]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd.netdev.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
cryptsetup: mention correct action in log message
[thirdparty/systemd.git] / man / systemd.netdev.xml
CommitLineData
eac684ef 1<?xml version='1.0'?> <!--*-nxml-*-->
3a54a157 2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
eea10b26 3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
db9ecf05 4<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
eac684ef 5
8c66ab20
YW		 6<refentry id="systemd.netdev" conditional='ENABLE_NETWORKD'
7 xmlns:xi="http://www.w3.org/2001/XInclude">
eac684ef 8
798d3a52
ZJS		 9 <refentryinfo>
10 <title>systemd.network</title>
11 <productname>systemd</productname>
798d3a52
ZJS		 12 </refentryinfo>
13
14 <refmeta>
15 <refentrytitle>systemd.netdev</refentrytitle>
16 <manvolnum>5</manvolnum>
17 </refmeta>
18
19 <refnamediv>
20 <refname>systemd.netdev</refname>
21 <refpurpose>Virtual Network Device configuration</refpurpose>
22 </refnamediv>
23
24 <refsynopsisdiv>
25 <para><filename><replaceable>netdev</replaceable>.netdev</filename></para>
26 </refsynopsisdiv>
27
28 <refsect1>
29 <title>Description</title>
30
d4de2b2a 31 <para>A plain ini-style text file that encodes configuration about a virtual network device, used by
798d3a52 32 <citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
675fa6ea 33 See <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry>
d4de2b2a 34 for a general description of the syntax.</para>
798d3a52 35
bac150e9
ZJS		 36 <para>The main Virtual Network Device file must have the extension <filename>.netdev</filename>;
37 other extensions are ignored. Virtual network devices are created as soon as networkd is
38 started. If a netdev with the specified name already exists, networkd will use that as-is rather
39 than create its own. Note that the settings of the pre-existing netdev will not be changed by
798d3a52
ZJS		 40 networkd.</para>
41
cc9b6bdc
YW		 42 <para>The <filename>.netdev</filename> files are read from the files located in the system network
43 directory <filename>/usr/lib/systemd/network</filename> and
44 <filename>/usr/local/lib/systemd/network</filename>, the volatile runtime network directory
45 <filename>/run/systemd/network</filename> and the local administration network directory
46 <filename>/etc/systemd/network</filename>. All configuration files are collectively sorted and
47 processed in alphanumeric order, regardless of the directories in which they live. However, files
48 with identical filenames replace each other. It is recommended that each filename is prefixed with
2c453485
YW		 49 a number smaller than <literal>70</literal> (e.g. <filename>10-vlan.netdev</filename>). Otherwise,
50 <filename>.netdev</filename> files generated by
cc9b6bdc
YW		 51 <citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
52 may take precedence over user configured files. Files in <filename>/etc/</filename> have the
53 highest priority, files in <filename>/run/</filename> take precedence over files with the same name
54 in <filename>/usr/lib/</filename>. This can be used to override a system-supplied configuration
55 file with a local file if needed. As a special case, an empty file (file size 0) or symlink with
56 the same name pointing to <filename>/dev/null</filename> disables the configuration file entirely
57 (it is "masked").</para>
bac150e9
ZJS		 58
59 <para>Along with the netdev file <filename>foo.netdev</filename>, a "drop-in" directory
60 <filename>foo.netdev.d/</filename> may exist. All files with the suffix <literal>.conf</literal>
e6655fbe
YW		 61 from this directory will be merged in the alphanumeric order and parsed after the main file itself
62 has been parsed. This is useful to alter or add configuration settings, without having to modify
63 the main configuration file. Each drop-in file must have appropriate section headers.</para>
bac150e9
ZJS		 64
65 <para>In addition to <filename>/etc/systemd/network</filename>, drop-in <literal>.d</literal>
66 directories can be placed in <filename>/usr/lib/systemd/network</filename> or
67 <filename>/run/systemd/network</filename> directories. Drop-in files in
3b121157
ZJS		 68 <filename>/etc/</filename> take precedence over those in <filename>/run/</filename> which in turn
69 take precedence over those in <filename>/usr/lib/</filename>. Drop-in files under any of these
bac150e9 70 directories take precedence over the main netdev file wherever located. (Of course, since
3b121157 71 <filename>/run/</filename> is temporary and <filename>/usr/lib/</filename> is for vendors, it is
bac150e9 72 unlikely drop-ins should be used in either of those places.)</para>
798d3a52
ZJS		 73 </refsect1>
74
75 <refsect1>
76 <title>Supported netdev kinds</title>
77
78 <para>The following kinds of virtual network devices may be
79 configured in <filename>.netdev</filename> files:</para>
80
81 <table>
82 <title>Supported kinds of virtual network devices</title>
83
84 <tgroup cols='2'>
85 <colspec colname='kind' />
86 <colspec colname='explanation' />
87 <thead><row>
88 <entry>Kind</entry>
89 <entry>Description</entry>
90 </row></thead>
91 <tbody>
92 <row><entry><varname>bond</varname></entry>
0e685823 93 <entry>A bond device is an aggregation of all its slave devices. See <ulink url="https://docs.kernel.org/networking/bonding.html">Linux Ethernet Bonding Driver HOWTO</ulink> for details.</entry></row>
798d3a52
ZJS		 94
95 <row><entry><varname>bridge</varname></entry>
a8eaaee7 96 <entry>A bridge device is a software switch, and each of its slave devices and the bridge itself are ports of the switch.</entry></row>
798d3a52
ZJS		 97
98 <row><entry><varname>dummy</varname></entry>
99 <entry>A dummy device drops all packets sent to it.</entry></row>
100
101 <row><entry><varname>gre</varname></entry>
11cc2a56 102 <entry>A Level 3 GRE tunnel over IPv4. See <ulink url="https://tools.ietf.org/html/rfc2784">RFC 2784</ulink> for details. Name <literal>gre0</literal> should not be used, as the kernel creates a device with this name when the corresponding kernel module is loaded.</entry></row>
798d3a52
ZJS		 103
104 <row><entry><varname>gretap</varname></entry>
11cc2a56 105 <entry>A Level 2 GRE tunnel over IPv4. Name <literal>gretap0</literal> should not be used, as the kernel creates a device with this name when the corresponding kernel module is loaded.</entry></row>
798d3a52 106
2266864b 107 <row><entry><varname>erspan</varname></entry>
11cc2a56 108 <entry>ERSPAN mirrors traffic on one or more source ports and delivers the mirrored traffic to one or more destination ports on another switch. The traffic is encapsulated in generic routing encapsulation (GRE) and is therefore routable across a layer 3 network between the source switch and the destination switch. Name <literal>erspan0</literal> should not be used, as the kernel creates a device with this name when the corresponding kernel module is loaded.</entry></row>
2266864b 109
798d3a52
ZJS		 110 <row><entry><varname>ip6gre</varname></entry>
111 <entry>A Level 3 GRE tunnel over IPv6.</entry></row>
112
113 <row><entry><varname>ip6tnl</varname></entry>
114 <entry>An IPv4 or IPv6 tunnel over IPv6</entry></row>
115
116 <row><entry><varname>ip6gretap</varname></entry>
037a3ded 117 <entry>A Level 2 GRE tunnel over IPv6.</entry></row>
798d3a52
ZJS		 118
119 <row><entry><varname>ipip</varname></entry>
120 <entry>An IPv4 over IPv4 tunnel.</entry></row>
121
122 <row><entry><varname>ipvlan</varname></entry>
e9dd6984 123 <entry>An IPVLAN device is a stacked device which receives packets from its underlying device based on IP address filtering.</entry></row>
798d3a52 124
69c317a0 125 <row><entry><varname>ipvtap</varname></entry>
e9dd6984 126 <entry>An IPVTAP device is a stacked device which receives packets from its underlying device based on IP address filtering and can be accessed using the tap user space interface.</entry></row>
69c317a0 127
798d3a52
ZJS		 128 <row><entry><varname>macvlan</varname></entry>
129 <entry>A macvlan device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
130
0371f2df
SS		 131 <row><entry><varname>macvtap</varname></entry>
132 <entry>A macvtap device is a stacked device which receives packets from its underlying device based on MAC address filtering.</entry></row>
133
798d3a52
ZJS		 134 <row><entry><varname>sit</varname></entry>
135 <entry>An IPv6 over IPv4 tunnel.</entry></row>
136
137 <row><entry><varname>tap</varname></entry>
138 <entry>A persistent Level 2 tunnel between a network device and a device node.</entry></row>
139
140 <row><entry><varname>tun</varname></entry>
141 <entry>A persistent Level 3 tunnel between a network device and a device node.</entry></row>
142
143 <row><entry><varname>veth</varname></entry>
a8eaaee7 144 <entry>An Ethernet tunnel between a pair of network devices.</entry></row>
798d3a52
ZJS		 145
146 <row><entry><varname>vlan</varname></entry>
147 <entry>A VLAN is a stacked device which receives packets from its underlying device based on VLAN tagging. See <ulink url="http://www.ieee802.org/1/pages/802.1Q.html">IEEE 802.1Q</ulink> for details.</entry></row>
148
149 <row><entry><varname>vti</varname></entry>
150 <entry>An IPv4 over IPSec tunnel.</entry></row>
151
5cc0748e
SS		 152 <row><entry><varname>vti6</varname></entry>
153 <entry>An IPv6 over IPSec tunnel.</entry></row>
154
798d3a52
ZJS		 155 <row><entry><varname>vxlan</varname></entry>
156 <entry>A virtual extensible LAN (vxlan), for connecting Cloud computing deployments.</entry></row>
20897a0d 157
6598e046
SS		 158 <row><entry><varname>geneve</varname></entry>
159 <entry>A GEneric NEtwork Virtualization Encapsulation (GENEVE) netdev driver.</entry></row>
160
3a56e697
SS		 161 <row><entry><varname>l2tp</varname></entry>
162 <entry>A Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself</entry></row>
163
81962db7
SS		 164 <row><entry><varname>macsec</varname></entry>
165 <entry>Media Access Control Security (MACsec) is an 802.1AE IEEE industry-standard security technology that provides secure communication for all traffic on Ethernet links. MACsec provides point-to-point security on Ethernet links between directly connected nodes and is capable of identifying and preventing most security threats.</entry></row>
166
20897a0d 167 <row><entry><varname>vrf</varname></entry>
0e685823 168 <entry>A Virtual Routing and Forwarding (<ulink url="https://docs.kernel.org/networking/vrf.html">VRF</ulink>) interface to create separate routing and forwarding domains.</entry></row>
92c918b0
SS		 169
170 <row><entry><varname>vcan</varname></entry>
ba9fa3bc 171 <entry>The virtual CAN driver (vcan). Similar to the network loopback devices, vcan offers a virtual local CAN interface.</entry></row>
20897a0d 172
d6df583c
SS		 173 <row><entry><varname>vxcan</varname></entry>
174 <entry>The virtual CAN tunnel driver (vxcan). Similar to the virtual ethernet driver veth, vxcan implements a local CAN traffic tunnel between two virtual CAN network devices. When creating a vxcan, two vxcan devices are created as pair. When one end receives the packet it appears on its pair and vice versa. The vxcan can be used for cross namespace communication.
175 </entry></row>
176
e5719363
JT		 177 <row><entry><varname>wireguard</varname></entry>
178 <entry>WireGuard Secure Network Tunnel.</entry></row>
179
d61e4c5b
YW		 180 <row><entry><varname>nlmon</varname></entry>
181 <entry>A Netlink monitor device. Use an nlmon device when you want to monitor system Netlink messages.</entry></row>
53cb501a
SS		 182
183 <row><entry><varname>fou</varname></entry>
184 <entry>Foo-over-UDP tunneling.</entry></row>
185
98d20a17 186 <row><entry><varname>xfrm</varname></entry>
187 <entry>A virtual tunnel interface like vti/vti6 but with several advantages.</entry></row>
188
3295a461 189 <row><entry><varname>ifb</varname></entry>
d5630d27 190 <entry>The Intermediate Functional Block (ifb) pseudo network interface acts as a QoS concentrator for multiple different sources of traffic.</entry></row>
3295a461 191
e6980c72 192 <row><entry><varname>bareudp</varname></entry>
5bc9ea07 193 <entry>Bare UDP tunnels provide a generic L3 encapsulation support for tunnelling different L3 protocols like MPLS, IP etc. inside of a UDP tunnel.</entry></row>
c0267a59
AW		 194
195 <row><entry><varname>batadv</varname></entry>
d5630d27 196 <entry><ulink url="https://www.open-mesh.org/projects/open-mesh/wiki">B.A.T.M.A.N. Advanced</ulink> is a routing protocol for multi-hop mobile ad-hoc networks which operates on layer 2.</entry></row>
b90d0f83
YW		 197
198 <row><entry><varname>ipoib</varname></entry>
199 <entry>An IP over Infiniband subinterface.</entry></row>
dedf2d00 200
ec4954d9
YW		 201 <row><entry><varname>wlan</varname></entry>
202 <entry>A virtual wireless network (WLAN) interface.</entry></row>
798d3a52
ZJS		 203 </tbody>
204 </tgroup>
205 </table>
206
207 </refsect1>
208
209 <refsect1>
210 <title>[Match] Section Options</title>
211
8c66ab20
YW		 212 <para>A virtual network device is only created if the [Match] section matches the current
213 environment, or if the section is empty. The following keys are accepted:</para>
798d3a52
ZJS		 214
215 <variablelist class='network-directives'>
8c66ab20
YW		 216 <xi:include href="systemd.link.xml" xpointer="host" />
217 <xi:include href="systemd.link.xml" xpointer="virtualization" />
218 <xi:include href="systemd.link.xml" xpointer="kernel-command-line" />
219 <xi:include href="systemd.link.xml" xpointer="kernel-version" />
4f80cfca 220 <xi:include href="systemd.link.xml" xpointer="credential" />
8c66ab20
YW		 221 <xi:include href="systemd.link.xml" xpointer="architecture" />
222 <xi:include href="systemd.link.xml" xpointer="firmware" />
798d3a52 223 </variablelist>
798d3a52
ZJS		 224 </refsect1>
225
226 <refsect1>
227 <title>[NetDev] Section Options</title>
228
bdac5608 229 <para>The [NetDev] section accepts the
488d0ba1
YW		 230 following keys:</para>
231
232 <variablelist class='network-directives'>
233 <varlistentry>
234 <term><varname>Description=</varname></term>
235 <listitem>
236 <para>A free-form description of the netdev.</para>
ec07c3c8
AK		 237
238 <xi:include href="version-info.xml" xpointer="v215"/>
488d0ba1
YW		 239 </listitem>
240 </varlistentry>
241 <varlistentry>
242 <term><varname>Name=</varname></term>
243 <listitem>
244 <para>The interface name used when creating the netdev.
e9dd6984 245 This setting is compulsory.</para>
aefdc112
AK		 246
247 <xi:include href="version-info.xml" xpointer="v211"/>
488d0ba1
YW		 248 </listitem>
249 </varlistentry>
250 <varlistentry>
251 <term><varname>Kind=</varname></term>
252 <listitem>
e9dd6984 253 <para>The netdev kind. This setting is compulsory. See the
488d0ba1
YW		 254 <literal>Supported netdev kinds</literal> section for the
255 valid keys.</para>
aefdc112
AK		 256
257 <xi:include href="version-info.xml" xpointer="v211"/>
488d0ba1
YW		 258 </listitem>
259 </varlistentry>
260 <varlistentry>
261 <term><varname>MTUBytes=</varname></term>
262 <listitem>
e9dd6984 263 <para>The maximum transmission unit in bytes to set for the device. The usual suffixes K, M, G
488d0ba1
YW		 264 are supported and are understood to the base of 1024. For <literal>tun</literal> or
265 <literal>tap</literal> devices, <varname>MTUBytes=</varname> setting is not currently supported in
bdac5608 266 [NetDev] section. Please specify it in [Link] section of
488d0ba1
YW		 267 corresponding
268 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
269 files.</para>
ec07c3c8
AK		 270
271 <xi:include href="version-info.xml" xpointer="v215"/>
488d0ba1
YW		 272 </listitem>
273 </varlistentry>
274 <varlistentry>
275 <term><varname>MACAddress=</varname></term>
276 <listitem>
aaa5ca57
YW		 277 <para>Specifies the MAC address to use for the device, or takes the special value
278 <literal>none</literal>. When <literal>none</literal>, <command>systemd-networkd</command>
279 does not request the MAC address for the device, and the kernel will assign a random MAC
280 address. For <literal>tun</literal>, <literal>tap</literal>, or <literal>l2tp</literal>
281 devices, the <varname>MACAddress=</varname> setting in the [NetDev] section is not
282 supported and will be ignored. Please specify it in the [Link] section of the corresponding
488d0ba1 283 <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>
5b8bdd20
YW		 284 file. If this option is not set, <literal>vlan</literal> device inherits the MAC address of
285 the master interface. For other kind of netdevs, if this option is not set, then the MAC
286 address is generated based on the interface name and the
488d0ba1
YW		 287 <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
288 </para>
aaa5ca57
YW		 289 <para>Note, even if <literal>none</literal> is specified, <command>systemd-udevd</command>
290 will assign the persistent MAC address for the device, as <filename>99-default.link</filename>
291 has <varname>MACAddressPolicy=persistent</varname>. So, it is also necessary to create a
292 custom .link file for the device, if the MAC address assignment is not desired.</para>
ec07c3c8
AK		 293
294 <xi:include href="version-info.xml" xpointer="v215"/>
488d0ba1
YW		 295 </listitem>
296 </varlistentry>
297 </variablelist>
798d3a52
ZJS		 298 </refsect1>
299
488d0ba1 300 <refsect1>
3428fe07
SS		 301 <title>[Bridge] Section Options</title>
302
bdac5608 303 <para>The [Bridge] section only applies for
488d0ba1
YW		 304 netdevs of kind <literal>bridge</literal>, and accepts the
305 following keys:</para>
306
307 <variablelist class='network-directives'>
308 <varlistentry>
309 <term><varname>HelloTimeSec=</varname></term>
310 <listitem>
311 <para>HelloTimeSec specifies the number of seconds between two hello packets
312 sent out by the root bridge and the designated bridges. Hello packets are
313 used to communicate information about the topology throughout the entire
314 bridged local area network.</para>
ec07c3c8
AK		 315
316 <xi:include href="version-info.xml" xpointer="v227"/>
488d0ba1
YW		 317 </listitem>
318 </varlistentry>
319 <varlistentry>
320 <term><varname>MaxAgeSec=</varname></term>
321 <listitem>
322 <para>MaxAgeSec specifies the number of seconds of maximum message age.
