"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!--
+ SPDX-License-Identifier: LGPL-2.1+
+
This file is part of systemd.
Copyright 2013 Tom Gundersen
-
- systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU Lesser General Public License as published by
- the Free Software Foundation; either version 2.1 of the License, or
- (at your option) any later version.
-
- systemd is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public License
- along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refentry id="systemd.network" conditional='ENABLE_NETWORKD'>
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>KernelVersion=</varname></term>
+ <listitem>
+ <para>Checks whether the kernel version (as reported by <command>uname -r</command>) matches a certain
+ expression (or if prefixed with the exclamation mark does not match it). See
+ <literal>ConditionKernelVersion=</literal> in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+ details.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><varname>Architecture=</varname></term>
<listitem>
controlled by other applications.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>RequiredForOnline=</varname></term>
+ <listitem>
+ <para>A boolean. When <literal>yes</literal>, the network is deemed
+ required when determining whether the system is online when running
+ <literal>systemd-networkd-wait-online</literal>.
+ When <literal>no</literal>, the network is ignored when checking for
+ online state. Defaults to <literal>yes</literal>.</para>
+ <para>The network will be brought up normally in all cases, but in
+ the event that there is no address being assigned by DHCP or the
+ cable is not plugged in, the link will simply remain offline and be
+ skipped automatically by <literal>systemd-networkd-wait-online</literal>
+ if <literal>RequiredForOnline=true</literal>.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
<varlistentry>
<term><varname>IPv6PrefixDelegation=</varname></term>
<listitem><para>Whether to enable or disable Router Advertisement sending on a link.
- Defaults to <literal>false</literal>. See the <literal>[IPv6PrefixDelegation]</literal>
- and the <literal>[IPv6Prefix]</literal> sections for configuration options.
+ Allowed values are <literal>static</literal> which distributes prefixes as defined in
+ the <literal>[IPv6PrefixDelegation]</literal> and any <literal>[IPv6Prefix]</literal>
+ sections, <literal>dhcpv6</literal> which requests prefixes using a DHCPv6 client
+ configured for another link and any values configured in the
+ <literal>[IPv6PrefixDelegation]</literal> section while ignoring all static prefix
+ configuration sections, <literal>yes</literal> which uses both static configuration
+ and DHCPv6, and <literal>false</literal> which turns off IPv6 prefix delegation
+ altogether. Defaults to <literal>false</literal>. See the
+ <literal>[IPv6PrefixDelegation]</literal> and the <literal>[IPv6Prefix]</literal>
+ sections for more configuration options.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>IPv6MTUBytes=</varname></term>
+ <listitem><para>Configures IPv6 maximum transmission unit (MTU).
+ An integer greater than or equal to 1280 bytes. Defaults to unset.
</para></listitem>
</varlistentry>
<varlistentry>
</variablelist>
</refsect1>
+ <refsect1>
+ <title>[RoutingPolicyRule] Section Options</title>
+
+ <para>An <literal>[RoutingPolicyRule]</literal> section accepts the
+ following keys. Specify several <literal>[RoutingPolicyRule]</literal>
+ sections to configure several rules.</para>
+
+ <variablelist class='network-directives'>
+ <varlistentry>
+ <term><varname>TypeOfService=</varname></term>
+ <listitem>
+ <para>Specifies the type of service to match a number between 0 to 255.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>From=</varname></term>
+ <listitem>
+ <para>Specifies the source address prefix to match. Possibly followed by a slash and the prefix length.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>To=</varname></term>
+ <listitem>
+ <para>Specifies the destination address prefix to match. Possibly followed by a slash and the prefix length.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>FirewallMark=</varname></term>
+ <listitem>
+ <para>Specifies the iptables firewall mark value to match (a number between 1 and 4294967295).</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Table=</varname></term>
+ <listitem>
+ <para>Specifies the routing table identifier to lookup if the rule
+ selector matches. The table identifier for a route (a number between 1 and 4294967295).</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>Priority=</varname></term>
+ <listitem>
+ <para>Specifies the priority of this rule. <varname>Priority=</varname> is an unsigned
+ integer. Higher number means lower priority, and rules get processed in order of increasing number.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>IncomingInterface=</varname></term>
+ <listitem>
+ <para>Specifies incoming device to match. If the interface is loopback, the rule only matches packets originating from this host.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>OutgoingInterface=</varname></term>
+ <listitem>
+ <para>Specifies the outgoing device to match. The outgoing interface is only available for packets originating from local sockets that are bound to a device.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
<refsect1>
<title>[Route] Section Options</title>
<para>The <literal>[Route]</literal> section accepts the
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>Type=</varname></term>
+ <listitem>
+ <para>The Type identifier for special route types, which can be
+ <literal>unicast</literal> route to a destination network address which describes the path to the destination,
+ <literal>blackhole</literal> packets are discarded silently,
+ <literal>unreachable</literal> packets are discarded and the ICMP message host unreachable is generated,
+ <literal>prohibit</literal> packets are discarded and the ICMP message communication administratively
+ prohibited is generated. Defaults to <literal>unicast</literal>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>InitialCongestionWindow=</varname></term>
+ <listitem>
+ <para>The TCP initial congestion window is used during the start of a TCP connection. During the start of a TCP
+ session, when a client requests a resource, the server's initial congestion window determines how many data bytes
+ will be sent during the initial burst of data. Takes a size in bytes between 1 and 4294967295 (2^32 - 1). The usual
+ suffixes K, M, G are supported and are understood to the base of 1024. Defaults to unset.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>InitialAdvertisedReceiveWindow=</varname></term>
+ <listitem>
+ <para>The TCP initial advertised receive window is the amount of receive data (in bytes) that can initally be buffered at one time
+ on a connection. The sending host can send only that amount of data before waiting for an acknowledgment and window update
+ from the receiving host. Takes a size in bytes between 1 and 4294967295 (2^32 - 1). The usual suffixes K, M, G are supported
+ and are understood to the base of 1024. Defaults to unset.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><varname>QuickAck=</varname></term>
+ <listitem>
+ <para>Takes a boolean argument. When true enables TCP quick ack mode for the route. Defaults to unset.
