X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=man%2Fsystemd.netdev.xml;h=a44018cad6d6cb2104375883d72036a69331c5a4;hb=482882b7b725e44c214ee384c9e984f452124164;hp=74281f2d0b220eae43d9560fb4d73f6d6c113fd8;hpb=2e86089fdfce5cb6385b76f4dbc4ebbd20cdd3db;p=thirdparty%2Fsystemd.git diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 74281f2d0b2..a44018cad6d 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -1,10 +1,7 @@ - - - + @@ -101,9 +98,7 @@ A Level 2 GRE tunnel over IPv4. erspan - ERSPAN mirrors traffic on one or more source ports and delivers the mirrored traffic to one or more destination ports on another switch. - The traffic is encapsulated in generic routing encapsulation (GRE) and is therefore routable across a layer 3 network between the source switch - and the destination switch. + ERSPAN mirrors traffic on one or more source ports and delivers the mirrored traffic to one or more destination ports on another switch. The traffic is encapsulated in generic routing encapsulation (GRE) and is therefore routable across a layer 3 network between the source switch and the destination switch. ip6gre A Level 3 GRE tunnel over IPv6. @@ -153,6 +148,9 @@ geneve A GEneric NEtwork Virtualization Encapsulation (GENEVE) netdev driver. + l2tp + A Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself + vrf A Virtual Routing and Forwarding (VRF) interface to create separate routing and forwarding domains. @@ -190,53 +188,55 @@ Host= - Matches against the hostname or machine ID of the - host. See ConditionHost= in + Matches against the hostname or machine ID of the host. See + ConditionHost= in systemd.unit5 - for details. + for details. When prefixed with an exclamation mark (!), the result is negated. + If an empty string is assigned, then previously assigned value is cleared. Virtualization= - Checks whether the system is executed in a virtualized - environment and optionally test whether it is a specific - implementation. See - ConditionVirtualization= in + Checks whether the system is executed in a virtualized environment and optionally test + whether it is a specific implementation. See ConditionVirtualization= in systemd.unit5 - for details. + for details. When prefixed with an exclamation mark (!), the result is negated. + If an empty string is assigned, then previously assigned value is cleared. KernelCommandLine= - Checks whether a specific kernel command line option - is set (or if prefixed with the exclamation mark unset). See + Checks whether a specific kernel command line option is set. See ConditionKernelCommandLine= in systemd.unit5 - for details. + for details. When prefixed with an exclamation mark (!), the result is negated. + If an empty string is assigned, then previously assigned value is cleared. KernelVersion= - Checks whether the kernel version (as reported by uname -r) matches a certain - expression (or if prefixed with the exclamation mark does not match it). See - ConditionKernelVersion= in - systemd.unit5 for details. + Checks whether the kernel version (as reported by uname -r) matches a + certain expression. See ConditionKernelVersion= in + systemd.unit5 + for details. When prefixed with an exclamation mark (!), the result is negated. + If an empty string is assigned, then previously assigned value is cleared. Architecture= - Checks whether the system is running on a specific - architecture. See ConditionArchitecture= in + Checks whether the system is running on a specific architecture. See + ConditionArchitecture= in systemd.unit5 - for details. + for details. When prefixed with an exclamation mark (!), the result is negated. + If an empty string is assigned, then previously assigned value is cleared. @@ -739,6 +739,118 @@ + + [L2TP] Section Options + The [L2TP] section only applies for + netdevs of kind l2tp, and accepts the + following keys: + + + + TunnelId= + + Specifies the tunnel id. The value used must match the PeerTunnelId= value being used at the peer. + Ranges a number between 1 and 4294967295). This option is compulsory. + + + + PeerTunnelId= + + Specifies the peer tunnel id. The value used must match the PeerTunnelId= value being used at the peer. + Ranges a number between 1 and 4294967295). This option is compulsory. + + + + Remote= + + Specifies the IP address of the remote peer. This option is compulsory. + + + + Local= + + Specifies the IP address of the local interface. Takes an IP address, or the special values + auto, static, or dynamic. When an address + is set, then the local interface must have the address. If auto, then one of the + addresses on the local interface is used. Similarly, if static or + dynamic is set, then one of the static or dynamic addresses on the local + interface is used. Defaults to auto. + + + + EncapsulationType= + + Specifies the encapsulation type of the tunnel. Takes one of udp or ip. + + + + UDPSourcePort= + + Specifies the UDP source port to be used for the tunnel. When UDP encapsulation is selected it's mandotory. Ignored when ip + encapsulation is selected. + + + + DestinationPort= + + Specifies destination port. When UDP encapsulation is selected it's