diff options
Diffstat (limited to 'sbin/ifconfig/ifconfig.8')
| -rw-r--r-- | sbin/ifconfig/ifconfig.8 | 410 | 
1 files changed, 328 insertions, 82 deletions
| diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index e059c172dd5c..d4f8d2b5747a 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,3 +1,6 @@ +.\"- +.\" SPDX-License-Identifier: BSD-3-Clause +.\"  .\" Copyright (c) 1983, 1991, 1993  .\"	The Regents of the University of California.  All rights reserved.  .\" @@ -25,10 +28,7 @@  .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF  .\" SUCH DAMAGE.  .\" -.\"     From: @(#)ifconfig.8	8.3 (Berkeley) 1/5/94 -.\" $FreeBSD$ -.\" -.Dd June 24, 2022 +.Dd October 12, 2025  .Dt IFCONFIG 8  .Os  .Sh NAME @@ -36,7 +36,8 @@  .Nd configure network interface parameters  .Sh SYNOPSIS  .Nm -.Op Fl kLmn +.Op Fl j Ar jid +.Op Fl DkLmn  .Op Fl f Ar type Ns Cm \&: Ns Ar format  .Ar interface  .Op Cm create @@ -49,11 +50,13 @@  .Oc  .Op Ar parameters  .Nm +.Op Fl j Ar jid  .Ar interface  .Cm destroy  .Nm +.Op Fl j Ar jid  .Fl a -.Op Fl dkLmuv +.Op Fl dDkLmuv  .Op Fl f Ar type Ns Cm \&: Ns Ar format  .Op Fl G Ar groupname  .Op Fl g Ar groupname @@ -61,13 +64,16 @@  .Nm  .Fl C  .Nm +.Op Fl j Ar jid  .Fl g Ar groupname  .Nm +.Op Fl j Ar jid  .Fl l  .Op Fl du  .Op Fl g Ar groupname  .Op Ar address_family  .Nm +.Op Fl j Ar jid  .Op Fl dkLmuv  .Op Fl f Ar type Ns Cm \&: Ns Ar format  .Sh DESCRIPTION @@ -99,6 +105,12 @@ with no additional information.  Use of this flag is mutually exclusive with all other flags and commands.  .It Fl d  Display only the interfaces that are down. +.It Fl D +Include the driver name and unit number of the interface in the output. +This is normally the original name of the interface, +even if it has been renamed; it may differ from the original name +in some cases, such as +.Xr epair 4 .  .It Fl f Xo  .Ar type Ns Cm \&: Ns Ar format Ns  .Op Cm \&, Ns Ar type Ns Cm \&: Ns Ar format Ar ... @@ -126,7 +138,7 @@ and their associated  .Ar format  strings are:  .Pp -.Bl -tag -width ether +.Bl -tag -width default  .It Cm addr  Adjust the display of inet and inet6 addresses:  .Pp @@ -150,6 +162,9 @@ Adjust the display of link-level ethernet (MAC) addresses:  Separate address segments with a colon  .It Cm dash  Separate address segments with a dash +.It Cm dotted +Dotted notation, for example: +.Ql 5254.0015.4a3b  .It Cm default  Default format,  .Cm colon @@ -188,15 +203,24 @@ Integer format, for example:  .Ql prefixlen 64  .El  .El +.Pp +In addition, the following shortcuts are accepted: +.Bl -tag -width default +.It Cm default +Resets all formats to their default values. +.It Cm cidr +Shortcut notation for +.Cm inet:cidr,inet6:cidr . +.El +.Pp  .It Fl G Ar groupname  Exclude members of the specified  .Ar groupname  from the output. -.Ar groupname .  .Pp -Only one option +Only one  .Fl G -should be specified as later override previous ones +option should be specified as later ones override earlier ones.  .Ar groupname  may contain shell patterns in which case it should be quoted.  .Pp @@ -222,9 +246,9 @@ lists names of interfaces belonging to  .Ar groupname .  Any other flags and arguments are ignored in this case.  .Pp -Only one option +Only one  .Fl g -should be specified as later override previous ones +option should be specified as later ones override earlier ones.  .Ar groupname  may contain shell patterns in which case it should be quoted.  .Pp @@ -233,6 +257,22 @@ Setting  to  .Cm all  selects all interfaces. +.It Fl j Ar jid +Perform the actions inside the jail specified by +.Ar jid , +which may be either a jail name or a numeric jail ID. +.Pp +The +.Nm +utility will attach to the specified jail immediately upon +encountering the option on the command line. +The option may be specified multiple times to attach to a nested jail +(jail within a jail). +.Pp +This makes it possible to configure network interfaces within a vnet +jail even if the +.Nm +binary is not available inside the jail.  .It Fl k  Print keying information for the  .Ar interface , @@ -408,11 +448,10 @@ of specifying the host portion, removing all NS addresses will  allow you to respecify the host portion.  .It Cm anycast  (Inet6 only.) -Specify that the address configured is an anycast address. -Based on the current specification, -only routers may configure anycast addresses. -Anycast address will not be used as source address of any of outgoing -IPv6 packets. +Specify that the address configured is an anycast address, +as described in RFC 4291 section 2.6. +Anycast addresses will not be used as source address of any outgoing +IPv6 packets unless an application explicitly binds to the address.  .It Cm arp  Enable the use of the Address Resolution Protocol  .Pq Xr arp 4 @@ -434,13 +473,17 @@ sending out requests and listening for replies.  .It Cm stickyarp  Enable the so-called sticky ARP mode for the interface.  If this option is enabled on the given interface, any resolved address is -marked as a static one and never expires. This may be used to increase +marked as a static one and never expires. +This may be used to increase  security of the network by preventing ARP spoofing or to reduce latency for  high-performance Ethernet networks where the time needed for ARP resolution is -too high. Please note that a similar feature is also provided for bridges. See +too high. +Please note that a similar feature is also provided for bridges. +See  the sticky option in the  .Sx Bridge Interface Parameters -section. Enabling this +section. +Enabling this  option may impact techniques which rely on ARP expiration/overwriting feature  such as load-balancers or high-availabity solutions such as  .Xr carp 4 . @@ -458,6 +501,10 @@ Enable driver dependent debugging code; usually, this turns on  extra console error logging.  .It Fl debug  Disable driver dependent debugging code. +.It Cm allmulti +Enable promiscuous mode for multicast packets. +.It Fl allmulti +Disable promiscuous mode for multicast packets.  .It Cm promisc  Put interface into permanently promiscuous mode.  .It Fl promisc @@ -484,16 +531,16 @@ This action does not automatically disable routes using the interface.  .It Cm group Ar groupname  Assign the interface to a  .Dq group . +The +.Ar groupname +may not be longer than 15 characters and must not end in a digit.  Any interface can be in multiple groups.  .Pp  Cloned interfaces are members of their interface family group by default. -For example, a PPP interface such as -.Em ppp0 -is a member of the PPP interface family group, -.Em ppp . -.\" The interface(s) the default route(s) point to are members of the -.\" .Em egress -.\" interface group. +For example, a VLAN interface such as +.Em vlan10 +is a member of the VLAN interface family group, +.Em vlan .  .It Cm -group Ar groupname  Remove the interface from the given  .Dq group . @@ -520,9 +567,11 @@ Specify tunnel FIB.  A FIB  .Ar fib_number  is assigned to all packets encapsulated by tunnel interface, e.g., -.Xr gif 4 +.Xr gif 4 , +.Xr gre 4 , +.Xr vxlan 4 ,  and -.Xr gre 4 . +.Xr wg 4 .  .It Cm maclabel Ar label  If Mandatory Access Control support is enabled in the kernel,  set the MAC label to @@ -682,7 +731,7 @@ buffers, enable them on the interface.  .It Fl mextpg  If the driver supports extended multi-page  .Xr mbuf 9 -biffers, disable them on the interface. +buffers, disable them on the interface.  .It Cm wol , wol_ucast , wol_mcast , wol_magic  Enable Wake On Lan (WOL) support, if available.  WOL is a facility whereby a machine in a low power state may be woken @@ -955,6 +1004,36 @@ Set a flag to disable Duplicate Address Detection.  .It Cm -no_dad  Clear a flag  .Cm no_dad . +.It Cm stableaddr +Set a flag to create SLAAC addresses using a stable algorithm according to RFC 7217 +The +.Xr sysctl 8 +variable +.Va net.inet6.ip6.use_stableaddr +controls whether this flag is set by default or not for newly created interfaces. +To get consistent defaults for interfaces created at boot it should be set as a tunable via loader.conf(8). +The +.Xr sysctl 8 +variable +.Va net.inet6.ip6.stableaddr_maxretries +sets the maximum number of retries to generate a unique IPv6 address to be performed in case of DAD failures. +This defaults to 3 which is also the reccommended minimum value. +The interface ID source can be configured using the +.Xr sysctl 8 +variable +.Va net.inet6.ip6.stableaddr_netifsource: +.Bl -tag -compact +.It Cm 0 +uses the interface name string (the default) +.It Cm 1 +uses the interface ID +.It Cm 2 +uses the MAC address of the interface (if one can be obtained for it) +.El +.Pp +.It Cm -stableaddr +Clear the flag +.Cm stableaddr .  .El  .Ss IPv6 Parameters  The following parameters are specific for IPv6 addresses. @@ -1039,7 +1118,7 @@ Legacy  .Cm wds  devices have a fixed peer relationship and do not, for example, roam  if their peer stops communicating. -For completeness a Dynamic WDS (DWDS) interface may marked as +For completeness a Dynamic WDS (DWDS) interface may be marked as  .Fl wdslegacy .  .It Cm bssid  Request a unique local mac address for the cloned device. @@ -1196,8 +1275,8 @@ Set the interval at which beacon frames are sent when operating in  ad-hoc or ap mode.  The  .Ar interval -parameter is specified in TU's (1024 usecs). -By default beacon frames are transmitted every 100 TU's. +parameter is specified in TUs (1024 usecs). +By default beacon frames are transmitted every 100 TUs.  .It Cm bmissthreshold Ar count  Set the number of consecutive missed beacons at which the station  will attempt to roam (i.e., search for a new access point). @@ -1854,8 +1933,8 @@ Use  .Fl powersave  to disable powersave operation when operating as a client.  .It Cm powersavesleep Ar sleep -Set the desired max powersave sleep time in TU's (1024 usecs). -By default the max powersave sleep time is 100 TU's. +Set the desired max powersave sleep time in TUs (1024 usecs). +By default the max powersave sleep time is 100 TUs.  .It Cm protmode Ar technique  For interfaces operating in 802.11g, use the specified  .Ar technique @@ -2445,12 +2524,27 @@ compatibility.  .Ss Bridge Interface Parameters  The following parameters are specific to bridge interfaces:  .Bl -tag -width indent -.It Cm addm Ar interface +.It Cm addm Ar interface Op Ar options ...  Add the interface named by  .Ar interface  as a member of the bridge.  The interface is put into promiscuous mode  so that it can receive every packet sent on the network. +.Pp +The interface name may be followed by one or more of the following +.Ar options : +.Bl -tag -width ".Cm untagged Ar vlan-id" +.It Cm untagged Ar vlan-id +Set the untagged VLAN identifier for the interface. +This is equivalent to the +.Cm ifuntagged +command. +.It Cm tagged Ar vlan-set +Set the allowed VLAN list for the interface. +This is equivalent to the +.Cm iftagged +command. +.El  .It Cm deletem Ar interface  Remove the interface named by  .Ar interface @@ -2471,15 +2565,23 @@ is zero, then address cache entries will not be expired.  The default is 1200 seconds.  .It Cm addr  Display the addresses that have been learned by the bridge. -.It Cm static Ar interface-name Ar address -Add a static entry into the address cache pointing to +.It Cm static Ar interface-name Ar address Op Cm vlan Ar vlan-id +Add a static entry into the address cache for pointing to  .Ar interface-name . +If +.Ar vlan-id +is specified, the entry is added for that VLAN, otherwise it is added +for VLAN 0. +.Pp  Static entries are never aged out of the cache or re-placed, even if the  address is seen on a different interface. -.It Cm deladdr Ar address +.It Cm deladdr Ar address Op Cm vlan Ar vlan-id  Delete  .Ar address -from the address cache. +from the address cache.  If +.Ar vlan-id +is specified, the entry is deleted from that VLAN's address table, +otherwise it is deleted from the VLAN 0 address table.  .It Cm flush  Delete all dynamically-learned addresses from the address cache.  .It Cm flushall @@ -2646,6 +2748,103 @@ Set the maximum number of hosts allowed from an interface, packets with unknown  source addresses are dropped until an existing host cache entry expires or is  removed.  