]>
Commit | Line | Data |
---|---|---|
114167a2 YY |
1 | .\" SPDX-License-Identifier: BSD-2-Clause |
2 | .\" | |
7a13e344 | 3 | .\" Copyright (c) 2006-2023 Roy Marples |
ba9dfb7a RM |
4 | .\" All rights reserved |
5 | .\" | |
6 | .\" Redistribution and use in source and binary forms, with or without | |
7 | .\" modification, are permitted provided that the following conditions | |
8 | .\" are met: | |
9 | .\" 1. Redistributions of source code must retain the above copyright | |
10 | .\" notice, this list of conditions and the following disclaimer. | |
11 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
12 | .\" notice, this list of conditions and the following disclaimer in the | |
13 | .\" documentation and/or other materials provided with the distribution. | |
14 | .\" | |
15 | .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |
16 | .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
17 | .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
18 | .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
19 | .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
20 | .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
21 | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
22 | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
23 | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
24 | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
25 | .\" SUCH DAMAGE. | |
26 | .\" | |
e65e82a5 | 27 | .Dd December 21, 2023 |
0b4a1931 | 28 | .Dt DHCPCD.CONF 5 |
918338f2 | 29 | .Os |
ba9dfb7a RM |
30 | .Sh NAME |
31 | .Nm dhcpcd.conf | |
443c8695 | 32 | .Nd dhcpcd configuration file |
ba9dfb7a RM |
33 | .Sh DESCRIPTION |
34 | Although | |
35 | .Nm dhcpcd | |
36 | can do everything from the command line, there are cases where it's just easier | |
cf42802e RM |
37 | to do it once in a configuration file. |
38 | Most of the options found in | |
ba9dfb7a | 39 | .Xr dhcpcd 8 |
cf42802e RM |
40 | can be used here. |
41 | The first word on the line is the option and the rest of the line is the value. | |
42 | Leading and trailing whitespace for the option and value are trimmed. | |
43 | You can escape characters in the value using the \\ character. | |
67f84564 RM |
44 | Comments can be prefixed with the # character. |
45 | String values should be quoted with the " character. | |
ba9dfb7a RM |
46 | .Pp |
47 | Here's a list of available options: | |
48 | .Bl -tag -width indent | |
ba97e494 RM |
49 | .It Ic allowinterfaces Ar pattern |
50 | When discovering interfaces, the interface name must match | |
51 | .Ar pattern | |
52 | which is a space or comma separated list of patterns passed to | |
53 | .Xr fnmatch 3 . | |
54 | If the same interface is matched in | |
55 | .Ic denyinterfaces | |
56 | then it is still denied. | |
57 | .It Ic denyinterfaces Ar pattern | |
58 | When discovering interfaces, the interface name must not match | |
59 | .Ar pattern | |
60 | which is a space or comma separated list of patterns passed to | |
61 | .Xr fnmatch 3 . | |
68f04fa8 RM |
62 | .It Ic anonymous |
63 | Enables Anonymity Profiles for DHCP, RFC 7844. | |
2bd74fa2 | 64 | Any DUID is ignored and ClientID is set to LL only. |
68f04fa8 RM |
65 | All non essential options are then masked at this point, |
66 | but they could be unmasked by explicitly requesting the option | |
67 | .Sy after | |
68 | the | |
69 | .Ic anonymous | |
70 | option is processed. | |
71 | As such, the | |
72 | .Ic anonymous | |
73 | option | |
74 | .Sy should | |
75 | be the last option in the configuration unless you really want to | |
76 | send something which could identify you. | |
77 | .Nm dhcpcd | |
78 | will not try and reboot an old lease, it will go straight into | |
79 | DISCOVER/SOLICIT. | |
2bd74fa2 RM |
80 | .It Ic randomise_hwaddr |
81 | Forces a hardware address randomisation when the interface is brought up | |
82 | or when the carrier is lost. | |
83 | This is generally used in tandem with the anonymous option. | |
6f767217 RM |
84 | .It Ic arping Ar address Op address |
85 | .Nm dhcpcd | |
ff021b0b | 86 | will arping each address in order before attempting DHCP. |
6f767217 | 87 | If an address is found, we will select the replying hardware address as the |
569c0b11 | 88 | profile, otherwise the IP address. |
6f767217 RM |
89 | Example: |
90 | .Pp | |
91 | .D1 interface bge0 | |
92 | .D1 arping 192.168.0.1 | |
93 | .Pp | |
a6162a75 RM |
94 | .D1 # My specific 192.168.0.1 network |
95 | .D1 profile dd:ee:aa:dd:bb:ee | |
6f767217 | 96 | .D1 static ip_address=192.168.0.10/24 |
a6162a75 RM |
97 | .Pp |
98 | .D1 # A generic 192.168.0.1 network | |
99 | .D1 profile 192.168.0.1 | |
100 | .D1 static ip_address=192.168.0.98/24 | |
32945b61 | 101 | .It Ic authprotocol Ar protocol Op Ar algorithm Op Ar rdm |
c73ed171 | 102 | Authenticate DHCP messages. |
0dc49454 | 103 | See the Supported Authentication Protocols section. |
32945b61 RM |
104 | If |
105 | .Ar protocol | |
106 | is | |
107 | .Ar token | |
108 | then | |
109 | .Ar algorithm is | |
21932eab | 110 | snd_secretid/rcv_secretid so you can send and receive different tokens. |
c73ed171 RM |
111 | .It Ic authtoken Ar secretid Ar realm Ar expire Ar key |
112 | Define a shared key for use in authentication. | |
c07e0ab0 RM |
113 | .Ar realm |
114 | can be "" to for use with the | |
c73ed171 | 115 | .Ar delayed |
c07e0ab0 | 116 | protocol. |
c73ed171 RM |
117 | .Ar expire |
118 | is the date the token expires and should be formatted "yyy-mm-dd HH:MM". | |
119 | You can use the keyword | |
120 | .Ar forever | |
121 | or | |
122 | .Ar 0 | |
123 | which means the token never expires. | |
0dc49454 RM |
124 | For the token protocol, |
