<para>A plain ini-style text file that encodes network configuration for matching network interfaces,
used by
<citerefentry><refentrytitle>systemd-networkd</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
- See <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ See <citerefentry><refentrytitle>systemd.syntax</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for a general description of the syntax.</para>
<para>The main network file must have the extension <filename>.network</filename>; other
<varlistentry>
<term><varname>IPv6Token=</varname></term>
<listitem>
- <para>Specifies an optional address generation mode and a required IPv6 address. If
- the mode is present, the two parts must be separated with a colon
- <literal><replaceable>mode</replaceable>:<replaceable>address</replaceable></literal>. The
- address generation mode may be either <constant>prefixstable</constant> or
- <constant>static</constant>. If not specified, <constant>static</constant> is assumed.
- </para>
- <para>When the mode is set to <constant>static</constant>, or unspecified, the lower bits of
- the supplied address are combined with the upper bits of a prefix received in a Router Advertisement
- message to form a complete address. Note that if multiple prefixes are received in an RA message, or in
- multiple RA messages, addresses will be formed from each of them using the supplied address. This
- mode implements SLAAC but uses a static interface identifier instead of an identifier generated
- using the EUI-64 algorithm. Because the interface identifier is static, if Duplicate Address Detection
- detects that the computed address is a duplicate (in use by another node on the link), then this
- mode will fail to provide an address for that prefix.
- </para>
- <para>When the mode is set to <literal>prefixstable</literal> the RFC 7217 algorithm for generating
- interface identifiers will be used, but only when a prefix received in an RA message matches the supplied address.
- See <ulink url="https://tools.ietf.org/html/rfc7217">RFC 7217</ulink>. Prefix matching will be attempted
- against each <constant>prefixstable</constant> IPv6Token variable provided in the configuration; if a received
- prefix does not match any of the provided addresses, then the EUI-64 algorithm will be used to form
- an interface identifier for that prefix. This mode is also SLAAC, but with a potentially stable interface
- identifier which does not directly map to the interface's hardware address.
-
- Note that the <constant>prefixstable</constant> algorithm includes both the interface's name and
- MAC address in the hash used to compute the interface identifier, so if either of those are changed the resulting
- interface identifier (and address) will change, even if the prefix received in the RA message has not changed.
-
- Note that if multiple <constant>prefixstable</constant> IPv6Token variables are supplied with addresses that
- match a prefix received in an RA message, only the first one will be used to generate addresses.
- </para>
+ <para>Specifies an optional address generation mode for the Stateless Address
+ Autoconfiguration (SLAAC). Supported modes are <literal>prefixstable</literal> and
+ <literal>static</literal>.</para>
+
+ <para>When the mode is set to <literal>static</literal>, an IPv6 address must be
+ specified after a colon (<literal>:</literal>), and the lower bits of the supplied
+ address are combined with the upper bits of a prefix received in a Router Advertisement
+ (RA) message to form a complete address. Note that if multiple prefixes are received in an
+ RA message, or in multiple RA messages, addresses will be formed from each of them using
+ the supplied address. This mode implements SLAAC but uses a static interface identifier
+ instead of an identifier generated by using the EUI-64 algorithm. Because the interface
+ identifier is static, if Duplicate Address Detection detects that the computed address is a
+ duplicate (in use by another node on the link), then this mode will fail to provide an
+ address for that prefix. If an IPv6 address without mode is specified, then
+ <literal>static</literal> mode is assumed.</para>
+
+ <para>When the mode is set to <literal>prefixstable</literal> the
+ <ulink url="https://tools.ietf.org/html/rfc7217">RFC 7217</ulink> algorithm for generating
+ interface identifiers will be used. This mode can optionally take an IPv6 address separated
+ with a colon (<literal>:</literal>). If an IPv6 address is specified, then an interface
+ identifier is generated only when a prefix received in an RA message matches the supplied
+ address.</para>
+
+ <para>If no address generation mode is specified (which is the default), or a received
+ prefix does not match any of the addresses provided in <literal>prefixstable</literal>
+ mode, then the EUI-64 algorithm will be used to form an interface identifier for that
+ prefix. This mode is also SLAAC, but with a potentially stable interface identifier which
+ does not directly map to the interface's hardware address.</para>
+
+ <para>Note that the <literal>prefixstable</literal> algorithm uses both the interface
+ name and MAC address as input to the hash to compute the interface identifier, so if either
+ of those are changed the resulting interface identifier (and address) will change, even if
+ the prefix received in the RA message has not changed.</para>
+
+ <para>This setting can be specified multiple times. If an empty string is assigned, then
+ the all previous assignments are cleared.</para>
+
+ <para>Examples:
+ <programlisting>IPv6Token=::1a:2b:3c:4d
+IPv6Token=static:::1a:2b:3c:4d
+IPv6Token=prefixstable
+IPv6Token=prefixstable:2002:da8:1::</programlisting></para>
</listitem>
</varlistentry>
<varlistentry>
<para>A DNS server address, which must be in the format
described in
<citerefentry project='man-pages'><refentrytitle>inet_pton</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
- This option may be specified more than once. This setting is read by
+ This option may be specified more than once. Each address can optionally take a port number
+ separated with <literal>:</literal>, a network interface name or index separated with
+ <literal>%</literal>, and a Server Name Indication (SNI) separated with <literal>#</literal>.