323 If the last seen (received) hello packet is more than this number of
324 seconds old, the bridge in question will start the takeover procedure
325 in attempt to become the Root Bridge itself.</para>
ec07c3c8
AK		 326
327 <xi:include href="version-info.xml" xpointer="v227"/>
488d0ba1
YW		 328 </listitem>
329 </varlistentry>
330 <varlistentry>
331 <term><varname>ForwardDelaySec=</varname></term>
332 <listitem>
333 <para>ForwardDelaySec specifies the number of seconds spent in each
334 of the Listening and Learning states before the Forwarding state is entered.</para>
ec07c3c8
AK		 335
336 <xi:include href="version-info.xml" xpointer="v227"/>
488d0ba1
YW		 337 </listitem>
338 </varlistentry>
339 <varlistentry>
340 <term><varname>AgeingTimeSec=</varname></term>
341 <listitem>
342 <para>This specifies the number of seconds a MAC Address will be kept in
343 the forwarding database after having a packet received from this MAC Address.</para>
ec07c3c8
AK		 344
345 <xi:include href="version-info.xml" xpointer="v232"/>
488d0ba1
YW		 346 </listitem>
347 </varlistentry>
348 <varlistentry>
349 <term><varname>Priority=</varname></term>
350 <listitem>
351 <para>The priority of the bridge. An integer between 0 and 65535. A lower value
352 means higher priority. The bridge having the lowest priority will be elected as root bridge.</para>
ec07c3c8
AK		 353
354 <xi:include href="version-info.xml" xpointer="v232"/>
488d0ba1
YW		 355 </listitem>
356 </varlistentry>
357 <varlistentry>
358 <term><varname>GroupForwardMask=</varname></term>
359 <listitem>
360 <para>A 16-bit bitmask represented as an integer which allows forwarding of link
361 local frames with 802.1D reserved addresses (01:80:C2:00:00:0X). A logical AND
362 is performed between the specified bitmask and the exponentiation of 2^X, the
363 lower nibble of the last octet of the MAC address. For example, a value of 8
364 would allow forwarding of frames addressed to 01:80:C2:00:00:03 (802.1X PAE).</para>
ec07c3c8
AK		 365
366 <xi:include href="version-info.xml" xpointer="v235"/>
488d0ba1
YW		 367 </listitem>
368 </varlistentry>
369 <varlistentry>
370 <term><varname>DefaultPVID=</varname></term>
371 <listitem>
372 <para>This specifies the default port VLAN ID of a newly attached bridge port.
be0d27ee 373 Set this to an integer in the range 1…4094 or <literal>none</literal> to disable the PVID.</para>
ec07c3c8
AK		 374
375 <xi:include href="version-info.xml" xpointer="v232"/>
488d0ba1
YW		 376 </listitem>
377 </varlistentry>
378 <varlistentry>
379 <term><varname>MulticastQuerier=</varname></term>
380 <listitem>
381 <para>Takes a boolean. This setting controls the IFLA_BR_MCAST_QUERIER option in the kernel.
382 If enabled, the kernel will send general ICMP queries from a zero source address.
383 This feature should allow faster convergence on startup, but it causes some
384 multicast-aware switches to misbehave and disrupt forwarding of multicast packets.
385 When unset, the kernel's default will be used.
386 </para>
ec07c3c8
AK		 387
388 <xi:include href="version-info.xml" xpointer="v230"/>
488d0ba1
YW		 389 </listitem>
390 </varlistentry>
391 <varlistentry>
392 <term><varname>MulticastSnooping=</varname></term>
393 <listitem>
394 <para>Takes a boolean. This setting controls the IFLA_BR_MCAST_SNOOPING option in the kernel.
395 If enabled, IGMP snooping monitors the Internet Group Management Protocol (IGMP) traffic
396 between hosts and multicast routers. When unset, the kernel's default will be used.
397 </para>
ec07c3c8
AK		 398
399 <xi:include href="version-info.xml" xpointer="v230"/>
488d0ba1
YW		 400 </listitem>
401 </varlistentry>
402 <varlistentry>
403 <term><varname>VLANFiltering=</varname></term>
404 <listitem>
405 <para>Takes a boolean. This setting controls the IFLA_BR_VLAN_FILTERING option in the kernel.
406 If enabled, the bridge will be started in VLAN-filtering mode. When unset, the kernel's default will be used.
407 </para>
ec07c3c8
AK		 408
409 <xi:include href="version-info.xml" xpointer="v231"/>
488d0ba1
YW		 410 </listitem>
411 </varlistentry>
4df4df5b
RF		 412 <varlistentry>
413 <term><varname>VLANProtocol=</varname></term>
414 <listitem>
415 <para>Allows setting the protocol used for VLAN filtering. Takes
416 <option>802.1q</option> or,
417 <option>802.1ad</option>, and defaults to unset and kernel's default is used.
418 </para>
ec07c3c8
AK		 419
420 <xi:include href="version-info.xml" xpointer="v246"/>
4df4df5b
RF		 421 </listitem>
422 </varlistentry>
488d0ba1
YW		 423 <varlistentry>
424 <term><varname>STP=</varname></term>
425 <listitem>
426 <para>Takes a boolean. This enables the bridge's Spanning Tree Protocol (STP).
427 When unset, the kernel's default will be used.
afa51e2d 428 </para>
ec07c3c8
AK		 429
430 <xi:include href="version-info.xml" xpointer="v232"/>
afa51e2d
SS		 431 </listitem>
432 </varlistentry>
433 <varlistentry>
e8489008 434 <term><varname>MulticastIGMPVersion=</varname></term>
afa51e2d 435 <listitem>
11fcfc53
FS		 436 <para>Allows changing bridge's multicast Internet Group Management Protocol (IGMP) version.
437 Takes an integer 2 or 3. When unset, the kernel's default will be used.
488d0ba1 438 </para>
ec07c3c8
AK		 439
440 <xi:include href="version-info.xml" xpointer="v243"/>
488d0ba1
YW		 441 </listitem>
442 </varlistentry>
443 </variablelist>
3428fe07
SS		 444 </refsect1>
445
798d3a52
ZJS		 446 <refsect1>
447 <title>[VLAN] Section Options</title>
448
bdac5608 449 <para>The [VLAN] section only applies for
488d0ba1
YW		 450 netdevs of kind <literal>vlan</literal>, and accepts the
451 following key:</para>
452
453 <variablelist class='network-directives'>
454 <varlistentry>
455 <term><varname>Id=</varname></term>
456 <listitem>
be0d27ee 457 <para>The VLAN ID to use. An integer in the range 0…4094.
e9dd6984 458 This setting is compulsory.</para>
aefdc112
AK		 459
460 <xi:include href="version-info.xml" xpointer="v211"/>
488d0ba1
YW		 461 </listitem>
462 </varlistentry>
2d453f35 463 <varlistentry>
464 <term><varname>Protocol=</varname></term>
465 <listitem>
466 <para>Allows setting the protocol used for the VLAN interface. Takes <literal>802.1q</literal> or,
467 <literal>802.1ad</literal>, and defaults to unset and kernel's default is used.</para>
ec07c3c8
AK		 468
469 <xi:include href="version-info.xml" xpointer="v248"/>
2d453f35 470 </listitem>
471 </varlistentry>
488d0ba1
YW		 472 <varlistentry>
473 <term><varname>GVRP=</varname></term>
474 <listitem>
475 <para>Takes a boolean. The Generic VLAN Registration Protocol (GVRP) is a protocol that
476 allows automatic learning of VLANs on a network.
477 When unset, the kernel's default will be used.
478 </para>
ec07c3c8
AK		 479
480 <xi:include href="version-info.xml" xpointer="v234"/>
488d0ba1
YW		 481 </listitem>
482 </varlistentry>
483 <varlistentry>
484 <term><varname>MVRP=</varname></term>
485 <listitem>
486 <para>Takes a boolean. Multiple VLAN Registration Protocol (MVRP) formerly known as GARP VLAN
487 Registration Protocol (GVRP) is a standards-based Layer 2 network protocol,
488 for automatic configuration of VLAN information on switches. It was defined
489 in the 802.1ak amendment to 802.1Q-2005. When unset, the kernel's default will be used.
490 </para>
ec07c3c8
AK		 491
492 <xi:include href="version-info.xml" xpointer="v234"/>
488d0ba1
YW		 493 </listitem>
494 </varlistentry>
495 <varlistentry>
496 <term><varname>LooseBinding=</varname></term>
497 <listitem>
498 <para>Takes a boolean. The VLAN loose binding mode, in which only the operational state is passed
499 from the parent to the associated VLANs, but the VLAN device state is not changed.
500 When unset, the kernel's default will be used.</para>
ec07c3c8
AK		 501
502 <xi:include href="version-info.xml" xpointer="v234"/>
488d0ba1
YW		 503 </listitem>
504 </varlistentry>
505 <varlistentry>
506 <term><varname>ReorderHeader=</varname></term>
507 <listitem>
e9dd6984
ZJS		 508 <para>Takes a boolean. When enabled, the VLAN reorder header is used and VLAN interfaces behave
509 like physical interfaces. When unset, the kernel's default will be used.</para>
ec07c3c8
AK		 510
511 <xi:include href="version-info.xml" xpointer="v234"/>
488d0ba1
YW		 512 </listitem>
513 </varlistentry>
0d9b8913
SS		 514 <varlistentry>
515 <term><varname>EgressQOSMaps=</varname></term>
ea070862
SS		 516 <term><varname>IngressQOSMaps=</varname></term>
517 <listitem>
ee44b32f
YW		 518 <para>Defines a mapping of Linux internal packet priority (<constant>SO_PRIORITY</constant>)
519 to VLAN header PCP field for outgoing and incoming frames, respectively. Takes a
520 whitespace-separated list of integer pairs, where each integer must be in the range
521 1…4294967294, in the format <literal>from</literal>-<literal>to</literal>, e.g.,
522 <literal>21-7 45-5</literal>. Note that <literal>from</literal> must be greater than or equal
523 to <literal>to</literal>. When unset, the kernel's default will be used.</para>
aefdc112
AK		 524
525 <xi:include href="version-info.xml" xpointer="v248"/>
ea070862
SS		 526 </listitem>
527 </varlistentry>
488d0ba1 528 </variablelist>
798d3a52
ZJS		 529 </refsect1>
530
531 <refsect1>
532 <title>[MACVLAN] Section Options</title>
533
bdac5608 534 <para>The [MACVLAN] section only applies for
798d3a52
ZJS		 535 netdevs of kind <literal>macvlan</literal>, and accepts the
536 following key:</para>
537
538 <variablelist class='network-directives'>
539 <varlistentry>
540 <term><varname>Mode=</varname></term>
541 <listitem>
542 <para>The MACVLAN mode to use. The supported options are
543 <literal>private</literal>,
544 <literal>vepa</literal>,
0d0de133
 545 <literal>bridge</literal>,
546 <literal>passthru</literal>, and
547 <literal>source</literal>.
798d3a52 548 </para>
aefdc112
AK		 549
550 <xi:include href="version-info.xml" xpointer="v211"/>
798d3a52
ZJS		 551 </listitem>
552 </varlistentry>
0d0de133
 553 <varlistentry>
554 <term><varname>SourceMACAddress=</varname></term>
555 <listitem>
556 <para>A whitespace-separated list of remote hardware addresses allowed on the MACVLAN. This
48c19082 557 option only has an effect in source mode. Use full colon-, hyphen- or dot-delimited
0d0de133
 558 hexadecimal. This option may appear more than once, in which case the lists are merged. If
559 the empty string is assigned to this option, the list of hardware addresses defined prior
560 to this is reset. Defaults to unset.</para>
ec07c3c8
AK		 561
562 <xi:include href="version-info.xml" xpointer="v246"/>
dca0a4e1
SS		 563 </listitem>
564 </varlistentry>
565 <varlistentry>
566 <term><varname>BroadcastMulticastQueueLength=</varname></term>
567 <listitem>
568 <para>Specifies the length of the receive queue for broadcast/multicast packets. An unsigned
1d3a473b 569 integer in the range 0…4294967294. Defaults to unset.</para>
ec07c3c8
AK		 570
571 <xi:include href="version-info.xml" xpointer="v248"/>
0d0de133
 572 </listitem>
573 </varlistentry>
9adafedd
SS		 574
575 <varlistentry>
576 <term><varname>BroadcastQueueThreshold=</varname></term>
577 <listitem>
578 <para>Controls the threshold for broadcast queueing of the macvlan device. Takes the special value
579 <literal>no</literal>, or an integer in the range 0…2147483647. When <literal>no</literal> is
580 specified, the broadcast queueing is disabled altogether. When an integer is specified, a multicast
581 address will be queued as broadcast if the number of devices using it is greater than the given
582 value. Defaults to unset, and the kernel default will be used.</para>
583
584 <xi:include href="version-info.xml" xpointer="v256"/>
585 </listitem>
586 </varlistentry>
798d3a52 587 </variablelist>
798d3a52
ZJS		 588 </refsect1>
589
488d0ba1 590 <refsect1>
0371f2df
SS		 591 <title>[MACVTAP] Section Options</title>
592
885a4e6c
ZJS		 593 <para>The [MACVTAP] section applies for netdevs of kind <literal>macvtap</literal> and accepts the same
594 keys as [MACVLAN].</para>
488d0ba1 595 </refsect1>
0371f2df 596
798d3a52
ZJS		 597 <refsect1>
598 <title>[IPVLAN] Section Options</title>
599
bdac5608 600 <para>The [IPVLAN] section only applies for
798d3a52
ZJS		 601 netdevs of kind <literal>ipvlan</literal>, and accepts the
602 following key:</para>
603
604 <variablelist class='network-directives'>
605 <varlistentry>
606 <term><varname>Mode=</varname></term>
488d0ba1
YW		 607 <listitem>
608 <para>The IPVLAN mode to use. The supported options are
609 <literal>L2</literal>,<literal>L3</literal> and <literal>L3S</literal>.
610 </para>
ec07c3c8
AK		 611
612 <xi:include href="version-info.xml" xpointer="v219"/>
488d0ba1 613 </listitem>
d384826f 614 </varlistentry>
488d0ba1 615 <varlistentry>
d384826f 616 <term><varname>Flags=</varname></term>
488d0ba1
YW		 617 <listitem>
618 <para>The IPVLAN flags to use. The supported options are
619 <literal>bridge</literal>,<literal>private</literal> and <literal>vepa</literal>.
620 </para>
ec07c3c8
AK		 621
622 <xi:include href="version-info.xml" xpointer="v237"/>
488d0ba1 623 </listitem>
798d3a52
ZJS		 624 </varlistentry>
625 </variablelist>
798d3a52
ZJS		 626 </refsect1>
627
69c317a0
SS		 628 <refsect1>
629 <title>[IPVTAP] Section Options</title>
630
885a4e6c
ZJS		 631 <para>The [IPVTAP] section only applies for netdevs of kind <literal>ipvtap</literal> and accepts the
632 same keys as [IPVLAN].</para>
69c317a0
SS		 633 </refsect1>
634
798d3a52
ZJS		 635 <refsect1>
636 <title>[VXLAN] Section Options</title>
488d0ba1 637
bdac5608 638 <para>The [VXLAN] section only applies for
798d3a52
ZJS		 639 netdevs of kind <literal>vxlan</literal>, and accepts the
640 following keys:</para>
641
642 <variablelist class='network-directives'>
643 <varlistentry>
6f213e4a 644 <term><varname>VNI=</varname></term>
798d3a52 645 <listitem>
1d3a473b 646 <para>The VXLAN Network Identifier (or VXLAN Segment ID). Takes a number in the range 1…16777215.</para>
ec07c3c8
AK		 647
648 <xi:include href="version-info.xml" xpointer="v243"/>
798d3a52
ZJS		 649 </listitem>
650 </varlistentry>
651 <varlistentry>
d35e5d37 652 <term><varname>Remote=</varname></term>
798d3a52 653 <listitem>
bf443be9 654 <para>Configures destination IP address.</para>
ec07c3c8
AK		 655
656 <xi:include href="version-info.xml" xpointer="v233"/>
798d3a52
ZJS		 657 </listitem>
658 </varlistentry>
659 <varlistentry>
d35e5d37
SS		 660 <term><varname>Local=</varname></term>
661 <listitem>
b886649c
YW		 662 <para>Configures local IP address. It must be an address on the underlying interface of the
663 VXLAN interface, or one of the special values <literal>ipv4_link_local</literal>,
664 <literal>ipv6_link_local</literal>, <literal>dhcp4</literal>, <literal>dhcp6</literal>, and
665 <literal>slaac</literal>. If one of the special values is specified, an address which matches
666 the corresponding type on the underlying interface will be used. Defaults to unset.</para>
ec07c3c8
AK		 667
668 <xi:include href="version-info.xml" xpointer="v233"/>
d35e5d37 669 </listitem>
83cb24ac
SS		 670 </varlistentry>
671 <varlistentry>
672 <term><varname>Group=</varname></term>
673 <listitem>
e9dd6984
ZJS		 674 <para>Configures VXLAN multicast group IP address. All members of a VXLAN must use the same
675 multicast group address.</para>
ec07c3c8
AK		 676
677 <xi:include href="version-info.xml" xpointer="v243"/>
83cb24ac 678 </listitem>
d35e5d37 679 </varlistentry>
488d0ba1 680 <varlistentry>
798d3a52
ZJS		 681 <term><varname>TOS=</varname></term>
682 <listitem>
683 <para>The Type Of Service byte value for a vxlan interface.</para>
ec07c3c8
AK		 684
685 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 686 </listitem>
687 </varlistentry>
688 <varlistentry>
689 <term><varname>TTL=</varname></term>
690 <listitem>
f4a8ca32 691 <para>A fixed Time To Live N on Virtual eXtensible Local Area Network packets.