125 | .Ar secretid | |
126 | needs to be 0 and | |
127 | .Ar realm | |
128 | needs to be "". | |
129 | If | |
130 | .Nm dhcpcd | |
131 | has the error | |
132 | .D1 dhcp_auth_encode: Invalid argument | |
133 | then it means that | |
134 | .Nm dhcpcd | |
135 | could not find the correct authentication token in your configuration. | |
bac03ede | 136 | .It Ic background |
ef13f300 | 137 | Fork to the background immediately. |
bac03ede RM |
138 | This is useful for startup scripts which don't disable link messages for |
139 | carrier status. | |
6f767217 | 140 | .It Ic blacklist Ar address Ns Op /cidr |
ce6b39df | 141 | Ignores all packets from |
6f767217 | 142 | .Ar address Ns Op /cidr . |
bf80d526 RM |
143 | .It Ic whitelist Ar address Ns Op /cidr |
144 | Only accept packets from | |
145 | .Ar address Ns Op /cidr . | |
146 | .Ic blacklist | |
147 | is ignored if | |
148 | .Ic whitelist | |
149 | is set. | |
8f924434 RM |
150 | .It Ic bootp |
151 | Be a BOOTP client. | |
152 | Basically, this just doesn't send a DHCP Message Type option and will only | |
153 | interact with a BOOTP server. | |
154 | All other DHCP options still work. | |
900b3da4 RM |
155 | .It Ic broadcast |
156 | Instructs the DHCP server to broadcast replies back to the client. | |
569c0b11 | 157 | Normally this is only set for non-Ethernet interfaces, |
900b3da4 RM |
158 | such as FireWire and InfiniBand. |
159 | In most cases, | |
160 | .Nm dhcpcd | |
161 | will set this automatically. | |
a93e79c6 RM |
162 | .It Ic controlgroup Ar group |
163 | Sets the group ownership of | |
d5aadbad | 164 | .Pa @RUNDIR@/sock |
a93e79c6 RM |
165 | so that users other than root can connect to |
166 | .Nm dhcpcd . | |
a3099289 RM |
167 | .It Ic debug |
168 | Echo debug messages to the stderr and syslog. | |
413652c1 RM |
169 | .It Ic dev Ar value |
170 | Load the | |
171 | .Ar value | |
172 | .Pa /dev | |
173 | management module. | |
174 | .Nm dhcpcd | |
175 | will load the first one found to work, if any. | |
6bfd88f1 RM |
176 | .It Ic env Ar value |
177 | Push | |
178 | .Ar value | |
179 | to the environment for use in | |
180 | .Xr dhcpcd-run-hooks 8 . | |
181 | For example, you can force the hostname hook to always set the hostname with | |
182 | .Ic env | |
183 | .Va force_hostname=YES . | |
bbd250b4 RM |
184 | Or set which driver |
185 | .Xr wpa_supplicant 8 | |
186 | should use with | |
187 | .Ic env | |
188 | .Va wpa_supplicant_driver=nl80211 | |
77961e7b | 189 | .Pp |
c883b7b9 | 190 | If the hostname is set, it will be will set to the FQDN if possible as per |
569c0b11 | 191 | RFC 4702, section 3.1. |
77961e7b RM |
192 | If the FQDN option is missing, |
193 | .Nm dhcpcd | |
194 | will still try and set a FQDN from the hostname and domain options for | |
195 | consistency. | |
196 | To override this, set | |
197 | .Ic env | |
198 | .Va hostname_fqdn=[YES|NO|SERVER] . | |
569c0b11 DG |
199 | A value of |
200 | .Va SERVER | |
201 | means just what the server says, don't manipulate it. | |
77961e7b RM |
202 | This could lead to an inconsistent hostname on a DHCPv4 and DHCPv6 network |
203 | where the DHCPv4 hostname is short and the DHCPv6 has an FQDN. | |
204 | DHCPv6 has no hostname option. | |
d2616b08 | 205 | .It Ic clientid Ar string |
c989b023 RM |
206 | Send the |
207 | .Ar clientid . | |
d2616b08 | 208 | If the string is of the format 01:02:03 then it is encoded as hex. |
3faba9e6 RM |
209 | For interfaces whose hardware address is longer than 8 bytes, or if the |
210 | .Ar clientid | |
211 | is an empty string then | |
212 | .Nm dhcpcd | |
213 | sends a default | |
214 | .Ar clientid | |
215 | of the hardware family and the hardware address. | |
21d35513 | 216 | .It Ic duid Op ll | lt | uuid | value |
239b962f RM |
217 | Use a DHCP Unique Identifier. |
218 | If a system UUID is available, that will be used to create a DUID-UUID, | |
e774fb01 | 219 | otherwise if persistent storage is available then a DUID-LLT |
239b962f RM |
220 | (link local address + time) is generated, |
221 | otherwise DUID-LL is generated (link local address). | |
11963d20 RM |
222 | The DUID type can be hinted as an optional parameter if the file |
223 | .Pa @DBDIR@/duid | |
224 | does not exist. | |
21d35513 RM |
225 | If not |
226 | .Va ll , | |
227 | .Va lt | |
228 | or | |
229 | .Va uuid | |
230 | then | |
231 | .Va value | |
232 | will be converted from 00:11:22:33 format. | |
ebc9d360 RM |
233 | This, plus the IAID will be used as the |
234 | .Ic clientid . | |
239b962f | 235 | The DUID generated will be held in |
9f51e22b | 236 | .Pa @DBDIR@/duid |
d2616b08 | 237 | and should not be copied to other hosts. |
21d35513 | 238 | This file also takes precedence over the above rules except for setting a value. |
ebc9d360 RM |
239 | .It Ic iaid Ar iaid |
240 | Set the Interface Association Identifier to | |
241 | .Ar iaid . | |
9ff636a5 RM |
242 | This option must be used in an |
243 | .Ic interface | |
244 | block. | |
9db242be RM |
245 | This defaults to the VLANID (prefixed with 0xff) for the interface if set, |
246 | otherwise the last 4 bytes of the hardware address assigned to the | |
6f66c6c9 RM |
247 | interface. |
248 | Each instance of this should be unique within the scope of the client and | |
249 | .Nm dhcpcd | |
250 | warns if a conflict is detected. | |
251 | If there is a conflict, it is only a problem if the conflicted IAIDs are | |
252 | used on the same network. | |
94bec972 RM |
253 | .It Ic dhcp |
254 | Enable DHCP on the interface, on by default. | |
255 | .It Ic dhcp6 | |
256 | Enable DHCPv6 on the interface, on by default. | |
257 | .It Ic ipv4 | |
