.IR LLADDR " ]"
.br
.in +9
-.RB "[ " vlan
-.IR VLANID " [ "
-.B qos
-.IR VLAN-QOS " ] ]"
+.RI "[ " VFVLAN-LIST " ]"
.br
.RB "[ " rate
.IR TXRATE " ]"
.RB "[ " port_guid " eui64 ] ]"
.br
.in -9
+.RB "[ " xdp " { " off " | "
+.br
+.in +8
+.BR object
+.IR FILE
+.RB "[ " section
+.IR NAME " ]"
+.RB "[ " verbose " ] |"
+.br
+.BR pinned
+.IR FILE " } ]"
+.br
+.in -8
.RB "[ " master
.IR DEVICE " ]"
.br
.IR NAME " ]"
.br
.RB "[ " addrgenmode " { " eui64 " | " none " | " stable_secret " | " random " } ]"
-
+.br
+.RB "[ " macaddr " { " flush " | { " add " | " del " } "
+.IR MACADDR " | set [ "
+.IR MACADDR " [ "
+.IR MACADDR " [ ... ] ] ] } ]"
+.br
.ti -8
.B ip link show
.B master
.IR DEVICE " ] ["
.B type
-.IR ETYPE " ]"
+.IR ETYPE " ] ["
.B vrf
.IR NAME " ]"
+.ti -8
+.B ip link xstats
+.BI type " TYPE"
+.RI "[ " ARGS " ]"
+
+.ti -8
+.B ip link afstats
+.RB "[ " dev
+.IR DEVICE " ]"
+
.ti -8
.B ip link help
.RI "[ " TYPE " ]"
.BR ipvlan " |"
.BR lowpan " |"
.BR geneve " |"
-.BR vrf " ]"
+.BR vrf " |"
+.BR macsec " ]"
.ti -8
.IR ETYPE " := [ " TYPE " |"
.BR bridge_slave " | " bond_slave " ]"
+.ti -8
+.IR VFVLAN-LIST " := [ " VFVLAN-LIST " ] " VFVLAN
+
+.ti -8
+.IR VFVLAN " := "
+.RB "[ " vlan
+.IR VLANID " [ "
+.B qos
+.IR VLAN-QOS " ] ["
+.B proto
+.IR VLAN-PROTO " ] ]"
+
.SH "DESCRIPTION"
.SS ip link add - add virtual link
.BI "ip link add
.BI link " DEVICE "
.BI name " NAME "
-.BI type " vlan "
+.B "type vlan"
[
.BI protocol " VLAN_PROTO "
]
the following additional arguments are supported:
.BI "ip link add " DEVICE
-.BI type " vxlan " id " ID"
+.BI type " vxlan " id " VNI"
[
.BI dev " PHYS_DEV "
.RB " ] [ { " group " | " remote " } "
] [
.BI srcport " MIN MAX "
] [
-.I "[no]learning "
+.RB [ no ] learning
] [
-.I "[no]proxy "
+.RB [ no ] proxy
] [
-.I "[no]rsc "
+.RB [ no ] rsc
] [
-.I "[no]l2miss "
+.RB [ no ] l2miss
] [
-.I "[no]l3miss "
+.RB [ no ] l3miss
] [
-.I "[no]udpcsum "
+.RB [ no ] udpcsum
] [
-.I "[no]udp6zerocsumtx "
+.RB [ no ] udp6zerocsumtx
] [
-.I "[no]udp6zerocsumrx "
+.RB [ no ] udp6zerocsumrx
] [
.BI ageing " SECONDS "
] [
.BI maxaddress " NUMBER "
] [
-.RI "[no]external "
+.RB [ no ] external
] [
.B gbp
] [
source ports to communicate to the remote VXLAN tunnel endpoint.
.sp
-.I [no]learning
+.RB [ no ] learning
- specifies if unknown source link layer addresses and IP addresses
are entered into the VXLAN device forwarding database.