be0d27ee 692 Takes <literal>inherit</literal> or a number in the range 0…255. 0 is a special
f4a8ca32
SS		 693 value meaning inherit the inner protocol's TTL value. <literal>inherit</literal>
694 means that it will inherit the outer protocol's TTL value.</para>
ec07c3c8
AK		 695
696 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 697 </listitem>
698 </varlistentry>
699 <varlistentry>
700 <term><varname>MacLearning=</varname></term>
701 <listitem>
9b6ffef3 702 <para>Takes a boolean. When true, enables dynamic MAC learning
798d3a52 703 to discover remote MAC addresses.</para>
ec07c3c8
AK		 704
705 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 706 </listitem>
707 </varlistentry>
708 <varlistentry>
709 <term><varname>FDBAgeingSec=</varname></term>
710 <listitem>
711 <para>The lifetime of Forwarding Database entry learnt by
b938cb90 712 the kernel, in seconds.</para>
ec07c3c8
AK		 713
714 <xi:include href="version-info.xml" xpointer="v218"/>
798d3a52
ZJS		 715 </listitem>
716 </varlistentry>
717 <varlistentry>
3d276dd2
SS		 718 <term><varname>MaximumFDBEntries=</varname></term>
719 <listitem>
720 <para>Configures maximum number of FDB entries.</para>
ec07c3c8
AK		 721
722 <xi:include href="version-info.xml" xpointer="v228"/>
3d276dd2
SS		 723 </listitem>
724 </varlistentry>
798d3a52 725 <varlistentry>
7dd6974c 726 <term><varname>ReduceARPProxy=</varname></term>
798d3a52 727 <listitem>
c8cd6d7b
ZJS		 728 <para>Takes a boolean. When true, bridge-connected VXLAN tunnel endpoint answers ARP requests from
729 the local bridge on behalf of remote
7dd6974c 730 <ulink url="https://en.wikipedia.org/wiki/Distributed_Overlay_Virtual_Ethernet">
c8cd6d7b
ZJS		 731 Distributed Overlay Virtual Ethernet (DOVE)</ulink>
732 clients. Defaults to false.</para>
ec07c3c8
AK		 733
734 <xi:include href="version-info.xml" xpointer="v233"/>
798d3a52
ZJS		 735 </listitem>
736 </varlistentry>
737 <varlistentry>
738 <term><varname>L2MissNotification=</varname></term>
739 <listitem>
9b6ffef3 740 <para>Takes a boolean. When true, enables netlink LLADDR miss
798d3a52 741 notifications.</para>
ec07c3c8
AK		 742
743 <xi:include href="version-info.xml" xpointer="v218"/>
798d3a52
ZJS		 744 </listitem>
745 </varlistentry>
746 <varlistentry>
747 <term><varname>L3MissNotification=</varname></term>
748 <listitem>
e9dd6984 749 <para>Takes a boolean. When true, enables netlink IP address miss notifications.</para>
ec07c3c8
AK		 750
751 <xi:include href="version-info.xml" xpointer="v218"/>
798d3a52
ZJS		 752 </listitem>
753 </varlistentry>
754 <varlistentry>
755 <term><varname>RouteShortCircuit=</varname></term>
756 <listitem>
9b6ffef3 757 <para>Takes a boolean. When true, route short circuiting is turned
798d3a52 758 on.</para>
ec07c3c8
AK		 759
760 <xi:include href="version-info.xml" xpointer="v218"/>
798d3a52
ZJS		 761 </listitem>
762 </varlistentry>
cffacc74 763 <varlistentry>
53c06862 764 <term><varname>UDPChecksum=</varname></term>
cffacc74 765 <listitem>
9b6ffef3 766 <para>Takes a boolean. When true, transmitting UDP checksums when doing VXLAN/IPv4 is turned on.</para>
ec07c3c8 767
aefdc112 768 <xi:include href="version-info.xml" xpointer="v220"/>
cffacc74
SS		 769 </listitem>
770 </varlistentry>
771 <varlistentry>
772 <term><varname>UDP6ZeroChecksumTx=</varname></term>
773 <listitem>
9b6ffef3 774 <para>Takes a boolean. When true, sending zero checksums in VXLAN/IPv6 is turned on.</para>
ec07c3c8
AK		 775
776 <xi:include href="version-info.xml" xpointer="v220"/>
cffacc74
SS		 777 </listitem>
778 </varlistentry>
779 <varlistentry>
53c06862 780 <term><varname>UDP6ZeroChecksumRx=</varname></term>
cffacc74 781 <listitem>
9b6ffef3 782 <para>Takes a boolean. When true, receiving zero checksums in VXLAN/IPv6 is turned on.</para>
ec07c3c8 783
aefdc112 784 <xi:include href="version-info.xml" xpointer="v220"/>
16441027
SS		 785 </listitem>
786 </varlistentry>
787 <varlistentry>
53c06862 788 <term><varname>RemoteChecksumTx=</varname></term>
16441027 789 <listitem>
9b6ffef3 790 <para>Takes a boolean. When true, remote transmit checksum offload of VXLAN is turned on.</para>
ec07c3c8
AK		 791
792 <xi:include href="version-info.xml" xpointer="v232"/>
16441027
SS		 793 </listitem>
794 </varlistentry>
795 <varlistentry>
53c06862 796 <term><varname>RemoteChecksumRx=</varname></term>
16441027 797 <listitem>
9b6ffef3 798 <para>Takes a boolean. When true, remote receive checksum offload in VXLAN is turned on.</para>
ec07c3c8
AK		 799
800 <xi:include href="version-info.xml" xpointer="v232"/>
cffacc74
SS		 801 </listitem>
802 </varlistentry>
488d0ba1
YW		 803 <varlistentry>
804 <term><varname>GroupPolicyExtension=</varname></term>
805 <listitem>
806 <para>Takes a boolean. When true, it enables Group Policy VXLAN extension security label mechanism
807 across network peers based on VXLAN. For details about the Group Policy VXLAN, see the
808 <ulink url="https://tools.ietf.org/html/draft-smith-vxlan-group-policy">
809 VXLAN Group Policy </ulink> document. Defaults to false.</para>
ec07c3c8
AK		 810
811 <xi:include href="version-info.xml" xpointer="v224"/>
488d0ba1
YW		 812 </listitem>
813 </varlistentry>
814 <varlistentry>
815 <term><varname>GenericProtocolExtension=</varname></term>
816 <listitem>
817 <para>Takes a boolean. When true, Generic Protocol Extension extends the existing VXLAN protocol
818 to provide protocol typing, OAM, and versioning capabilities. For details about the VXLAN GPE
819 Header, see the <ulink url="https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe-07">
820 Generic Protocol Extension for VXLAN </ulink> document. If destination port is not specified and
821 Generic Protocol Extension is set then default port of 4790 is used. Defaults to false.</para>
ec07c3c8
AK		 822
823 <xi:include href="version-info.xml" xpointer="v243"/>
488d0ba1
YW		 824 </listitem>
825 </varlistentry>
826 <varlistentry>
827 <term><varname>DestinationPort=</varname></term>
828 <listitem>
e6fd398d
ZJS		 829 <para>Configures the default destination UDP port. If the destination port is not specified then
830 Linux kernel default will be used. Set to 4789 to get the IANA assigned value.</para>
ec07c3c8
AK		 831
832 <xi:include href="version-info.xml" xpointer="v229"/>
488d0ba1
YW		 833 </listitem>
834 </varlistentry>
835 <varlistentry>
836 <term><varname>PortRange=</varname></term>
ea0288d1 837 <listitem>
e6fd398d
ZJS		 838 <para>Configures the source port range for the VXLAN. The kernel assigns the source UDP port based
839 on the flow to help the receiver to do load balancing. When this option is not set, the normal
840 range of local UDP ports is used.</para>
ec07c3c8
AK		 841
842 <xi:include href="version-info.xml" xpointer="v229"/>
ea0288d1
SS		 843 </listitem>
844 </varlistentry>
488d0ba1
YW		 845 <varlistentry>
846 <term><varname>FlowLabel=</varname></term>
d8653945
SS		 847 <listitem>
848 <para>Specifies the flow label to use in outgoing packets.
849 The valid range is 0-1048575.
850 </para>
ec07c3c8
AK		 851
852 <xi:include href="version-info.xml" xpointer="v234"/>
d8653945 853 </listitem>
488d0ba1 854 </varlistentry>
1189c00a
SS		 855 <varlistentry>
856 <term><varname>IPDoNotFragment=</varname></term>
857 <listitem>
11fcfc53 858 <para>Allows setting the IPv4 Do not Fragment (DF) bit in outgoing packets, or to inherit its
1189c00a
SS		 859 value from the IPv4 inner header. Takes a boolean value, or <literal>inherit</literal>. Set
860 to <literal>inherit</literal> if the encapsulated protocol is IPv6. When unset, the kernel's
861 default will be used.</para>
ec07c3c8
AK		 862
863 <xi:include href="version-info.xml" xpointer="v243"/>
1189c00a 864 </listitem>
d8653945 865 </varlistentry>
3e90ded7
MM		 866 <varlistentry>
867 <term><varname>Independent=</varname></term>
868 <listitem>
869 <para>Takes a boolean. When true, the vxlan interface is created without any underlying network
870 interface. Defaults to false, which means that a .network file that requests this VXLAN interface
871 using <varname>VXLAN=</varname> is required for the VXLAN to be created.</para>
aefdc112
AK		 872
873 <xi:include href="version-info.xml" xpointer="v247"/>
3e90ded7
MM		 874 </listitem>
875 </varlistentry>
798d3a52
ZJS		 876 </variablelist>
877 </refsect1>
488d0ba1 878
6598e046
SS		 879 <refsect1>
880 <title>[GENEVE] Section Options</title>
488d0ba1 881
bdac5608 882 <para>The [GENEVE] section only applies for
6598e046
SS		 883 netdevs of kind <literal>geneve</literal>, and accepts the
884 following keys:</para>
885
886 <variablelist class='network-directives'>
887 <varlistentry>
888 <term><varname>Id=</varname></term>
889 <listitem>
e375ceb6
ZJS		 890 <para>Specifies the Virtual Network Identifier (VNI) to use, a number between 0 and 16777215. This
891 field is mandatory.</para>
aefdc112
AK		 892
893 <xi:include href="version-info.xml" xpointer="v234"/>
6598e046
SS		 894 </listitem>
895 </varlistentry>
896 <varlistentry>
897 <term><varname>Remote=</varname></term>
898 <listitem>
899 <para>Specifies the unicast destination IP address to use in outgoing packets.</para>
ec07c3c8
AK		 900
901 <xi:include href="version-info.xml" xpointer="v234"/>
6598e046
SS		 902 </listitem>
903 </varlistentry>
904 <varlistentry>
905 <term><varname>TOS=</varname></term>
906 <listitem>
e375ceb6 907 <para>Specifies the TOS value to use in outgoing packets. Takes a number between 1 and 255.</para>
ec07c3c8
AK		 908
909 <xi:include href="version-info.xml" xpointer="v234"/>
6598e046
SS		 910 </listitem>
911 </varlistentry>
912 <varlistentry>
913 <term><varname>TTL=</varname></term>
914 <listitem>
bdac5608 915 <para>Accepts the same values as in the [VXLAN] section, except that when unset
e9dd6984 916 or set to 0, the kernel's default will be used, meaning that packet TTL will be set from
328184d1 917 <filename>/proc/sys/net/ipv4/ip_default_ttl</filename>.</para>
ec07c3c8
AK		 918
919 <xi:include href="version-info.xml" xpointer="v234"/>
6598e046
SS		 920 </listitem>
921 </varlistentry>
922 <varlistentry>
923 <term><varname>UDPChecksum=</varname></term>
924 <listitem>
e9dd6984
ZJS		 925 <para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets
926 over IPv4.</para>
ec07c3c8
AK		 927
928 <xi:include href="version-info.xml" xpointer="v234"/>
6598e046
SS		 929 </listitem>
930 </varlistentry>
931 <varlistentry>
932 <term><varname>UDP6ZeroChecksumTx=</varname></term>
933 <listitem>
9b6ffef3 934 <para>Takes a boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6.</para>
ec07c3c8
AK		 935
936 <xi:include href="version-info.xml" xpointer="v234"/>
6598e046
SS		 937 </listitem>
938 </varlistentry>
939 <varlistentry>
940 <term><varname>UDP6ZeroChecksumRx=</varname></term>
941 <listitem>
9b6ffef3 942 <para>Takes a boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field.</para>
ec07c3c8
AK		 943
944 <xi:include href="version-info.xml" xpointer="v234"/>
6598e046
SS		 945 </listitem>
946 </varlistentry>
488d0ba1
YW		 947 <varlistentry>
948 <term><varname>DestinationPort=</varname></term>
949 <listitem>
950 <para>Specifies destination port. Defaults to 6081. If not set or assigned the empty string, the default
951 port of 6081 is used.</para>
ec07c3c8
AK		 952
953 <xi:include href="version-info.xml" xpointer="v234"/>
488d0ba1
YW		 954 </listitem>
955 </varlistentry>
956 <varlistentry>
957 <term><varname>FlowLabel=</varname></term>
6598e046
SS		 958 <listitem>
959 <para>Specifies the flow label to use in outgoing packets.</para>
ec07c3c8
AK		 960
961 <xi:include href="version-info.xml" xpointer="v234"/>
6598e046 962 </listitem>
488d0ba1
YW		 963 </varlistentry>
964 <varlistentry>
965 <term><varname>IPDoNotFragment=</varname></term>
aac35019 966 <listitem>
885a4e6c 967 <para>Accepts the same key as in [VXLAN] section.</para>
ec07c3c8
AK		 968
969 <xi:include href="version-info.xml" xpointer="v243"/>
aac35019 970 </listitem>
488d0ba1 971 </varlistentry>
417283c5
JM		 972 <varlistentry>
973 <term><varname>InheritInnerProtocol=</varname></term>
974 <listitem>
94d82b59 975 <para>Takes a boolean. When true, inner Layer 3 protocol is set as Protocol Type in the GENEVE
417283c5 976 header instead of Ethernet. Defaults to false.</para>
ec07c3c8
AK		 977
978 <xi:include href="version-info.xml" xpointer="v254"/>
417283c5
JM		 979 </listitem>
980 </varlistentry>
6598e046
SS		 981 </variablelist>
982 </refsect1>
488d0ba1 983
e6980c72
SS		 984 <refsect1>
985 <title>[BareUDP] Section Options</title>
986
987 <para>The [BareUDP] section only applies for
988 netdevs of kind <literal>bareudp</literal>, and accepts the
989 following keys:</para>
990
991 <variablelist class='network-directives'>
992 <varlistentry>
993 <term><varname>DestinationPort=</varname></term>
994 <listitem>
995 <para>Specifies the destination UDP port (in range 1…65535). This is mandatory.</para>
ec07c3c8
AK		 996
997 <xi:include href="version-info.xml" xpointer="v247"/>
e6980c72
SS		 998 </listitem>
999 </varlistentry>
1000
1001 <varlistentry>
1002 <term><varname>EtherType=</varname></term>
1003 <listitem>
1004 <para>Specifies the L3 protocol. Takes one of <literal>ipv4</literal>, <literal>ipv6</literal>, <literal>mpls-uc</literal>
1005 or <literal>mpls-mc</literal>. This is mandatory.</para>
ec07c3c8
AK		 1006
1007 <xi:include href="version-info.xml" xpointer="v247"/>
e6980c72
SS		 1008 </listitem>
1009 </varlistentry>
1010 </variablelist>
1011 </refsect1>
1012
3a56e697
SS		 1013 <refsect1>
1014 <title>[L2TP] Section Options</title>
488d0ba1 1015
bdac5608 1016 <para>The [L2TP] section only applies for
3a56e697
SS		 1017 netdevs of kind <literal>l2tp</literal>, and accepts the
1018 following keys:</para>
1019
1020 <variablelist class='network-directives'>
1021 <varlistentry>
1022 <term><varname>TunnelId=</varname></term>
1023 <listitem>
be0d27ee 1024 <para>Specifies the tunnel identifier. Takes an number in the range 1…4294967295. The value used
e9dd6984
ZJS		 1025 must match the <literal>PeerTunnelId=</literal> value being used at the peer. This setting is
1026 compulsory.</para>
ec07c3c8
AK		 1027
1028 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1029 </listitem>
1030 </varlistentry>
1031 <varlistentry>
1032 <term><varname>PeerTunnelId=</varname></term>
1033 <listitem>
1d3a473b 1034 <para>Specifies the peer tunnel id. Takes a number in the range 1…4294967295. The value used must
885a4e6c
ZJS		 1035 match the <literal>TunnelId=</literal> value being used at the peer. This setting is compulsory.
1036 </para>
ec07c3c8
AK		 1037
1038 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1039 </listitem>
1040 </varlistentry>
1041 <varlistentry>
1042 <term><varname>Remote=</varname></term>
1043 <listitem>
e9dd6984 1044 <para>Specifies the IP address of the remote peer. This setting is compulsory.</para>
ec07c3c8
AK		 1045
1046 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1047 </listitem>
1048 </varlistentry>
1049 <varlistentry>
1050 <term><varname>Local=</varname></term>
1051 <listitem>
8b49ee2d
YW		 1052 <para>Specifies the IP address of a local interface. Takes an IP address, or the special
1053 values <literal>auto</literal>, <literal>static</literal>, or <literal>dynamic</literal>.