Set to 0 to disable. +.It Cm vlanfilter +Enable VLAN filtering on the bridge. +Incoming frames on member interfaces will be dropped unless the frame +is explicitly permitted by the interface's +.Cm ifuntagged +or +.Cm iftagged +configuration. +.It Cm -vlanfilter +Disable VLAN filtering on the bridge. +This is the default. +.It Cm iftagged Ar interface Ar vlan-list +Set the interface's VLAN access list to the provided list of VLANs. +The list should be a comma-separated list of one or more VLAN IDs +or ranges formatted as +.Ar first-last , +the value +.Dq none +meaning the empty set, +or the value +.Dq all +meaning all VLANs (1-4094). +.Pp +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, all VLANs will be permitted. +.It Cm +iftagged Ar interface Ar vlan-list +Add the provided list of VLAN IDs to the interface's VLAN access list. +The list should be formatted as described for +.Cm iftagged . +.Pp +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, all VLANs will be permitted. +.It Cm -iftagged Ar interface Ar vlan-list +Remove the provided list of VLAN IDs from the interface's VLAN access +list. +The list should be formatted as described for +.Cm iftagged . +.Pp +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, all VLANs will be permitted. +.It Cm ifuntagged Ar interface Ar vlan-id +Set the untagged VLAN identifier for an interface. +Frames received on this interface without an 802.1Q tag will be assigned +to this VLAN instead of the default VLAN 0, +and outgoing frames on this VLAN will have their 802.1Q tag removed. +.It Cm -ifuntagged Ar interface +Clear the untagged VLAN identifier for an interface. +.It Cm defuntagged Ar vlan-id +Enable the +.Cm untagged +option by default on newly added members. +.It Cm -defuntagged +Do not enable the +.Cm untagged +option by default on newly added members. +This is the default. +.It Cm qinq Ar interface +Allow this interface to send 802.1ad +.Dq Q-in-Q +frames. +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, Q-in-Q frames are always allowed. +.It Cm -qinq Ar interface +Do not allow this interface to send 802.1ad +.Dq Q-in-Q +frames. +This is the default if the +.Cm vlanfilter +option is enabled. +.It Cm defqinq +Enable the +.Cm qinq +option by default on newly added members. +.It Cm -defqinq +Do not enable the +.Cm qinq +option by default on newly added members. +This is the default. +.It Cm ifvlanproto Ar interface Ar proto +Set the VLAN encapsulation protocol on +.Ar interface +to +.Ar proto , +which must be either +.Dq 802.1q +or +.Dq 802.1ad . +The default is +.Dq 802.1q .  .El  .Ss Link Aggregation and Link Failover Parameters  The following parameters are specific to lagg interfaces: @@ -2720,19 +2919,19 @@ Hash is calculated by using flowid bits in a packet header mbuf  which are shifted by the number of this parameter.  .It Cm use_numa  Enable selection of egress ports based on the native -.Xr NUMA 4 +.Xr numa 4  domain for the packets being transmitted.  This is currently only implemented for lacp mode.  This works only on -.Xr NUMA 4 +.Xr numa 4  hardware, running a kernel compiled with the -.Xr NUMA 4 +.Xr numa 4  option, and when interfaces from multiple -.Xr NUMA 4 +.Xr numa 4  domains are ports of the aggregation interface.  .It Cm -use_numa  Disable selection of egress ports based on the native -.Xr NUMA 4 +.Xr numa 4  domain for the packets being transmitted.  .It Cm lacp_fast_timeout  Enable lacp fast-timeout on the interface. @@ -2778,34 +2977,26 @@ interfaces previously configured with  Another name for the  .Fl tunnel  parameter. -.It Cm accept_rev_ethip_ver -Set a flag to accept both correct EtherIP packets and ones -with reversed version field. -Enabled by default. -This is for backward compatibility with -.Fx 6.1 , -6.2, 6.3, 7.0, and 7.1. -.It Cm -accept_rev_ethip_ver -Clear a flag -.Cm accept_rev_ethip_ver . +.It Cm noclamp +This flag prevents the MTU from being clamped to 1280 bytes, the +minimum MTU for IPv6, when the outer protocol is IPv6.  When the +flag is set, the MTU value configured on the interface will be +used instead of the fixed length of 1280 bytes. For more details, +please refer to the +.Ar MTU Configuration and Path MTU Discovery +section in +.Xr gif 4 . +.It Cm -noclamp +Clear the flag +.Cm noclamp .  .It Cm ignore_source  Set a flag to accept encapsulated packets destined to this host  independently from source address.  This may be useful for hosts, that receive encapsulated packets  from the load balancers.  .It Cm -ignore_source -Clear a flag +Clear the flag  .Cm ignore_source . -.It Cm send_rev_ethip_ver -Set a flag to send EtherIP packets with reversed version -field intentionally. -Disabled by default. -This is for backward compatibility with -.Fx 6.1 , -6.2, 6.3, 7.0, and 7.1. -.It Cm -send_rev_ethip_ver -Clear a flag -.Cm send_rev_ethip_ver .  .El  .Ss GRE Tunnel Parameters  The following parameters apply to GRE tunnel interfaces, @@ -2845,12 +3036,24 @@ to send and receive pfsync state synchronisation messages.  .It Fl syncdev  Stop sending pfsync state synchronisation messages over the network.  .It Cm syncpeer Ar peer_address -Make the pfsync link point-to-point rather than using -multicast to broadcast the state synchronisation messages. -The peer_address is the IP address of the other host taking part in -the pfsync cluster. +Set the destination address for the state synchronization messages sent. +The +.Ar peer_address +is normally the IPv4 or IPv6 address of the other host taking +part in the pfsync cluster. +.Pp +When the +.Ar peer_address +is set to a unicast IP address, the pfsync link will behave +as point-to-point rather than using multicast to broadcast the messages. +.Pp +When the +.Ar peer_address +is set to ff12::f0, the state synchronization +messages will be broadcast using multicast over IPv6.  .It Fl syncpeer -Broadcast the packets using multicast. +Unset the syncpeer. +Packets will then be broadcast using multicast over IPv4.  .It Cm maxupd Ar n  Set the maximum number of updates for a single state which  can be collapsed into one. @@ -2861,6 +3064,11 @@ acknowledged that the associated state has been inserted.  .It Fl defer  Do not defer the first packet in a state.  This is the default. +.It Fl version Ar n +Configure message format for compatibility with older versions of FreeBSD. +Refer to +.Xr pfsync 4 +for details.  .El  .Ss VLAN Parameters  The following parameters are specific to @@ -2882,17 +3090,15 @@ must both be set at the same time.  .It Cm vlanproto Ar vlan_proto  Set the VLAN encapsulation protocol to  .Ar vlan_proto . -Supported encapsulation protocols are currently -.Dq 802.1Q -and -.Dq 802.1ad . -The default encapsulation protocol is -.Dq 802.1Q . -The -.Dq 802.1ad -protocol is also commonly known as -.Dq QinQ ; -either name can be used. +Supported encapsulation protocols are currently: +.Bl -tag +.It Cm 802.1Q +Default. +.It Cm 802.1ad +.It Cm QinQ +Same as +.Cm 802.1ad . +.El  .It Cm vlanpcp Ar priority_code_point  Priority code point  .Pq Dv PCP @@ -3090,6 +3296,36 @@ The following states are recognized:  .Cm MASTER  and  .Cm BACKUP . +.It Cm peer Ar address +Set the address to send (IPv4) +.Xr carp 4 +announcements to. +.It Cm mcast +Restore the default destination address for (IPv4) +.Xr carp 4 +announcements, which is 224.0.0.18. +.It Cm peer6 Ar address +Set the address to send (IPv6) +.Xr carp 4 +announcements to. +.It Cm mcast6 +Restore the default destination address for (IPv4) +.Xr carp 4 +announcements, which is ff02::12. +.It Cm carpver +Set the protocol version. +Valid choices are 2 (for +.Xr carp 4) +and 3 (for VRRPv3). +This can only be set when +.Xr carp 4 +is initiated. +.It Cm vrrpprio +Set the VRRPv3 priority. +Valid values are 1-255. +.It Cm vrrpinterval +Set the VRRPv3 Master Advertisement Interval. +Values are in centiseconds.  .El  .Sh ENVIRONMENT  The following environment variables affect the execution of @@ -3231,6 +3467,16 @@ tried to alter an interface's configuration.  .Xr rc 8 ,  .Xr routed 8 ,  .Xr sysctl 8 +.Rs +.%R RFC 3484 +.%D February 2003 +.%T "Default Address Selection for Internet Protocol version 6 (IPv6)" +.Re +.Rs +.%R RFC 4291 +.%D February 2006 +.%T "IP Version 6 Addressing Architecture" +.Re  .Sh HISTORY  The  .Nm | 
