diff options
Diffstat (limited to 'sbin/ifconfig/ifconfig.8')
| -rw-r--r-- | sbin/ifconfig/ifconfig.8 | 138 |
1 files changed, 96 insertions, 42 deletions
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index b562f9e4c0c5..d4f8d2b5747a 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd August 5, 2025 +.Dd October 12, 2025 .Dt IFCONFIG 8 .Os .Sh NAME @@ -36,7 +36,7 @@ .Nd configure network interface parameters .Sh SYNOPSIS .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Op Fl DkLmn .Op Fl f Ar type Ns Cm \&: Ns Ar format .Ar interface @@ -50,11 +50,11 @@ .Oc .Op Ar parameters .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Ar interface .Cm destroy .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Fl a .Op Fl dDkLmuv .Op Fl f Ar type Ns Cm \&: Ns Ar format @@ -64,16 +64,16 @@ .Nm .Fl C .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Fl g Ar groupname .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Fl l .Op Fl du .Op Fl g Ar groupname .Op Ar address_family .Nm -.Op Fl j Ar jail +.Op Fl j Ar jid .Op Fl dkLmuv .Op Fl f Ar type Ns Cm \&: Ns Ar format .Sh DESCRIPTION @@ -257,22 +257,22 @@ Setting to .Cm all selects all interfaces. -.It Fl j Ar jail -Perform the actions inside the -.Ar jail . +.It Fl j Ar jid +Perform the actions inside the jail specified by +.Ar jid , +which may be either a jail name or a numeric jail ID. .Pp The -.Cm ifconfig -will first attach to the -.Ar jail -(by jail id or jail name) before performing the effects. -.Pp -This allow network interfaces of -.Ar jail -to be configured even if the -.Cm ifconfig -binary is not available in -.Ar jail . +.Nm +utility will attach to the specified jail immediately upon +encountering the option on the command line. +The option may be specified multiple times to attach to a nested jail +(jail within a jail). +.Pp +This makes it possible to configure network interfaces within a vnet +jail even if the +.Nm +binary is not available inside the jail. .It Fl k Print keying information for the .Ar interface , @@ -1004,6 +1004,36 @@ Set a flag to disable Duplicate Address Detection. .It Cm -no_dad Clear a flag .Cm no_dad . +.It Cm stableaddr +Set a flag to create SLAAC addresses using a stable algorithm according to RFC 7217 +The +.Xr sysctl 8 +variable +.Va net.inet6.ip6.use_stableaddr +controls whether this flag is set by default or not for newly created interfaces. +To get consistent defaults for interfaces created at boot it should be set as a tunable via loader.conf(8). +The +.Xr sysctl 8 +variable +.Va net.inet6.ip6.stableaddr_maxretries +sets the maximum number of retries to generate a unique IPv6 address to be performed in case of DAD failures. +This defaults to 3 which is also the reccommended minimum value. +The interface ID source can be configured using the +.Xr sysctl 8 +variable +.Va net.inet6.ip6.stableaddr_netifsource: +.Bl -tag -compact +.It Cm 0 +uses the interface name string (the default) +.It Cm 1 +uses the interface ID +.It Cm 2 +uses the MAC address of the interface (if one can be obtained for it) +.El +.Pp +.It Cm -stableaddr +Clear the flag +.Cm stableaddr . .El .Ss IPv6 Parameters The following parameters are specific for IPv6 addresses. @@ -2718,30 +2748,17 @@ Set the maximum number of hosts allowed from an interface, packets with unknown source addresses are dropped until an existing host cache entry expires or is removed. Set to 0 to disable. -.El -.Ss Bridge VLAN Filtering Parameters -The behaviour of these options is described in the -.Dq VLAN SUPPORT -section of -.Xr bridge 4 . -.Bl -tag -width indent .It Cm vlanfilter Enable VLAN filtering on the bridge. +Incoming frames on member interfaces will be dropped unless the frame +is explicitly permitted by the interface's +.Cm ifuntagged +or +.Cm iftagged +configuration. .It Cm -vlanfilter Disable VLAN filtering on the bridge. This is the default. -.It Cm ifuntagged Ar interface Ar vlan-id -Set the untagged VLAN identifier for an interface. -.It Cm -ifuntagged Ar interface Ar vlan-id -Clear the untagged VLAN identifier for an interface. -.It Cm defuntagged Ar vlan-id -Enable the -.Cm untagged -option by default on newly added members. -.It Cm -defuntagged -Do not enable the -.Cm untagged -option by default on newly added members. .It Cm iftagged Ar interface Ar vlan-list Set the interface's VLAN access list to the provided list of VLANs. The list should be a comma-separated list of one or more VLAN IDs @@ -2753,24 +2770,61 @@ meaning the empty set, or the value .Dq all meaning all VLANs (1-4094). +.Pp +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, all VLANs will be permitted. .It Cm +iftagged Ar interface Ar vlan-list Add the provided list of VLAN IDs to the interface's VLAN access list. The list should be formatted as described for .Cm iftagged . +.Pp +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, all VLANs will be permitted. .It Cm -iftagged Ar interface Ar vlan-list Remove the provided list of VLAN IDs from the interface's VLAN access list. The list should be formatted as described for .Cm iftagged . +.Pp +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, all VLANs will be permitted. +.It Cm ifuntagged Ar interface Ar vlan-id +Set the untagged VLAN identifier for an interface. +Frames received on this interface without an 802.1Q tag will be assigned +to this VLAN instead of the default VLAN 0, +and outgoing frames on this VLAN will have their 802.1Q tag removed. +.It Cm -ifuntagged Ar interface +Clear the untagged VLAN identifier for an interface. +.It Cm defuntagged Ar vlan-id +Enable the +.Cm untagged +option by default on newly added members. +.It Cm -defuntagged +Do not enable the +.Cm untagged +option by default on newly added members. +This is the default. .It Cm qinq Ar interface Allow this interface to send 802.1ad .Dq Q-in-Q frames. +This option is only meaningful if the +.Cm vlanfilter +option is enabled for the bridge; +otherwise, Q-in-Q frames are always allowed. .It Cm -qinq Ar interface Do not allow this interface to send 802.1ad .Dq Q-in-Q frames. -This is the default behavior. +This is the default if the +.Cm vlanfilter +option is enabled. .It Cm defqinq Enable the .Cm qinq @@ -2779,7 +2833,7 @@ option by default on newly added members. Do not enable the .Cm qinq option by default on newly added members. -This is the default behavior. +This is the default. .It Cm ifvlanproto Ar interface Ar proto Set the VLAN encapsulation protocol on .Ar interface |