logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

ip-link.8 (72627B)


  1. .TH IP\-LINK 8 "13 Dec 2012" "iproute2" "Linux"
  2. .SH "NAME"
  3. ip-link \- network device configuration
  4. .SH "SYNOPSIS"
  5. .sp
  6. .ad l
  7. .in +8
  8. .ti -8
  9. .B ip link
  10. .RI " { " COMMAND " | "
  11. .BR help " }"
  12. .sp
  13. .ti -8
  14. .BI "ip link add"
  15. .RB "[ " link
  16. .IR DEVICE " ]"
  17. .RB "[ " name " ]"
  18. .I NAME
  19. .br
  20. .RB "[ " txqueuelen
  21. .IR PACKETS " ]"
  22. .br
  23. .RB "[ " address
  24. .IR LLADDR " ]"
  25. .RB "[ " broadcast
  26. .IR LLADDR " ]"
  27. .br
  28. .RB "[ " mtu
  29. .IR MTU " ]"
  30. .RB "[ " index
  31. .IR IDX " ]"
  32. .br
  33. .RB "[ " numtxqueues
  34. .IR QUEUE_COUNT " ]"
  35. .RB "[ " numrxqueues
  36. .IR QUEUE_COUNT " ]"
  37. .br
  38. .RB "[ " gso_max_size
  39. .IR BYTES " ]"
  40. .RB "[ " gso_ipv4_max_size
  41. .IR BYTES " ]"
  42. .RB "[ " gso_max_segs
  43. .IR SEGMENTS " ]"
  44. .br
  45. .RB "[ " gro_max_size
  46. .IR BYTES " ]"
  47. .RB "[ " gro_ipv4_max_size
  48. .IR BYTES " ]"
  49. .br
  50. .RB "[ " netns " {"
  51. .IR PID " | " NETNSNAME " | " NETNSFILE " } ]"
  52. .br
  53. .BI type " TYPE"
  54. .RI "[ " ARGS " ]"
  55. .ti -8
  56. .BR "ip link delete " {
  57. .IR DEVICE " | "
  58. .BI "group " GROUP
  59. }
  60. .BI type " TYPE"
  61. .RI "[ " ARGS " ]"
  62. .ti -8
  63. .BR "ip link set " {
  64. .IR DEVICE " | "
  65. .BI "group " GROUP
  66. }
  67. .br
  68. .RB "[ { " up " | " down " } ]"
  69. .br
  70. .RB "[ " type
  71. .IR "ETYPE TYPE_ARGS" " ]"
  72. .br
  73. .RB "[ " arp " { " on " | " off " } ]"
  74. .br
  75. .RB "[ " dynamic " { " on " | " off " } ]"
  76. .br
  77. .RB "[ " multicast " { " on " | " off " } ]"
  78. .br
  79. .RB "[ " allmulticast " { " on " | " off " } ]"
  80. .br
  81. .RB "[ " promisc " { " on " | " off " } ]"
  82. .br
  83. .RB "[ " protodown " { " on " | " off " } ]"
  84. .br
  85. .RB "[ " protodown_reason
  86. .IR PREASON " { " on " | " off " } ]"
  87. .br
  88. .RB "[ " trailers " { " on " | " off " } ]"
  89. .br
  90. .RB "[ " txqueuelen
  91. .IR PACKETS " ]"
  92. .br
  93. .RB "[ " gso_max_size
  94. .IR BYTES " ]"
  95. .RB "[ " gso_ipv4_max_size
  96. .IR BYTES " ]"
  97. .RB "[ " gso_max_segs
  98. .IR SEGMENTS " ]"
  99. .br
  100. .RB "[ " gro_max_size
  101. .IR BYTES " ]"
  102. .RB "[ " gro_ipv4_max_size
  103. .IR BYTES " ]"
  104. .br
  105. .RB "[ " name
  106. .IR NEWNAME " ]"
  107. .br
  108. .RB "[ " address
  109. .IR LLADDR " ]"
  110. .br
  111. .RB "[ " broadcast
  112. .IR LLADDR " ]"
  113. .br
  114. .RB "[ " mtu
  115. .IR MTU " ]"
  116. .br
  117. .RB "[ " netns " {"
  118. .IR PID " | " NETNSNAME " | " NETNSFILE " } ]"
  119. .br
  120. .RB "[ " link-netnsid
  121. .IR ID " ]"
  122. .br
  123. .RB "[ " alias
  124. .IR NAME " ]"
  125. .br
  126. .RB "[ " vf
  127. .IR NUM " ["
  128. .B mac
  129. .IR LLADDR " ]"
  130. .br
  131. .in +9
  132. .RI "[ " VFVLAN-LIST " ]"
  133. .br
  134. .RB "[ " rate
  135. .IR TXRATE " ]"
  136. .br
  137. .RB "[ " max_tx_rate
  138. .IR TXRATE " ]"
  139. .br
  140. .RB "[ " min_tx_rate
  141. .IR TXRATE " ]"
  142. .br
  143. .RB "[ " spoofchk " { " on " | " off " } ]"
  144. .br
  145. .RB "[ " query_rss " { " on " | " off " } ]"
  146. .br
  147. .RB "[ " state " { " auto " | " enable " | " disable " } ]"
  148. .br
  149. .RB "[ " trust " { " on " | " off " } ]"
  150. .br
  151. .RB "[ " node_guid " eui64 ]"
  152. .br
  153. .RB "[ " port_guid " eui64 ] ]"
  154. .br
  155. .in -9
  156. .RB "[ { " xdp " | " xdpgeneric " | " xdpdrv " | " xdpoffload " } { " off " | "
  157. .br
  158. .in +8
  159. .BR object
  160. .IR FILE
  161. .RB "[ { " section " | " program " } "
  162. .IR NAME " ]"
  163. .RB "[ " verbose " ] |"
  164. .br
  165. .BR pinned
  166. .IR FILE " } ]"
  167. .br
  168. .in -8
  169. .RB "[ " master
  170. .IR DEVICE " ]"
  171. .br
  172. .RB "[ " nomaster " ]"
  173. .br
  174. .RB "[ " vrf
  175. .IR NAME " ]"
  176. .br
  177. .RB "[ " addrgenmode " { " eui64 " | " none " | " stable_secret " | " random " } ]"
  178. .br
  179. .RB "[ " macaddr
  180. .RI "[ " MACADDR " ]"
  181. .br
  182. .in +10
  183. .RB "[ { " flush " | " add " | " del " } "
  184. .IR MACADDR " ]"
  185. .br
  186. .RB "[ " set
  187. .IR MACADDR " ] ]"
  188. .br
  189. .ti -8
  190. .B ip link show
  191. .RI "[ " DEVICE " | "
  192. .B group
  193. .IR GROUP " ] ["
  194. .BR up " ] ["
  195. .B master
  196. .IR DEVICE " ] ["
  197. .B type
  198. .IR ETYPE " ] ["
  199. .B vrf
  200. .IR NAME " ] ["
  201. .BR nomaster " ]"
  202. .ti -8
  203. .B ip link xstats
  204. .BI type " TYPE"
  205. .RI "[ " ARGS " ]"
  206. .ti -8
  207. .B ip link afstats
  208. .RB "[ " dev
  209. .IR DEVICE " ]"
  210. .ti -8
  211. .B ip link help
  212. .RI "[ " TYPE " ]"
  213. .ti -8
  214. .IR TYPE " := [ "
  215. .BR amt " | "
  216. .BR bareudp " |"
  217. .BR bond " | "
  218. .BR bridge " | "
  219. .BR can " | "
  220. .BR dsa " | "
  221. .BR dummy " | "
  222. .BR erspan " |"
  223. .BR geneve " |"
  224. .BR gre " |"
  225. .BR gretap " |"
  226. .BR gtp " |"
  227. .BR hsr " | "
  228. .BR ifb " | "
  229. .BR ip6erspan " |"
  230. .BR ip6gre " |"
  231. .BR ip6gretap " |"
  232. .BR ip6tnl " |"
  233. .BR ipip " |"
  234. .BR ipoib " |"
  235. .BR ipvlan " |"
  236. .BR ipvtap " |"
  237. .BR lowpan " |"
  238. .BR macsec " |"
  239. .BR macvlan " | "
  240. .BR macvtap " | "
  241. .BR netdevsim " |"
  242. .BR netkit " |"
  243. .BR nlmon " |"
  244. .BR rmnet " |"
  245. .BR sit " |"
  246. .BR vcan " | "
  247. .BR veth " | "
  248. .BR virt_wifi " |"
  249. .BR vlan " | "
  250. .BR vrf " |"
  251. .BR vti " |"
  252. .BR vxcan " | "
  253. .BR vxlan " |"
  254. .BR xfrm " ]"
  255. .ti -8
  256. .IR ETYPE " := [ " TYPE " |"
  257. .BR bridge_slave " | " bond_slave " ]"
  258. .ti -8
  259. .IR VFVLAN-LIST " := [ " VFVLAN-LIST " ] " VFVLAN
  260. .ti -8
  261. .IR VFVLAN " := "
  262. .RB "[ " vlan
  263. .IR VLANID " [ "
  264. .B qos
  265. .IR VLAN-QOS " ] ["
  266. .B proto
  267. .IR VLAN-PROTO " ] ]"
  268. .in -8
  269. .ti -8
  270. .BI "ip link property add dev " DEVICE
  271. .RB "[ " altname
  272. .IR NAME " .. ]"
  273. .ti -8
  274. .BI "ip link property del dev " DEVICE
  275. .RB "[ " altname
  276. .IR NAME " .. ]"
  277. .SH "DESCRIPTION"
  278. .SS ip link add - add virtual link
  279. .TP
  280. .BI link " DEVICE "
  281. specifies the physical device to act operate on.
  282. .I NAME
  283. specifies the name of the new virtual device.
  284. .I TYPE
  285. specifies the type of the new device.
  286. .sp
  287. Link types:
  288. .in +8
  289. .BR amt
  290. - Automatic Multicast Tunneling (AMT)
  291. .sp
  292. .BR bareudp
  293. - Bare UDP L3 encapsulation support
  294. .sp
  295. .B bond
  296. - Bonding device
  297. .sp
  298. .B bridge
  299. - Ethernet Bridge device
  300. .sp
  301. .B can
  302. - Controller Area Network
  303. .sp
  304. .B dsa
  305. - Distributed Switch Architecture
  306. .sp
  307. .B dummy
  308. - Dummy network interface
  309. .sp
  310. .BR erspan
  311. - Encapsulated Remote SPAN over GRE and IPv4
  312. .sp
  313. .B geneve
  314. - GEneric NEtwork Virtualization Encapsulation
  315. .sp
  316. .B gre
  317. - Virtual tunnel interface GRE over IPv4
  318. .sp
  319. .BR gretap
  320. - Virtual L2 tunnel interface GRE over IPv4
  321. .sp
  322. .BR gtp
  323. - GPRS Tunneling Protocol
  324. .sp
  325. .B hsr
  326. - High-availability Seamless Redundancy device
  327. .sp
  328. .B ifb
  329. - Intermediate Functional Block device
  330. .sp
  331. .BR ip6erspan
  332. - Encapsulated Remote SPAN over GRE and IPv6
  333. .sp
  334. .BR ip6gre
  335. - Virtual tunnel interface GRE over IPv6
  336. .sp
  337. .BR ip6gretap
  338. - Virtual L2 tunnel interface GRE over IPv6
  339. .sp
  340. .BR ip6tnl
  341. - Virtual tunnel interface IPv4|IPv6 over IPv6
  342. .sp
  343. .BR ipip
  344. - Virtual tunnel interface IPv4 over IPv4
  345. .sp
  346. .B ipoib
  347. - IP over Infiniband device
  348. .sp
  349. .BR ipvlan
  350. - Interface for L3 (IPv6/IPv4) based VLANs
  351. .sp
  352. .BR ipvtap
  353. - Interface for L3 (IPv6/IPv4) based VLANs and TAP
  354. .sp
  355. .BR lowpan
  356. - Interface for 6LoWPAN (IPv6) over IEEE 802.15.4 / Bluetooth
  357. .sp
  358. .BR macsec
  359. - Interface for IEEE 802.1AE MAC Security (MACsec)
  360. .sp
  361. .B macvlan
  362. - Virtual interface base on link layer address (MAC)
  363. .sp
  364. .B macvtap
  365. - Virtual interface based on link layer address (MAC) and TAP.
  366. .sp
  367. .BR netdevsim
  368. - Interface for netdev API tests
  369. .sp
  370. .BR netkit
  371. - BPF-programmable network device
  372. .sp
  373. .BR nlmon
  374. - Netlink monitoring device
  375. .sp
  376. .BR rmnet
  377. - Qualcomm rmnet device
  378. .sp
  379. .BR sit
  380. - Virtual tunnel interface IPv6 over IPv4
  381. .sp
  382. .B vcan
  383. - Virtual Controller Area Network interface
  384. .sp
  385. .B veth
  386. - Virtual ethernet interface
  387. .sp
  388. .BR virt_wifi
  389. - rtnetlink wifi simulation device
  390. .sp
  391. .BR vlan
  392. - 802.1q tagged virtual LAN interface
  393. .sp
  394. .BR vrf
  395. - Interface for L3 VRF domains
  396. .sp
  397. .BR vti
  398. - Virtual tunnel interface
  399. .sp
  400. .B vxcan
  401. - Virtual Controller Area Network tunnel interface
  402. .sp
  403. .BR vxlan
  404. - Virtual eXtended LAN
  405. .sp
  406. .BR xfrm
  407. - Virtual xfrm interface
  408. .sp
  409. .in -8
  410. .TP
  411. .BI numtxqueues " QUEUE_COUNT "
  412. specifies the number of transmit queues for new device.