1054 Optionally a name of a local interface can be specified after <literal>@</literal>, e.g.
1055 <literal>192.168.0.1@eth0</literal> or <literal>auto@eth0</literal>. When an address is
1056 specified, then a local or specified interface must have the address, and the remote address
1057 must be accessible through the local address. If <literal>auto</literal>, then one of the
1058 addresses on a local or specified interface which is accessible to the remote address will be
1059 used. Similarly, if <literal>static</literal> or <literal>dynamic</literal> is set, then one
1060 of the static or dynamic addresses will be used. Defaults to <literal>auto</literal>.</para>
ec07c3c8
AK		 1061
1062 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1063 </listitem>
1064 </varlistentry>
1065 <varlistentry>
1066 <term><varname>EncapsulationType=</varname></term>
1067 <listitem>
e9dd6984
ZJS		 1068 <para>Specifies the encapsulation type of the tunnel. Takes one of <literal>udp</literal> or
1069 <literal>ip</literal>.</para>
ec07c3c8
AK		 1070
1071 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1072 </listitem>
1073 </varlistentry>
1074 <varlistentry>
1075 <term><varname>UDPSourcePort=</varname></term>
1076 <listitem>
e9dd6984
ZJS		 1077 <para>Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected
1078 it's mandatory. Ignored when IP encapsulation is selected.</para>
ec07c3c8
AK		 1079
1080 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1081 </listitem>
1082 </varlistentry>
1083 <varlistentry>
c14faa94 1084 <term><varname>UDPDestinationPort=</varname></term>
3a56e697 1085 <listitem>
e9dd6984 1086 <para>Specifies destination port. When UDP encapsulation is selected it's mandatory. Ignored when IP
3a56e697 1087 encapsulation is selected.</para>
ec07c3c8
AK		 1088
1089 <xi:include href="version-info.xml" xpointer="v245"/>
3a56e697
SS		 1090 </listitem>
1091 </varlistentry>
1092 <varlistentry>
1093 <term><varname>UDPChecksum=</varname></term>
1094 <listitem>
e9dd6984
ZJS		 1095 <para>Takes a boolean. When true, specifies that UDP checksum is calculated for transmitted packets
1096 over IPv4.</para>
ec07c3c8
AK		 1097
1098 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1099 </listitem>
1100 </varlistentry>
1101 <varlistentry>
1102 <term><varname>UDP6ZeroChecksumTx=</varname></term>
1103 <listitem>
1104 <para>Takes a boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6.</para>
ec07c3c8
AK		 1105
1106 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1107 </listitem>
1108 </varlistentry>
1109 <varlistentry>
1110 <term><varname>UDP6ZeroChecksumRx=</varname></term>
1111 <listitem>
1112 <para>Takes a boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field.</para>
ec07c3c8
AK		 1113
1114 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1115 </listitem>
1116 </varlistentry>
1117 </variablelist>
1118 </refsect1>
488d0ba1 1119
3a56e697
SS		 1120 <refsect1>
1121 <title>[L2TPSession] Section Options</title>
488d0ba1 1122
bdac5608 1123 <para>The [L2TPSession] section only applies for
3a56e697
SS		 1124 netdevs of kind <literal>l2tp</literal>, and accepts the
1125 following keys:</para>
1126 <variablelist class='network-directives'>
1127 <varlistentry>
1128 <term><varname>Name=</varname></term>
1129 <listitem>
e9dd6984 1130 <para>Specifies the name of the session. This setting is compulsory.</para>
ec07c3c8
AK		 1131
1132 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1133 </listitem>
1134 </varlistentry>
1135 <varlistentry>
1136 <term><varname>SessionId=</varname></term>
1137 <listitem>
be0d27ee 1138 <para>Specifies the session identifier. Takes an number in the range 1…4294967295. The value used
e9dd6984
ZJS		 1139 must match the <literal>SessionId=</literal> value being used at the peer. This setting is
1140 compulsory.</para>
ec07c3c8
AK		 1141
1142 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1143 </listitem>
1144 </varlistentry>
1145 <varlistentry>
1146 <term><varname>PeerSessionId=</varname></term>
1147 <listitem>
be0d27ee 1148 <para>Specifies the peer session identifier. Takes an number in the range 1…4294967295.
e9dd6984
ZJS		 1149 The value used must match the <literal>PeerSessionId=</literal> value being used at the peer.
1150 This setting is compulsory.</para>
ec07c3c8
AK		 1151
1152 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1153 </listitem>
1154 </varlistentry>
1155 <varlistentry>
1156 <term><varname>Layer2SpecificHeader=</varname></term>
1157 <listitem>
1158 <para>Specifies layer2specific header type of the session. One of <literal>none</literal> or <literal>default</literal>. Defaults to <literal>default</literal>.</para>
ec07c3c8
AK		 1159
1160 <xi:include href="version-info.xml" xpointer="v242"/>
3a56e697
SS		 1161 </listitem>
1162 </varlistentry>
1163 </variablelist>
1164 </refsect1>
488d0ba1 1165
81962db7
SS		 1166 <refsect1>
1167 <title>[MACsec] Section Options</title>
488d0ba1 1168
bdac5608 1169 <para>The [MACsec] section only applies for network devices of kind
81962db7
SS		 1170 <literal>macsec</literal>, and accepts the following keys:</para>
1171
1172 <variablelist class='network-directives'>
1173 <varlistentry>
1174 <term><varname>Port=</varname></term>
1175 <listitem>
1176 <para>Specifies the port to be used for the MACsec transmit channel. The port is used to make
1177 secure channel identifier (SCI). Takes a value between 1 and 65535. Defaults to unset.
1178 </para>
ec07c3c8
AK		 1179
1180 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1181 </listitem>
1182 </varlistentry>
1183 <varlistentry>
1184 <term><varname>Encrypt=</varname></term>
1185 <listitem>
1186 <para>Takes a boolean. When true, enable encryption. Defaults to unset.</para>
ec07c3c8
AK		 1187
1188 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1189 </listitem>
1190 </varlistentry>
1191 </variablelist>
1192 </refsect1>
488d0ba1 1193
81962db7
SS		 1194 <refsect1>
1195 <title>[MACsecReceiveChannel] Section Options</title>
bdac5608 1196 <para>The [MACsecReceiveChannel] section only applies for network devices of
81962db7
SS		 1197 kind <literal>macsec</literal>, and accepts the following keys:</para>
1198
1199 <variablelist class='network-directives'>
1200 <varlistentry>
1201 <term><varname>Port=</varname></term>
1202 <listitem>
1203 <para>Specifies the port to be used for the MACsec receive channel. The port is used to make
1204 secure channel identifier (SCI). Takes a value between 1 and 65535. This option is
1205 compulsory, and is not set by default.</para>
ec07c3c8
AK		 1206
1207 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1208 </listitem>
1209 </varlistentry>
1210 <varlistentry>
1211 <term><varname>MACAddress=</varname></term>
1212 <listitem>
1213 <para>Specifies the MAC address to be used for the MACsec receive channel. The MAC address
e9dd6984 1214 used to make secure channel identifier (SCI). This setting is compulsory, and is not set by
81962db7 1215 default.</para>
ec07c3c8
AK		 1216
1217 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1218 </listitem>
1219 </varlistentry>
1220 </variablelist>
1221 </refsect1>
488d0ba1 1222
81962db7
SS		 1223 <refsect1>
1224 <title>[MACsecTransmitAssociation] Section Options</title>
488d0ba1 1225
bdac5608 1226 <para>The [MACsecTransmitAssociation] section only applies for network devices
81962db7
SS		 1227 of kind <literal>macsec</literal>, and accepts the following keys:</para>
1228
1229 <variablelist class='network-directives'>
1230 <varlistentry>
1231 <term><varname>PacketNumber=</varname></term>
1232 <listitem>
1233 <para>Specifies the packet number to be used for replay protection and the construction of
1234 the initialization vector (along with the secure channel identifier [SCI]). Takes a value
1235 between 1-4,294,967,295. Defaults to unset.
1236 </para>
ec07c3c8
AK		 1237
1238 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1239 </listitem>
1240 </varlistentry>
1241 <varlistentry>
1242 <term><varname>KeyId=</varname></term>
1243 <listitem>
1244 <para>Specifies the identification for the key. Takes a number between 0-255. This option
1245 is compulsory, and is not set by default.</para>
ec07c3c8
AK		 1246
1247 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1248 </listitem>
1249 </varlistentry>
1250 <varlistentry>
1251 <term><varname>Key=</varname></term>
1252 <listitem>
1253 <para>Specifies the encryption key used in the transmission channel. The same key must be
e9dd6984 1254 configured on the peer’s matching receive channel. This setting is compulsory, and is not set
81962db7
SS		 1255 by default. Takes a 128-bit key encoded in a hexadecimal string, for example
1256 <literal>dffafc8d7b9a43d5b9a3dfbbf6a30c16</literal>.</para>
ec07c3c8
AK		 1257
1258 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1259 </listitem>
1260 </varlistentry>
eb4705fb
YW		 1261 <varlistentry>
1262 <term><varname>KeyFile=</varname></term>
1263 <listitem>
387f6955 1264 <para>Takes an absolute path to a file which contains a 128-bit key encoded in a hexadecimal string,
49f16281 1265 which will be used in the transmission channel. When this option is specified,
eb4705fb
YW		 1266 <varname>Key=</varname> is ignored. Note that the file must be readable by the user
1267 <literal>systemd-network</literal>, so it should be, e.g., owned by
49f16281
LP		 1268 <literal>root:systemd-network</literal> with a <literal>0640</literal> file mode. If the path
1269 refers to an <constant>AF_UNIX</constant> stream socket in the file system a connection is made to
1270 it and the key read from it.</para>
ec07c3c8
AK		 1271
1272 <xi:include href="version-info.xml" xpointer="v243"/>
eb4705fb
YW		 1273 </listitem>
1274 </varlistentry>
a7b9c52f
YW		 1275 <varlistentry>
1276 <term><varname>Activate=</varname></term>
1277 <listitem>
1278 <para>Takes a boolean. If enabled, then the security association is activated. Defaults to
1279 unset.</para>
ec07c3c8
AK		 1280
1281 <xi:include href="version-info.xml" xpointer="v243"/>
a7b9c52f
YW		 1282 </listitem>
1283 </varlistentry>
b0e13c31
YW		 1284 <varlistentry>
1285 <term><varname>UseForEncoding=</varname></term>
1286 <listitem>
1287 <para>Takes a boolean. If enabled, then the security association is used for encoding. Only
bdac5608 1288 one [MACsecTransmitAssociation] section can enable this option. When enabled,
b0e13c31 1289 <varname>Activate=yes</varname> is implied. Defaults to unset.</para>
ec07c3c8
AK		 1290
1291 <xi:include href="version-info.xml" xpointer="v243"/>
b0e13c31
YW		 1292 </listitem>
1293 </varlistentry>
81962db7
SS		 1294 </variablelist>
1295 </refsect1>
488d0ba1 1296
81962db7
SS		 1297 <refsect1>
1298 <title>[MACsecReceiveAssociation] Section Options</title>
488d0ba1 1299
bdac5608 1300 <para>The [MACsecReceiveAssociation] section only applies for
81962db7
SS		 1301 network devices of kind <literal>macsec</literal>, and accepts the
1302 following keys:</para>
1303
1304 <variablelist class='network-directives'>
1305 <varlistentry>
1306 <term><varname>Port=</varname></term>
1307 <listitem>
885a4e6c 1308 <para>Accepts the same key as in [MACsecReceiveChannel] section.</para>
ec07c3c8
AK		 1309
1310 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1311 </listitem>
1312 </varlistentry>
1313 <varlistentry>
1314 <term><varname>MACAddress=</varname></term>
1315 <listitem>
885a4e6c 1316 <para>Accepts the same key as in [MACsecReceiveChannel] section.</para>
ec07c3c8
AK		 1317
1318 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1319 </listitem>
1320 </varlistentry>
1321 <varlistentry>
1322 <term><varname>PacketNumber=</varname></term>
1323 <listitem>
885a4e6c 1324 <para>Accepts the same key as in [MACsecTransmitAssociation] section.</para>
ec07c3c8
AK		 1325
1326 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1327 </listitem>
1328 </varlistentry>
1329 <varlistentry>
1330 <term><varname>KeyId=</varname></term>
1331 <listitem>
885a4e6c 1332 <para>Accepts the same key as in [MACsecTransmitAssociation] section.</para>
ec07c3c8
AK		 1333
1334 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1335 </listitem>
1336 </varlistentry>
1337 <varlistentry>
1338 <term><varname>Key=</varname></term>
1339 <listitem>
885a4e6c 1340 <para>Accepts the same key as in [MACsecTransmitAssociation] section.</para>
ec07c3c8
AK		 1341
1342 <xi:include href="version-info.xml" xpointer="v243"/>
81962db7
SS		 1343 </listitem>
1344 </varlistentry>
eb4705fb
YW		 1345 <varlistentry>
1346 <term><varname>KeyFile=</varname></term>
1347 <listitem>
885a4e6c 1348 <para>Accepts the same key as in [MACsecTransmitAssociation] section.</para>
ec07c3c8
AK		 1349
1350 <xi:include href="version-info.xml" xpointer="v243"/>
eb4705fb
YW		 1351 </listitem>
1352 </varlistentry>
a7b9c52f
YW		 1353 <varlistentry>
1354 <term><varname>Activate=</varname></term>
1355 <listitem>
885a4e6c 1356 <para>Accepts the same key as in [MACsecTransmitAssociation] section.</para>
ec07c3c8
AK		 1357
1358 <xi:include href="version-info.xml" xpointer="v243"/>
a7b9c52f
YW		 1359 </listitem>
1360 </varlistentry>
81962db7
SS		 1361 </variablelist>
1362 </refsect1>
488d0ba1 1363
798d3a52
ZJS		 1364 <refsect1>
1365 <title>[Tunnel] Section Options</title>
1366
bdac5608 1367 <para>The [Tunnel] section only applies for
798d3a52
ZJS		 1368 netdevs of kind
1369 <literal>ipip</literal>,
1370 <literal>sit</literal>,
1371 <literal>gre</literal>,
1372 <literal>gretap</literal>,
1373 <literal>ip6gre</literal>,
1374 <literal>ip6gretap</literal>,
5cc0748e 1375 <literal>vti</literal>,
af555aa3
YW		 1376 <literal>vti6</literal>,
1377 <literal>ip6tnl</literal>, and
1378 <literal>erspan</literal> and accepts
798d3a52
ZJS		 1379 the following keys:</para>
1380
1381 <variablelist class='network-directives'>
1ae308ab
YW		 1382 <varlistentry>
1383 <term><varname>External=</varname></term>
1384 <listitem>
1385 <para>Takes a boolean value. When true, then the tunnel is externally controlled, which is
1386 also known as collect metadata mode, and most settings below like <varname>Local=</varname>
1387 or <varname>Remote=</varname> are ignored. This implies <varname>Independent=</varname>.
1388 Defaults to false.</para>
ec07c3c8
AK		 1389
1390 <xi:include href="version-info.xml" xpointer="v251"/>
1ae308ab
YW		 1391 </listitem>
1392 </varlistentry>
798d3a52
ZJS		 1393 <varlistentry>
1394 <term><varname>Local=</varname></term>
1395 <listitem>
2be25d75
YW		 1396 <para>A static local address for tunneled packets. It must be an address on another interface
1397 of this host, or one of the special values <literal>any</literal>,
1398 <literal>ipv4_link_local</literal>, <literal>ipv6_link_local</literal>,
1399 <literal>dhcp4</literal>, <literal>dhcp6</literal>, and <literal>slaac</literal>. If one
1400 of the special values except for <literal>any</literal> is specified, an address which
1401 matches the corresponding type on the underlying interface will be used. Defaults to
1402 <literal>any</literal>.</para>
ec07c3c8
AK		 1403
1404 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 1405 </listitem>
1406 </varlistentry>
1407 <varlistentry>
1408 <term><varname>Remote=</varname></term>
1409 <listitem>
8643885f
YW		 1410 <para>The remote endpoint of the tunnel. Takes an IP address or the special value
1411 <literal>any</literal>.</para>
ec07c3c8
AK		 1412
1413 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 1414 </listitem>
1415 </varlistentry>
1416 <varlistentry>
1417 <term><varname>TOS=</varname></term>
1418 <listitem>
1419 <para>The Type Of Service byte value for a tunnel interface.
b938cb90 1420 For details about the TOS, see the
798d3a52
ZJS		 1421 <ulink url="http://tools.ietf.org/html/rfc1349"> Type of
1422 Service in the Internet Protocol Suite </ulink> document.
1423 </para>
ec07c3c8
AK		 1424
1425 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 1426 </listitem>
1427 </varlistentry>
1428 <varlistentry>
1429 <term><varname>TTL=</varname></term>
1430 <listitem>
1431 <para>A fixed Time To Live N on tunneled packets. N is a
be0d27ee 1432 number in the range 1…255. 0 is a special value meaning that
798d3a52 1433 packets inherit the TTL value. The default value for IPv4
e9dd6984 1434 tunnels is 0 (inherit). The default value for IPv6 tunnels is
798d3a52 1435 64.</para>
ec07c3c8
AK		 1436
1437 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 1438 </listitem>
1439 </varlistentry>
1440 <varlistentry>
1441 <term><varname>DiscoverPathMTU=</varname></term>
1442 <listitem>
9b6ffef3 1443 <para>Takes a boolean. When true, enables Path MTU Discovery on
b67e8a4e
YZ		 1444 the tunnel.
1445 When <varname>IgnoreDontFragment=</varname> is enabled,
1446 defaults to false. Otherwise, defaults to true.</para>
ec07c3c8
AK		 1447
1448 <xi:include href="version-info.xml" xpointer="v215"/>
b67e8a4e
YZ		 1449 </listitem>
1450 </varlistentry>
1451 <varlistentry>
1452 <term><varname>IgnoreDontFragment=</varname></term>
1453 <listitem>
1454 <para>Takes a boolean. When true, enables IPv4 Don't Fragment (DF) suppression on
1455 the tunnel. Defaults to false.