+ </para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
<varlistentry>
<term><varname>ClientIdentifier=</varname></term>
<listitem>
- <para>The DHCPv4 client identifier to use. Either <literal>mac</literal> to use the MAC address of the link
- or <literal>duid</literal> (the default, see below) to use an RFC4361-compliant Client ID.</para>
+ <para>The DHCPv4 client identifier to use. Takes one of <literal>mac</literal>, <literal>duid</literal> or <literal>duid-only</literal>.
+ If set to <literal>mac</literal>, the MAC address of the link is used.
+ If set to <literal>duid</literal>, an RFC4361-compliant Client ID, which is the combination of IAID and DUID (see below), is used.
+ If set to <literal>duid-only</literal>, only DUID is used, this may not be RFC compliant, but some setups may require to use this.
+ Defaults to <literal>duid</literal>.</para>
</listitem>
</varlistentry>
<para>Allow setting custom port for the DHCP client to listen on.</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>RapidCommit=</varname></term>
+ <listitem>
+ <para>A boolean. The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through
+ a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both
+ the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default
+ four-method exchange (solicit, advertise, request, and reply). The two-message exchange provides
+ faster client configuration and is beneficial in environments in which networks are under a heavy load.
+ See <ulink url="https://tools.ietf.org/html/rfc3315#section-17.2.1">RFC 3315</ulink> for details.
+ Defaults to true.</para>
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
</variablelist>
</refsect1>
-
<refsect1>
<title>[DHCPServer] Section Options</title>
<para>The <literal>[DHCPServer]</literal> section contains
</varlistentry>
<varlistentry>
+ <term><varname>EmitDNS=</varname></term>
<term><varname>DNS=</varname></term>
- <listitem><para>A list of recursive DNS server IPv6 addresses
- distributed via Router Advertisement messages.
+ <listitem><para><varname>DNS=</varname> specifies a list of recursive
+ DNS server IPv6 addresses that distributed via Router Advertisement
+ messages when <varname>EmitDNS=</varname> is true. If <varname>DNS=
+ </varname> is empty, DNS servers are read from the
+ <literal>[Network]</literal> section. If the
+ <literal>[Network]</literal> section does not contain any DNS servers
+ either, DNS servers from the uplink with the highest priority default
+ route are used. When <varname>EmitDNS=</varname> is false, no DNS server
+ information is sent in Router Advertisement messages.
+ <varname>EmitDNS=</varname> defaults to true.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>EmitDomains=</varname></term>
+ <term><varname>Domains=</varname></term>
+
+ <listitem><para>A list of DNS search domains distributed via Router
+ Advertisement messages when <varname>EmitDomains=</varname> is true. If
+ <varname>Domains=</varname> is empty, DNS search domains are read from the
+ <literal>[Network]</literal> section. If the <literal>[Network]</literal>
+ section does not contain any DNS search domains either, DNS search
+ domains from the uplink with the highest priority default route are
+ used. When <varname>EmitDomains=</varname> is false, no DNS search domain
+ information is sent in Router Advertisement messages.
+ <varname>EmitDomains=</varname> defaults to true.
</para></listitem>
</varlistentry>
<term><varname>DNSLifetimeSec=</varname></term>
<listitem><para>Lifetime in seconds for the DNS server addresses listed
- in <varname>DNS=</varname>.</para></listitem>
+ in <varname>DNS=</varname> and search domains listed in
+ <varname>Domains=</varname>.</para></listitem>
</varlistentry>
</variablelist>
<listitem>
<para>A boolean. Controls whether the bridge should flood
traffic for which an FDB entry is missing and the destination
- is unknown through this port. Defaults to on.
+ is unknown through this port. Defaults to unset.
</para>
</listitem>
</varlistentry>
<term><varname>HairPin=</varname></term>
<listitem>
<para>A boolean. Configures whether traffic may be sent back
- out of the port on which it was received. By default, this
+ out of the port on which it was received. Defaults to unset. When this
flag is false, and the bridge will not forward traffic back
out of the receiving port.</para>
</listitem>
<term><varname>UseBPDU=</varname></term>
<listitem>
<para>A boolean. Configures whether STP Bridge Protocol Data Units will be
- processed by the bridge port. Defaults to yes.</para>
+ processed by the bridge port. Defaults to unset.</para>
</listitem>
</varlistentry>
<varlistentry>
<listitem>
<para>A boolean. This flag allows the bridge to immediately stop multicast
traffic on a port that receives an IGMP Leave message. It is only used with
- IGMP snooping if enabled on the bridge. Defaults to off.</para>
+ IGMP snooping if enabled on the bridge. Defaults to unset.</para>
</listitem>
</varlistentry>
<varlistentry>
<listitem>
<para>A boolean. Configures whether a given port is allowed to
become a root port. Only used when STP is enabled on the bridge.
- Defaults to on.</para>
+ Defaults to unset.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>VLANId=</varname></term>
<listitem>
<para>The VLAN ID for the new static MAC table entry. If
- omitted, no VLAN ID info is appended to the new static MAC
+ omitted, no VLAN ID information is appended to the new static MAC
table entry.</para>
</listitem>
</varlistentry>
projects / thirdparty / systemd.git / blobdiff