  413. .TP
  414. .BI numrxqueues " QUEUE_COUNT "
  415. specifies the number of receive queues for new device.
  416. .TP
  417. .BI gso_max_size " BYTES "
  418. specifies the recommended maximum size of a Generic Segment Offload
  419. packet the new device should accept. This is also used to enable BIG
  420. TCP for IPv6 on this device when the size is greater than 65536.
  421. .TP
  422. .BI gso_ipv4_max_size " BYTES "
  423. specifies the recommended maximum size of a IPv4 Generic Segment Offload
  424. packet the new device should accept. This is especially used to enable
  425. BIG TCP for IPv4 on this device by setting to a size greater than 65536.
  426. Note that
  427. .B gso_max_size
  428. needs to be set to a size greater than or equal to
  429. .B gso_ipv4_max_size
  430. to really enable BIG TCP for IPv4.
  431. .TP
  432. .BI gso_max_segs " SEGMENTS "
  433. specifies the recommended maximum number of a Generic Segment Offload
  434. segments the new device should accept.
  435. .TP
  436. .BI gro_max_size " BYTES "
  437. specifies the maximum size of a packet built by GRO stack on this
  438. device. This is also used for BIG TCP to allow the size of a
  439. merged IPv6 GSO packet on this device greater than 65536.
  440. .TP
  441. .BI gro_ipv4_max_size " BYTES "
  442. specifies the maximum size of a IPv4 packet built by GRO stack on this
  443. device. This is especially used for BIG TCP to allow the size of a
  444. merged IPv4 GSO packet on this device greater than 65536.
  445. .TP
  446. .BI index " IDX "
  447. specifies the desired index of the new virtual device. The link
  448. creation fails, if the index is busy.
  449. .TP
  450. .B netns
  451. .RI "{ " PID " | " NETNSNAME " | " NETNSFILE " }"
  452. .br
  453. create the device in the network namespace associated with process
  454. .IR "PID " or
  455. the name
  456. .IR "NETNSNAME " or
  457. the file
  458. .IR "NETNSFILE".
  459. .TP
  460. VLAN Type Support
  461. For a link of type
  462. .I VLAN
  463. the following additional arguments are supported:
  464. .BI "ip link add
  465. .BI link " DEVICE "
  466. .BI name " NAME "
  467. .B "type vlan"
  468. [
  469. .BI protocol " VLAN_PROTO "
  470. ]
  471. .BI id " VLANID "
  472. [
  473. .BR reorder_hdr " { " on " | " off " } "
  474. ]
  475. [
  476. .BR gvrp " { " on " | " off " } "
  477. ]
  478. [
  479. .BR mvrp " { " on " | " off " } "
  480. ]
  481. [
  482. .BR loose_binding " { " on " | " off " } "
  483. ]
  484. [
  485. .BR bridge_binding " { " on " | " off " } "
  486. ]
  487. [
  488. .BI ingress-qos-map " QOS-MAP "
  489. ]
  490. [
  491. .BI egress-qos-map " QOS-MAP "
  492. ]
  493. .in +8
  494. .sp
  495. .BI protocol " VLAN_PROTO "
  496. - either 802.1Q or 802.1ad.
  497. .BI id " VLANID "
  498. - specifies the VLAN Identifier to use. Note that numbers with a leading " 0 " or " 0x " are interpreted as octal or hexadecimal, respectively.
  499. .BR reorder_hdr " { " on " | " off " } "
  500. - specifies whether ethernet headers are reordered or not (default is
  501. .BR on ")."
  502. .in +4
  503. If
  504. .BR reorder_hdr " is " on
  505. then VLAN header will be not inserted immediately but only before
  506. passing to the physical device (if this device does not support VLAN
  507. offloading), the similar on the RX direction - by default the packet
  508. will be untagged before being received by VLAN device. Reordering
  509. allows one to accelerate tagging on egress and to hide VLAN header on
  510. ingress so the packet looks like regular Ethernet packet, at the same
  511. time it might be confusing for packet capture as the VLAN header does
  512. not exist within the packet.
  513. VLAN offloading can be checked by
  514. .BR ethtool "(8):"
  515. .in +4
  516. .sp
  517. .B ethtool -k
  518. <phy_dev> |
  519. .RB grep " tx-vlan-offload"
  520. .sp
  521. .in -4
  522. where <phy_dev> is the physical device to which VLAN device is bound.
  523. .in -4
  524. .BR gvrp " { " on " | " off " } "
  525. - specifies whether this VLAN should be registered using GARP VLAN
  526. Registration Protocol.
  527. .BR mvrp " { " on " | " off " } "
  528. - specifies whether this VLAN should be registered using Multiple VLAN
  529. Registration Protocol.
  530. .BR loose_binding " { " on " | " off " } "
  531. - specifies whether the VLAN device state is bound to the physical device state.
  532. .BR bridge_binding " { " on " | " off " } "
  533. - specifies whether the VLAN device link state tracks the state of bridge ports
  534. that are members of the VLAN.
  535. .BI ingress-qos-map " QOS-MAP "
  536. - defines a mapping of VLAN header prio field to the Linux internal packet
  537. priority on incoming frames. The format is FROM:TO with multiple mappings
  538. separated by spaces.
  539. .BI egress-qos-map " QOS-MAP "
  540. - defines a mapping of Linux internal packet priority to VLAN header prio field
  541. but for outgoing frames. The format is the same as for ingress-qos-map.
  542. .in +4
  543. Linux packet priority can be set by
  544. .BR iptables "(8)":
  545. .in +4
  546. .sp
  547. .B iptables
  548. -t mangle -A POSTROUTING [...] -j CLASSIFY --set-class 0:4
  549. .sp
  550. .in -4
  551. and this "4" priority can be used in the egress qos mapping to set
  552. VLAN prio "5":
  553. .sp
  554. .in +4
  555. .B ip
  556. link set veth0.10 type vlan egress 4:5
  557. .in -4
  558. .in -4
  559. .in -8
  560. .TP
  561. VXLAN Type Support
  562. For a link of type
  563. .I VXLAN
  564. the following additional arguments are supported:
  565. .BI "ip link add " DEVICE
  566. .BI type " vxlan " id " VNI"
  567. [
  568. .BI dev " PHYS_DEV "
  569. .RB " ] [ { " group " | " remote " } "
  570. .I IPADDR
  571. ] [
  572. .B local
  573. .RI "{ "IPADDR " | "any " } "
  574. ] [
  575. .BI ttl " TTL "
  576. ] [
  577. .BI tos " TOS "
  578. ] [
  579. .BI df " DF "
  580. ] [
  581. .BI flowlabel " FLOWLABEL "
  582. ] [
  583. .BI dstport " PORT "
  584. ] [
  585. .BI srcport " MIN MAX "
  586. ] [
  587. .RB [ no ] learning
  588. ] [
  589. .RB [ no ] proxy
  590. ] [
  591. .RB [ no ] rsc
  592. ] [
  593. .RB [ no ] l2miss
  594. ] [
  595. .RB [ no ] l3miss
  596. ] [
  597. .RB [ no ] udpcsum
  598. ] [
  599. .RB [ no ] udp6zerocsumtx
  600. ] [
  601. .RB [ no ] udp6zerocsumrx
  602. ] [
  603. .RB [ no ] localbypass
  604. ] [
  605. .BI ageing " SECONDS "
  606. ] [
  607. .BI maxaddress " NUMBER "
  608. ] [
  609. .RB [ no ] external
  610. ] [
  611. .B gbp
  612. ] [
  613. .B gpe
  614. ] [
  615. .RB [ no ] vnifilter
  616. ]
  617. .in +8
  618. .sp
  619. .BI id " VNI "
  620. - specifies the VXLAN Network Identifier (or VXLAN Segment
  621. Identifier) to use.
  622. .BI dev " PHYS_DEV"
  623. - specifies the physical device to use for tunnel endpoint communication.
  624. .sp
  625. .BI group " IPADDR"
  626. - specifies the multicast IP address to join.
  627. This parameter cannot be specified with the
  628. .B remote
  629. parameter.
  630. .sp
  631. .BI remote " IPADDR"
  632. - specifies the unicast destination IP address to use in outgoing packets
  633. when the destination link layer address is not known in the VXLAN device
  634. forwarding database. This parameter cannot be specified with the
  635. .B group
  636. parameter.
  637. .sp
  638. .BI local " IPADDR"
  639. - specifies the source IP address to use in outgoing packets.
  640. .sp
  641. .BI ttl " TTL"
  642. - specifies the TTL value to use in outgoing packets.
  643. .sp
  644. .BI tos " TOS"
  645. - specifies the TOS value to use in outgoing packets.
  646. .sp
  647. .BI df " DF"
  648. - specifies the usage of the Don't Fragment flag (DF) bit in outgoing packets
  649. with IPv4 headers. The value
  650. .B inherit
  651. causes the bit to be copied from the original IP header. The values
  652. .B unset
  653. and
  654. .B set
  655. cause the bit to be always unset or always set, respectively. By default, the
  656. bit is not set.
  657. .sp
  658. .BI flowlabel " FLOWLABEL"
  659. - specifies the flow label to use in outgoing packets.
  660. .sp
  661. .BI dstport " PORT"
  662. - specifies the UDP destination port to communicate to the remote
  663. VXLAN tunnel endpoint.
  664. .sp
  665. .BI srcport " MIN MAX"
  666. - specifies the range of port numbers to use as UDP
  667. source ports to communicate to the remote VXLAN tunnel endpoint.
  668. .sp
  669. .RB [ no ] learning
  670. - specifies if unknown source link layer addresses and IP addresses
  671. are entered into the VXLAN device forwarding database.
  672. .sp
  673. .RB [ no ] rsc
  674. - specifies if route short circuit is turned on.
  675. .sp
  676. .RB [ no ] proxy
  677. - specifies ARP proxy is turned on.
  678. .sp
  679. .RB [ no ] l2miss
  680. - specifies if netlink LLADDR miss notifications are generated.
  681. .sp
  682. .RB [ no ] l3miss
  683. - specifies if netlink IP ADDR miss notifications are generated.
  684. .sp
  685. .RB [ no ] udpcsum
  686. - specifies if UDP checksum is calculated for transmitted packets over IPv4.
  687. .sp
  688. .RB [ no ] udp6zerocsumtx
  689. - skip UDP checksum calculation for transmitted packets over IPv6.
  690. .sp
  691. .RB [ no ] udp6zerocsumrx
  692. - allow incoming UDP packets over IPv6 with zero checksum field.
  693. .sp
  694. .RB [ no ] localbypass
  695. - if FDB destination is local, with nolocalbypass set, forward encapsulated
  696. packets to the userspace network stack. If there is a userspace process
  697. listening for these packets, it will have a chance to process them. If
  698. localbypass is active (default), bypass the kernel network stack and
  699. inject the packets into the target VXLAN device, assuming one exists.
  700. .sp
  701. .BI ageing " SECONDS"
  702. - specifies the lifetime in seconds of FDB entries learnt by the kernel.
  703. .sp
  704. .BI maxaddress " NUMBER"
  705. - specifies the maximum number of FDB entries.
  706. .sp
  707. .RB [ no ] external
  708. - specifies whether an external control plane
  709. .RB "(e.g. " "ip route encap" )
  710. or the internal FDB should be used.
  711. .sp
  712. .RB [ no ] vnifilter
  713. - specifies whether the vxlan device is capable of vni filtering. Only works with a vxlan
  714. device with external flag set. once enabled, bridge vni command is used to manage the
  715. vni filtering table on the device. The device can only receive packets with vni's configured
  716. in the vni filtering table.
  717. .sp
  718. .B gbp
  719. - enables the Group Policy extension (VXLAN-GBP).
  720. .in +4
  721. Allows one to transport group policy context across VXLAN network peers.
  722. If enabled, includes the mark of a packet in the VXLAN header for outgoing
  723. packets and fills the packet mark based on the information found in the
  724. VXLAN header for incoming packets.
  725. Format of upper 16 bits of packet mark (flags);
  726. .in +2
  727. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  728. .br
  729. |-|-|-|-|-|-|-|-|-|D|-|-|A|-|-|-|
  730. .br
  731. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  732. .B D :=
  733. Don't Learn bit. When set, this bit indicates that the egress
  734. VTEP MUST NOT learn the source address of the encapsulated frame.
  735. .B A :=
  736. Indicates that the group policy has already been applied to
  737. this packet. Policies MUST NOT be applied by devices when the A bit is set.