1456 Note that if <varname>IgnoreDontFragment=</varname> is set to true,
1457 <varname>DiscoverPathMTU=</varname> cannot be set to true.
1458 Only applicable to GRE, GRETAP, and ERSPAN tunnels.</para>
ec07c3c8
AK		 1459
1460 <xi:include href="version-info.xml" xpointer="v254"/>
798d3a52
ZJS		 1461 </listitem>
1462 </varlistentry>
276de526
SS		 1463 <varlistentry>
1464 <term><varname>IPv6FlowLabel=</varname></term>
1465 <listitem>
a8eaaee7 1466 <para>Configures the 20-bit flow label (see <ulink url="https://tools.ietf.org/html/rfc6437">
276de526 1467 RFC 6437</ulink>) field in the IPv6 header (see <ulink url="https://tools.ietf.org/html/rfc2460">
a8eaaee7
JE		 1468 RFC 2460</ulink>), which is used by a node to label packets of a flow.
1469 It is only used for IPv6 tunnels.
1470 A flow label of zero is used to indicate packets that have
1471 not been labeled.
be0d27ee 1472 It can be configured to a value in the range 0…0xFFFFF, or be
a8eaaee7 1473 set to <literal>inherit</literal>, in which case the original flowlabel is used.</para>
ec07c3c8
AK		 1474
1475 <xi:include href="version-info.xml" xpointer="v223"/>
276de526
SS		 1476 </listitem>
1477 </varlistentry>
9b0ca30a 1478 <varlistentry>
a9b70f9d 1479 <term><varname>CopyDSCP=</varname></term>
9b0ca30a 1480 <listitem>
9b6ffef3 1481 <para>Takes a boolean. When true, the Differentiated Service Code
3cf4bcab 1482 Point (DSCP) field will be copied to the inner header from
a9b70f9d 1483 outer header during the decapsulation of an IPv6 tunnel
3cf4bcab
ZJS		 1484 packet. DSCP is a field in an IP packet that enables different
1485 levels of service to be assigned to network traffic.
1486 Defaults to <literal>no</literal>.
9b0ca30a 1487 </para>
ec07c3c8
AK		 1488
1489 <xi:include href="version-info.xml" xpointer="v223"/>
9b0ca30a
SS		 1490 </listitem>
1491 </varlistentry>
dae398a8
SS		 1492 <varlistentry>
1493 <term><varname>EncapsulationLimit=</varname></term>
1494 <listitem>
1495 <para>The Tunnel Encapsulation Limit option specifies how many additional
1496 levels of encapsulation are permitted to be prepended to the packet.
1497 For example, a Tunnel Encapsulation Limit option containing a limit
1498 value of zero means that a packet carrying that option may not enter
1499 another tunnel before exiting the current tunnel.
1500 (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>).
9b65490f 1501 The valid range is 0…255 and <literal>none</literal>. Defaults to 4.
dae398a8 1502 </para>
ec07c3c8
AK		 1503
1504 <xi:include href="version-info.xml" xpointer="v226"/>
dae398a8
SS		 1505 </listitem>
1506 </varlistentry>
1d710029
SS		 1507 <varlistentry>
1508 <term><varname>Key=</varname></term>
1509 <listitem>
1510 <para>The <varname>Key=</varname> parameter specifies the same key to use in
1511 both directions (<varname>InputKey=</varname> and <varname>OutputKey=</varname>).
1512 The <varname>Key=</varname> is either a number or an IPv4 address-like dotted quad.
1513 It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
e9dd6984 1514 and control path) in IP XFRM (framework used to implement IPsec protocol).
e2285c57 1515 See <ulink url="https://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
c65c01c4
YW		 1516 ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6,
1517 GRE, GRETAP, and ERSPAN tunnels.</para>
ec07c3c8
AK		 1518
1519 <xi:include href="version-info.xml" xpointer="v231"/>
1d710029
SS		 1520 </listitem>
1521 </varlistentry>
1522 <varlistentry>
1523 <term><varname>InputKey=</varname></term>
1524 <listitem>
1525 <para>The <varname>InputKey=</varname> parameter specifies the key to use for input.
c65c01c4
YW		 1526 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6, GRE, GRETAP,
1527 and ERSPAN tunnels.</para>
ec07c3c8
AK		 1528
1529 <xi:include href="version-info.xml" xpointer="v231"/>
1d710029
SS		 1530 </listitem>
1531 </varlistentry>
1532 <varlistentry>
1533 <term><varname>OutputKey=</varname></term>
1534 <listitem>
1535 <para>The <varname>OutputKey=</varname> parameter specifies the key to use for output.
c65c01c4
YW		 1536 The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6, GRE, GRETAP,
1537 and ERSPAN tunnels.</para>
ec07c3c8
AK		 1538
1539 <xi:include href="version-info.xml" xpointer="v231"/>
1d710029
SS		 1540 </listitem>
1541 </varlistentry>
798d3a52
ZJS		 1542 <varlistentry>
1543 <term><varname>Mode=</varname></term>
1544 <listitem>
a8eaaee7 1545 <para>An <literal>ip6tnl</literal> tunnel can be in one of three
798d3a52
ZJS		 1546 modes
1547 <literal>ip6ip6</literal> for IPv6 over IPv6,
1548 <literal>ipip6</literal> for IPv4 over IPv6 or
1549 <literal>any</literal> for either.
1550 </para>
ec07c3c8
AK		 1551
1552 <xi:include href="version-info.xml" xpointer="v219"/>
798d3a52
ZJS		 1553 </listitem>
1554 </varlistentry>
4d7fa6de
SS		 1555 <varlistentry>
1556 <term><varname>Independent=</varname></term>
1557 <listitem>
905a03e7
ZJS		 1558 <para>Takes a boolean. When false (the default), the tunnel is always created over some network
1559 device, and a .network file that requests this tunnel using <varname>Tunnel=</varname> is required
1560 for the tunnel to be created. When true, the tunnel is created independently of any network as
1561 "tunnel@NONE".</para>
ec07c3c8
AK		 1562
1563 <xi:include href="version-info.xml" xpointer="v235"/>
4d7fa6de
SS		 1564 </listitem>
1565 </varlistentry>
8c9c703c
YW		 1566 <varlistentry>
1567 <term><varname>AssignToLoopback=</varname></term>
1568 <listitem>
1569 <para>Takes a boolean. If set to <literal>yes</literal>, the loopback interface <literal>lo</literal>
1570 is used as the underlying device of the tunnel interface. Defaults to <literal>no</literal>.</para>
ec07c3c8
AK		 1571
1572 <xi:include href="version-info.xml" xpointer="v243"/>
8c9c703c
YW		 1573 </listitem>
1574 </varlistentry>
3a4f3e42
SS		 1575 <varlistentry>
1576 <term><varname>AllowLocalRemote=</varname></term>
1577 <listitem>
9b6ffef3 1578 <para>Takes a boolean. When true allows tunnel traffic on <varname>ip6tnl</varname> devices where the remote endpoint is a local host address.
025314d9 1579 When unset, the kernel's default will be used.
3a4f3e42 1580 </para>
ec07c3c8
AK		 1581
1582 <xi:include href="version-info.xml" xpointer="v237"/>
3a4f3e42
SS		 1583 </listitem>
1584 </varlistentry>
53cb501a
SS		 1585 <varlistentry>
1586 <term><varname>FooOverUDP=</varname></term>
1587 <listitem>
9b6ffef3 1588 <para>Takes a boolean. Specifies whether <varname>FooOverUDP=</varname> tunnel is to be configured.
0b145817
YW		 1589 Defaults to false. This takes effects only for IPIP, SIT, GRE, and GRETAP tunnels.
1590 For more detail information see
53cb501a 1591 <ulink url="https://lwn.net/Articles/614348">Foo over UDP</ulink></para>
ec07c3c8
AK		 1592
1593 <xi:include href="version-info.xml" xpointer="v240"/>
53cb501a
SS		 1594 </listitem>
1595 </varlistentry>
1596 <varlistentry>
1597 <term><varname>FOUDestinationPort=</varname></term>
1598 <listitem>
6f520e74 1599 <para>This setting specifies the UDP destination port for encapsulation.
0b145817 1600 This field is mandatory when <varname>FooOverUDP=yes</varname>, and is not set by default.</para>
ec07c3c8
AK		 1601
1602 <xi:include href="version-info.xml" xpointer="v240"/>
53cb501a
SS		 1603 </listitem>
1604 </varlistentry>
1605 <varlistentry>
1606 <term><varname>FOUSourcePort=</varname></term>
1607 <listitem>
6f520e74
ZJS		 1608 <para>This setting specifies the UDP source port for encapsulation. Defaults to <constant>0</constant>
1609 — that is, the source port for packets is left to the network stack to decide.</para>
ec07c3c8
AK		 1610
1611 <xi:include href="version-info.xml" xpointer="v240"/>
53cb501a
SS		 1612 </listitem>
1613 </varlistentry>
1614 <varlistentry>
1615 <term><varname>Encapsulation=</varname></term>
1616 <listitem>
bdac5608 1617 <para>Accepts the same key as in the [FooOverUDP] section.</para>
ec07c3c8
AK		 1618
1619 <xi:include href="version-info.xml" xpointer="v240"/>
53cb501a
SS		 1620 </listitem>
1621 </varlistentry>
d067cab3
DA		 1622 <varlistentry>
1623 <term><varname>IPv6RapidDeploymentPrefix=</varname></term>
1624 <listitem>
1625 <para>Reconfigure the tunnel for <ulink url="https://tools.ietf.org/html/rfc5569">IPv6 Rapid
1626 Deployment</ulink>, also known as 6rd. The value is an ISP-specific IPv6 prefix with a non-zero length. Only
1627 applicable to SIT tunnels.</para>
ec07c3c8
AK		 1628
1629 <xi:include href="version-info.xml" xpointer="v240"/>
d067cab3
DA		 1630 </listitem>
1631 </varlistentry>
918049ad
SS		 1632 <varlistentry>
1633 <term><varname>ISATAP=</varname></term>
1634 <listitem>
1635 <para>Takes a boolean. If set, configures the tunnel as Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel.
1636 Only applicable to SIT tunnels. When unset, the kernel's default will be used.</para>
ec07c3c8
AK		 1637
1638 <xi:include href="version-info.xml" xpointer="v240"/>
918049ad
SS		 1639 </listitem>
1640 </varlistentry>
2266864b
SS		 1641 <varlistentry>
1642 <term><varname>SerializeTunneledPackets=</varname></term>
1643 <listitem>
c65c01c4
YW		 1644 <para>Takes a boolean. If set to yes, then packets are serialized. Only applies for GRE,
1645 GRETAP, and ERSPAN tunnels. When unset, the kernel's default will be used.
2266864b 1646 </para>
ec07c3c8
AK		 1647
1648 <xi:include href="version-info.xml" xpointer="v240"/>
2266864b
SS		 1649 </listitem>
1650 </varlistentry>
98406eda
YW		 1651 <varlistentry>
1652 <term><varname>ERSPANVersion=</varname></term>
1653 <listitem>
1654 <para>Specifies the ERSPAN version number. Takes 0 for version 0 (a.k.a. type I), 1 for version 1
1655 (a.k.a. type II), or 2 for version 2 (a.k.a. type III). Defaults to 1.</para>
ec07c3c8
AK		 1656
1657 <xi:include href="version-info.xml" xpointer="v252"/>
98406eda
YW		 1658 </listitem>
1659 </varlistentry>
2266864b
SS		 1660 <varlistentry>
1661 <term><varname>ERSPANIndex=</varname></term>
1662 <listitem>
98406eda
YW		 1663 <para>Specifies the ERSPAN v1 index field for the interface. Takes an integer in the range
1664 0…1048575, which is associated with the ERSPAN traffic's source port and direction. Only used when
1665 <varname>ERSPANVersion=1</varname>. Defaults to 0.</para>
ec07c3c8
AK		 1666
1667 <xi:include href="version-info.xml" xpointer="v240"/>
98406eda
YW		 1668 </listitem>
1669 </varlistentry>
1670 <varlistentry>
1671 <term><varname>ERSPANDirection=</varname></term>
1672 <listitem>
1673 <para>Specifies the ERSPAN v2 mirrored traffic's direction. Takes <literal>ingress</literal> or
1674 <literal>egress</literal>. Only used when <varname>ERSPANVersion=2</varname>. Defaults to
1675 <literal>ingress</literal>.</para>
ec07c3c8
AK		 1676
1677 <xi:include href="version-info.xml" xpointer="v252"/>
98406eda
YW		 1678 </listitem>
1679 </varlistentry>
1680 <varlistentry>
1681 <term><varname>ERSPANHardwareId=</varname></term>
1682 <listitem>
1683 <para>Specifies an unique identifier of the ERSPAN v2 engine. Takes an integer in the range 0…63.
1684 Only used when <varname>ERSPANVersion=2</varname>. Defaults to 0.</para>
ec07c3c8
AK		 1685
1686 <xi:include href="version-info.xml" xpointer="v252"/>
2266864b
SS		 1687 </listitem>
1688 </varlistentry>
798d3a52
ZJS		 1689 </variablelist>
1690 </refsect1>
53cb501a
SS		 1691
1692 <refsect1>
1693 <title>[FooOverUDP] Section Options</title>
1694
bdac5608 1695 <para>The [FooOverUDP] section only applies for
53cb501a
SS		 1696 netdevs of kind <literal>fou</literal> and accepts the
1697 following keys:</para>
1698
1699 <variablelist class='network-directives'>
53cb501a
SS		 1700 <varlistentry>
1701 <term><varname>Encapsulation=</varname></term>
1702 <listitem>
e9dd6984
ZJS		 1703 <para>Specifies the encapsulation mechanism used to store networking packets of various protocols
1704 inside the UDP packets. Supports the following values:
53cb501a 1705
885a4e6c 1706 <literal>FooOverUDP</literal> provides the simplest no-frills model of UDP encapsulation, it simply
e9dd6984
ZJS		 1707 encapsulates packets directly in the UDP payload. <literal>GenericUDPEncapsulation</literal> is a
1708 generic and extensible encapsulation, it allows encapsulation of packets for any IP protocol and
1709 optional data as part of the encapsulation. For more detailed information see <ulink
1710 url="https://lwn.net/Articles/615044">Generic UDP Encapsulation</ulink>. Defaults to
1711 <literal>FooOverUDP</literal>.
53cb501a 1712 </para>
ec07c3c8
AK		 1713
1714 <xi:include href="version-info.xml" xpointer="v240"/>
53cb501a
SS		 1715 </listitem>
1716 </varlistentry>
1717 <varlistentry>
1718 <term><varname>Port=</varname></term>
1719 <listitem>
885a4e6c
ZJS		 1720 <para>Specifies the port number where the encapsulated packets will arrive. Those packets will be
1721 removed and manually fed back into the network stack with the encapsulation removed to be sent to
1722 the real destination. This option is mandatory.</para>
ec07c3c8
AK		 1723
1724 <xi:include href="version-info.xml" xpointer="v240"/>
53cb501a 1725 </listitem>
488d0ba1 1726 </varlistentry>
8f02c9b0
SS		 1727 <varlistentry>
1728 <term><varname>PeerPort=</varname></term>
1729 <listitem>
e9dd6984
ZJS		 1730 <para>Specifies the peer port number. Defaults to unset. Note that when peer port is set
1731 <literal>Peer=</literal> address is mandatory.</para>
ec07c3c8
AK		 1732
1733 <xi:include href="version-info.xml" xpointer="v243"/>
8f02c9b0 1734 </listitem>
488d0ba1 1735 </varlistentry>
0b145817
YW		 1736 <varlistentry>
1737 <term><varname>Protocol=</varname></term>
1738 <listitem>
1739 <para>The <varname>Protocol=</varname> specifies the protocol number of the packets arriving
1740 at the UDP port. When <varname>Encapsulation=FooOverUDP</varname>, this field is mandatory
1741 and is not set by default. Takes an IP protocol name such as <literal>gre</literal> or
1d3a473b 1742 <literal>ipip</literal>, or an integer within the range 1…255. When
0b145817 1743 <varname>Encapsulation=GenericUDPEncapsulation</varname>, this must not be specified.</para>
ec07c3c8
AK		 1744
1745 <xi:include href="version-info.xml" xpointer="v240"/>
0b145817
YW		 1746 </listitem>
1747 </varlistentry>
4502a61c
SS		 1748 <varlistentry>
1749 <term><varname>Peer=</varname></term>
1750 <listitem>
e9dd6984
ZJS		 1751 <para>Configures peer IP address. Note that when peer address is set <literal>PeerPort=</literal>
1752 is mandatory.</para>
ec07c3c8
AK		 1753
1754 <xi:include href="version-info.xml" xpointer="v243"/>
4502a61c
SS		 1755 </listitem>
1756 </varlistentry>
1757 <varlistentry>
1758 <term><varname>Local=</varname></term>
1759 <listitem>
1760 <para>Configures local IP address.</para>
ec07c3c8
AK		 1761
1762 <xi:include href="version-info.xml" xpointer="v243"/>
4502a61c
SS		 1763 </listitem>
1764 </varlistentry>
0b145817 1765 </variablelist>
53cb501a 1766 </refsect1>
488d0ba1 1767
798d3a52
ZJS		 1768 <refsect1>
1769 <title>[Peer] Section Options</title>
1770
bdac5608 1771 <para>The [Peer] section only applies for
488d0ba1
YW		 1772 netdevs of kind <literal>veth</literal> and accepts the
1773 following keys:</para>
1774
1775 <variablelist class='network-directives'>
1776 <varlistentry>
1777 <term><varname>Name=</varname></term>
1778 <listitem>
1779 <para>The interface name used when creating the netdev.
