than create its own. Note that the settings of the pre-existing netdev will not be changed by
networkd.</para>
- <para>The <filename>.netdev</filename> files are read from the files located in the system
- network directory <filename>/usr/lib/systemd/network</filename>, the volatile runtime network
- directory <filename>/run/systemd/network</filename> and the local administration network
- directory <filename>/etc/systemd/network</filename>. All configuration files are collectively
- sorted and processed in lexical order, regardless of the directories in which they live.
- However, files with identical filenames replace each other. Files in <filename>/etc/</filename>
- have the highest priority, files in <filename>/run/</filename> take precedence over files with
- the same name in <filename>/usr/lib/</filename>. This can be used to override a system-supplied
- configuration file with a local file if needed. As a special case, an empty file (file size 0)
- or symlink with the same name pointing to <filename>/dev/null</filename> disables the
- configuration file entirely (it is "masked").</para>
+ <para>The <filename>.netdev</filename> files are read from the files located in the system network
+ directory <filename>/usr/lib/systemd/network</filename> and
+ <filename>/usr/local/lib/systemd/network</filename>, the volatile runtime network directory
+ <filename>/run/systemd/network</filename> and the local administration network directory
+ <filename>/etc/systemd/network</filename>. All configuration files are collectively sorted and
+ processed in alphanumeric order, regardless of the directories in which they live. However, files
+ with identical filenames replace each other. It is recommended that each filename is prefixed with
+ a number (e.g. <filename>10-vlan.netdev</filename>). Otherwise, <filename>.netdev</filename> files
+ generated by
+ <citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ may take precedence over user configured files. Files in <filename>/etc/</filename> have the
+ highest priority, files in <filename>/run/</filename> take precedence over files with the same name
+ in <filename>/usr/lib/</filename>. This can be used to override a system-supplied configuration
+ file with a local file if needed. As a special case, an empty file (file size 0) or symlink with
+ the same name pointing to <filename>/dev/null</filename> disables the configuration file entirely
+ (it is "masked").</para>
<para>Along with the netdev file <filename>foo.netdev</filename>, a "drop-in" directory
<filename>foo.netdev.d/</filename> may exist. All files with the suffix <literal>.conf</literal>
</row></thead>
<tbody>
<row><entry><varname>bond</varname></entry>
- <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">Linux Ethernet Bonding Driver HOWTO</ulink> for details.</entry></row>
+ <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://docs.kernel.org/networking/bonding.html">Linux Ethernet Bonding Driver HOWTO</ulink> for details.</entry></row>
<row><entry><varname>bridge</varname></entry>
<entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row>
<entry>Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats.</entry></row>
<row><entry><varname>vrf</varname></entry>
- <entry>A Virtual Routing and Forwarding (<ulink url="https://www.kernel.org/doc/Documentation/networking/vrf.txt">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row>
+ <entry>A Virtual Routing and Forwarding (<ulink url="https://docs.kernel.org/networking/vrf.html">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row>
<row><entry><varname>vcan</varname></entry>
<entry>The virtual CAN driver (vcan). Similar to the network loopback devices, vcan offers a virtual local CAN interface.</entry></row>
<entry>The Intermediate Functional Block (ifb) pseudo network interface acts as a QoS concentrator for multiple different sources of traffic.</entry></row>
<row><entry><varname>bareudp</varname></entry>
- <entry>Bare UDP tunnels provide a generic L3 encapsulation support for tunnelling different L3 protocols like MPLS, IP etc. inside of an UDP tunnel.</entry></row>
+ <entry>Bare UDP tunnels provide a generic L3 encapsulation support for tunnelling different L3 protocols like MPLS, IP etc. inside of a UDP tunnel.</entry></row>
<row><entry><varname>batadv</varname></entry>
<entry><ulink url="https://www.open-mesh.org/projects/open-mesh/wiki">B.A.T.M.A.N. Advanced</ulink> is a routing protocol for multi-hop mobile ad-hoc networks which operates on layer 2.</entry></row>
<xi:include href="systemd.link.xml" xpointer="virtualization" />
<xi:include href="systemd.link.xml" xpointer="kernel-command-line" />
<xi:include href="systemd.link.xml" xpointer="kernel-version" />
+ <xi:include href="systemd.link.xml" xpointer="credential" />
<xi:include href="systemd.link.xml" xpointer="architecture" />
<xi:include href="systemd.link.xml" xpointer="firmware" />
</variablelist>
<para>Accepts the same key as in [VXLAN] section.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>InheritInnerProtocol=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When true, inner Layer 3 protocol is set as Protocol Type in the GENEVE
+ header instead of Ethernet. Defaults to false.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
<term><varname>DiscoverPathMTU=</varname></term>
<listitem>
<para>Takes a boolean. When true, enables Path MTU Discovery on
- the tunnel.</para>
+ the tunnel.