  738. .in -2
  739. Format of lower 16 bits of packet mark (policy ID):
  740. .in +2
  741. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  742. .br
  743. | Group Policy ID |
  744. .br
  745. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  746. .in -2
  747. Example:
  748. iptables -A OUTPUT [...] -j MARK --set-mark 0x800FF
  749. .in -4
  750. .sp
  751. .B gpe
  752. - enables the Generic Protocol extension (VXLAN-GPE). Currently, this is
  753. only supported together with the
  754. .B external
  755. keyword.
  756. .in -8
  757. .TP
  758. VETH, VXCAN Type Support
  759. For a link of types
  760. .I VETH/VXCAN
  761. the following additional arguments are supported:
  762. .BI "ip link add " DEVICE
  763. .BR type " { " veth " | " vxcan " }"
  764. [
  765. .BR peer
  766. .BI "name " NAME
  767. ]
  768. .in +8
  769. .sp
  770. .BR peer
  771. .BI "name " NAME
  772. - specifies the virtual pair device name of the
  773. .I VETH/VXCAN
  774. tunnel.
  775. .in -8
  776. .TP
  777. netkit Type Support
  778. For a link of type
  779. .I netkit
  780. the following additional arguments are supported:
  781. .BI "ip link add " DEVICE
  782. .BR type " netkit "
  783. [
  784. .BI mode " MODE "
  785. ] [
  786. .I "POLICY "
  787. ] [
  788. .BR peer
  789. [
  790. .I "POLICY "
  791. ] [
  792. .I "NAME "
  793. ] ]
  794. .in +8
  795. .sp
  796. .BI mode " MODE"
  797. - specifies the operation mode of the netkit device with "l3" and "l2"
  798. as possible values. Default option is "l3".
  799. .sp
  800. .I "POLICY"
  801. - specifies the default device policy when no BPF programs are attached
  802. with "forward" and "blackhole" as possible values. Default option is
  803. "forward". Specifying policy before the peer option refers to the primary
  804. device, after the peer option refers to the peer device.
  805. .sp
  806. .I "NAME"
  807. - specifies the device name of the peer device.
  808. .in -8
  809. .TP
  810. IPIP, SIT Type Support
  811. For a link of type
  812. .IR IPIP or SIT
  813. the following additional arguments are supported:
  814. .BI "ip link add " DEVICE
  815. .BR type " { " ipip " | " sit " }"
  816. .BI " remote " ADDR " local " ADDR
  817. [
  818. .BR encap " { " fou " | " gue " | " none " }"
  819. ] [
  820. .BR encap-sport " { " \fIPORT " | " auto " }"
  821. ] [
  822. .BI "encap-dport " PORT
  823. ] [
  824. .RB [ no ] encap-csum
  825. ] [
  826. .I " [no]encap-remcsum "
  827. ] [
  828. .I " mode " { ip6ip | ipip | mplsip | any } "
  829. ] [
  830. .BR external
  831. ]
  832. .in +8
  833. .sp
  834. .BI remote " ADDR "
  835. - specifies the remote address of the tunnel.
  836. .sp
  837. .BI local " ADDR "
  838. - specifies the fixed local address for tunneled packets.
  839. It must be an address on another interface on this host.
  840. .sp
  841. .BR encap " { " fou " | " gue " | " none " }"
  842. - specifies type of secondary UDP encapsulation. "fou" indicates
  843. Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation.
  844. .sp
  845. .BR encap-sport " { " \fIPORT " | " auto " }"
  846. - specifies the source port in UDP encapsulation.
  847. .IR PORT
  848. indicates the port by number, "auto"
  849. indicates that the port number should be chosen automatically
  850. (the kernel picks a flow based on the flow hash of the
  851. encapsulated packet).
  852. .sp
  853. .RB [ no ] encap-csum
  854. - specifies if UDP checksums are enabled in the secondary
  855. encapsulation.
  856. .sp
  857. .RB [ no ] encap-remcsum
  858. - specifies if Remote Checksum Offload is enabled. This is only
  859. applicable for Generic UDP Encapsulation.
  860. .sp
  861. .BI mode " { ip6ip | ipip | mplsip | any } "
  862. - specifies mode in which device should run. "ip6ip" indicates
  863. IPv6-Over-IPv4, "ipip" indicates "IPv4-Over-IPv4", "mplsip" indicates
  864. MPLS-Over-IPv4, "any" indicates IPv6, IPv4 or MPLS Over IPv4. Supported for
  865. SIT where the default is "ip6ip" and IPIP where the default is "ipip".
  866. IPv6-Over-IPv4 is not supported for IPIP.
  867. .sp
  868. .BR external
  869. - make this tunnel externally controlled
  870. .RB "(e.g. " "ip route encap" ).
  871. .in -8
  872. .TP
  873. GRE Type Support
  874. For a link of type
  875. .IR GRE " or " GRETAP
  876. the following additional arguments are supported:
  877. .BI "ip link add " DEVICE
  878. .BR type " { " gre " | " gretap " }"
  879. .BI " remote " ADDR " local " ADDR
  880. [
  881. .RB [ no ] "" [ i | o ] seq
  882. ] [
  883. .RB [ i | o ] key
  884. .I KEY
  885. |
  886. .BR no [ i | o ] key
  887. ] [
  888. .RB [ no ] "" [ i | o ] csum
  889. ] [
  890. .BI ttl " TTL "
  891. ] [
  892. .BI tos " TOS "
  893. ] [
  894. .RB [ no ] pmtudisc
  895. ] [
  896. .RB [ no ] ignore-df
  897. ] [
  898. .BI dev " PHYS_DEV "
  899. ] [
  900. .BR encap " { " fou " | " gue " | " none " }"
  901. ] [
  902. .BR encap-sport " { " \fIPORT " | " auto " }"
  903. ] [
  904. .BI "encap-dport " PORT
  905. ] [
  906. .RB [ no ] encap-csum
  907. ] [
  908. .RB [ no ] encap-remcsum
  909. ] [
  910. .BR external
  911. ]
  912. .in +8
  913. .sp
  914. .BI remote " ADDR "
  915. - specifies the remote address of the tunnel.
  916. .sp
  917. .BI local " ADDR "
  918. - specifies the fixed local address for tunneled packets.
  919. It must be an address on another interface on this host.
  920. .sp
  921. .RB [ no ] "" [ i | o ] seq
  922. - serialize packets.
  923. The
  924. .B oseq
  925. flag enables sequencing of outgoing packets.
  926. The
  927. .B iseq
  928. flag requires that all input packets are serialized.
  929. .sp
  930. .RB [ i | o ] key
  931. .I KEY
  932. |
  933. .BR no [ i | o ] key
  934. - use keyed GRE with key
  935. .IR KEY ". "KEY
  936. is either a number or an IPv4 address-like dotted quad.
  937. The
  938. .B key
  939. parameter specifies the same key to use in both directions.
  940. The
  941. .BR ikey " and " okey
  942. parameters specify different keys for input and output.
  943. .sp
  944. .RB [ no ] "" [ i | o ] csum
  945. - generate/require checksums for tunneled packets.
  946. The
  947. .B ocsum
  948. flag calculates checksums for outgoing packets.
  949. The
  950. .B icsum
  951. flag requires that all input packets have the correct
  952. checksum. The
  953. .B csum
  954. flag is equivalent to the combination
  955. .B "icsum ocsum" .
  956. .sp
  957. .BI ttl " TTL"
  958. - specifies the TTL value to use in outgoing packets.
  959. .sp
  960. .BI tos " TOS"
  961. - specifies the TOS value to use in outgoing packets.
  962. .sp
  963. .RB [ no ] pmtudisc
  964. - enables/disables Path MTU Discovery on this tunnel.
  965. It is enabled by default. Note that a fixed ttl is incompatible
  966. with this option: tunneling with a fixed ttl always makes pmtu
  967. discovery.
  968. .sp
  969. .RB [ no ] ignore-df
  970. - enables/disables IPv4 DF suppression on this tunnel.
  971. Normally datagrams that exceed the MTU will be fragmented; the presence
  972. of the DF flag inhibits this, resulting instead in an ICMP Unreachable
  973. (Fragmentation Required) message. Enabling this attribute causes the
  974. DF flag to be ignored.
  975. .sp
  976. .BI dev " PHYS_DEV"
  977. - specifies the physical device to use for tunnel endpoint communication.
  978. .sp
  979. .BR encap " { " fou " | " gue " | " none " }"
  980. - specifies type of secondary UDP encapsulation. "fou" indicates
  981. Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation.
  982. .sp
  983. .BR encap-sport " { " \fIPORT " | " auto " }"
  984. - specifies the source port in UDP encapsulation.
  985. .IR PORT
  986. indicates the port by number, "auto"
  987. indicates that the port number should be chosen automatically
  988. (the kernel picks a flow based on the flow hash of the
  989. encapsulated packet).
  990. .sp
  991. .RB [ no ] encap-csum
  992. - specifies if UDP checksums are enabled in the secondary
  993. encapsulation.
  994. .sp
  995. .RB [ no ] encap-remcsum
  996. - specifies if Remote Checksum Offload is enabled. This is only
  997. applicable for Generic UDP Encapsulation.
  998. .sp
  999. .BR external
  1000. - make this tunnel externally controlled
  1001. .RB "(e.g. " "ip route encap" ).
  1002. .in -8
  1003. .TP
  1004. IP6GRE/IP6GRETAP Type Support
  1005. For a link of type
  1006. .I IP6GRE/IP6GRETAP
  1007. the following additional arguments are supported:
  1008. .BI "ip link add " DEVICE
  1009. .BR type " { " ip6gre " | " ip6gretap " }"
  1010. .BI remote " ADDR " local " ADDR"
  1011. [
  1012. .RB [ no ] "" [ i | o ] seq
  1013. ] [
  1014. .RB [ i | o ] key
  1015. .I KEY
  1016. |
  1017. .BR no [ i | o ] key
  1018. ] [
  1019. .RB [ no ] "" [ i | o ] csum
  1020. ] [
  1021. .BI hoplimit " TTL "
  1022. ] [
  1023. .BI encaplimit " ELIM "
  1024. ] [
  1025. .BI tclass " TCLASS "
  1026. ] [
  1027. .BI flowlabel " FLOWLABEL "
  1028. ] [
  1029. .BI "dscp inherit"
  1030. ] [
  1031. .BI "[no]allow-localremote"
  1032. ] [
  1033. .BI dev " PHYS_DEV "
  1034. ] [
  1035. .RB external
  1036. ]
  1037. .in +8
  1038. .sp
  1039. .BI remote " ADDR "
  1040. - specifies the remote IPv6 address of the tunnel.
  1041. .sp
  1042. .BI local " ADDR "
  1043. - specifies the fixed local IPv6 address for tunneled packets.
  1044. It must be an address on another interface on this host.
  1045. .sp
  1046. .RB [ no ] "" [ i | o ] seq
  1047. - serialize packets.
  1048. The
  1049. .B oseq
  1050. flag enables sequencing of outgoing packets.
  1051. The
  1052. .B iseq
  1053. flag requires that all input packets are serialized.
  1054. .sp
  1055. .RB [ i | o ] key
  1056. .I KEY
  1057. |
  1058. .BR no [ i | o ] key
  1059. - use keyed GRE with key
  1060. .IR KEY ". "KEY
  1061. is either a number or an IPv4 address-like dotted quad.
  1062. The
  1063. .B key
  1064. parameter specifies the same key to use in both directions.
  1065. The
  1066. .BR ikey " and " okey
  1067. parameters specify different keys for input and output.
  1068. .sp
  1069. .RB [ no ] "" [ i | o ] csum
  1070. - generate/require checksums for tunneled packets.
  1071. The
  1072. .B ocsum
  1073. flag calculates checksums for outgoing packets.
  1074. The
  1075. .B icsum
  1076. flag requires that all input packets have the correct
  1077. checksum. The
  1078. .B csum
  1079. flag is equivalent to the combination
  1080. .BR "icsum ocsum" .
  1081. .sp
  1082. .BI hoplimit " TTL"
  1083. - specifies Hop Limit value to use in outgoing packets.
  1084. .sp
  1085. .BI encaplimit " ELIM"
  1086. - specifies a fixed encapsulation limit. Default is 4.
  1087. .sp
  1088. .BI flowlabel " FLOWLABEL"
  1089. - specifies a fixed flowlabel.
  1090. .sp
  1091. .BI [no]allow-localremote
  1092. - specifies whether to allow remote endpoint to have an address configured on
  1093. local host.
  1094. .sp
  1095. .BI tclass " TCLASS"
  1096. - specifies the traffic class field on
  1097. tunneled packets, which can be specified as either a two-digit
  1098. hex value (e.g. c0) or a predefined string (e.g. internet).
  1099. The value
  1100. .B inherit
  1101. causes the field to be copied from the original IP header. The
  1102. values
  1103. .BI "inherit/" STRING
  1104. or
  1105. .BI "inherit/" 00 ".." ff
  1106. will set the field to
  1107. .I STRING
  1108. or
  1109. .IR 00 ".." ff
  1110. when tunneling non-IP packets. The default value is 00.
  1111. .sp
  1112. .RB external
  1113. - make this tunnel externally controlled (or not, which is the default).
