
310
311 <varlistentry>
312 <term><varname>Trust=</varname></term>
313 <listitem>
314 <para>Takes a boolean. Allows to set trust mode of the virtual function (VF). When set, VF
315 users can set a specific feature which may impact security and/or performance. When unset,
316 the kernel's default will be used.</para>
317 </listitem>
318 </varlistentry>
319
320 <varlistentry>
321 <term><varname>LinkState=</varname></term>
322 <listitem>
323 <para>Allows to set the link state of the virtual function (VF). Takes a boolean or a
324 special value <literal>auto</literal>. Setting to <literal>auto</literal> means a
325 reflection of the physical function (PF) link state, <literal>yes</literal> lets the VF to
326 communicate with other VFs on this host even if the PF link state is down,
327 <literal>no</literal> causes the hardware to drop any packets sent by the VF. When unset,
328 the kernel's default will be used.</para>
329 </listitem>
330 </varlistentry>
331
c3a5025d
YW		 332 <varlistentry>
333 <term><varname>MACAddress=</varname></term>
334 <listitem>
335 <para>Specifies the MAC address for the virtual function.</para>
336 </listitem>
337 </varlistentry>
518cd6b5
SS		 338 </variablelist>
339 </refsect1>
340
798d3a52
ZJS		 341 <refsect1>
342 <title>[Network] Section Options</title>
343
bdac5608 344 <para>The [Network] section accepts the following keys:</para>
798d3a52
ZJS		 345
346 <variablelist class='network-directives'>
347 <varlistentry>
348 <term><varname>Description=</varname></term>
349 <listitem>
350 <para>A description of the device. This is only used for
351 presentation purposes.</para>
352 </listitem>
353 </varlistentry>
354 <varlistentry>
355 <term><varname>DHCP=</varname></term>
356 <listitem>
ad943783 357 <para>Enables DHCPv4 and/or DHCPv6 client support. Accepts
798d3a52 358 <literal>yes</literal>, <literal>no</literal>,
c702bd3b
LY		 359 <literal>ipv4</literal>, or <literal>ipv6</literal>. Defaults
360 to <literal>no</literal>.</para>
e88d8021 361
f5a8c43f 362 <para>Note that DHCPv6 will by default be triggered by Router
7f3fdb7f 363 Advertisement, if that is enabled, regardless of this parameter.
f5a8c43f
TG		 364 By enabling DHCPv6 support explicitly, the DHCPv6 client will
365 be started regardless of the presence of routers on the link,
366 or what flags the routers pass. See
f921f573 367 <literal>IPv6AcceptRA=</literal>.</para>
f5a8c43f
TG		 368
369 <para>Furthermore, note that by default the domain name
e88d8021
ZJS		 370 specified through DHCP is not used for name resolution.
371 See option <option>UseDomains=</option> below.</para>
2ef322fc 372
bdac5608
ZJS		 373 <para>See the [DHCPv4] or [DHCPv6] sections below for further configuration options for the DHCP
374 client support.</para>
798d3a52
ZJS		 375 </listitem>
376 </varlistentry>
377 <varlistentry>
378 <term><varname>DHCPServer=</varname></term>
379 <listitem>
68b7f7ac 380 <para>Takes a boolean. If set to <literal>yes</literal>, DHCPv4 server will be started. Defaults
bdac5608 381 to <literal>no</literal>. Further settings for the DHCP server may be set in the [DHCPServer]
ad943783 382 section described below.</para>
798d3a52
ZJS		 383 </listitem>
384 </varlistentry>
385 <varlistentry>
56fd6bf7 386 <term><varname>LinkLocalAddressing=</varname></term>
798d3a52 387 <listitem>
3ca1fab7
ZJS		 388 <para>Enables link-local address autoconfiguration. Accepts <option>yes</option>,
389 <option>no</option>, <option>ipv4</option>, and <option>ipv6</option>. An IPv6 link-local address
390 is configured when <option>yes</option> or <option>ipv6</option>. An IPv4 link-local address is
0107b769
ZJS		 391 configured when <option>yes</option> or <option>ipv4</option> and when DHCPv4 autoconfiguration
392 has been unsuccessful for some time. (IPv4 link-local address autoconfiguration will usually
393 happen in parallel with repeated attempts to acquire a DHCPv4 lease).</para>
3ca1fab7
ZJS		 394
395 <para>Defaults to <option>no</option> when <varname>Bridge=yes</varname> is set, and
396 <option>ipv6</option> otherwise.</para>
798d3a52
ZJS		 397 </listitem>
398 </varlistentry>
6f6296b9
YW		 399 <varlistentry>
400 <term><varname>IPv6LinkLocalAddressGenerationMode=</varname></term>
401 <listitem>
402 <para>Specifies how IPv6 link local address is generated. Takes one of <literal>eui64</literal>,
403 <literal>none</literal>, <literal>stable-privacy</literal> and <literal>random</literal>.
404 When unset, the kernel's default will be used. Note that if <varname>LinkLocalAdressing=</varname>
405 not configured as <literal>ipv6</literal> then <varname>IPv6LinkLocalAddressGenerationMode=</varname>
406 is ignored.</para>
407 </listitem>
408 </varlistentry>
798d3a52
ZJS		 409 <varlistentry>
410 <term><varname>IPv4LLRoute=</varname></term>
411 <listitem>
9b6ffef3 412 <para>Takes a boolean. If set to true, sets up the route needed for
798d3a52
ZJS		 413 non-IPv4LL hosts to communicate with IPv4LL-only hosts. Defaults
414 to false.
415 </para>
416 </listitem>
417 </varlistentry>
5d5003ab
YW		 418 <varlistentry>
419 <term><varname>DefaultRouteOnDevice=</varname></term>
420 <listitem>
421 <para>Takes a boolean. If set to true, sets up the default route bound to the interface.
422 Defaults to false. This is useful when creating routes on point-to-point interfaces.
423 This is equivalent to e.g. the following.
424 <programlisting>ip route add default dev veth99</programlisting></para>
425 </listitem>
426 </varlistentry>
798d3a52 427 <varlistentry>
113bfde1
TG		 428 <term><varname>IPv6Token=</varname></term>
429 <listitem>
b27caa34
YW		 430 <para>Specifies an optional address generation mode for the Stateless Address
431 Autoconfiguration (SLAAC). Supported modes are <literal>prefixstable</literal> and
432 <literal>static</literal>.</para>
433
434 <para>When the mode is set to <literal>static</literal>, an IPv6 address must be
435 specified after a colon (<literal>:</literal>), and the lower bits of the supplied
436 address are combined with the upper bits of a prefix received in a Router Advertisement
437 (RA) message to form a complete address. Note that if multiple prefixes are received in an
438 RA message, or in multiple RA messages, addresses will be formed from each of them using
439 the supplied address. This mode implements SLAAC but uses a static interface identifier
440 instead of an identifier generated by using the EUI-64 algorithm. Because the interface
441 identifier is static, if Duplicate Address Detection detects that the computed address is a
442 duplicate (in use by another node on the link), then this mode will fail to provide an
443 address for that prefix. If an IPv6 address without mode is specified, then
444 <literal>static</literal> mode is assumed.</para>
445
446 <para>When the mode is set to <literal>prefixstable</literal> the
447 <ulink url="https://tools.ietf.org/html/rfc7217">RFC 7217</ulink> algorithm for generating
448 interface identifiers will be used. This mode can optionally take an IPv6 address separated
449 with a colon (<literal>:</literal>). If an IPv6 address is specified, then an interface
450 identifier is generated only when a prefix received in an RA message matches the supplied
451 address.</para>
452
453 <para>If no address generation mode is specified (which is the default), or a received
454 prefix does not match any of the addresses provided in <literal>prefixstable</literal>
455 mode, then the EUI-64 algorithm will be used to form an interface identifier for that
456 prefix. This mode is also SLAAC, but with a potentially stable interface identifier which
457 does not directly map to the interface's hardware address.</para>
458
459 <para>Note that the <literal>prefixstable</literal> algorithm uses both the interface
460 name and MAC address as input to the hash to compute the interface identifier, so if either
461 of those are changed the resulting interface identifier (and address) will change, even if
462 the prefix received in the RA message has not changed.</para>
463
464 <para>This setting can be specified multiple times. If an empty string is assigned, then
465 the all previous assignments are cleared.</para>
466
467 <para>Examples:
468 <programlisting>IPv6Token=::1a:2b:3c:4d
469IPv6Token=static:::1a:2b:3c:4d
470IPv6Token=prefixstable
471IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
113bfde1
TG		 472 </listitem>
473 </varlistentry>
474 <varlistentry>
798d3a52
ZJS		 475 <term><varname>LLMNR=</varname></term>
476 <listitem>
9b6ffef3 477 <para>Takes a boolean or <literal>resolve</literal>. When true,
aaa297d4
LP		 478 enables <ulink
479 url="https://tools.ietf.org/html/rfc4795">Link-Local
480 Multicast Name Resolution</ulink> on the link. When set to
481 <literal>resolve</literal>, only resolution is enabled,
482 but not host registration and announcement. Defaults to
483 true. This setting is read by
484 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
485 </listitem>
486 </varlistentry>
487 <varlistentry>
488 <term><varname>MulticastDNS=</varname></term>
489 <listitem>
9b6ffef3 490 <para>Takes a boolean or <literal>resolve</literal>. When true,
aaa297d4
LP		 491 enables <ulink
492 url="https://tools.ietf.org/html/rfc6762">Multicast
493 DNS</ulink> support on the link. When set to
494 <literal>resolve</literal>, only resolution is enabled,
495 but not host or service registration and
496 announcement. Defaults to false. This setting is read by
497 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
798d3a52
ZJS		 498 </listitem>
499 </varlistentry>
30e59c84 500 <varlistentry>
c9299be2 501 <term><varname>DNSOverTLS=</varname></term>
30e59c84 502 <listitem>
4310bfc2
IT		 503 <para>Takes a boolean or <literal>opportunistic</literal>.
504 When true, enables
30e59c84
IT		 505 <ulink
506 url="https://tools.ietf.org/html/rfc7858">DNS-over-TLS</ulink>
4310bfc2
IT		 507 support on the link.
508 When set to <literal>opportunistic</literal>, compatibility with
509 non-DNS-over-TLS servers is increased, by automatically
510 turning off DNS-over-TLS servers in this case.
511 This option defines a per-interface setting for
30e59c84 512 <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s
c9299be2 513 global <varname>DNSOverTLS=</varname> option. Defaults to
30e59c84
IT		 514 false. This setting is read by
515 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
516 </listitem>
517 </varlistentry>
ad6c0475
LP		 518 <varlistentry>
519 <term><varname>DNSSEC=</varname></term>
520 <listitem>
e9dd6984
ZJS		 521 <para>Takes a boolean or <literal>allow-downgrade</literal>. When true, enables
522 <ulink url="https://tools.ietf.org/html/rfc4033">DNSSEC</ulink>
ad6c0475
LP		 523 DNS validation support on the link. When set to
524 <literal>allow-downgrade</literal>, compatibility with
525 non-DNSSEC capable networks is increased, by automatically
785889e5 526 turning off DNSSEC in this case. This option defines a
ad6c0475
LP		 527 per-interface setting for
528 <citerefentry><refentrytitle>resolved.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>'s
529 global <varname>DNSSEC=</varname> option. Defaults to
530 false. This setting is read by
531 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
532 </listitem>
533 </varlistentry>
8a516214
LP		 534 <varlistentry>
535 <term><varname>DNSSECNegativeTrustAnchors=</varname></term>
536 <listitem><para>A space-separated list of DNSSEC negative
537 trust anchor domains. If specified and DNSSEC is enabled,
538 look-ups done via the interface's DNS server will be subject
539 to the list of negative trust anchors, and not require
540 authentication for the specified domains, or anything below
541 it. Use this to disable DNSSEC authentication for specific
542 private domains, that cannot be proven valid using the
543 Internet DNS hierarchy. Defaults to the empty list. This
544 setting is read by
545 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
546 </listitem>
547 </varlistentry>
798d3a52
ZJS		 548 <varlistentry>
549 <term><varname>LLDP=</varname></term>
550 <listitem>
da6c766d
LP		 551 <para>Controls support for Ethernet LLDP packet reception. LLDP is a link-layer protocol commonly
552 implemented on professional routers and bridges which announces which physical port a system is connected
553 to, as well as other related data. Accepts a boolean or the special value
34437b4f
LP		 554 <literal>routers-only</literal>. When true, incoming LLDP packets are accepted and a database of all LLDP
555 neighbors maintained. If <literal>routers-only</literal> is set only LLDP data of various types of routers
556 is collected and LLDP data about other types of devices ignored (such as stations, telephones and
7cececb2 557 others). If false, LLDP reception is disabled. Defaults to <literal>routers-only</literal>. Use
34437b4f 558 <citerefentry><refentrytitle>networkctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to query the
da6c766d
LP		 559 collected neighbor data. LLDP is only available on Ethernet links. See <varname>EmitLLDP=</varname> below
560 for enabling LLDP packet emission from the local system.
798d3a52
ZJS		 561 </para>
562 </listitem>
563 </varlistentry>
da6c766d
LP		 564 <varlistentry>
565 <term><varname>EmitLLDP=</varname></term>
566 <listitem>
7272b25e
LP		 567 <para>Controls support for Ethernet LLDP packet emission. Accepts a boolean parameter or the special values
568 <literal>nearest-bridge</literal>, <literal>non-tpmr-bridge</literal> and
569 <literal>customer-bridge</literal>. Defaults to false, which turns off LLDP packet emission. If not false,
570 a short LLDP packet with information about the local system is sent out in regular intervals on the
38b38500 571 link. The LLDP packet will contain information about the local hostname, the local machine ID (as stored
7272b25e 572 in <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>) and the
da6c766d
LP		 573 local interface name, as well as the pretty hostname of the system (as set in
574 <citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry>). LLDP
7272b25e
LP		 575 emission is only available on Ethernet links. Note that this setting passes data suitable for
576 identification of host to the network and should thus not be enabled on untrusted networks, where such
577 identification data should not be made available. Use this option to permit other systems to identify on
578 which interfaces they are connected to this system. The three special values control propagation of the
579 LLDP packets. The <literal>nearest-bridge</literal> setting permits propagation only to the nearest
580 connected bridge, <literal>non-tpmr-bridge</literal> permits propagation across Two-Port MAC Relays, but
581 not any other bridges, and <literal>customer-bridge</literal> permits propagation until a customer bridge
582 is reached. For details about these concepts, see <ulink
6a1bae83 583 url="https://standards.ieee.org/findstds/standard/802.1AB-2016.html">IEEE 802.1AB-2016</ulink>. Note that
7272b25e
LP		 584 configuring this setting to true is equivalent to <literal>nearest-bridge</literal>, the recommended and
585 most restricted level of propagation. See <varname>LLDP=</varname> above for an option to enable LLDP
586 reception.</para>
da6c766d
LP		 587 </listitem>
588 </varlistentry>
e9a8c550 589
0d4ad91d
AR		 590 <varlistentry>
591 <term><varname>BindCarrier=</varname></term>
592 <listitem>
2ae7505f
TG		 593 <para>A link name or a list of link names. When set, controls the behavior of the current
594 link. When all links in the list are in an operational down state, the current link is brought
595 down. When at least one link has carrier, the current interface is brought up.
0d4ad91d
AR		 596 </para>
597 </listitem>
598 </varlistentry>
798d3a52
ZJS		 599 <varlistentry>
600 <term><varname>Address=</varname></term>
601 <listitem>
602 <para>A static IPv4 or IPv6 address and its prefix length,
603 separated by a <literal>/</literal> character. Specify
604 this key more than once to configure several addresses.
605 The format of the address must be as described in
3ba3a79d 606 <citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a52
ZJS		 607 This is a short-hand for an [Address] section only
608 containing an Address key (see below). This option may be
609 specified more than once.
610 </para>
611
e6ef3a13
YW		 612 <para>If the specified address is <literal>0.0.0.0</literal> (for IPv4) or <literal>::</literal>
613 (for IPv6), a new address range of the requested size is automatically allocated from a
614 system-wide pool of unused ranges. Note that the prefix length must be equal or larger than 8 for
615 IPv4, and 64 for IPv6. The allocated range is checked against all current network interfaces and
616 all known network configuration files to avoid address range conflicts. The default system-wide
617 pool consists of 192.168.0.0/16, 172.16.0.0/12 and 10.0.0.0/8 for IPv4, and fd00::/8 for IPv6.
618 This functionality is useful to manage a large number of dynamically created network interfaces
619 with the same network configuration and automatic address range assignment.</para>
798d3a52
ZJS		 620
621 </listitem>
622 </varlistentry>
623 <varlistentry>
624 <term><varname>Gateway=</varname></term>
625 <listitem>
626 <para>The gateway address, which must be in the format
627 described in
3ba3a79d 628 <citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a52
ZJS		 629 This is a short-hand for a [Route] section only containing
630 a Gateway key. This option may be specified more than
631 once.</para>
632 </listitem>
633 </varlistentry>
634 <varlistentry>
635 <term><varname>DNS=</varname></term>
636 <listitem>
637 <para>A DNS server address, which must be in the format
638 described in
3ba3a79d 639 <citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
711dd5db
YW		 640 This option may be specified more than once. Each address can optionally take a port number
641 separated with <literal>:</literal>, a network interface name or index separated with
642 <literal>%</literal>, and a Server Name Indication (SNI) separated with <literal>#</literal>.
643 When IPv6 address is specified with a port number, then the address must be in the square
644 brackets. That is, the acceptable full formats are
645 <literal>111.222.333.444:9953%ifname#example.com</literal> for IPv4 and
646 <literal>[1111:2222::3333]:9953%ifname#example.com</literal> for IPv6. This setting can be
647 specified multiple times. If an empty string is assigned, then the all previous assignments
648 are cleared. This setting is read by
3df9bec5 649 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
798d3a52
ZJS		 650 </listitem>
651 </varlistentry>
652 <varlistentry>
653 <term><varname>Domains=</varname></term>
654 <listitem>
cd517eb7
ZJS		 655 <para>A whitespace-separated list of domains which should be resolved using the DNS servers on
656 this link. Each item in the list should be a domain name, optionally prefixed with a tilde
657 (<literal>~</literal>). The domains with the prefix are called "routing-only domains". The
658 domains without the prefix are called "search domains" and are first used as search suffixes for
38b38500
ZJS		 659 extending single-label hostnames (hostnames containing no dots) to become fully qualified
660 domain names (FQDNs). If a single-label hostname is resolved on this interface, each of the
cd517eb7
ZJS		 661 specified search domains are appended to it in turn, converting it into a fully qualified domain
662 name, until one of them may be successfully resolved.</para>
2df22529 663
38b38500 664 <para>Both "search" and "routing-only" domains are used for routing of DNS queries: look-ups for hostnames
2df22529
ZJS		 665 ending in those domains (hence also single label names, if any "search domains" are listed), are routed to
666 the DNS servers configured for this interface. The domain routing logic is particularly useful on
667 multi-homed hosts with DNS servers serving particular private DNS zones on each interface.</para>
668
669 <para>The "routing-only" domain <literal>~.</literal> (the tilde indicating definition of a routing domain,
670 the dot referring to the DNS root domain which is the implied suffix of all valid DNS names) has special
671 effect. It causes all DNS traffic which does not match another configured domain routing entry to be routed
672 to DNS servers specified for this interface. This setting is useful to prefer a certain set of DNS servers
673 if a link on which they are connected is available.</para>
3df9bec5
LP		 674
675 <para>This setting is read by
2df22529
ZJS		 676 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
677 "Search domains" correspond to the <varname>domain</varname> and <varname>search</varname> entries in
98e9d710 678 <citerefentry project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
2df22529
ZJS		 679 Domain name routing has no equivalent in the traditional glibc API, which has no concept of domain
680 name servers limited to a specific link.</para>
798d3a52
ZJS		 681 </listitem>
682 </varlistentry>
7ece6f58
LP		 683 <varlistentry>
684 <term><varname>DNSDefaultRoute=</varname></term>
685 <listitem>
686 <para>Takes a boolean argument. If true, this link's configured DNS servers are used for resolving domain
687 names that do not match any link's configured <varname>Domains=</varname> setting. If false, this link's
688 configured DNS servers are never used for such domains, and are exclusively used for resolving names that
689 match at least one of the domains configured on this link. If not specified defaults to an automatic mode:
690 queries not matching any link's configured domains will be routed to this link if it has no routing-only
691 domains configured.</para>
692 </listitem>
693 </varlistentry>
798d3a52
ZJS		 694 <varlistentry>
695 <term><varname>NTP=</varname></term>
696 <listitem>
2a71d57f 697 <para>An NTP server address (either an IP address, or a hostname). This option may be specified more than once. This setting is read by
3df9bec5 698 <citerefentry><refentrytitle>systemd-timesyncd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
798d3a52
ZJS		 699 </listitem>
700 </varlistentry>
701 <varlistentry>
702 <term><varname>IPForward=</varname></term>
765afd5c
LP		 703 <listitem><para>Configures IP packet forwarding for the
704 system. If enabled, incoming packets on any network
705 interface will be forwarded to any other interfaces
9b6ffef3
YW		 706 according to the routing table. Takes a boolean,
707 or the values <literal>ipv4</literal> or
765afd5c
LP		 708 <literal>ipv6</literal>, which only enable IP packet
709 forwarding for the specified address family. This controls
710 the <filename>net.ipv4.ip_forward</filename> and
711 <filename>net.ipv6.conf.all.forwarding</filename> sysctl
712 options of the network interface (see <ulink
4046d836
LP		 713 url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink>
714 for details about sysctl options). Defaults to
715 <literal>no</literal>.</para>
716
765afd5c
LP		 717 <para>Note: this setting controls a global kernel option,
718 and does so one way only: if a network that has this setting
719 enabled is set up the global setting is turned on. However,
720 it is never turned off again, even after all networks with
721 this setting enabled are shut down again.</para>
722
723 <para>To allow IP packet forwarding only between specific
724 network interfaces use a firewall.</para>
4046d836 725 </listitem>
798d3a52
ZJS		 726 </varlistentry>
727 <varlistentry>
728 <term><varname>IPMasquerade=</varname></term>
729 <listitem><para>Configures IP masquerading for the network
b938cb90 730 interface. If enabled, packets forwarded from the network
798d3a52
ZJS		 731 interface will be appear as coming from the local host.