258 | Enable IPv4 on the interface, on by default. | |
259 | .It Ic ipv6 | |
260 | Enable IPv6 on the interface, on by default. | |
438cfdcd RM |
261 | .It Ic request Op Ar address |
262 | Request the | |
263 | .Ar address | |
264 | in the DHCP DISCOVER message. | |
265 | There is no guarantee this is the address the DHCP server will actually give. | |
266 | If no | |
267 | .Ar address | |
268 | is given then the first address currently assigned to the | |
269 | .Ar interface | |
270 | is used. | |
6dc3763d | 271 | .It Ic inform Op Ar address Ns Op Ar /cidr Ns Op Ar /broadcast_address |
438cfdcd RM |
272 | Behaves like |
273 | .Ic request | |
274 | as above, but sends a DHCP INFORM instead of DISCOVER/REQUEST. | |
275 | This does not get a lease as such, just notifies the DHCP server of the | |
276 | .Ar address | |
277 | in use. | |
278 | You should also include the optional | |
279 | .Ar cidr | |
280 | network number in case the address is not already configured on the interface. | |
281 | .Nm dhcpcd | |
282 | remains running and pretends it has an infinite lease. | |
283 | .Nm dhcpcd | |
284 | will not de-configure the interface when it exits. | |
285 | If | |
286 | .Nm dhcpcd | |
287 | fails to contact a DHCP server then it returns a failure instead of falling | |
288 | back on IPv4LL. | |
289 | .It Ic inform6 | |
290 | Performs a DHCPv6 Information Request. | |
291 | No address is requested or specified, but all other DHCPv6 options are allowed. | |
569c0b11 DG |
292 | This is normally performed automatically when an IPv6 Router Advertisement |
293 | indicates that the client should perform this operation. | |
438cfdcd RM |
294 | This option is only needed when |
295 | .Nm dhcpcd | |
569c0b11 | 296 | is not processing IPv6 RA messages and the need for a DHCPv6 Information Request |
438cfdcd | 297 | exists. |
15fc1181 RM |
298 | .It Ic persistent |
299 | .Nm dhcpcd | |
300 | normally de-configures the interface and configuration when it exits. | |
301 | Sometimes, this isn't desirable if, for example, you have root mounted over | |
a544b76a RM |
302 | NFS or SSH clients connect to this host and they need to be notified of |
303 | the host shutting down. | |
15fc1181 | 304 | You can use this option to stop this from happening. |
ff021b0b | 305 | .It Ic fallback Ar profile |
569c0b11 | 306 | Fall back to using this profile if DHCP fails. |
ff021b0b | 307 | This allows you to configure a static profile instead of using ZeroConf. |
ba9dfb7a | 308 | .It Ic hostname Ar name |
c883b7b9 RM |
309 | Sends the hostname |
310 | .Ar name | |
35d02ae6 RM |
311 | to the DHCP server so it can be registered in DNS. |
312 | If | |
c883b7b9 | 313 | .Ar name |
35d02ae6 RM |
314 | is an empty string then the current system hostname is sent. |
315 | If | |
c883b7b9 | 316 | .Ar name |
569c0b11 | 317 | is a FQDN (i.e., contains a .) then it will be encoded as such. |
d6a18654 RM |
318 | .It Ic hostname_short |
319 | Sends the short hostname to the DHCP server instead of the FQDN. | |
320 | This is useful because DHCP servers will not register the FQDN in their | |
321 | DNS if the domain part does not match theirs. | |
77961e7b RM |
322 | .Pp |
323 | Also, see the | |
324 | .Ic env | |
325 | option above to control how the hostname is set on the host. | |
8fe4bf14 | 326 | .It Ic ia_na Op Ar iaid Op / address |
00ababe4 RM |
327 | Request a DHCPv6 Normal Address for |
328 | .Ar iaid . | |
00ababe4 | 329 | .Ar iaid |
ebc9d360 RM |
330 | defaults to the |
331 | .Ic iaid | |
332 | option as described above. | |
333 | You can request more than one ia_na by specifying a unique | |
334 | .Ar iaid | |
335 | for each one. | |
22ea2b0d | 336 | .It Ic ia_ta Op Ar iaid |
00ababe4 RM |
337 | Request a DHCPv6 Temporary Address for |
338 | .Ar iaid . | |
ebc9d360 RM |
339 | You can request more than one ia_ta by specifying a unique |
340 | .Ar iaid | |
341 | for each one. | |
fda2c663 | 342 | .It Ic ia_pd Op Ar iaid Oo / Ar prefix / Ar prefix_len Oc Op Ar interface Op / Ar sla_id Op / Ar prefix_len Op / Ar suffix |
00ababe4 RM |
343 | Request a DHCPv6 Delegated Prefix for |
344 | .Ar iaid . | |
9ff636a5 RM |
345 | This option must be used in an |
346 | .Ic interface | |
347 | block. | |
94a79cea RM |
348 | Unless a |
349 | .Ar sla_id | |
e3883bfc RM |
350 | of 0 is assigned with the same resultant prefix length as the delegation, |
351 | a reject route is installed for the Delegated Prefix to | |
94a79cea | 352 | stop unallocated addresses being resolved upstream. |
22ea2b0d RM |
353 | If no |
354 | .Ar interface | |
94a79cea | 355 | is given then we will assign a prefix to every other interface with a |
22ea2b0d | 356 | .Ar sla_id |
94a79cea | 357 | equivalent to the interface index assigned by the OS. |
22ea2b0d | 358 | Otherwise addresses are only assigned for each |
00ababe4 RM |
359 | .Ar interface |
360 | and | |
9ff636a5 | 361 | .Ar sla_id . |
01de6f23 | 362 | To avoid delegating to any interface, use - as the invalid interface name. |
fda2c663 RM |
363 | Each assigned address will have a |
364 | .Ar suffix , | |
365 | defaulting to 1. | |
f9f15d95 RM |
366 | If the |
367 | .Ar suffix | |
569c0b11 | 368 | is 0 then a SLAAC address is assigned. |
12c77e75 | 369 | You cannot assign a prefix to the requesting interface unless the |
569c0b11 DG |
370 | DHCPv6 server supports the |
371 | .Li RFC 6603 | |
12c77e75 | 372 | Prefix Exclude Option. |
2fae05d0 RM |
373 | .Nm dhcpcd |
374 | has to be running for all the interfaces it is delegating to. | |
00ababe4 | 375 | A default |
367f7b11 | 376 | .Ar prefix_len |
94a79cea RM |
377 | of 64 is assumed, unless the maximum |
378 | .Ar sla_id | |