+ When <varname>IgnoreDontFragment=</varname> is enabled,
+ defaults to false. Otherwise, defaults to true.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>IgnoreDontFragment=</varname></term>
+ <listitem>
+ <para>Takes a boolean. When true, enables IPv4 Don't Fragment (DF) suppression on
+ the tunnel. Defaults to false.
+ Note that if <varname>IgnoreDontFragment=</varname> is set to true,
+ <varname>DiscoverPathMTU=</varname> cannot be set to true.
+ Only applicable to GRE, GRETAP, and ERSPAN tunnels.</para>
</listitem>
</varlistentry>
<varlistentry>
The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
and control path) in IP XFRM (framework used to implement IPsec protocol).
- See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
+ See <ulink url="https://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6,
GRE, GRETAP, and ERSPAN tunnels.</para>
</listitem>
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>ERSPANVersion=</varname></term>
+ <listitem>
+ <para>Specifies the ERSPAN version number. Takes 0 for version 0 (a.k.a. type I), 1 for version 1
+ (a.k.a. type II), or 2 for version 2 (a.k.a. type III). Defaults to 1.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><varname>ERSPANIndex=</varname></term>
<listitem>
- <para>Specifies the ERSPAN index field for the interface, an integer in the range 1…1048575 associated with
- the ERSPAN traffic's source port and direction. This field is mandatory.
- </para>
+ <para>Specifies the ERSPAN v1 index field for the interface. Takes an integer in the range
+ 0…1048575, which is associated with the ERSPAN traffic's source port and direction. Only used when
+ <varname>ERSPANVersion=1</varname>. Defaults to 0.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>ERSPANDirection=</varname></term>
+ <listitem>
+ <para>Specifies the ERSPAN v2 mirrored traffic's direction. Takes <literal>ingress</literal> or
+ <literal>egress</literal>. Only used when <varname>ERSPANVersion=2</varname>. Defaults to
+ <literal>ingress</literal>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>ERSPANHardwareId=</varname></term>
+ <listitem>
+ <para>Specifies an unique identifier of the ERSPAN v2 engine. Takes an integer in the range 0…63.
+ Only used when <varname>ERSPANVersion=2</varname>. Defaults to 0.</para>
</listitem>
</varlistentry>
</variablelist>
<filename>/dev/net/tun</filename> device.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>KeepCarrier=</varname></term>
+ <listitem>
+ <para>Takes a boolean. If enabled, to make the interface maintain its carrier status, the file
+ descriptor of the interface is kept open. This may be useful to keep the interface in running
+ state, for example while the backing process is temporarily shutdown. Defaults to
+ <literal>no</literal>.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
<varlistentry>
<term><varname>AllowedIPs=</varname></term>
<listitem>
- <para>Sets a comma-separated list of IP (v4 or v6) addresses with CIDR masks
- from which this peer is allowed to send incoming traffic and to
- which outgoing traffic for this peer is directed.</para>
+ <para>Sets a comma-separated list of IP (v4 or v6) addresses with CIDR masks from which this peer
+ is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. This
+ setting can be specified multiple times. If an empty string is assigned, then the all previous
+ assignments are cleared.</para>
<para>The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses,
and ::/0 may be specified for matching all IPv6 addresses.</para>
<term><varname>Endpoint=</varname></term>
<listitem>
<para>Sets an endpoint IP address or hostname, followed by a colon, and then
- a port number. This endpoint will be updated automatically once to
+ a port number. IPv6 address must be in the square brackets. For example,
+ <literal>111.222.333.444:51820</literal> for IPv4 and <literal>[1111:2222::3333]:51820</literal>
+ for IPv6 address. This endpoint will be updated automatically once to
the most recent source IP address and port of correctly
authenticated packets from the peer at configuration time.</para>
</listitem>
</variablelist>
<para>For more detail information see
- <ulink url="https://www.kernel.org/doc/Documentation/networking/bonding.txt">
+ <ulink url="https://docs.kernel.org/networking/bonding.html">
Linux Ethernet Bonding Driver HOWTO</ulink></para>
</refsect1>
<term><varname>RoutingAlgorithm=</varname></term>
<listitem>
<para>This can be either <literal>batman-v</literal> or <literal>batman-iv</literal> and describes which routing_algo
- of <citerefentry><refentrytitle>batctl</refentrytitle><manvolnum>8</manvolnum></citerefentry> to use. The algorithm
+ of <citerefentry project='mankier'><refentrytitle>batctl</refentrytitle><manvolnum>8</manvolnum></citerefentry> to use. The algorithm
cannot be changed after interface creation. Defaults to <literal>batman-v</literal>.
</para>
</listitem>
<term><varname>PhysicalDevice=</varname></term>
<listitem>
<para>Specifies the name or index of the physical WLAN device (e.g. <literal>0</literal> or
- <literal>phy0</literal>). The list of the physical WLAN devices that exist os the host can be
+ <literal>phy0</literal>). The list of the physical WLAN devices that exist on the host can be
obtained by <command>iw phy</command> command. This option is mandatory.</para>
</listitem>
</varlistentry>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
projects / thirdparty / systemd.git / blobdiff