X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=man%2Fsystemd.network.xml;h=32589d34b191344babf5e91defbe1172656caa62;hb=b1e91af8d97c3b8ce30aecab5df1f4e09cb9d601;hp=dd0535a06ee1b5471d751d2c16436ae60e201439;hpb=e6042f682f9ff29674964d147721f7bd3735aa66;p=thirdparty%2Fsystemd.git
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index dd0535a06ee..32589d34b19 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -57,7 +57,7 @@
/run/systemd/network directories. Drop-in files in
/etc take precedence over those in /run which in turn
take precedence over those in /usr/lib. Drop-in files under any of these
- directories take precedence over the main netdev file wherever located.
+ directories take precedence over the main network file wherever located.
Note that an interface without any static IPv6 addresses configured, and neither DHCPv6
nor IPv6LL enabled, shall be considered to have no IPv6 support. IPv6 will be automatically
@@ -90,7 +90,7 @@
MACAddress=A whitespace-separated list of hardware addresses. Use full colon-, hyphen- or dot-delimited hexadecimal. See the example below.
- This option may appear more than one, in which case the lists are merged. If the empty string is assigned to this option, the list
+ This option may appear more than once, in which case the lists are merged. If the empty string is assigned to this option, the list
of hardware addresses defined prior to this is reset.Example:
@@ -113,7 +113,7 @@
A whitespace-separated list of shell-style globs
matching the driver currently bound to the device, as
- exposed by the udev property DRIVER
+ exposed by the udev property ID_NET_DRIVER
of its parent device, or if that is not set the driver
as exposed by ethtool -i of the
device itself. If the list is prefixed with a "!", the
@@ -138,6 +138,21 @@
with a "!", the test is inverted.
+
+ Property=
+
+ A whitespace-separated list of udev property name with its value after a equal
+ (=). If multiple properties are specified, the test results are ANDed.
+ If the list is prefixed with a "!", the test is inverted. If a value contains white
+ spaces, then please quote whole key and value pair. If a value contains quotation, then
+ please escape the quotation with \.
+
+ Example: if a .network file has the following:
+ Property=ID_MODEL_ID=9999 "ID_VENDOR_FROM_DATABASE=vendor name" "KEY=with \"quotation\""
+ then, the .network file matches only when an interface has all the above three properties.
+
+
+ Host=
@@ -309,8 +324,8 @@
specified through DHCP is not used for name resolution.
See option below.
- See the [DHCP] section below for further configuration options for the DHCP client
- support.
+ See the [DHCPv4] or [DHCPv6] section below for
+ further configuration options for the DHCP client support.
@@ -395,12 +410,15 @@
DNSOverTLS=
- Takes false or
- opportunistic. When set to opportunistic, enables
+ Takes a boolean or opportunistic.
+ When true, enables
DNS-over-TLS
- support on the link. This option defines a
- per-interface setting for
+ support on the link.
+ When set to opportunistic, compatibility with
+ non-DNS-over-TLS servers is increased, by automatically
+ turning off DNS-over-TLS servers in this case.
+ This option defines a per-interface setting for
resolved.conf5's
global DNSOverTLS= option. Defaults to
false. This setting is read by
@@ -636,11 +654,10 @@
IPv6AcceptRA=
- Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support for the interface.
- If true, RAs are accepted; if false, RAs are ignored, independently of the local forwarding state.
- If unset, the kernel's default is used, and RAs are accepted only when local forwarding
- is disabled for that interface. When RAs are accepted, they may trigger the start of the DHCPv6 client if
- the relevant flags are set in the RA data, or if no routers are found on the link.
+ Takes a boolean. Controls IPv6 Router Advertisement (RA) reception support
+ for the interface. If true, RAs are accepted; if false, RAs are ignored, independently of the
+ local forwarding state. When RAs are accepted, they may trigger the start of the DHCPv6
+ client if the relevant flags are set in the RA data, or if no routers are found on the link.Further settings for the IPv6 RA support may be configured in the
[IPv6AcceptRA] section, see below.
@@ -650,10 +667,11 @@
documentation regarding accept_ra, but note that systemd's setting of
1 (i.e. true) corresponds to kernel's setting of 2.
- Note that if this option is enabled a userspace implementation of the IPv6 RA protocol is
- used, and the kernel's own implementation remains disabled, since `networkd` needs to know all
- details supplied in the advertisements, and these are not available from the kernel if the kernel's
- own implementation is used.
+ Note that kernel's implementation of the IPv6 RA protocol is always disabled,
+ regardless of this setting. If this option is enabled, a userspace implementation of the IPv6
+ RA protocol is used, and the kernel's own implementation remains disabled, since
+ systemd-networkd needs to know all details supplied in the advertisements,
+ and these are not available from the kernel if the kernel's own implementation is used.
@@ -838,6 +856,30 @@
+
+ Xfrm=
+
+ The name of the xfrm to create on the link. See
+ systemd.netdev5.
+ This option may be specified more than once.