379 | does not fit. | |
380 | In this case | |
381 | .Ar prefix_len | |
b2feeb9e | 382 | is increased to the highest multiple of 8 that can accommodate the |
94a79cea | 383 | .Ar sla_id . |
367f7b11 | 384 | .Ar sla_id |
663d44bf RM |
385 | is an integer which must be unique inside the |
386 | .Ar iaid | |
387 | and is added to the prefix which must fit inside | |
367f7b11 RM |
388 | .Ar prefix_len |
389 | less the length of the delegated prefix. | |
22ea2b0d RM |
390 | You can specify multiple |
391 | .Ar interface / | |
392 | .Ar sla_id / | |
393 | .Ar prefix_len | |
394 | per | |
395 | .Ic ia_pd , | |
396 | space separated. | |
9be26bc3 | 397 | IPv6RS should be disabled globally when requesting a Prefix Delegation. |
00ababe4 | 398 | .Pp |
9be26bc3 RM |
399 | In the following example eth0 is the externally facing interface to be |
400 | configured for both IPv4 and IPv6. | |
401 | The DHCPv4 server will provide us with an IPv4 address and a default route. | |
402 | The DHCPv6 server is going to provide us with an IPv6 address, a default | |
403 | route and a /64 subnet to be delegated to the internal interface. | |
404 | The eth1 interface will be automatically configured | |
405 | for IPv6 using the first address (::1) from the delegated prefix. | |
b9beb41b | 406 | A second prefix is requested and assigned to two other interfaces. |
9be26bc3 | 407 | .Xr rtadvd 8 |
b9beb41b RM |
408 | can be used with an empty configuration file on eth1, eth2 and eth3, |
409 | to provide automatic | |
9be26bc3 | 410 | IPv6 address configuration for the internal network. |
7e609902 | 411 | .Bd -literal |
b9beb41b RM |
412 | noipv6rs # disable routing solicitation |
413 | denyinterfaces eth2 # Don't touch eth2 at all | |
9be26bc3 | 414 | interface eth0 |
ffb6d59b | 415 | ipv6rs # enable routing solicitation for eth0 |
b9beb41b RM |
416 | ia_na 1 # request an IPv6 address |
417 | ia_pd 2 eth1/0 # request a PD and assign it to eth1 | |
418 | ia_pd 3 eth2/1 eth3/2 # req a PD and assign it to eth2 and eth3 | |
01de6f23 | 419 | ia_pd 4 - # request a PD but don't assign it |
9be26bc3 | 420 | .Ed |
d7555c12 RM |
421 | .It Ic ipv4only |
422 | Only configure IPv4. | |
423 | .It Ic ipv6only | |
925fc70e | 424 | Only configure IPv6. |
329e1f12 | 425 | .It Ic fqdn Op disable | none | ptr | both |
569c0b11 DG |
426 | .Ar none |
427 | will not ask the DHCP server to update DNS. | |
428 | .Ar ptr | |
429 | just asks the DHCP server to update the PTR | |
430 | record of the host in DNS, whereas | |
431 | .Ar both | |
432 | also updates the A record. | |
433 | .Ar disable | |
434 | will disable the FQDN option. | |
435 | The default is | |
cb8c4252 | 436 | .Ar both . |
1b3bc477 RM |
437 | .Nm dhcpcd |
438 | itself never does any DNS updates. | |
e837a670 RM |
439 | .Nm dhcpcd |
440 | encodes the FQDN hostname as specified in | |
569c0b11 | 441 | .Li RFC 1035 . |
3adc5520 | 442 | .It Ic interface Ar interface |
012fd5d3 RM |
443 | Subsequent options are only parsed for this |
444 | .Ar interface . | |
62f12387 | 445 | .It Ic ipv6ra_autoconf |
569c0b11 | 446 | Generate SLAAC addresses for each Prefix advertised by an IPv6 |
62f12387 RM |
447 | Router Advertisement message with the Auto flag set. |
448 | On by default. | |
449 | .It Ic ipv6ra_noautoconf | |
450 | Disables the above option. | |
61dd6cf9 RM |
451 | .It Ic ipv6ra_fork |
452 | By default, when | |
453 | .Nm dhcpcd | |
569c0b11 | 454 | receives an IPv6 Router Advertisement, |
61dd6cf9 RM |
455 | .Nm dhcpcd |
456 | will only fork to the background if the RA contains at least one unexpired | |
e2c4a256 | 457 | RDNSS option and a valid prefix or no DHCPv6 instruction. |
61dd6cf9 RM |
458 | Set this option so to make |
459 | .Nm dhcpcd | |
628167b1 | 460 | always fork on a RA. |
d7555c12 | 461 | .It Ic ipv6rs |
b831a425 | 462 | Enables IPv6 Router Advertisement solicitation. |
eebe9a18 RM |
463 | This is on by default, but is documented here in the case where it is disabled |
464 | globally but needs to be enabled for one interface. | |
ba9dfb7a | 465 | .It Ic leasetime Ar seconds |
8f86349e | 466 | Request DHCP a lease time of |
ba9dfb7a | 467 | .Ar seconds . |
47985cc0 RM |
468 | .Ar -1 |
469 | represents an infinite lease time. | |
470 | By default | |
471 | .Nm dhcpcd | |
472 | does not request any lease time and leaves it in the hands of the | |
473 | DHCP server. | |
8f86349e RM |
474 | It is not possible to request a DHCPv6 lease time as this is not RFC compliant. |
475 | See RFC 8415 21.4, 21.6, 21.21 and 21.22. | |
281818ae RM |
476 | .It Ic link_rcvbuf Ar size |
477 | Override the size of the link receive buffer from the kernel default. | |
478 | While | |
479 | .Nm dhcpcd | |
480 | will recover from link buffer overflows, | |
481 | this may not be desirable on heavily loaded systems. | |
94d1ded9 RM |
482 | .It Ic logfile Ar logfile |
483 | Writes to the specified | |
4704f921 RM |
484 | .Ar logfile . |
485 | .Nm dhcpcd | |
486 | still writes to | |
94d1ded9 RM |
487 | .Xr syslog 3 . |
488 | The | |
489 | .Ar logfile | |
9cc7e848 | 490 | is reopened when |
94d1ded9 RM |
491 | .Nm dhcpcd |
492 | receives the | |
493 | .Dv SIGUSR2 | |
494 | signal. | |
065125d4 RM |
495 | .It Ic metric Ar metric |
496 | Metrics are used to prefer an interface over another one, lowest wins. | |
497 | .Nm dhcpcd | |
0c34e10b | 498 | will supply a default metric of 1000 + |
065125d4 | 499 | .Xr if_nametoindex 3 . |
0c34e10b PF |
500 | This will be offset by 2000 for wireless interfaces, with additional offsets |
501 | of 1000000 for IPv4LL and 2000000 for roaming interfaces. | |
a6d84af0 | 502 | .It Ic mudurl Ar url |
