1 .TH IP\-LINK 8 "13 Dec 2012" "iproute2" "Linux"
3 ip-link \- network device configuration
10 .RI " { " COMMAND " | "
48 .BR "ip link delete " {
61 .RB "[ { " up " | " down " } ]"
64 .IR "ETYPE TYPE_ARGS" " ]"
66 .RB "[ " arp " { " on " | " off " } ]"
68 .RB "[ " dynamic " { " on " | " off " } ]"
70 .RB "[ " multicast " { " on " | " off " } ]"
72 .RB "[ " allmulticast " { " on " | " off " } ]"
74 .RB "[ " promisc " { " on " | " off " } ]"
76 .RB "[ " protodown " { " on " | " off " } ]"
78 .RB "[ " trailers " { " on " | " off " } ]"
96 .IR PID " | " NETNSNAME " } ]"
110 .RI "[ " VFVLAN-LIST " ]"
121 .RB "[ " spoofchk " { " on " | " off " } ]"
123 .RB "[ " query_rss " { " on " | " off " } ]"
125 .RB "[ " state " { " auto " | " enable " | " disable " } ]"
127 .RB "[ " trust " { " on " | " off " } ]"
129 .RB "[ " node_guid " eui64 ]"
131 .RB "[ " port_guid " eui64 ] ]"
134 .RB "[ { " xdp " | " xdpgeneric " | " xdpdrv " | " xdpoffload " } { " off " | "
141 .RB "[ " verbose " ] |"
150 .RB "[ " nomaster " ]"
155 .RB "[ " addrgenmode " { " eui64 " | " none " | " stable_secret " | " random " } ]"
157 .RB "[ " macaddr " { " flush " | { " add " | " del " } "
158 .IR MACADDR " | set [ "
160 .IR MACADDR " [ ... ] ] ] } ]"
165 .RI "[ " DEVICE " | "
226 .IR ETYPE " := [ " TYPE " |"
227 .BR bridge_slave " | " bond_slave " ]"
230 .IR VFVLAN-LIST " := [ " VFVLAN-LIST " ] " VFVLAN
239 .IR VLAN-PROTO " ] ]"
242 .SS ip link add - add virtual link
246 specifies the physical device to act operate on.
249 specifies the name of the new virtual device.
252 specifies the type of the new device.
258 - Ethernet Bridge device
264 - Dummy network interface
267 - High-availability Seamless Redundancy device
270 - Intermediate Functional Block device
273 - IP over Infiniband device
276 - Virtual interface base on link layer address (MAC)
279 - Virtual interface based on link layer address (MAC) and TAP.
282 - Virtual Controller Area Network interface
285 - Virtual Controller Area Network tunnel interface
288 - Virtual ethernet interface
291 - 802.1q tagged virtual LAN interface
294 - Virtual eXtended LAN
297 - Virtual tunnel interface IPv4|IPv6 over IPv6
300 - Virtual tunnel interface IPv4 over IPv4
303 - Virtual tunnel interface IPv6 over IPv4
306 - Virtual tunnel interface GRE over IPv4
309 - Virtual L2 tunnel interface GRE over IPv4
312 - Encapsulated Remote SPAN over GRE and IPv4
315 - Virtual tunnel interface GRE over IPv6
318 - Virtual L2 tunnel interface GRE over IPv6
321 - Encapsulated Remote SPAN over GRE and IPv6
324 - Virtual tunnel interface
327 - Netlink monitoring device
330 - Interface for L3 (IPv6/IPv4) based VLANs
333 - Interface for 6LoWPAN (IPv6) over IEEE 802.15.4 / Bluetooth
336 - GEneric NEtwork Virtualization Encapsulation
339 - Interface for IEEE 802.1AE MAC Security (MACsec)
342 - Interface for L3 VRF domains
345 - Interface for netdev API tests
348 - Qualcomm rmnet device
352 .BI numtxqueues " QUEUE_COUNT "
353 specifies the number of transmit queues for new device.
356 .BI numrxqueues " QUEUE_COUNT "
357 specifies the number of receive queues for new device.
360 .BI gso_max_size " BYTES "
361 specifies the recommended maximum size of a Generic Segment Offload packet the new device should accept.
364 .BI gso_max_segs " SEGMENTS "
365 specifies the recommended maximum number of a Generic Segment Offload segments the new device should accept.
369 specifies the desired index of the new virtual device. The link creation fails, if the index is busy.
375 the following additional arguments are supported:
382 .BI protocol " VLAN_PROTO "
386 .BR reorder_hdr " { " on " | " off " } "
389 .BR gvrp " { " on " | " off " } "
392 .BR mvrp " { " on " | " off " } "
395 .BR loose_binding " { " on " | " off " } "
398 .BI ingress-qos-map " QOS-MAP "
401 .BI egress-qos-map " QOS-MAP "
406 .BI protocol " VLAN_PROTO "
407 - either 802.1Q or 802.1ad.
410 - specifies the VLAN Identifer to use. Note that numbers with a leading " 0 " or " 0x " are interpreted as octal or hexadeimal, respectively.
412 .BR reorder_hdr " { " on " | " off " } "
413 - specifies whether ethernet headers are reordered or not (default is
418 .BR reorder_hdr " is " on
419 then VLAN header will be not inserted immediately but only before passing to the
420 physical device (if this device does not support VLAN offloading), the similar
421 on the RX direction - by default the packet will be untagged before being
422 received by VLAN device. Reordering allows to accelerate tagging on egress and
423 to hide VLAN header on ingress so the packet looks like regular Ethernet packet,
424 at the same time it might be confusing for packet capture as the VLAN header
425 does not exist within the packet.
427 VLAN offloading can be checked by
433 .RB grep " tx-vlan-offload"
436 where <phy_dev> is the physical device to which VLAN device is bound.
439 .BR gvrp " { " on " | " off " } "
440 - specifies whether this VLAN should be registered using GARP VLAN Registration Protocol.
442 .BR mvrp " { " on " | " off " } "
443 - specifies whether this VLAN should be registered using Multiple VLAN Registration Protocol.
445 .BR loose_binding " { " on " | " off " } "
446 - specifies whether the VLAN device state is bound to the physical device state.
448 .BI ingress-qos-map " QOS-MAP "
449 - defines a mapping of VLAN header prio field to the Linux internal packet
450 priority on incoming frames. The format is FROM:TO with multiple mappings
453 .BI egress-qos-map " QOS-MAP "
454 - defines a mapping of Linux internal packet priority to VLAN header prio field
455 but for outgoing frames. The format is the same as for ingress-qos-map.
