diff options
Diffstat (limited to 'sbin/ifconfig/ifconfig.8')
| -rw-r--r-- | sbin/ifconfig/ifconfig.8 | 363 |
1 files changed, 285 insertions, 78 deletions
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index 1dc4c2e1b56d..d4f8d2b5747a 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,3 +1,6 @@ +.\"- +.\" SPDX-License-Identifier: BSD-3-Clause +.\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. .\" @@ -25,9 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" From: @(#)ifconfig.8 8.3 (Berkeley) 1/5/94 -.\" -.Dd June 20, 2023 +.Dd October 12, 2025 .Dt IFCONFIG 8 .Os .Sh NAME @@ -35,8 +36,8 @@ .Nd configure network interface parameters .Sh SYNOPSIS .Nm -.Op Fl j Ar jail -.Op Fl kLmn +.Op Fl j Ar jid +.Op Fl DkLmn .Op Fl f Ar type Ns Cm \&: Ns Ar format .Ar interface .Op Cm create @@ -49,13 +50,13 @@ .Oc .Op Ar parameters .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Ar interface .Cm destroy .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Fl a -.Op Fl dkLmuv +.Op Fl dDkLmuv .Op Fl f Ar type Ns Cm \&: Ns Ar format .Op Fl G Ar groupname .Op Fl g Ar groupname @@ -63,16 +64,16 @@ .Nm .Fl C .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Fl g Ar groupname .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Fl l .Op Fl du .Op Fl g Ar groupname .Op Ar address_family .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Op Fl dkLmuv .Op Fl f Ar type Ns Cm \&: Ns Ar format .Sh DESCRIPTION @@ -104,6 +105,12 @@ with no additional information. Use of this flag is mutually exclusive with all other flags and commands. .It Fl d Display only the interfaces that are down. +.It Fl D +Include the driver name and unit number of the interface in the output. +This is normally the original name of the interface, +even if it has been renamed; it may differ from the original name +in some cases, such as +.Xr epair 4 . .It Fl f Xo .Ar type Ns Cm \&: Ns Ar format Ns .Op Cm \&, Ns Ar type Ns Cm \&: Ns Ar format Ar ... @@ -131,7 +138,7 @@ and their associated .Ar format strings are: .Pp -.Bl -tag -width ether +.Bl -tag -width default .It Cm addr Adjust the display of inet and inet6 addresses: .Pp @@ -196,15 +203,24 @@ Integer format, for example: .Ql prefixlen 64 .El .El +.Pp +In addition, the following shortcuts are accepted: +.Bl -tag -width default +.It Cm default +Resets all formats to their default values. +.It Cm cidr +Shortcut notation for +.Cm inet:cidr,inet6:cidr . +.El +.Pp .It Fl G Ar groupname Exclude members of the specified .Ar groupname from the output. -.Ar groupname . .Pp -Only one option +Only one .Fl G -should be specified as later override previous ones +option should be specified as later ones override earlier ones. .Ar groupname may contain shell patterns in which case it should be quoted. .Pp @@ -230,9 +246,9 @@ lists names of interfaces belonging to .Ar groupname . Any other flags and arguments are ignored in this case. .Pp -Only one option +Only one .Fl g -should be specified as later override previous ones +option should be specified as later ones override earlier ones. .Ar groupname may contain shell patterns in which case it should be quoted. .Pp @@ -241,22 +257,22 @@ Setting to .Cm all selects all interfaces. -.It Fl j Ar jail -Perform the actions inside the -.Ar jail . +.It Fl j Ar jid +Perform the actions inside the jail specified by +.Ar jid , +which may be either a jail name or a numeric jail ID. .Pp The -.Cm ifconfig -will first attach to the -.Ar jail -(by jail id or jail name) before performing the effects. -.Pp -This allow network interfaces of -.Ar jail -to be configured even if the -.Cm ifconfig -binary is not available in -.Ar jail . +.Nm +utility will attach to the specified jail immediately upon +encountering the option on the command line. +The option may be specified multiple times to attach to a nested jail +(jail within a jail). +.Pp +This makes it possible to configure network interfaces within a vnet +jail even if the +.Nm +binary is not available inside the jail. .It Fl k Print keying information for the .Ar interface , @@ -432,11 +448,10 @@ of specifying the host portion, removing all NS addresses will allow you to respecify the host portion. .It Cm anycast (Inet6 only.) -Specify that the address configured is an anycast address. -Based on the current specification, -only routers may configure anycast addresses. -Anycast address will not be used as source address of any of outgoing -IPv6 packets. +Specify that the