732 Takes a boolean argument. Implies
5c82dd13 733 <varname>IPForward=ipv4</varname>. Defaults to
4046d836 734 <literal>no</literal>.</para></listitem>
798d3a52 735 </varlistentry>
a46e37cb
SS		 736 <varlistentry>
737 <term><varname>IPv6PrivacyExtensions=</varname></term>
1f0d9695
LP		 738 <listitem><para>Configures use of stateless temporary
739 addresses that change over time (see <ulink
740 url="https://tools.ietf.org/html/rfc4941">RFC 4941</ulink>,
741 Privacy Extensions for Stateless Address Autoconfiguration
742 in IPv6). Takes a boolean or the special values
743 <literal>prefer-public</literal> and
b938cb90 744 <literal>kernel</literal>. When true, enables the privacy
1f0d9695 745 extensions and prefers temporary addresses over public
b938cb90 746 addresses. When <literal>prefer-public</literal>, enables the
1f0d9695
LP		 747 privacy extensions, but prefers public addresses over
748 temporary addresses. When false, the privacy extensions
b938cb90 749 remain disabled. When <literal>kernel</literal>, the kernel's
1f0d9695 750 default setting will be left in place. Defaults to
a46e37cb
SS		 751 <literal>no</literal>.</para></listitem>
752 </varlistentry>
941d0aa8 753 <varlistentry>
f921f573 754 <term><varname>IPv6AcceptRA=</varname></term>
c7fe06fb
ZJS		 755 <listitem><para>Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the
756 interface. If true, RAs are accepted; if false, RAs are ignored. When RAs are accepted, they may
757 trigger the start of the DHCPv6 client if the relevant flags are set in the RA data, or if no
758 routers are found on the link. The default is to disable RA reception for bridge devices or when IP
759 forwarding is enabled, and to enable it otherwise. Cannot be enabled on bond devices and when link
86b52a39 760 local addressing is disabled.</para>
1e7a0e21 761
bdac5608
ZJS		 762 <para>Further settings for the IPv6 RA support may be configured in the [IPv6AcceptRA] section, see
763 below.</para>
1e7a0e21
LP		 764
765 <para>Also see <ulink
766 url="https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt">ip-sysctl.txt</ulink> in the kernel
767 documentation regarding <literal>accept_ra</literal>, but note that systemd's setting of
768 <constant>1</constant> (i.e. true) corresponds to kernel's setting of <constant>2</constant>.</para>
c4a05aa1 769
b3454e1e
YW		 770 <para>Note that kernel's implementation of the IPv6 RA protocol is always disabled,
771 regardless of this setting. If this option is enabled, a userspace implementation of the IPv6
772 RA protocol is used, and the kernel's own implementation remains disabled, since
773 <command>systemd-networkd</command> needs to know all details supplied in the advertisements,
774 and these are not available from the kernel if the kernel's own implementation is used.</para>
ebf98081 775 </listitem>
941d0aa8 776 </varlistentry>
44de7fb1
SS		 777 <varlistentry>
778 <term><varname>IPv6DuplicateAddressDetection=</varname></term>
a8eaaee7 779 <listitem><para>Configures the amount of IPv6 Duplicate
025314d9 780 Address Detection (DAD) probes to send. When unset, the kernel's default will be used.
44de7fb1
SS		 781 </para></listitem>
782 </varlistentry>
a86cba89
SS		 783 <varlistentry>
784 <term><varname>IPv6HopLimit=</varname></term>
785 <listitem><para>Configures IPv6 Hop Limit. For each router that
786 forwards the packet, the hop limit is decremented by 1. When the
787 hop limit field reaches zero, the packet is discarded.
025314d9 788 When unset, the kernel's default will be used.
a86cba89
SS		 789 </para></listitem>
790 </varlistentry>
94d76d07
YW		 791 <varlistentry>
792 <term><varname>IPv4AcceptLocal=</varname></term>
793 <listitem><para>Takes a boolean. Accept packets with local source addresses. In combination
794 with suitable routing, this can be used to direct packets between two local interfaces over
795 the wire and have them accepted properly. When unset, the kernel's default will be used.
796 </para></listitem>
797 </varlistentry>
23d8b221 798 <varlistentry>
8f9a206b 799 <term><varname>IPv4ProxyARP=</varname></term>
9b6ffef3 800 <listitem><para>Takes a boolean. Configures proxy ARP for IPv4. Proxy ARP is the technique in which one host,
23d8b221 801 usually a router, answers ARP requests intended for another machine. By "faking" its identity,
e9dd6984 802 the router accepts responsibility for routing packets to the "real" destination. See <ulink
23d8b221 803 url="https://tools.ietf.org/html/rfc1027">RFC 1027</ulink>.
025314d9 804 When unset, the kernel's default will be used.
23d8b221
SS		 805 </para></listitem>
806 </varlistentry>
a0e5c15d 807 <varlistentry>
465dfe59 808 <term><varname>IPv6ProxyNDP=</varname></term>
9b6ffef3 809 <listitem><para>Takes a boolean. Configures proxy NDP for IPv6. Proxy NDP (Neighbor Discovery
465dfe59
HV		 810 Protocol) is a technique for IPv6 to allow routing of addresses to a different
811 destination when peers expect them to be present on a certain physical link.
a0e5c15d
FK		 812 In this case a router answers Neighbour Advertisement messages intended for
813 another machine by offering its own MAC address as destination.
465dfe59 814 Unlike proxy ARP for IPv4, it is not enabled globally, but will only send Neighbour
a0e5c15d 815 Advertisement messages for addresses in the IPv6 neighbor proxy table,
465dfe59
HV		 816 which can also be shown by <command>ip -6 neighbour show proxy</command>.
817 systemd-networkd will control the per-interface `proxy_ndp` switch for each configured
818 interface depending on this option.
025314d9 819 When unset, the kernel's default will be used.
465dfe59
HV		 820 </para></listitem>
821 </varlistentry>
822 <varlistentry>
823 <term><varname>IPv6ProxyNDPAddress=</varname></term>
824 <listitem><para>An IPv6 address, for which Neighbour Advertisement messages will be
825 proxied. This option may be specified more than once. systemd-networkd will add the
826 <option>IPv6ProxyNDPAddress=</option> entries to the kernel's IPv6 neighbor proxy table.
964c4eda 827 This option implies <option>IPv6ProxyNDP=yes</option> but has no effect if
025314d9 828 <option>IPv6ProxyNDP</option> has been set to false. When unset, the kernel's default will be used.
a0e5c15d
FK		 829 </para></listitem>
830 </varlistentry>
3f9e0236 831 <varlistentry>
e5ff2245
YW		 832 <term><varname>IPv6SendRA=</varname></term>
833 <listitem><para>Whether to enable or disable Router Advertisement sending on a link. Takes a
834 boolean value. When enabled, prefixes configured in [IPv6Prefix] sections and routes
835 configured in [IPv6RoutePrefix] sections are distributed as defined in the [IPv6SendRA]
836 section. If <varname>DHCPv6PrefixDelegation=</varname> is enabled, then the delegated
837 prefixes are also distributed. See <varname>DHCPv6PrefixDelegation=</varname> setting and the
838 [IPv6SendRA], [IPv6Prefix], [IPv6RoutePrefix], and [DHCPv6PrefixDelegation] sections for more
bdac5608 839 configuration options.</para></listitem>
3f9e0236 840 </varlistentry>
e5ff2245
YW		 841 <varlistentry>
842 <term><varname>DHCPv6PrefixDelegation=</varname></term>
843 <listitem><para>Takes a boolean value. When enabled, requests prefixes using a DHCPv6 client
844 configured on another link. By default, an address within each delegated prefix will be
845 assigned, and the prefixes will be announced through IPv6 Router Advertisement when
846 <varname>IPv6SendRA=</varname> is enabled. Such default settings can be configured in
9f2c260e 847 [DHCPv6PrefixDelegation] section. Defaults to disabled.</para></listitem>
e5ff2245 848 </varlistentry>
11102cba
SS		 849 <varlistentry>
850 <term><varname>IPv6MTUBytes=</varname></term>
851 <listitem><para>Configures IPv6 maximum transmission unit (MTU).
025314d9 852 An integer greater than or equal to 1280 bytes. When unset, the kernel's default will be used.
11102cba
SS		 853 </para></listitem>
854 </varlistentry>
798d3a52
ZJS		 855 <varlistentry>
856 <term><varname>Bridge=</varname></term>
857 <listitem>
9e35b3de
ZJS		 858 <para>The name of the bridge to add the link to. See
859 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
860 </para>
798d3a52
ZJS		 861 </listitem>
862 </varlistentry>
863 <varlistentry>
864 <term><varname>Bond=</varname></term>
865 <listitem>
9e35b3de
ZJS		 866 <para>The name of the bond to add the link to. See
867 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
868 </para>
798d3a52
ZJS		 869 </listitem>
870 </varlistentry>
6cb955c6
AR		 871 <varlistentry>
872 <term><varname>VRF=</varname></term>
873 <listitem>
9e35b3de
ZJS		 874 <para>The name of the VRF to add the link to. See
875 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
876 </para>
6cb955c6
AR		 877 </listitem>
878 </varlistentry>
798d3a52
ZJS		 879 <varlistentry>
880 <term><varname>VLAN=</varname></term>
881 <listitem>
9e35b3de
ZJS		 882 <para>The name of a VLAN to create on the link. See
883 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
884 This option may be specified more than once.</para>
798d3a52
ZJS		 885 </listitem>
886 </varlistentry>
2479c4fe 887 <varlistentry>
888 <term><varname>IPVLAN=</varname></term>
889 <listitem>
890 <para>The name of a IPVLAN to create on the link. See
891 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
892 This option may be specified more than once.</para>
893 </listitem>
894 </varlistentry>
798d3a52
ZJS		 895 <varlistentry>
896 <term><varname>MACVLAN=</varname></term>
897 <listitem>
9e35b3de
ZJS		 898 <para>The name of a MACVLAN to create on the link. See
899 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
900 This option may be specified more than once.</para>
798d3a52
ZJS		 901 </listitem>
902 </varlistentry>
903 <varlistentry>
904 <term><varname>VXLAN=</varname></term>
905 <listitem>
9e35b3de
ZJS		 906 <para>The name of a VXLAN to create on the link. See
907 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
908 This option may be specified more than once.</para>
798d3a52
ZJS		 909 </listitem>
910 </varlistentry>
911 <varlistentry>
912 <term><varname>Tunnel=</varname></term>
913 <listitem>
9e35b3de
ZJS		 914 <para>The name of a Tunnel to create on the link. See
915 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
916 This option may be specified more than once.</para>
798d3a52
ZJS		 917 </listitem>
918 </varlistentry>
81962db7
SS		 919 <varlistentry>
920 <term><varname>MACsec=</varname></term>
921 <listitem>
922 <para>The name of a MACsec device to create on the link. See
923 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
924 This option may be specified more than once.</para>
925 </listitem>
926 </varlistentry>
dd5f3175
SS		 927 <varlistentry>
928 <term><varname>ActiveSlave=</varname></term>
929 <listitem>
9b6ffef3 930 <para>Takes a boolean. Specifies the new active slave. The <literal>ActiveSlave=</literal>
dd5f3175
SS		 931 option is only valid for following modes:
932 <literal>active-backup</literal>,
933 <literal>balance-alb</literal> and
934 <literal>balance-tlb</literal>. Defaults to false.
935 </para>
936 </listitem>
937 </varlistentry>
938 <varlistentry>
939 <term><varname>PrimarySlave=</varname></term>
940 <listitem>
9b6ffef3 941 <para>Takes a boolean. Specifies which slave is the primary device. The specified
dd5f3175
SS		 942 device will always be the active slave while it is available. Only when the
943 primary is off-line will alternate devices be used. This is useful when
944 one slave is preferred over another, e.g. when one slave has higher throughput
945 than another. The <literal>PrimarySlave=</literal> option is only valid for
946 following modes:
947 <literal>active-backup</literal>,
948 <literal>balance-alb</literal> and
949 <literal>balance-tlb</literal>. Defaults to false.
950 </para>
951 </listitem>
952 </varlistentry>
dad2d78e
SS		 953 <varlistentry>
954 <term><varname>ConfigureWithoutCarrier=</varname></term>
955 <listitem>
9b6ffef3 956 <para>Takes a boolean. Allows networkd to configure a specific link even if it has no carrier.
bd0d471c
DS		 957 Defaults to false. If <option>IgnoreCarrierLoss=</option> is not explicitly set, it will
958 default to this value.
dad2d78e
SS		 959 </para>
960 </listitem>
961 </varlistentry>
93b4dab5
SS		 962 <varlistentry>
963 <term><varname>IgnoreCarrierLoss=</varname></term>
964 <listitem>
bd0d471c
DS		 965 <para>Takes a boolean. Allows networkd to retain both the static and dynamic configuration
966 of the interface even if its carrier is lost. When unset, the value specified with
967 <option>ConfigureWithoutCarrier=</option> is used.
93b4dab5
SS		 968 </para>
969 </listitem>
970 </varlistentry>
98d20a17 971 <varlistentry>
972 <term><varname>Xfrm=</varname></term>
973 <listitem>
974 <para>The name of the xfrm to create on the link. See
975 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
976 This option may be specified more than once.</para>
977 </listitem>
978 </varlistentry>
c98d78d3
YW		 979 <varlistentry>
980 <term><varname>KeepConfiguration=</varname></term>
981 <listitem>
982 <para>Takes a boolean or one of <literal>static</literal>, <literal>dhcp-on-stop</literal>,
983 <literal>dhcp</literal>. When <literal>static</literal>, <command>systemd-networkd</command>
984 will not drop static addresses and routes on starting up process. When set to
985 <literal>dhcp-on-stop</literal>, <command>systemd-networkd</command> will not drop addresses
986 and routes on stopping the daemon. When <literal>dhcp</literal>,
987 the addresses and routes provided by a DHCP server will never be dropped even if the DHCP
988 lease expires. This is contrary to the DHCP specification, but may be the best choice if,
989 e.g., the root filesystem relies on this connection. The setting <literal>dhcp</literal>
990 implies <literal>dhcp-on-stop</literal>, and <literal>yes</literal> implies
80060352
ZJS		 991 <literal>dhcp</literal> and <literal>static</literal>. Defaults to <literal>no</literal>.
992 </para>
c98d78d3
YW		 993 </listitem>
994 </varlistentry>
93b4dab5 995
798d3a52
ZJS		 996 </variablelist>
997
998 </refsect1>
999
1000 <refsect1>
1001 <title>[Address] Section Options</title>
1002
bdac5608 1003 <para>An [Address] section accepts the following keys. Specify several [Address]
798d3a52
ZJS		 1004 sections to configure several addresses.</para>
1005
1006 <variablelist class='network-directives'>
1007 <varlistentry>
1008 <term><varname>Address=</varname></term>
1009 <listitem>
bdac5608
ZJS		 1010 <para>As in the [Network] section. This key is mandatory. Each [Address] section can contain one
1011 <varname>Address=</varname> setting.</para>
798d3a52
ZJS		 1012 </listitem>
1013 </varlistentry>
1014 <varlistentry>
1015 <term><varname>Peer=</varname></term>
1016 <listitem>
1017 <para>The peer address in a point-to-point connection.
4e68898e 1018 Accepts the same format as the <varname>Address=</varname>
798d3a52
ZJS		 1019 key.</para>
1020 </listitem>
1021 </varlistentry>
1022 <varlistentry>
1023 <term><varname>Broadcast=</varname></term>
1024 <listitem>
1025 <para>The broadcast address, which must be in the format
1026 described in
3ba3a79d 1027 <citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
798d3a52 1028 This key only applies to IPv4 addresses. If it is not
4e68898e 1029 given, it is derived from the <varname>Address=</varname>
798d3a52
ZJS		 1030 key.</para>
1031 </listitem>
1032 </varlistentry>
1033 <varlistentry>
1034 <term><varname>Label=</varname></term>
1035 <listitem>
1036 <para>An address label.</para>
1037 </listitem>
1038 </varlistentry>
b5834a0b
SS		 1039 <varlistentry>
1040 <term><varname>PreferredLifetime=</varname></term>
1041 <listitem>
1042 <para>Allows the default "preferred lifetime" of the address to be overridden.
1043 Only three settings are accepted: <literal>forever</literal> or <literal>infinity</literal>
1044 which is the default and means that the address never expires, and <literal>0</literal> which means
1045 that the address is considered immediately "expired" and will not be used,
1046 unless explicitly requested. A setting of PreferredLifetime=0 is useful for
1047 addresses which are added to be used only by a specific application,
1048 which is then configured to use them explicitly.</para>
1049 </listitem>
1050 </varlistentry>
2959fb07
SS		 1051 <varlistentry>
1052 <term><varname>Scope=</varname></term>
1053 <listitem>
1054 <para>The scope of the address, which can be <literal>global</literal>,
e9dd6984 1055 <literal>link</literal> or <literal>host</literal> or an unsigned integer in the range 0—255.
2959fb07
SS		 1056 Defaults to <literal>global</literal>.</para>
1057 </listitem>
1058 </varlistentry>
e63be084
SS		 1059 <varlistentry>
1060 <term><varname>HomeAddress=</varname></term>
1061 <listitem>
9b6ffef3 1062 <para>Takes a boolean. Designates this address the "home address" as defined in
e63be084
SS		 1063 <ulink url="https://tools.ietf.org/html/rfc6275">RFC 6275</ulink>.
1064 Supported only on IPv6. Defaults to false.</para>
1065 </listitem>
1066 </varlistentry>
1067 <varlistentry>
1068 <term><varname>DuplicateAddressDetection=</varname></term>
1069 <listitem>
051e77ca
SS		 1070 <para>Takes one of <literal>ipv4</literal>, <literal>ipv6</literal>,
1071 <literal>both</literal>, <literal>none</literal>. When <literal>ipv4</literal>,
1072 performs IPv4 Duplicate Address Detection. See
1073 <ulink url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>.
1074 When <literal>ipv6</literal>, performs IPv6 Duplicate Address Detection. See
1075 <ulink url="https://tools.ietf.org/html/rfc4862">RFC 4862</ulink>.
1076 Defaults to <literal>ipv6</literal>.</para>
e63be084
SS		 1077 </listitem>
1078 </varlistentry>
1079 <varlistentry>
1080 <term><varname>ManageTemporaryAddress=</varname></term>
1081 <listitem>
9b6ffef3 1082 <para>Takes a boolean. If true the kernel manage temporary addresses created
e63be084
SS		 1083 from this one as template on behalf of Privacy Extensions
1084 <ulink url="https://tools.ietf.org/html/rfc3041">RFC 3041</ulink>. For this to become
1085 active, the use_tempaddr sysctl setting has to be set to a value greater than zero.
11fcfc53 1086 The given address needs to have a prefix length of 64. This flag allows using privacy
e63be084
SS		 1087 extensions in a manually configured network, just like if stateless auto-configuration
1088 was active. Defaults to false. </para>
1089 </listitem>
1090 </varlistentry>
1091 <varlistentry>
de697db0 1092 <term><varname>AddPrefixRoute=</varname></term>
e63be084 1093 <listitem>
de697db0
YW		 1094 <para>Takes a boolean. When true, the prefix route for the address is automatically added.
1095 Defaults to true.</para>
e63be084
SS		 1096 </listitem>
1097 </varlistentry>
1098 <varlistentry>
1099 <term><varname>AutoJoin=</varname></term>
1100 <listitem>
9b6ffef3 1101 <para>Takes a boolean. Joining multicast group on ethernet level via
e63be084
SS		 1102 <command>ip maddr</command> command would not work if we have an Ethernet switch that does
1103 IGMP snooping since the switch would not replicate multicast packets on ports that did not
1104 have IGMP reports for the multicast addresses. Linux vxlan interfaces created via
1105 <command>ip link add vxlan</command> or networkd's netdev kind vxlan have the group option
1106 that enables then to do the required join. By extending ip address command with option
1107 <literal>autojoin</literal> we can get similar functionality for openvswitch (OVS) vxlan
1108 interfaces as well as other tunneling mechanisms that need to receive multicast traffic.
1109 Defaults to <literal>no</literal>.</para>
1110 </listitem>
1111 </varlistentry>
798d3a52
ZJS		 1112 </variablelist>
1113 </refsect1>
1114
e4a71bf3
WKI		 1115 <refsect1>
1116 <title>[Neighbor] Section Options</title>
bdac5608
ZJS		 1117 <para>A [Neighbor] section accepts the following keys. The neighbor section adds a permanent, static
1118 entry to the neighbor table (IPv6) or ARP table (IPv4) for the given hardware address on the links
1119 matched for the network. Specify several [Neighbor] sections to configure several static neighbors.
1120 </para>
e4a71bf3
WKI		 1121
1122 <variablelist class='network-directives'>
1123 <varlistentry>
1124 <term><varname>Address=</varname></term>
1125 <listitem>
1126 <para>The IP address of the neighbor.</para>
1127 </listitem>
1128 </varlistentry>
1129 <varlistentry>
b956364d 1130 <term><varname>LinkLayerAddress=</varname></term>
e4a71bf3 1131 <listitem>
b956364d 1132 <para>The link layer address (MAC address or IP address) of the neighbor.</para>
e4a71bf3
WKI		 1133 </listitem>
1134 </varlistentry>
1135 </variablelist>
1136 </refsect1>
1137
95b74ef6
SS		 1138 <refsect1>
1139 <title>[IPv6AddressLabel] Section Options</title>
1140
bdac5608
ZJS		 1141 <para>An [IPv6AddressLabel] section accepts the following keys. Specify several [IPv6AddressLabel]
1142 sections to configure several address labels. IPv6 address labels are used for address selection. See
1143 <ulink url="https://tools.ietf.org/html/rfc3484">RFC 3484</ulink>. Precedence is managed by userspace,
23243adf 1144 and only the label itself is stored in the kernel.</para>
95b74ef6
SS		 1145
1146 <variablelist class='network-directives'>
1147 <varlistentry>
1148 <term><varname>Label=</varname></term>
1149 <listitem>
e9dd6984
ZJS		 1150 <para>The label for the prefix, an unsigned integer in the range 0–4294967294.
1151 0xffffffff is reserved. This setting is mandatory.</para>
95b74ef6
SS		 1152 </listitem>
1153 </varlistentry>
1154 <varlistentry>
1155 <term><varname>Prefix=</varname></term>
1156 <listitem>
1157 <para>IPv6 prefix is an address with a prefix length, separated by a slash <literal>/</literal> character.