  1114. In the kernel, this is referred to as collect metadata mode. This flag is
  1115. mutually exclusive with the
  1116. .BR remote ,
  1117. .BR local ,
  1118. .BR seq ,
  1119. .BR key,
  1120. .BR csum,
  1121. .BR hoplimit,
  1122. .BR encaplimit,
  1123. .BR flowlabel " and " tclass
  1124. options.
  1125. .in -8
  1126. .TP
  1127. IPoIB Type Support
  1128. For a link of type
  1129. .I IPoIB
  1130. the following additional arguments are supported:
  1131. .BI "ip link add " DEVICE " name " NAME
  1132. .BR "type ipoib " [ " pkey \fIPKEY" " ] [ " mode " \fIMODE \fR]"
  1133. .in +8
  1134. .sp
  1135. .BI pkey " PKEY "
  1136. - specifies the IB P-Key to use.
  1137. .BI mode " MODE "
  1138. - specifies the mode (datagram or connected) to use.
  1139. .TP
  1140. ERSPAN Type Support
  1141. For a link of type
  1142. .I ERSPAN/IP6ERSPAN
  1143. the following additional arguments are supported:
  1144. .BI "ip link add " DEVICE
  1145. .BR type " { " erspan " | " ip6erspan " }"
  1146. .BI remote " ADDR " local " ADDR " seq
  1147. .RB key
  1148. .I KEY
  1149. .BR erspan_ver " \fIversion "
  1150. [
  1151. .BR erspan " \fIIDX "
  1152. ] [
  1153. .BR erspan_dir " { " \fIingress " | " \fIegress " }"
  1154. ] [
  1155. .BR erspan_hwid " \fIhwid "
  1156. ] [
  1157. .BI "[no]allow-localremote"
  1158. ] [
  1159. .RB external
  1160. ]
  1161. .in +8
  1162. .sp
  1163. .BI remote " ADDR "
  1164. - specifies the remote address of the tunnel.
  1165. .sp
  1166. .BI local " ADDR "
  1167. - specifies the fixed local address for tunneled packets.
  1168. It must be an address on another interface on this host.
  1169. .sp
  1170. .BR erspan_ver " \fIversion "
  1171. - specifies the ERSPAN version number.
  1172. .IR version
  1173. indicates the ERSPAN version to be created: 0 for version 0 type I,
  1174. 1 for version 1 (type II) or 2 for version 2 (type III).
  1175. .sp
  1176. .BR erspan " \fIIDX "
  1177. - specifies the ERSPAN v1 index field.
  1178. .IR IDX
  1179. indicates a 20 bit index/port number associated with the ERSPAN
  1180. traffic's source port and direction.
  1181. .sp
  1182. .BR erspan_dir " { " \fIingress " | " \fIegress " }"
  1183. - specifies the ERSPAN v2 mirrored traffic's direction.
  1184. .sp
  1185. .BR erspan_hwid " \fIhwid "
  1186. - an unique identifier of an ERSPAN v2 engine within a system.
  1187. .IR hwid
  1188. is a 6-bit value for users to configure.
  1189. .sp
  1190. .BI [no]allow-localremote
  1191. - specifies whether to allow remote endpoint to have an address configured on
  1192. local host.
  1193. .sp
  1194. .BR external
  1195. - make this tunnel externally controlled (or not, which is the default).
  1196. In the kernel, this is referred to as collect metadata mode. This flag is
  1197. mutually exclusive with the
  1198. .BR remote ,
  1199. .BR local ,
  1200. .BR erspan_ver ,
  1201. .BR erspan ,
  1202. .BR erspan_dir " and " erspan_hwid
  1203. options.
  1204. .in -8
  1205. .TP
  1206. GENEVE Type Support
  1207. For a link of type
  1208. .I GENEVE
  1209. the following additional arguments are supported:
  1210. .BI "ip link add " DEVICE
  1211. .BI type " geneve " id " VNI " remote " IPADDR"
  1212. [
  1213. .BI ttl " TTL "
  1214. ] [
  1215. .BI tos " TOS "
  1216. ] [
  1217. .BI df " DF "
  1218. ] [
  1219. .BI flowlabel " FLOWLABEL "
  1220. ] [
  1221. .BI dstport " PORT"
  1222. ] [
  1223. .RB [ no ] external
  1224. ] [
  1225. .RB [ no ] udpcsum
  1226. ] [
  1227. .RB [ no ] udp6zerocsumtx
  1228. ] [
  1229. .RB [ no ] udp6zerocsumrx
  1230. ] [
  1231. .B innerprotoinherit
  1232. ]
  1233. .in +8
  1234. .sp
  1235. .BI id " VNI "
  1236. - specifies the Virtual Network Identifier to use.
  1237. .sp
  1238. .BI remote " IPADDR"
  1239. - specifies the unicast destination IP address to use in outgoing packets.
  1240. .sp
  1241. .BI ttl " TTL"
  1242. - specifies the TTL value to use in outgoing packets. "0" or "auto" means
  1243. use whatever default value, "inherit" means inherit the inner protocol's
  1244. ttl. Default option is "0".
  1245. .sp
  1246. .BI tos " TOS"
  1247. - specifies the TOS value to use in outgoing packets.
  1248. .sp
  1249. .BI df " DF"
  1250. - specifies the usage of the Don't Fragment flag (DF) bit in outgoing packets
  1251. with IPv4 headers. The value
  1252. .B inherit
  1253. causes the bit to be copied from the original IP header. The values
  1254. .B unset
  1255. and
  1256. .B set
  1257. cause the bit to be always unset or always set, respectively. By default, the
  1258. bit is not set.
  1259. .sp
  1260. .BI flowlabel " FLOWLABEL"
  1261. - specifies the flow label to use in outgoing packets.
  1262. .sp
  1263. .BI dstport " PORT"
  1264. - select a destination port other than the default of 6081.
  1265. .sp
  1266. .RB [ no ] external
  1267. - make this tunnel externally controlled (or not, which is the default). This
  1268. flag is mutually exclusive with the
  1269. .BR id ,
  1270. .BR remote ,
  1271. .BR ttl ,
  1272. .BR tos " and " flowlabel
  1273. options.
  1274. .sp
  1275. .RB [ no ] udpcsum
  1276. - specifies if UDP checksum is calculated for transmitted packets over IPv4.
  1277. .sp
  1278. .RB [ no ] udp6zerocsumtx
  1279. - skip UDP checksum calculation for transmitted packets over IPv6.
  1280. .sp
  1281. .RB [ no ] udp6zerocsumrx
  1282. - allow incoming UDP packets over IPv6 with zero checksum field.
  1283. .sp
  1284. .B innerprotoinherit
  1285. - use IPv4/IPv6 as inner protocol instead of Ethernet.
  1286. .in -8
  1287. .TP
  1288. Bareudp Type Support
  1289. For a link of type
  1290. .I Bareudp
  1291. the following additional arguments are supported:
  1292. .BI "ip link add " DEVICE
  1293. .BI type " bareudp " dstport " PORT " ethertype " PROTO"
  1294. [
  1295. .BI srcportmin " PORT "
  1296. ] [
  1297. .RB [ no ] multiproto
  1298. ]
  1299. .in +8
  1300. .sp
  1301. .BI dstport " PORT"
  1302. - specifies the destination port for the UDP tunnel.
  1303. .sp
  1304. .BI ethertype " PROTO"
  1305. - specifies the ethertype of the L3 protocol being tunnelled.
  1306. .B ethertype
  1307. can be given as plain Ethernet protocol number or using the protocol name
  1308. ("ipv4", "ipv6", "mpls_uc", etc.).
  1309. .sp
  1310. .BI srcportmin " PORT"
  1311. - selects the lowest value of the UDP tunnel source port range.
  1312. .sp
  1313. .RB [ no ] multiproto
  1314. - activates support for protocols similar to the one
  1315. .RB "specified by " ethertype .
  1316. When
  1317. .B ethertype
  1318. is "mpls_uc" (that is, unicast MPLS), this allows the tunnel to also handle
  1319. multicast MPLS.
  1320. When
  1321. .B ethertype
  1322. is "ipv4", this allows the tunnel to also handle IPv6. This option is disabled
  1323. by default.
  1324. .TP
  1325. AMT Type Support
  1326. For a link of type
  1327. .I AMT
  1328. the following additional arguments are supported:
  1329. .BI "ip link add " DEVICE
  1330. .BI type " AMT " discovery " IPADDR " mode " { " gateway " | " relay " } "
  1331. .BI local " IPADDR " dev " PHYS_DEV " [
  1332. .BI relay_port " PORT " ]
  1333. [
  1334. .BI gateway_port " PORT " ]
  1335. [
  1336. .BI max_tunnels " NUMBER "
  1337. ]
  1338. .in +8
  1339. .sp
  1340. .BI discovery " IPADDR"
  1341. - specifies the unicast discovery IP address to use to find remote IP address.
  1342. .BR mode " { " gateway " | " relay " } "
  1343. - specifies the role of AMT, Gateway or Relay
  1344. .BI local " IPADDR "
  1345. - specifies the source IP address to use in outgoing packets.
  1346. .BI dev " PHYS_DEV "
  1347. - specifies the underlying physical interface from which transform traffic
  1348. is sent and received.
  1349. .BI relay_port " PORT "
  1350. - specifies the UDP Relay port to communicate to the Relay.
  1351. .BI gateway_port " PORT "
  1352. - specifies the UDP Gateway port to communicate to the Gateway.
  1353. .BI max_tunnels " NUMBER "
  1354. - specifies the maximum number of tunnels.
  1355. .in -8
  1356. .TP
  1357. MACVLAN and MACVTAP Type Support
  1358. For a link of type
  1359. .I MACVLAN
  1360. or
  1361. .I MACVTAP
  1362. the following additional arguments are supported:
  1363. .BI "ip link add link " DEVICE " name " NAME
  1364. .BR type " { " macvlan " | " macvtap " } "
  1365. .BR mode " { " private " | " vepa " | " bridge " | " passthru
  1366. .RB " [ " nopromisc " ] | " source " [ " nodst " ] } "
  1367. .RB " [ " bcqueuelen " { " LENGTH " } ] "
  1368. .RB " [ " bclim " " LIMIT " ] "
  1369. .in +8
  1370. .sp
  1371. .BR type " { " macvlan " | " macvtap " } "
  1372. - specifies the link type to use.
  1373. .BR macvlan " creates just a virtual interface, while "
  1374. .BR macvtap " in addition creates a character device "
  1375. .BR /dev/tapX " to be used just like a " tuntap " device."
  1376. .B mode private
  1377. - Do not allow communication between
  1378. .B macvlan
  1379. instances on the same physical interface, even if the external switch supports
  1380. hairpin mode.
  1381. .B mode vepa
  1382. - Virtual Ethernet Port Aggregator mode. Data from one
  1383. .B macvlan
  1384. instance to the other on the same physical interface is transmitted over the
  1385. physical interface. Either the attached switch needs to support hairpin mode,
  1386. or there must be a TCP/IP router forwarding the packets in order to allow
  1387. communication. This is the default mode.
  1388. .B mode bridge
  1389. - In bridge mode, all endpoints are directly connected to each other,
  1390. communication is not redirected through the physical interface's peer.
  1391. .BR mode " " passthru " [ " nopromisc " ] "
  1392. - This mode gives more power to a single endpoint, usually in
  1393. .BR macvtap " mode. It is not allowed for more than one endpoint on the same "
  1394. physical interface. All traffic will be forwarded to this endpoint, allowing
  1395. virtio guests to change MAC address or set promiscuous mode in order to bridge
  1396. the interface or create vlan interfaces on top of it. By default, this mode
  1397. forces the underlying interface into promiscuous mode. Passing the
  1398. .BR nopromisc " flag prevents this, so the promisc flag may be controlled "
  1399. using standard tools.
  1400. .BR mode " " source " [ " nodst " ] "
  1401. - allows one to set a list of allowed mac address, which is used to match
  1402. against source mac address from received frames on underlying interface. This
  1403. allows creating mac based VLAN associations, instead of standard port or tag
  1404. based. The feature is useful to deploy 802.1x mac based behavior,
  1405. where drivers of underlying interfaces doesn't allows that. By default, packets
  1406. are also considered (duplicated) for destination-based MACVLAN. Passing the
  1407. .BR nodst " flag stops matching packets from also going through the "
  1408. destination-based flow.
  1409. .BR bcqueuelen " { " LENGTH " } "
  1410. - Set the length of the RX queue used to process broadcast and multicast packets.
  1411. .BR LENGTH " must be a positive integer in the range [0-4294967295]."
  1412. Setting a length of 0 will effectively drop all broadcast/multicast traffic.
  1413. If not specified the macvlan driver default (1000) is used.
  1414. Note that all macvlans that share the same underlying device are using the same
  1415. .RB "queue. The parameter here is a " request ", the actual queue length used"
  1416. will be the maximum length that any macvlan interface has requested.
  1417. When listing device parameters both the bcqueuelen parameter
  1418. as well as the actual used bcqueuelen are listed to better help
  1419. the user understand the setting.
  1420. .BR bclim " " LIMIT
  1421. - Set the threshold for broadcast queueing.