.sp
-.I [no]rsc
+.RB [ no ] rsc
- specifies if route short circuit is turned on.
.sp
-.I [no]proxy
+.RB [ no ] proxy
- specifies ARP proxy is turned on.
.sp
-.I [no]l2miss
+.RB [ no ] l2miss
- specifies if netlink LLADDR miss notifications are generated.
.sp
-.I [no]l3miss
+.RB [ no ] l3miss
- specifies if netlink IP ADDR miss notifications are generated.
.sp
-.I [no]udpcsum
+.RB [ no ] udpcsum
- specifies if UDP checksum is calculated for transmitted packets over IPv4.
.sp
-.I [no]udp6zerocsumtx
+.RB [ no ] udp6zerocsumtx
- skip UDP checksum calculation for transmitted packets over IPv6.
.sp
-.I [no]udp6zerocsumrx
+.RB [ no ] udp6zerocsumrx
- allow incoming UDP packets over IPv6 with zero checksum field.
.sp
- specifies the maximum number of FDB entries.
.sp
-.I [no]external
+.RB [ no ] external
- specifies whether an external control plane
.RB "(e.g. " "ip route encap" )
or the internal FDB should be used.
the following additional arguments are supported:
.BI "ip link add " DEVICE
-.BR type " { gre | ipip | sit } "
+.BR type " { " gre " | " ipip " | " sit " }"
.BI " remote " ADDR " local " ADDR
[
-.BR encap " { fou | gue | none } "
+.BR encap " { " fou " | " gue " | " none " }"
] [
-.BI "encap-sport { " PORT " | auto } "
+.BR encap-sport " { " \fIPORT " | " auto " }"
] [
.BI "encap-dport " PORT
] [
-.I " [no]encap-csum "
+.RB [ no ] encap-csum
] [
-.I " [no]encap-remcsum "
+.RB [ no ] encap-remcsum
]
.in +8
It must be an address on another interface on this host.
.sp
-.BR encap " { fou | gue | none } "
+.BR encap " { " fou " | " gue " | " none " }"
- specifies type of secondary UDP encapsulation. "fou" indicates
Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation.
.sp
-.BI "encap-sport { " PORT " | auto } "
+.BR encap-sport " { " \fIPORT " | " auto " }"
- specifies the source port in UDP encapsulation.
.IR PORT
indicates the port by number, "auto"
encapsulated packet).
.sp
-.I [no]encap-csum
+.RB [ no ] encap-csum
- specifies if UDP checksums are enabled in the secondary
encapsulation.
.sp
-.I [no]encap-remcsum
+.RB [ no ] encap-remcsum
- specifies if Remote Checksum Offload is enabled. This is only
applicable for Generic UDP Encapsulation.
the following additional arguments are supported:
.BI "ip link add " DEVICE
-.BI type " { ip6gre | ip6gretap } " remote " ADDR " local " ADDR
+.BR type " { " ip6gre " | " ip6gretap " }"
+.BI remote " ADDR " local " ADDR"
[
-.I "[i|o]seq]"
+.RB [ i | o ] seq
] [
-.I "[i|o]key" KEY
+.RB [ i | o ] key
+.I KEY
] [
-.I " [i|o]csum "
+.RB [ i | o ] csum
] [
.BI hoplimit " TTL "
] [
It must be an address on another interface on this host.
.sp
-.BI [i|o]seq
+.RB [ i | o ] seq
- serialize packets.
The
.B oseq
flag requires that all input packets are serialized.
.sp
-.BI [i|o]key " KEY"
+.RB [ i | o ] key " \fIKEY"
- use keyed GRE with key
.IR KEY ". "KEY
is either a number or an IPv4 address-like dotted quad.
parameters specify different keys for input and output.
.sp
-.BI [i|o]csum
+.RB [ i | o ] csum
- generate/require checksums for tunneled packets.
