summaryrefslogtreecommitdiff
path: root/man/systemd.network.xml
AgeCommit message (Collapse)Author
2016-01-26networkd: optinally use DHCP lease domain info for routing onlyLennart Poettering
This changes the UseDomains= setting of .network files to take an optional third value "route", in addition to the boolean values. If set, the passed domain information is used for routing rules only, but not for the search path logic.
2016-01-26networkd: rework Domains= settingLennart Poettering
Previously, .network files only knew a vaguely defined "Domains=" concept, for which the documentation declared it was the "DNS domain" for the network connection, without specifying what that means. With this the Domains setting is reworked, so that there are now "routing" domains and "search" domains. The former are to be used by resolved to route DNS request to specific network interfaces, the latter is to be used for searching single-label hostnames with (in addition to being used for routing). Both settings are configured in the "Domains=" setting. Normal domain names listed in it are now considered search domains (for compatibility with existing setups), while those prefixed with "~" are considered routing domains only. To route all lookups to a specific interface the routing domain "." may be used, referring to the root domain. An alternative syntax for this is the "*", as was already implemented before using the "wildcard" domain concept. This commit adds proper parsers for this new logic, and exposes this via the sd-network API. This information is not used by resolved yet, this will be added in a later commit.
2016-01-06resolved: introduce support for per-interface negative trust anchorsLennart Poettering
2016-01-05resolved,networkd: add a per-interface DNSSEC settingLennart Poettering
This adds a DNSSEC= setting to .network files, and makes resolved honour them.
2016-01-05man: document that DNS= and Domains= is implemented by resolvedLennart Poettering
2016-01-05networkd,resolved: add a per-interface mdns configuration optionLennart Poettering
2015-12-26man: fix typosJakub Wilk
2015-11-13networkd: stop managing per-interface IP forwarding settingsLennart Poettering
As it turns out the kernel does not support per-interface IPv6 packet forwarding controls (unlike as it does for IPv4), but only supports a global option (#1597). Also, the current per-interface management of the setting isn't really useful, as you want it to propagate to at least one more interface than the one you configure it on. This created much grief (#1411, #1808). Hence, let's roll this logic back and simplify this again, so that we can expose the same behaviour on IPv4 and IPv6 and things start to work automatically again for most folks: if a network with this setting set is set up we propagate the setting into the global setting, but this is strictly one-way: we never reset it again, and we do nothing for network interfaces where this setting is not enabled. Fixes: #1808, #1597.
2015-11-11networkd: IPv6 router discovery - follow IPv6AcceptRouterAdvertisemnt=Tom Gundersen
The previous behavior: When DHCPv6 was enabled, router discover was performed first, and then DHCPv6 was enabled only if the relevant flags were passed in the Router Advertisement message. Moreover, router discovery was performed even if AcceptRouterAdvertisements=false, moreover, even if router advertisements were accepted (by the kernel) the flags indicating that DHCPv6 should be performed were ignored. New behavior: If RouterAdvertisements are accepted, and either no routers are found, or an advertisement is received indicating DHCPv6 should be performed, the DHCPv6 client is started. Moreover, the DHCP option now truly enables the DHCPv6 client regardless of router discovery (though it will probably not be very useful to get a lease withotu any routes, this seems the more consistent approach). The recommended default setting should be to set DHCP=ipv4 and to leave IPv6AcceptRouterAdvertisements unset.
2015-11-10man: add man for IPV6 hop limitSusant Sahani
2015-11-06doc: correct orthography, word forms and missing/extraneous wordsJan Engelhardt
2015-11-06doc: correct punctuation and improve typography in documentationJan Engelhardt
2015-10-16man: add man for IPV6 DADSusant Sahani
2015-10-12man: describe IPv6AcceptRouterAdvertisements= betterZbigniew Jędrzejewski-Szmek
With the previous description it wasn't clear that the kernel default is being described. Add link to kernel docs.
2015-10-06Merge pull request #1452 from poettering/journal-vacuumDaniel Mack
A variety of journal vacuuming improvements, plus an nspawn fix
2015-10-03man: include numeric prefixes in example file names for .link, .netdev, ↵Lennart Poettering
.network files In order to avoid confusion with the default files we ship, let's use a low prefix number for all examples. Fixes #1409.