569c0b11 | 503 | Specifies the URL for a Manufacturer Usage Description (MUD). |
d85ad7d0 RM |
504 | The description is used by upstream network devices to instantiate any |
505 | desired access lists. | |
506 | See draft-ietf-opsawg-mud for more information. | |
7dab081f | 507 | .It Ic noalias |
569c0b11 DG |
508 | Any pre-existing IPv4 addresses will be removed from the interface when |
509 | adding a new IPv4 address. | |
ba9dfb7a | 510 | .It Ic noarp |
cf42802e RM |
511 | Don't send any ARP requests. |
512 | This also disables IPv4LL. | |
e65e82a5 | 513 | .It Ic arp_persistdefence |
514 | Keep the IP address even if defence fails upon IP Address conflict. | |
c73ed171 RM |
515 | .It Ic noauthrequired |
516 | Don't require authentication even though we requested it. | |
d672ebda | 517 | Also allows FORCERENEW and RECONFIGURE messages without authentication. |
f572315d RM |
518 | .It Ic nodelay |
519 | Don't delay for an initial randomised time when starting protocols. | |
413652c1 RM |
520 | .It Ic nodev |
521 | Don't load | |
522 | .Pa /dev | |
523 | management modules. | |
d4154ba7 RM |
524 | .It Ic nodhcp |
525 | Don't start DHCP or listen to DHCP messages. | |
526 | This is only useful when allowing IPv4LL. | |
527 | .It Ic nodhcp6 | |
528 | Don't start DHCPv6 or listen to DHCPv6 messages. | |
569c0b11 DG |
529 | Normally DHCPv6 is started by an IPv6 Router Advertisement instruction or |
530 | configuration. | |
feb553d0 RM |
531 | .It Ic nogateway |
532 | Don't install any default routes. | |
533 | .It Ic gateway | |
534 | Install a default route if available (default). | |
37156a6b RM |
535 | .It Ic nohook Ar script |
536 | Don't run this hook script. | |
8276da82 RM |
537 | Matches full name, or prefixed with 2 numbers optionally ending with |
538 | .Pa .sh . | |
fc7ee231 RM |
539 | .Pp |
540 | So to stop | |
541 | .Nm dhcpcd | |
ca6cdf58 RM |
542 | from touching your DNS settings or starting wpa_supplicant you would do:- |
543 | .D1 nohook resolv.conf, wpa_supplicant | |
bb8051bf RM |
544 | .It Ic noipv4 |
545 | Don't attempt to configure an IPv4 address. | |
ba9dfb7a RM |
546 | .It Ic noipv4ll |
547 | Don't attempt to obtain an IPv4LL address if we failed to get one via DHCP. | |
548 | See | |
549 | .Rs | |
550 | .%T "RFC 3927" | |
551 | .Re | |
bb8051bf | 552 | .It Ic noipv6 |
fabcbe2e | 553 | Don't solicit or accept IPv6 Router Advertisements and DHCPv6. |
91cd7324 | 554 | .It Ic noipv6rs |
fabcbe2e | 555 | Don't solicit or accept IPv6 Router Advertisements. |
a26af491 RM |
556 | .It Ic nolink |
557 | Don't receive link messages about carrier status. | |
558 | You should only set this for buggy interface drivers. | |
2862d340 | 559 | .It Ic noup |
f6082bca | 560 | Don't bring the interface up when in manager mode. |
cc45fbd7 | 561 | .It Ic option Ar option |
d2616b08 | 562 | Requests the |
cc45fbd7 | 563 | .Ar option |
cf42802e RM |
564 | from the server. |
565 | It can be a variable to be used in | |
ee4e620a | 566 | .Xr dhcpcd-run-hooks 8 |
cf42802e | 567 | or the numerical value. |
b8ffa3cd RM |
568 | You can specify more |
569 | .Ar option Ns s | |
570 | separated by commas, spaces or more | |
571 | .Ic option | |
572 | lines. | |
573 | Prepend dhcp6_ to | |
574 | .Ar option | |
575 | to request a DHCPv6 option. | |
daa70372 RM |
576 | If no DHCPv6 options are configured, |
577 | then DHCPv4 options are mapped to equivalent DHCPv6 options. | |
2be15e88 RM |
578 | .Pp |
579 | Prepend nd_ to | |
580 | .Ar option | |
581 | to handle ND options, but this only works for the | |
582 | .Ic nooption , | |
583 | .Ic reject | |
584 | and | |
585 | .Ic require | |
586 | options. | |
f38394c1 RM |
587 | .Pp |
588 | To see a list of options you can use, call | |
589 | .Nm dhcpcd | |
590 | with the | |
591 | .Fl V , Fl Fl variables | |
592 | argument. | |
2063c6f9 | 593 | .It Ic nooption Ar option |
2be15e88 RM |
594 | Remove the option from the message before it's processed. |
595 | .It Ic require Ar option | |
596 | Requires the | |
597 | .Ar option | |
598 | to be present in all messages, otherwise the message is ignored. | |
599 | To enforce that | |
600 | .Nm dhcpcd | |
601 | only responds to DHCP servers and not BOOTP servers, you can | |
602 | .Ic require | |
603 | .Ar dhcp_message_type . | |
569c0b11 | 604 | This isn't an exact science though because a BOOTP server can send DHCP-like |
2be15e88 RM |
605 | options. |
606 | .It Ic reject Ar option | |
607 | Reject a message that contains the | |
608 | .Ar option . | |
609 | This is useful when you cannot use | |
610 | .Ic require | |
611 | to select / de-select BOOTP messages. | |
1abffd5b RM |
612 | .It Ic destination Ar option |
613 | If | |
614 | .Nm | |
615 | detects an address added to a point to point interface (PPP, TUN, etc) then | |
616 | it will set the listed DHCP options to the destination address of the | |
617 | interface. | |
6f767217 RM |
618 | .It Ic profile Ar name |
619 | Subsequent options are only parsed for this profile | |
620 | .Ar name . | |
1abffd5b | 621 | .It Ic quiet |
87b266d2 | 622 | Suppress any dhcpcd output to the console, except for errors. |
1abffd5b | 623 | .It Ic reboot Ar seconds |
a2a9a498 RM |
624 | Allow |
625 | .Ar reboot | |
dca37a5e RM |
626 | seconds before moving to the DISCOVER phase if we have an old lease to use. |
627 | Allow | |
628 | .Ar reboot | |
629 | seconds before starting fallback states from the DISCOVER phase. | |
630 | IPv4LL is started when the first | |
631 | .Ar reboot | |
632 | timeout is reached. | |
a628f34d | 633 | The default is 5 seconds. |
901b42de | 634 | A setting of 0 seconds causes |
dca37a5e RM |
635 | .Nm |
