<entry>A Level 2 GRE tunnel over IPv4.</entry></row>
<row><entry><varname>erspan</varname></entry>
- <entry>ERSPAN mirrors traffic on one or more source ports and delivers the mirrored traffic to one or more destination ports on another switch.
- The traffic is encapsulated in generic routing encapsulation (GRE) and is therefore routable across a layer 3 network between the source switch
- and the destination switch.</entry></row>
+ <entry>ERSPAN mirrors traffic on one or more source ports and delivers the mirrored traffic to one or more destination ports on another switch. The traffic is encapsulated in generic routing encapsulation (GRE) and is therefore routable across a layer 3 network between the source switch and the destination switch.</entry></row>
<row><entry><varname>ip6gre</varname></entry>
<entry>A Level 3 GRE tunnel over IPv6.</entry></row>
<varlistentry>
<term><varname>Host=</varname></term>
<listitem>
- <para>Matches against the hostname or machine ID of the
- host. See <literal>ConditionHost=</literal> in
+ <para>Matches against the hostname or machine ID of the host. See
+ <literal>ConditionHost=</literal> in
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.
+ for details. When prefixed with an exclamation mark (<literal>!</literal>), the result is negated.
+ If an empty string is assigned, then previously assigned value is cleared.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Virtualization=</varname></term>
<listitem>
- <para>Checks whether the system is executed in a virtualized
- environment and optionally test whether it is a specific
- implementation. See
- <literal>ConditionVirtualization=</literal> in
+ <para>Checks whether the system is executed in a virtualized environment and optionally test
+ whether it is a specific implementation. See <literal>ConditionVirtualization=</literal> in
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.
+ for details. When prefixed with an exclamation mark (<literal>!</literal>), the result is negated.
+ If an empty string is assigned, then previously assigned value is cleared.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>KernelCommandLine=</varname></term>
<listitem>
- <para>Checks whether a specific kernel command line option
- is set (or if prefixed with the exclamation mark unset). See
+ <para>Checks whether a specific kernel command line option is set. See
<literal>ConditionKernelCommandLine=</literal> in
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.
+ for details. When prefixed with an exclamation mark (<literal>!</literal>), the result is negated.
+ If an empty string is assigned, then previously assigned value is cleared.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>KernelVersion=</varname></term>
<listitem>
- <para>Checks whether the kernel version (as reported by <command>uname -r</command>) matches a certain
- expression (or if prefixed with the exclamation mark does not match it). See
- <literal>ConditionKernelVersion=</literal> in
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details.
+ <para>Checks whether the kernel version (as reported by <command>uname -r</command>) matches a
+ certain expression. See <literal>ConditionKernelVersion=</literal> in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details. When prefixed with an exclamation mark (<literal>!</literal>), the result is negated.
+ If an empty string is assigned, then previously assigned value is cleared.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Architecture=</varname></term>
<listitem>
- <para>Checks whether the system is running on a specific
- architecture. See <literal>ConditionArchitecture=</literal> in
+ <para>Checks whether the system is running on a specific architecture. See
+ <literal>ConditionArchitecture=</literal> in
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.
+ for details. When prefixed with an exclamation mark (<literal>!</literal>), the result is negated.
+ If an empty string is assigned, then previously assigned value is cleared.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Local=</varname></term>
<listitem>
- <para>A static local address for tunneled packets. It must
- be an address on another interface of this host.</para>
+ <para>A static local address for tunneled packets. It must be an address on another interface of
+ this host, or the special value <literal>any</literal>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>Remote=</varname></term>
<listitem>
- <para>The remote endpoint of the tunnel.</para>
+ <para>The remote endpoint of the tunnel. Takes an IP address or the special value
+ <literal>any</literal>.</para>
</listitem>
</varlistentry>
<varlistentry>
It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
and control path) in ip xfrm (framework used to implement IPsec protocol).
See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
- ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6
- tunnels.</para>
+ ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6,
+ GRE, GRETAP, and ERSPAN tunnels.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>InputKey=</varname></term>
<listitem>
<para>The <varname>InputKey=</varname> parameter specifies the key to use for input.
- The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
+ The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6, GRE, GRETAP,
+ and ERSPAN tunnels.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>OutputKey=</varname></term>
<listitem>
<para>The <varname>OutputKey=</varname> parameter specifies the key to use for output.
- The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
+ The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6, GRE, GRETAP,
+ and ERSPAN tunnels.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>FooOverUDP=</varname></term>
<listitem>
<para>Takes a boolean. Specifies whether <varname>FooOverUDP=</varname> tunnel is to be configured.
- Defaults to false. For more detail information see
+ Defaults to false. This takes effects only for IPIP, SIT, GRE, and GRETAP tunnels.
+ For more detail information see
<ulink url="https://lwn.net/Articles/614348">Foo over UDP</ulink></para>
</listitem>
</varlistentry>
<term><varname>FOUDestinationPort=</varname></term>
<listitem>
<para>This setting specifies the UDP destination port for encapsulation.
- This field is mandatory and is not set by default.</para>
+ This field is mandatory when <varname>FooOverUDP=yes</varname>, and is not set by default.</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>Encapsulation=</varname></term>
<listitem>
- <para>Accepts the same key as <literal>[FooOverUDP]</literal></para>
+ <para>Accepts the same key as in the <literal>[FooOverUDP]</literal> section.</para>
</listitem>
</varlistentry>
<varlistentry>
<varlistentry>
<term><varname>SerializeTunneledPackets=</varname></term>
<listitem>
- <para>Takes a boolean. If set to yes, then packets are serialized. Only applies for ERSPAN tunnel.
- When unset, the kernel's default will be used.
+ <para>Takes a boolean. If set to yes, then packets are serialized. Only applies for GRE,
+ GRETAP, and ERSPAN tunnels. When unset, the kernel's default will be used.
</para>
</listitem>
</varlistentry>
following keys:</para>
<variablelist class='network-directives'>
- <varlistentry>
- <term><varname>Protocol=</varname></term>
- <listitem>
- <para>The <varname>Protocol=</varname> specifies the protocol number of the
- packets arriving at the UDP port. This field is mandatory and is not set by default. Valid range is 1-255.</para>
- </listitem>
- </varlistentry>
<varlistentry>
<term><varname>Encapsulation=</varname></term>
<listitem>
for delivery to the real destination. This option is mandatory.</para>
</listitem>
</varlistentry>
- </variablelist>
+ <varlistentry>
+ <term><varname>Protocol=</varname></term>
+ <listitem>
+ <para>The <varname>Protocol=</varname> specifies the protocol number of the packets arriving
+ at the UDP port. When <varname>Encapsulation=FooOverUDP</varname>, this field is mandatory
+ and is not set by default. Takes an IP protocol name such as <literal>gre</literal> or
+ <literal>ipip</literal>, or an integer within the range 1-255. When
+ <varname>Encapsulation=GenericUDPEncapsulation</varname>, this must not be specified.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
</refsect1>
<refsect1>
<title>[Peer] Section Options</title>
projects / thirdparty / systemd.git / blobdiff