2015-09-24networkd: add support to configure preferred source of static routesJens Kuske
2015-09-12man: add support for accept ra manSusant Sahani
2015-08-31networkd: dhcp-server - allow configuration of the poolTom Gundersen
The constraints we place on the pool is that it is a contiguous sequence of addresses in the same subnet as the server address, not including the subnet nor broadcast addresses, but possibly including the server address itself. If the server address is included in the pool it is (obviously) reserved and not handed out to clients.
2015-08-27man: document the new DHCP settings added in the past commitsLennart Poettering
2015-08-20Adding bonding examples for systemd-networkdMajor Hayden
This commit provides some basic bonding configuration examples for .netdev and .network files.
2015-07-25Merge pull request #727 from phomes/masterTom Gundersen
man: typo fixes
2015-07-25man: typo fixesThomas Hindoe Paaboel Andersen
2015-07-25man: describe masking of .network files betterZbigniew Jędrzejewski-Szmek
This should clear up some confusion in https://github.com/systemd/systemd/issues/717. This basically copies the description from systemd.unit to this man page. Masking can happen also in /run, so strike the part about /etc, and also add the magic work "mask".
2015-07-24networkd: rename RootBlock to AllowPortToBeRootZbigniew Jędrzejewski-Szmek
Justification is similar to BPDUGuard rename. "Positive" values are easier. This is a rather uncommon option, so using a slightly longer name should not be a problem, and may in fact may make it easier to guess what the option does without reading the documentation.
2015-07-24networkd: turn UnicastFlood on by defaultZbigniew Jędrzejewski-Szmek
Looking at the kernel commit, "on" seems to be the default value: commit 867a59436fc35593ae0e0efcd56cc6d2f8506586 Author: Vlad Yasevich <vyasevic@redhat.com> Date: Wed Jun 5 10:08:01 2013 -0400 bridge: Add a flag to control unicast packet flood. Add a flag to control flood of unicast traffic. By default, flood is on and the bridge will flood unicast traffic if it doesn't know the destination. When the flag is turned off, unicast traffic without an FDB will not be forwarded to the specified port. ... and it seems to be the reasonable thing to do by default.
2015-07-24networkd: rename BPDUGuard to UseBPDUZbigniew Jędrzejewski-Szmek
Rename to follow the follow the style of other options. In general "positive" options are preferred to "negative" ones, because they are easier to describe and easier for humans to parse (c.f. the shortening on the man page entry).
2015-07-24man: reword new Bridge descriptionsZbigniew Jędrzejewski-Szmek
2015-07-24man: reword description of Hostname=Zbigniew Jędrzejewski-Szmek
Also add dots at the end of sentences.
2015-07-23man: add man for bridge paramsSusant Sahani
2015-07-11man: add manual for DHCP override hostnameSusant Sahani
2015-07-06networkd: various fixes for the IPv6 privacy extensions supportLennart Poettering
- Make sure that the IPv6PrivacyExtensions=yes results in prefer-temporary, not prefer-public. - Introduce special enum value "kernel" to leave setting unset, similar how we have it for the IP forwarding settings. - Bring the enum values in sync with the the strings we parse for them, to the level this makes sense (specifically, rename "disabled" to "no", and "prefer-temporary" to "yes"). - Make sure we really set the value to to "no" by default, the way it is already documented in the man page. - Fix whitespace error. - Make sure link_ipv6_privacy_extensions() actually returns the correct enum type, rather than implicitly casting it to "bool". - properly size formatting buffer for ipv6 sysctl value - Don't complain if /proc/sys isn't writable - Document that the enum follows the kernel's own values (0 = off, 1 = prefer-public, 2 = prefer-temporary) - Drop redundant negating of error code passed to log_syntax() - Manpage fixes This fixes a number of issues from PR #417
2015-07-05Merge pull request #417 from ssahani/ipv6-privateDaniel Mack
Ipv6 private extensions
2015-07-05man: add manual for ipv6 privacy extensionSusant Sahani
2015-07-04man: fix sysctl references in networkd-manpageDavid Herrmann
We refer to the same sysctl-setting twice, which is misleading. Correctly list all global forwarding options. As we _always_ change the forwarding setting on links, they will get disabled by default. The global sysctl defaults thus will not have any effect.