458 Linux packet priority can be set by
463 -t mangle -A POSTROUTING [...] -j CLASSIFY --set-class 0:4
466 and this "4" priority can be used in the egress qos mapping to set VLAN prio "5":
470 link set veth0.10 type vlan egress 4:5
479 the following additional arguments are supported:
481 .BI "ip link add " DEVICE
482 .BI type " vxlan " id " VNI"
485 .RB " ] [ { " group " | " remote " } "
489 .RI "{ "IPADDR " | "any " } "
495 .BI flowlabel " FLOWLABEL "
499 .BI srcport " MIN MAX "
513 .RB [ no ] udp6zerocsumtx
515 .RB [ no ] udp6zerocsumrx
517 .BI ageing " SECONDS "
519 .BI maxaddress " NUMBER "
531 - specifies the VXLAN Network Identifer (or VXLAN Segment
535 - specifies the physical device to use for tunnel endpoint communication.
539 - specifies the multicast IP address to join.
540 This parameter cannot be specified with the
546 - specifies the unicast destination IP address to use in outgoing packets
547 when the destination link layer address is not known in the VXLAN device
548 forwarding database. This parameter cannot be specified with the
554 - specifies the source IP address to use in outgoing packets.
558 - specifies the TTL value to use in outgoing packets.
562 - specifies the TOS value to use in outgoing packets.
565 .BI flowlabel " FLOWLABEL"
566 - specifies the flow label to use in outgoing packets.
570 - specifies the UDP destination port to communicate to the remote VXLAN tunnel endpoint.
573 .BI srcport " MIN MAX"
574 - specifies the range of port numbers to use as UDP
575 source ports to communicate to the remote VXLAN tunnel endpoint.
579 - specifies if unknown source link layer addresses and IP addresses
580 are entered into the VXLAN device forwarding database.
584 - specifies if route short circuit is turned on.
588 - specifies ARP proxy is turned on.
592 - specifies if netlink LLADDR miss notifications are generated.
596 - specifies if netlink IP ADDR miss notifications are generated.
600 - specifies if UDP checksum is calculated for transmitted packets over IPv4.
603 .RB [ no ] udp6zerocsumtx
604 - skip UDP checksum calculation for transmitted packets over IPv6.
607 .RB [ no ] udp6zerocsumrx
608 - allow incoming UDP packets over IPv6 with zero checksum field.
611 .BI ageing " SECONDS"
612 - specifies the lifetime in seconds of FDB entries learnt by the kernel.
615 .BI maxaddress " NUMBER"
616 - specifies the maximum number of FDB entries.
620 - specifies whether an external control plane
621 .RB "(e.g. " "ip route encap" )
622 or the internal FDB should be used.
626 - enables the Group Policy extension (VXLAN-GBP).
629 Allows to transport group policy context across VXLAN network peers.
630 If enabled, includes the mark of a packet in the VXLAN header for outgoing
631 packets and fills the packet mark based on the information found in the
632 VXLAN header for incomming packets.
634 Format of upper 16 bits of packet mark (flags);
637 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
639 |-|-|-|-|-|-|-|-|-|D|-|-|A|-|-|-|
641 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
644 Don't Learn bit. When set, this bit indicates that the egress
645 VTEP MUST NOT learn the source address of the encapsulated frame.
648 Indicates that the group policy has already been applied to
649 this packet. Policies MUST NOT be applied by devices when the A bit is set.
652 Format of lower 16 bits of packet mark (policy ID):
655 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
659 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
663 iptables -A OUTPUT [...] -j MARK --set-mark 0x800FF
669 - enables the Generic Protocol extension (VXLAN-GPE). Currently, this is
670 only supported together with the
677 VETH, VXCAN Type Support
680 the following additional arguments are supported:
682 .BI "ip link add " DEVICE
683 .BR type " { " veth " | " vxcan " }"
693 - specifies the virtual pair device name of the
700 IPIP, SIT Type Support
703 the following additional arguments are supported:
705 .BI "ip link add " DEVICE
706 .BR type " { " ipip " | " sit " }"
707 .BI " remote " ADDR " local " ADDR
709 .BR encap " { " fou " | " gue " | " none " }"
711 .BR encap-sport " { " \fIPORT " | " auto " }"
713 .BI "encap-dport " PORT
715 .RB [ no ] encap-csum
717 .I " [no]encap-remcsum "
719 .I " mode " { ip6ip | ipip | mplsip | any } "
727 - specifies the remote address of the tunnel.
731 - specifies the fixed local address for tunneled packets.
732 It must be an address on another interface on this host.
735 .BR encap " { " fou " | " gue " | " none " }"
736 - specifies type of secondary UDP encapsulation. "fou" indicates
737 Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation.
740 .BR encap-sport " { " \fIPORT " | " auto " }"
741 - specifies the source port in UDP encapsulation.
743 indicates the port by number, "auto"
744 indicates that the port number should be chosen automatically
745 (the kernel picks a flow based on the flow hash of the
746 encapsulated packet).
749 .RB [ no ] encap-csum
750 - specifies if UDP checksums are enabled in the secondary
754 .RB [ no ] encap-remcsum
755 - specifies if Remote Checksum Offload is enabled. This is only
756 applicable for Generic UDP Encapsulation.
759 .BI mode " { ip6ip | ipip | mplsip | any } "
760 - specifies mode in which device should run. "ip6ip" indicates
761 IPv6-Over-IPv4, "ipip" indicates "IPv4-Over-IPv4", "mplsip" indicates
762 MPLS-Over-IPv4, "any" indicates IPv6, IPv4 or MPLS Over IPv4. Supported for
763 SIT where the default is "ip6ip" and IPIP where the default is "ipip".
764 IPv6-Over-IPv4 is not supported for IPIP.
768 - make this tunnel externally controlled
769 .RB "(e.g. " "ip route encap" ).
775 .IR GRE " or " GRETAP
776 the following additional arguments are supported:
778 .BI "ip link add " DEVICE
779 .BR type " { " gre " | " gretap " }"
780 .BI " remote " ADDR " local " ADDR
782 .RB [ no ] "" [ i | o ] seq
789 .RB [ no ] "" [ i | o ] csum
801 .BR encap " { " fou " | " gue " | " none " }"
803 .BR encap-sport " { " \fIPORT " | " auto " }"
805 .BI "encap-dport " PORT
807 .RB [ no ] encap-csum
809 .RB [ no ] encap-remcsum
817 - specifies the remote address of the tunnel.