  1422. .BR LIMIT " must be a 32-bit integer."
  1423. Setting this to -1 disables broadcast queueing altogether. Otherwise
  1424. a multicast address will be queued as broadcast if the number of devices
  1425. using it is greater than the given value.
  1426. .in -8
  1427. .TP
  1428. High-availability Seamless Redundancy (HSR) Support
  1429. For a link of type
  1430. .I HSR
  1431. the following additional arguments are supported:
  1432. .BI "ip link add link " DEVICE " name " NAME " type hsr"
  1433. .BI slave1 " SLAVE1-IF " slave2 " SLAVE2-IF "
  1434. .RB [ " supervision"
  1435. .IR ADDR-BYTE " ] ["
  1436. .BR version " { " 0 " | " 1 " } ["
  1437. .BR proto " { " 0 " | " 1 " } ]"
  1438. .in +8
  1439. .sp
  1440. .BR type " hsr "
  1441. - specifies the link type to use, here HSR.
  1442. .BI slave1 " SLAVE1-IF "
  1443. - Specifies the physical device used for the first of the two ring ports.
  1444. .BI slave2 " SLAVE2-IF "
  1445. - Specifies the physical device used for the second of the two ring ports.
  1446. .BI supervision " ADDR-BYTE"
  1447. - The last byte of the multicast address used for HSR supervision frames.
  1448. Default option is "0", possible values 0-255.
  1449. .BR version " { " 0 " | " 1 " }"
  1450. - Selects the protocol version of the interface. Default option is "0", which
  1451. corresponds to the 2010 version of the HSR standard. Option "1" activates the
  1452. 2012 version.
  1453. .BR proto " { " 0 " | " 1 " }"
  1454. - Selects the protocol at the interface. Default option is "0", which
  1455. corresponds to the HSR standard. Option "1" activates the Parallel
  1456. Redundancy Protocol (PRP).
  1457. .
  1458. .in -8
  1459. .TP
  1460. BRIDGE Type Support
  1461. For a link of type
  1462. .I BRIDGE
  1463. the following additional arguments are supported:
  1464. .BI "ip link add " DEVICE " type bridge "
  1465. [
  1466. .BI ageing_time " AGEING_TIME "
  1467. ] [
  1468. .BI group_fwd_mask " MASK "
  1469. ] [
  1470. .BI group_address " ADDRESS "
  1471. ] [
  1472. .BI forward_delay " FORWARD_DELAY "
  1473. ] [
  1474. .BI hello_time " HELLO_TIME "
  1475. ] [
  1476. .BI max_age " MAX_AGE "
  1477. ] [
  1478. .BI stp_state " STP_STATE "
  1479. ] [
  1480. .BI priority " PRIORITY "
  1481. ] [
  1482. .BI no_linklocal_learn " NO_LINKLOCAL_LEARN "
  1483. ] [
  1484. .BI fdb_max_learned " FDB_MAX_LEARNED "
  1485. ] [
  1486. .BI vlan_filtering " VLAN_FILTERING "
  1487. ] [
  1488. .BI vlan_protocol " VLAN_PROTOCOL "
  1489. ] [
  1490. .BI vlan_default_pvid " VLAN_DEFAULT_PVID "
  1491. ] [
  1492. .BI vlan_stats_enabled " VLAN_STATS_ENABLED "
  1493. ] [
  1494. .BI vlan_stats_per_port " VLAN_STATS_PER_PORT "
  1495. ] [
  1496. .BI mcast_snooping " MULTICAST_SNOOPING "
  1497. ] [
  1498. .BI mcast_vlan_snooping " MULTICAST_VLAN_SNOOPING "
  1499. ] [
  1500. .BI mcast_router " MULTICAST_ROUTER "
  1501. ] [
  1502. .BI mcast_query_use_ifaddr " MCAST_QUERY_USE_IFADDR "
  1503. ] [
  1504. .BI mcast_querier " MULTICAST_QUERIER "
  1505. ] [
  1506. .BI mcast_hash_elasticity " HASH_ELASTICITY "
  1507. ] [
  1508. .BI mcast_hash_max " HASH_MAX "
  1509. ] [
  1510. .BI mcast_last_member_count " LAST_MEMBER_COUNT "
  1511. ] [
  1512. .BI mcast_startup_query_count " STARTUP_QUERY_COUNT "
  1513. ] [
  1514. .BI mcast_last_member_interval " LAST_MEMBER_INTERVAL "
  1515. ] [
  1516. .BI mcast_membership_interval " MEMBERSHIP_INTERVAL "
  1517. ] [
  1518. .BI mcast_querier_interval " QUERIER_INTERVAL "
  1519. ] [
  1520. .BI mcast_query_interval " QUERY_INTERVAL "
  1521. ] [
  1522. .BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL "
  1523. ] [
  1524. .BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL "
  1525. ] [
  1526. .BI mcast_stats_enabled " MCAST_STATS_ENABLED "
  1527. ] [
  1528. .BI mcast_igmp_version " IGMP_VERSION "
  1529. ] [
  1530. .BI mcast_mld_version " MLD_VERSION "
  1531. ] [
  1532. .BI nf_call_iptables " NF_CALL_IPTABLES "
  1533. ] [
  1534. .BI nf_call_ip6tables " NF_CALL_IP6TABLES "
  1535. ] [
  1536. .BI nf_call_arptables " NF_CALL_ARPTABLES "
  1537. ]
  1538. .in +8
  1539. .sp
  1540. .BI ageing_time " AGEING_TIME "
  1541. - configure the bridge's FDB entries ageing time, ie the number of
  1542. seconds a MAC address will be kept in the FDB after a packet has been
  1543. received from that address. after this time has passed, entries are
  1544. cleaned up.
  1545. .BI group_fwd_mask " MASK "
  1546. - set the group forward mask. This is the bitmask that is applied to
  1547. decide whether to forward incoming frames destined to link-local
  1548. addresses, ie addresses of the form 01:80:C2:00:00:0X (defaults to 0,
  1549. ie the bridge does not forward any link-local frames).
  1550. .BI group_address " ADDRESS "
  1551. - set the MAC address of the multicast group this bridge uses for STP.
  1552. The address must be a link-local address in standard Ethernet MAC
  1553. address format, ie an address of the form 01:80:C2:00:00:0X, with X
  1554. in [0, 4..f].
  1555. .BI forward_delay " FORWARD_DELAY "
  1556. - set the forwarding delay in seconds, ie the time spent in LISTENING
  1557. state (before moving to LEARNING) and in LEARNING state (before
  1558. moving to FORWARDING). Only relevant if STP is enabled. Valid values
  1559. are between 2 and 30.
  1560. .BI hello_time " HELLO_TIME "
  1561. - set the time in seconds between hello packets sent by the bridge,
  1562. when it is a root bridge or a designated bridges.
  1563. Only relevant if STP is enabled. Valid values are between 1 and 10.
  1564. .BI max_age " MAX_AGE "
  1565. - set the hello packet timeout, ie the time in seconds until another
  1566. bridge in the spanning tree is assumed to be dead, after reception of
  1567. its last hello message. Only relevant if STP is enabled. Valid values
  1568. are between 6 and 40.
  1569. .BI stp_state " STP_STATE "
  1570. - turn spanning tree protocol on
  1571. .RI ( STP_STATE " > 0) "
  1572. or off
  1573. .RI ( STP_STATE " == 0). "
  1574. for this bridge.
  1575. .BI priority " PRIORITY "
  1576. - set this bridge's spanning tree priority, used during STP root
  1577. bridge election.
  1578. .I PRIORITY
  1579. is a 16bit unsigned integer.
  1580. .BI no_linklocal_learn " NO_LINKLOCAL_LEARN "
  1581. - turn link-local learning on
  1582. .RI ( NO_LINKLOCAL_LEARN " == 0) "
  1583. or off
  1584. .RI ( NO_LINKLOCAL_LEARN " > 0). "
  1585. When disabled, the bridge will not learn from link-local frames (default:
  1586. enabled).
  1587. .BI fdb_max_learned " FDB_MAX_LEARNED "
  1588. - set the maximum number of learned FDB entries. If
  1589. .RI ( FDB_MAX_LEARNED " == 0) "
  1590. the feature is disabled. Default is
  1591. .BR 0 .
  1592. .I FDB_MAX_LEARNED
  1593. is a 32bit unsigned integer.
  1594. .BI vlan_filtering " VLAN_FILTERING "
  1595. - turn VLAN filtering on
  1596. .RI ( VLAN_FILTERING " > 0) "
  1597. or off
  1598. .RI ( VLAN_FILTERING " == 0). "
  1599. When disabled, the bridge will not consider the VLAN tag when handling packets.
  1600. .BR vlan_protocol " { " 802.1Q " | " 802.1ad " } "
  1601. - set the protocol used for VLAN filtering.
  1602. .BI vlan_default_pvid " VLAN_DEFAULT_PVID "
  1603. - set the default PVID (native/untagged VLAN ID) for this bridge.
  1604. .BI vlan_stats_enabled " VLAN_STATS_ENABLED "
  1605. - enable
  1606. .RI ( VLAN_STATS_ENABLED " == 1) "
  1607. or disable
  1608. .RI ( VLAN_STATS_ENABLED " == 0) "
  1609. per-VLAN stats accounting.
  1610. .BI vlan_stats_per_port " VLAN_STATS_PER_PORT "
  1611. - enable
  1612. .RI ( VLAN_STATS_PER_PORT " == 1) "
  1613. or disable
  1614. .RI ( VLAN_STATS_PER_PORT " == 0) "
  1615. per-VLAN per-port stats accounting. Can be changed only when there are no port VLANs configured.
  1616. .BI mcast_snooping " MULTICAST_SNOOPING "
  1617. - turn multicast snooping on
  1618. .RI ( MULTICAST_SNOOPING " > 0) "
  1619. or off
  1620. .RI ( MULTICAST_SNOOPING " == 0). "
  1621. .BI mcast_vlan_snooping " MULTICAST_VLAN_SNOOPING "
  1622. - turn multicast VLAN snooping on
  1623. .RI ( MULTICAST_VLAN_SNOOPING " > 0) "
  1624. or off
  1625. .RI ( MULTICAST_VLAN_SNOOPING " == 0). "
  1626. .BI mcast_router " MULTICAST_ROUTER "
  1627. - set bridge's multicast router if IGMP snooping is enabled.
  1628. .I MULTICAST_ROUTER
  1629. is an integer value having the following meaning:
  1630. .in +8
  1631. .sp
  1632. .B 0
  1633. - disabled.
  1634. .B 1
  1635. - automatic (queried).
  1636. .B 2
  1637. - permanently enabled.
  1638. .in -8
  1639. .BI mcast_query_use_ifaddr " MCAST_QUERY_USE_IFADDR "
  1640. - whether to use the bridge's own IP address as source address for IGMP queries
  1641. .RI ( MCAST_QUERY_USE_IFADDR " > 0) "
  1642. or the default of 0.0.0.0
  1643. .RI ( MCAST_QUERY_USE_IFADDR " == 0). "
  1644. .BI mcast_querier " MULTICAST_QUERIER "
  1645. - enable
  1646. .RI ( MULTICAST_QUERIER " > 0) "
  1647. or disable
  1648. .RI ( MULTICAST_QUERIER " == 0) "
  1649. IGMP querier, ie sending of multicast queries by the bridge (default: disabled).
  1650. .BI mcast_querier_interval " QUERIER_INTERVAL "
  1651. - interval between queries sent by other routers. if no queries are seen
  1652. after this delay has passed, the bridge will start to send its own queries
  1653. (as if
  1654. .BI mcast_querier
  1655. was enabled).
  1656. .BI mcast_hash_elasticity " HASH_ELASTICITY "
  1657. - set multicast database hash elasticity, ie the maximum chain length
  1658. in the multicast hash table (defaults to 4).
  1659. .BI mcast_hash_max " HASH_MAX "
  1660. - set maximum size of multicast hash table (defaults to 512,
  1661. value must be a power of 2).
  1662. .BI mcast_last_member_count " LAST_MEMBER_COUNT "
  1663. - set multicast last member count, ie the number of queries the bridge
  1664. will send before stopping forwarding a multicast group after a "leave"
  1665. message has been received (defaults to 2).
  1666. .BI mcast_last_member_interval " LAST_MEMBER_INTERVAL "
  1667. - interval between queries to find remaining members of a group,
  1668. after a "leave" message is received.
  1669. .BI mcast_startup_query_count " STARTUP_QUERY_COUNT "
  1670. - set the number of IGMP queries to send during startup phase (defaults to 2).
  1671. .BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL "
  1672. - interval between queries in the startup phase.
  1673. .BI mcast_query_interval " QUERY_INTERVAL "
  1674. - interval between queries sent by the bridge after the end of the
  1675. startup phase.
  1676. .BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL "
  1677. - set the Max Response Time/Maximum Response Delay for IGMP/MLD
  1678. queries sent by the bridge.
  1679. .BI mcast_membership_interval " MEMBERSHIP_INTERVAL "
  1680. - delay after which the bridge will leave a group,
  1681. if no membership reports for this group are received.