The
.B ocsum
the following additional arguments are supported:
.BI "ip link add " DEVICE " name " NAME
-.BI type " ipoib [ " pkey " PKEY ] [" mode " MODE " ]
+.BR "type ipoib " [ " pkey \fIPKEY" " ] [ " mode " \fIMODE \fR]"
.in +8
.sp
the following additional arguments are supported:
.BI "ip link add " DEVICE
-.BI type " geneve " id " ID " remote " IPADDR"
+.BI type " geneve " id " VNI " remote " IPADDR"
[
.BI ttl " TTL "
] [
.BI tos " TOS "
] [
.BI flowlabel " FLOWLABEL "
+] [
+.BI dstport " PORT"
+] [
+.RB [ no ] external
+] [
+.RB [ no ] udpcsum
+] [
+.RB [ no ] udp6zerocsumtx
+] [
+.RB [ no ] udp6zerocsumrx
]
.in +8
.BI flowlabel " FLOWLABEL"
- specifies the flow label to use in outgoing packets.
+.sp
+.BI dstport " PORT"
+- select a destination port other than the default of 6081.
+
+.sp
+.RB [ no ] external
+- make this tunnel externally controlled (or not, which is the default). This
+flag is mutually exclusive with the
+.BR id ,
+.BR remote ,
+.BR ttl ,
+.BR tos " and " flowlabel
+options.
+
+.sp
+.RB [ no ] udpcsum
+- specifies if UDP checksum is calculated for transmitted packets over IPv4.
+
+.sp
+.RB [ no ] udp6zerocsumtx
+- skip UDP checksum calculation for transmitted packets over IPv6.
+
+.sp
+.RB [ no ] udp6zerocsumrx
+- allow incoming UDP packets over IPv6 with zero checksum field.
+
.in -8
.TP
.BI "ip link add link " DEVICE " name " NAME
.BR type " { " macvlan " | " macvtap " } "
.BR mode " { " private " | " vepa " | " bridge " | " passthru
-.BR " [ " nopromisc " ] } "
+.RB " [ " nopromisc " ] | " source " } "
.in +8
.sp
forces the underlying interface into promiscuous mode. Passing the
.BR nopromisc " flag prevents this, so the promisc flag may be controlled "
using standard tools.
+
+.B mode source
+- allows one to set a list of allowed mac address, which is used to match
+against source mac address from received frames on underlying interface. This
+allows creating mac based VLAN associations, instead of standard port or tag
+based. The feature is useful to deploy 802.1x mac based behavior,
+where drivers of underlying interfaces doesn't allows that.
.in -8
.TP
.I HSR
the following additional arguments are supported:
-.BI "ip link add link " DEVICE " name " NAME
-.BI type " hsr "
+.BI "ip link add link " DEVICE " name " NAME " type hsr"
.BI slave1 " SLAVE1-IF " slave2 " SLAVE2-IF "
-.BR " [ supervision " ADDR-BYTE " ] "
-.BR " [ version { " 0 " | " 1 " } ] "
+.RB [ " supervision"
+.IR ADDR-BYTE " ] ["
+.BR version " { " 0 " | " 1 " } ]"
.in +8
.sp
.BI slave2 " SLAVE2-IF "
- Specifies the physical device used for the second of the two ring ports.
-.BR "supervision ADDR-BYTE "
+.BI supervision " ADDR-BYTE"
- The last byte of the multicast address used for HSR supervision frames.
Default option is "0", possible values 0-255.