636 | to skip the reboot phase and go straight into DISCOVER. | |
901b42de RM |
637 | This is desirable for mobile users because if you change from network A to |
638 | network B and they use the same subnet and the address from network A isn't | |
b831a425 RM |
639 | in use on network B, then the DHCP server will remain silent even if |
640 | authoritative which means | |
901b42de RM |
641 | .Nm dhcpcd |
642 | will timeout before moving back to the DISCOVER phase. | |
dca37a5e | 643 | This has no effect on DHCPv6 other than skipping the reboot phase. |
2662d519 RM |
644 | .It Ic release |
645 | .Nm dhcpcd | |
646 | will release the lease prior to stopping the interface. | |
0aeb350c RM |
647 | .It Ic script Ar script |
648 | Use | |
649 | .Ar script | |
650 | instead of the default | |
651 | .Pa @SCRIPT@ . | |
c53cf4ef RM |
652 | .It Ic ssid Ar ssid |
653 | Subsequent options are only parsed for this wireless | |
654 | .Ar ssid . | |
1a70f1b5 | 655 | .It Ic slaac Ic hwaddr | Ic private | Ic token Ar token Op Ic temp | Ic temporary |
1aeaf0e7 | 656 | Selects the interface identifier used for SLAAC generated IPv6 addresses. |
eec0cf35 | 657 | If |
1a70f1b5 | 658 | .Ic private |
628167b1 | 659 | is used, a RFC 7217 address is generated. |
1a70f1b5 RM |
660 | If |
661 | .Ic token Ar token | |
4b37f008 | 662 | is used then the token is combined with the prefix to make the final address. |
628167b1 | 663 | The |
1a70f1b5 | 664 | .Ic temporary |
628167b1 | 665 | directive will create a temporary address for the prefix as well. |
91a44b91 RM |
666 | .It Ic static Ar value |
667 | Configures a static | |
668 | .Ar value . | |
669 | If you set | |
670 | .Ic ip_address | |
671 | then | |
672 | .Nm dhcpcd | |
569c0b11 DG |
673 | will not attempt to obtain a lease and will just use the value for the address |
674 | with an infinite lease time. | |
b3c41d25 RM |
675 | If you set an empty value this removes all prior static allocations to |
676 | the same value. | |
677 | This is useful when using profiles and in the case of | |
678 | .Ic ip_address | |
679 | it will remove the static allocation. | |
680 | Note that setting 0.0.0.0 keeps the static allocation but waits for a 3rdparty | |
681 | to configure the address. | |
408fe755 RM |
682 | If you set |
683 | .Ic ip6_address , | |
684 | .Nm dhcpcd | |
ea781ba6 | 685 | will continue auto-configuration as normal. |
91a44b91 | 686 | .Pp |
6dc3763d RM |
687 | Here is an example which configures two static address, overriding the default |
688 | IPv4 broadcast address, an IPv4 router, DNS and disables IPv6 auto-configuration. | |
408fe755 RM |
689 | You could also use the |
690 | .Ic inform6 | |
691 | command here if you wished to obtain more information via DHCPv6. | |
692 | For IPv4, you should use the | |
693 | .Ic inform Ar ipaddress | |
694 | option instead of setting a static address. | |
91a44b91 | 695 | .D1 interface eth0 |
408fe755 | 696 | .D1 noipv6rs |
91a44b91 | 697 | .D1 static ip_address=192.168.0.10/24 |
6dc3763d | 698 | .D1 static broadcast_address=192.168.0.63 |
408fe755 | 699 | .D1 static ip6_address=fd51:42f8:caae:d92e::ff/64 |
91a44b91 | 700 | .D1 static routers=192.168.0.1 |
408fe755 | 701 | .D1 static domain_name_servers=192.168.0.1 fd51:42f8:caae:d92e::1 |
1abffd5b RM |
702 | .Pp |
703 | Here is an example for PPP which gives the destination a default route. | |
569c0b11 DG |
704 | It uses the special |
705 | .Ar destination | |
706 | keyword to insert the destination address | |
1abffd5b RM |
707 | into the value. |
708 | .D1 interface ppp0 | |
b3c41d25 | 709 | .D1 static ip_address=0.0.0.0 |
1abffd5b | 710 | .D1 destination routers |
d2616b08 | 711 | .It Ic timeout Ar seconds |
569c0b11 | 712 | Time out after |
b58bf81f RM |
713 | .Ar seconds , |
714 | instead of the default 30. | |
d93d7adc RM |
715 | A setting of 0 |
716 | .Ar seconds | |
717 | causes | |
718 | .Nm dhcpcd | |
719 | to wait forever to get a lease. | |
b58bf81f RM |
720 | If |
721 | .Nm dhcpcd | |
722 | is working on a single interface then | |
723 | .Nm dhcpcd | |
724 | will exit when a timeout occurs, otherwise | |
725 | .Nm dhcpcd | |
726 | will fork into the background. | |
727 | If using IPv4LL then | |
728 | .Nm dhcpcd | |
729 | start the IPv4LL process after the timeout and then wait a little longer | |
730 | before really timing out. | |
d2616b08 | 731 | .It Ic userclass Ar string |
9275b105 | 732 | Tag the DHCPv4 message with the userclass. |
cf42802e | 733 | You can specify more than one. |
9275b105 RM |
734 | .It Ic msuserclass Ar string |
735 | Tag the DHCPv4 mesasge with the Microsoft userclass. | |
736 | Unlike the | |
737 | .Ic userclass | |
738 | option, this one can only be added once. | |
739 | It should only be used for Microsoft DHCP servers and the | |
740 | .Ic vendorclassid | |
741 | should be set to "MSFT 98" or "MSFT 5.0". | |
742 | This option is not RFC compliant. | |
bac03ede | 743 | .It Ic vendor Ar code , Ns Ar value |
87b266d2 | 744 | Add an encapsulated vendor option. |
757520c5 RM |
745 | .Ar code |
746 | should be between 1 and 254 inclusive. | |
95d6dcfa RM |
747 | To add a raw vendor string, omit |
748 | .Ar code | |
749 | but keep the comma. | |
757520c5 RM |
750 | Examples. |
751 | .Pp | |
752 | Set the vendor option 01 with an IP address. | |
753 | .D1 vendor 01,192.168.0.2 | |
754 | Set the vendor option 02 with a hex code. | |
755 | .D1 vendor 02,01:02:03:04:05 | |
756 | Set the vendor option 03 with an IP address as a string. | |
757 | .D1 vendor 03,\e"192.168.0.2\e" | |
87b266d2 | 758 | Set un-encapsulated vendor option to hello world. |
9cb58952 | 759 | .D1 vendor ,"hello world" |