821 - specifies the fixed local address for tunneled packets.
822 It must be an address on another interface on this host.
825 .RB [ no ] "" [ i | o ] seq
829 flag enables sequencing of outgoing packets.
832 flag requires that all input packets are serialized.
839 - use keyed GRE with key
841 is either a number or an IPv4 address-like dotted quad.
844 parameter specifies the same key to use in both directions.
846 .BR ikey " and " okey
847 parameters specify different keys for input and output.
850 .RB [ no ] "" [ i | o ] csum
851 - generate/require checksums for tunneled packets.
854 flag calculates checksums for outgoing packets.
857 flag requires that all input packets have the correct
860 flag is equivalent to the combination
865 - specifies the TTL value to use in outgoing packets.
869 - specifies the TOS value to use in outgoing packets.
873 - enables/disables Path MTU Discovery on this tunnel.
874 It is enabled by default. Note that a fixed ttl is incompatible
875 with this option: tunneling with a fixed ttl always makes pmtu
880 - enables/disables IPv4 DF suppression on this tunnel.
881 Normally datagrams that exceed the MTU will be fragmented; the presence
882 of the DF flag inhibits this, resulting instead in an ICMP Unreachable
883 (Fragmentation Required) message. Enabling this attribute casues the
884 DF flag to be ignored.
888 - specifies the physical device to use for tunnel endpoint communication.
891 .BR encap " { " fou " | " gue " | " none " }"
892 - specifies type of secondary UDP encapsulation. "fou" indicates
893 Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation.
896 .BR encap-sport " { " \fIPORT " | " auto " }"
897 - specifies the source port in UDP encapsulation.
899 indicates the port by number, "auto"
900 indicates that the port number should be chosen automatically
901 (the kernel picks a flow based on the flow hash of the
902 encapsulated packet).
905 .RB [ no ] encap-csum
906 - specifies if UDP checksums are enabled in the secondary
910 .RB [ no ] encap-remcsum
911 - specifies if Remote Checksum Offload is enabled. This is only
912 applicable for Generic UDP Encapsulation.
916 - make this tunnel externally controlled
917 .RB "(e.g. " "ip route encap" ).
922 IP6GRE/IP6GRETAP Type Support
925 the following additional arguments are supported:
927 .BI "ip link add " DEVICE
928 .BR type " { " ip6gre " | " ip6gretap " }"
929 .BI remote " ADDR " local " ADDR"
931 .RB [ no ] "" [ i | o ] seq
938 .RB [ no ] "" [ i | o ] csum
942 .BI encaplimit " ELIM "
944 .BI tclass " TCLASS "
946 .BI flowlabel " FLOWLABEL "
950 .BI "[no]allow-localremote"
960 - specifies the remote IPv6 address of the tunnel.
964 - specifies the fixed local IPv6 address for tunneled packets.
965 It must be an address on another interface on this host.
968 .RB [ no ] "" [ i | o ] seq
972 flag enables sequencing of outgoing packets.
975 flag requires that all input packets are serialized.
982 - use keyed GRE with key
984 is either a number or an IPv4 address-like dotted quad.
987 parameter specifies the same key to use in both directions.
989 .BR ikey " and " okey
990 parameters specify different keys for input and output.
993 .RB [ no ] "" [ i | o ] csum
994 - generate/require checksums for tunneled packets.
997 flag calculates checksums for outgoing packets.
1000 flag requires that all input packets have the correct
1003 flag is equivalent to the combination
1008 - specifies Hop Limit value to use in outgoing packets.
1011 .BI encaplimit " ELIM"
1012 - specifies a fixed encapsulation limit. Default is 4.
1015 .BI flowlabel " FLOWLABEL"
1016 - specifies a fixed flowlabel.
1019 .BI [no]allow-localremote
1020 - specifies whether to allow remote endpoint to have an address configured on
1024 .BI tclass " TCLASS"
1025 - specifies the traffic class field on
1026 tunneled packets, which can be specified as either a two-digit
1027 hex value (e.g. c0) or a predefined string (e.g. internet).
1030 causes the field to be copied from the original IP header. The
1032 .BI "inherit/" STRING
1034 .BI "inherit/" 00 ".." ff
1035 will set the field to
1039 when tunneling non-IP packets. The default value is 00.
1043 - make this tunnel externally controlled (or not, which is the default).
1044 In the kernel, this is referred to as collect metadata mode. This flag is
1045 mutually exclusive with the
1053 .BR flowlabel " and " tclass
1062 the following additional arguments are supported:
1064 .BI "ip link add " DEVICE " name " NAME
1065 .BR "type ipoib " [ " pkey \fIPKEY" " ] [ " mode " \fIMODE \fR]"
1070 - specifies the IB P-Key to use.
1073 - specifies the mode (datagram or connected) to use.
1079 the following additional arguments are supported:
1081 .BI "ip link add " DEVICE
1082 .BR type " { " erspan " | " ip6erspan " }"
1083 .BI remote " ADDR " local " ADDR " seq
1086 .BR erspan_ver " \fIversion "
1088 .BR erspan " \fIIDX "
1090 .BR erspan_dir " { " \fIingress " | " \fIegress " }"
1092 .BR erspan_hwid " \fIhwid "
1094 .BI "[no]allow-localremote"
1102 - specifies the remote address of the tunnel.
1106 - specifies the fixed local address for tunneled packets.
1107 It must be an address on another interface on this host.
1110 .BR erspan_ver " \fIversion "
1111 - specifies the ERSPAN version number.
1113 indicates the ERSPAN version to be created: 1 for version 1 (type II)
1114 or 2 for version 2 (type III).
1117 .BR erspan " \fIIDX "
1118 - specifies the ERSPAN v1 index field.
1120 indicates a 20 bit index/port number associated with the ERSPAN
1121 traffic's source port and direction.
1124 .BR erspan_dir " { " \fIingress " | " \fIegress " }"
1125 - specifies the ERSPAN v2 mirrored traffic's direction.
1128 .BR erspan_hwid " \fIhwid "
1129 - an unique identifier of an ERSPAN v2 engine within a system.
1131 is a 6-bit value for users to configure.
1134 .BI [no]allow-localremote
1135 - specifies whether to allow remote endpoint to have an address configured on
1140 - make this tunnel externally controlled (or not, which is the default).