  1682. .BI mcast_stats_enabled " MCAST_STATS_ENABLED "
  1683. - enable
  1684. .RI ( MCAST_STATS_ENABLED " > 0) "
  1685. or disable
  1686. .RI ( MCAST_STATS_ENABLED " == 0) "
  1687. multicast (IGMP/MLD) stats accounting.
  1688. .BI mcast_igmp_version " IGMP_VERSION "
  1689. - set the IGMP version.
  1690. .BI mcast_mld_version " MLD_VERSION "
  1691. - set the MLD version.
  1692. .BI nf_call_iptables " NF_CALL_IPTABLES "
  1693. - enable
  1694. .RI ( NF_CALL_IPTABLES " > 0) "
  1695. or disable
  1696. .RI ( NF_CALL_IPTABLES " == 0) "
  1697. iptables hooks on the bridge.
  1698. .BI nf_call_ip6tables " NF_CALL_IP6TABLES "
  1699. - enable
  1700. .RI ( NF_CALL_IP6TABLES " > 0) "
  1701. or disable
  1702. .RI ( NF_CALL_IP6TABLES " == 0) "
  1703. ip6tables hooks on the bridge.
  1704. .BI nf_call_arptables " NF_CALL_ARPTABLES "
  1705. - enable
  1706. .RI ( NF_CALL_ARPTABLES " > 0) "
  1707. or disable
  1708. .RI ( NF_CALL_ARPTABLES " == 0) "
  1709. arptables hooks on the bridge.
  1710. .in -8
  1711. .TP
  1712. MACsec Type Support
  1713. For a link of type
  1714. .I MACsec
  1715. the following additional arguments are supported:
  1716. .BI "ip link add link " DEVICE " name " NAME " type macsec"
  1717. [ [
  1718. .BI address " <lladdr>"
  1719. ]
  1720. .BI port " PORT"
  1721. |
  1722. .BI sci " SCI"
  1723. ] [
  1724. .BI cipher " CIPHER_SUITE"
  1725. ] [
  1726. .BR icvlen " { "
  1727. .IR 8..16 " } ] ["
  1728. .BR encrypt " {"
  1729. .BR on " | " off " } ] [ "
  1730. .BR send_sci " { " on " | " off " } ] ["
  1731. .BR end_station " { " on " | " off " } ] ["
  1732. .BR scb " { " on " | " off " } ] ["
  1733. .BR protect " { " on " | " off " } ] ["
  1734. .BR replay " { " on " | " off " }"
  1735. .BR window " { "
  1736. .IR 0..2^32-1 " } ] ["
  1737. .BR validate " { " strict " | " check " | " disabled " } ] ["
  1738. .BR encodingsa " { "
  1739. .IR 0..3 " } ]"
  1740. .in +8
  1741. .sp
  1742. .BI address " <lladdr> "
  1743. - sets the system identifier component of secure channel for this MACsec device.
  1744. .sp
  1745. .BI port " PORT "
  1746. - sets the port number component of secure channel for this MACsec
  1747. device, in a range from 1 to 65535 inclusive. Numbers with a leading "
  1748. 0 " or " 0x " are interpreted as octal and hexadecimal, respectively.
  1749. .sp
  1750. .BI sci " SCI "
  1751. - sets the secure channel identifier for this MACsec device.
  1752. .I SCI
  1753. is a 64bit wide number in hexadecimal format.
  1754. .sp
  1755. .BI cipher " CIPHER_SUITE "
  1756. - defines the cipher suite to use.
  1757. .sp
  1758. .BI icvlen " LENGTH "
  1759. - sets the length of the Integrity Check Value (ICV).
  1760. .sp
  1761. .BR "encrypt on " or " encrypt off"
  1762. - switches between authenticated encryption, or authenticity mode only.
  1763. .sp
  1764. .BR "send_sci on " or " send_sci off"
  1765. - specifies whether the SCI is included in every packet,
  1766. or only when it is necessary.
  1767. .sp
  1768. .BR "end_station on " or " end_station off"
  1769. - sets the End Station bit.
  1770. .sp
  1771. .BR "scb on " or " scb off"
  1772. - sets the Single Copy Broadcast bit.
  1773. .sp
  1774. .BR "protect on " or " protect off"
  1775. - enables MACsec protection on the device.
  1776. .sp
  1777. .BR "replay on " or " replay off"
  1778. - enables replay protection on the device.
  1779. .in +8
  1780. .sp
  1781. .BI window " SIZE "
  1782. - sets the size of the replay window.
  1783. .in -8
  1784. .sp
  1785. .BR "validate strict " or " validate check " or " validate disabled"
  1786. - sets the validation mode on the device.
  1787. .sp
  1788. .BI encodingsa " AN "
  1789. - sets the active secure association for transmission.
  1790. .in -8
  1791. .TP
  1792. VRF Type Support
  1793. For a link of type
  1794. .I VRF
  1795. the following additional arguments are supported:
  1796. .BI "ip link add " DEVICE " type vrf table " TABLE
  1797. .in +8
  1798. .sp
  1799. .BR table " table id associated with VRF device"
  1800. .in -8
  1801. .TP
  1802. RMNET Type Support
  1803. For a link of type
  1804. .I RMNET
  1805. the following additional arguments are supported:
  1806. .BI "ip link add link " DEVICE " name " NAME " type rmnet mux_id " MUXID
  1807. .in +8
  1808. .sp
  1809. .BI mux_id " MUXID "
  1810. - specifies the mux identifier for the rmnet device, possible values 1-254.
  1811. .in -8
  1812. .TP
  1813. XFRM Type Support
  1814. For a link of type
  1815. .I XFRM
  1816. the following additional arguments are supported:
  1817. .BI "ip link add " DEVICE " type xfrm dev " PHYS_DEV " [ if_id " IF_ID " ]"
  1818. .BR "[ external ]"
  1819. .in +8
  1820. .sp
  1821. .BI dev " PHYS_DEV "
  1822. - specifies the underlying physical interface from which transform traffic is sent and received.
  1823. .sp
  1824. .BI if_id " IF-ID "
  1825. - specifies the hexadecimal lookup key used to send traffic to and from specific xfrm
  1826. policies. Policies must be configured with the same key. If not set, the key defaults to
  1827. 0 and will match any policies which similarly do not have a lookup key configuration.
  1828. .sp
  1829. .BI external
  1830. - make this device externally controlled. This flag is mutually exclusive with the
  1831. .BR dev " and " if_id
  1832. options.
  1833. .in -8
  1834. .TP
  1835. GTP Type Support
  1836. For a link of type
  1837. .I GTP
  1838. the following additional arguments are supported:
  1839. .BI "ip link add " DEVICE " type gtp role " ROLE " hsize " HSIZE
  1840. .in +8
  1841. .sp
  1842. .BI role " ROLE "
  1843. - specifies the role of the GTP device, either sgsn or ggsn
  1844. .sp
  1845. .BI hsize " HSIZE "
  1846. - specifies size of the hashtable which stores PDP contexts
  1847. .sp
  1848. .BI restart_count " RESTART_COUNT "
  1849. - GTP instance restart counter
  1850. .in -8
  1851. .SS ip link delete - delete virtual link
  1852. .TP
  1853. .BI dev " DEVICE "
  1854. specifies the virtual device to act operate on.
  1855. .TP
  1856. .BI group " GROUP "
  1857. specifies the group of virtual links to delete. Group 0 is not allowed to be
  1858. deleted since it is the default group.
  1859. .TP
  1860. .BI type " TYPE "
  1861. specifies the type of the device.
  1862. .SS ip link set - change device attributes
  1863. .PP
  1864. .B Warning:
  1865. If multiple parameter changes are requested,
  1866. .B ip
  1867. aborts immediately after any of the changes have failed.
  1868. This is the only case when
  1869. .B ip
  1870. can move the system to an unpredictable state. The solution
  1871. is to avoid changing several parameters with one
  1872. .B ip link set
  1873. call.
  1874. The modifier
  1875. .B change
  1876. is equivalent to
  1877. .BR "set" .
  1878. .TP
  1879. .BI dev " DEVICE "
  1880. .I DEVICE
  1881. specifies network device to operate on. When configuring SR-IOV
  1882. Virtual Function (VF) devices, this keyword should specify the
  1883. associated Physical Function (PF) device.
  1884. .TP
  1885. .BI group " GROUP "
  1886. .I GROUP
  1887. has a dual role: If both group and dev are present, then move the device to the
  1888. specified group. If only a group is specified, then the command operates on
  1889. all devices in that group.
  1890. .TP
  1891. .BR up " and " down
  1892. change the state of the device to
  1893. .B UP
  1894. or
  1895. .BR "DOWN" .
  1896. .TP
  1897. .BR "arp on " or " arp off"
  1898. change the
  1899. .B NOARP
  1900. flag on the device.
  1901. .TP
  1902. .BR "multicast on " or " multicast off"
  1903. change the
  1904. .B MULTICAST
  1905. flag on the device.
  1906. .TP
  1907. .BR "allmulticast on " or " allmulticast off"
  1908. change the
  1909. .B ALLMULTI
  1910. flag on the device. When enabled, instructs network driver to retrieve all
  1911. multicast packets from the network to the kernel for further processing.
  1912. .TP
  1913. .BR "promisc on " or " promisc off"
  1914. change the
  1915. .B PROMISC
  1916. flag on the device. When enabled, activates promiscuous operation of the
  1917. network device.
  1918. .TP
  1919. .BR "trailers on " or " trailers off"
  1920. change the
  1921. .B NOTRAILERS
  1922. flag on the device,
  1923. .B NOT
  1924. used by the Linux and exists for BSD compatibility.
  1925. .TP
  1926. .BR "protodown on " or " protodown off"
  1927. change the
  1928. .B PROTODOWN
  1929. state on the device. Indicates that a protocol error has been detected
  1930. on the port. Switch drivers can react to this error by doing a phys
  1931. down on the switch port.
  1932. .TP
  1933. .BR "protodown_reason PREASON on " or " off"
  1934. set
  1935. .B PROTODOWN
  1936. reasons on the device. protodown reason bit names can be enumerated under
  1937. /etc/iproute2/protodown_reasons.d/. possible reasons bits 0-31
  1938. .TP
  1939. .BR "dynamic on " or " dynamic off"
  1940. change the
  1941. .B DYNAMIC
  1942. flag on the device. Indicates that address can change when interface
  1943. goes down (currently
  1944. .B NOT
  1945. used by the Linux).
  1946. .TP
  1947. .BI name " NAME"
  1948. change the name of the device. This operation is not
  1949. recommended if the device is running or has some addresses
  1950. already configured.
  1951. .TP
  1952. .BI txqueuelen " NUMBER"
  1953. .TP
  1954. .BI txqlen " NUMBER"
  1955. change the transmit queue length of the device.
  1956. .TP
  1957. .BI mtu " NUMBER"
  1958. change the
  1959. .I MTU
  1960. of the device.
  1961. .TP
  1962. .BI address " LLADDRESS"
  1963. change the station address of the interface.
  1964. .TP
  1965. .BI broadcast " LLADDRESS"
  1966. .TP
  1967. .BI brd " LLADDRESS"
  1968. .TP
  1969. .BI peer " LLADDRESS"
  1970. change the link layer broadcast address or the peer address when
  1971. the interface is
  1972. .IR "POINTOPOINT" .
  1973. .TP
  1974. .B netns
  1975. .RI "{ " PID " | " NETNSNAME " | " NETNSFILE " }"
  1976. .br
  1977. move the device to the network namespace associated with process
  1978. .IR "PID " or
  1979. the name
  1980. .IR "NETNSNAME " or
  1981. the file
  1982. .IR "NETNSFILE".
  1983. Some devices are not allowed to change network namespace: loopback, bridge,
  1984. wireless. These are network namespace local devices. In such case
  1985. .B ip
  1986. tool will return "Invalid argument" error. It is possible to find out
  1987. if device is local to a single network namespace by checking
  1988. .B netns-local
  1989. flag in the output of the
  1990. .BR ethtool ":"
  1991. .in +8
  1992. .B ethtool -k
  1993. .I DEVICE
  1994. .in -8
  1995. To change network namespace for wireless devices the
  1996. .B iw
  1997. tool can be used. But it allows one to change network namespace only for
  1998. physical devices and by process
  1999. .IR PID .
  2000. .TP
  2001. .BI alias " NAME"
  2002. give the device a symbolic name for easy reference.
  2003. .TP
  2004. .BI group " GROUP"
  2005. specify the group the device belongs to.
  2006. The available groups are listed in
  2007. .BR /share/iproute2/group " or " /etc/iproute2/group
  2008. (has precedence if exists).
  2009. .TP
  2010. .BI vf " NUM"
  2011. specify a Virtual Function device to be configured. The associated PF device
  2012. must be specified using the
  2013. .B dev
  2014. parameter.
  2015. .in +8
  2016. .BI mac " LLADDRESS"
  2017. - change the station address for the specified VF. The
  2018. .B vf
  2019. parameter must be specified.
