summaryrefslogtreecommitdiff
path: root/man/systemd.network.xml
AgeCommit message (Collapse)Author
2016-10-03man: rework the explanation of Domains=Zbigniew Jędrzejewski-Szmek
Put more emphasis on the routing part. This is the more interesting thing, and also more complicated and novel. Explain "search domains" as the special case. Also explain the effect of ~. in more detail.
2016-09-30resolved: don't query domain-limited DNS servers for other domains (#3621)Martin Pitt
DNS servers which have route-only domains should only be used for the specified domains. Routing queries about other domains there is a privacy violation, prone to fail (as that DNS server was not meant to be used for other domains), and puts unnecessary load onto that server. Introduce a new helper function dns_server_limited_domains() that checks if the DNS server should only be used for some selected domains, i. e. has some route-only domains without "~.". Use that when determining whether to query it in the scope, and when writing resolv.conf. Extend the test_route_only_dns() case to ensure that the DNS server limited to ~company does not appear in resolv.conf. Add test_route_only_dns_all_domains() to ensure that a server that also has ~. does appear in resolv.conf as global name server. These reproduce #3420. Add a new test_resolved_domain_restricted_dns() test case that verifies that domain-limited DNS servers are only being used for those domains. This reproduces #3421. Clarify what a "routing domain" is in the manpage. Fixes #3420 Fixes #3421
2016-09-24Merge pull request #4182 from jkoelker/routetableZbigniew Jędrzejewski-Szmek
2016-09-19networkd: Allow specifying RouteTable for RAsJason Kölker
2016-09-19networkd: Allow specifying RouteTable for DHCPJason Kölker
2016-09-16man: mention that netdev,network files support dropinsZbigniew Jędrzejewski-Szmek
Also update the description of drop-ins in systemd.unit(5) to say that .d directories, not .conf files, are in /etc/system/system, /run/systemd/system, etc.
2016-08-04networkd: add support to configure NOARP/ARP for interface (#3854)Susant Sahani
https://lists.freedesktop.org/archives/systemd-devel/2016-August/037268.html
2016-07-12man: fix indefinite articles (#3694)Jakub Wilk
2016-06-16networkd: vrf: add support for enslaving devices to VRFsAndreas Rammhold
2016-06-10networkd: add support to configure VLAN on bridge portsTobias Jungel
2016-06-07networkd: rename IPv6AcceptRouterAdvertisements to IPv6AcceptRALennart Poettering
The long name is just too hard to type. We generally should avoid using acronyms too liberally, if they aren't established enough, but it appears that "RA" is known well enough. Internally we call the option "ipv6_accept_ra" anyway, and the kernel also exposes it under this name. Hence, let's rename the IPv6AcceptRouterAdvertisements= setting and the [IPv6AcceptRouterAdvertisements] section to IPv6AcceptRA= and [IPv6AcceptRA]. The old setting IPv6AcceptRouterAdvertisements= is kept for compatibility with older configuration. (However the section [IPv6AcceptRouterAdvertisements] is not, as it was never available in a published version of systemd.
2016-06-06network: beef up ipv6 RA support considerablyLennart Poettering
This reworks sd-ndisc and networkd substantially to support IPv6 RA much more comprehensively. Since the API is extended quite a bit networkd has been ported over too, and the patch is not as straight-forward as one could wish. The rework includes: - Support for DNSSL, RDNSS and RA routing options in sd-ndisc and networkd. Two new configuration options have been added to networkd to make this configurable. - sd-ndisc now exposes an sd_ndisc_router object that encapsulates a full RA message, and has direct, friendly acessor functions for the singleton RA properties, as well as an iterative interface to iterate through known and unsupported options. The router object may either be retrieved from the wire, or generated from raw data. In many ways the sd-ndisc API now matches the sd-lldp API, except that no implicit database of seen data is kept. (Note that sd-ndisc actually had a half-written, but unused implementaiton of such a store, which is removed now.) - sd-ndisc will now collect the reception timestamps of RA, which is useful to make sd_ndisc_router fully descriptive of what it covers. Fixes: #1079
2016-05-20Merge pull request #3235 from dkg/hwaddr-cleanupTom Gundersen
minor improvements for dealing with MAC Addresses
2016-05-17networkd: Add EmitRouter= option for DHCP Server (#3251)Clemens Gruber
Add an option to disable appending DHCP option 3 (Router) to the DHCP OFFER and ACK packets. This commit adds the boolean option EmitRouter= for the [DHCPServer] section in .network files. Rationale: On embedded devices, it is very useful to have a DHCP server running on an USB OTG ethernet gadget interface to avoid manual setup on the client PCs, but it should only serve IP addresses, no route(r)s. Otherwise, Windows clients experience network connectivity issues, due to them using the address set in DHCP option 3 as default gateway. Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
2016-05-17man: clarify different uses of MACAddressDaniel Kahn Gillmor
Improve the networkd documentation to clarify that Match.MACAddress is for selection, but Link.MACAddress describes an action to be taken.