1141 In the kernel, this is referred to as collect metadata mode. This flag is
1142 mutually exclusive with the
1147 .BR erspan_dir " and " erspan_hwid
1156 the following additional arguments are supported:
1158 .BI "ip link add " DEVICE
1159 .BI type " geneve " id " VNI " remote " IPADDR"
1165 .BI flowlabel " FLOWLABEL "
1173 .RB [ no ] udp6zerocsumtx
1175 .RB [ no ] udp6zerocsumrx
1181 - specifies the Virtual Network Identifer to use.
1184 .BI remote " IPADDR"
1185 - specifies the unicast destination IP address to use in outgoing packets.
1189 - specifies the TTL value to use in outgoing packets.
1193 - specifies the TOS value to use in outgoing packets.
1196 .BI flowlabel " FLOWLABEL"
1197 - specifies the flow label to use in outgoing packets.
1201 - select a destination port other than the default of 6081.
1205 - make this tunnel externally controlled (or not, which is the default). This
1206 flag is mutually exclusive with the
1210 .BR tos " and " flowlabel
1215 - specifies if UDP checksum is calculated for transmitted packets over IPv4.
1218 .RB [ no ] udp6zerocsumtx
1219 - skip UDP checksum calculation for transmitted packets over IPv6.
1222 .RB [ no ] udp6zerocsumrx
1223 - allow incoming UDP packets over IPv6 with zero checksum field.
1228 MACVLAN and MACVTAP Type Support
1233 the following additional arguments are supported:
1235 .BI "ip link add link " DEVICE " name " NAME
1236 .BR type " { " macvlan " | " macvtap " } "
1237 .BR mode " { " private " | " vepa " | " bridge " | " passthru
1238 .RB " [ " nopromisc " ] | " source " } "
1242 .BR type " { " macvlan " | " macvtap " } "
1243 - specifies the link type to use.
1244 .BR macvlan " creates just a virtual interface, while "
1245 .BR macvtap " in addition creates a character device "
1246 .BR /dev/tapX " to be used just like a " tuntap " device."
1249 - Do not allow communication between
1251 instances on the same physical interface, even if the external switch supports
1255 - Virtual Ethernet Port Aggregator mode. Data from one
1257 instance to the other on the same physical interface is transmitted over the
1258 physical interface. Either the attached switch needs to support hairpin mode,
1259 or there must be a TCP/IP router forwarding the packets in order to allow
1260 communication. This is the default mode.
1263 - In bridge mode, all endpoints are directly connected to each other,
1264 communication is not redirected through the physical interface's peer.
1266 .BR mode " " passthru " [ " nopromisc " ] "
1267 - This mode gives more power to a single endpoint, usually in
1268 .BR macvtap " mode. It is not allowed for more than one endpoint on the same "
1269 physical interface. All traffic will be forwarded to this endpoint, allowing
1270 virtio guests to change MAC address or set promiscuous mode in order to bridge
1271 the interface or create vlan interfaces on top of it. By default, this mode
1272 forces the underlying interface into promiscuous mode. Passing the
1273 .BR nopromisc " flag prevents this, so the promisc flag may be controlled "
1274 using standard tools.
1277 - allows one to set a list of allowed mac address, which is used to match
1278 against source mac address from received frames on underlying interface. This
1279 allows creating mac based VLAN associations, instead of standard port or tag
1280 based. The feature is useful to deploy 802.1x mac based behavior,
1281 where drivers of underlying interfaces doesn't allows that.
1285 High-availability Seamless Redundancy (HSR) Support
1288 the following additional arguments are supported:
1290 .BI "ip link add link " DEVICE " name " NAME " type hsr"
1291 .BI slave1 " SLAVE1-IF " slave2 " SLAVE2-IF "
1292 .RB [ " supervision"
1293 .IR ADDR-BYTE " ] ["
1294 .BR version " { " 0 " | " 1 " } ]"
1299 - specifies the link type to use, here HSR.
1301 .BI slave1 " SLAVE1-IF "
1302 - Specifies the physical device used for the first of the two ring ports.
1304 .BI slave2 " SLAVE2-IF "
1305 - Specifies the physical device used for the second of the two ring ports.
1307 .BI supervision " ADDR-BYTE"
1308 - The last byte of the multicast address used for HSR supervision frames.
1309 Default option is "0", possible values 0-255.
1311 .BR version " { " 0 " | " 1 " }"
1312 - Selects the protocol version of the interface. Default option is "0", which
1313 corresponds to the 2010 version of the HSR standard. Option "1" activates the
1321 the following additional arguments are supported:
1323 .BI "ip link add " DEVICE " type bridge "
1325 .BI ageing_time " AGEING_TIME "
1327 .BI group_fwd_mask " MASK "
1329 .BI group_address " ADDRESS "
1331 .BI forward_delay " FORWARD_DELAY "
1333 .BI hello_time " HELLO_TIME "
1335 .BI max_age " MAX_AGE "
1337 .BI stp_state " STP_STATE "
1339 .BI priority " PRIORITY "
1341 .BI vlan_filtering " VLAN_FILTERING "
1343 .BI vlan_protocol " VLAN_PROTOCOL "
1345 .BI vlan_default_pvid " VLAN_DEFAULT_PVID "
1347 .BI vlan_stats_enabled " VLAN_STATS_ENABLED "
1349 .BI mcast_snooping " MULTICAST_SNOOPING "
1351 .BI mcast_router " MULTICAST_ROUTER "
1353 .BI mcast_query_use_ifaddr " MCAST_QUERY_USE_IFADDR "
1355 .BI mcast_querier " MULTICAST_QUERIER "
1357 .BI mcast_hash_elasticity " HASH_ELASTICITY "
1359 .BI mcast_hash_max " HASH_MAX "
1361 .BI mcast_last_member_count " LAST_MEMBER_COUNT "
1363 .BI mcast_startup_query_count " STARTUP_QUERY_COUNT "
1365 .BI mcast_last_member_interval " LAST_MEMBER_INTERVAL "
1367 .BI mcast_membership_interval " MEMBERSHIP_INTERVAL "
1369 .BI mcast_querier_interval " QUERIER_INTERVAL "
1371 .BI mcast_query_interval " QUERY_INTERVAL "
1373 .BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL "
1375 .BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL "
1377 .BI mcast_stats_enabled " MCAST_STATS_ENABLED "
1379 .BI mcast_igmp_version " IGMP_VERSION "
1381 .BI mcast_mld_version " MLD_VERSION "
1383 .BI nf_call_iptables " NF_CALL_IPTABLES "
1385 .BI nf_call_ip6tables " NF_CALL_IP6TABLES "
1387 .BI nf_call_arptables " NF_CALL_ARPTABLES "
1392 .BI ageing_time " AGEING_TIME "
1393 - configure the bridge's FDB entries ageing time, ie the number of seconds a MAC address will be kept in the FDB after a packet has been received from that address. after this time has passed, entries are cleaned up.