  2020. .sp
  2021. .BI vlan " VLANID"
  2022. - change the assigned VLAN for the specified VF. When specified, all traffic
  2023. sent from the VF will be tagged with the specified VLAN ID. Incoming traffic
  2024. will be filtered for the specified VLAN ID, and will have all VLAN tags
  2025. stripped before being passed to the VF. Setting this parameter to 0 disables
  2026. VLAN tagging and filtering. The
  2027. .B vf
  2028. parameter must be specified.
  2029. .sp
  2030. .BI qos " VLAN-QOS"
  2031. - assign VLAN QOS (priority) bits for the VLAN tag. When specified, all VLAN
  2032. tags transmitted by the VF will include the specified priority bits in the
  2033. VLAN tag. If not specified, the value is assumed to be 0. Both the
  2034. .B vf
  2035. and
  2036. .B vlan
  2037. parameters must be specified. Setting both
  2038. .B vlan
  2039. and
  2040. .B qos
  2041. as 0 disables VLAN tagging and filtering for the VF.
  2042. .sp
  2043. .BI proto " VLAN-PROTO"
  2044. - assign VLAN PROTOCOL for the VLAN tag, either 802.1Q or 802.1ad.
  2045. Setting to 802.1ad, all traffic sent from the VF will be tagged with
  2046. VLAN S-Tag. Incoming traffic will have VLAN S-Tags stripped before
  2047. being passed to the VF. Setting to 802.1ad also enables an option to
  2048. concatenate another VLAN tag, so both S-TAG and C-TAG will be
  2049. inserted/stripped for outgoing/incoming traffic, respectively. If not
  2050. specified, the value is assumed to be 802.1Q. Both the
  2051. .B vf
  2052. and
  2053. .B vlan
  2054. parameters must be specified.
  2055. .sp
  2056. .BI rate " TXRATE"
  2057. -- change the allowed transmit bandwidth, in Mbps, for the specified VF.
  2058. Setting this parameter to 0 disables rate limiting.
  2059. .B vf
  2060. parameter must be specified.
  2061. Please use new API
  2062. .B "max_tx_rate"
  2063. option instead.
  2064. .sp
  2065. .BI max_tx_rate " TXRATE"
  2066. - change the allowed maximum transmit bandwidth, in Mbps, for the
  2067. specified VF. Setting this parameter to 0 disables rate limiting.
  2068. .B vf
  2069. parameter must be specified.
  2070. .sp
  2071. .BI min_tx_rate " TXRATE"
  2072. - change the allowed minimum transmit bandwidth, in Mbps, for the specified VF.
  2073. Minimum TXRATE should be always <= Maximum TXRATE.
  2074. Setting this parameter to 0 disables rate limiting.
  2075. .B vf
  2076. parameter must be specified.
  2077. .sp
  2078. .BI spoofchk " on|off"
  2079. - turn packet spoof checking on or off for the specified VF.
  2080. .sp
  2081. .BI query_rss " on|off"
  2082. - toggle the ability of querying the RSS configuration of a specific
  2083. VF. VF RSS information like RSS hash key may be considered sensitive
  2084. on some devices where this information is shared between VF and PF
  2085. and thus its querying may be prohibited by default.
  2086. .sp
  2087. .BI state " auto|enable|disable"
  2088. - set the virtual link state as seen by the specified VF. Setting to
  2089. auto means a reflection of the PF link state, enable lets the VF to
  2090. communicate with other VFs on this host even if the PF link state is
  2091. down, disable causes the HW to drop any packets sent by the VF.
  2092. .sp
  2093. .BI trust " on|off"
  2094. - trust the specified VF user. This enables that VF user can set a
  2095. specific feature which may impact security and/or
  2096. performance. (e.g. VF multicast promiscuous mode)
  2097. .sp
  2098. .BI node_guid " eui64"
  2099. - configure node GUID for Infiniband VFs.
  2100. .sp
  2101. .BI port_guid " eui64"
  2102. - configure port GUID for Infiniband VFs.
  2103. .in -8
  2104. .TP
  2105. .B xdp object "|" pinned "|" off
  2106. set (or unset) a XDP ("eXpress Data Path") BPF program to run on every
  2107. packet at driver level.
  2108. .B ip link
  2109. output will indicate a
  2110. .B xdp
  2111. flag for the networking device. If the driver does not have native XDP
  2112. support, the kernel will fall back to a slower, driver-independent "generic"
  2113. XDP variant. The
  2114. .B ip link
  2115. output will in that case indicate
  2116. .B xdpgeneric
  2117. instead of
  2118. .B xdp
  2119. only. If the driver does have native XDP support, but the program is
  2120. loaded under
  2121. .B xdpgeneric object "|" pinned
  2122. then the kernel will use the generic XDP variant instead of the native one.
  2123. .B xdpdrv
  2124. has the opposite effect of requestsing that the automatic fallback to the
  2125. generic XDP variant be disabled and in case driver is not XDP-capable error
  2126. should be returned.
  2127. .B xdpdrv
  2128. also disables hardware offloads.
  2129. .B xdpoffload
  2130. in ip link output indicates that the program has been offloaded to hardware
  2131. and can also be used to request the "offload" mode, much like
  2132. .B xdpgeneric
  2133. it forces program to be installed specifically in HW/FW of the apater.
  2134. .B off
  2135. (or
  2136. .B none
  2137. )
  2138. - Detaches any currently attached XDP/BPF program from the given device.
  2139. .BI object " FILE "
  2140. - Attaches a XDP/BPF program to the given device. The
  2141. .I FILE
  2142. points to a BPF ELF file (f.e. generated by LLVM) that contains the BPF
  2143. program code, map specifications, etc. If a XDP/BPF program is already
  2144. attached to the given device, an error will be thrown. If no XDP/BPF
  2145. program is currently attached, the device supports XDP and the program
  2146. from the BPF ELF file passes the kernel verifier, then it will be attached
  2147. to the device. If the option
  2148. .I -force
  2149. is passed to
  2150. .B ip
  2151. then any prior attached XDP/BPF program will be atomically overridden and
  2152. no error will be thrown in this case. If no
  2153. .B section
  2154. option is passed, then the default section name ("prog") will be assumed,
  2155. otherwise the provided section name will be used. If no
  2156. .B verbose
  2157. option is passed, then a verifier log will only be dumped on load error.
  2158. See also
  2159. .B EXAMPLES
  2160. section for usage examples.
  2161. .BI section " NAME "
  2162. - Specifies a section name that contains the BPF program code. If no section
  2163. name is specified, the default one ("prog") will be used. This option is
  2164. to be passed with the
  2165. .B object
  2166. option.
  2167. .BI program " NAME "
  2168. - Specifies the BPF program name that need to be attached. When the program
  2169. name is specified, the section name parameter will be ignored. This option
  2170. only works when iproute2 build with
  2171. .B libbpf
  2172. support.
  2173. .BI verbose
  2174. - Act in verbose mode. For example, even in case of success, this will
  2175. print the verifier log in case a program was loaded from a BPF ELF file.
  2176. .BI pinned " FILE "
  2177. - Attaches a XDP/BPF program to the given device. The
  2178. .I FILE
  2179. points to an already pinned BPF program in the BPF file system. The option
  2180. .B section
  2181. doesn't apply here, but otherwise semantics are the same as with the option
  2182. .B object
  2183. described already.
  2184. .TP
  2185. .BI master " DEVICE"
  2186. set master device of the device (enslave device).
  2187. .TP
  2188. .BI nomaster
  2189. unset master device of the device (release device).
  2190. .TP
  2191. .BI addrgenmode " eui64|none|stable_secret|random"
  2192. set the IPv6 address generation mode
  2193. .I eui64
  2194. - use a Modified EUI-64 format interface identifier
  2195. .I none
  2196. - disable automatic address generation
  2197. .I stable_secret
  2198. - generate the interface identifier based on a preset
  2199. /proc/sys/net/ipv6/conf/{default,DEVICE}/stable_secret
  2200. .I random
  2201. - like stable_secret, but auto-generate a new random secret if none is set
  2202. .TP
  2203. .BR "link-netnsid "
  2204. set peer netnsid for a cross-netns interface
  2205. .TP
  2206. .BI type " ETYPE TYPE_ARGS"
  2207. Change type-specific settings. For a list of supported types and arguments refer
  2208. to the description of
  2209. .B "ip link add"
  2210. above. In addition to that, it is possible to manipulate settings to slave
  2211. devices:
  2212. .TP
  2213. Bridge Slave Support
  2214. For a link with master
  2215. .B bridge
  2216. the following additional arguments are supported:
  2217. .B "ip link set type bridge_slave"
  2218. [
  2219. .B fdb_flush
  2220. ] [
  2221. .BI state " STATE"
  2222. ] [
  2223. .BI priority " PRIO"
  2224. ] [
  2225. .BI cost " COST"
  2226. ] [
  2227. .BR guard " { " on " | " off " }"
  2228. ] [
  2229. .BR hairpin " { " on " | " off " }"
  2230. ] [
  2231. .BR fastleave " { " on " | " off " }"
  2232. ] [
  2233. .BR root_block " { " on " | " off " }"
  2234. ] [
  2235. .BR learning " { " on " | " off " }"
  2236. ] [
  2237. .BR flood " { " on " | " off " }"
  2238. ] [
  2239. .BR proxy_arp " { " on " | " off " }"
  2240. ] [
  2241. .BR proxy_arp_wifi " { " on " | " off " }"
  2242. ] [
  2243. .BI mcast_router " MULTICAST_ROUTER"
  2244. ] [
  2245. .BR mcast_fast_leave " { " on " | " off "}"
  2246. ] [
  2247. .BR bcast_flood " { " on " | " off " }"
  2248. ] [
  2249. .BR mcast_flood " { " on " | " off " }"
  2250. ] [
  2251. .BR mcast_to_unicast " { " on " | " off " }"
  2252. ] [
  2253. .BR group_fwd_mask " MASK"
  2254. ] [
  2255. .BR neigh_suppress " { " on " | " off " }"
  2256. ] [
  2257. .BR neigh_vlan_suppress " { " on " | " off " }"
  2258. ] [
  2259. .BR vlan_tunnel " { " on " | " off " }"
  2260. ] [
  2261. .BR isolated " { " on " | " off " }"
  2262. ] [
  2263. .BR locked " { " on " | " off " }"
  2264. ] [
  2265. .BR mab " { " on " | " off " }"
  2266. ] [
  2267. .BR backup_port " DEVICE"
  2268. ] [
  2269. .BR nobackup_port
  2270. ] [
  2271. .BR backup_nhid " NHID"
  2272. ]
  2273. .in +8
  2274. .sp
  2275. .B fdb_flush
  2276. - flush bridge slave's fdb dynamic entries.
  2277. .BI state " STATE"
  2278. - Set port state.
  2279. .I STATE
  2280. is a number representing the following states:
  2281. .BR 0 " (disabled),"
  2282. .BR 1 " (listening),"
  2283. .BR 2 " (learning),"
  2284. .BR 3 " (forwarding),"
  2285. .BR 4 " (blocking)."
  2286. .BI priority " PRIO"
  2287. - set port priority (allowed values are between 0 and 63, inclusively).
  2288. .BI cost " COST"
  2289. - set port cost (allowed values are between 1 and 65535, inclusively).
  2290. .BR guard " { " on " | " off " }"
  2291. - block incoming BPDU packets on this port.
  2292. .BR hairpin " { " on " | " off " }"
  2293. - enable hairpin mode on this port. This will allow incoming packets on this
  2294. port to be reflected back.
  2295. .BR fastleave " { " on " | " off " }"
  2296. - enable multicast fast leave on this port.
  2297. .BR root_block " { " on " | " off " }"
  2298. - block this port from becoming the bridge's root port.
  2299. .BR learning " { " on " | " off " }"
  2300. - allow MAC address learning on this port.
  2301. .BR flood " { " on " | " off " }"
  2302. - open the flood gates on this port, i.e. forward all unicast frames to this
  2303. port also. Requires
  2304. .BR proxy_arp " and " proxy_arp_wifi
  2305. to be turned off.
  2306. .BR proxy_arp " { " on " | " off " }"
  2307. - enable proxy ARP on this port.
  2308. .BR proxy_arp_wifi " { " on " | " off " }"
  2309. - enable proxy ARP on this port which meets extended requirements by IEEE
  2310. 802.11 and Hotspot 2.0 specifications.
  2311. .BI mcast_router " MULTICAST_ROUTER"
  2312. - configure this port for having multicast routers attached. A port with a
  2313. multicast router will receive all multicast traffic.
  2314. .I MULTICAST_ROUTER
  2315. may be either
  2316. .B 0
  2317. to disable multicast routers on this port,
  2318. .B 1
  2319. to let the system detect the presence of routers (this is the default),
  2320. .B 2
  2321. to permanently enable multicast traffic forwarding on this port or
  2322. .B 3
  2323. to enable multicast routers temporarily on this port, not depending on incoming
  2324. queries.
  2325. .BR mcast_fast_leave " { " on " | " off " }"
  2326. - this is a synonym to the
  2327. .B fastleave
  2328. option above.
  2329. .BR bcast_flood " { " on " | " off " }"
  2330. - controls flooding of broadcast traffic on the given port. By default
  2331. this flag is on.