mandotory. Ignored when ip + encapsulation is selected. + + + + UDPChecksum= + + Takes a boolean. When true, specifies if UDP checksum is calculated for transmitted packets over IPv4. + + + + UDP6ZeroChecksumTx= + + Takes a boolean. When true, skip UDP checksum calculation for transmitted packets over IPv6. + + + + UDP6ZeroChecksumRx= + + Takes a boolean. When true, allows incoming UDP packets over IPv6 with zero checksum field. + + + + + + [L2TPSession] Section Options + The [L2TPSession] section only applies for + netdevs of kind l2tp, and accepts the + following keys: + + + Name= + + Specifies the name of the sesssion. This option is compulsory. + + + + SessionId= + + Specifies the sesssion id. The value used must match the SessionId= value being used at the peer. + Ranges a number between 1 and 4294967295). This option is compulsory. + + + + PeerSessionId= + + Specifies the peer session id. The value used must match the PeerSessionId= value being used at the peer. + Ranges a number between 1 and 4294967295). This option is compulsory. + + + + Layer2SpecificHeader= + + Specifies layer2specific header type of the session. One of none or default. Defaults to default. + + + + [Tunnel] Section Options @@ -751,22 +863,24 @@ ip6gre, ip6gretap, vti, - vti6, and - ip6tnl and accepts + vti6, + ip6tnl, and + erspan and accepts the following keys: Local= - A static local address for tunneled packets. It must - be an address on another interface of this host. + A static local address for tunneled packets. It must be an address on another interface of + this host, or the special value any. Remote= - The remote endpoint of the tunnel. + The remote endpoint of the tunnel. Takes an IP address or the special value + any. @@ -843,22 +957,24 @@ It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data and control path) in ip xfrm (framework used to implement IPsec protocol). See - ip-xfrm — transform configuration for details. It is only used for VTI/VTI6 - tunnels. + ip-xfrm — transform configuration for details. It is only used for VTI/VTI6, + GRE, GRETAP, and ERSPAN tunnels. InputKey= The InputKey= parameter specifies the key to use for input. - The format is same as Key=. It is only used for VTI/VTI6 tunnels. + The format is same as Key=. It is only used for VTI/VTI6, GRE, GRETAP, + and ERSPAN tunnels. OutputKey= The OutputKey= parameter specifies the key to use for output. - The format is same as Key=. It is only used for VTI/VTI6 tunnels. + The format is same as Key=. It is only used for VTI/VTI6, GRE, GRETAP, + and ERSPAN tunnels. @@ -892,7 +1008,8 @@ FooOverUDP= Takes a boolean. Specifies whether FooOverUDP= tunnel is to be configured. - Defaults to false. For more detail information see + Defaults to false. This takes effects only for IPIP, SIT, GRE, and GRETAP tunnels. + For more detail information see Foo over UDP @@ -900,7 +1017,7 @@ FOUDestinationPort= This setting specifies the UDP destination port for encapsulation. - This field is mandatory and is not set by default. + This field is mandatory when FooOverUDP=yes, and is not set by default. @@ -913,7 +1030,7 @@ Encapsulation= - Accepts the same key as [FooOverUDP] + Accepts the same key as in the [FooOverUDP] section. @@ -934,8 +1051,8 @@ SerializeTunneledPackets= - Takes a boolean. If set to yes, then packets are serialized. Only applies for ERSPAN tunnel. - When unset, the kernel's default will be used. + Takes a boolean. If set to yes, then packets are serialized. Only applies for GRE, + GRETAP, and ERSPAN tunnels. When unset, the kernel's default will be used. @@ -958,13 +1075,6 @@ following keys: - - Protocol= - - The Protocol= specifies the protocol number of the - packets arriving at the UDP port. This field is mandatory and is not set by default. Valid range is 1-255. - - Encapsulation= @@ -987,7 +1097,17 @@ for delivery to the real destination. This option is mandatory. - + + Protocol= + + The Protocol= specifies the protocol number of the packets arriving + at the UDP port. When Encapsulation=FooOverUDP, this field is mandatory + and is not set by default. Takes an IP protocol name such as gre or + ipip, or an integer within the range 1-255. When + Encapsulation=GenericUDPEncapsulation, this must not be specified. + + + [Peer] Section Options @@ -1112,12 +1232,24 @@ The Base64 encoded private key for the interface. It can be generated using the wg genkey command (see wg8). - This option is mandatory to use WireGuard. + This option or PrivateKeyFile= is mandatory to use WireGuard. Note that because this information is secret, you may want to set the permissions of the .netdev file to be owned by root:systemd-network with a 0640 file mode. + + PrivateKeyFile= + + Takes a absolute path to a file which contains the Base64 encoded private key for the interface. + If both PrivateKey= and PrivateKeyFile= are specified, and if + the file specified in PrivateKeyFile= contains valid wireguard key, then + the key provided by PrivateKey= is ignored. + Note that the file must be readable by the user systemd-network, so it + should be, e.g., owned by root:systemd-network with a + 0640 file mode. + + ListenPort=