1158 This key is mandatory. </para>
1159 </listitem>
1160 </varlistentry>
1161 </variablelist>
1162 </refsect1>
1163
bce67bbe
SS		 1164 <refsect1>
1165 <title>[RoutingPolicyRule] Section Options</title>
1166
bdac5608 1167 <para>An [RoutingPolicyRule] section accepts the following keys. Specify several [RoutingPolicyRule]
bce67bbe
SS		 1168 sections to configure several rules.</para>
1169
1170 <variablelist class='network-directives'>
1171 <varlistentry>
1172 <term><varname>TypeOfService=</varname></term>
1173 <listitem>
e9dd6984 1174 <para>Takes a number between 0 and 255 that specifies the type of service to match.</para>
bce67bbe
SS		 1175 </listitem>
1176 </varlistentry>
1177 <varlistentry>
1178 <term><varname>From=</varname></term>
1179 <listitem>
1180 <para>Specifies the source address prefix to match. Possibly followed by a slash and the prefix length.</para>
1181 </listitem>
1182 </varlistentry>
1183 <varlistentry>
1184 <term><varname>To=</varname></term>
1185 <listitem>
1186 <para>Specifies the destination address prefix to match. Possibly followed by a slash and the prefix length.</para>
1187 </listitem>
1188 </varlistentry>
1189 <varlistentry>
1190 <term><varname>FirewallMark=</varname></term>
1191 <listitem>
cbdc9062
YW		 1192 <para>Specifies the iptables firewall mark value to match (a number between 1 and
1193 4294967295). Optionally, the firewall mask (also a number between 1 and 4294967295) can be
1194 suffixed with a slash (<literal>/</literal>), e.g., <literal>7/255</literal>.</para>
bce67bbe
SS		 1195 </listitem>
1196 </varlistentry>
1197 <varlistentry>
1198 <term><varname>Table=</varname></term>
1199 <listitem>
41b90a1e
YW		 1200 <para>Specifies the routing table identifier to lookup if the rule selector matches. Takes
1201 one of <literal>default</literal>, <literal>main</literal>, and <literal>local</literal>,
1202 or a number between 1 and 4294967295. Defaults to <literal>main</literal>.</para>
bce67bbe
SS		 1203 </listitem>
1204 </varlistentry>
1205 <varlistentry>
1206 <term><varname>Priority=</varname></term>
1207 <listitem>
1208 <para>Specifies the priority of this rule. <varname>Priority=</varname> is an unsigned
1209 integer. Higher number means lower priority, and rules get processed in order of increasing number.</para>
1210 </listitem>
1211 </varlistentry>
762e2659
SS		 1212 <varlistentry>
1213 <term><varname>IncomingInterface=</varname></term>
1214 <listitem>
1215 <para>Specifies incoming device to match. If the interface is loopback, the rule only matches packets originating from this host.</para>
1216 </listitem>
1217 </varlistentry>
1218 <varlistentry>
1219 <term><varname>OutgoingInterface=</varname></term>
1220 <listitem>
1221 <para>Specifies the outgoing device to match. The outgoing interface is only available for packets originating from local sockets that are bound to a device.</para>
1222 </listitem>
1223 </varlistentry>
926062f0
SS		 1224 <varlistentry>
1225 <term><varname>SourcePort=</varname></term>
1226 <listitem>
1227 <para>Specifies the source IP port or IP port range match in forwarding information base (FIB) rules.
1228 A port range is specified by the lower and upper port separated by a dash. Defaults to unset.</para>
1229 </listitem>
1230 </varlistentry>
1231 <varlistentry>
1232 <term><varname>DestinationPort=</varname></term>
1233 <listitem>
1234 <para>Specifies the destination IP port or IP port range match in forwarding information base (FIB) rules.
1235 A port range is specified by the lower and upper port separated by a dash. Defaults to unset.</para>
1236 </listitem>
1237 </varlistentry>
1238 <varlistentry>
97f9df9e 1239 <term><varname>IPProtocol=</varname></term>
926062f0 1240 <listitem>
3a269dcf
YW		 1241 <para>Specifies the IP protocol to match in forwarding information base (FIB) rules. Takes IP protocol name such as <literal>tcp</literal>,
1242 <literal>udp</literal> or <literal>sctp</literal>, or IP protocol number such as <literal>6</literal> for <literal>tcp</literal> or
1243 <literal>17</literal> for <literal>udp</literal>.
926062f0
SS		 1244 Defaults to unset.</para>
1245 </listitem>
1246 </varlistentry>
8b220643
SS		 1247 <varlistentry>
1248 <term><varname>InvertRule=</varname></term>
1249 <listitem>
53e1ba28 1250 <para>A boolean. Specifies whether the rule is to be inverted. Defaults to false.</para>
8b220643
SS		 1251 </listitem>
1252 </varlistentry>
f6c6ff97
YW		 1253 <varlistentry>
1254 <term><varname>Family=</varname></term>
1255 <listitem>
1256 <para>Takes a special value <literal>ipv4</literal>, <literal>ipv6</literal>, or
1257 <literal>both</literal>. By default, the address family is determined by the address
1258 specified in <varname>To=</varname> or <varname>From=</varname>. If neither
1259 <varname>To=</varname> nor <varname>From=</varname> are specified, then defaults to
1260 <literal>ipv4</literal>.</para>
1261 </listitem>
1262 </varlistentry>
ea471a46
YW		 1263 <varlistentry>
1264 <term><varname>User=</varname></term>
1265 <listitem>
1266 <para>Takes a username, a user ID, or a range of user IDs separated by a dash. Defaults to
1267 unset.</para>
1268 </listitem>
1269 </varlistentry>
53e1ba28
NF		 1270 <varlistentry>
1271 <term><varname>SuppressPrefixLength=</varname></term>
1272 <listitem>
1273 <para>Takes a number <replaceable>N</replaceable> in the range 0-128 and rejects routing
1274 decisions that have a prefix length of <replaceable>N</replaceable> or less. Defaults to
1275 unset.</para>
1276 </listitem>
1277 </varlistentry>
d7d1d18f
SS		 1278 <varlistentry>
1279 <term><varname>Type=</varname></term>
1280 <listitem>
1281 <para>Specifies Routing Policy Database (RPDB) rule type. Takes one of <literal>blackhole</literal>,
1282 <literal>unreachable</literal> or <literal>prohibit</literal>.
1283 </para>
1284 </listitem>
1285 </varlistentry>
bce67bbe 1286 </variablelist>
c16c7808
SS		 1287 </refsect1>
1288
1289 <refsect1>
1290 <title>[NextHop] Section Options</title>
e9dd6984
ZJS		 1291 <para>The [NextHop] section is used to manipulate entries in the kernel's "nexthop" tables. The
1292 [NextHop] section accepts the following keys. Specify several [NextHop] sections to configure several
1293 hops.</para>
c16c7808
SS		 1294
1295 <variablelist class='network-directives'>
1296 <varlistentry>
1297 <term><varname>Gateway=</varname></term>
1298 <listitem>
bdac5608 1299 <para>As in the [Network] section. This is mandatory.</para>
c16c7808
SS		 1300 </listitem>
1301 </varlistentry>
1302 <varlistentry>
1303 <term><varname>Id=</varname></term>
1304 <listitem>
1305 <para>The id of the nexthop (an unsigned integer). If unspecified or '0' then automatically chosen by kernel.</para>
1306 </listitem>
1307 </varlistentry>
1308 </variablelist>
bce67bbe
SS		 1309 </refsect1>
1310
798d3a52
ZJS		 1311 <refsect1>
1312 <title>[Route] Section Options</title>
bdac5608
ZJS		 1313 <para>The [Route] section accepts the following keys. Specify several [Route] sections to configure
1314 several routes.</para>
798d3a52
ZJS		 1315
1316 <variablelist class='network-directives'>
1317 <varlistentry>
1318 <term><varname>Gateway=</varname></term>
1319 <listitem>
d306d1d0 1320 <para>Takes the gateway address or the special values <literal>_dhcp4</literal> and
b8caa4ef
YW		 1321 <literal>_ipv6ra</literal>. If <literal>_dhcp4</literal> or <literal>_ipv6ra</literal> is
1322 set, then the gateway address provided by DHCPv4 or IPv6 RA is used.</para>
798d3a52
ZJS		 1323 </listitem>
1324 </varlistentry>
28959f7d 1325 <varlistentry>
9cb8c559 1326 <term><varname>GatewayOnLink=</varname></term>
28959f7d 1327 <listitem>
9b6ffef3 1328 <para>Takes a boolean. If set to true, the kernel does not have
28959f7d
SS		 1329 to check if the gateway is reachable directly by the current machine (i.e., the kernel does
1330 not need to check if the gateway is attached to the local network), so that we can insert the
9b6ffef3 1331 route in the kernel table without it being complained about. Defaults to <literal>no</literal>.
28959f7d
SS		 1332 </para>
1333 </listitem>
1334 </varlistentry>
798d3a52
ZJS		 1335 <varlistentry>
1336 <term><varname>Destination=</varname></term>
1337 <listitem>
1338 <para>The destination prefix of the route. Possibly
b938cb90 1339 followed by a slash and the prefix length. If omitted, a
798d3a52
ZJS		 1340 full-length host route is assumed.</para>
1341 </listitem>
1342 </varlistentry>
1343 <varlistentry>
1344 <term><varname>Source=</varname></term>
1345 <listitem>
1346 <para>The source prefix of the route. Possibly followed by
b938cb90 1347 a slash and the prefix length. If omitted, a full-length
798d3a52
ZJS		 1348 host route is assumed.</para>
1349 </listitem>
1350 </varlistentry>
1351 <varlistentry>
1352 <term><varname>Metric=</varname></term>
1353 <listitem>
b938cb90 1354 <para>The metric of the route (an unsigned integer).</para>
798d3a52
ZJS		 1355 </listitem>
1356 </varlistentry>
b5bf6f64
SS		 1357 <varlistentry>
1358 <term><varname>IPv6Preference=</varname></term>
1359 <listitem>
1360 <para>Specifies the route preference as defined in <ulink
e9dd6984
ZJS		 1361 url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink> for Router Discovery messages. Which
1362 can be one of <literal>low</literal> the route has a lowest priority, <literal>medium</literal>
1363 the route has a default priority or <literal>high</literal> the route has a highest priority.
1364 </para>
b5bf6f64
SS		 1365 </listitem>
1366 </varlistentry>
769b56a3
TG		 1367 <varlistentry>
1368 <term><varname>Scope=</varname></term>
1369 <listitem>
f5c38922
YW		 1370 <para>The scope of the route, which can be <literal>global</literal>, <literal>site</literal>,
1371 <literal>link</literal>, <literal>host</literal>, or <literal>nowhere</literal>. For IPv4 route,
1372 defaults to <literal>host</literal> if <varname>Type=</varname> is <literal>local</literal>
1373 or <literal>nat</literal>, and <literal>link</literal> if <varname>Type=</varname> is
1374 <literal>broadcast</literal>, <literal>multicast</literal>, or <literal>anycast</literal>.
1375 In other cases, defaults to <literal>global</literal>.</para>
769b56a3 1376 </listitem>
0d07e595
JK		 1377 </varlistentry>
1378 <varlistentry>
1379 <term><varname>PreferredSource=</varname></term>
1380 <listitem>
1381 <para>The preferred source address of the route. The address
1382 must be in the format described in
1383 <citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.</para>
1384 </listitem>
769b56a3 1385 </varlistentry>
c953b24c 1386 <varlistentry>
f5c38922 1387 <term><varname>Table=</varname></term>
c953b24c 1388 <listitem>
f5c38922
YW		 1389 <para>The table identifier for the route. Takes <literal>default</literal>,
1390 <literal>main</literal>, <literal>local</literal> or a number between 1 and 4294967295.
1391 The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>.
1392 If unset and <varname>Type=</varname> is <literal>local</literal>, <literal>broadcast</literal>,
1393 <literal>anycast</literal>, or <literal>nat</literal>, then <literal>local</literal> is used.
1394 In other cases, defaults to <literal>main</literal>.
c953b24c
SS		 1395 </para>
1396 </listitem>
1397 </varlistentry>
c83ecc04
SS		 1398 <varlistentry>
1399 <term><varname>Protocol=</varname></term>
1400 <listitem>
88925d2f 1401 <para>The protocol identifier for the route. Takes a number between 0 and 255 or the special values
ca420b62
YW		 1402 <literal>kernel</literal>, <literal>boot</literal>, <literal>static</literal>,
1403 <literal>ra</literal> and <literal>dhcp</literal>. Defaults to <literal>static</literal>.
c83ecc04
SS		 1404 </para>
1405 </listitem>
1406 </varlistentry>
983226f3
SS		 1407 <varlistentry>
1408 <term><varname>Type=</varname></term>
1409 <listitem>
94d6e299
YW		 1410 <para>Specifies the type for the route. Takes one of <literal>unicast</literal>,
1411 <literal>local</literal>, <literal>broadcast</literal>, <literal>anycast</literal>,
1412 <literal>multicast</literal>, <literal>blackhole</literal>, <literal>unreachable</literal>,
1413 <literal>prohibit</literal>, <literal>throw</literal>, <literal>nat</literal>, and
1414 <literal>xresolve</literal>. If <literal>unicast</literal>, a regular route is defined, i.e. a
66d7235e
LP		 1415 route indicating the path to take to a destination network address. If <literal>blackhole</literal>, packets
1416 to the defined route are discarded silently. If <literal>unreachable</literal>, packets to the defined route
1417 are discarded and the ICMP message "Host Unreachable" is generated. If <literal>prohibit</literal>, packets
1418 to the defined route are discarded and the ICMP message "Communication Administratively Prohibited" is
1419 generated. If <literal>throw</literal>, route lookup in the current routing table will fail and the route
1420 selection process will return to Routing Policy Database (RPDB). Defaults to <literal>unicast</literal>.
983226f3
SS		 1421 </para>
1422 </listitem>
1423 </varlistentry>
323d9329
SS		 1424 <varlistentry>
1425 <term><varname>InitialCongestionWindow=</varname></term>
1426 <listitem>
3cb7af5b
YW		 1427 <para>The TCP initial congestion window is used during the start of a TCP connection.
1428 During the start of a TCP session, when a client requests a resource, the server's initial
1429 congestion window determines how many packets will be sent during the initial burst of data
1430 without waiting for acknowledgement. Takes a number between 1 and 1023. Note that 100 is
1431 considered an extremely large value for this option. When unset, the kernel's default
1432 (typically 10) will be used.</para>
323d9329
SS		 1433 </listitem>
1434 </varlistentry>
1435 <varlistentry>
1436 <term><varname>InitialAdvertisedReceiveWindow=</varname></term>
1437 <listitem>
3cb7af5b
YW		 1438 <para>The TCP initial advertised receive window is the amount of receive data (in bytes)
1439 that can initially be buffered at one time on a connection. The sending host can send only
1440 that amount of data before waiting for an acknowledgment and window update from the
1441 receiving host. Takes a number between 1 and 1023. Note that 100 is considered an extremely
1442 large value for this option. When unset, the kernel's default will be used.</para>
323d9329
SS		 1443 </listitem>
1444 </varlistentry>
09f5dfad
SS		 1445 <varlistentry>
1446 <term><varname>QuickAck=</varname></term>
1447 <listitem>
9b6ffef3 1448 <para>Takes a boolean. When true enables TCP quick ack mode for the route. When unset, the kernel's default will be used.
09f5dfad
SS		 1449 </para>
1450 </listitem>
1451 </varlistentry>
633c7258
SS		 1452 <varlistentry>
1453 <term><varname>FastOpenNoCookie=</varname></term>
1454 <listitem>
1455 <para>Takes a boolean. When true enables TCP fastopen without a cookie on a per-route basis.
1456 When unset, the kernel's default will be used.
1457 </para>
1458 </listitem>
09f5dfad 1459 </varlistentry>
9b88f20a
SS		 1460 <varlistentry>
1461 <term><varname>TTLPropagate=</varname></term>
1462 <listitem>
1463 <para>Takes a boolean. When true enables TTL propagation at Label Switched Path (LSP) egress.
1464 When unset, the kernel's default will be used.
1465 </para>
1466 </listitem>
1467 </varlistentry>
cea79e66
SS		 1468 <varlistentry>
1469 <term><varname>MTUBytes=</varname></term>
1470 <listitem>
1471 <para>The maximum transmission unit in bytes to set for the
1472 route. The usual suffixes K, M, G, are supported and are
1473 understood to the base of 1024.</para>
1474 <para>Note that if IPv6 is enabled on the interface, and the MTU is chosen
1475 below 1280 (the minimum MTU for IPv6) it will automatically be increased to this value.</para>
1476 </listitem>
afe42aef
SC		 1477 </varlistentry>
1478 <varlistentry>
1479 <term><varname>IPServiceType=</varname></term>
1480 <listitem>
e681a2ee
YW		 1481 <para>Takes string; <literal>CS6</literal> or <literal>CS4</literal>. Used to set IP
1482 service type to CS6 (network control) or CS4 (Realtime). Defaults to CS6.</para>
afe42aef
SC		 1483 </listitem>
1484 </varlistentry>
007cac09
SS		 1485 <varlistentry>
1486 <term><varname>TCPAdvertisedMaximumSegmentSize=</varname></term>
1487 <listitem>
1488 <para>Specifies the Path MSS (in bytes) hints given on TCP layer. The usual suffixes K, M, G, are
1489 supported and are understood to the base of 1024. An unsigned integer in the range 1–4294967294.
1490 When unset, the kernel's default will be used.</para>
1491 </listitem>
1492 </varlistentry>
6ff5cc6b
YW		 1493 <varlistentry>
1494 <term><varname>MultiPathRoute=<replaceable>address</replaceable>[@<replaceable>name</replaceable>] [<replaceable>weight</replaceable>]</varname></term>
1495 <listitem>
1496 <para>Configures multipath route. Multipath routing is the technique of using multiple
1497 alternative paths through a network. Takes gateway address. Optionally, takes a network
1498 interface name or index separated with <literal>@</literal>, and a weight in 1..256 for
1499 this multipath route separated with whitespace. This setting can be specified multiple
1500 times. If an empty string is assigned, then the all previous assignments are cleared.</para>
1501 </listitem>
1502 </varlistentry>
798d3a52
ZJS		 1503 </variablelist>
1504 </refsect1>
1505
1506 <refsect1>
4f7331a8 1507 <title>[DHCPv4] Section Options</title>
bdac5608 1508 <para>The [DHCPv4] section configures the DHCPv4 client, if it is enabled with the
ad943783 1509 <varname>DHCP=</varname> setting described above:</para>
798d3a52
ZJS		 1510
1511 <variablelist class='network-directives'>
1512 <varlistentry>
1513 <term><varname>UseDNS=</varname></term>
1514 <listitem>
1515 <para>When true (the default), the DNS servers received
1516 from the DHCP server will be used and take precedence over
1517 any statically configured ones.</para>
e88d8021
ZJS		 1518
1519 <para>This corresponds to the <option>nameserver</option>
ad943783
LP		 1520 option in <citerefentry
1521 project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
798d3a52
ZJS		 1522 </listitem>
1523 </varlistentry>
a24e12f0
YW		 1524 <varlistentry>
1525 <term><varname>RoutesToDNS=</varname></term>
1526 <listitem>
1527 <para>When true, the routes to the DNS servers received from the DHCP server will be
1528 configured. When <varname>UseDNS=</varname> is disabled, this setting is ignored.
f7e7bb65 1529 Defaults to false.</para>
a24e12f0
YW		 1530 </listitem>
1531 </varlistentry>
301f4073
MM		 1532 <varlistentry>
1533 <term><varname>UseNTP=</varname></term>
1534 <listitem>
2a71d57f
LP		 1535 <para>When true (the default), the NTP servers received from the DHCP server will be used by
1536 <filename>systemd-timesyncd.service</filename> and take precedence over any statically configured
1537 ones.</para>
301f4073
MM		 1538 </listitem>
1539 </varlistentry>
299d578f
SS		 1540 <varlistentry>
1541 <term><varname>UseSIP=</varname></term>
1542 <listitem>
2a71d57f
LP		 1543 <para>When true (the default), the SIP servers received from the DHCP server will be collected
1544 and made available to client programs.</para>
299d578f
SS		 1545 </listitem>
1546 </varlistentry>
284e8fd0 1547
798d3a52
ZJS		 1548 <varlistentry>
1549 <term><varname>UseMTU=</varname></term>
1550 <listitem>
1551 <para>When true, the interface maximum transmission unit
1552 from the DHCP server will be used on the current link.
7169cdc8 1553 If <varname>MTUBytes=</varname> is set, then this setting is ignored.
95ab9eff 1554 Defaults to false.</para>
798d3a52
ZJS		 1555 </listitem>
1556 </varlistentry>
7585baa0 1557 <varlistentry>
1558 <term><varname>Anonymize=</varname></term>
1559 <listitem>
9b6ffef3 1560 <para>Takes a boolean. When true, the options sent to the DHCP server will
7585baa0 1561 follow the <ulink url="https://tools.ietf.org/html/rfc7844">RFC 7844</ulink>
1562 (Anonymity Profiles for DHCP Clients) to minimize disclosure of identifying information.
1563 Defaults to false.</para>
1564
1565 <para>This option should only be set to true when
1566 <varname>MACAddressPolicy=</varname> is set to <literal>random</literal>
1567 (see <citerefentry
1568 project='man-pages'><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>).</para>
1569
1570 <para>Note that this configuration will overwrite others.
1571 In concrete, the following variables will be ignored:
1572 <varname>SendHostname=</varname>, <varname>ClientIdentifier=</varname>,
da2076a1
TK		 1573 <varname>UseRoutes=</varname>, <varname>UseMTU=</varname>,
1574 <varname>VendorClassIdentifier=</varname>, <varname>UseTimezone=</varname>.</para>
fba10579
LP		 1575
1576 <para>With this option enabled DHCP requests will mimic those generated by Microsoft Windows, in
1577 order to reduce the ability to fingerprint and recognize installations. This means DHCP request
1578 sizes will grow and lease data will be more comprehensive than normally, though most of the
1579 requested data is not actually used.</para>
7585baa0 1580 </listitem>
1581 </varlistentry>
798d3a52
ZJS		 1582 <varlistentry>
1583 <term><varname>SendHostname=</varname></term>
1584 <listitem>
31ee3973
YW		 1585 <para>When true (the default), the machine's hostname will be sent to the DHCP server.
1586 Note that the machine's hostname must consist only of 7-bit ASCII lower-case characters and
1587 no spaces or dots, and be formatted as a valid DNS domain name. Otherwise, the hostname is not
cad8d671 1588 sent even if this is set to true.</para>
798d3a52
ZJS		 1589 </listitem>
1590 </varlistentry>
7b8d23a9
SS		 1591
1592 <varlistentry>
1593 <term><varname>MUDURL=</varname></term>
1594 <listitem>
0558f303
ZJS		 1595 <para>When configured, the specified Manufacturer Usage Description (MUD) URL will be sent to the
1596 DHCPv4 server. Takes a URL of length up to 255 characters. A superficial verification that the
1597 string is a valid URL will be performed. DHCPv4 clients are intended to have at most one MUD URL
1598 associated with them. See <ulink url="https://tools.ietf.org/html/rfc8520">RFC 8520</ulink>.