  2332. .BR mcast_flood " { " on " | " off " }"
  2333. - controls whether a given port will flood multicast traffic for which
  2334. there is no MDB entry. By default this flag is on.
  2335. .BR mcast_to_unicast " { " on " | " off " }"
  2336. - controls whether a given port will replicate packets using unicast
  2337. instead of multicast. By default this flag is off.
  2338. .BI group_fwd_mask " MASK "
  2339. - set the group forward mask. This is the bitmask that is applied to
  2340. decide whether to forward incoming frames destined to link-local
  2341. addresses, ie addresses of the form 01:80:C2:00:00:0X (defaults to
  2342. 0, ie the bridge does not forward any link-local frames coming on
  2343. this port).
  2344. .BR neigh_suppress " { " on " | " off " }"
  2345. - controls whether neigh discovery (arp and nd) proxy and suppression
  2346. is enabled on the port. By default this flag is off.
  2347. .BR neigh_vlan_suppress " { " on " | " off " }"
  2348. - controls whether per-VLAN neigh discovery (arp and nd) proxy and suppression
  2349. is enabled on the port. When on, the \fBbridge link\fR option
  2350. \fBneigh_suppress\fR has no effect and the per-VLAN state is set using the
  2351. \fBbridge vlan\fR option \fBneigh_suppress\fR. By default this flag is off.
  2352. .BR vlan_tunnel " { " on " | " off " }"
  2353. - controls whether vlan to tunnel mapping is enabled on the port. By
  2354. default this flag is off.
  2355. .BR locked " { " on " | " off " }"
  2356. - controls whether a port is locked or not. When locked, non-link-local frames
  2357. received through the port are dropped unless an FDB entry with the MAC source
  2358. address points to the port. The common use case is IEEE 802.1X where hosts can
  2359. authenticate themselves by exchanging EAPOL frames with an authenticator. After
  2360. authentication is complete, the user space control plane can install a matching
  2361. FDB entry to allow traffic from the host to be forwarded by the bridge. When
  2362. learning is enabled on a locked port, the
  2363. .B no_linklocal_learn
  2364. bridge option needs to be on to prevent the bridge from learning from received
  2365. EAPOL frames. By default this flag is off.
  2366. .BR mab " { " on " | " off " }"
  2367. - controls whether MAC Authentication Bypass (MAB) is enabled on the port or
  2368. not. MAB can only be enabled on a locked port that has learning enabled. When
  2369. enabled, FDB entries are learned from received traffic and have the "locked"
  2370. FDB flag set. The flag can only be set by the kernel and it indicates that the
  2371. FDB entry cannot be used to authenticate the corresponding host. User space can
  2372. decide to authenticate the host by replacing the FDB entry and clearing the
  2373. "locked" FDB flag. Locked FDB entries can roam to unlocked (authorized) ports
  2374. in which case the "locked" flag is cleared. FDB entries cannot roam to locked
  2375. ports regardless of MAB being enabled or not. Therefore, locked FDB entries are
  2376. only created if an FDB entry with the given {MAC, VID} does not already exist.
  2377. This behavior prevents unauthenticated hosts from disrupting traffic destined
  2378. to already authenticated hosts. Locked FDB entries act like regular dynamic
  2379. entries with respect to forwarding and aging. By default this flag is off.
  2380. .BI backup_port " DEVICE"
  2381. - if the port loses carrier all traffic will be redirected to the
  2382. configured backup port
  2383. .BR nobackup_port
  2384. - removes the currently configured backup port
  2385. .BI backup_nhid " NHID"
  2386. - the FDB nexthop object ID (see \fBip-nexthop\fR(8)) to attach to packets
  2387. being redirected to a backup port that has VLAN tunnel mapping enabled (via the
  2388. \fBvlan_tunnel\fR option). Setting a value of 0 (default) has the effect of not
  2389. attaching any ID.
  2390. .in -8
  2391. .TP
  2392. Bonding Slave Support
  2393. For a link with master
  2394. .B bond
  2395. the following additional arguments are supported:
  2396. .B "ip link set type bond_slave"
  2397. [
  2398. .BI queue_id " ID"
  2399. ] [
  2400. .BI prio " PRIORITY"
  2401. ]
  2402. .in +8
  2403. .sp
  2404. .BI queue_id " ID"
  2405. - set the slave's queue ID (a 16bit unsigned value).
  2406. .sp
  2407. .BI prio " PRIORITY"
  2408. - set the slave's priority for active slave re-selection during failover
  2409. (a 32bit signed value). This option only valid for active-backup(1),
  2410. balance-tlb (5) and balance-alb (6) mode.
  2411. .in -8
  2412. .TP
  2413. MACVLAN and MACVTAP Support
  2414. Modify list of allowed macaddr for link in source mode.
  2415. .B "ip link set type { macvlan | macvap } "
  2416. [
  2417. .BI macaddr " " "" COMMAND " " MACADDR " ..."
  2418. ]
  2419. Commands:
  2420. .in +8
  2421. .B add
  2422. - add MACADDR to allowed list
  2423. .sp
  2424. .B set
  2425. - replace allowed list
  2426. .sp
  2427. .B del
  2428. - remove MACADDR from allowed list
  2429. .sp
  2430. .B flush
  2431. - flush whole allowed list
  2432. .sp
  2433. .in -8
  2434. Update the broadcast/multicast queue length.
  2435. .B "ip link set type { macvlan | macvap } "
  2436. [
  2437. .BI bcqueuelen " LENGTH "
  2438. ]
  2439. [
  2440. .BI bclim " LIMIT "
  2441. ]
  2442. .in +8
  2443. .BI bcqueuelen " LENGTH "
  2444. - Set the length of the RX queue used to process broadcast and multicast packets.
  2445. .IR LENGTH " must be a positive integer in the range [0-4294967295]."
  2446. Setting a length of 0 will effectively drop all broadcast/multicast traffic.
  2447. If not specified the macvlan driver default (1000) is used.
  2448. Note that all macvlans that share the same underlying device are using the same
  2449. .RB "queue. The parameter here is a " request ", the actual queue length used"
  2450. will be the maximum length that any macvlan interface has requested.
  2451. When listing device parameters both the bcqueuelen parameter
  2452. as well as the actual used bcqueuelen are listed to better help
  2453. the user understand the setting.
  2454. .BI bclim " LIMIT "
  2455. - Set the threshold for broadcast queueing.
  2456. .IR LIMIT " must be a 32-bit integer."
  2457. Setting this to -1 disables broadcast queueing altogether. Otherwise
  2458. a multicast address will be queued as broadcast if the number of devices
  2459. using it is greater than the given value.
  2460. .in -8
  2461. .TP
  2462. DSA user port support
  2463. For a link having the DSA user port type, the following additional arguments
  2464. are supported:
  2465. .B "ip link set type dsa "
  2466. [
  2467. .BI conduit " DEVICE"
  2468. ]
  2469. .in +8
  2470. .sp
  2471. .BI conduit " DEVICE"
  2472. - change the DSA conduit (host network interface) responsible for handling the
  2473. locally terminated traffic for the given DSA switch user port. For a
  2474. description of which network interfaces are suitable for serving as conduit
  2475. interfaces of this user port, please see
  2476. https://docs.kernel.org/networking/dsa/configuration.html#affinity-of-user-ports-to-cpu-ports
  2477. as well as what is supported by the driver in use.
  2478. .sp
  2479. .BI master " DEVICE"
  2480. - this is a synonym for "conduit".
  2481. .in -8
  2482. .SS ip link show - display device attributes
  2483. .TP
  2484. .BI dev " NAME " (default)
  2485. .I NAME
  2486. specifies the network device to show.
  2487. .TP
  2488. .BI group " GROUP "
  2489. .I GROUP
  2490. specifies what group of devices to show.
  2491. .TP
  2492. .B up
  2493. only display running interfaces.
  2494. .TP
  2495. .BI master " DEVICE "
  2496. .I DEVICE
  2497. specifies the master device which enslaves devices to show.
  2498. .TP
  2499. .BI vrf " NAME "
  2500. .I NAME
  2501. specifies the VRF which enslaves devices to show.
  2502. .TP
  2503. .BI type " TYPE "
  2504. .I TYPE
  2505. specifies the type of devices to show.
  2506. Note that the type name is not checked against the list of supported types -
  2507. instead it is sent as-is to the kernel. Later it is used to filter the returned
  2508. interface list by comparing it with the relevant attribute in case the kernel
  2509. didn't filter already. Therefore any string is accepted, but may lead to empty
  2510. output.
  2511. .TP
  2512. .B nomaster
  2513. only show devices with no master
  2514. .SS ip link xstats - display extended statistics
  2515. .TP
  2516. .BI type " TYPE "
  2517. .I TYPE
  2518. specifies the type of devices to display extended statistics for.
  2519. .SS ip link afstats - display address-family specific statistics
  2520. .TP
  2521. .BI dev " DEVICE "
  2522. .I DEVICE
  2523. specifies the device to display address-family statistics for.
  2524. .SS ip link help - display help
  2525. .PP
  2526. .I "TYPE"
  2527. specifies which help of link type to display.
  2528. .SS
  2529. .I GROUP
  2530. may be a number or a string from
  2531. .BR /share/iproute2/group " or " /etc/iproute2/group
  2532. which can be manually filled and has precedence if exists.
  2533. .SH "EXAMPLES"
  2534. .PP
  2535. ip link show
  2536. .RS 4
  2537. Shows the state of all network interfaces on the system.
  2538. .RE
  2539. .PP
  2540. ip link show type bridge
  2541. .RS 4
  2542. Shows the bridge devices.
  2543. .RE
  2544. .PP
  2545. ip link show type vlan
  2546. .RS 4
  2547. Shows the vlan devices.
  2548. .RE
  2549. .PP
  2550. ip link show master br0
  2551. .RS 4
  2552. Shows devices enslaved by br0
  2553. .RE
  2554. .PP
  2555. ip link set dev ppp0 mtu 1400
  2556. .RS 4
  2557. Change the MTU the ppp0 device.
  2558. .RE
  2559. .PP
  2560. ip link add link eth0 name eth0.10 type vlan id 10
  2561. .RS 4
  2562. Creates a new vlan device eth0.10 on device eth0.
  2563. .RE
  2564. .PP
  2565. ip link delete dev eth0.10
  2566. .RS 4
  2567. Removes vlan device.
  2568. .RE
  2569. ip link help gre
  2570. .RS 4
  2571. Display help for the gre link type.
  2572. .RE
  2573. .PP
  2574. ip link add name tun1 type ipip remote 192.168.1.1
  2575. local 192.168.1.2 ttl 225 encap gue encap-sport auto
  2576. encap-dport 5555 encap-csum encap-remcsum
  2577. .RS 4
  2578. Creates an IPIP that is encapsulated with Generic UDP Encapsulation,
  2579. and the outer UDP checksum and remote checksum offload are enabled.
  2580. .RE
  2581. .PP
  2582. ip link set dev eth0 xdp obj prog.o
  2583. .RS 4
  2584. Attaches a XDP/BPF program to device eth0, where the program is
  2585. located in prog.o, section "prog" (default section). In case a
  2586. XDP/BPF program is already attached, throw an error.
  2587. .RE
  2588. .PP
  2589. ip -force link set dev eth0 xdp obj prog.o sec foo
  2590. .RS 4
  2591. Attaches a XDP/BPF program to device eth0, where the program is
  2592. located in prog.o, section "foo". In case a XDP/BPF program is
  2593. already attached, it will be overridden by the new one.
  2594. .RE
  2595. .PP
  2596. ip -force link set dev eth0 xdp pinned /sys/fs/bpf/foo
  2597. .RS 4
  2598. Attaches a XDP/BPF program to device eth0, where the program was
  2599. previously pinned as an object node into BPF file system under
  2600. name foo.
  2601. .RE
  2602. .PP
  2603. ip link set dev eth0 xdp off
  2604. .RS 4
  2605. If a XDP/BPF program is attached on device eth0, detach it and
  2606. effectively turn off XDP for device eth0.
  2607. .RE
  2608. .PP
  2609. ip link add link wpan0 lowpan0 type lowpan
  2610. .RS 4
  2611. Creates a 6LoWPAN interface named lowpan0 on the underlying
  2612. IEEE 802.15.4 device wpan0.
  2613. .RE
  2614. .PP
  2615. ip link add dev ip6erspan11 type ip6erspan seq key 102
  2616. local fc00:100::2 remote fc00:100::1
  2617. erspan_ver 2 erspan_dir ingress erspan_hwid 17
  2618. .RS 4
  2619. Creates a IP6ERSPAN version 2 interface named ip6erspan00.
  2620. .RE
  2621. .PP
  2622. ip link set dev swp0 type dsa conduit eth1
  2623. .RS 4
  2624. Changes the conduit interface of the swp0 user port to eth1.
  2625. .RE
  2626. .SH SEE ALSO
  2627. .br
  2628. .BR ip (8),
  2629. .BR ip-netns (8),
  2630. .BR ethtool (8),
  2631. .BR iptables (8)
  2632. .SH AUTHOR
  2633. Original Manpage by Michail Litvak <mci@owl.openwall.com>