e9dd6984 1780 This setting is compulsory.</para>
ec07c3c8
AK		 1781
1782 <xi:include href="version-info.xml" xpointer="v215"/>
488d0ba1
YW		 1783 </listitem>
1784 </varlistentry>
1785 <varlistentry>
1786 <term><varname>MACAddress=</varname></term>
1787 <listitem>
1788 <para>The peer MACAddress, if not set, it is generated in
1789 the same way as the MAC address of the main
1790 interface.</para>
ec07c3c8
AK		 1791
1792 <xi:include href="version-info.xml" xpointer="v215"/>
488d0ba1
YW		 1793 </listitem>
1794 </varlistentry>
1795 </variablelist>
798d3a52 1796 </refsect1>
488d0ba1 1797
d6df583c 1798 <refsect1>
488d0ba1
YW		 1799 <title>[VXCAN] Section Options</title>
1800
bdac5608 1801 <para>The [VXCAN] section only applies for
488d0ba1
YW		 1802 netdevs of kind <literal>vxcan</literal> and accepts the
1803 following key:</para>
1804
1805 <variablelist class='network-directives'>
1806 <varlistentry>
1807 <term><varname>Peer=</varname></term>
1808 <listitem>
1809 <para>The peer interface name used when creating the netdev.
e9dd6984 1810 This setting is compulsory.</para>
ec07c3c8
AK		 1811
1812 <xi:include href="version-info.xml" xpointer="v236"/>
488d0ba1
YW		 1813 </listitem>
1814 </varlistentry>
1815 </variablelist>
d6df583c 1816 </refsect1>
488d0ba1 1817
798d3a52
ZJS		 1818 <refsect1>
1819 <title>[Tun] Section Options</title>
1820
bdac5608 1821 <para>The [Tun] section only applies for
798d3a52
ZJS		 1822 netdevs of kind <literal>tun</literal>, and accepts the following
1823 keys:</para>
1824
1825 <variablelist class='network-directives'>
798d3a52
ZJS		 1826 <varlistentry>
1827 <term><varname>MultiQueue=</varname></term>
9b6ffef3 1828 <listitem><para>Takes a boolean. Configures whether
798d3a52
ZJS		 1829 to use multiple file descriptors (queues) to parallelize
1830 packets sending and receiving. Defaults to
1831 <literal>no</literal>.</para>
ec07c3c8
AK		 1832
1833 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 1834 </listitem>
1835 </varlistentry>
1836 <varlistentry>
1837 <term><varname>PacketInfo=</varname></term>
9b6ffef3 1838 <listitem><para>Takes a boolean. Configures whether
ff9b60f3 1839 packets should be prepended with four extra bytes (two flag
b938cb90 1840 bytes and two protocol bytes). If disabled, it indicates that
798d3a52
ZJS		 1841 the packets will be pure IP packets. Defaults to
1842 <literal>no</literal>.</para>
ec07c3c8
AK		 1843
1844 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 1845 </listitem>
1846 </varlistentry>
43f78da4 1847 <varlistentry>
2aba142e 1848 <term><varname>VNetHeader=</varname></term>
9b6ffef3 1849 <listitem><para>Takes a boolean. Configures
75eed300 1850 IFF_VNET_HDR flag for a tun or tap device. It allows sending
43f78da4
SS		 1851 and receiving larger Generic Segmentation Offload (GSO)
1852 packets. This may increase throughput significantly.
1853 Defaults to
1854 <literal>no</literal>.</para>
ec07c3c8
AK		 1855
1856 <xi:include href="version-info.xml" xpointer="v223"/>
43f78da4
SS		 1857 </listitem>
1858 </varlistentry>
798d3a52
ZJS		 1859 <varlistentry>
1860 <term><varname>User=</varname></term>
1861 <listitem><para>User to grant access to the
1862 <filename>/dev/net/tun</filename> device.</para>
ec07c3c8
AK		 1863
1864 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 1865 </listitem>
1866 </varlistentry>
1867 <varlistentry>
1868 <term><varname>Group=</varname></term>
1869 <listitem><para>Group to grant access to the
1870 <filename>/dev/net/tun</filename> device.</para>
ec07c3c8
AK		 1871
1872 <xi:include href="version-info.xml" xpointer="v215"/>
798d3a52
ZJS		 1873 </listitem>
1874 </varlistentry>
f8b7c177
YW		 1875 <varlistentry>
1876 <term><varname>KeepCarrier=</varname></term>
1877 <listitem>
1878 <para>Takes a boolean. If enabled, to make the interface maintain its carrier status, the file
1879 descriptor of the interface is kept open. This may be useful to keep the interface in running
1880 state, for example while the backing process is temporarily shutdown. Defaults to
1881 <literal>no</literal>.</para>
ec07c3c8
AK		 1882
1883 <xi:include href="version-info.xml" xpointer="v252"/>
f8b7c177
YW		 1884 </listitem>
1885 </varlistentry>
798d3a52 1886 </variablelist>
798d3a52
ZJS		 1887 </refsect1>
1888
1889 <refsect1>
1890 <title>[Tap] Section Options</title>
1891
bdac5608 1892 <para>The [Tap] section only applies for
798d3a52 1893 netdevs of kind <literal>tap</literal>, and accepts the same keys
bdac5608 1894 as the [Tun] section.</para>
798d3a52
ZJS		 1895 </refsect1>
1896
e5719363
JT		 1897 <refsect1>
1898 <title>[WireGuard] Section Options</title>
1899
bdac5608 1900 <para>The [WireGuard] section accepts the following
e5719363
JT		 1901 keys:</para>
1902
1903 <variablelist class='network-directives'>
1904 <varlistentry>
1905 <term><varname>PrivateKey=</varname></term>
1906 <listitem>
fa724cd5
MY		 1907 <para>The Base64 encoded private key for the interface. It can be generated using
1908 the <command>wg genkey</command> command
311f4b8f 1909 (see <citerefentry project='man-pages'><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
fa724cd5
MY		 1910 Specially, if the specified key is prefixed with <literal>@</literal>, it is interpreted as
1911 the name of the credential from which the actual key shall be read. <command>systemd-networkd.service</command>
1912 automatically imports credentials matching <literal>network.wireguard.*</literal>. For more details
1913 on credentials, refer to
1914 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
1915 A private key is mandatory to use WireGuard. If not set, the credential
1916 <literal>network.wireguard.private.<replaceable>netdev</replaceable></literal> is used if exists.
1917 I.e. for <filename>50-foobar.netdev</filename>, <literal>network.wireguard.private.50-foobar</literal>
1918 is tried.</para>
1919
1920 <para>Note that because this information is secret, it's strongly recommended to use an (encrypted)
1921 credential. Alternatively, you may want to set the permissions of the .netdev file to be owned
1922 by <literal>root:systemd-network</literal> with a <literal>0640</literal> file mode.</para>
ec07c3c8
AK		 1923
1924 <xi:include href="version-info.xml" xpointer="v237"/>
e5719363
JT		 1925 </listitem>
1926 </varlistentry>
76df7779
YW		 1927 <varlistentry>
1928 <term><varname>PrivateKeyFile=</varname></term>
1929 <listitem>
49f16281
LP		 1930 <para>Takes an absolute path to a file which contains the Base64 encoded private key for the
1931 interface. When this option is specified, then <varname>PrivateKey=</varname> is ignored. Note
1932 that the file must be readable by the user <literal>systemd-network</literal>, so it should be,
1933 e.g., owned by <literal>root:systemd-network</literal> with a <literal>0640</literal> file mode. If
1934 the path refers to an <constant>AF_UNIX</constant> stream socket in the file system a connection is
1935 made to it and the key read from it.</para>
ec07c3c8
AK		 1936
1937 <xi:include href="version-info.xml" xpointer="v242"/>
76df7779
YW		 1938 </listitem>
1939 </varlistentry>
e5719363
JT		 1940 <varlistentry>
1941 <term><varname>ListenPort=</varname></term>
1942 <listitem>
1943 <para>Sets UDP port for listening. Takes either value between 1 and 65535
488d0ba1
YW		 1944 or <literal>auto</literal>. If <literal>auto</literal> is specified,
1945 the port is automatically generated based on interface name.
1946 Defaults to <literal>auto</literal>.</para>
ec07c3c8
AK		 1947
1948 <xi:include href="version-info.xml" xpointer="v237"/>
e5719363
JT		 1949 </listitem>
1950 </varlistentry>
1951 <varlistentry>
1c30b174 1952 <term><varname>FirewallMark=</varname></term>
e5719363 1953 <listitem>
1c30b174 1954 <para>Sets a firewall mark on outgoing WireGuard packets from this interface. Takes a number between 1 and 4294967295.</para>
ec07c3c8
AK		 1955
1956 <xi:include href="version-info.xml" xpointer="v243"/>
e5719363
JT		 1957 </listitem>
1958 </varlistentry>
e9084344
YW		 1959 <varlistentry>
1960 <term><varname>RouteTable=</varname></term>
1961 <listitem>
1962 <para>The table identifier for the routes to the addresses specified in the
e135559d
YW		 1963 <varname>AllowedIPs=</varname>. Takes a negative boolean value, one of the predefined names
1964 <literal>default</literal>, <literal>main</literal>, and <literal>local</literal>, names
1965 defined in <varname>RouteTable=</varname> in
e9084344
YW		 1966 <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1967 or a number in the range 1…4294967295. When <literal>off</literal> the routes to the
1968 addresses specified in the <varname>AllowedIPs=</varname> setting will not be configured.
e135559d
YW		 1969 Defaults to false. This setting will be ignored when the same setting is specified in the
1970 [WireGuardPeer] section.</para>
ec07c3c8
AK		 1971
1972 <xi:include href="version-info.xml" xpointer="v250"/>
e9084344
YW		 1973 </listitem>
1974 </varlistentry>
1975 <varlistentry>
1976 <term><varname>RouteMetric=</varname></term>
1977 <listitem>
1978 <para>The priority of the routes to the addresses specified in the
1979 <varname>AllowedIPs=</varname>. Takes an integer in the range 0…4294967295. Defaults to 0
1980 for IPv4 addresses, and 1024 for IPv6 addresses. This setting will be ignored when the same
1981 setting is specified in the [WireGuardPeer] section.</para>
ec07c3c8
AK		 1982
1983 <xi:include href="version-info.xml" xpointer="v250"/>
e9084344
YW		 1984 </listitem>
1985 </varlistentry>
e5719363
JT		 1986 </variablelist>
1987 </refsect1>
1988
1989 <refsect1>
1990 <title>[WireGuardPeer] Section Options</title>
1991
bdac5608 1992 <para>The [WireGuardPeer] section accepts the following
e5719363
JT		 1993 keys:</para>
1994
1995 <variablelist class='network-directives'>
1996 <varlistentry>
1997 <term><varname>PublicKey=</varname></term>
1998 <listitem>
1999 <para>Sets a Base64 encoded public key calculated by <command>wg pubkey</command>
311f4b8f 2000 (see <citerefentry project='man-pages'><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
fa724cd5
MY		 2001 from a private key, and usually transmitted out of band to the author of the configuration file.
2002 This option honors the <literal>@</literal> prefix in the same way as the <option>PrivateKey=</option>
2003 setting of the <option>[WireGuard]</option> section. This option is mandatory for this section.</para>
ec07c3c8
AK		 2004
2005 <xi:include href="version-info.xml" xpointer="v237"/>
e5719363
JT		 2006 </listitem>
2007 </varlistentry>
2008 <varlistentry>
2009 <term><varname>PresharedKey=</varname></term>
2010 <listitem>
fa724cd5
MY		 2011 <para>Optional preshared key for the interface. It can be generated by the <command>wg genpsk</command>
2012 command. This option adds an additional layer of symmetric-key cryptography to be mixed into the
2013 already existing public-key cryptography, for post-quantum resistance.
2014 This option honors the <literal>@</literal> prefix in the same way as the <option>PrivateKey=</option>
2015 setting of the <option>[WireGuard]</option> section.</para>
2016
2017 <para>Note that because this information is secret, it's strongly recommended to use an (encrypted)
2018 credential. Alternatively, you may want to set the permissions of the .netdev file to be owned
2019 by <literal>root:systemd-network</literal> with a <literal>0640</literal> file mode.</para>
ec07c3c8
AK		 2020
2021 <xi:include href="version-info.xml" xpointer="v237"/>
e5719363
JT		 2022 </listitem>
2023 </varlistentry>
a3945c63
YW		 2024 <varlistentry>
2025 <term><varname>PresharedKeyFile=</varname></term>
2026 <listitem>
2027 <para>Takes an absolute path to a file which contains the Base64 encoded preshared key for the
49f16281
LP		 2028 peer. When this option is specified, then <varname>PresharedKey=</varname> is ignored. Note that
2029 the file must be readable by the user <literal>systemd-network</literal>, so it should be, e.g.,
2030 owned by <literal>root:systemd-network</literal> with a <literal>0640</literal> file mode. If the
2031 path refers to an <constant>AF_UNIX</constant> stream socket in the file system a connection is
2032 made to it and the key read from it.</para>
ec07c3c8
AK		 2033
2034 <xi:include href="version-info.xml" xpointer="v242"/>
a3945c63
YW		 2035 </listitem>
2036 </varlistentry>
e5719363
JT		 2037 <varlistentry>
2038 <term><varname>AllowedIPs=</varname></term>
2039 <listitem>
f8c5301e
YW		 2040 <para>Sets a comma-separated list of IP (v4 or v6) addresses with CIDR masks from which this peer
2041 is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. This
2042 setting can be specified multiple times. If an empty string is assigned, then the all previous
2043 assignments are cleared.</para>
be0d27ee 2044
c6b90e5c
FK		 2045 <para>The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses,
2046 and ::/0 may be specified for matching all IPv6 addresses.</para>
be0d27ee
ZJS		 2047
2048 <para>Note that this only affects <emphasis>routing inside the network interface itself</emphasis>,
2049 i.e. the packets that pass through the tunnel itself. To cause packets to be sent via the tunnel in
2050 the first place, an appropriate route needs to be added as well — either in the
2051 <literal>[Routes]</literal> section on the <literal>.network</literal> matching the wireguard
2052 interface, or externally to <filename>systemd-networkd</filename>.</para>
ec07c3c8
AK		 2053
2054 <xi:include href="version-info.xml" xpointer="v237"/>
e5719363
JT		 2055 </listitem>
2056 </varlistentry>
2057 <varlistentry>
2058 <term><varname>Endpoint=</varname></term>
2059 <listitem>
fa724cd5
MY		 2060 <para>Sets an endpoint IP address or hostname, followed by a colon, and then a port number.
2061 IPv6 address must be in the square brackets. For example, <literal>111.222.333.444:51820</literal>
2062 for IPv4 and <literal>[1111:2222::3333]:51820</literal> for IPv6 address. This endpoint will be
2063 updated automatically once to the most recent source IP address and port of correctly
488d0ba1 2064 authenticated packets from the peer at configuration time.</para>
ec07c3c8 2065
fa724cd5
MY		 2066 <para>This option honors the <literal>@</literal> prefix in the same way as the <option>PrivateKey=</option>
2067 setting of the <option>[WireGuard]</option> section.</para>
2068
ec07c3c8 2069 <xi:include href="version-info.xml" xpointer="v237"/>
e5719363
JT		 2070 </listitem>
2071 </varlistentry>
2072 <varlistentry>
2073 <term><varname>PersistentKeepalive=</varname></term>
2074 <listitem>
2075 <para>Sets a seconds interval, between 1 and 65535 inclusive, of how often
488d0ba1
YW		 2076 to send an authenticated empty packet to the peer for the purpose
2077 of keeping a stateful firewall or NAT mapping valid persistently.
2078 For example, if the interface very rarely sends traffic, but it
2079 might at anytime receive traffic from a peer, and it is behind NAT,
2080 the interface might benefit from having a persistent keepalive
2081 interval of 25 seconds. If set to 0 or "off", this option is
2082 disabled. By default or when unspecified, this option is off.
2083 Most users will not need this.</para>
ec07c3c8
AK		 2084
2085 <xi:include href="version-info.xml" xpointer="v237"/>
e5719363
JT		 2086 </listitem>
2087 </varlistentry>
e9084344
YW		 2088 <varlistentry>
2089 <term><varname>RouteTable=</varname></term>
2090 <listitem>
2091 <para>The table identifier for the routes to the addresses specified in the
e135559d
YW		 2092 <varname>AllowedIPs=</varname>. Takes a negative boolean value, one of the predefined names
2093 <literal>default</literal>, <literal>main</literal>, and <literal>local</literal>, names
2094 defined in <varname>RouteTable=</varname> in
e9084344
YW		 2095 <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
2096 or a number in the range 1…4294967295. Defaults to unset, and the value specified in the
2097 same setting in the [WireGuard] section will be used.</para>
ec07c3c8
AK		 2098
2099 <xi:include href="version-info.xml" xpointer="v250"/>
e9084344
YW		 2100 </listitem>
2101 </varlistentry>
2102 <varlistentry>
2103 <term><varname>RouteMetric=</varname></term>
2104 <listitem>
2105 <para>The priority of the routes to the addresses specified in the
2106 <varname>AllowedIPs=</varname>. Takes an integer in the range 0…4294967295. Defaults to
2107 unset, and the value specified in the same setting in the [WireGuard] section will be used.
2108 </para>
ec07c3c8
AK		 2109
2110 <xi:include href="version-info.xml" xpointer="v250"/>
e9084344
YW		 2111 </listitem>
2112 </varlistentry>
e5719363
JT		 2113 </variablelist>
2114 </refsect1>
2115
798d3a52
ZJS		 2116 <refsect1>
2117 <title>[Bond] Section Options</title>
2118
bdac5608 2119 <para>The [Bond] section accepts the following
798d3a52
ZJS		 2120 key:</para>
2121
2122 <variablelist class='network-directives'>
2123 <varlistentry>
2124 <term><varname>Mode=</varname></term>
2125 <listitem>
2126 <para>Specifies one of the bonding policies. The default is
2127 <literal>balance-rr</literal> (round robin). Possible values are
2128 <literal>balance-rr</literal>,
2129 <literal>active-backup</literal>,
2130 <literal>balance-xor</literal>,
2131 <literal>broadcast</literal>,
2132 <literal>802.3ad</literal>,
2133 <literal>balance-tlb</literal>, and
2134 <literal>balance-alb</literal>.
