section, then all assigned VLAN IDs on the interface that are not
configured in the .network file are removed.
+ Network Management:
+
+ * systemd-networkd's proxy support gained a new option to configure
+ a private VLAN variant of the proxy ARP supported by the kernel
+ under the name IPv4ProxyARPPrivateVLAN=.
+
CHANGES WITH 255:
Announcements of Future Feature Removals and Incompatible Changes:
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>IPv4ProxyARPPrivateVLAN=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Configures proxy ARP private VLAN for IPv4, also known as VLAN aggregation,
+ private VLAN, source-port filtering, port-isolation, or MAC-forced forwarding.</para>
+
+ <para>This variant of the ARP proxy technique will allow the ARP proxy to reply back to the same
+ interface.</para>
+
+ <para>See <ulink url="https://tools.ietf.org/html/rfc3069">RFC 3069</ulink>. When unset,
+ the kernel's default will be used.</para>
+ <xi:include href="version-info.xml" xpointer="v256"/>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>IPv6ProxyNDP=</varname></term>
<listitem>
Network.ActiveSlave, config_parse_bool, 0, offsetof(Network, active_slave)
Network.PrimarySlave, config_parse_bool, 0, offsetof(Network, primary_slave)
Network.IPv4ProxyARP, config_parse_tristate, 0, offsetof(Network, proxy_arp)
+Network.IPv4ProxyARPPrivateVLAN, config_parse_tristate, 0, offsetof(Network, proxy_arp_pvlan)
Network.ProxyARP, config_parse_tristate, 0, offsetof(Network, proxy_arp)
Network.IPv6ProxyNDPAddress, config_parse_ipv6_proxy_ndp_address, 0, 0
Network.IPv4ReversePathFilter, config_parse_ip_reverse_path_filter, 0, offsetof(Network, ipv4_rp_filter)
.ipv6_dad_transmits = -1,
.ipv6_proxy_ndp = -1,
.proxy_arp = -1,
+ .proxy_arp_pvlan = -1,
.ipv4_rp_filter = _IP_REVERSE_PATH_FILTER_INVALID,
.ipv6_accept_ra = -1,
int ipv6_dad_transmits;
uint8_t ipv6_hop_limit;
int proxy_arp;
+ int proxy_arp_pvlan;
uint32_t ipv6_mtu;
IPv6PrivacyExtensions ipv6_privacy_extensions;
IPReversePathFilter ipv4_rp_filter;
return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp", link->network->proxy_arp > 0);
}
+static int link_set_proxy_arp_pvlan(Link *link) {
+ assert(link);
+
+ if (!link_is_configured_for_family(link, AF_INET))
+ return 0;
+
+ if (link->network->proxy_arp_pvlan < 0)
+ return 0;
+
+ return sysctl_write_ip_property_boolean(AF_INET, link->ifname, "proxy_arp_pvlan", link->network->proxy_arp_pvlan > 0);
+}
+
static bool link_ip_forward_enabled(Link *link, int family) {
assert(link);
assert(IN_SET(family, AF_INET, AF_INET6));
if (r < 0)
log_link_warning_errno(link, r, "Cannot configure proxy ARP for interface, ignoring: %m");
+ r = link_set_proxy_arp_pvlan(link);
+ if (r < 0)
+ log_link_warning_errno(link, r, "Cannot configure proxy ARP private VLAN for interface, ignoring: %m");
+
r = link_set_ipv4_forward(link);
if (r < 0)
log_link_warning_errno(link, r, "Cannot turn on IPv4 packet forwarding, ignoring: %m");
IPv6DuplicateAddressDetection=3
IPv6HopLimit=5
IPv4ProxyARP=true
+IPv4ProxyARPPrivateVLAN=true
IPv6ProxyNDP=true
IPMasquerade=
IPv4LLRoute=
IPv4ProxyARP=
+IPv4ProxyARPPrivateVLAN=
IPv6AcceptRA=
IPv6DuplicateAddressDetection=
IPv6FlowLabel=
IPv6DuplicateAddressDetection=3
IPv6HopLimit=5
IPv4ProxyARP=yes
+IPv4ProxyARPPrivateVLAN=yes
IPv6ProxyNDP=yes
IPv6AcceptRA=no
IPv4AcceptLocal=yes
self.check_ipv6_sysctl_attr('dummy98', 'proxy_ndp', '1')
self.check_ipv4_sysctl_attr('dummy98', 'forwarding', '1')
self.check_ipv4_sysctl_attr('dummy98', 'proxy_arp', '1')
+ self.check_ipv4_sysctl_attr('dummy98', 'proxy_arp_pvlan', '1')
self.check_ipv4_sysctl_attr('dummy98', 'accept_local', '1')
self.check_ipv4_sysctl_attr('dummy98', 'rp_filter', '0')