1599 </para>
1600
1601 <para>MUD is an embedded software standard defined by the IETF that allows IoT device makers to
1602 advertise device specifications, including the intended communication patterns for their device
1603 when it connects to the network. The network can then use this to author a context-specific
1604 access policy, so the device functions only within those parameters.</para>
7b8d23a9
SS		 1605 </listitem>
1606 </varlistentry>
1607
798d3a52
ZJS		 1608 <varlistentry>
1609 <term><varname>UseHostname=</varname></term>
1610 <listitem>
1611 <para>When true (the default), the hostname received from
31ee3973 1612 the DHCP server will be set as the transient hostname of the system.
d59be2cf 1613 </para>
798d3a52
ZJS		 1614 </listitem>
1615 </varlistentry>
1adc5d0b 1616 <varlistentry>
31ee3973
YW		 1617 <term><varname>Hostname=</varname></term>
1618 <listitem>
1619 <para>Use this value for the hostname which is sent to the DHCP server, instead of machine's hostname.
1620 Note that the specified hostname must consist only of 7-bit ASCII lower-case characters and
1621 no spaces or dots, and be formatted as a valid DNS domain name.</para>
1622 </listitem>
1623 </varlistentry>
798d3a52
ZJS		 1624 <varlistentry>
1625 <term><varname>UseDomains=</varname></term>
1626 <listitem>
9b6ffef3 1627 <para>Takes a boolean, or the special value <literal>route</literal>. When true, the domain name
b2a81c0b
LP		 1628 received from the DHCP server will be used as DNS search domain over this link, similar to the effect of
1629 the <option>Domains=</option> setting. If set to <literal>route</literal>, the domain name received from
1630 the DHCP server will be used for routing DNS queries only, but not for searching, similar to the effect of
1631 the <option>Domains=</option> setting when the argument is prefixed with <literal>~</literal>. Defaults to
1632 false.</para>
1633
1634 <para>It is recommended to enable this option only on trusted networks, as setting this affects resolution
38b38500 1635 of all hostnames, in particular of single-label names. It is generally safer to use the supplied domain
b2a81c0b
LP		 1636 only as routing domain, rather than as search domain, in order to not have it affect local resolution of
1637 single-label names.</para>
1638
1639 <para>When set to true, this setting corresponds to the <option>domain</option> option in <citerefentry
1640 project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
798d3a52
ZJS		 1641 </listitem>
1642 </varlistentry>
1643 <varlistentry>
1644 <term><varname>UseRoutes=</varname></term>
1645 <listitem>
d6eac9bd
DW		 1646 <para>When true (the default), the static routes will be requested from the DHCP server and added to the
1647 routing table with a metric of 1024, and a scope of "global", "link" or "host", depending on the route's
1648 destination and gateway. If the destination is on the local host, e.g., 127.x.x.x, or the same as the
1649 link's own address, the scope will be set to "host". Otherwise if the gateway is null (a direct route), a
1650 "link" scope will be used. For anything else, scope defaults to "global".</para>
798d3a52
ZJS		 1651 </listitem>
1652 </varlistentry>
b4531227
YW		 1653 <varlistentry>
1654 <term><varname>UseGateway=</varname></term>
1655 <listitem>
589397a2
DS		 1656 <para>When true, the gateway will be requested from the DHCP server and added to the routing table with a
1657 metric of 1024, and a scope of "link". When unset, the value specified with <option>UseRoutes=</option>
1658 is used.</para>
b4531227
YW		 1659 </listitem>
1660 </varlistentry>
ad943783
LP		 1661 <varlistentry>
1662 <term><varname>UseTimezone=</varname></term>
1663
1664 <listitem><para>When true, the timezone received from the
7f3fdb7f 1665 DHCP server will be set as timezone of the local
ad943783
LP		 1666 system. Defaults to <literal>no</literal>.</para></listitem>
1667 </varlistentry>
1668
3e43b2cd
JJ		 1669 <varlistentry>
1670 <term><varname>ClientIdentifier=</varname></term>
1671 <listitem>
dace710c
YW		 1672 <para>The DHCPv4 client identifier to use. Takes one of <literal>mac</literal>, <literal>duid</literal> or <literal>duid-only</literal>.
1673 If set to <literal>mac</literal>, the MAC address of the link is used.
1674 If set to <literal>duid</literal>, an RFC4361-compliant Client ID, which is the combination of IAID and DUID (see below), is used.
1675 If set to <literal>duid-only</literal>, only DUID is used, this may not be RFC compliant, but some setups may require to use this.
1676 Defaults to <literal>duid</literal>.</para>
3e43b2cd
JJ		 1677 </listitem>
1678 </varlistentry>
e2e08e77 1679
798d3a52
ZJS		 1680 <varlistentry>
1681 <term><varname>VendorClassIdentifier=</varname></term>
1682 <listitem>
1683 <para>The vendor class identifier used to identify vendor
1684 type and configuration.</para>
1685 </listitem>
1686 </varlistentry>
076ea6f6 1687
af1c0de0
SS		 1688 <varlistentry>
1689 <term><varname>UserClass=</varname></term>
1690 <listitem>
1691 <para>A DHCPv4 client can use UserClass option to identify the type or category of user or applications
1692 it represents. The information contained in this option is a string that represents the user class of which
1693 the client is a member. Each class sets an identifying string of information to be used by the DHCP
1694 service to classify clients. Takes a whitespace-separated list of strings.</para>
1695 </listitem>
1696 </varlistentry>
1697
715cedfb
SS		 1698 <varlistentry>
1699 <term><varname>MaxAttempts=</varname></term>
1700 <listitem>
1701 <para>Specifies how many times the DHCPv4 client configuration should be attempted. Takes a
573b02f5
ZJS		 1702 number or <literal>infinity</literal>. Defaults to <literal>infinity</literal>. Note that the
1703 time between retries is increased exponentially, up to approximately one per minute, so the
0107b769
ZJS		 1704 network will not be overloaded even if this number is high. The default is suitable in most
1705 circumstances.</para>
715cedfb
SS		 1706 </listitem>
1707 </varlistentry>
1708
e2e08e77
ZJS		 1709 <varlistentry>
1710 <term><varname>DUIDType=</varname></term>
1711 <listitem>
1712 <para>Override the global <varname>DUIDType</varname> setting for this network. See
1713 <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1714 for a description of possible values.</para>
1715 </listitem>
1716 </varlistentry>
076ea6f6 1717
e2e08e77
ZJS		 1718 <varlistentry>
1719 <term><varname>DUIDRawData=</varname></term>
1720 <listitem>
1721 <para>Override the global <varname>DUIDRawData</varname> setting for this network. See
1722 <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
1723 for a description of possible values.</para>
076ea6f6
LP		 1724 </listitem>
1725 </varlistentry>
e2e08e77 1726
d05def16
LP		 1727 <varlistentry>
1728 <term><varname>IAID=</varname></term>
1729 <listitem>
1730 <para>The DHCP Identity Association Identifier (IAID) for the interface, a 32-bit unsigned integer.</para>
1731 </listitem>
1732 </varlistentry>
1733
798d3a52
ZJS		 1734 <varlistentry>
1735 <term><varname>RequestBroadcast=</varname></term>
1736 <listitem>
1737 <para>Request the server to use broadcast messages before
1738 the IP address has been configured. This is necessary for
1739 devices that cannot receive RAW packets, or that cannot
1740 receive packets at all before an IP address has been
1741 configured. On the other hand, this must not be enabled on
1742 networks where broadcasts are filtered out.</para>
1743 </listitem>
1744 </varlistentry>
e2e08e77 1745
798d3a52
ZJS		 1746 <varlistentry>
1747 <term><varname>RouteMetric=</varname></term>
1748 <listitem>
1bf1bfd9 1749 <para>Set the routing metric for routes specified by the DHCP server. Defaults to 1024.</para>
798d3a52
ZJS		 1750 </listitem>
1751 </varlistentry>
f594276b
JK		 1752
1753 <varlistentry>
1754 <term><varname>RouteTable=<replaceable>num</replaceable></varname></term>
1755 <listitem>
d11e656a 1756 <para>The table identifier for DHCP routes (a number between 1 and 4294967295, or 0 to unset).
f594276b
JK		 1757 The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>.
1758 </para>
e9dd6984
ZJS		 1759 <para>When used in combination with <varname>VRF=</varname>, the
1760 VRF's routing table is used when this parameter is not specified.
917b2260 1761 </para>
f594276b
JK		 1762 </listitem>
1763 </varlistentry>
9faed222 1764
c695dcf9
SS		 1765 <varlistentry>
1766 <term><varname>RouteMTUBytes=</varname></term>
1767 <listitem>
1768 <para>Specifies the MTU for the DHCP routes. Please see the [Route] section for further details.</para>
1769 </listitem>
1770 </varlistentry>
1771
9faed222
SS		 1772 <varlistentry>
1773 <term><varname>ListenPort=</varname></term>
1774 <listitem>
1775 <para>Allow setting custom port for the DHCP client to listen on.</para>
1776 </listitem>
1777 </varlistentry>
fb5c8216 1778
d6463307
SS		 1779 <varlistentry>
1780 <term><varname>FallbackLeaseLifetimeSec=</varname></term>
1781 <listitem>
1782 <para>Allows to set DHCPv4 lease lifetime when DHCPv4 server does not send the lease lifetime.
1783 Takes one of <literal>forever</literal> or <literal>infinity</literal> means that the address
1784 never expires. Defaults to unset.</para>
1785 </listitem>
1786 </varlistentry>
1787
1501b429
SS		 1788 <varlistentry>
1789 <term><varname>SendRelease=</varname></term>
1790 <listitem>
1791 <para>When true, the DHCPv4 client sends a DHCP release packet when it stops.
5f3b5f19 1792 Defaults to true.</para>
1501b429
SS		 1793 </listitem>
1794 </varlistentry>
1795
0f3ff4ea
SS		 1796 <varlistentry>
1797 <term><varname>SendDecline=</varname></term>
1798 <listitem>
e9dd6984
ZJS		 1799 <para>A boolean. When <literal>true</literal>, the DHCPv4 client receives the IP address from the
1800 DHCP server. After a new IP is received, the DHCPv4 client performs IPv4 Duplicate Address
1801 Detection. If duplicate use is detected, the DHCPv4 client rejects the IP by sending a
1802 DHCPDECLINE packet and tries to obtain an IP address again. See <ulink
1803 url="https://tools.ietf.org/html/rfc5227">RFC 5224</ulink>. Defaults to
1804 <literal>unset</literal>.</para>
0f3ff4ea
SS		 1805 </listitem>
1806 </varlistentry>
1807
caa8ca42 1808 <varlistentry>
6b000af4 1809 <term><varname>DenyList=</varname></term>
5bc945be 1810 <listitem>
98ebef62
SS		 1811 <para>A whitespace-separated list of IPv4 addresses. DHCP offers from servers in the list are rejected. Note that
1812 if <varname>AllowList=</varname> is configured then <varname>DenyList=</varname> is ignored.</para>
1813 </listitem>
1814 </varlistentry>
1815
1816 <varlistentry>
1817 <term><varname>AllowList=</varname></term>
1818 <listitem>
1819 <para>A whitespace-separated list of IPv4 addresses. DHCP offers from servers in the list are accepted.</para>
5bc945be
SS		 1820 </listitem>
1821 </varlistentry>
1822
1823 <varlistentry>
1824 <term><varname>RequestOptions=</varname></term>
caa8ca42 1825 <listitem>
35f6a5cb
SS		 1826 <para>When configured, allows to set arbitrary request options in the DHCPv4 request options list and will be
1827 sent to the DHCPV4 server. A whitespace-separated list of integers in the range 1..254. Defaults to unset.</para>
caa8ca42
SS		 1828 </listitem>
1829 </varlistentry>
1830
cb29c156 1831 <varlistentry>
864edb39 1832 <term><varname>SendOption=</varname></term>
cb29c156 1833 <listitem>
7354900d
DW		 1834 <para>Send an arbitrary raw option in the DHCPv4 request. Takes a DHCP option number, data type
1835 and data separated with a colon
1836 (<literal><replaceable>option</replaceable>:<replaceable>type</replaceable>:<replaceable>value</replaceable></literal>).
1837 The option number must be an integer in the range 1..254. The type takes one of <literal>uint8</literal>,
1838 <literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, or
1839 <literal>string</literal>. Special characters in the data string may be escaped using
1840 <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
1841 escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
1842 then all options specified earlier are cleared. Defaults to unset.</para>
1843 </listitem>
1844 </varlistentry>
1845
1846 <varlistentry>
1847 <term><varname>SendVendorOption=</varname></term>
1848 <listitem>
1849 <para>Send an arbitrary vendor option in the DHCPv4 request. Takes a DHCP option number, data type
d8b736bd
YW		 1850 and data separated with a colon
1851 (<literal><replaceable>option</replaceable>:<replaceable>type</replaceable>:<replaceable>value</replaceable></literal>).
11fcfc53 1852 The option number must be an integer in the range 1..254. The type takes one of <literal>uint8</literal>,
d8b736bd
YW		 1853 <literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, or
1854 <literal>string</literal>. Special characters in the data string may be escaped using
a2cc708a 1855 <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
d8b736bd 1856 escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
a2cc708a 1857 then all options specified earlier are cleared. Defaults to unset.</para>
cb29c156
SS		 1858 </listitem>
1859 </varlistentry>
caa8ca42
SS		 1860 </variablelist>
1861 </refsect1>
1862
1863 <refsect1>
1864 <title>[DHCPv6] Section Options</title>
bdac5608 1865 <para>The [DHCPv6] section configures the DHCPv6 client, if it is enabled with the
4f7331a8 1866 <varname>DHCP=</varname> setting described above, or invoked by the IPv6 Router Advertisement:</para>
caa8ca42
SS		 1867
1868 <variablelist class='network-directives'>
1536b7b2
YW		 1869 <varlistentry>
1870 <term><varname>UseAddress=</varname></term>
1871 <listitem>
1872 <para>When true (the default), the IP addresses provided by the DHCPv6 server will be
1873 assigned.</para>
1874 </listitem>
1875 </varlistentry>
1876
caa8ca42
SS		 1877 <varlistentry>
1878 <term><varname>UseDNS=</varname></term>
1879 <term><varname>UseNTP=</varname></term>
1880 <listitem>
bdac5608 1881 <para>As in the [DHCPv4] section.</para>
caa8ca42
SS		 1882 </listitem>
1883 </varlistentry>
1884
1bf1bfd9
YW		 1885 <varlistentry>
1886 <term><varname>RouteMetric=</varname></term>
1887 <listitem>
1888 <para>Set the routing metric for routes specified by the DHCP server. Defaults to 1024.</para>
1889 </listitem>
1890 </varlistentry>
1891
fb5c8216
SS		 1892 <varlistentry>
1893 <term><varname>RapidCommit=</varname></term>
1894 <listitem>
9b6ffef3 1895 <para>Takes a boolean. The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through
fb5c8216
SS		 1896 a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both
1897 the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default
e9dd6984 1898 four-message exchange (solicit, advertise, request, and reply). The two-message exchange provides
fb5c8216
SS		 1899 faster client configuration and is beneficial in environments in which networks are under a heavy load.
1900 See <ulink url="https://tools.ietf.org/html/rfc3315#section-17.2.1">RFC 3315</ulink> for details.
1901 Defaults to true.</para>
1902 </listitem>
1903 </varlistentry>
1904
3175a8c2
SS		 1905 <varlistentry>
1906 <term><varname>MUDURL=</varname></term>
1907 <listitem>
0558f303
ZJS		 1908 <para>When configured, the specified Manufacturer Usage Description (MUD) URL will be sent to
1909 the DHCPV6 server. The syntax and semantics are the same as for <varname>MUDURL=</varname> in the
1910 [DHCPv4] section described above.</para>
3175a8c2
SS		 1911 </listitem>
1912 </varlistentry>
1913
35f6a5cb
SS		 1914 <varlistentry>
1915 <term><varname>RequestOptions=</varname></term>
1916 <listitem>
885a4e6c
ZJS		 1917 <para>When configured, allows to set arbitrary request options in the DHCPv6 request options list
1918 that will be sent to the DHCPV6 server. A whitespace-separated list of integers in the range
1919 1..254. Defaults to unset.</para>
35f6a5cb
SS		 1920 </listitem>
1921 </varlistentry>
1922
b4ccc5de
SS		 1923 <varlistentry>
1924 <term><varname>SendVendorOption=</varname></term>
1925 <listitem>
e9dd6984
ZJS		 1926 <para>Send an arbitrary vendor option in the DHCPv6 request. Takes an enterprise identifier, DHCP
1927 option number, data type, and data separated with a colon (<literal><replaceable>enterprise
1928 identifier</replaceable>:<replaceable>option</replaceable>:<replaceable>type</replaceable>:
1929 <replaceable>value</replaceable></literal>). Enterprise identifier is an unsigned integer in the
1930 range 1–4294967294. The option number must be an integer in the range 1–254. Data type takes one
1931 of <literal>uint8</literal>, <literal>uint16</literal>, <literal>uint32</literal>,
1932 <literal>ipv4address</literal>, <literal>ipv6address</literal>, or
1933 <literal>string</literal>. Special characters in the data string may be escaped using <ulink
1934 url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
b4ccc5de
SS		 1935 escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
1936 then all options specified earlier are cleared. Defaults to unset.</para>
1937 </listitem>
1938 </varlistentry>
1939
125f20b4
PF		 1940 <varlistentry>
1941 <term><varname>ForceDHCPv6PDOtherInformation=</varname></term>
1942 <listitem>
9b6ffef3 1943 <para>Takes a boolean that enforces DHCPv6 stateful mode when the 'Other information' bit is set in
125f20b4
PF		 1944 Router Advertisement messages. By default setting only the 'O' bit in Router Advertisements
1945 makes DHCPv6 request network information in a stateless manner using a two-message Information
1946 Request and Information Reply message exchange.
1947 <ulink url="https://tools.ietf.org/html/rfc7084">RFC 7084</ulink>, requirement WPD-4, updates
1948 this behavior for a Customer Edge router so that stateful DHCPv6 Prefix Delegation is also
1949 requested when only the 'O' bit is set in Router Advertisements. This option enables such a CE
1950 behavior as it is impossible to automatically distinguish the intention of the 'O' bit otherwise.
1951 By default this option is set to 'false', enable it if no prefixes are delegated when the device
1952 should be acting as a CE router.</para>
1953 </listitem>
1954 </varlistentry>
1955
2805536b
SS		 1956 <varlistentry>
1957 <term><varname>PrefixDelegationHint=</varname></term>
1958 <listitem>
e9dd6984
ZJS		 1959 <para>Takes an IPv6 address with prefix length in the same format as the
1960 <varname>Address=</varname> in the [Network] section. The DHCPv6 client will include a prefix
1961 hint in the DHCPv6 solicitation sent to the server. The prefix length must be in the range
1962 1–128. Defaults to unset.</para>
2805536b
SS		 1963 </listitem>
1964 </varlistentry>
cd305af1
SS		 1965
1966 <varlistentry>
1967 <term><varname>WithoutRA=</varname></term>
1968 <listitem>
e9dd6984
ZJS		 1969 <para>Allows DHCPv6 client to start without router advertisements's managed or other address
1970 configuration flag. Takes one of <literal>solicit</literal> or
1971 <literal>information-request</literal>. Defaults to unset.</para>
cd305af1
SS		 1972 </listitem>
1973 </varlistentry>
e7d5fe17
AD		 1974
1975 <varlistentry>
1976 <term><varname>SendOption=</varname></term>
1977 <listitem>
bdac5608 1978 <para>As in the [DHCPv4] section, however because DHCPv6 uses 16-bit fields to store
e7d5fe17
AD		 1979 option numbers, the option number is an integer in the range 1..65536.</para>
1980 </listitem>
1981 </varlistentry>
f37f2a6b
SS		 1982
1983 <varlistentry>
1984 <term><varname>UserClass=</varname></term>
1985 <listitem>
1986 <para>A DHCPv6 client can use User Class option to identify the type or category of user or applications
1987 it represents. The information contained in this option is a string that represents the user class of which
1988 the client is a member. Each class sets an identifying string of information to be used by the DHCP
1989 service to classify clients. Special characters in the data string may be escaped using
1990 <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
1991 escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
1992 then all options specified earlier are cleared. Takes a whitespace-separated list of strings. Note that
6b44ad0b 1993 currently <constant>NUL</constant> bytes are not allowed.</para>
f37f2a6b
SS		 1994 </listitem>
1995 </varlistentry>
ed0d1b2e
SS		 1996
1997 <varlistentry>
1998 <term><varname>VendorClass=</varname></term>
1999 <listitem>
2000 <para>A DHCPv6 client can use VendorClass option to identify the vendor that
2001 manufactured the hardware on which the client is running. The information
2002 contained in the data area of this option is contained in one or more opaque
2003 fields that identify details of the hardware configuration. Takes a
2004 whitespace-separated list of strings.</para>
2005 </listitem>
2006 </varlistentry>
ad943783 2007 </variablelist>
caa8ca42 2008 </refsect1>
99e015e2
YW		 2009
2010 <refsect1>
2011 <title>[DHCPv6PrefixDelegation] Section Options</title>
e5ff2245
YW		 2012 <para>The [DHCPv6PrefixDelegation] section configures delegated prefixes assigned by DHCPv6 server.
2013 The settings in this section are used only when <varname>DHCPv6PrefixDelegation=</varname> setting
2014 is enabled.</para>
99e015e2
YW		 2015
2016 <variablelist class='network-directives'>
2017 <varlistentry>
2018 <term><varname>SubnetId=</varname></term>
2019 <listitem>
2020 <para>Configure a specific subnet ID on the interface from a (previously) received prefix
2021 delegation. You can either set "auto" (the default) or a specific subnet ID (as defined in
2022 <ulink url="https://tools.ietf.org/html/rfc4291#section-2.5.4">RFC 4291</ulink>, section
2023 2.5.4), in which case the allowed value is hexadecimal, from 0 to 0x7fffffffffffffff
e5ff2245
YW		 2024 inclusive.</para>
2025 </listitem>
2026 </varlistentry>
2027
2028 <varlistentry>
2029 <term><varname>Announce=</varname></term>
2030 <listitem>
2031 <para>Takes a boolean. When enabled, and <varname>IPv6SendRA=</varname> in [Network] section
2032 is enabled, the delegated prefixes are distributed through the IPv6 Router Advertisement.
2033 Defaults to yes.</para>
99e015e2
YW		 2034 </listitem>
2035 </varlistentry>
2036
2037 <varlistentry>
2038 <term><varname>Assign=</varname></term>
2039 <listitem>
2040 <para>Takes a boolean. Specifies whether to add an address from the delegated prefixes which
e5ff2245
YW		 2041 are received from the WAN interface by the DHCPv6 Prefix Delegation. When true (on LAN
2042 interfce), the EUI-64 algorithm will be used by default to form an interface identifier from
2043 the delegated prefixes. See also <varname>Token=</varname> setting below. Defaults to yes.