address configured is an anycast address, +as described in RFC 4291 section 2.6. +Anycast addresses will not be used as source address of any outgoing +IPv6 packets unless an application explicitly binds to the address. .It Cm arp Enable the use of the Address Resolution Protocol .Pq Xr arp 4 @@ -458,13 +473,17 @@ sending out requests and listening for replies. .It Cm stickyarp Enable the so-called sticky ARP mode for the interface. If this option is enabled on the given interface, any resolved address is -marked as a static one and never expires. This may be used to increase +marked as a static one and never expires. +This may be used to increase security of the network by preventing ARP spoofing or to reduce latency for high-performance Ethernet networks where the time needed for ARP resolution is -too high. Please note that a similar feature is also provided for bridges. See +too high. +Please note that a similar feature is also provided for bridges. +See the sticky option in the .Sx Bridge Interface Parameters -section. Enabling this +section. +Enabling this option may impact techniques which rely on ARP expiration/overwriting feature such as load-balancers or high-availabity solutions such as .Xr carp 4 . @@ -482,6 +501,10 @@ Enable driver dependent debugging code; usually, this turns on extra console error logging. .It Fl debug Disable driver dependent debugging code. +.It Cm allmulti +Enable promiscuous mode for multicast packets. +.It Fl allmulti +Disable promiscuous mode for multicast packets. .It Cm promisc Put interface into permanently promiscuous mode. .It Fl promisc @@ -545,9 +568,10 @@ A FIB .Ar fib_number is assigned to all packets encapsulated by tunnel interface, e.g., .Xr gif 4 , -.Xr gre 4 +.Xr gre 4 , +.Xr vxlan 4 , and -.Xr vxlan 4 . +.Xr wg 4 . .It Cm maclabel Ar label If Mandatory Access Control support is enabled in the kernel, set the MAC label to @@ -707,7 +731,7 @@ buffers, enable them on the interface. .It Fl mextpg If the driver supports extended multi-page .Xr mbuf 9 -biffers, disable them on the interface. +buffers, disable them on the interface. .It Cm wol , wol_ucast , wol_mcast , wol_magic Enable Wake On Lan (WOL) support, if available. WOL is a facility whereby a machine in a low power state may be woken @@ -980,6 +1004,36 @@ Set a flag to disable Duplicate Address Detection. .It Cm -no_dad Clear a flag .Cm no_dad . +.It Cm stableaddr +Set a flag to create SLAAC addresses using a stable algorithm according to RFC 7217 +The +.Xr sysctl 8 +variable +.Va net.inet6.ip6.use_stableaddr +controls whether this flag is set by default or not for newly created interfaces. +To get consistent defaults for interfaces created at boot it should be set as a tunable via loader.conf(8). +The +.Xr sysctl 8 +variable +.Va net.inet6.ip6.stableaddr_maxretries +sets the maximum number of retries to generate a unique IPv6 address to be performed in case of DAD failures. +This defaults to 3 which is also the reccommended minimum value. +The interface ID source can be configured using the +.Xr sysctl 8 +variable +.Va net.inet6.ip6.stableaddr_netifsource: +.Bl -tag -compact +.It Cm 0 +uses the interface name string (the default) +.It Cm 1 +uses the interface ID +.It Cm 2 +uses the MAC address of the interface (if one can be obtained for it) +.El +.Pp +.It Cm -stableaddr +Clear the flag +.Cm stableaddr . .El .Ss IPv6 Parameters The following parameters are specific for IPv6 addresses. @@ -1064,7 +1118,7 @@ Legacy .Cm wds devices have a fixed peer relationship and do not, for example, roam if their peer stops communicating. -For completeness a Dynamic WDS (DWDS) interface may marked as +For completeness a Dynamic WDS (DWDS) interface may be marked as .Fl wdslegacy . .It Cm bssid Request a unique local mac address for the cloned device. @@ -1221,8 +1275,8 @@ Set the interval at which beacon frames are sent when operating in ad-hoc or ap mode. The .Ar interval -parameter is specified in TU's (1024 usecs). -By default beacon frames are transmitted every 100 TU's. +parameter is specified in TUs (1024 usecs). +By default beacon frames are transmitted every 100 TUs. .It Cm bmissthreshold Ar count Set the number of consecutive missed beacons at which the station will attempt to roam (i.e., search for a new access point). @@ -1879,8 +1933,8 @@ Use .Fl powersave to disable powersave operation when operating as a client. .It Cm powersavesleep Ar sleep -Set the desired max