2135 </para>
ec07c3c8
AK		 2136
2137 <xi:include href="version-info.xml" xpointer="v216"/>
798d3a52
ZJS		 2138 </listitem>
2139 </varlistentry>
2140
2141 <varlistentry>
2142 <term><varname>TransmitHashPolicy=</varname></term>
2143 <listitem>
2144 <para>Selects the transmit hash policy to use for slave
2145 selection in balance-xor, 802.3ad, and tlb modes. Possible
2146 values are
2147 <literal>layer2</literal>,
2148 <literal>layer3+4</literal>,
2149 <literal>layer2+3</literal>,
4d89618a 2150 <literal>encap2+3</literal>, and
798d3a52
ZJS		 2151 <literal>encap3+4</literal>.
2152 </para>
ec07c3c8
AK		 2153
2154 <xi:include href="version-info.xml" xpointer="v216"/>
798d3a52
ZJS		 2155 </listitem>
2156 </varlistentry>
2157
2158 <varlistentry>
2159 <term><varname>LACPTransmitRate=</varname></term>
2160 <listitem>
2161 <para>Specifies the rate with which link partner transmits
2162 Link Aggregation Control Protocol Data Unit packets in
2163 802.3ad mode. Possible values are <literal>slow</literal>,
2164 which requests partner to transmit LACPDUs every 30 seconds,
2165 and <literal>fast</literal>, which requests partner to
2166 transmit LACPDUs every second. The default value is
2167 <literal>slow</literal>.</para>
ec07c3c8
AK		 2168
2169 <xi:include href="version-info.xml" xpointer="v216"/>
798d3a52
ZJS		 2170 </listitem>
2171 </varlistentry>
2172
2173 <varlistentry>
2174 <term><varname>MIIMonitorSec=</varname></term>
2175 <listitem>
2176 <para>Specifies the frequency that Media Independent
2177 Interface link monitoring will occur. A value of zero
dd2b607b 2178 disables MII link monitoring. This value is rounded down to
798d3a52 2179 the nearest millisecond. The default value is 0.</para>
ec07c3c8
AK		 2180
2181 <xi:include href="version-info.xml" xpointer="v216"/>
798d3a52 2182 </listitem>
00386d5b
SS		 2183 </varlistentry>
2184
2185 <varlistentry>
2186 <term><varname>PeerNotifyDelaySec=</varname></term>
2187 <listitem>
2188 <para>Specifies the number of seconds the delay between each peer notification
2189 (gratuitous ARP and unsolicited IPv6 Neighbor Advertisement) when they are issued
2190 after a failover event. This delay should be a multiple of the MII link monitor
2191 interval (miimon). The valid range is 0...300s. The default value is 0,
2192 which means to match the value of the <varname>MIIMonitorSec=</varname>.</para>
2193
2194 <xi:include href="version-info.xml" xpointer="v256"/>
2195 </listitem>
798d3a52
ZJS		 2196 </varlistentry>
2197
2198 <varlistentry>
2199 <term><varname>UpDelaySec=</varname></term>
2200 <listitem>
2201 <para>Specifies the delay before a link is enabled after a
2202 link up status has been detected. This value is rounded down
f3fa44cb 2203 to a multiple of <varname>MIIMonitorSec=</varname>. The default value is
798d3a52 2204 0.</para>
ec07c3c8
AK		 2205
2206 <xi:include href="version-info.xml" xpointer="v216"/>
798d3a52
ZJS		 2207 </listitem>
2208 </varlistentry>
2209
2210 <varlistentry>
2211 <term><varname>DownDelaySec=</varname></term>
2212 <listitem>
2213 <para>Specifies the delay before a link is disabled after a
2214 link down status has been detected. This value is rounded
f3fa44cb 2215 down to a multiple of <varname>MIIMonitorSec=</varname>. The default value is
798d3a52 2216 0.</para>
ec07c3c8
AK		 2217
2218 <xi:include href="version-info.xml" xpointer="v216"/>
798d3a52
ZJS		 2219 </listitem>
2220 </varlistentry>
2221
81bd37a8 2222 <varlistentry>
38422da7 2223 <term><varname>LearnPacketIntervalSec=</varname></term>
81bd37a8
SS		 2224 <listitem>
2225 <para>Specifies the number of seconds between instances where the bonding
a8eaaee7 2226 driver sends learning packets to each slave peer switch.
9b65490f 2227 The valid range is 1…0x7fffffff; the default value is 1. This option
a8eaaee7 2228 has an effect only for the balance-tlb and balance-alb modes.</para>
ec07c3c8
AK		 2229
2230 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2231 </listitem>
2232 </varlistentry>
2233
2234 <varlistentry>
2235 <term><varname>AdSelect=</varname></term>
2236 <listitem>
2237 <para>Specifies the 802.3ad aggregation selection logic to use. Possible values are
2238 <literal>stable</literal>,
a8eaaee7
JE		 2239 <literal>bandwidth</literal> and
2240 <literal>count</literal>.
81bd37a8 2241 </para>
ec07c3c8
AK		 2242
2243 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2244 </listitem>
2245 </varlistentry>
2246
99f68ef0 2247 <varlistentry>
db688b7e 2248 <term><varname>AdActorSystemPriority=</varname></term>
99f68ef0 2249 <listitem>
1d3a473b 2250 <para>Specifies the 802.3ad actor system priority. Takes a number in the range 1…65535.</para>
ec07c3c8
AK		 2251
2252 <xi:include href="version-info.xml" xpointer="v240"/>
99f68ef0
TJ		 2253 </listitem>
2254 </varlistentry>
2255
2256 <varlistentry>
2257 <term><varname>AdUserPortKey=</varname></term>
2258 <listitem>
e9dd6984 2259 <para>Specifies the 802.3ad user defined portion of the port key. Takes a number in the range
be0d27ee 2260 0…1023.</para>
ec07c3c8
AK		 2261
2262 <xi:include href="version-info.xml" xpointer="v240"/>
99f68ef0
TJ		 2263 </listitem>
2264 </varlistentry>
2265
2266 <varlistentry>
2267 <term><varname>AdActorSystem=</varname></term>
2268 <listitem>
7ad41997
ZJS		 2269 <para>Specifies the 802.3ad system MAC address. This cannot be a null or multicast address.
2270 </para>
ec07c3c8
AK		 2271
2272 <xi:include href="version-info.xml" xpointer="v240"/>
99f68ef0
TJ		 2273 </listitem>
2274 </varlistentry>
2275
81bd37a8 2276 <varlistentry>
38422da7 2277 <term><varname>FailOverMACPolicy=</varname></term>
81bd37a8 2278 <listitem>
a8eaaee7
JE		 2279 <para>Specifies whether the active-backup mode should set all slaves to
2280 the same MAC address at the time of enslavement or, when enabled, to perform special handling of the
81bd37a8
SS		 2281 bond's MAC address in accordance with the selected policy. The default policy is none.
2282 Possible values are
2283 <literal>none</literal>,
a8eaaee7
JE		 2284 <literal>active</literal> and
2285 <literal>follow</literal>.
81bd37a8 2286 </para>
ec07c3c8
AK		 2287
2288 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2289 </listitem>
2290 </varlistentry>
2291
2292 <varlistentry>
38422da7 2293 <term><varname>ARPValidate=</varname></term>
81bd37a8
SS		 2294 <listitem>
2295 <para>Specifies whether or not ARP probes and replies should be
38422da7 2296 validated in any mode that supports ARP monitoring, or whether
81bd37a8
SS		 2297 non-ARP traffic should be filtered (disregarded) for link
2298 monitoring purposes. Possible values are
2299 <literal>none</literal>,
2300 <literal>active</literal>,
a8eaaee7
JE		 2301 <literal>backup</literal> and
2302 <literal>all</literal>.
81bd37a8 2303 </para>
ec07c3c8
AK		 2304
2305 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2306 </listitem>
2307 </varlistentry>
2308
2309 <varlistentry>
38422da7 2310 <term><varname>ARPIntervalSec=</varname></term>
81bd37a8 2311 <listitem>
06c52cc2
ZJS		 2312 <para>Specifies the ARP link monitoring frequency. A value of 0 disables ARP monitoring. The
2313 default value is 0, and the default unit seconds.
81bd37a8 2314 </para>
ec07c3c8
AK		 2315
2316 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2317 </listitem>
2318 </varlistentry>
2319
2320 <varlistentry>
38422da7 2321 <term><varname>ARPIPTargets=</varname></term>
81bd37a8
SS		 2322 <listitem>
2323 <para>Specifies the IP addresses to use as ARP monitoring peers when
f3fa44cb
YW		 2324 <varname>ARPIntervalSec=</varname> is greater than 0. These are the targets of the ARP
2325 request sent to determine the health of the link to the targets.
a8eaaee7 2326 Specify these values in IPv4 dotted decimal format. At least one IP
81bd37a8
SS		 2327 address must be given for ARP monitoring to function. The
2328 maximum number of targets that can be specified is 16. The
2329 default value is no IP addresses.
2330 </para>
ec07c3c8
AK		 2331
2332 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2333 </listitem>
2334 </varlistentry>
2335
2336 <varlistentry>
38422da7 2337 <term><varname>ARPAllTargets=</varname></term>
81bd37a8 2338 <listitem>
f3fa44cb 2339 <para>Specifies the quantity of <varname>ARPIPTargets=</varname> that must be reachable
81bd37a8
SS		 2340 in order for the ARP monitor to consider a slave as being up.
2341 This option affects only active-backup mode for slaves with
38422da7 2342 ARPValidate enabled. Possible values are
a8eaaee7
JE		 2343 <literal>any</literal> and
2344 <literal>all</literal>.
81bd37a8 2345 </para>
ec07c3c8
AK		 2346
2347 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2348 </listitem>
2349 </varlistentry>
2350
2351 <varlistentry>
38422da7 2352 <term><varname>PrimaryReselectPolicy=</varname></term>
81bd37a8
SS		 2353 <listitem>
2354 <para>Specifies the reselection policy for the primary slave. This
2355 affects how the primary slave is chosen to become the active slave
2356 when failure of the active slave or recovery of the primary slave
2357 occurs. This option is designed to prevent flip-flopping between
2358 the primary slave and other slaves. Possible values are
2359 <literal>always</literal>,
a8eaaee7
JE		 2360 <literal>better</literal> and
2361 <literal>failure</literal>.
81bd37a8 2362 </para>
ec07c3c8
AK		 2363
2364 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2365 </listitem>
2366 </varlistentry>
2367
2368 <varlistentry>
2369 <term><varname>ResendIGMP=</varname></term>
2370 <listitem>
2371 <para>Specifies the number of IGMP membership reports to be issued after
2372 a failover event. One membership report is issued immediately after
2373 the failover, subsequent packets are sent in each 200ms interval.
9b65490f 2374 The valid range is 0…255. Defaults to 1. A value of 0
81bd37a8
SS		 2375 prevents the IGMP membership report from being issued in response
2376 to the failover event.
2377 </para>
ec07c3c8
AK		 2378
2379 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2380 </listitem>
2381 </varlistentry>
2382
2383 <varlistentry>
2384 <term><varname>PacketsPerSlave=</varname></term>
2385 <listitem>
b938cb90 2386 <para>Specify the number of packets to transmit through a slave before
488d0ba1 2387 moving to the next one. When set to 0, then a slave is chosen at
9b65490f 2388 random. The valid range is 0…65535. Defaults to 1. This option
488d0ba1 2389 only has effect when in balance-rr mode.
81bd37a8 2390 </para>
ec07c3c8
AK		 2391
2392 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2393 </listitem>
2394 </varlistentry>
2395
2396 <varlistentry>
38422da7 2397 <term><varname>GratuitousARP=</varname></term>
81bd37a8
SS		 2398 <listitem>
2399 <para>Specify the number of peer notifications (gratuitous ARPs and
488d0ba1
YW		 2400 unsolicited IPv6 Neighbor Advertisements) to be issued after a
2401 failover event. As soon as the link is up on the new slave,
2402 a peer notification is sent on the bonding device and each
2403 VLAN sub-device. This is repeated at each link monitor interval
2404 (ARPIntervalSec or MIIMonitorSec, whichever is active) if the number is
9b65490f 2405 greater than 1. The valid range is 0…255. The default value is 1.
488d0ba1 2406 These options affect only the active-backup mode.
81bd37a8 2407 </para>
ec07c3c8
AK		 2408
2409 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2410 </listitem>
2411 </varlistentry>
2412
2413 <varlistentry>
2414 <term><varname>AllSlavesActive=</varname></term>
2415 <listitem>
9b6ffef3 2416 <para>Takes a boolean. Specifies that duplicate frames (received on inactive ports)
a8eaaee7 2417 should be dropped when false, or delivered when true. Normally, bonding will drop
81bd37a8
SS		 2418 duplicate frames (received on inactive ports), which is desirable for
2419 most users. But there are some times it is nice to allow duplicate
2420 frames to be delivered. The default value is false (drop duplicate frames
2421 received on inactive ports).
2422 </para>
ec07c3c8
AK		 2423
2424 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2425 </listitem>
2426 </varlistentry>
2427
fde60a42
SS		 2428 <varlistentry>
2429 <term><varname>DynamicTransmitLoadBalancing=</varname></term>
2430 <listitem>
2431 <para>Takes a boolean. Specifies if dynamic shuffling of flows is enabled. Applies only
2432 for balance-tlb mode. Defaults to unset.
2433 </para>
ec07c3c8
AK		 2434
2435 <xi:include href="version-info.xml" xpointer="v240"/>
fde60a42
SS		 2436 </listitem>
2437 </varlistentry>
2438
81bd37a8
SS		 2439 <varlistentry>
2440 <term><varname>MinLinks=</varname></term>
2441 <listitem>
2442 <para>Specifies the minimum number of links that must be active before
2443 asserting carrier. The default value is 0.
2444 </para>
ec07c3c8
AK		 2445
2446 <xi:include href="version-info.xml" xpointer="v220"/>
81bd37a8
SS		 2447 </listitem>
2448 </varlistentry>
b33bba04
SS		 2449
2450 <varlistentry>
2451 <term><varname>ARPMissedMax=</varname></term>
2452 <listitem>
2453 <para>Specify the maximum number of arp interval monitor cycle
2454 for missed ARP replies. If this number is exceeded, link is reported as
2455 down. Defaults to unset.
2456 </para>
2457
2458 <xi:include href="version-info.xml" xpointer="v256"/>
2459 </listitem>
2460 </varlistentry>
798d3a52 2461 </variablelist>
81bd37a8
SS		 2462
2463 <para>For more detail information see
0e685823 2464 <ulink url="https://docs.kernel.org/networking/bonding.html">
81bd37a8 2465 Linux Ethernet Bonding Driver HOWTO</ulink></para>
b8d88b26 2466 </refsect1>
81bd37a8 2467
98d20a17 2468 <refsect1>
2469 <title>[Xfrm] Section Options</title>
2470
bdac5608 2471 <para>The [Xfrm] section accepts the following
98d20a17 2472 keys:</para>
2473
2474 <variablelist class='network-directives'>
2475 <varlistentry>
2476 <term><varname>InterfaceId=</varname></term>
2477 <listitem>
2478 <para>Sets the ID/key of the xfrm interface which needs to be associated with a SA/policy.
fd110059 2479 Can be decimal or hexadecimal, valid range is 1-0xffffffff. This is mandatory.</para>
ec07c3c8
AK		 2480
2481 <xi:include href="version-info.xml" xpointer="v243"/>
98d20a17 2482 </listitem>
2483 </varlistentry>
2484 <varlistentry>
2485 <term><varname>Independent=</varname></term>
2486 <listitem>
905a03e7
ZJS		 2487 <para>Takes a boolean. If false (the default), the xfrm interface must have an underlying device
2488 which can be used for hardware offloading.</para>
ec07c3c8
AK		 2489
2490 <xi:include href="version-info.xml" xpointer="v243"/>
98d20a17 2491 </listitem>
2492 </varlistentry>
2493 </variablelist>
2494
2495 <para>For more detail information see
e9dd6984 2496 <ulink url="https://lwn.net/Articles/757391">Virtual XFRM Interfaces</ulink>.</para>
98d20a17 2497 </refsect1>
2498
b8d88b26
FP		 2499 <refsect1>
2500 <title>[VRF] Section Options</title>
bdac5608 2501 <para>The [VRF] section only applies for
b8d88b26
FP		 2502 netdevs of kind <literal>vrf</literal> and accepts the
2503 following key:</para>
2504
2505 <variablelist class='network-directives'>
2506 <varlistentry>
2507 <term><varname>Table=</varname></term>
2508 <listitem>
e9dd6984 2509 <para>The numeric routing table identifier. This setting is compulsory.</para>
ec07c3c8
AK		 2510
2511 <xi:include href="version-info.xml" xpointer="v243"/>
b8d88b26
FP		 2512 </listitem>
2513 </varlistentry>
2514 </variablelist>
798d3a52
ZJS		 2515 </refsect1>
2516
c0267a59
AW		 2517 <refsect1>
2518 <title>[BatmanAdvanced] Section Options</title>
be0d27ee
ZJS		 2519
2520 <para>The [BatmanAdvanced] section only applies for netdevs of kind <literal>batadv</literal> and accepts
2521 the following keys:</para>
c0267a59
AW		 2522
2523 <variablelist class='network-directives'>
2524 <varlistentry>
2525 <term><varname>GatewayMode=</varname></term>
2526 <listitem>
2527 <para>Takes one of <literal>off</literal>, <literal>server</literal>, or <literal>client</literal>.
2528 A batman-adv node can either run in server mode (sharing its internet
2529 connection with the mesh) or in client mode (searching for the most suitable internet connection
2530 in the mesh) or having the gateway support turned off entirely (which is the default setting).