bac03ede | 760 | .It Ic vendorclassid Ar string |
1300150e | 761 | Set the DHCP Vendor Class. |
569c0b11 | 762 | DHCPv6 has its own option as shown below. |
eebe9a18 RM |
763 | The default is |
764 | dhcpcd-<version>:<os>:<machine>:<platform>. | |
765 | For example | |
766 | .D1 dhcpcd-5.5.6:NetBSD-6.99.5:i386:i386 | |
bac03ede | 767 | If not set then none is sent. |
eebe9a18 RM |
768 | Some badly configured DHCP servers reject unknown vendorclassids. |
769 | To work around it, try and impersonate Windows by using the MSFT vendorclassid. | |
7a911e57 | 770 | .It Ic vendclass Ar en Ar data |
1300150e | 771 | Add the DHCPv6 Vendor Indetifying Vendor Class with the IANA assigned Enterprise |
7a911e57 RM |
772 | Number |
773 | .Ar en | |
774 | with the | |
775 | .Ar data . | |
776 | This option can be set more than once to add more data, but the behaviour, | |
ea781ba6 | 777 | as per RFC 3925 is undefined if the Enterprise Number differs. |
7013b073 | 778 | .It Ic waitip Op 4 | 6 |
2a07a2af | 779 | Wait for an address to be assigned before forking to the background. |
7013b073 RM |
780 | 4 means wait for an IPv4 address to be assigned. |
781 | 6 means wait for an IPv6 address to be assigned. | |
8b7499fd RM |
782 | If no argument is given, |
783 | .Nm | |
784 | will wait for any address protocol to be assigned. | |
785 | It is possible to wait for more than one address protocol and | |
786 | .Nm | |
787 | will only fork to the background when all waiting conditions are satisfied. | |
4242c9b3 RM |
788 | .It Ic xidhwaddr |
789 | Use the last four bytes of the hardware address as the DHCP xid instead | |
790 | of a randomly generated number. | |
eaa90296 | 791 | .El |
8e7d8c37 | 792 | .Ss Defining new options |
569c0b11 DG |
793 | DHCP, ND and DHCPv6 allow for the use of custom options, and RFC 3925 vendor |
794 | options for DHCP can also be supplied. | |
8e7d8c37 | 795 | Each option needs to be started with the |
2be15e88 | 796 | .Ic define , |
a6d84af0 | 797 | .Ic definend , |
8e7d8c37 | 798 | .Ic define6 |
569c0b11 DG |
799 | or |
800 | .Ic vendopt | |
8e7d8c37 RM |
801 | directive. |
802 | This can optionally be followed by both | |
803 | .Ic embed | |
804 | or | |
805 | .Ic encap | |
806 | options. | |
807 | Both can be specified more than once and | |
808 | .Ic embed | |
809 | must come before | |
810 | .Ic encap . | |
811 | .Bl -tag -width indent | |
812 | .It Ic define Ar code Ar type Ar variable | |
813 | Defines the DHCP option | |
814 | .Ar code | |
815 | of | |
816 | .Ar type | |
817 | with a name of | |
818 | .Ar variable | |
819 | exported to | |
820 | .Xr dhcpcd-run-hooks 8 . | |
2be15e88 RM |
821 | .It Ic definend Ar code Ar type Ar variable |
822 | Defines the ND option | |
823 | .Ar code | |
824 | of | |
825 | .Ar type | |
826 | with a name of | |
827 | .Ar variable | |
828 | exported to | |
829 | .Xr dhcpcd-run-hooks 8 , | |
830 | with a prefix of | |
05e49063 | 831 | .Va nd_ . |
8e7d8c37 RM |
832 | .It Ic define6 Ar code Ar type Ar variable |
833 | Defines the DHCPv6 option | |
834 | .Ar code | |
835 | of | |
836 | .Ar type | |
837 | with a name of | |
838 | .Ar variable | |
839 | exported to | |
840 | .Xr dhcpcd-run-hooks 8 , | |
841 | with a prefix of | |
05e49063 | 842 | .Va dhcp6_ . |
7a911e57 RM |
843 | .It Ic vendopt Ar code Ar type Ar variable |
844 | Defines the Vendor-Identifying Vendor Options. | |
845 | The | |
846 | .Ar code | |
925fc70e | 847 | is the IANA Enterprise Number which will uniquely describe the encapsulated |
7a911e57 RM |
848 | options. |
849 | .Ar type | |
850 | is normally | |
851 | .Ar encap . | |
852 | .Ar variable | |
853 | names the Vendor option to be exported. | |
8e7d8c37 RM |
854 | .It Ic embed Ar type Ar variable |
855 | Defines an embedded variable within the defined option. | |
856 | The length is determined by the | |
857 | .Ar type . | |
63bdd2c2 RM |
858 | If the |
859 | .Ar variable | |
860 | is not the same as defined in the parent option, | |
861 | it is prefixed with the parent | |
862 | .Ar variable | |
863 | first with an underscore. | |
cc71162d RM |
864 | If the |
865 | .Ar variable | |
866 | has the name of | |
867 | .Ar reserved | |
868 | then it is not processed. | |
8e7d8c37 RM |
869 | .It Ic encap Ar code Ar type Ar variable |
870 | Defines an encapsulated variable within the defined option. | |
871 | The length is determined by the | |
872 | .Ar type . | |
63bdd2c2 RM |
873 | If the |
874 | .Ar variable | |
875 | is not the same as defined in the parent option, | |
876 | it is prefixed with the parent | |
877 | .Ar variable | |
878 | first with an underscore. | |
879 | .El | |
880 | .Ss Type prefix | |
881 | These keywords come before the type itself, to describe it more fully. | |
882 | You can use more than one, but they must appear in the order listed below. | |
883 | .Bl -tag -width -indent | |
884 | .It Ic request | |
885 | Requests the option by default without having to be specified in user | |
569c0b11 | 886 | configuration. |
63bdd2c2 | 887 | .It Ic norequest |
569c0b11 | 888 | This option cannot be requested, regardless of user configuration. |
ecdbb919 RM |
889 | .It Ic optional |
890 | This option is optional. | |
569c0b11 | 891 | Only makes sense for embedded options like the client FQDN option, where |
ecdbb919 | 892 | the FQDN string itself is optional. |
03476881 RM |
893 | .It Ic index |
894 | The option can appear more than once and will be indexed. | |
63bdd2c2 | 895 | .It Ic array |
b2feeb9e | 896 | The option data is split into a space separated array, each element being |
63bdd2c2 | 897 | the same type. |
8e7d8c37 RM |
898 | .El |