powersave sleep time in TU's (1024 usecs). -By default the max powersave sleep time is 100 TU's. +Set the desired max powersave sleep time in TUs (1024 usecs). +By default the max powersave sleep time is 100 TUs. .It Cm protmode Ar technique For interfaces operating in 802.11g, use the specified .Ar technique @@ -2470,12 +2524,27 @@ compatibility. .Ss Bridge Interface Parameters The following parameters are specific to bridge interfaces: .Bl -tag -width indent -.It Cm addm Ar interface +.It Cm addm Ar interface Op Ar options ... Add the interface named by .Ar interface as a member of the bridge. The interface is put into promiscuous mode so that it can receive every packet sent on the network. +.Pp +The interface name may be followed by one or more of the following +.Ar options : +.Bl -tag -width ".Cm untagged Ar vlan-id" +.It Cm untagged Ar vlan-id +Set the untagged VLAN identifier for the interface. +This is equivalent to the +.Cm ifuntagged +command. +.It Cm tagged Ar vlan-set +Set the allowed VLAN list for the interface. +This is equivalent to the +.Cm iftagged +command. +.El .It Cm deletem Ar interface Remove the interface named by .Ar interface @@ -2496,15 +2565,23 @@ is zero, then address cache entries will not be expired. The default is 1200 seconds. .It Cm addr Display the addresses that have been learned by the bridge. -.It Cm static Ar interface-name Ar address -Add a static entry into the address cache pointing to +.It Cm static Ar interface-name Ar address Op Cm vlan Ar vlan-id +Add a static entry into the address cache for pointing to .Ar interface-name . +If +.Ar vlan-id +is specified, the entry is added for that VLAN, otherwise it is added +for VLAN 0. +.Pp Static entries are never aged out of the cache or re-placed, even if the address is seen on a different interface. -.It Cm deladdr Ar address +.It Cm deladdr Ar address Op Cm vlan Ar vlan-id Delete .Ar address -from the address cache. +from the address cache. If +.Ar vlan-id +is specified, the entry is deleted from that VLAN's address table, +otherwise it is deleted from the VLAN 0 address table. .It Cm flush Delete all dynamically-learned addresses from the address cache. .It Cm flushall @@ -2671,6 +2748,103 @@ Set the maximum number of hosts allowed from an interface, packets with unknown source addresses are dropped until an existing host cache entry expires or is removed. Set to 0 to disable. +.It Cm vlanfilter +Enable VLAN filtering on the bridge. +Incoming frames on member interfaces will be dropped unless the frame +is explicitly permitted by the interface's +.Cm ifuntagged +or +.Cm iftagged +configuration. +.It Cm -vlanfilter +Disable VLAN filtering on the bridge. +This is the default. +.It Cm iftagged Ar interface Ar vlan-list +Set the interface's VLAN access list to the provided list of VLANs. +The list should be a comma-separated list of one or more VLAN IDs +or ranges formatted as +.Ar first-last , +the value +.Dq none +meaning the empty set, +or the value +.Dq all +meaning all VLANs (1-4094). +.Pp +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, all VLANs will be permitted. +.It Cm +iftagged Ar interface Ar vlan-list +Add the provided list of VLAN IDs to the interface's VLAN access list. +The list should be formatted as described for +.Cm iftagged . +.Pp +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, all VLANs will be permitted. +.It Cm -iftagged Ar interface Ar vlan-list +Remove the provided list of VLAN IDs from the interface's VLAN access +list. +The list should be formatted as described for +.Cm iftagged . +.Pp +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, all VLANs will be permitted. +.It Cm ifuntagged Ar interface Ar vlan-id +Set the untagged VLAN identifier for an interface. +Frames received on this interface without an 802.1Q tag will be assigned +to this VLAN instead of the default VLAN 0, +and outgoing frames on this VLAN will have their 802.1Q tag removed. +.It Cm -ifuntagged Ar interface +Clear the untagged VLAN identifier for an interface. +.It Cm defuntagged Ar vlan-id +Enable the +.Cm untagged +option by default on newly added members. +.It Cm -defuntagged +Do not enable the +.Cm untagged +option by default on newly added members. +This is the default. +.It Cm qinq Ar interface +Allow this interface to send 802.1ad +.Dq Q-in-Q +frames. +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, Q-in-Q frames are always allowed. +.It Cm -qinq Ar interface +Do not allow this interface to send 802.1ad +.Dq Q-in-Q +frames. +This is the default if the +.Cm vlanfilter +option is enabled. +.It Cm defqinq +Enable the +.Cm qinq +option by default on newly added members. +.It Cm -defqinq +Do not enable the +.Cm qinq +option by default on newly added members. +This is the default. +.It Cm ifvlanproto Ar interface Ar proto +Set the VLAN encapsulation protocol on +.Ar interface +to +.Ar proto , +which must be either +.Dq 802.1q +or +.Dq 802.1ad . +The default is +.Dq 802.1q . .El .Ss Link Aggregation and Link Failover Parameters The following parameters are specific to lagg interfaces: @@ -2803,34 +2977,26 @@ interfaces previously configured with Another name for the .Fl tunnel parameter. -.It Cm accept_rev_ethip_ver -Set a flag to accept both correct EtherIP packets and ones -with reversed version field. -Enabled by default. -This is for backward compatibility with -.Fx 6.1 , -6.2, 6.3, 7.0, and 7.1. -.It Cm -accept_rev_ethip_ver -Clear a flag -.Cm accept_rev_ethip_ver . +.It Cm noclamp +This flag prevents the MTU from being clamped to 1280 bytes, the +minimum MTU for IPv6, when the outer protocol is IPv6. When the +flag is set, the MTU value configured on the interface will be +used instead of the fixed length of 1280 bytes. For more details, +please refer to the +.Ar MTU Configuration and Path MTU Discovery +section in +.Xr gif 4 . +.It Cm -noclamp +Clear the flag +.Cm noclamp . .It Cm ignore_source Set a flag to accept encapsulated packets destined to this host independently from source address. This may be useful for hosts, that receive encapsulated packets from the load balancers. .It Cm -ignore_source -Clear a flag +Clear the flag .Cm ignore_source . -.It Cm send_rev_ethip_ver -Set a flag to send EtherIP packets with reversed version -field intentionally. -Disabled by default. -This is for backward compatibility with -.Fx 6.1 , -6.2, 6.3, 7.0, and 7.1. -.It Cm -send_rev_ethip_ver -Clear a flag -.Cm send_rev_ethip_ver . .El .Ss GRE Tunnel Parameters The following parameters apply to GRE tunnel interfaces, @@ -2870,12 +3036,24 @@ to send and receive pfsync state synchronisation messages. .It Fl syncdev Stop sending pfsync state synchronisation messages over the network. .It Cm syncpeer Ar peer_address -Make the pfsync link point-to-point rather than using -multicast to broadcast the state synchronisation messages. -The peer_address is the IP address of the other host taking part in -the pfsync cluster. +Set the destination address for the state synchronization messages sent. +The +.Ar peer_address +is normally the IPv4 or IPv6 address of the other host taking +part in the pfsync cluster. +.Pp +When the +.Ar peer_address +is set to a unicast IP address, the pfsync link will behave +as point-to-point rather than using multicast to broadcast the messages. +.Pp +When the +.Ar peer_address +is set to ff12::f0, the state synchronization +messages will be broadcast using multicast over IPv6. .It Fl syncpeer -Broadcast the packets using multicast. +Unset the syncpeer. +Packets will then be broadcast using multicast over IPv4. .It Cm maxupd Ar n Set the maximum number of updates for a single state which can be collapsed into one. @@ -2886,6 +3064,11 @@ acknowledged that the associated state has been inserted. .It Fl defer Do not defer the first packet in a state. This is the default. +.It Fl version Ar n +Configure message format for compatibility with older versions of FreeBSD. +Refer to +.Xr pfsync 4 +for details. .El .Ss VLAN Parameters The following parameters are specific to @@ -3129,6 +3312,20 @@ announcements to. Restore the default destination address for (IPv4) .Xr carp 4 announcements, which is ff02::12. +.It Cm carpver +Set the protocol version. +Valid choices are 2 (for +.Xr carp 4) +and 3 (for VRRPv3). +This can only be set when +.Xr carp 4 +is initiated. +.It Cm vrrpprio +Set the VRRPv3 priority. +Valid values are 1-255. +.It Cm vrrpinterval +Set the VRRPv3 Master Advertisement Interval. +Values are in centiseconds. .El .Sh ENVIRONMENT The following environment variables affect the execution of @@ -3270,6 +3467,16 @@ tried to alter an interface's configuration. .Xr rc 8 , .Xr routed 8 , .Xr sysctl 8 +.Rs +.%R RFC 3484 +.%D February 2003 +.%T "Default Address Selection for Internet Protocol version 6 (IPv6)" +.Re +.Rs +.%R RFC 4291 +.%D February 2006 +.%T "IP Version 6 Addressing Architecture" +.Re .Sh HISTORY The .Nm |