2531 </para>
ec07c3c8
AK		 2532
2533 <xi:include href="version-info.xml" xpointer="v248"/>
c0267a59
AW		 2534 </listitem>
2535 </varlistentry>
2536 <varlistentry>
2537 <term><varname>Aggregation=</varname></term>
2538 <listitem>
2539 <para>Takes a boolean value. Enables or disables aggregation of originator messages. Defaults to
2540 true.
2541 </para>
ec07c3c8
AK		 2542
2543 <xi:include href="version-info.xml" xpointer="v248"/>
c0267a59
AW		 2544 </listitem>
2545 </varlistentry>
2546 <varlistentry>
2547 <term><varname>BridgeLoopAvoidance=</varname></term>
2548 <listitem>
2549 <para>Takes a boolean value. Enables or disables avoidance of loops on bridges. Defaults to true.
2550 </para>
ec07c3c8
AK		 2551
2552 <xi:include href="version-info.xml" xpointer="v248"/>
c0267a59
AW		 2553 </listitem>
2554 </varlistentry>
2555 <varlistentry>
2556 <term><varname>DistributedArpTable=</varname></term>
2557 <listitem>
2558 <para>Takes a boolean value. Enables or disables the distributed ARP table. Defaults to true.</para>
ec07c3c8
AK		 2559
2560 <xi:include href="version-info.xml" xpointer="v248"/>
c0267a59
AW		 2561 </listitem>
2562 </varlistentry>
2563 <varlistentry>
2564 <term><varname>Fragmentation=</varname></term>
2565 <listitem>
2566 <para>Takes a boolean value. Enables or disables fragmentation. Defaults to true.</para>
ec07c3c8
AK		 2567
2568 <xi:include href="version-info.xml" xpointer="v248"/>
c0267a59
AW		 2569 </listitem>
2570 </varlistentry>
2571 <varlistentry>
2572 <term><varname>HopPenalty=</varname></term>
2573 <listitem>
6eed65d4 2574 <para>The hop penalty setting allows one to modify
ba3dc451 2575 <citerefentry project='mankier'><refentrytitle>batctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>
fa027117 2576 preference for multihop routes vs. short routes. This integer value is applied to the
c0267a59
AW		 2577 TQ (Transmit Quality) of each forwarded OGM (Originator Message), thereby propagating the
2578 cost of an extra hop (the packet has to be received and retransmitted which costs airtime).
2579 A higher hop penalty will make it more unlikely that other nodes will choose this node as
2580 intermediate hop towards any given destination. The default hop penalty of '15' is a reasonable
2581 value for most setups and probably does not need to be changed. However, mobile nodes could
2582 choose a value of 255 (maximum value) to avoid being chosen as a router by other nodes.
2583 The minimum value is 0.
2584 </para>
ec07c3c8
AK		 2585
2586 <xi:include href="version-info.xml" xpointer="v248"/>
c0267a59
AW		 2587 </listitem>
2588 </varlistentry>
2589 <varlistentry>
2590 <term><varname>OriginatorIntervalSec=</varname></term>
2591 <listitem>
2592 <para>The value specifies the interval in seconds, unless another time unit is specified in which
2593 batman-adv floods the network with its protocol information.
2594 See <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
2595 for more information.</para>
ec07c3c8
AK		 2596
2597 <xi:include href="version-info.xml" xpointer="v248"/>
c0267a59
AW		 2598 </listitem>
2599 </varlistentry>
2600 <varlistentry>
2601 <term><varname>GatewayBandwidthDown=</varname></term>
2602 <listitem>
2603 <para>If the node is a server, this
2604 parameter is used to inform other nodes in the network about
2605 this node's internet connection download bandwidth in bits per second. Just enter any number
2606 suffixed with K, M, G or T (base 1000) and the batman-adv
2607 module will propagate the entered value in the mesh.</para>
ec07c3c8
AK		 2608
2609 <xi:include href="version-info.xml" xpointer="v248"/>
c0267a59
AW		 2610 </listitem>
2611 </varlistentry>
2612 <varlistentry>
2613 <term><varname>GatewayBandwidthUp=</varname></term>
2614 <listitem>
2615 <para>If the node is a server, this
2616 parameter is used to inform other nodes in the network about
2617 this node's internet connection upload bandwidth in bits per second. Just enter any number
2618 suffixed with K, M, G or T (base 1000) and the batman-adv
2619 module will propagate the entered value in the mesh.</para>
ec07c3c8
AK		 2620
2621 <xi:include href="version-info.xml" xpointer="v248"/>
c0267a59
AW		 2622 </listitem>
2623 </varlistentry>
2624 <varlistentry>
2625 <term><varname>RoutingAlgorithm=</varname></term>
2626 <listitem>
2627 <para>This can be either <literal>batman-v</literal> or <literal>batman-iv</literal> and describes which routing_algo
ff9412c1 2628 of <citerefentry project='mankier'><refentrytitle>batctl</refentrytitle><manvolnum>8</manvolnum></citerefentry> to use. The algorithm
c0267a59
AW		 2629 cannot be changed after interface creation. Defaults to <literal>batman-v</literal>.
2630 </para>
ec07c3c8
AK		 2631
2632 <xi:include href="version-info.xml" xpointer="v248"/>
c0267a59
AW		 2633 </listitem>
2634 </varlistentry>
2635 </variablelist>
2636 </refsect1>
2637
b90d0f83
YW		 2638 <refsect1>
2639 <title>[IPoIB] Section Options</title>
2640 <para>The [IPoIB] section only applies for netdevs of kind <literal>ipoib</literal> and accepts the
2641 following keys:</para>
2642
2643 <variablelist class='network-directives'>
2644 <varlistentry>
2645 <term><varname>PartitionKey=</varname></term>
2646 <listitem>
2647 <para>Takes an integer in the range 1…0xffff, except for 0x8000. Defaults to unset, and the
2648 kernel's default is used.</para>
ec07c3c8
AK		 2649
2650 <xi:include href="version-info.xml" xpointer="v250"/>
b90d0f83
YW		 2651 </listitem>
2652 </varlistentry>
2653
2654 <varlistentry id='ipoib_mode'>
2655 <term><varname>Mode=</varname></term>
2656 <listitem>
2657 <para>Takes one of the special values <literal>datagram</literal> or
2658 <literal>connected</literal>. Defaults to unset, and the kernel's default is used.</para>
2659
2660 <para>When <literal>datagram</literal>, the Infiniband unreliable datagram (UD) transport is
2661 used, and so the interface MTU is equal to the IB L2 MTU minus the IPoIB encapsulation
2662 header (4 bytes). For example, in a typical IB fabric with a 2K MTU, the IPoIB MTU will be
2663 2048 - 4 = 2044 bytes.</para>
2664
2665 <para>When <literal>connected</literal>, the Infiniband reliable connected (RC) transport is
2666 used. Connected mode takes advantage of the connected nature of the IB transport and allows
2667 an MTU up to the maximal IP packet size of 64K, which reduces the number of IP packets needed
2668 for handling large UDP datagrams, TCP segments, etc and increases the performance for large
2669 messages.</para>
ec07c3c8
AK		 2670
2671 <xi:include href="version-info.xml" xpointer="v250"/>
b90d0f83
YW		 2672 </listitem>
2673 </varlistentry>
2674
2675 <varlistentry id='ipoib_umcast'>
2676 <term><varname>IgnoreUserspaceMulticastGroup=</varname></term>
2677 <listitem>
2678 <para>Takes an boolean value. When true, the kernel ignores multicast groups handled by
2679 userspace. Defaults to unset, and the kernel's default is used.</para>
ec07c3c8
AK		 2680
2681 <xi:include href="version-info.xml" xpointer="v250"/>
b90d0f83
YW		 2682 </listitem>
2683 </varlistentry>
2684 </variablelist>
2685 </refsect1>
2686
dedf2d00 2687 <refsect1>
ec4954d9
YW		 2688 <title>[WLAN] Section Options</title>
2689 <para>The [WLAN] section only applies to WLAN interfaces, and accepts the following keys:</para>
dedf2d00
YW		 2690
2691 <variablelist class='network-directives'>
2692 <varlistentry>
2693 <term><varname>PhysicalDevice=</varname></term>
2694 <listitem>
ec4954d9 2695 <para>Specifies the name or index of the physical WLAN device (e.g. <literal>0</literal> or
6a1d8f11 2696 <literal>phy0</literal>). The list of the physical WLAN devices that exist on the host can be
ec4954d9 2697 obtained by <command>iw phy</command> command. This option is mandatory.</para>
ec07c3c8
AK		 2698
2699 <xi:include href="version-info.xml" xpointer="v251"/>
dedf2d00
YW		 2700 </listitem>
2701 </varlistentry>
2702
2703 <varlistentry>
2704 <term><varname>Type=</varname></term>
2705 <listitem>
2706 <para>Specifies the type of the interface. Takes one of the <literal>ad-hoc</literal>,
2707 <literal>station</literal>, <literal>ap</literal>, <literal>ap-vlan</literal>,
2708 <literal>wds</literal>, <literal>monitor</literal>, <literal>mesh-point</literal>,
2709 <literal>p2p-client</literal>, <literal>p2p-go</literal>, <literal>p2p-device</literal>,
2710 <literal>ocb</literal>, and <literal>nan</literal>. This option is mandatory.</para>
ec07c3c8
AK		 2711
2712 <xi:include href="version-info.xml" xpointer="v251"/>
dedf2d00
YW		 2713 </listitem>
2714 </varlistentry>
2715
2716 <varlistentry>
2717 <term><varname>WDS=</varname></term>
2718 <listitem>
2719 <para>Enables the Wireless Distribution System (WDS) mode on the interface. The mode is also
2720 known as the <literal>4 address mode</literal>. Takes a boolean value. Defaults to unset, and
2721 the kernel's default will be used.</para>
ec07c3c8
AK		 2722
2723 <xi:include href="version-info.xml" xpointer="v251"/>
dedf2d00
YW		 2724 </listitem>
2725 </varlistentry>
2726 </variablelist>
2727 </refsect1>
2728
798d3a52 2729 <refsect1>
48847676 2730 <title>Examples</title>
798d3a52 2731 <example>
6c1695be 2732 <title>/etc/systemd/network/25-bridge.netdev</title>
798d3a52
ZJS		 2733
2734 <programlisting>[NetDev]
eac684ef
TG		 2735Name=bridge0
2736Kind=bridge</programlisting>
798d3a52 2737 </example>
eac684ef 2738
798d3a52 2739 <example>
6c1695be 2740 <title>/etc/systemd/network/25-vlan1.netdev</title>
eac684ef 2741
798d3a52 2742 <programlisting>[Match]
eac684ef
TG		 2743Virtualization=no
2744
2745[NetDev]
2746Name=vlan1
2747Kind=vlan
2748
2749[VLAN]
2750Id=1</programlisting>
798d3a52
ZJS		 2751 </example>
2752 <example>
6c1695be 2753 <title>/etc/systemd/network/25-ipip.netdev</title>
798d3a52 2754 <programlisting>[NetDev]
b35a2909
TG		 2755Name=ipip-tun
2756Kind=ipip
2757MTUBytes=1480
2758
2759[Tunnel]
2760Local=192.168.223.238
2761Remote=192.169.224.239
2762TTL=64</programlisting>
798d3a52 2763 </example>
53cb501a
SS		 2764 <example>
2765 <title>/etc/systemd/network/1-fou-tunnel.netdev</title>
2766 <programlisting>[NetDev]
2767Name=fou-tun
2768Kind=fou
2769
2770[FooOverUDP]
2771Port=5555
2772Protocol=4
2773 </programlisting>
2774 </example>
2775 <example>
2776 <title>/etc/systemd/network/25-fou-ipip.netdev</title>
2777 <programlisting>[NetDev]
53cb501a
SS		 2778Name=ipip-tun
2779Kind=ipip
2780
2781[Tunnel]
964c4eda 2782Independent=yes
53cb501a
SS		 2783Local=10.65.208.212
2784Remote=10.65.208.211
964c4eda 2785FooOverUDP=yes
53cb501a
SS		 2786FOUDestinationPort=5555
2787 </programlisting>
2788 </example>
798d3a52 2789 <example>
6c1695be 2790 <title>/etc/systemd/network/25-tap.netdev</title>
798d3a52 2791 <programlisting>[NetDev]
30ae9dfd
SS		 2792Name=tap-test
2793Kind=tap
2794
2795[Tap]
964c4eda
LP		 2796MultiQueue=yes
2797PacketInfo=yes</programlisting> </example>
eac684ef 2798
798d3a52 2799 <example>
6c1695be 2800 <title>/etc/systemd/network/25-sit.netdev</title>
798d3a52 2801 <programlisting>[NetDev]
b35a2909
TG		 2802Name=sit-tun
2803Kind=sit
2804MTUBytes=1480
2805
2806[Tunnel]
2807Local=10.65.223.238
2808Remote=10.65.223.239</programlisting>
798d3a52 2809 </example>
eac684ef 2810
d067cab3
DA		 2811 <example>
2812 <title>/etc/systemd/network/25-6rd.netdev</title>
2813 <programlisting>[NetDev]
2814Name=6rd-tun
2815Kind=sit
2816MTUBytes=1480
2817
2818[Tunnel]
2819Local=10.65.223.238
2820IPv6RapidDeploymentPrefix=2602::/24</programlisting>
2821 </example>
2822
798d3a52 2823 <example>
6c1695be 2824 <title>/etc/systemd/network/25-gre.netdev</title>
798d3a52 2825 <programlisting>[NetDev]
b35a2909
TG		 2826Name=gre-tun
2827Kind=gre
2828MTUBytes=1480
2829
2830[Tunnel]
2831Local=10.65.223.238
2832Remote=10.65.223.239</programlisting>
798d3a52 2833 </example>
b35a2909 2834
21bba27d 2835 <example>
2836 <title>/etc/systemd/network/25-ip6gre.netdev</title>
2837 <programlisting>[NetDev]
2838Name=ip6gre-tun
2839Kind=ip6gre
2840
2841[Tunnel]
2842Key=123</programlisting>
2843 </example>
2844
798d3a52 2845 <example>
6c1695be 2846 <title>/etc/systemd/network/25-vti.netdev</title>
b35a2909 2847
798d3a52 2848 <programlisting>[NetDev]
b35a2909
TG		 2849Name=vti-tun
2850Kind=vti
2851MTUBytes=1480
2852
2853[Tunnel]
2854Local=10.65.223.238
2855Remote=10.65.223.239</programlisting>
798d3a52 2856 </example>
b35a2909 2857
798d3a52 2858 <example>
6c1695be 2859 <title>/etc/systemd/network/25-veth.netdev</title>
798d3a52 2860 <programlisting>[NetDev]
b35a2909
TG		 2861Name=veth-test
2862Kind=veth
2863
2864[Peer]
2865Name=veth-peer</programlisting>
798d3a52 2866 </example>
b35a2909 2867
d94facdc 2868 <example>
6c1695be 2869 <title>/etc/systemd/network/25-bond.netdev</title>
d94facdc
MH		 2870 <programlisting>[NetDev]
2871Name=bond1
2872Kind=bond
2873
2874[Bond]
2875Mode=802.3ad
2876TransmitHashPolicy=layer3+4
2877MIIMonitorSec=1s
2878LACPTransmitRate=fast
2879</programlisting>
2880 </example>
2881
798d3a52 2882 <example>
6c1695be 2883 <title>/etc/systemd/network/25-dummy.netdev</title>
798d3a52 2884 <programlisting>[NetDev]
9e358851
TG		 2885Name=dummy-test
2886Kind=dummy
2887MACAddress=12:34:56:78:9a:bc</programlisting>
798d3a52 2888 </example>
20897a0d
AR		 2889 <example>
2890 <title>/etc/systemd/network/25-vrf.netdev</title>
037a3ded 2891 <para>Create a VRF interface with table 42.</para>
20897a0d
AR		 2892 <programlisting>[NetDev]
2893Name=vrf-test
2894Kind=vrf
798d3a52 2895
20897a0d 2896[VRF]
362f6336 2897Table=42</programlisting>
20897a0d 2898 </example>
42125eda
SS		 2899
2900 <example>
2901 <title>/etc/systemd/network/25-macvtap.netdev</title>
2902 <para>Create a MacVTap device.</para>
2903 <programlisting>[NetDev]
2904Name=macvtap-test
2905Kind=macvtap
2906 </programlisting>
2907 </example>
e5719363
JT		 2908 <example>
2909 <title>/etc/systemd/network/25-wireguard.netdev</title>
2910 <programlisting>[NetDev]
2911Name=wg0
2912Kind=wireguard
2913
2914[WireGuard]
2915PrivateKey=EEGlnEPYJV//kbvvIqxKkQwOiS+UENyPncC4bF46ong=
2916ListenPort=51820
2917
2918[WireGuardPeer]
2919PublicKey=RDf+LSpeEre7YEIKaxg+wbpsNV7du+ktR99uBEtIiCA=
2920AllowedIPs=fd31:bf08:57cb::/48,192.168.26.0/24
2921Endpoint=wireguard.example.com:51820</programlisting>
2922 </example>
98d20a17 2923
2924 <example>
2925 <title>/etc/systemd/network/27-xfrm.netdev</title>
a15e1a5d 2926 <programlisting>[NetDev]
98d20a17 2927Name=xfrm0
2928Kind=xfrm
2929
2930[Xfrm]
2931Independent=yes</programlisting>
2932 </example>
798d3a52 2933 </refsect1>
488d0ba1 2934
798d3a52
ZJS		 2935 <refsect1>
2936 <title>See Also</title>
13a69c12
DT		 2937 <para><simplelist type="inline">
2938 <member><citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
2939 <member><citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
2940 <member><citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
2941 <member><citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
2942 <member><citerefentry><refentrytitle>systemd-network-generator.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
2943 </simplelist></para>
798d3a52 2944 </refsect1>
eac684ef
TG		 2945
2946</refentry>
Unnamed repository; edit this file 'description' to name the repository.