899 | .Ss Types to define | |
b21cd906 RM |
900 | The type directly affects the length of data consumed inside the option. |
901 | Any remaining data is normally discarded. | |
902 | Lengths can be specified for string and binhex types, but this is generally | |
903 | with other data embedded afterwards in the same option. | |
8e7d8c37 RM |
904 | .Bl -tag -width indent |
905 | .It Ic ipaddress | |
cc71162d | 906 | An IPv4 address, 4 bytes. |
8e7d8c37 | 907 | .It Ic ip6address |
cc71162d | 908 | An IPv6 address, 16 bytes. |
b21cd906 | 909 | .It Ic string Op : Ic length |
8f008ca7 | 910 | A NVT ASCII string of printable characters. |
8e7d8c37 | 911 | .It Ic byte |
cc71162d RM |
912 | A byte. |
913 | .It Ic bitflags : Ic flags | |
914 | A byte represented as a string of flags, most significant bit first. | |
915 | For example, using ABCDEFGH then A would equal 10000000, B 01000000, | |
916 | C 00100000, etc. | |
917 | If the bit is not set, the flag is not printed. | |
925fc70e RM |
918 | A flag of 0 is not printed even if the bit position is set. |
919 | This is to allow reservation of the first bits while assigning the last bits. | |
8e7d8c37 | 920 | .It Ic int16 |
cc71162d | 921 | A signed 16bit integer, 2 bytes. |
8e7d8c37 | 922 | .It Ic uint16 |
cc71162d | 923 | An unsigned 16bit integer, 2 bytes. |
8e7d8c37 | 924 | .It Ic int32 |
cc71162d | 925 | A signed 32bit integer, 4 bytes. |
8e7d8c37 | 926 | .It Ic uint32 |
cc71162d RM |
927 | An unsigned 32bit integer, 4 bytes. |
928 | .It Ic flag | |
929 | A fixed value (1) to indicate that the option is present, 0 bytes. | |
8e7d8c37 | 930 | .It Ic domain |
569c0b11 | 931 | An RFC 3397 encoded string. |
8f008ca7 | 932 | .It Ic dname |
569c0b11 | 933 | An RFC 1035 validated string. |
500cd813 RM |
934 | .It Ic uri |
935 | If an array then the first two bytes are the URI length inside the option data. | |
936 | Otherwise, the whole option data is the URI. | |
937 | As a space is not allowed in the URI encoding, the URIs are space separated. | |
b21cd906 | 938 | .It Ic binhex Op : Ic length |
cc71162d | 939 | Binary data expressed as hexadecimal. |
8e7d8c37 | 940 | .It Ic embed |
cc71162d | 941 | Contains embedded options (implies encap as well). |
8e7d8c37 | 942 | .It Ic encap |
cc71162d | 943 | Contains encapsulated options (implies embed as well). |
03476881 | 944 | .It Ic option |
cc71162d | 945 | References an option from the global definition. |
8e7d8c37 RM |
946 | .El |
947 | .Ss Example definition | |
569c0b11 | 948 | .D1 # DHCP option 81, Fully Qualified Domain Name, RFC 4702 |
63bdd2c2 RM |
949 | .D1 define 81 embed fqdn |
950 | .D1 embed byte flags | |
951 | .D1 embed byte rcode1 | |
952 | .D1 embed byte rcode2 | |
8e7d8c37 RM |
953 | .D1 embed domain fqdn |
954 | .Pp | |
569c0b11 | 955 | .D1 # DHCP option 125, Vendor Specific Information Option, RFC 3925 |
63bdd2c2 RM |
956 | .D1 define 125 encap vsio |
957 | .D1 embed uint32 enterprise_number | |
8e7d8c37 | 958 | .D1 # Options defined for the enterprise number |
63bdd2c2 | 959 | .D1 encap 1 ipaddress ipaddress |
0dc49454 | 960 | .Ss Supported Authentication Protocols |
c73ed171 RM |
961 | .Bl -tag -width -indent |
962 | .It Ic token | |
32945b61 RM |
963 | Sends a plain text token the server expects and matches a token sent by |
964 | the server. | |
569c0b11 DG |
965 | The tokens do not have to be the same. |
966 | If unspecified, the token with a | |
967 | .Ar secretid | |
968 | of 0 will be used in sending messages | |
32945b61 | 969 | and validating received messages. |
c73ed171 RM |
970 | .It Ic delayedrealm |
971 | Delayed Authentication. | |
972 | .Nm dhcpcd | |
973 | will send an authentication option with no key or MAC. | |
974 | The server will see this option, and select a key for | |
975 | .Nm , writing the | |
976 | .Ar realm | |
977 | and | |
978 | .Ar secretid | |
979 | in it. | |
980 | .Nm dhcpcd | |
569c0b11 DG |
981 | will then look for an unexpired token with a matching |
982 | .Ar realm | |
983 | and | |
984 | .Ar secretid . | |
925fc70e | 985 | This token is used to authenticate all other messages. |
c73ed171 RM |
986 | .It Ic delayed |
987 | Same as above, but without a realm. | |
988 | .El | |
0dc49454 | 989 | .Ss Supported Authentication Algorithms |
c73ed171 RM |
990 | If none specified, |
991 | .Ic hmac-md5 | |
992 | is the default. | |
993 | .Bl -tag -width -indent | |
994 | .It Ic hmac-md5 | |
995 | .El | |
996 | .Ss Supported Replay Detection Mechanisms | |
997 | If none specified, | |
998 | .Ic monotonic | |
999 | is the default. | |
cf0840ef | 1000 | If this is changed from what was previously used, |
569c0b11 DG |
1001 | or the means of calculating or storing it is broken, then the DHCP server |
1002 | will probably have to have its notion of the client's Replay Detection Value | |
cf0840ef | 1003 | reset. |
c73ed171 | 1004 | .Bl -tag -width -indent |
cf0840ef RM |
1005 | .It Ic monocounter |
1006 | Read the number in the file | |
1007 | .Pa @DBDIR@/dhcpcd-rdm.monotonic | |
1008 | and add one to it. | |
1009 | .It Ic monotime | |
569c0b11 | 1010 | Create an NTP timestamp from the system time. |
c73ed171 | 1011 | .It Ic monotonic |
cf0840ef RM |
1012 | Same as |
1013 | .Ic monotime . | |
c73ed171 | 1014 | .El |
ba9dfb7a | 1015 | .Sh SEE ALSO |
0b4a1931 | 1016 | .Xr fnmatch 3 , |
065125d4 | 1017 | .Xr if_nametoindex 3 , |
0b4a1931 RM |
1018 | .Xr dhcpcd 8 , |
1019 | .Xr dhcpcd-run-hooks 8 | |
ba9dfb7a | 1020 | .Sh AUTHORS |
2cfe8d07 | 1021 | .An Roy Marples Aq Mt roy@marples.name |
ba9dfb7a | 1022 | .Sh BUGS |
fd73ceb1 | 1023 | Please report them to |
dc9775ed | 1024 | .Lk https://roy.marples.name/projects/dhcpcd |