+ When IPv6 address is specified with a port number, then the address must be in the square
+ brackets. That is, the acceptable full formats are
+ <literal>111.222.333.444:9953%ifname#example.com</literal> for IPv4 and
+ <literal>[1111:2222::3333]:9953%ifname#example.com</literal> for IPv6. This setting can be
+ specified multiple times. If an empty string is assigned, then the all previous assignments
+ are cleared. This setting is read by
<citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
</listitem>
</varlistentry>
<literal>false</literal>. See the [IPv6PrefixDelegation] and the [IPv6Prefix] sections for more
configuration options.</para></listitem>
</varlistentry>
- <varlistentry>
- <term><varname>IPv6PDSubnetId=</varname></term>
- <listitem><para>Configure a specific subnet ID on the interface from a (previously) received prefix delegation.
- You can either set "auto" (the default) or a specific subnet ID
- (as defined in <ulink url="https://tools.ietf.org/html/rfc4291#section-2.5.4">RFC 4291</ulink>, section 2.5.4),
- in which case the allowed value is hexadecimal, from 0 to 0x7fffffffffffffff inclusive.
- This option is only effective when used together with <varname>IPv6PrefixDelegation=</varname>
- and the corresponding configuration on the upstream interface.
- </para></listitem>
- </varlistentry>
<varlistentry>
<term><varname>IPv6MTUBytes=</varname></term>
<listitem><para>Configures IPv6 maximum transmission unit (MTU).
<varlistentry>
<term><varname>DenyList=</varname></term>
<listitem>
- <para>A whitespace-separated list of IPv4 addresses. DHCP offers from servers in the list are rejected.</para>
+ <para>A whitespace-separated list of IPv4 addresses. DHCP offers from servers in the list are rejected. Note that
+ if <varname>AllowList=</varname> is configured then <varname>DenyList=</varname> is ignored.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>AllowList=</varname></term>
+ <listitem>
+ <para>A whitespace-separated list of IPv4 addresses. DHCP offers from servers in the list are accepted.</para>
</listitem>
</varlistentry>
</listitem>
</varlistentry>
- <varlistentry>
- <term><varname>AssignAcquiredDelegatedPrefixAddress=</varname></term>
- <listitem>
- <para>Takes a boolean. Specifies whether to add an address from the delegated prefixes which are received
- from the WAN interface by the <varname>IPv6PrefixDelegation=</varname>. When true (on LAN interfce), the EUI-64
- algorithm will be used to form an interface identifier from the delegated prefixes. Defaults to true.</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term><varname>AssignAcquiredDelegatedPrefixToken=</varname></term>
- <listitem>
- <para>Specifies an optional address generation mode for <varname>AssignAcquiredDelegatedPrefixAddress=</varname>.