1395 .BI group_fwd_mask " MASK "
1396 - set the group forward mask. This is the bitmask that is applied to decide whether to forward incoming frames destined to link-local addresses, ie addresses of the form 01:80:C2:00:00:0X (defaults to 0, ie the bridge does not forward any link-local frames).
1398 .BI group_address " ADDRESS "
1399 - set the MAC address of the multicast group this bridge uses for STP. The address must be a link-local address in standard Ethernet MAC address format, ie an address of the form 01:80:C2:00:00:0X, with X in [0, 4..f].
1401 .BI forward_delay " FORWARD_DELAY "
1402 - set the forwarding delay in seconds, ie the time spent in LISTENING state (before moving to LEARNING) and in LEARNING state (before moving to FORWARDING). Only relevant if STP is enabled. Valid values are between 2 and 30.
1404 .BI hello_time " HELLO_TIME "
1405 - set the time in seconds between hello packets sent by the bridge, when it is a root bridge or a designated bridges. Only relevant if STP is enabled. Valid values are between 1 and 10.
1407 .BI max_age " MAX_AGE "
1408 - set the hello packet timeout, ie the time in seconds until another bridge in the spanning tree is assumed to be dead, after reception of its last hello message. Only relevant if STP is enabled. Valid values are between 6 and 40.
1410 .BI stp_state " STP_STATE "
1411 - turn spanning tree protocol on
1412 .RI ( STP_STATE " > 0) "
1414 .RI ( STP_STATE " == 0). "
1417 .BI priority " PRIORITY "
1418 - set this bridge's spanning tree priority, used during STP root bridge election.
1420 is a 16bit unsigned integer.
1422 .BI vlan_filtering " VLAN_FILTERING "
1423 - turn VLAN filtering on
1424 .RI ( VLAN_FILTERING " > 0) "
1426 .RI ( VLAN_FILTERING " == 0). "
1427 When disabled, the bridge will not consider the VLAN tag when handling packets.
1429 .BR vlan_protocol " { " 802.1Q " | " 802.1ad " } "
1430 - set the protocol used for VLAN filtering.
1432 .BI vlan_default_pvid " VLAN_DEFAULT_PVID "
1433 - set the default PVID (native/untagged VLAN ID) for this bridge.
1435 .BI vlan_stats_enabled " VLAN_STATS_ENABLED "
1437 .RI ( VLAN_STATS_ENABLED " == 1) "
1439 .RI ( VLAN_STATS_ENABLED " == 0) "
1440 per-VLAN stats accounting.
1442 .BI mcast_snooping " MULTICAST_SNOOPING "
1443 - turn multicast snooping on
1444 .RI ( MULTICAST_SNOOPING " > 0) "
1446 .RI ( MULTICAST_SNOOPING " == 0). "
1448 .BI mcast_router " MULTICAST_ROUTER "
1449 - set bridge's multicast router if IGMP snooping is enabled.
1451 is an integer value having the following meaning:
1458 - automatic (queried).
1461 - permanently enabled.
1464 .BI mcast_query_use_ifaddr " MCAST_QUERY_USE_IFADDR "
1465 - whether to use the bridge's own IP address as source address for IGMP queries
1466 .RI ( MCAST_QUERY_USE_IFADDR " > 0) "
1467 or the default of 0.0.0.0
1468 .RI ( MCAST_QUERY_USE_IFADDR " == 0). "
1470 .BI mcast_querier " MULTICAST_QUERIER "
1472 .RI ( MULTICAST_QUERIER " > 0) "
1474 .RI ( MULTICAST_QUERIER " == 0) "
1475 IGMP querier, ie sending of multicast queries by the bridge (default: disabled).
1477 .BI mcast_querier_interval " QUERIER_INTERVAL "
1478 - interval between queries sent by other routers. if no queries are seen after this delay has passed, the bridge will start to send its own queries (as if
1482 .BI mcast_hash_elasticity " HASH_ELASTICITY "
1483 - set multicast database hash elasticity, ie the maximum chain length in the multicast hash table (defaults to 4).
1485 .BI mcast_hash_max " HASH_MAX "
1486 - set maximum size of multicast hash table (defaults to 512, value must be a power of 2).
1488 .BI mcast_last_member_count " LAST_MEMBER_COUNT "
1489 - set multicast last member count, ie the number of queries the bridge will send before stopping forwarding a multicast group after a "leave" message has been received (defaults to 2).
1491 .BI mcast_last_member_interval " LAST_MEMBER_INTERVAL "
1492 - interval between queries to find remaining members of a group, after a "leave" message is received.
1494 .BI mcast_startup_query_count " STARTUP_QUERY_COUNT "
1495 - set the number of IGMP queries to send during startup phase (defaults to 2).
1497 .BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL "
1498 - interval between queries in the startup phase.
1500 .BI mcast_query_interval " QUERY_INTERVAL "
1501 - interval between queries sent by the bridge after the end of the startup phase.
1503 .BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL "
1504 - set the Max Response Time/Maximum Response Delay for IGMP/MLD queries sent by the bridge.
1506 .BI mcast_membership_interval " MEMBERSHIP_INTERVAL "
1507 - delay after which the bridge will leave a group, if no membership reports for this group are received.
1509 .BI mcast_stats_enabled " MCAST_STATS_ENABLED "
1511 .RI ( MCAST_STATS_ENABLED " > 0) "
1513 .RI ( MCAST_STATS_ENABLED " == 0) "
1514 multicast (IGMP/MLD) stats accounting.
1516 .BI mcast_igmp_version " IGMP_VERSION "
1517 - set the IGMP version.
1519 .BI mcast_mld_version " MLD_VERSION "
1520 - set the MLD version.
1522 .BI nf_call_iptables " NF_CALL_IPTABLES "
1524 .RI ( NF_CALL_IPTABLES " > 0) "
1526 .RI ( NF_CALL_IPTABLES " == 0) "
1527 iptables hooks on the bridge.