2044 </para>
99e015e2
YW		 2045 </listitem>
2046 </varlistentry>
2047
2048 <varlistentry>
2049 <term><varname>Token=</varname></term>
2050 <listitem>
e5ff2245
YW		 2051 <para>Specifies an optional address generation mode for assigning an address in each
2052 delegated prefix. Takes an IPv6 address. When set, the lower bits of the supplied address is
2053 combined with the upper bits of each delegatad prefix received from the WAN interface by the
2054 DHCPv6 Prefix Delegation to form a complete address. When <varname>Assign=</varname> is
2055 disabled, this setting is ignored. When unset, the EUI-64 algorithm will be used to form
2056 addresses. Defaults to unset.</para>
99e015e2
YW		 2057 </listitem>
2058 </varlistentry>
2059 </variablelist>
2060 </refsect1>
413708d1 2061
1e7a0e21 2062 <refsect1>
f921f573 2063 <title>[IPv6AcceptRA] Section Options</title>
bdac5608
ZJS		 2064 <para>The [IPv6AcceptRA] section configures the IPv6 Router Advertisement (RA) client, if it is enabled
2065 with the <varname>IPv6AcceptRA=</varname> setting described above:</para>
1e7a0e21
LP		 2066
2067 <variablelist class='network-directives'>
2068 <varlistentry>
2069 <term><varname>UseDNS=</varname></term>
2070 <listitem>
2071 <para>When true (the default), the DNS servers received in the Router Advertisement will be used and take
2072 precedence over any statically configured ones.</para>
2073
2074 <para>This corresponds to the <option>nameserver</option> option in <citerefentry
2075 project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
2076 </listitem>
2077 </varlistentry>
2078
2079 <varlistentry>
2080 <term><varname>UseDomains=</varname></term>
2081 <listitem>
9b6ffef3 2082 <para>Takes a boolean, or the special value <literal>route</literal>. When true, the domain name
1e7a0e21
LP		 2083 received via IPv6 Router Advertisement (RA) will be used as DNS search domain over this link, similar to
2084 the effect of the <option>Domains=</option> setting. If set to <literal>route</literal>, the domain name
2085 received via IPv6 RA will be used for routing DNS queries only, but not for searching, similar to the
2086 effect of the <option>Domains=</option> setting when the argument is prefixed with
2087 <literal>~</literal>. Defaults to false.</para>
2088
2089 <para>It is recommended to enable this option only on trusted networks, as setting this affects resolution
38b38500 2090 of all hostnames, in particular of single-label names. It is generally safer to use the supplied domain
1e7a0e21
LP		 2091 only as routing domain, rather than as search domain, in order to not have it affect local resolution of
2092 single-label names.</para>
2093
2094 <para>When set to true, this setting corresponds to the <option>domain</option> option in <citerefentry
2095 project='man-pages'><refentrytitle>resolv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
2096 </listitem>
2097 </varlistentry>
2ba31d29
JK		 2098
2099 <varlistentry>
2100 <term><varname>RouteTable=<replaceable>num</replaceable></varname></term>
2101 <listitem>
d11e656a
ZJS		 2102 <para>The table identifier for the routes received in the Router Advertisement
2103 (a number between 1 and 4294967295, or 0 to unset).
2ba31d29
JK		 2104 The table can be retrieved using <command>ip route show table <replaceable>num</replaceable></command>.
2105 </para>
2106 </listitem>
2107 </varlistentry>
062c2eea
SS		 2108
2109 <varlistentry>
2110 <term><varname>UseAutonomousPrefix=</varname></term>
2111 <listitem>
2112 <para>When true (the default), the autonomous prefix received in the Router Advertisement will be used and take
2113 precedence over any statically configured ones.</para>
2114 </listitem>
2115 </varlistentry>
2116
2117 <varlistentry>
2118 <term><varname>UseOnLinkPrefix=</varname></term>
2119 <listitem>
885a4e6c
ZJS		 2120 <para>When true (the default), the onlink prefix received in the Router Advertisement will be
2121 used and takes precedence over any statically configured ones.</para>
062c2eea
SS		 2122 </listitem>
2123 </varlistentry>
2124
75d26411
YW		 2125 <varlistentry>
2126 <term><varname>RouterDenyList=</varname></term>
2127 <listitem>
2128 <para>A whitespace-separated list of IPv6 router addresses. Any information advertised by
2129 the listed router is ignored.</para>
2130 </listitem>
2131 </varlistentry>
2132
2133 <varlistentry>
2134 <term><varname>RouterAllowList=</varname></term>
2135 <listitem>
2136 <para>A whitespace-separated list of IPv6 router addresses. Only information advertised by
2137 the listed router is accepted. Note that if <varname>RouterAllowList=</varname> is
2138 configured then <varname>RouterDenyList=</varname> is ignored.</para>
2139 </listitem>
2140 </varlistentry>
2141
e520ce64 2142 <varlistentry>
3f0af4a5 2143 <term><varname>PrefixDenyList=</varname></term>
e520ce64 2144 <listitem>
16c89e64
DP		 2145 <para>A whitespace-separated list of IPv6 prefixes. IPv6 prefixes supplied via router
2146 advertisements in the list are ignored.</para>
2147 </listitem>
2148 </varlistentry>
2149
de6b6ff8
SS		 2150 <varlistentry>
2151 <term><varname>PrefixAllowList=</varname></term>
2152 <listitem>
2153 <para>A whitespace-separated list of IPv6 prefixes. IPv6 prefixes supplied via router
2154 advertisements in the list are allowed. Note that if <varname>PrefixAllowList=</varname> is
2155 configured then <varname>PrefixDenyList=</varname> is ignored.</para>
2156 </listitem>
2157 </varlistentry>
2158
16c89e64
DP		 2159 <varlistentry>
2160 <term><varname>RouteDenyList=</varname></term>
2161 <listitem>
2162 <para>A whitespace-separated list of IPv6 route prefixes. IPv6 route prefixes supplied via
2163 router advertisements in the list are ignored.</para>
e520ce64
SS		 2164 </listitem>
2165 </varlistentry>
2166
de6b6ff8
SS		 2167 <varlistentry>
2168 <term><varname>RouteAllowList=</varname></term>
2169 <listitem>
2170 <para>A whitespace-separated list of IPv6 route prefixes. IPv6 route prefixes supplied via
2171 router advertisements in the list are allowed. Note that if <varname>RouteAllowList=</varname> is
2172 configured then <varname>RouteDenyList=</varname> is ignored.</para>
2173 </listitem>
2174 </varlistentry>
2175
d739fdde
YW		 2176 <varlistentry>
2177 <term><varname>DHCPv6Client=</varname></term>
2178 <listitem>
0e686fea
YW		 2179 <para>Takes a boolean, or the special value <literal>always</literal>. When true or
2180 <literal>always</literal>, the DHCPv6 client will be started when the RA has the managed or
2181 other information flag. If set to <literal>always</literal>, the DHCPv6 client will also be
2182 started in managed mode when neither managed nor other information flag is set in the RA.
2183 Defaults to true.</para>
d739fdde
YW		 2184 </listitem>
2185 </varlistentry>
1e7a0e21
LP		 2186 </variablelist>
2187 </refsect1>
2188
ad943783
LP		 2189 <refsect1>
2190 <title>[DHCPServer] Section Options</title>
bdac5608 2191 <para>The [DHCPServer] section contains settings for the DHCP server, if enabled via the
ad943783
LP		 2192 <varname>DHCPServer=</varname> option described above:</para>
2193
2194 <variablelist class='network-directives'>
2195
9b3a67c5
TG		 2196 <varlistentry>
2197 <term><varname>PoolOffset=</varname></term>
2198 <term><varname>PoolSize=</varname></term>
2199
2200 <listitem><para>Configures the pool of addresses to hand out. The pool
2201 is a contiguous sequence of IP addresses in the subnet configured for
2202 the server address, which does not include the subnet nor the broadcast
2203 address. <varname>PoolOffset=</varname> takes the offset of the pool
2204 from the start of subnet, or zero to use the default value.
2205 <varname>PoolSize=</varname> takes the number of IP addresses in the
b938cb90 2206 pool or zero to use the default value. By default, the pool starts at
9b3a67c5
TG		 2207 the first address after the subnet address and takes up the rest of
2208 the subnet, excluding the broadcast address. If the pool includes
2209 the server address (the default), this is reserved and not handed
2210 out to clients.</para></listitem>
2211 </varlistentry>
2212
ad943783
LP		 2213 <varlistentry>
2214 <term><varname>DefaultLeaseTimeSec=</varname></term>
2215 <term><varname>MaxLeaseTimeSec=</varname></term>
2216
2217 <listitem><para>Control the default and maximum DHCP lease
2218 time to pass to clients. These settings take time values in seconds or
2219 another common time unit, depending on the suffix. The default
2220 lease time is used for clients that did not ask for a specific
2221 lease time. If a client asks for a lease time longer than the
b938cb90 2222 maximum lease time, it is automatically shortened to the
ad943783
LP		 2223 specified time. The default lease time defaults to 1h, the
2224 maximum lease time to 12h. Shorter lease times are beneficial
2225 if the configuration data in DHCP leases changes frequently
2226 and clients shall learn the new settings with shorter
2227 latencies. Longer lease times reduce the generated DHCP
2228 network traffic.</para></listitem>
2229 </varlistentry>
2230
2231 <varlistentry>
2232 <term><varname>EmitDNS=</varname></term>
2233 <term><varname>DNS=</varname></term>
2234
2a71d57f
LP		 2235 <listitem><para><varname>EmitDNS=</varname> takes a boolean. Configures whether the DHCP leases
2236 handed out to clients shall contain DNS server information. Defaults to <literal>yes</literal>. The
2237 DNS servers to pass to clients may be configured with the <varname>DNS=</varname> option, which takes
2238 a list of IPv4 addresses. If the <varname>EmitDNS=</varname> option is enabled but no servers
2239 configured, the servers are automatically propagated from an "uplink" interface that has appropriate
2240 servers set. The "uplink" interface is determined by the default route of the system with the highest
2241 priority. Note that this information is acquired at the time the lease is handed out, and does not
2242 take uplink interfaces into account that acquire DNS server information at a later point. If no
2243 suitable uplinkg interface is found the DNS server data from <filename>/etc/resolv.conf</filename> is
2244 used. Also, note that the leases are not refreshed if the uplink network configuration changes. To
2245 ensure clients regularly acquire the most current uplink DNS server information, it is thus advisable
2246 to shorten the DHCP lease time via <varname>MaxLeaseTimeSec=</varname> described
ad943783
LP		 2247 above.</para></listitem>
2248 </varlistentry>
2249
2250 <varlistentry>
2251 <term><varname>EmitNTP=</varname></term>
2252 <term><varname>NTP=</varname></term>
299d578f
SS		 2253 <term><varname>EmitSIP=</varname></term>
2254 <term><varname>SIP=</varname></term>
2a71d57f
LP		 2255 <term><varname>EmitPOP3=</varname></term>
2256 <term><varname>POP3=</varname></term>
2257 <term><varname>EmitSMTP=</varname></term>
2258 <term><varname>SMTP=</varname></term>
2259 <term><varname>EmitLPR=</varname></term>
2260 <term><varname>LPR=</varname></term>
2261
2262 <listitem><para>Similar to the <varname>EmitDNS=</varname> and <varname>DNS=</varname> settings
2263 described above, these settings configure whether and what server information for the indicate
2264 protocol shall be emitted as part of the DHCP lease. The same syntax, propagation semantics and
2265 defaults apply as for <varname>EmitDNS=</varname> and <varname>DNS=</varname>.</para></listitem>
284e8fd0
SS		 2266 </varlistentry>
2267
77ff6022
CG		 2268 <varlistentry>
2269 <term><varname>EmitRouter=</varname></term>
2270
2271 <listitem><para>Similar to the <varname>EmitDNS=</varname>
2272 setting described above, this setting configures whether the
2273 DHCP lease should contain the router option. The same syntax,
2274 propagation semantics and defaults apply as for
2275 <varname>EmitDNS=</varname>.</para></listitem>
2276 </varlistentry>
2277
ad943783
LP		 2278 <varlistentry>
2279 <term><varname>EmitTimezone=</varname></term>
2280 <term><varname>Timezone=</varname></term>
2281
9b6ffef3
YW		 2282 <listitem><para>Takes a boolean. Configures whether the DHCP leases handed out
2283 to clients shall contain timezone information. Defaults to <literal>yes</literal>. The
ad943783
LP		 2284 <varname>Timezone=</varname> setting takes a timezone string
2285 (such as <literal>Europe/Berlin</literal> or
2286 <literal>UTC</literal>) to pass to clients. If no explicit
b938cb90 2287 timezone is set, the system timezone of the local host is
ad943783
LP		 2288 propagated, as determined by the
2289 <filename>/etc/localtime</filename> symlink.</para></listitem>
2290 </varlistentry>
2291
564ca984 2292 <varlistentry>
d8b736bd
YW		 2293 <term><varname>SendOption=</varname></term>
2294 <listitem>
2295 <para>Send a raw option with value via DHCPv4 server. Takes a DHCP option number, data type
2296 and data (<literal><replaceable>option</replaceable>:<replaceable>type</replaceable>:<replaceable>value</replaceable></literal>).
2297 The option number is an integer in the range 1..254. The type takes one of <literal>uint8</literal>,
e7d5fe17 2298 <literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, <literal>ipv6address</literal>, or
7354900d
DW		 2299 <literal>string</literal>. Special characters in the data string may be escaped using
2300 <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
2301 escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
2302 then all options specified earlier are cleared. Defaults to unset.</para>
2303 </listitem>
2304 </varlistentry>
2305
2306 <varlistentry>
2307 <term><varname>SendVendorOption=</varname></term>
2308 <listitem>
2309 <para>Send a vendor option with value via DHCPv4 server. Takes a DHCP option number, data type
2310 and data (<literal><replaceable>option</replaceable>:<replaceable>type</replaceable>:<replaceable>value</replaceable></literal>).
2311 The option number is an integer in the range 1..254. The type takes one of <literal>uint8</literal>,
d8b736bd
YW		 2312 <literal>uint16</literal>, <literal>uint32</literal>, <literal>ipv4address</literal>, or
2313 <literal>string</literal>. Special characters in the data string may be escaped using
2314 <ulink url="https://en.wikipedia.org/wiki/Escape_sequences_in_C#Table_of_escape_sequences">C-style
2315 escapes</ulink>. This setting can be specified multiple times. If an empty string is specified,
2316 then all options specified earlier are cleared. Defaults to unset.</para>
2317 </listitem>
564ca984
SS		 2318 </varlistentry>
2319
ad943783
LP		 2320 </variablelist>
2321 </refsect1>
2322
798d3a52 2323 <refsect1>
e5ff2245
YW		 2324 <title>[IPv6SendRA] Section Options</title>
2325 <para>The [IPv6SendRA] section contains settings for sending IPv6 Router Advertisements and whether
2326 to act as a router, if enabled via the <varname>IPv6SendRA=</varname> option described above. IPv6
2327 network prefixes or routes are defined with one or more [IPv6Prefix] or [IPv6RoutePrefix] sections.
2328 </para>
3f9e0236
PF		 2329
2330 <variablelist class='network-directives'>
2331
2332 <varlistentry>
2333 <term><varname>Managed=</varname></term>
2334 <term><varname>OtherInformation=</varname></term>
2335
9b6ffef3
YW		 2336 <listitem><para>Takes a boolean. Controls whether a DHCPv6 server is used to acquire IPv6
2337 addresses on the network link when <varname>Managed=</varname>
3f9e0236
PF		 2338 is set to <literal>true</literal> or if only additional network
2339 information can be obtained via DHCPv6 for the network link when
9b6ffef3 2340 <varname>OtherInformation=</varname> is set to
3f9e0236
PF		 2341 <literal>true</literal>. Both settings default to
2342 <literal>false</literal>, which means that a DHCPv6 server is not being
2343 used.</para></listitem>
2344 </varlistentry>
2345
2346 <varlistentry>
2347 <term><varname>RouterLifetimeSec=</varname></term>
2348
71a5db49
YW		 2349 <listitem><para>Takes a timespan. Configures the IPv6 router lifetime in seconds. When set to
2350 0, the host is not acting as a router. Defaults to 30 minutes.</para>
3f9e0236
PF		 2351 </listitem>
2352 </varlistentry>
2353
2354 <varlistentry>
2355 <term><varname>RouterPreference=</varname></term>
2356
2357 <listitem><para>Configures IPv6 router preference if
2358 <varname>RouterLifetimeSec=</varname> is non-zero. Valid values are
2359 <literal>high</literal>, <literal>medium</literal> and
2360 <literal>low</literal>, with <literal>normal</literal> and
2361 <literal>default</literal> added as synonyms for
2362 <literal>medium</literal> just to make configuration easier. See
2363 <ulink url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink>
2364 for details. Defaults to <literal>medium</literal>.</para></listitem>
2365 </varlistentry>
2366
2367 <varlistentry>
4cb8478c 2368 <term><varname>EmitDNS=</varname></term>
3f9e0236
PF		 2369 <term><varname>DNS=</varname></term>
2370
bdac5608
ZJS		 2371 <listitem><para><varname>DNS=</varname> specifies a list of recursive DNS server IPv6 addresses that
2372 are distributed via Router Advertisement messages when <varname>EmitDNS=</varname> is
2373 true. <varname>DNS=</varname> also takes special value <literal>_link_local</literal>; in that case
2374 the IPv6 link local address is distributed. If <varname>DNS=</varname> is empty, DNS servers are read
2375 from the [Network] section. If the [Network] section does not contain any DNS servers either, DNS
2376 servers from the uplink with the highest priority default route are used. When
2377 <varname>EmitDNS=</varname> is false, no DNS server information is sent in Router Advertisement
2378 messages. <varname>EmitDNS=</varname> defaults to true.</para></listitem>
3f9e0236
PF		 2379 </varlistentry>
2380
760021c0 2381 <varlistentry>
4cb8478c 2382 <term><varname>EmitDomains=</varname></term>
760021c0
PF		 2383 <term><varname>Domains=</varname></term>
2384
bdac5608
ZJS		 2385 <listitem><para>A list of DNS search domains distributed via Router Advertisement messages when
2386 <varname>EmitDomains=</varname> is true. If <varname>Domains=</varname> is empty, DNS search domains
2387 are read from the [Network] section. If the [Network] section does not contain any DNS search domains
2388 either, DNS search domains from the uplink with the highest priority default route are used. When
2389 <varname>EmitDomains=</varname> is false, no DNS search domain information is sent in Router
2390 Advertisement messages. <varname>EmitDomains=</varname> defaults to true.</para></listitem>
760021c0
PF		 2391 </varlistentry>
2392
3f9e0236
PF		 2393 <varlistentry>
2394 <term><varname>DNSLifetimeSec=</varname></term>
2395
2396 <listitem><para>Lifetime in seconds for the DNS server addresses listed
760021c0
PF		 2397 in <varname>DNS=</varname> and search domains listed in
2398 <varname>Domains=</varname>.</para></listitem>
3f9e0236
PF		 2399 </varlistentry>
2400
2401 </variablelist>
2402 </refsect1>
2403
203d4df5 2404 <refsect1>
3f9e0236 2405 <title>[IPv6Prefix] Section Options</title>
e9dd6984
ZJS		 2406 <para>One or more [IPv6Prefix] sections contain the IPv6 prefixes that are announced via Router
2407 Advertisements. See <ulink url="https://tools.ietf.org/html/rfc4861">RFC 4861</ulink> for further
2408 details.</para>
3f9e0236
PF		 2409
2410 <variablelist class='network-directives'>
2411
2412 <varlistentry>
2413 <term><varname>AddressAutoconfiguration=</varname></term>
2414 <term><varname>OnLink=</varname></term>
2415
9b6ffef3 2416 <listitem><para>Takes a boolean to specify whether IPv6 addresses can be
3f9e0236
PF		 2417 autoconfigured with this prefix and whether the prefix can be used for
2418 onlink determination. Both settings default to <literal>true</literal>
2419 in order to ease configuration.
2420 </para></listitem>
2421 </varlistentry>
2422
2423 <varlistentry>
2424 <term><varname>Prefix=</varname></term>
2425
bdac5608
ZJS		 2426 <listitem><para>The IPv6 prefix that is to be distributed to hosts. Similarly to configuring static
2427 IPv6 addresses, the setting is configured as an IPv6 prefix and its prefix length, separated by a
2428 <literal>/</literal> character. Use multiple [IPv6Prefix] sections to configure multiple IPv6
2429 prefixes since prefix lifetimes, address autoconfiguration and onlink status may differ from one
2430 prefix to another.</para></listitem>
3f9e0236
PF		 2431 </varlistentry>
2432
2433 <varlistentry>
2434 <term><varname>PreferredLifetimeSec=</varname></term>
2435 <term><varname>ValidLifetimeSec=</varname></term>
2436
2437 <listitem><para>Preferred and valid lifetimes for the prefix measured in
2438 seconds. <varname>PreferredLifetimeSec=</varname> defaults to 604800
2439 seconds (one week) and <varname>ValidLifetimeSec=</varname> defaults
2440 to 2592000 seconds (30 days).</para></listitem>
203d4df5
SS		 2441 </varlistentry>
2442
bd6379ec
SS		 2443 <varlistentry>
2444 <term><varname>Assign=</varname></term>
2445 <listitem><para>Takes a boolean. When true, adds an address from the prefix. Default to false.
2446 </para></listitem>
2447 </varlistentry>
203d4df5
SS		 2448 </variablelist>
2449 </refsect1>
2450
2451 <refsect1>
2452 <title>[IPv6RoutePrefix] Section Options</title>
bdac5608 2453 <para>One or more [IPv6RoutePrefix] sections contain the IPv6
203d4df5
SS		 2454 prefix routes that are announced via Router Advertisements. See
2455 <ulink url="https://tools.ietf.org/html/rfc4191">RFC 4191</ulink>
2456 for further details.</para>
2457
2458 <variablelist class='network-directives'>
2459
2460 <varlistentry>
2461 <term><varname>Route=</varname></term>
2462
bdac5608
ZJS		 2463 <listitem><para>The IPv6 route that is to be distributed to hosts. Similarly to configuring static
2464 IPv6 routes, the setting is configured as an IPv6 prefix routes and its prefix route length,
2465 separated by a <literal>/</literal> character. Use multiple [IPv6PrefixRoutes] sections to configure
2466 multiple IPv6 prefix routes.</para></listitem>
203d4df5
SS		 2467 </varlistentry>
2468
2469 <varlistentry>
2470 <term><varname>LifetimeSec=</varname></term>
2471
2472 <listitem><para>Lifetime for the route prefix measured in
2473 seconds. <varname>LifetimeSec=</varname> defaults to 604800 seconds (one week).