- Takes an IPv6 address. When set, the lower bits of the supplied address are combined with the upper bits of a
- delegatad prefix received from the WAN interface by the <varname>IPv6PrefixDelegation=</varname> prefixes to
- form a complete address.</para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><varname>PrefixDelegationHint=</varname></term>
<listitem>
</variablelist>
</refsect1>
+ <refsect1>
+ <title>[DHCPv6PrefixDelegation] Section Options</title>
+ <para>The [DHCPv6PrefixDelegation] section configures delegated prefix assigned by DHCPv6 server.
+ The settings in this section are used only when <varname>IPv6PrefixDelegation=</varname> setting is
+ enabled, or set to <literal>dhcp6</literal>.</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>SubnetId=</varname></term>
+ <listitem>
+ <para>Configure a specific subnet ID on the interface from a (previously) received prefix
+ delegation. You can either set "auto" (the default) or a specific subnet ID (as defined in
+ <ulink url="https://tools.ietf.org/html/rfc4291#section-2.5.4">RFC 4291</ulink>, section
+ 2.5.4), in which case the allowed value is hexadecimal, from 0 to 0x7fffffffffffffff
+ inclusive. This option is only effective when used together with
+ <varname>IPv6PrefixDelegation=</varname> and the corresponding configuration on the upstream
+ interface.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>Assign=</varname></term>
+ <listitem>
+ <para>Takes a boolean. Specifies whether to add an address from the delegated prefixes which
+ are received from the WAN interface by the <varname>IPv6PrefixDelegation=</varname>. When
+ true (on LAN interfce), the EUI-64 algorithm will be used to form an interface identifier
+ from the delegated prefixes. Defaults to true.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>Token=</varname></term>
+ <listitem>
+ <para>Specifies an optional address generation mode for <varname>Assign=</varname>. Takes an
+ IPv6 address. When set, the lower bits of the supplied address are combined with the upper
+ bits of a delegatad prefix received from the WAN interface by the
+ <varname>IPv6PrefixDelegation=</varname> prefixes to form a complete address.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
<refsect1>
<title>[IPv6AcceptRA] Section Options</title>
<para>The [IPv6AcceptRA] section configures the IPv6 Router Advertisement (RA) client, if it is enabled
</varlistentry>
</variablelist>
</refsect1>
+ <refsect1>
+ <title>[BridgeMDB] Section Options</title>
+ <para>The [BridgeMDB] section manages the multicast membership entries forwarding database table of a port and accepts the following
+ keys. Specify several [BridgeMDB] sections to configure several permanent multicast membership entries.</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>MulticastGroupAddress=</varname></term>
+ <listitem>
+ <para>Specifies the IPv4 or IPv6 multicast group address to add. This setting is mandatory.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>VLANId=</varname></term>
+ <listitem>
+ <para>The VLAN ID for the new entry. Valid ranges are 0 (no VLAN) to 4094. Optional, defaults to 0.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
<refsect1>
<title>[LLDP] Section Options</title>
</variablelist>
</refsect1>
+ <refsect1>
+ <title>[FlowQueuePIE] Section Options</title>
+ <para>The <literal>[FlowQueuePIE]</literal> section manages the queueing discipline
+ (qdisc) of Flow Queue Proportional Integral controller-Enhanced (fq_pie).</para>
+
+ <variablelist class='network-directives'>
+ <xi:include href="tc.xml" xpointer="qdisc-parent" />
+ <xi:include href="tc.xml" xpointer="qdisc-handle" />
+
+ <varlistentry>
+ <term><varname>PacketLimit=</varname></term>
+ <listitem>
+ <para>Specifies the hard limit on the queue size in number of packets. When this limit is reached, incoming packets are
+ dropped. An unsigned integer ranges 1 to 4294967294. Defaults to unset and kernel's default is used.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
<refsect1>
<title>[StochasticFairBlue] Section Options</title>
<para>The [StochasticFairBlue] section manages the queueing discipline (qdisc) of stochastic fair blue
Name=enp2s0
[Network]
-IPv6PrefixDelegation=dhcpv6
-
-[DHCPv6]
-AssignAcquiredDelegatedPrefixAddress=yes</programlisting>
+IPv6PrefixDelegation=dhcpv6</programlisting>
<para>This will enable IPv6 PD on the interface enp1s0 as an upstream interface where the
DHCPv6 client is running and enp2s0 as a downstream interface where the prefix is delegated to.</para>