1529 .BI nf_call_ip6tables " NF_CALL_IP6TABLES "
1531 .RI ( NF_CALL_IP6TABLES " > 0) "
1533 .RI ( NF_CALL_IP6TABLES " == 0) "
1534 ip6tables hooks on the bridge.
1536 .BI nf_call_arptables " NF_CALL_ARPTABLES "
1538 .RI ( NF_CALL_ARPTABLES " > 0) "
1540 .RI ( NF_CALL_ARPTABLES " == 0) "
1541 arptables hooks on the bridge.
1550 the following additional arguments are supported:
1552 .BI "ip link add link " DEVICE " name " NAME " type macsec"
1554 .BI address " <lladdr>"
1560 .BI cipher " CIPHER_SUITE"
1565 .BR on " | " off " } ] [ "
1566 .BR send_sci " { " on " | " off " } ] ["
1567 .BR end_station " { " on " | " off " } ] ["
1568 .BR scb " { " on " | " off " } ] ["
1569 .BR protect " { " on " | " off " } ] ["
1570 .BR replay " { " on " | " off " }"
1572 .IR 0..2^32-1 " } ] ["
1573 .BR validate " { " strict " | " check " | " disabled " } ] ["
1574 .BR encodingsa " { "
1579 .BI address " <lladdr> "
1580 - sets the system identifier component of secure channel for this MACsec device.
1584 - sets the port number component of secure channel for this MACsec device, in a
1585 range from 1 to 65535 inclusive. Numbers with a leading " 0 " or " 0x " are
1586 interpreted as octal and hexadecimal, respectively.
1590 - sets the secure channel identifier for this MACsec device.
1592 is a 64bit wide number in hexadecimal format.
1595 .BI cipher " CIPHER_SUITE "
1596 - defines the cipher suite to use.
1599 .BI icvlen " LENGTH "
1600 - sets the length of the Integrity Check Value (ICV).
1603 .BR "encrypt on " or " encrypt off"
1604 - switches between authenticated encryption, or authenticity mode only.
1607 .BR "send_sci on " or " send_sci off"
1608 - specifies whether the SCI is included in every packet, or only when it is necessary.
1611 .BR "end_station on " or " end_station off"
1612 - sets the End Station bit.
1615 .BR "scb on " or " scb off"
1616 - sets the Single Copy Broadcast bit.
1619 .BR "protect on " or " protect off"
1620 - enables MACsec protection on the device.
1623 .BR "replay on " or " replay off"
1624 - enables replay protection on the device.
1630 - sets the size of the replay window.
1635 .BR "validate strict " or " validate check " or " validate disabled"
1636 - sets the validation mode on the device.
1639 .BI encodingsa " AN "
1640 - sets the active secure association for transmission.
1648 the following additional arguments are supported:
1650 .BI "ip link add " DEVICE " type vrf table " TABLE
1654 .BR table " table id associated with VRF device"
1662 the following additional arguments are supported:
1664 .BI "ip link add link " DEVICE " name " NAME " type rmnet mux_id " MUXID
1668 .BI mux_id " MUXID "
1669 - specifies the mux identifier for the rmnet device, possible values 1-254.
1673 .SS ip link delete - delete virtual link
1677 specifies the virtual device to act operate on.
1681 specifies the group of virtual links to delete. Group 0 is not allowed to be
1682 deleted since it is the default group.
1686 specifies the type of the device.
1688 .SS ip link set - change device attributes
1692 If multiple parameter changes are requested,
1694 aborts immediately after any of the changes have failed.
1695 This is the only case when
1697 can move the system to an unpredictable state. The solution
1698 is to avoid changing several parameters with one
1705 specifies network device to operate on. When configuring SR-IOV Virtual Function
1706 (VF) devices, this keyword should specify the associated Physical Function (PF)
1712 has a dual role: If both group and dev are present, then move the device to the
1713 specified group. If only a group is specified, then the command operates on
1714 all devices in that group.
1718 change the state of the device to
1724 .BR "arp on " or " arp off"
1730 .BR "multicast on " or " multicast off"
1736 .BR "protodown on " or " protodown off"
1739 state on the device. Indicates that a protocol error has been detected on the port. Switch drivers can react to this error by doing a phys down on the switch port.
1742 .BR "dynamic on " or " dynamic off"
1745 flag on the device. Indicates that address can change when interface goes down (currently
1751 change the name of the device. This operation is not
1752 recommended if the device is running or has some addresses
1756 .BI txqueuelen " NUMBER"
1758 .BI txqlen " NUMBER"
1759 change the transmit queue length of the device.
1768 .BI address " LLADDRESS"
1769 change the station address of the interface.
1772 .BI broadcast " LLADDRESS"
1774 .BI brd " LLADDRESS"
1776 .BI peer " LLADDRESS"
1777 change the link layer broadcast address or the peer address when
1782 .BI netns " NETNSNAME " \fR| " PID"
1783 move the device to the network namespace associated with name
1787 Some devices are not allowed to change network namespace: loopback, bridge,
1788 ppp, wireless. These are network namespace local devices. In such case
1790 tool will return "Invalid argument" error. It is possible to find out if device is local
1791 to a single network namespace by checking
1793 flag in the output of the
1801 To change network namespace for wireless devices the
1803 tool can be used. But it allows to change network namespace only for physical devices and by process
1808 give the device a symbolic name for easy reference.
1812 specify the group the device belongs to.
1813 The available groups are listed in file
1814 .BR "@SYSCONFDIR@/group" .
1818 specify a Virtual Function device to be configured. The associated PF device
1819 must be specified using the
1824 .BI mac " LLADDRESS"
1825 - change the station address for the specified VF. The
1827 parameter must be specified.
1831 - change the assigned VLAN for the specified VF. When specified, all traffic
1832 sent from the VF will be tagged with the specified VLAN ID. Incoming traffic
1833 will be filtered for the specified VLAN ID, and will have all VLAN tags
1834 stripped before being passed to the VF. Setting this parameter to 0 disables
1835 VLAN tagging and filtering. The
1837 parameter must be specified.
1841 - assign VLAN QOS (priority) bits for the VLAN tag. When specified, all VLAN
1842 tags transmitted by the VF will include the specified priority bits in the
1843 VLAN tag. If not specified, the value is assumed to be 0. Both the
1847 parameters must be specified. Setting both
1851 as 0 disables VLAN tagging and filtering for the VF.
1854 .BI proto " VLAN-PROTO"
1855 - assign VLAN PROTOCOL for the VLAN tag, either 802.1Q or 802.1ad.