2474 </para></listitem>
3f9e0236
PF		 2475 </varlistentry>
2476
2477 </variablelist>
2478 </refsect1>
2479
2480 <refsect1>
798d3a52 2481 <title>[Bridge] Section Options</title>
bdac5608 2482 <para>The [Bridge] section accepts the following keys:</para>
798d3a52 2483 <variablelist class='network-directives'>
165c41a9
SS		 2484 <varlistentry>
2485 <term><varname>UnicastFlood=</varname></term>
2486 <listitem>
9b6ffef3 2487 <para>Takes a boolean. Controls whether the bridge should flood
072f9e4a 2488 traffic for which an FDB entry is missing and the destination
025314d9 2489 is unknown through this port. When unset, the kernel's default will be used.
47c7dfe2 2490 </para>
165c41a9
SS		 2491 </listitem>
2492 </varlistentry>
7f15b714
TJ		 2493 <varlistentry>
2494 <term><varname>MulticastFlood=</varname></term>
2495 <listitem>
2496 <para>Takes a boolean. Controls whether the bridge should flood
2497 traffic for which an MDB entry is missing and the destination
2498 is unknown through this port. When unset, the kernel's default will be used.
2499 </para>
2500 </listitem>
2501 </varlistentry>
d3aa8b49
SS		 2502 <varlistentry>
2503 <term><varname>MulticastToUnicast=</varname></term>
2504 <listitem>
2505 <para>Takes a boolean. Multicast to unicast works on top of the multicast snooping feature of
2506 the bridge. Which means unicast copies are only delivered to hosts which are interested in it.
2507 When unset, the kernel's default will be used.
2508 </para>
2509 </listitem>
2510 </varlistentry>
7f15b714
TJ		 2511 <varlistentry>
2512 <term><varname>NeighborSuppression=</varname></term>
2513 <listitem>
2514 <para>Takes a boolean. Configures whether ARP and ND neighbor suppression is enabled for
2515 this port. When unset, the kernel's default will be used.
2516 </para>
2517 </listitem>
2518 </varlistentry>
2519 <varlistentry>
2520 <term><varname>Learning=</varname></term>
2521 <listitem>
2522 <para>Takes a boolean. Configures whether MAC address learning is enabled for
2523 this port. When unset, the kernel's default will be used.
2524 </para>
2525 </listitem>
2526 </varlistentry>
165c41a9
SS		 2527 <varlistentry>
2528 <term><varname>HairPin=</varname></term>
2529 <listitem>
e9dd6984
ZJS		 2530 <para>Takes a boolean. Configures whether traffic may be sent back out of the port on which it
2531 was received. When this flag is false, then the bridge will not forward traffic back out of the
2532 receiving port. When unset, the kernel's default will be used.</para>
165c41a9
SS		 2533 </listitem>
2534 </varlistentry>
2535 <varlistentry>
84c34096 2536 <term><varname>UseBPDU=</varname></term>
165c41a9 2537 <listitem>
9b6ffef3 2538 <para>Takes a boolean. Configures whether STP Bridge Protocol Data Units will be
025314d9 2539 processed by the bridge port. When unset, the kernel's default will be used.</para>
165c41a9
SS		 2540 </listitem>
2541 </varlistentry>
2542 <varlistentry>
2543 <term><varname>FastLeave=</varname></term>
2544 <listitem>
9b6ffef3 2545 <para>Takes a boolean. This flag allows the bridge to immediately stop multicast
a8eaaee7 2546 traffic on a port that receives an IGMP Leave message. It is only used with
025314d9 2547 IGMP snooping if enabled on the bridge. When unset, the kernel's default will be used.</para>
165c41a9
SS		 2548 </listitem>
2549 </varlistentry>
2550 <varlistentry>
23da66bb 2551 <term><varname>AllowPortToBeRoot=</varname></term>
165c41a9 2552 <listitem>
9b6ffef3 2553 <para>Takes a boolean. Configures whether a given port is allowed to
47c7dfe2 2554 become a root port. Only used when STP is enabled on the bridge.
025314d9 2555 When unset, the kernel's default will be used.</para>
165c41a9
SS		 2556 </listitem>
2557 </varlistentry>
1087623b
SS		 2558 <varlistentry>
2559 <term><varname>ProxyARP=</varname></term>
2560 <listitem>
2561 <para>Takes a boolean. Configures whether proxy ARP to be enabled on this port.
2562 When unset, the kernel's default will be used.</para>
2563 </listitem>
2564 </varlistentry>
2565 <varlistentry>
2566 <term><varname>ProxyARPWiFi=</varname></term>
2567 <listitem>
2568 <para>Takes a boolean. Configures whether proxy ARP to be enabled on this port
2569 which meets extended requirements by IEEE 802.11 and Hotspot 2.0 specifications.
2570 When unset, the kernel's default will be used.</para>
2571 </listitem>
2572 </varlistentry>
0fadb2a4
SS		 2573 <varlistentry>
2574 <term><varname>MulticastRouter=</varname></term>
2575 <listitem>
2576 <para>Configures this port for having multicast routers attached. A port with a multicast
2577 router will receive all multicast traffic. Takes one of <literal>no</literal>
2578 to disable multicast routers on this port, <literal>query</literal> to let the system detect
2579 the presence of routers, <literal>permanent</literal> to permanently enable multicast traffic
2580 forwarding on this port, or <literal>temporary</literal> to enable multicast routers temporarily
2581 on this port, not depending on incoming queries. When unset, the kernel's default will be used.</para>
2582 </listitem>
2583 </varlistentry>
798d3a52
ZJS		 2584 <varlistentry>
2585 <term><varname>Cost=</varname></term>
2586 <listitem>
47c7dfe2 2587 <para>Sets the "cost" of sending packets of this interface.
a8eaaee7 2588 Each port in a bridge may have a different speed and the cost
798d3a52 2589 is used to decide which link to use. Faster interfaces
785889e5 2590 should have lower costs. It is an integer value between 1 and
b56be296
DJL		 2591 65535.</para>
2592 </listitem>
2593 </varlistentry>
2594 <varlistentry>
2595 <term><varname>Priority=</varname></term>
2596 <listitem>
2597 <para>Sets the "priority" of sending packets on this interface.
2598 Each port in a bridge may have a different priority which is used
2599 to decide which link to use. Lower value means higher priority.
785889e5 2600 It is an integer value between 0 to 63. Networkd does not set any
b56be296 2601 default, meaning the kernel default value of 32 is used.</para>
798d3a52
ZJS		 2602 </listitem>
2603 </varlistentry>
2604 </variablelist>
2605 </refsect1>
798d3a52
ZJS		 2606 <refsect1>
2607 <title>[BridgeFDB] Section Options</title>
bdac5608
ZJS		 2608 <para>The [BridgeFDB] section manages the forwarding database table of a port and accepts the following
2609 keys. Specify several [BridgeFDB] sections to configure several static MAC table entries.</para>
798d3a52
ZJS		 2610
2611 <variablelist class='network-directives'>
2612 <varlistentry>
2613 <term><varname>MACAddress=</varname></term>
2614 <listitem>
bdac5608 2615 <para>As in the [Network] section. This key is mandatory.</para>
798d3a52
ZJS		 2616 </listitem>
2617 </varlistentry>
c2c2793f
SS		 2618 <varlistentry>
2619 <term><varname>Destination=</varname></term>
2620 <listitem>
2621 <para>Takes an IP address of the destination VXLAN tunnel endpoint.</para>
2622 </listitem>
2623 </varlistentry>
798d3a52
ZJS		 2624 <varlistentry>
2625 <term><varname>VLANId=</varname></term>
2626 <listitem>
a8eaaee7 2627 <para>The VLAN ID for the new static MAC table entry. If
db9b9fb9 2628 omitted, no VLAN ID information is appended to the new static MAC
798d3a52
ZJS		 2629 table entry.</para>
2630 </listitem>
2631 </varlistentry>
61b824c5
SS		 2632 <varlistentry>
2633 <term><varname>VNI=</varname></term>
2634 <listitem>
2635 <para>The VXLAN Network Identifier (or VXLAN Segment ID) to use to connect to
2636 the remote VXLAN tunnel endpoint. Takes a number in the range 1-16777215.
2637 Defaults to unset.</para>
2638 </listitem>
2639 </varlistentry>
bdb397ed
SS		 2640 <varlistentry>
2641 <term><varname>AssociatedWith=</varname></term>
2642 <listitem>
2643 <para>Specifies where the address is associated with. Takes one of <literal>use</literal>,
2644 <literal>self</literal>, <literal>master</literal> or <literal>router</literal>.
2645 <literal>use</literal> means the address is in use. User space can use this option to
2646 indicate to the kernel that the fdb entry is in use. <literal>self</literal> means
2647 the address is associated with the port drivers fdb. Usually hardware. <literal>master</literal>
2648 means the address is associated with master devices fdb. <literal>router</literal> means
2649 the destination address is associated with a router. Note that it's valid if the referenced
2650 device is a VXLAN type device and has route shortcircuit enabled. Defaults to <literal>self</literal>.</para>
2651 </listitem>
2652 </varlistentry>
798d3a52
ZJS		 2653 </variablelist>
2654 </refsect1>
a1717e9a
DM		 2655 <refsect1>
2656 <title>[BridgeMDB] Section Options</title>
2657 <para>The [BridgeMDB] section manages the multicast membership entries forwarding database table of a port and accepts the following
2658 keys. Specify several [BridgeMDB] sections to configure several permanent multicast membership entries.</para>
2659
2660 <variablelist class='network-directives'>
2661 <varlistentry>
2662 <term><varname>MulticastGroupAddress=</varname></term>
2663 <listitem>
2664 <para>Specifies the IPv4 or IPv6 multicast group address to add. This setting is mandatory.</para>
2665 </listitem>
2666 </varlistentry>
2667 <varlistentry>
2668 <term><varname>VLANId=</varname></term>
2669 <listitem>
2670 <para>The VLAN ID for the new entry. Valid ranges are 0 (no VLAN) to 4094. Optional, defaults to 0.</para>
2671 </listitem>
2672 </varlistentry>
2673 </variablelist>
2674 </refsect1>
06828bb6 2675
e9a8c550
SS		 2676 <refsect1>
2677 <title>[LLDP] Section Options</title>
bdac5608 2678 <para>The [LLDP] section manages the Link Layer Discovery Protocol (LLDP) and accepts the following
885a4e6c 2679 keys:</para>
e9a8c550
SS		 2680 <variablelist class='network-directives'>
2681 <varlistentry>
2682 <term><varname>MUDURL=</varname></term>
2683 <listitem>
0558f303
ZJS		 2684 <para>When configured, the specified Manufacturer Usage Descriptions (MUD) URL will be sent in
2685 LLDP packets. The syntax and semantics are the same as for <varname>MUDURL=</varname> in the
2686 [DHCPv4] section described above.</para>
2687
2688 <para>The MUD URLs received via LLDP packets are saved and can be read using the
e9a8c550
SS		 2689 <function>sd_lldp_neighbor_get_mud_url()</function> function.</para>
2690 </listitem>
2691 </varlistentry>
2692 </variablelist>
2693 </refsect1>
2694
06828bb6
HP		 2695 <refsect1>
2696 <title>[CAN] Section Options</title>
bdac5608
ZJS		 2697 <para>The [CAN] section manages the Controller Area Network (CAN bus) and accepts the
2698 following keys:</para>
06828bb6
HP		 2699 <variablelist class='network-directives'>
2700 <varlistentry>
2701 <term><varname>BitRate=</varname></term>
2702 <listitem>
2703 <para>The bitrate of CAN device in bits per second. The usual SI prefixes (K, M) with the base of 1000 can
74a27268 2704 be used here. Takes a number in the range 1..4294967295.</para>
06828bb6
HP		 2705 </listitem>
2706 </varlistentry>
2707 <varlistentry>
2708 <term><varname>SamplePoint=</varname></term>
2709 <listitem>
2710 <para>Optional sample point in percent with one decimal (e.g. <literal>75%</literal>,
2711 <literal>87.5%</literal>) or permille (e.g. <literal>875‰</literal>).</para>
2712 </listitem>
2713 </varlistentry>
7e025e9c
RP		 2714 <varlistentry>
2715 <term><varname>DataBitRate=</varname></term>
2716 <term><varname>DataSamplePoint=</varname></term>
2717 <listitem>
2718 <para>The bitrate and sample point for the data phase, if CAN-FD is used. These settings are
2719 analogous to the <varname>BitRate=</varname> and <varname>SamplePoint=</varname> keys.</para>
2720 </listitem>
2721 </varlistentry>
2722 <varlistentry>
2723 <term><varname>FDMode=</varname></term>
2724 <listitem>
2725 <para>Takes a boolean. When <literal>yes</literal>, CAN-FD mode is enabled for the interface.
2726 Note, that a bitrate and optional sample point should also be set for the CAN-FD data phase using
2727 the <varname>DataBitRate=</varname> and <varname>DataSamplePoint=</varname> keys.</para>
2728 </listitem>
2729 </varlistentry>
2730 <varlistentry>
2731 <term><varname>FDNonISO=</varname></term>
2732 <listitem>
2733 <para>Takes a boolean. When <literal>yes</literal>, non-ISO CAN-FD mode is enabled for the
2734 interface. When unset, the kernel's default will be used.</para>
2735 </listitem>
2736 </varlistentry>
06828bb6
HP		 2737 <varlistentry>
2738 <term><varname>RestartSec=</varname></term>
2739 <listitem>
2740 <para>Automatic restart delay time. If set to a non-zero value, a restart of the CAN controller will be
2741 triggered automatically in case of a bus-off condition after the specified delay time. Subsecond delays can
2742 be specified using decimals (e.g. <literal>0.1s</literal>) or a <literal>ms</literal> or
2743 <literal>us</literal> postfix. Using <literal>infinity</literal> or <literal>0</literal> will turn the
2744 automatic restart off. By default automatic restart is disabled.</para>
2745 </listitem>
2746 </varlistentry>
52aa38f1
MR		 2747 <varlistentry>
2748 <term><varname>Termination=</varname></term>
2749 <listitem>
2750 <para>Takes a boolean. When <literal>yes</literal>, the termination resistor will be selected for
2751 the bias network. When unset, the kernel's default will be used.</para>
2752 </listitem>
2753 </varlistentry>
c423be28
CG		 2754 <varlistentry>
2755 <term><varname>TripleSampling=</varname></term>
2756 <listitem>
2757 <para>Takes a boolean. When <literal>yes</literal>, three samples (instead of one) are used to determine
2758 the value of a received bit by majority rule. When unset, the kernel's default will be used.</para>
2759 </listitem>
2760 </varlistentry>
77b67404
 2761 <varlistentry>
2762 <term><varname>BusErrorReporting=</varname></term>
2763 <listitem>
2764 <para>Takes a boolean. When <literal>yes</literal>, reporting of CAN bus errors is activated
2765 (those include single bit, frame format, and bit stuffing errors, unable to send dominant bit,
2766 unable to send recessive bit, bus overload, active error announcement, error occurred on
2767 transmission). When unset, the kernel's default will be used. Note: in case of a CAN bus with a
2768 single CAN device, sending a CAN frame may result in a huge number of CAN bus errors.</para>
2769 </listitem>
2770 </varlistentry>
74f0fb90
YW		 2771 <varlistentry>
2772 <term><varname>ListenOnly=</varname></term>
2773 <listitem>
2774 <para>Takes a boolean. When <literal>yes</literal>, listen-only mode is enabled. When the
2775 interface is in listen-only mode, the interface neither transmit CAN frames nor send ACK
2776 bit. Listen-only mode is important to debug CAN networks without interfering with the
2777 communication or acknowledge the CAN frame. When unset, the kernel's default will be used.
2778 </para>
2779 </listitem>
2780 </varlistentry>
06828bb6
HP		 2781 </variablelist>
2782 </refsect1>
2783
2ed5f6d5
YW		 2784 <refsect1>
2785 <title>[QDisc] Section Options</title>
bdac5608 2786 <para>The [QDisc] section manages the traffic control queueing discipline (qdisc).</para>
2ed5f6d5
YW		 2787
2788 <variablelist class='network-directives'>
2789 <varlistentry>
2790 <term><varname>Parent=</varname></term>
2791 <listitem>
2792 <para>Specifies the parent Queueing Discipline (qdisc). Takes one of <literal>clsact</literal>
2793 or <literal>ingress</literal>. This is mandatory.</para>
2794 </listitem>
2795 </varlistentry>
d8b2396d 2796
f344a492 2797 <xi:include href="tc.xml" xpointer="qdisc-handle" />
2ed5f6d5
YW		 2798 </variablelist>
2799 </refsect1>
2800
0f5bd7fe 2801 <refsect1>
18de0969 2802 <title>[NetworkEmulator] Section Options</title>
bdac5608
ZJS		 2803 <para>The [NetworkEmulator] section manages the queueing discipline (qdisc) of the network emulator. It
2804 can be used to configure the kernel packet scheduler and simulate packet delay and loss for UDP or TCP
2805 applications, or limit the bandwidth usage of a particular service to simulate internet connections.
2806 </para>
0f5bd7fe
SS		 2807
2808 <variablelist class='network-directives'>
f344a492
YW		 2809 <xi:include href="tc.xml" xpointer="qdisc-parent" />
2810 <xi:include href="tc.xml" xpointer="qdisc-handle" />
d8b2396d 2811
0f5bd7fe 2812 <varlistentry>
18de0969 2813 <term><varname>DelaySec=</varname></term>
0f5bd7fe
SS		 2814 <listitem>
2815 <para>Specifies the fixed amount of delay to be added to all packets going out of the
2816 interface. Defaults to unset.</para>
2817 </listitem>
2818 </varlistentry>
2819
2820 <varlistentry>
18de0969 2821 <term><varname>DelayJitterSec=</varname></term>
0f5bd7fe
SS		 2822 <listitem>
2823 <para>Specifies the chosen delay to be added to the packets outgoing to the network
2824 interface. Defaults to unset.</para>
2825 </listitem>
2826 </varlistentry>
2827
2828 <varlistentry>
18de0969 2829 <term><varname>PacketLimit=</varname></term>
0f5bd7fe
SS		 2830 <listitem>
2831 <para>Specifies the maximum number of packets the qdisc may hold queued at a time.
e9dd6984 2832 An unsigned integer in the range 0–4294967294. Defaults to 1000.</para>
0f5bd7fe
SS		 2833 </listitem>
2834 </varlistentry>
2835
2836 <varlistentry>
18de0969 2837 <term><varname>LossRate=</varname></term>
0f5bd7fe
SS		 2838 <listitem>
2839 <para>Specifies an independent loss probability to be added to the packets outgoing from the
2840 network interface. Takes a percentage value, suffixed with "%". Defaults to unset.</para>
2841 </listitem>
2842 </varlistentry>
2843
b9c5aa3c 2844 <varlistentry>
18de0969 2845 <term><varname>DuplicateRate=</varname></term>
b9c5aa3c
SS		 2846 <listitem>
2847 <para>Specifies that the chosen percent of packets is duplicated before queuing them.
2848 Takes a percentage value, suffixed with "%". Defaults to unset.</para>
2849 </listitem>
2850 </varlistentry>
18de0969
YW		 2851 </variablelist>
2852 </refsect1>
b9c5aa3c 2853
18de0969 2854 <refsect1>
60ed2dcf 2855 <title>[TokenBucketFilter] Section Options</title>
e9dd6984
ZJS		 2856 <para>The [TokenBucketFilter] section manages the queueing discipline (qdisc) of token bucket filter
2857 (tbf).</para>
18de0969
YW		 2858
2859 <variablelist class='network-directives'>
f344a492
YW		 2860 <xi:include href="tc.xml" xpointer="qdisc-parent" />
2861 <xi:include href="tc.xml" xpointer="qdisc-handle" />
d8b2396d 2862
18de0969
YW		 2863 <varlistentry>
2864 <term><varname>LatencySec=</varname></term>
ba5841b5
SS		 2865 <listitem>
2866 <para>Specifies the latency parameter, which specifies the maximum amount of time a
60ed2dcf 2867 packet can sit in the Token Bucket Filter (TBF). Defaults to unset.</para>
ba5841b5
SS		 2868 </listitem>
2869 </varlistentry>
2870
dcfc23ae 2871 <varlistentry>
c03ef420 2872 <term><varname>LimitBytes=</varname></term>
dcfc23ae
YW		 2873 <listitem>
2874 <para>Takes the number of bytes that can be queued waiting for tokens to become available.