+
+
+
+ KeepConfiguration=
+
+ Takes a boolean or one of static, dhcp-on-stop,
+ dhcp. When static, systemd-networkd
+ will not drop static addresses and routes on starting up process. When set to
+ dhcp-on-stop, systemd-networkd will not drop addresses
+ and routes on stopping the daemon. When dhcp,
+ the addresses and routes provided by a DHCP server will never be dropped even if the DHCP
+ lease expires. This is contrary to the DHCP specification, but may be the best choice if,
+ e.g., the root filesystem relies on this connection. The setting dhcp
+ implies dhcp-on-stop, and yes implies
+ dhcp and static. Defaults to
+ dhcp-on-stop.
+
+
@@ -974,9 +1016,9 @@
- MACAddress=
+ LinkLayerAddress=
- The hardware address of the neighbor.
+ The link layer address (MAC address or IP address) of the neighbor.
@@ -1044,8 +1086,9 @@
Table=
- Specifies the routing table identifier to lookup if the rule
- selector matches. The table identifier for a route (a number between 1 and 4294967295).
+ Specifies the routing table identifier to lookup if the rule selector matches. Takes
+ one of default, main, and local,
+ or a number between 1 and 4294967295. Defaults to main.
@@ -1182,15 +1225,19 @@
Protocol=The protocol identifier for the route. Takes a number between 0 and 255 or the special values
- kernel, boot and static. Defaults to
- static.
+ kernel, boot, static,
+ ra and dhcp. Defaults to static.
Type=
- Specifies the type for the route. If unicast, a regular route is defined, i.e. a
+ Specifies the type for the route. Takes one of unicast,
+ local, broadcast, anycast,
+ multicast, blackhole, unreachable,
+ prohibit, throw, nat, and
+ xresolve. If unicast, a regular route is defined, i.e. a
route indicating the path to take to a destination network address. If blackhole, packets
to the defined route are discarded silently. If unreachable, packets to the defined route
are discarded and the ICMP message "Host Unreachable" is generated. If prohibit, packets
@@ -1235,6 +1282,14 @@
+
+ TTLPropagate=
+
+ Takes a boolean. When true enables TTL propagation at Label Switched Path (LSP) egress.
+ When unset, the kernel's default will be used.
+
+
+ MTUBytes=
@@ -1249,9 +1304,9 @@
- [DHCP] Section Options
- The [DHCP] section configures the
- DHCPv4 and DHCP6 client, if it is enabled with the
+ [DHCPv4] Section Options
+ The [DHCPv4] section configures the
+ DHCPv4 client, if it is enabled with the
DHCP= setting described above:
@@ -1267,6 +1322,14 @@
project='man-pages'>resolv.conf5.
+
+ RoutesToDNS=
+
+ When true, the routes to the DNS servers received from the DHCP server will be
+ configured. When UseDNS= is disabled, this setting is ignored.
+ Defaults to false.
+
+ UseNTP=
@@ -1373,17 +1436,6 @@
system. Defaults to no.
-
- CriticalConnection=
-
- When true, the connection will never be torn down
- even if the DHCP lease expires. This is contrary to the
- DHCP specification, but may be the best choice if, say,
- the root filesystem relies on this connection. Defaults to
- false.
-
-
-
ClientIdentifier=
@@ -1495,6 +1547,30 @@
+
+ BlackList=
+
+ A whitespace-separated list of IPv4 addresses. DHCP offers from servers in the list are rejected.
+
+
+
+
+
+
+
+ [DHCPv6] Section Options
+ The [DHCPv6] section configures the DHCPv6 client, if it is enabled with the
+ DHCP= setting described above, or invoked by the IPv6 Router Advertisement:
+
+
+
+ UseDNS=
+ UseNTP=
+
+ As in the [DHCPv4] section.
+
+
+
RapidCommit=
@@ -1525,7 +1601,7 @@
-
+
[IPv6AcceptRA] Section Options
@@ -1594,7 +1670,7 @@
BlackList=
- A whitespace-separated list of IPv4 addresses. DHCP offers from servers in the list are rejected.
+ A whitespace-separated list of IPv6 prefixes. IPv6 prefixes supplied via router advertisements in the list are ignored.
@@ -2130,6 +2206,27 @@ DHCP=yes
en (i.e. ethernet interfaces).
+
+ IPv6 Prefix Delegation
+
+ # /etc/systemd/network/55-ipv6-pd-upstream.network
+[Match]
+Name=enp1s0
+
+[Network]
+DHCP=ipv6
+
+ # /etc/systemd/network/56-ipv6-pd-downstream.network
+[Match]
+Name=enp2s0
+
+[Network]
+IPv6PrefixDelegation=dhcpv6
+
+ This will enable IPv6 PD on the interface enp1s0 as an upstream interface where the
+ DHCPv6 client is running and enp2s0 as a downstream interface where the prefix is delegated to.
+
+
A bridge with two enslaved links
@@ -2300,6 +2397,29 @@ Name=enp0s25
MACVTAP=macvtap-test
+
+
+ A Xfrm interface with physical underlying device.
+
+ # /etc/systemd/network/27-xfrm.netdev
+[NetDev]
+Name=xfrm0
+
+[Xfrm]
+InterfaceId=7
+
+ # /etc/systemd/network/27-eth0.network
+[Match]
+Name=eth0
+
+[Network]
+Xfrm=xfrm0
+
+ This creates a xfrm0 interface and binds it to the eth0 device.
+ This allows hardware based ipsec offloading to the eth0 nic.
+ If offloading is not needed, xfrm interfaces can be assigned to the lo device.
+
+