2016-05-09networkd: reworkd LLDP emission to allow control of propagation levelLennart Poettering
This allows selecting the propagation level of emitted LLDP packets (specifically: the destination MAC address of the packets). This is useful because it allows generating LLDP packets that optionally cross certain types of bridges. See 802.11ab-2009, Table 7-1 for details.
2016-05-06man: link the part about [DHCP] to the DHCP= explanationLennart Poettering
2016-05-06man: move IPv6 note to the right sectionLennart Poettering
Make the XML validate again.
2016-05-06networkd: move the IAID configuration option into the [DHCP] sectionLennart Poettering
It's only relevant to DHCP, and it should be where the DUID is configured too.
2016-05-04Merge pull request #3156 from keszybz/duid-settingsLennart Poettering
Rework DUID setting
2016-05-03networkd: Add support to configure IPv6 preferred lifetime (#3102)Susant Sahani
Closes #2166. We only allow 0, infinity and forever. infinity and forever is same.
2016-05-03networkd: add support to set route tableSusant Sahani
networkd: add support to set route table 1. add support to configure the table id. if id is less than 256 we can fit this in the header of route as netlink property is a char. But in kernel this proepty is a unsigned 32. Hence if greater that 256 add this as RTA_TABLE attribute. 2. we are not setting the address family now. Now set this property.
2016-05-03man: add a description of DUIDType and DUIDRawDataZbigniew Jędrzejewski-Szmek
This is essentially a revert of f38e0cce75ff2ffbd99f7e382ed39c160bb7d799 (which removed the documentation of DUIDType on purpose). The description is heavily updated for the new semantics. This addresses #3127 § 4.
2016-05-03man: s/similar/similarly/Zbigniew Jędrzejewski-Szmek
2016-04-29networkd: clean up DUID code a bitLennart Poettering
Let's move DUID configuration into the [DHCP] section, since it only makes sense in a DHCP context, and should be close to the configuration of ClientIdentifier= and suchlike. This really shouldn't be a section of its own, we don't have any for any of our other per-protocol specific identifiers... Follow-up for #2890 #2943
2016-04-22treewide: fix typos (#3092)Torstein Husebø
2016-04-20networkd: bump MTU to 1280 for interfaces which have IPv6 enabled (#3077)Susant Sahani
IPv6 protocol requires a minimum MTU of 1280 bytes on the interface. This fixes #3046. Introduce helper link_ipv6_enabled() to figure out whether IPV6 is enabled. Introduce network_has_static_ipv6_addresses() to find out if any static ipv6 address configured. If IPv6 is not configured on any interface that is SLAAC, DHCPv6 and static IPv6 addresses not configured, then IPv6 will be automatically disabled for that interface, that is we write "1" to /proc/sys/net/ipv6/conf//disable_ipv6.
2016-04-14networkd: Add support to configure proxy arp support to interfaces (#3020)Susant Sahani
Fixes: #2889
2016-04-07Merge pull request #2943 from vinaykul/systemd_duid_review_fixesZbigniew Jędrzejewski-Szmek
DHCP DUID parsing fix, logging fix, man-page fix
2016-04-06man: fix spelling mistakesTorstein Husebø
2016-04-04Drop description of 'Type' field from docs.Vinay Kulkarni
2016-04-04Address code-review items for pull-request #2890Vinay Kulkarni
1. Replace strtol with unhexchar, verified with valid and invalid DUID strings. 2. Fix logging to use log_syntax instead of log_error. 3. On error reading DUID, ignore read and preserve previous state. 4. Fix man-pages to use markup, remove options not yet implemented. 5. Remove spurious header line in new files.
2016-03-31Merge pull request #2915 from vinaykul/masterZbigniew Jędrzejewski-Szmek
2016-03-30DHCP DUID, IAID configuration optionsVinay Kulkarni
2016-03-21Revert "DHCP DUID and IAID configurability"Zbigniew Jędrzejewski-Szmek
2016-03-14man: network - Fix misspelling of "router advertisement"Tobias Klauser
2016-03-09DHCP DUID and IAID configurabilityVinay Kulkarni
2016-02-23man: network - clarify BindCarrier documentationTom Gundersen
Make it clear that we are talking of links (in the sense used in networkd) and not ports. Addresses issue #964.