2875 When the size is suffixed with K, M, or G, it is parsed as Kilobytes, Megabytes, or Gigabytes,
c03ef420 2876 respectively, to the base of 1024. Defaults to unset.</para>
dcfc23ae
YW		 2877 </listitem>
2878 </varlistentry>
2879
ba5841b5 2880 <varlistentry>
c03ef420 2881 <term><varname>BurstBytes=</varname></term>
ba5841b5
SS		 2882 <listitem>
2883 <para>Specifies the size of the bucket. This is the maximum amount of bytes that tokens
2884 can be available for instantaneous transfer. When the size is suffixed with K, M, or G, it is
c03ef420 2885 parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to
ba5841b5
SS		 2886 unset.</para>
2887 </listitem>
2888 </varlistentry>
2889
2890 <varlistentry>
18de0969 2891 <term><varname>Rate=</varname></term>
ba5841b5
SS		 2892 <listitem>
2893 <para>Specifies the device specific bandwidth. When suffixed with K, M, or G, the specified
6b8fe4c3 2894 bandwidth is parsed as Kilobits, Megabits, or Gigabits, respectively, to the base of 1000.
ba5841b5
SS		 2895 Defaults to unset.</para>
2896 </listitem>
2897 </varlistentry>
2898
dcfc23ae 2899 <varlistentry>
18de0969 2900 <term><varname>MPUBytes=</varname></term>
dcfc23ae
YW		 2901 <listitem>
2902 <para>The Minimum Packet Unit (MPU) determines the minimal token usage (specified in bytes)
2903 for a packet. When suffixed with K, M, or G, the specified size is parsed as Kilobytes,
c03ef420 2904 Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to zero.</para>
dcfc23ae
YW		 2905 </listitem>
2906 </varlistentry>
2907
2908 <varlistentry>
18de0969 2909 <term><varname>PeakRate=</varname></term>
dcfc23ae
YW		 2910 <listitem>
2911 <para>Takes the maximum depletion rate of the bucket. When suffixed with K, M, or G, the
6b8fe4c3 2912 specified size is parsed as Kilobits, Megabits, or Gigabits, respectively, to the base of
dcfc23ae
YW		 2913 1000. Defaults to unset.</para>
2914 </listitem>
2915 </varlistentry>
2916
2917 <varlistentry>
18de0969 2918 <term><varname>MTUBytes=</varname></term>
dcfc23ae
YW		 2919 <listitem>
2920 <para>Specifies the size of the peakrate bucket. When suffixed with K, M, or G, the specified
c03ef420 2921 size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024.
dcfc23ae
YW		 2922 Defaults to unset.</para>
2923 </listitem>
2924 </varlistentry>
18de0969
YW		 2925 </variablelist>
2926 </refsect1>
2927
bde4ae88
SS		 2928 <refsect1>
2929 <title>[PIE] Section Options</title>
bdac5608
ZJS		 2930 <para>The [PIE] section manages the queueing discipline (qdisc) of Proportional Integral
2931 controller-Enhanced (PIE).</para>
bde4ae88
SS		 2932
2933 <variablelist class='network-directives'>
f344a492
YW		 2934 <xi:include href="tc.xml" xpointer="qdisc-parent" />
2935 <xi:include href="tc.xml" xpointer="qdisc-handle" />
bde4ae88
SS		 2936
2937 <varlistentry>
2938 <term><varname>PacketLimit=</varname></term>
2939 <listitem>
2940 <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
e9dd6984 2941 dropped. An unsigned integer in the range 1–4294967294. Defaults to unset and kernel's default is used.</para>
8f6b6d70
SS		 2942 </listitem>
2943 </varlistentry>
2944 </variablelist>
2945 </refsect1>
2946
2947 <refsect1>
2948 <title>[FlowQueuePIE] Section Options</title>
2949 <para>The <literal>[FlowQueuePIE]</literal> section manages the queueing discipline
2950 (qdisc) of Flow Queue Proportional Integral controller-Enhanced (fq_pie).</para>
2951
2952 <variablelist class='network-directives'>
2953 <xi:include href="tc.xml" xpointer="qdisc-parent" />
2954 <xi:include href="tc.xml" xpointer="qdisc-handle" />
2955
2956 <varlistentry>
2957 <term><varname>PacketLimit=</varname></term>
2958 <listitem>
2959 <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
2960 dropped. An unsigned integer ranges 1 to 4294967294. Defaults to unset and kernel's default is used.</para>
bde4ae88
SS		 2961 </listitem>
2962 </varlistentry>
2963 </variablelist>
2964 </refsect1>
2965
982998b0
SS		 2966 <refsect1>
2967 <title>[StochasticFairBlue] Section Options</title>
bdac5608
ZJS		 2968 <para>The [StochasticFairBlue] section manages the queueing discipline (qdisc) of stochastic fair blue
2969 (sfb).</para>
982998b0
SS		 2970
2971 <variablelist class='network-directives'>
f344a492
YW		 2972 <xi:include href="tc.xml" xpointer="qdisc-parent" />
2973 <xi:include href="tc.xml" xpointer="qdisc-handle" />
982998b0
SS		 2974
2975 <varlistentry>
2976 <term><varname>PacketLimit=</varname></term>
2977 <listitem>
e9dd6984
ZJS		 2978 <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
2979 incoming packets are dropped. An unsigned integer in the range 0–4294967294. Defaults to unset and
2980 kernel's default is used.</para>
982998b0
SS		 2981 </listitem>
2982 </varlistentry>
2983 </variablelist>
2984 </refsect1>
2985
18de0969
YW		 2986 <refsect1>
2987 <title>[StochasticFairnessQueueing] Section Options</title>
bdac5608
ZJS		 2988 <para>The [StochasticFairnessQueueing] section manages the queueing discipline (qdisc) of stochastic
2989 fairness queueing (sfq).</para>
18de0969
YW		 2990
2991 <variablelist class='network-directives'>
f344a492
YW		 2992 <xi:include href="tc.xml" xpointer="qdisc-parent" />
2993 <xi:include href="tc.xml" xpointer="qdisc-handle" />
d8b2396d 2994
9942b710 2995 <varlistentry>
18de0969 2996 <term><varname>PerturbPeriodSec=</varname></term>
9942b710
SS		 2997 <listitem>
2998 <para>Specifies the interval in seconds for queue algorithm perturbation. Defaults to unset.</para>
2999 </listitem>
3000 </varlistentry>
18de0969
YW		 3001 </variablelist>
3002 </refsect1>
3003
c853f594
SS		 3004 <refsect1>
3005 <title>[BFIFO] Section Options</title>
bdac5608
ZJS		 3006 <para>The [BFIFO] section manages the queueing discipline (qdisc) of Byte limited Packet First In First
3007 Out (bfifo).</para>
c853f594
SS		 3008
3009 <variablelist class='network-directives'>
f344a492
YW		 3010 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3011 <xi:include href="tc.xml" xpointer="qdisc-handle" />
c853f594
SS		 3012
3013 <varlistentry>
c03ef420 3014 <term><varname>LimitBytes=</varname></term>
c853f594 3015 <listitem>
885a4e6c
ZJS		 3016 <para>Specifies the hard limit in bytes on the FIFO buffer size. The size limit prevents overflow
3017 in case the kernel is unable to dequeue packets as quickly as it receives them. When this limit is
3018 reached, incoming packets are dropped. When suffixed with K, M, or G, the specified size is parsed
3019 as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and
3020 kernel default is used.</para>
c853f594
SS		 3021 </listitem>
3022 </varlistentry>
3023 </variablelist>
3024 </refsect1>
3025
a7476065
SS		 3026 <refsect1>
3027 <title>[PFIFO] Section Options</title>
bdac5608
ZJS		 3028 <para>The [PFIFO] section manages the queueing discipline (qdisc) of Packet First In First Out
3029 (pfifo).</para>
a7476065
SS		 3030
3031 <variablelist class='network-directives'>
f344a492
YW		 3032 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3033 <xi:include href="tc.xml" xpointer="qdisc-handle" />
a7476065
SS		 3034
3035 <varlistentry>
3036 <term><varname>PacketLimit=</varname></term>
3037 <listitem>
e9dd6984
ZJS		 3038 <para>Specifies the hard limit on the FIFO size in number of packets. The size limit (a buffer
3039 size) to prevent it from overflowing in case it is unable to dequeue packets as quickly as it
3040 receives them. When this limit is reached, incoming packets are dropped. An unsigned integer in the
3041 range 0–4294967294. Defaults to unset and kernel's default is used.</para>
a7476065
SS		 3042 </listitem>
3043 </varlistentry>
ad8352f4
SS		 3044 </variablelist>
3045 </refsect1>
3046
053a2ddb
SS		 3047 <refsect1>
3048 <title>[PFIFOHeadDrop] Section Options</title>
bdac5608
ZJS		 3049 <para>The [PFIFOHeadDrop] section manages the queueing discipline (qdisc) of Packet First In First Out
3050 Head Drop (pfifo_head_drop).</para>
053a2ddb
SS		 3051
3052 <variablelist class='network-directives'>
f344a492
YW		 3053 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3054 <xi:include href="tc.xml" xpointer="qdisc-handle" />
053a2ddb
SS		 3055
3056 <varlistentry>
3057 <term><varname>PacketLimit=</varname></term>
3058 <listitem>
bdac5608 3059 <para>As in [PFIFO] section.</para></listitem>
053a2ddb
SS		 3060 </varlistentry>
3061 </variablelist>
3062 </refsect1>
3063
1a95964b
SS		 3064 <refsect1>
3065 <title>[PFIFOFast] Section Options</title>
bdac5608
ZJS		 3066 <para>The [PFIFOFast] section manages the queueing discipline (qdisc) of Packet First In First Out Fast
3067 (pfifo_fast).</para>
1a95964b
SS		 3068
3069 <variablelist class='network-directives'>
f344a492
YW		 3070 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3071 <xi:include href="tc.xml" xpointer="qdisc-handle" />
1a95964b
SS		 3072 </variablelist>
3073 </refsect1>
3074
ad8352f4
SS		 3075 <refsect1>
3076 <title>[CAKE] Section Options</title>
bdac5608
ZJS		 3077 <para>The [CAKE] section manages the queueing discipline (qdisc) of Common Applications Kept Enhanced
3078 (CAKE).</para>
ad8352f4
SS		 3079
3080 <variablelist class='network-directives'>
f344a492
YW		 3081 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3082 <xi:include href="tc.xml" xpointer="qdisc-handle" />
a7476065 3083
ad8352f4 3084 <varlistentry>
c03ef420 3085 <term><varname>OverheadBytes=</varname></term>
ad8352f4 3086 <listitem>
e9dd6984
ZJS		 3087 <para>Specifies that bytes to be addeded to the size of each packet. Bytes may be negative. Takes
3088 an integer in the range from -64 to 256. Defaults to unset and kernel's default is used.</para>
ad8352f4 3089 </listitem>
f344a492 3090 </varlistentry>
ad8352f4
SS		 3091
3092 <varlistentry>
3093 <term><varname>Bandwidth=</varname></term>
3094 <listitem>
3095 <para>Specifies the shaper bandwidth. When suffixed with K, M, or G, the specified size is
3096 parsed as Kilobits, Megabits, or Gigabits, respectively, to the base of 1000. Defaults to
3097 unset and kernel's default is used.</para>
3098 </listitem>
3099 </varlistentry>
a7476065
SS		 3100 </variablelist>
3101 </refsect1>
3102
18de0969
YW		 3103 <refsect1>
3104 <title>[ControlledDelay] Section Options</title>
bdac5608 3105 <para>The [ControlledDelay] section manages the queueing discipline (qdisc) of
18de0969 3106 controlled delay (CoDel).</para>
9942b710 3107
18de0969 3108 <variablelist class='network-directives'>
f344a492
YW		 3109 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3110 <xi:include href="tc.xml" xpointer="qdisc-handle" />
d8b2396d 3111
18de0969
YW		 3112 <varlistentry>
3113 <term><varname>PacketLimit=</varname></term>
a9a5d632 3114 <listitem>
e9dd6984
ZJS		 3115 <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
3116 incoming packets are dropped. An unsigned integer in the range 0–4294967294. Defaults to unset and
3117 kernel's default is used.</para>
a9a5d632
SS		 3118 </listitem>
3119 </varlistentry>
3120
b078e528 3121 <varlistentry>
18de0969 3122 <term><varname>TargetSec=</varname></term>
b078e528
YW		 3123 <listitem>
3124 <para>Takes a timespan. Specifies the acceptable minimum standing/persistent queue delay.
3125 Defaults to unset and kernel's default is used.</para>
3126 </listitem>
3127 </varlistentry>
3128
3129 <varlistentry>
18de0969 3130 <term><varname>IntervalSec=</varname></term>
b078e528
YW		 3131 <listitem>
3132 <para>Takes a timespan. This is used to ensure that the measured minimum delay does not
3133 become too stale. Defaults to unset and kernel's default is used.</para>
3134 </listitem>
3135 </varlistentry>
3136
3137 <varlistentry>
18de0969 3138 <term><varname>ECN=</varname></term>
b078e528
YW		 3139 <listitem>
3140 <para>Takes a boolean. This can be used to mark packets instead of dropping them. Defaults to
3141 unset and kernel's default is used.</para>
3142 </listitem>
3143 </varlistentry>
3144
3145 <varlistentry>
18de0969 3146 <term><varname>CEThresholdSec=</varname></term>
b078e528
YW		 3147 <listitem>
3148 <para>Takes a timespan. This sets a threshold above which all packets are marked with ECN
3149 Congestion Experienced (CE). Defaults to unset and kernel's default is used.</para>
3150 </listitem>
3151 </varlistentry>
18de0969
YW		 3152 </variablelist>
3153 </refsect1>
b078e528 3154
f5fc0441
SS		 3155 <refsect1>
3156 <title>[DeficitRoundRobinScheduler] Section Options</title>
bdac5608
ZJS		 3157 <para>The [DeficitRoundRobinScheduler] section manages the queueing discipline (qdisc) of Deficit Round
3158 Robin Scheduler (DRR).</para>
f5fc0441
SS		 3159
3160 <variablelist class='network-directives'>
f344a492
YW		 3161 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3162 <xi:include href="tc.xml" xpointer="qdisc-handle" />
f5fc0441
SS		 3163 </variablelist>
3164 </refsect1>
3165
ad365c5d
YW		 3166 <refsect1>
3167 <title>[DeficitRoundRobinSchedulerClass] Section Options</title>
bdac5608
ZJS		 3168 <para>The [DeficitRoundRobinSchedulerClass] section manages the traffic control class of Deficit Round
3169 Robin Scheduler (DRR).</para>
ad365c5d
YW		 3170
3171 <variablelist class='network-directives'>
f344a492
YW		 3172 <xi:include href="tc.xml" xpointer="tclass-parent" />
3173 <xi:include href="tc.xml" xpointer="tclass-classid" />
ad365c5d
YW		 3174
3175 <varlistentry>
c03ef420 3176 <term><varname>QuantumBytes=</varname></term>
ad365c5d 3177 <listitem>
c03ef420
YW		 3178 <para>Specifies the amount of bytes a flow is allowed to dequeue before the scheduler moves
3179 to the next class. When suffixed with K, M, or G, the specified size is parsed as Kilobytes,
3180 Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to the MTU of the
3181 interface.</para>
ad365c5d
YW		 3182 </listitem>
3183 </varlistentry>
3184
3185 </variablelist>
3186 </refsect1>
3187
d474aa51
YW		 3188 <refsect1>
3189 <title>[EnhancedTransmissionSelection] Section Options</title>
bdac5608
ZJS		 3190 <para>The [EnhancedTransmissionSelection] section manages the queueing discipline (qdisc) of Enhanced
3191 Transmission Selection (ETS).</para>
d474aa51
YW		 3192
3193 <variablelist class='network-directives'>
3194 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3195 <xi:include href="tc.xml" xpointer="qdisc-handle" />
3196
3197 <varlistentry>
3198 <term><varname>Bands=</varname></term>
3199 <listitem>
e9dd6984
ZJS		 3200 <para>Specifies the number of bands. An unsigned integer in the range 1–16. This value has to be at
3201 least large enough to cover the strict bands specified through the <varname>StrictBands=</varname>
3202 and bandwidth-sharing bands specified in <varname>QuantumBytes=</varname>.</para>
d474aa51
YW		 3203 </listitem>
3204 </varlistentry>
3205
3206 <varlistentry>
3207 <term><varname>StrictBands=</varname></term>
3208 <listitem>
e9dd6984
ZJS		 3209 <para>Specifies the number of bands that should be created in strict mode. An unsigned integer in
3210 the range 1–16.</para>
d474aa51
YW		 3211 </listitem>
3212 </varlistentry>
3213
3214 <varlistentry>
3215 <term><varname>QuantumBytes=</varname></term>
3216 <listitem>
3217 <para>Specifies the white-space separated list of quantum used in band-sharing bands. When
3218 suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
3219 respectively, to the base of 1024. This setting can be specified multiple times. If an empty
3220 string is assigned, then the all previous assignments are cleared.</para>
3221 </listitem>
3222 </varlistentry>
3223
3224 <varlistentry>
3225 <term><varname>PriorityMap=</varname></term>
3226 <listitem>
885a4e6c
ZJS		 3227 <para>The priority map maps the priority of a packet to a band. The argument is a whitespace
3228 separated list of numbers. The first number indicates which band the packets with priority 0 should
3229 be put to, the second is for priority 1, and so on. There can be up to 16 numbers in the list. If
3230 there are fewer, the default band that traffic with one of the unmentioned priorities goes to is
3231 the last one. Each band number must be in the range 0..255. This setting can be specified multiple
3232 times. If an empty string is assigned, then the all previous assignments are cleared.</para>
d474aa51
YW		 3233 </listitem>
3234 </varlistentry>
3235 </variablelist>
3236 </refsect1>
3237
609e8340
SS		 3238 <refsect1>
3239 <title>[GenericRandomEarlyDetection] Section Options</title>
bdac5608
ZJS		 3240 <para>The [GenericRandomEarlyDetection] section manages the queueing discipline (qdisc) of Generic Random
3241 Early Detection (GRED).</para>
609e8340
SS		 3242
3243 <variablelist class='network-directives'>
f344a492
YW		 3244 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3245 <xi:include href="tc.xml" xpointer="qdisc-handle" />
609e8340
SS		 3246
3247 <varlistentry>
3248 <term><varname>VirtualQueues=</varname></term>
3249 <listitem>
3250 <para>Specifies the number of virtual queues. Takes a integer in the range 1-16. Defaults to unset and kernel's default is used.</para>
3251 </listitem>
3252 </varlistentry>
3253
3254 <varlistentry>
3255 <term><varname>DefaultVirtualQueue=</varname></term>
3256 <listitem>
3257 <para>Specifies the number of default virtual queue. This must be less than <varname>VirtualQueue=</varname>.
3258 Defaults to unset and kernel's default is used.</para>
3259 </listitem>
3260 </varlistentry>
3261
3262 <varlistentry>
3263 <term><varname>GenericRIO=</varname></term>
3264 <listitem>
3265 <para>Takes a boolean. It turns on the RIO-like buffering scheme. Defaults to
3266 unset and kernel's default is used.</para>
3267 </listitem>
3268 </varlistentry>
3269 </variablelist>
3270 </refsect1>
3271
18de0969
YW		 3272 <refsect1>
3273 <title>[FairQueueingControlledDelay] Section Options</title>
bdac5608
ZJS		 3274 <para>The [FairQueueingControlledDelay] section manages the queueing discipline (qdisc) of fair queuing
3275 controlled delay (FQ-CoDel).</para>
18de0969
YW		 3276
3277 <variablelist class='network-directives'>
f344a492
YW		 3278 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3279 <xi:include href="tc.xml" xpointer="qdisc-handle" />
d8b2396d 3280
18de0969
YW		 3281 <varlistentry>
3282 <term><varname>PacketLimit=</varname></term>
4e5ef149
SS		 3283 <listitem>
3284 <para>Specifies the hard limit on the real queue size. When this limit is reached, incoming packets are
3285 dropped. Defaults to unset and kernel's default is used.</para>
3286 </listitem>
3287 </varlistentry>
3288
ac810b75 3289 <varlistentry>
c03ef420 3290 <term><varname>MemoryLimitBytes=</varname></term>
ac810b75
YW		 3291 <listitem>
3292 <para>Specifies the limit on the total number of bytes that can be queued in this FQ-CoDel instance.
3293 When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
3294 respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
3295 </listitem>
3296 </varlistentry>
3297
3298 <varlistentry>
18de0969 3299 <term><varname>Flows=</varname></term>
ac810b75
YW		 3300 <listitem>
3301 <para>Specifies the number of flows into which the incoming packets are classified.
3302 Defaults to unset and kernel's default is used.</para>
3303 </listitem>
3304 </varlistentry>
3305
3306 <varlistentry>
18de0969 3307 <term><varname>TargetSec=</varname></term>
ac810b75
YW		 3308 <listitem>
3309 <para>Takes a timespan. Specifies the acceptable minimum standing/persistent queue delay.
3310 Defaults to unset and kernel's default is used.</para>
3311 </listitem>
3312 </varlistentry>
3313
3314 <varlistentry>
18de0969 3315 <term><varname>IntervalSec=</varname></term>
ac810b75
YW		 3316 <listitem>
3317 <para>Takes a timespan. This is used to ensure that the measured minimum delay does not
3318 become too stale. Defaults to unset and kernel's default is used.</para>
3319 </listitem>
3320 </varlistentry>
3321
3322 <varlistentry>
c03ef420 3323 <term><varname>QuantumBytes=</varname></term>
ac810b75 3324 <listitem>
e9dd6984 3325 <para>Specifies the number of bytes used as the "deficit" in the fair queuing algorithm timespan.
ac810b75
YW		 3326 When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
3327 respectively, to the base of 1024. Defaults to unset and kernel's default is used.</para>
3328 </listitem>
3329 </varlistentry>
3330
3331 <varlistentry>
18de0969 3332 <term><varname>ECN=</varname></term>
ac810b75
YW		 3333 <listitem>
3334 <para>Takes a boolean. This can be used to mark packets instead of dropping them. Defaults to
3335 unset and kernel's default is used.</para>
3336 </listitem>
3337 </varlistentry>
3338
3339 <varlistentry>
18de0969 3340 <term><varname>CEThresholdSec=</varname></term>
ac810b75
YW		 3341 <listitem>
3342 <para>Takes a timespan. This sets a threshold above which all packets are marked with ECN
3343 Congestion Experienced (CE). Defaults to unset and kernel's default is used.</para>
3344 </listitem>
3345 </varlistentry>
18de0969
YW		 3346 </variablelist>
3347 </refsect1>
3348
3349 <refsect1>
ca58d00c 3350 <title>[FairQueueing] Section Options</title>
bdac5608
ZJS		 3351 <para>The [FairQueueing] section manages the queueing discipline (qdisc) of fair queue traffic policing
3352 (FQ).</para>
18de0969
YW		 3353
3354 <variablelist class='network-directives'>
f344a492
YW		 3355 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3356 <xi:include href="tc.xml" xpointer="qdisc-handle" />
d8b2396d 3357
7234b915 3358 <varlistentry>
18de0969 3359 <term><varname>PacketLimit=</varname></term>
7234b915
SS		 3360 <listitem>
3361 <para>Specifies the hard limit on the real queue size. When this limit is reached, incoming packets are
3362 dropped. Defaults to unset and kernel's default is used.</para>
3363 </listitem>
3364 </varlistentry>
3365
e83562e5 3366 <varlistentry>
18de0969 3367 <term><varname>FlowLimit=</varname></term>
e83562e5
YW		 3368 <listitem>
3369 <para>Specifies the hard limit on the maximum number of packets queued per flow. Defaults to
3370 unset and kernel's default is used.</para>
3371 </listitem>
3372 </varlistentry>
3373
3374 <varlistentry>
c03ef420 3375 <term><varname>QuantumBytes=</varname></term>
e83562e5
YW		 3376 <listitem>
3377 <para>Specifies the credit per dequeue RR round, i.e. the amount of bytes a flow is allowed
3378 to dequeue at once. When suffixed with K, M, or G, the specified size is parsed as Kilobytes,
3379 Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and kernel's
3380 default is used.</para>
3381 </listitem>
3382 </varlistentry>
3383
3384 <varlistentry>
c03ef420 3385 <term><varname>InitialQuantumBytes=</varname></term>
e83562e5
YW		 3386 <listitem>
3387 <para>Specifies the initial sending rate credit, i.e. the amount of bytes a new flow is
3388 allowed to dequeue initially. When suffixed with K, M, or G, the specified size is parsed as
3389 Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. Defaults to unset and
3390 kernel's default is used.</para>
3391 </listitem>
3392 </varlistentry>
3393
3394 <varlistentry>
18de0969 3395 <term><varname>MaximumRate=</varname></term>
e83562e5
YW		 3396 <listitem>
3397 <para>Specifies the maximum sending rate of a flow. When suffixed with K, M, or G, the
6b8fe4c3 3398 specified size is parsed as Kilobits, Megabits, or Gigabits, respectively, to the base of
e83562e5
YW		 3399 1000. Defaults to unset and kernel's default is used.</para>
3400 </listitem>
3401 </varlistentry>
3402
3403 <varlistentry>
18de0969 3404 <term><varname>Buckets=</varname></term>
e83562e5
YW		 3405 <listitem>
3406 <para>Specifies the size of the hash table used for flow lookups. Defaults to unset and
3407 kernel's default is used.</para>
3408 </listitem>
3409 </varlistentry>
3410
3411 <varlistentry>
18de0969 3412 <term><varname>OrphanMask=</varname></term>
e83562e5
YW		 3413 <listitem>
3414 <para>Takes an unsigned integer. For packets not owned by a socket, fq is able to mask a part
3415 of hash and reduce number of buckets associated with the traffic. Defaults to unset and
3416 kernel's default is used.</para>
3417 </listitem>
3418 </varlistentry>
3419
3420 <varlistentry>
18de0969 3421 <term><varname>Pacing=</varname></term>
e83562e5
YW		 3422 <listitem>
3423 <para>Takes a boolean, and enables or disables flow pacing. Defaults to unset and kernel's
3424 default is used.</para>
3425 </listitem>
3426 </varlistentry>
3427
3428 <varlistentry>
18de0969 3429 <term><varname>CEThresholdSec=</varname></term>
e83562e5
YW		 3430 <listitem>
3431 <para>Takes a timespan. This sets a threshold above which all packets are marked with ECN
3432 Congestion Experienced (CE). Defaults to unset and kernel's default is used.</para>
3433 </listitem>
3434 </varlistentry>
0f5bd7fe
SS		 3435 </variablelist>
3436 </refsect1>
3437
9b749c11
YW		 3438 <refsect1>
3439 <title>[TrivialLinkEqualizer] Section Options</title>
bdac5608
ZJS		 3440 <para>The [TrivialLinkEqualizer] section manages the queueing discipline (qdisc) of trivial link
3441 equalizer (teql).</para>
9b749c11
YW		 3442
3443 <variablelist class='network-directives'>
f344a492
YW		 3444 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3445 <xi:include href="tc.xml" xpointer="qdisc-handle" />
d8b2396d 3446
9b749c11
YW		 3447 <varlistentry>
3448 <term><varname>Id=</varname></term>
3449 <listitem>
3450 <para>Specifies the interface ID <literal>N</literal> of teql. Defaults to <literal>0</literal>.