1856 Setting to 802.1ad, all traffic sent from the VF will be tagged with VLAN S-Tag.
1857 Incoming traffic will have VLAN S-Tags stripped before being passed to the VF.
1858 Setting to 802.1ad also enables an option to concatenate another VLAN tag, so both
1859 S-TAG and C-TAG will be inserted/stripped for outgoing/incoming traffic, respectively.
1860 If not specified, the value is assumed to be 802.1Q. Both the
1864 parameters must be specified.
1868 -- change the allowed transmit bandwidth, in Mbps, for the specified VF.
1869 Setting this parameter to 0 disables rate limiting.
1871 parameter must be specified.
1877 .BI max_tx_rate " TXRATE"
1878 - change the allowed maximum transmit bandwidth, in Mbps, for the specified VF.
1879 Setting this parameter to 0 disables rate limiting.
1881 parameter must be specified.
1884 .BI min_tx_rate " TXRATE"
1885 - change the allowed minimum transmit bandwidth, in Mbps, for the specified VF.
1886 Minimum TXRATE should be always <= Maximum TXRATE.
1887 Setting this parameter to 0 disables rate limiting.
1889 parameter must be specified.
1892 .BI spoofchk " on|off"
1893 - turn packet spoof checking on or off for the specified VF.
1895 .BI query_rss " on|off"
1896 - toggle the ability of querying the RSS configuration of a specific VF. VF RSS information like RSS hash key may be considered sensitive on some devices where this information is shared between VF and PF and thus its querying may be prohibited by default.
1898 .BI state " auto|enable|disable"
1899 - set the virtual link state as seen by the specified VF. Setting to auto means a
1900 reflection of the PF link state, enable lets the VF to communicate with other VFs on
1901 this host even if the PF link state is down, disable causes the HW to drop any packets
1905 - trust the specified VF user. This enables that VF user can set a specific feature
1906 which may impact security and/or performance. (e.g. VF multicast promiscuous mode)
1908 .BI node_guid " eui64"
1909 - configure node GUID for Infiniband VFs.
1911 .BI port_guid " eui64"
1912 - configure port GUID for Infiniband VFs.
1916 .B xdp object "|" pinned "|" off
1917 set (or unset) a XDP ("eXpress Data Path") BPF program to run on every
1918 packet at driver level.
1920 output will indicate a
1922 flag for the networking device. If the driver does not have native XDP
1923 support, the kernel will fall back to a slower, driver-independent "generic"
1926 output will in that case indicate
1930 only. If the driver does have native XDP support, but the program is
1932 .B xdpgeneric object "|" pinned
1933 then the kernel will use the generic XDP variant instead of the native one.
1935 has the opposite effect of requestsing that the automatic fallback to the
1936 generic XDP variant be disabled and in case driver is not XDP-capable error
1939 also disables hardware offloads.
1941 in ip link output indicates that the program has been offloaded to hardware
1942 and can also be used to request the "offload" mode, much like
1944 it forces program to be installed specifically in HW/FW of the apater.
1950 - Detaches any currently attached XDP/BPF program from the given device.
1953 - Attaches a XDP/BPF program to the given device. The
1955 points to a BPF ELF file (f.e. generated by LLVM) that contains the BPF
1956 program code, map specifications, etc. If a XDP/BPF program is already
1957 attached to the given device, an error will be thrown. If no XDP/BPF
1958 program is currently attached, the device supports XDP and the program
1959 from the BPF ELF file passes the kernel verifier, then it will be attached
1960 to the device. If the option
1964 then any prior attached XDP/BPF program will be atomically overridden and
1965 no error will be thrown in this case. If no
1967 option is passed, then the default section name ("prog") will be assumed,
1968 otherwise the provided section name will be used. If no
1970 option is passed, then a verifier log will only be dumped on load error.
1973 section for usage examples.
1975 .BI section " NAME "
1976 - Specifies a section name that contains the BPF program code. If no section
1977 name is specified, the default one ("prog") will be used. This option is
1978 to be passed with the
1983 - Act in verbose mode. For example, even in case of success, this will
1984 print the verifier log in case a program was loaded from a BPF ELF file.
1987 - Attaches a XDP/BPF program to the given device. The
1989 points to an already pinned BPF program in the BPF file system. The option
1991 doesn't apply here, but otherwise semantics are the same as with the option
1996 .BI master " DEVICE"
1997 set master device of the device (enslave device).
2001 unset master device of the device (release device).
2004 .BI addrgenmode " eui64|none|stable_secret|random"
2005 set the IPv6 address generation mode
2008 - use a Modified EUI-64 format interface identifier
2011 - disable automatic address generation
2014 - generate the interface identifier based on a preset /proc/sys/net/ipv6/conf/{default,DEVICE}/stable_secret
2017 - like stable_secret, but auto-generate a new random secret if none is set
2021 set peer netnsid for a cross-netns interface
2024 .BI type " ETYPE TYPE_ARGS"
2025 Change type-specific settings. For a list of supported types and arguments refer
2026 to the description of
2028 above. In addition to that, it is possible to manipulate settings to slave
2032 Bridge Slave Support
2033 For a link with master
2035 the following additional arguments are supported:
2037 .B "ip link set type bridge_slave"
2043 .BI priority " PRIO"
2047 .BR guard " { " on " | " off " }"
2049 .BR hairpin " { " on " | " off " }"
2051 .BR fastleave " { " on " | " off " }"
2053 .BR root_block " { " on " | " off " }"
2055 .BR learning " { " on " | " off " }"
2057 .BR flood " { " on " | " off " }"
2059 .BR proxy_arp " { " on " | " off " }"
2061 .BR proxy_arp_wifi " { " on " | " off " }"
2063 .BI mcast_router " MULTICAST_ROUTER"
2065 .BR mcast_fast_leave " { " on " | " off "}"
2067 .BR mcast_flood " { " on " | " off " }"
2069 .BR group_fwd_mask " MASK"
2071 .BR neigh_suppress " { " on " | " off " }"
2073 .BR vlan_tunnel " { " on " | " off " }"
2075 .BR isolated " { " on " | " off " } ]"
2080 - flush bridge slave's fdb dynamic entries.
2085 is a number representing the following states:
2086 .BR 0 " (disabled),"
2087 .BR 1 " (listening),"
2088 .BR 2 " (learning),"
2089 .BR 3 " (forwarding),"
2090 .BR 4 " (blocking)."