2016-02-23man: network - improve IPv6Token documentationTom Gundersen
Enabling router advertisement may even trigger SLAAC or DHCPv6 to be used to configure IPv6 addresses on the link. It may not be obvious that only in the SLAAC case will the Token have an effect. Clarify this in the man page. Addresses issue #863.
2016-02-21man: document the new EmitLLDP= .network settingLennart Poettering
Also, beef up the LLDP documentation a bit.
2016-02-21networkd: turn on LLDP reception by default, in "routers-only" modeLennart Poettering
This way "networkctl status" becomes a bit more useful by default, as router information is just visible, without any further configuration. LLDP reception is fully passive and relatively low simple and low traffic, hence this should be safe to enable by default.
2016-02-21sd-lldp: rework sd-lldp APILennart Poettering
This reworks the sd-lldp substantially, simplifying things on one hand, and extending the logic a bit on the other. Specifically: - Besides the sd_lldp object only one other object is maintained now, sd_lldp_neighbor. It's used both as storage for literal LLDP packets, and for maintainging info about peers in the database. Separation between packet, TLV and chassis data is not maintained anymore. This should be a major simplification. - The sd-lldp API has been extended so that a couple of per-neighbor fields may be queried directly, without iterating through the object. Other fields that may appear multiple times, OTOH have to be iterated through. - The maximum number of entries in the neighbor database is now configurable during runtime. - The generation of callbacks from sd_lldp objects is more restricted: callbacks are only invoked when actual data changed. - The TTL information is now hooked with a timer event, so that removals from the neighbor database due to TTLs now result in a callback event. - Querying LLDP neighbor database will now return a strictly ordered array, to guarantee stability. - A "capabilities" mask may now be configured, that selects what type of LLDP neighbor data is collected. This may be used to restrict collection of LLDP info about routers instead of all neighbors. This is now exposed via networkd's LLDP= setting. - sd-lldp's API to serialize the collected data to text files has been removed. Instead, there's now an API to extract the raw binary data from LLDP neighbor objects, as well as one to convert this raw binary data back to an LLDP neighbor object. networkd will save this raw binary data to /run now, and the client side can simply parse the information. - support for parsing the more exotic TLVs has been removed, since we are not using that. Instead there are now APIs to extract the raw data from TLVs. Given how easy it is to parse the TLVs clients should do so now directly instead of relying on our APIs for that. - A lot of the APIs that parse out LLDP strings have been simplified so that they actually return strings, instead of char arrays with a length. To deal with possibly dangerous characters the strings are escaped if needed. - APIs to extract and format the chassis and port IDs as strings has been added. - lldp.h has been simplified a lot. The enums are anonymous now, since they were never used as enums, but simply as constants. Most definitions we don't actually use ourselves have eben removed.
2016-02-12man: fix typosJakub Wilk
2016-01-26networkd: optinally use DHCP lease domain info for routing onlyLennart Poettering
This changes the UseDomains= setting of .network files to take an optional third value "route", in addition to the boolean values. If set, the passed domain information is used for routing rules only, but not for the search path logic.
2016-01-26networkd: rework Domains= settingLennart Poettering
Previously, .network files only knew a vaguely defined "Domains=" concept, for which the documentation declared it was the "DNS domain" for the network connection, without specifying what that means. With this the Domains setting is reworked, so that there are now "routing" domains and "search" domains. The former are to be used by resolved to route DNS request to specific network interfaces, the latter is to be used for searching single-label hostnames with (in addition to being used for routing). Both settings are configured in the "Domains=" setting. Normal domain names listed in it are now considered search domains (for compatibility with existing setups), while those prefixed with "~" are considered routing domains only. To route all lookups to a specific interface the routing domain "." may be used, referring to the root domain. An alternative syntax for this is the "*", as was already implemented before using the "wildcard" domain concept. This commit adds proper parsers for this new logic, and exposes this via the sd-network API. This information is not used by resolved yet, this will be added in a later commit.
2016-01-06resolved: introduce support for per-interface negative trust anchorsLennart Poettering
2016-01-05resolved,networkd: add a per-interface DNSSEC settingLennart Poettering
This adds a DNSSEC= setting to .network files, and makes resolved honour them.
2016-01-05man: document that DNS= and Domains= is implemented by resolvedLennart Poettering
2016-01-05networkd,resolved: add a per-interface mdns configuration optionLennart Poettering
2015-12-26man: fix typosJakub Wilk