3451 Note that when teql is used, currently, the module <constant>sch_teql</constant> with
3452 <constant>max_equalizers=N+1</constant> option must be loaded before
3453 <command>systemd-networkd</command> is started.</para>
3454 </listitem>
3455 </varlistentry>
3456 </variablelist>
3457 </refsect1>
3458
b934ac3d
YW		 3459 <refsect1>
3460 <title>[HierarchyTokenBucket] Section Options</title>
bdac5608
ZJS		 3461 <para>The [HierarchyTokenBucket] section manages the queueing discipline (qdisc) of hierarchy token
3462 bucket (htb).</para>
b934ac3d
YW		 3463
3464 <variablelist class='network-directives'>
f344a492
YW		 3465 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3466 <xi:include href="tc.xml" xpointer="qdisc-handle" />
b934ac3d
YW		 3467
3468 <varlistentry>
3469 <term><varname>DefaultClass=</varname></term>
3470 <listitem>
3471 <para>Takes the minor id in hexadecimal of the default class. Unclassified traffic gets sent
3472 to the class. Defaults to unset.</para>
3473 </listitem>
3474 </varlistentry>
d9eacc1c
YW		 3475
3476 <varlistentry>
3477 <term><varname>RateToQuantum=</varname></term>
3478 <listitem>
3479 <para>Takes an unsigned integer. The DRR quantums are calculated by dividing the value
3480 configured in <varname>Rate=</varname> by <varname>RateToQuantum=</varname>.</para>
3481 </listitem>
3482 </varlistentry>
b934ac3d
YW		 3483 </variablelist>
3484 </refsect1>
3485
19f86a63
YW		 3486 <refsect1>
3487 <title>[HierarchyTokenBucketClass] Section Options</title>
bdac5608
ZJS		 3488 <para>The [HierarchyTokenBucketClass] section manages the traffic control class of hierarchy token bucket
3489 (htb).</para>
19f86a63
YW		 3490
3491 <variablelist class='network-directives'>
f344a492
YW		 3492 <xi:include href="tc.xml" xpointer="tclass-parent" />
3493 <xi:include href="tc.xml" xpointer="tclass-classid" />
19f86a63
YW		 3494
3495 <varlistentry>
3496 <term><varname>Priority=</varname></term>
3497 <listitem>
3498 <para>Specifies the priority of the class. In the round-robin process, classes with the lowest
d9eacc1c
YW		 3499 priority field are tried for packets first.</para>
3500 </listitem>
3501 </varlistentry>
3502
3503 <varlistentry>
3504 <term><varname>QuantumBytes=</varname></term>
3505 <listitem>
3506 <para>Specifies how many bytes to serve from leaf at once. When suffixed with K, M, or G, the
3507 specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of
3508 1024.</para>
3509 </listitem>
3510 </varlistentry>
3511
3512 <varlistentry>
3513 <term><varname>MTUBytes=</varname></term>
3514 <listitem>
3515 <para>Specifies the maximum packet size we create. When suffixed with K, M, or G, the specified
3516 size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024.</para>
3517 </listitem>
3518 </varlistentry>
3519
3520 <varlistentry>
3521 <term><varname>OverheadBytes=</varname></term>
3522 <listitem>
3523 <para>Takes an unsigned integer which specifies per-packet size overhead used in rate
3524 computations. When suffixed with K, M, or G, the specified size is parsed as Kilobytes,
3525 Megabytes, or Gigabytes, respectively, to the base of 1024.</para>
19f86a63
YW		 3526 </listitem>
3527 </varlistentry>
3528
3529 <varlistentry>
3530 <term><varname>Rate=</varname></term>
3531 <listitem>
3532 <para>Specifies the maximum rate this class and all its children are guaranteed. When suffixed
3533 with K, M, or G, the specified size is parsed as Kilobits, Megabits, or Gigabits, respectively,
3534 to the base of 1000. This setting is mandatory.</para>
3535 </listitem>
3536 </varlistentry>
3537
3538 <varlistentry>
3539 <term><varname>CeilRate=</varname></term>
3540 <listitem>
3541 <para>Specifies the maximum rate at which a class can send, if its parent has bandwidth to spare.
3542 When suffixed with K, M, or G, the specified size is parsed as Kilobits, Megabits, or Gigabits,
3543 respectively, to the base of 1000. When unset, the value specified with <varname>Rate=</varname>
3544 is used.</para>
3545 </listitem>
3546 </varlistentry>
d9eacc1c
YW		 3547
3548 <varlistentry>
3549 <term><varname>BufferBytes=</varname></term>
3550 <listitem>
3551 <para>Specifies the maximum bytes burst which can be accumulated during idle period. When suffixed
3552 with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively,
3553 to the base of 1024.</para>
3554 </listitem>
3555 </varlistentry>
3556
3557 <varlistentry>
3558 <term><varname>CeilBufferBytes=</varname></term>
3559 <listitem>
3560 <para>Specifies the maximum bytes burst for ceil which can be accumulated during idle period.
3561 When suffixed with K, M, or G, the specified size is parsed as Kilobytes, Megabytes, or Gigabytes,
3562 respectively, to the base of 1024.</para>
3563 </listitem>
3564 </varlistentry>
7f224020
SS		 3565 </variablelist>
3566 </refsect1>
3567
3568 <refsect1>
3569 <title>[HeavyHitterFilter] Section Options</title>
bdac5608
ZJS		 3570 <para>The [HeavyHitterFilter] section manages the queueing discipline (qdisc) of Heavy Hitter Filter
3571 (hhf).</para>
7f224020
SS		 3572
3573 <variablelist class='network-directives'>
f344a492
YW		 3574 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3575 <xi:include href="tc.xml" xpointer="qdisc-handle" />
19f86a63 3576
7f224020
SS		 3577 <varlistentry>
3578 <term><varname>PacketLimit=</varname></term>
3579 <listitem>
e9dd6984
ZJS		 3580 <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached,
3581 incoming packets are dropped. An unsigned integer in the range 0–4294967294. Defaults to unset and
3582 kernel's default is used.</para>
7f224020
SS		 3583 </listitem>
3584 </varlistentry>
19f86a63
YW		 3585 </variablelist>
3586 </refsect1>
3587
b12aaee5
SS		 3588 <refsect1>
3589 <title>[QuickFairQueueing] Section Options</title>
bdac5608
ZJS		 3590 <para>The [QuickFairQueueing] section manages the queueing discipline (qdisc) of Quick Fair Queueing
3591 (QFQ).</para>
b12aaee5
SS		 3592
3593 <variablelist class='network-directives'>
3594 <xi:include href="tc.xml" xpointer="qdisc-parent" />
3595 <xi:include href="tc.xml" xpointer="qdisc-handle" />
3596 </variablelist>
3597 </refsect1>
3598
4d7ddaf9
YW		 3599 <refsect1>
3600 <title>[QuickFairQueueingClass] Section Options</title>
bdac5608
ZJS		 3601 <para>The [QuickFairQueueingClass] section manages the traffic control class of Quick Fair Queueing
3602 (qfq).</para>
4d7ddaf9
YW		 3603
3604 <variablelist class='network-directives'>
3605 <xi:include href="tc.xml" xpointer="tclass-parent" />
3606 <xi:include href="tc.xml" xpointer="tclass-classid" />
3607
3608 <varlistentry>
3609 <term><varname>Weight=</varname></term>
3610 <listitem>
7487b486 3611 <para>Specifies the weight of the class. Takes an integer in the range 1..1023. Defaults to
4d7ddaf9
YW		 3612 unset in which case the kernel default is used.</para>
3613 </listitem>
3614 </varlistentry>
3615
3616 <varlistentry>
c03ef420 3617 <term><varname>MaxPacketBytes=</varname></term>
4d7ddaf9
YW		 3618 <listitem>
3619 <para>Specifies the maximum packet size in bytes for the class. When suffixed with K, M, or G, the specified
c03ef420 3620 size is parsed as Kilobytes, Megabytes, or Gigabytes, respectively, to the base of 1024. When unset,
4d7ddaf9
YW		 3621 the kernel default is used.</para>
3622 </listitem>
3623 </varlistentry>
3624 </variablelist>
3625 </refsect1>
3626
13b498f9
TJ		 3627 <refsect1>
3628 <title>[BridgeVLAN] Section Options</title>
bdac5608
ZJS		 3629 <para>The [BridgeVLAN] section manages the VLAN ID configuration of a bridge port and accepts the
3630 following keys. Specify several [BridgeVLAN] sections to configure several VLAN entries. The
3631 <varname>VLANFiltering=</varname> option has to be enabled, see the [Bridge] section in
13b498f9
TJ		 3632 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
3633
3634 <variablelist class='network-directives'>
3635 <varlistentry>
3636 <term><varname>VLAN=</varname></term>
3637 <listitem>
3638 <para>The VLAN ID allowed on the port. This can be either a single ID or a range M-N. VLAN IDs are valid
3639 from 1 to 4094.</para>
3640 </listitem>
3641 </varlistentry>
3642 <varlistentry>
3643 <term><varname>EgressUntagged=</varname></term>
3644 <listitem>
3645 <para>The VLAN ID specified here will be used to untag frames on egress. Configuring
3646 <varname>EgressUntagged=</varname> implicates the use of <varname>VLAN=</varname> above and will enable the
3647 VLAN ID for ingress as well. This can be either a single ID or a range M-N.</para>
3648 </listitem>
3649 </varlistentry>
3650 <varlistentry>
3651 <term><varname>PVID=</varname></term>
3652 <listitem>
3653 <para>The Port VLAN ID specified here is assigned to all untagged frames at ingress.
3654 <varname>PVID=</varname> can be used only once. Configuring <varname>PVID=</varname> implicates the use of
3655 <varname>VLAN=</varname> above and will enable the VLAN ID for ingress as well.</para>
3656 </listitem>
3657 </varlistentry>
3658 </variablelist>
3659 </refsect1>
798d3a52
ZJS		 3660
3661 <refsect1>
9e35b3de 3662 <title>Examples</title>
798d3a52 3663 <example>
9e35b3de 3664 <title>Static network configuration</title>
798d3a52 3665
9e35b3de
ZJS		 3666 <programlisting># /etc/systemd/network/50-static.network
3667[Match]
eac684ef
TG		 3668Name=enp2s0
3669
3670[Network]
3671Address=192.168.0.15/24
3672Gateway=192.168.0.1</programlisting>
9e35b3de
ZJS		 3673
3674 <para>This brings interface <literal>enp2s0</literal> up with a static address. The
3675 specified gateway will be used for a default route.</para>
798d3a52 3676 </example>
eac684ef 3677
798d3a52 3678 <example>
9e35b3de 3679 <title>DHCP on ethernet links</title>
eac684ef 3680
9e35b3de
ZJS		 3681 <programlisting># /etc/systemd/network/80-dhcp.network
3682[Match]
eac684ef
TG		 3683Name=en*
3684
3685[Network]
9c8ca3f7 3686DHCP=yes</programlisting>
9e35b3de
ZJS		 3687
3688 <para>This will enable DHCPv4 and DHCPv6 on all interfaces with names starting with
3689 <literal>en</literal> (i.e. ethernet interfaces).</para>
798d3a52 3690 </example>
eac684ef 3691
4c94a4c2 3692 <example>
3693 <title>IPv6 Prefix Delegation</title>
3694
3695 <programlisting># /etc/systemd/network/55-ipv6-pd-upstream.network
3696[Match]
3697Name=enp1s0
3698
3699[Network]
3700DHCP=ipv6</programlisting>
3701
3702 <programlisting># /etc/systemd/network/56-ipv6-pd-downstream.network
3703[Match]
3704Name=enp2s0
3705
3706[Network]
e5ff2245
YW		 3707IPv6SendRA=yes
3708DHCPv6PrefixDelegation=yes</programlisting>
4c94a4c2 3709
e5ff2245
YW		 3710 <para>This will enable DHCPv6-PD on the interface enp1s0 as an upstream interface where the
3711 DHCPv6 client is running and enp2s0 as a downstream interface where the prefix is delegated to.
3712 The delegated prefixes are distributed by IPv6 Router Advertisement on the downstream network.
3713 </para>
4c94a4c2 3714 </example>
3715
798d3a52 3716 <example>
9e35b3de 3717 <title>A bridge with two enslaved links</title>
f47c5c47 3718
9e35b3de
ZJS		 3719 <programlisting># /etc/systemd/network/25-bridge-static.network
3720[Match]
f47c5c47 3721Name=bridge0
3722
3723[Network]
3724Address=192.168.0.15/24
3725Gateway=192.168.0.1
3726DNS=192.168.0.1</programlisting>
f47c5c47 3727
9e35b3de
ZJS		 3728 <programlisting># /etc/systemd/network/25-bridge-slave-interface-1.network
3729[Match]
f47c5c47 3730Name=enp2s0
3731
3732[Network]
3733Bridge=bridge0</programlisting>
9e35b3de
ZJS		 3734
3735 <programlisting># /etc/systemd/network/25-bridge-slave-interface-2.network
3736[Match]
3737Name=wlp3s0
3738
3739[Network]
3740Bridge=bridge0</programlisting>
3741
3742 <para>This creates a bridge and attaches devices <literal>enp2s0</literal> and
3743 <literal>wlp3s0</literal> to it. The bridge will have the specified static address
3744 and network assigned, and a default route via the specified gateway will be
3745 added. The specified DNS server will be added to the global list of DNS resolvers.
3746 </para>
13b498f9 3747 </example>
9e35b3de 3748
13b498f9 3749 <example>
9e35b3de 3750 <title></title>
13b498f9 3751
9e35b3de
ZJS		 3752 <programlisting>
3753# /etc/systemd/network/20-bridge-slave-interface-vlan.network
3754[Match]
13b498f9
TJ		 3755Name=enp2s0
3756
3757[Network]
3758Bridge=bridge0
3759
3760[BridgeVLAN]
3761VLAN=1-32
3762PVID=42
3763EgressUntagged=42
3764
3765[BridgeVLAN]
3766VLAN=100-200
3767
3768[BridgeVLAN]
3769EgressUntagged=300-400</programlisting>
0a8a0fad 3770
9e35b3de
ZJS		 3771 <para>This overrides the configuration specified in the previous example for the
3772 interface <literal>enp2s0</literal>, and enables VLAN on that bridge port. VLAN IDs
3773 1-32, 42, 100-400 will be allowed. Packets tagged with VLAN IDs 42, 300-400 will be
3774 untagged when they leave on this interface. Untagged packets which arrive on this
3775 interface will be assigned VLAN ID 42.</para>
798d3a52 3776 </example>
0a8a0fad 3777
798d3a52 3778 <example>
9e35b3de 3779 <title>Various tunnels</title>
0a8a0fad 3780
9e35b3de
ZJS		 3781 <programlisting>/etc/systemd/network/25-tunnels.network
3782[Match]
3783Name=ens1
0a8a0fad
TG		 3784
3785[Network]
9e35b3de
ZJS		 3786Tunnel=ipip-tun
3787Tunnel=sit-tun
3788Tunnel=gre-tun
3789Tunnel=vti-tun
3790 </programlisting>
3791
3792 <programlisting>/etc/systemd/network/25-tunnel-ipip.netdev
3793[NetDev]
3794Name=ipip-tun
3795Kind=ipip
3796 </programlisting>
3797
3798 <programlisting>/etc/systemd/network/25-tunnel-sit.netdev
3799[NetDev]
3800Name=sit-tun
3801Kind=sit
3802 </programlisting>
3803
3804 <programlisting>/etc/systemd/network/25-tunnel-gre.netdev
3805[NetDev]
3806Name=gre-tun
3807Kind=gre
3808 </programlisting>
3809
3810 <programlisting>/etc/systemd/network/25-tunnel-vti.netdev
3811[NetDev]
3812Name=vti-tun
3813Kind=vti
3814 </programlisting>
3815
3816 <para>This will bring interface <literal>ens1</literal> up and create an IPIP tunnel,
3817 a SIT tunnel, a GRE tunnel, and a VTI tunnel using it.</para>
798d3a52 3818 </example>
0a8a0fad 3819
798d3a52 3820 <example>
9e35b3de 3821 <title>A bond device</title>
0a8a0fad 3822
9e35b3de
ZJS		 3823 <programlisting># /etc/systemd/network/30-bond1.network
3824[Match]
3825Name=bond1
0a8a0fad
TG		 3826
3827[Network]
9e35b3de
ZJS		 3828DHCP=ipv6
3829</programlisting>
0a8a0fad 3830
9e35b3de
ZJS		 3831 <programlisting># /etc/systemd/network/30-bond1.netdev
3832[NetDev]
3833Name=bond1
3834Kind=bond
3835</programlisting>
0a8a0fad 3836
301a21a8 3837 <programlisting># /etc/systemd/network/30-bond1-dev1.network
9e35b3de
ZJS		 3838[Match]
3839MACAddress=52:54:00:e9:64:41
0a8a0fad
TG		 3840
3841[Network]
9e35b3de
ZJS		 3842Bond=bond1
3843</programlisting>
d94facdc 3844
301a21a8 3845 <programlisting># /etc/systemd/network/30-bond1-dev2.network
9e35b3de
ZJS		 3846[Match]
3847MACAddress=52:54:00:e9:64:42
d94facdc
MH		 3848
3849[Network]
9e35b3de 3850Bond=bond1
6cb955c6 3851</programlisting>
9e35b3de
ZJS		 3852
3853 <para>This will create a bond device <literal>bond1</literal> and enslave the two
3854 devices with MAC addresses 52:54:00:e9:64:41 and 52:54:00:e9:64:42 to it. IPv6 DHCP
3855 will be used to acquire an address.</para>
6cb955c6
AR		 3856 </example>
3857
3858 <example>
9e35b3de
ZJS		 3859 <title>Virtual Routing and Forwarding (VRF)</title>
3860 <para>Add the <literal>bond1</literal> interface to the VRF master interface
3861 <literal>vrf1</literal>. This will redirect routes generated on this interface to be
11d38b90
AR		 3862 within the routing table defined during VRF creation. For kernels before 4.8 traffic
3863 won't be redirected towards the VRFs routing table unless specific ip-rules are added.
3864 </para>
9e35b3de
ZJS		 3865 <programlisting># /etc/systemd/network/25-vrf.network
3866[Match]
6cb955c6
AR		 3867Name=bond1
3868
3869[Network]
9e35b3de 3870VRF=vrf1
d94facdc
MH		 3871</programlisting>
3872 </example>
3873
42125eda
SS		 3874 <example>
3875 <title>MacVTap</title>
3876 <para>This brings up a network interface <literal>macvtap-test</literal>
3877 and attaches it to <literal>enp0s25</literal>.</para>
83ddf5d3 3878 <programlisting># /usr/lib/systemd/network/25-macvtap.network
42125eda
SS		 3879[Match]
3880Name=enp0s25
3881
3882[Network]
3883MACVTAP=macvtap-test
3884</programlisting>
3885 </example>
98d20a17 3886
3887 <example>
3888 <title>A Xfrm interface with physical underlying device.</title>
3889
3890 <programlisting># /etc/systemd/network/27-xfrm.netdev
3891[NetDev]
3892Name=xfrm0
3893
3894[Xfrm]
3895InterfaceId=7</programlisting>
3896
3897 <programlisting># /etc/systemd/network/27-eth0.network
3898[Match]
3899Name=eth0
3900
3901[Network]
3902Xfrm=xfrm0</programlisting>
3903
3904 <para>This creates a <literal>xfrm0</literal> interface and binds it to the <literal>eth0</literal> device.
3905 This allows hardware based ipsec offloading to the <literal>eth0</literal> nic.
3906 If offloading is not needed, xfrm interfaces can be assigned to the <literal>lo</literal> device.
3907 </para>
3908 </example>
798d3a52
ZJS		 3909 </refsect1>
3910
3911 <refsect1>
3912 <title>See Also</title>
3913 <para>
3914 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
f41b446a 3915 <citerefentry><refentrytitle>systemd-networkd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
798d3a52 3916 <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
aaa297d4
LP		 3917 <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
3918 <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
798d3a52
ZJS		 3919 </para>
3920 </refsect1>
eac684ef
TG		 3921
3922</refentry>
Unnamed repository; edit this file 'description' to name the repository.