2015-06-18man: revert dynamic paths for split-usr setupsTom Gundersen
This did not really work out as we had hoped. Trying to do this upstream introduced several problems that probably makes it better suited as a downstream patch after all. At any rate, it is not releaseable in the current state, so we at least need to revert this before the release. * by adjusting the path to binaries, but not do the same thing to the search path we end up with inconsistent man-pages. Adjusting the search path too would be quite messy, and it is not at all obvious that this is worth the effort, but at any rate it would have to be done before we could ship this. * this means that distributed man-pages does not make sense as they depend on config options, and for better or worse we are still distributing man pages, so that is something that definitely needs sorting out before we could ship with this patch. * we have long held that split-usr is only minimally supported in order to boot, and something we hope will eventually go away. So before we start adding even more magic/effort in order to make this work nicely, we should probably question if it makes sense at all.
2015-06-11man: document IPForward=kernel optionNick Owens
2015-06-08Revert "networkd: create "kernel" setting for IPForwarding"Lennart Poettering
2015-06-02man: document IPForward=kernel optionNick Owens
2015-06-02man: replace hard-coded /usr/libDaniel Mack
Replace some /usr/lib occurences in man/ with &rootprefix;/lib.
2015-05-28man: generate configured paths in manpagesFilipe Brandenburger
In particular, use /lib/systemd instead of /usr/lib/systemd in distributions like Debian which still have not adopted a /usr merge setup. Use XML entities from man/custom-entities.ent to replace configured paths while doing XSLT processing of the original XML files. There was precedent of some files (such as systemd.generator.xml) which were already using this approach. This addresses most of the (manual) fixes from this patch: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/patches/Fix-paths-in-man-pages.patch?h=experimental-220 The idea of using generic XML entities was presented here: http://lists.freedesktop.org/archives/systemd-devel/2015-May/032240.html This patch solves almost all the issues, with the exception of: - Path to /bin/mount and /bin/umount. - Generic statements about preference of /lib over /etc. These will be handled separately by follow up patches. Tested: - With default configure settings, ran "make install" to two separate directories and compared the output to confirm they matched exactly. - Used a set of configure flags including $CONFFLAGS from Debian: http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/rules Installed the tree and confirmed the paths use /lib/systemd instead of /usr/lib/systemd and that no other unexpected differences exist. - Confirmed that `make distcheck` still passes.
2015-05-18man: explain UseDomains a bit moreZbigniew Jędrzejewski-Szmek
https://bugs.freedesktop.org/show_bug.cgi?id=85397
2015-05-15man: IPMasquerade only implies IPForward=ipv4Benedikt Morbach
at least that's what the code does.
2015-05-15networkd: don't touch global forwarding settingBenedikt Morbach
This reverts commit 43c6d5abacaebf813845934ec8d5e5ee3c431854 (and a small part of 4046d8361c55c80ab8577aea52523b9e6eab0d0c) It turns out we don't actually need to set the global ip_forward setting. The only relevant setting is the one on each interface. What the global toggle actually does is switch forwarding on/off for all currently present interfaces and change the default for new ones. That means that by setting the global ip_forward we - Introduce a race condition, because if the interface with IPForward=yes is brought up after one with IPForward=no, both will have forwarding enabled, because the global switch turns it on for all interfaces. If the other interface comes up first networkd correctly sets forward=0 and it doesn't get overridden. - Change the forwarding setting for interfaces that networkd is not configured to touch, even if the user disabled forwarding via sysctl, either globally or per-interface As forwarding works fine without this, as long as all relevant interfacest individually set IPForward=yes: just drop it This means that non-networkd interfaces use the global default while networkd interfaces default to off if IPForward isn't given.
2015-04-28man: clarify that only the first .network file with a matching [Match] mattersLennart Poettering
http://lists.freedesktop.org/archives/systemd-devel/2015-April/031294.html
2015-04-24man: extend documentation on IPForward= and IPMasquerade=Lennart Poettering
Mention the default values, and clarify how this relates to the underlying sysctls.
2015-03-15network: add UseNTP DHCP optionMichael Marineau
Despite having the internal logic in place to enable/disable using NTP servers provided by DHCP the network config didn't expose the option.
2015-03-13man: fix a bunch of linksZbigniew Jędrzejewski-Szmek
All hail linkchecker!
2015-03-13man: update example 2 in systemd.network(5)Zbigniew Jędrzejewski-Szmek
none/both/v4/v6 are deprecated in favour of no/yes/ipv4/ipv6. https://bugs.freedesktop.org/show_bug.cgi?id=89221
2015-03-09Fix typosTorstein Husebø