2092 .BI priority " PRIO"
2093 - set port priority (allowed values are between 0 and 63, inclusively).
2096 - set port cost (allowed values are between 1 and 65535, inclusively).
2098 .BR guard " { " on " | " off " }"
2099 - block incoming BPDU packets on this port.
2101 .BR hairpin " { " on " | " off " }"
2102 - enable hairpin mode on this port. This will allow incoming packets on this
2103 port to be reflected back.
2105 .BR fastleave " { " on " | " off " }"
2106 - enable multicast fast leave on this port.
2108 .BR root_block " { " on " | " off " }"
2109 - block this port from becoming the bridge's root port.
2111 .BR learning " { " on " | " off " }"
2112 - allow MAC address learning on this port.
2114 .BR flood " { " on " | " off " }"
2115 - open the flood gates on this port, i.e. forward all unicast frames to this
2117 .BR proxy_arp " and " proxy_arp_wifi
2120 .BR proxy_arp " { " on " | " off " }"
2121 - enable proxy ARP on this port.
2123 .BR proxy_arp_wifi " { " on " | " off " }"
2124 - enable proxy ARP on this port which meets extended requirements by IEEE
2125 802.11 and Hotspot 2.0 specifications.
2127 .BI mcast_router " MULTICAST_ROUTER"
2128 - configure this port for having multicast routers attached. A port with a
2129 multicast router will receive all multicast traffic.
2133 to disable multicast routers on this port,
2135 to let the system detect the presence of of routers (this is the default),
2137 to permanently enable multicast traffic forwarding on this port or
2139 to enable multicast routers temporarily on this port, not depending on incoming
2142 .BR mcast_fast_leave " { " on " | " off " }"
2143 - this is a synonym to the
2147 .BR mcast_flood " { " on " | " off " }"
2148 - controls whether a given port will be flooded with multicast traffic for which there is no MDB entry.
2150 .BI group_fwd_mask " MASK "
2151 - set the group forward mask. This is the bitmask that is applied to decide whether to forward incoming frames destined to link-local addresses, ie addresses of the form 01:80:C2:00:00:0X (defaults to 0, ie the bridge does not forward any link-local frames coming on this port).
2153 .BR neigh_suppress " { " on " | " off " }"
2154 - controls whether neigh discovery (arp and nd) proxy and suppression is enabled on the port. By default this flag is off.
2156 .BR vlan_tunnel " { " on " | " off " }"
2157 - Controls whether vlan to tunnel mapping is enabled on the port. By default this flag is off.
2162 Bonding Slave Support
2163 For a link with master
2165 the following additional arguments are supported:
2167 .B "ip link set type bond_slave"
2175 - set the slave's queue ID (a 16bit unsigned value).
2180 MACVLAN and MACVTAP Support
2181 Modify list of allowed macaddr for link in source mode.
2183 .B "ip link set type { macvlan | macvap } "
2185 .BI macaddr " " "" COMMAND " " MACADDR " ..."
2191 - add MACADDR to allowed list
2194 - replace allowed list
2197 - remove MACADDR from allowed list
2200 - flush whole allowed list
2205 .SS ip link show - display device attributes
2208 .BI dev " NAME " (default)
2210 specifies the network device to show.
2211 If this argument is omitted all devices in the default group are listed.
2216 specifies what group of devices to show.
2220 only display running interfaces.
2223 .BI master " DEVICE "
2225 specifies the master device which enslaves devices to show.
2230 speficies the VRF which enslaves devices to show.
2235 specifies the type of devices to show.
2237 Note that the type name is not checked against the list of supported types -
2238 instead it is sent as-is to the kernel. Later it is used to filter the returned
2239 interface list by comparing it with the relevant attribute in case the kernel
2240 didn't filter already. Therefore any string is accepted, but may lead to empty
2243 .SS ip link xstats - display extended statistics
2248 specifies the type of devices to display extended statistics for.
2250 .SS ip link afstats - display address-family specific statistics
2255 specifies the device to display address-family statistics for.
2257 .SS ip link help - display help
2261 specifies which help of link type to dislpay.
2265 may be a number or a string from the file
2266 .B @SYSCONFDIR@/group
2267 which can be manually filled.
2273 Shows the state of all network interfaces on the system.
2276 ip link show type bridge
2278 Shows the bridge devices.
2281 ip link show type vlan
2283 Shows the vlan devices.
2286 ip link show master br0
2288 Shows devices enslaved by br0
2291 ip link set dev ppp0 mtu 1400
2293 Change the MTU the ppp0 device.
2296 ip link add link eth0 name eth0.10 type vlan id 10
2298 Creates a new vlan device eth0.10 on device eth0.
2301 ip link delete dev eth0.10
2303 Removes vlan device.
2308 Display help for the gre link type.
2311 ip link add name tun1 type ipip remote 192.168.1.1
2312 local 192.168.1.2 ttl 225 encap gue encap-sport auto
2313 encap-dport 5555 encap-csum encap-remcsum
2315 Creates an IPIP that is encapsulated with Generic UDP Encapsulation,
2316 and the outer UDP checksum and remote checksum offload are enabled.
2319 ip link set dev eth0 xdp obj prog.o
2321 Attaches a XDP/BPF program to device eth0, where the program is
2322 located in prog.o, section "prog" (default section). In case a
2323 XDP/BPF program is already attached, throw an error.
2326 ip -force link set dev eth0 xdp obj prog.o sec foo
2328 Attaches a XDP/BPF program to device eth0, where the program is
2329 located in prog.o, section "foo". In case a XDP/BPF program is
2330 already attached, it will be overridden by the new one.
2333 ip -force link set dev eth0 xdp pinned /sys/fs/bpf/foo
2335 Attaches a XDP/BPF program to device eth0, where the program was
2336 previously pinned as an object node into BPF file system under
2340 ip link set dev eth0 xdp off
2342 If a XDP/BPF program is attached on device eth0, detach it and
2343 effectively turn off XDP for device eth0.
2346 ip link add link wpan0 lowpan0 type lowpan
2348 Creates a 6LoWPAN interface named lowpan0 on the underlying
2349 IEEE 802.15.4 device wpan0.
2352 ip link add dev ip6erspan11 type ip6erspan seq key 102
2353 local fc00:100::2 remote fc00:100::1
2354 erspan_ver 2 erspan_dir ingress erspan_hwid 17
2356 Creates a IP6ERSPAN version 2 interface named ip6erspan00.
2367 Original Manpage by Michail Litvak <mci@owl.openwall.com>