-.BR "version { 0 | 1 }"
+.BR version " { " 0 " | " 1 " }"
- Selects the protocol version of the interface. Default option is "0", which
corresponds to the 2010 version of the HSR standard. Option "1" activates the
2012 version.
the following additional arguments are supported:
.BI "ip link add link " DEVICE " name " NAME " type macsec"
-[
+[ [
+.BI address " <lladdr>"
+]
.BI port " PORT"
|
.BI sci " SCI"
] [
.BI cipher " CIPHER_SUITE"
] [
+.BR icvlen " { "
+.IR 8..16 " } ] ["
.BR encrypt " {"
.BR on " | " off " } ] [ "
.BR send_sci " { " on " | " off " } ] ["
-.BR es " { " on " | " off " } ] ["
+.BR end_station " { " on " | " off " } ] ["
.BR scb " { " on " | " off " } ] ["
.BR protect " { " on " | " off " } ] ["
.BR replay " { " on " | " off " }"
.BR window " { "
.IR 0..2^32-1 " } ] ["
.BR validate " { " strict " | " check " | " disabled " } ] ["
-.BR encoding " { "
+.BR encodingsa " { "
.IR 0..3 " } ]"
.in +8
.sp
-.BI port " PORT "
-- sets the port number for this MACsec device.
+.BI address " <lladdr> "
+- sets the system identifier component of secure channel for this MACsec device.
+
+.sp
+.BI port " PORT "
+- sets the port number component of secure channel for this MACsec device, in a
+range from 1 to 65535 inclusive. Numbers with a leading " 0 " or " 0x " are
+interpreted as octal and hexadecimal, respectively.
.sp
.BI sci " SCI "
-- sets the SCI for this MACsec device.
+- sets the secure channel identifier for this MACsec device.
+.I SCI
+is a 64bit wide number in hexadecimal format.
.sp
.BI cipher " CIPHER_SUITE "
- defines the cipher suite to use.
+.sp
+.BI icvlen " LENGTH "
+- sets the length of the Integrity Check Value (ICV).
+
.sp
.BR "encrypt on " or " encrypt off"
- switches between authenticated encryption, or authenticity mode only.
- specifies whether the SCI is included in every packet, or only when it is necessary.
.sp
-.BR "es on " or " es off"
+.BR "end_station on " or " end_station off"
- sets the End Station bit.
.sp
- sets the validation mode on the device.
.sp
-.BI encoding " AN "
+.BI encodingsa " AN "
- sets the active secure association for transmission.
.in -8
.B qos
as 0 disables VLAN tagging and filtering for the VF.
+.sp
+.BI proto " VLAN-PROTO"
+- assign VLAN PROTOCOL for the VLAN tag, either 802.1Q or 802.1ad.
+Setting to 802.1ad, all traffic sent from the VF will be tagged with VLAN S-Tag.
+Incoming traffic will have VLAN S-Tags stripped before being passed to the VF.
+Setting to 802.1ad also enables an option to concatenate another VLAN tag, so both
+S-TAG and C-TAG will be inserted/stripped for outgoing/incoming traffic, respectively.
+If not specified, the value is assumed to be 802.1Q. Both the
+.B vf
+and
+.B vlan
+parameters must be specified.
+
.sp
.BI rate " TXRATE"
-- change the allowed transmit bandwidth, in Mbps, for the specified VF.
- configure port GUID for the VF.
.in -8
+.TP
+.B xdp object "|" pinned "|" off
+set (or unset) a XDP ("express data path") BPF program to run on every
+packet at driver level.
+
+.B off
+(or
+.B none
+)
+- Detaches any currently attached XDP/BPF program from the given device.
+
+.BI object " FILE "
+- Attaches a XDP/BPF program to the given device. The
+.I FILE
+points to a BPF ELF file (f.e. generated by LLVM) that contains the BPF
+program code, map specifications, etc. If a XDP/BPF program is already
+attached to the given device, an error will be thrown. If no XDP/BPF
+program is currently attached, the device supports XDP and the program
+from the BPF ELF file passes the kernel verifier, then it will be attached
+to the device. If the option
+.I -force
+is passed to
+.B ip
+then any prior attached XDP/BPF program will be atomically overridden and
+no error will be thrown in this case. If no
+.B section
+option is passed, then the default section name ("prog") will be assumed,
+otherwise the provided section name will be used. If no
+.B verbose
+option is passed, then a verifier log will only be dumped on load error.
+See also
+.B EXAMPLES
+section for usage examples.
+
+.BI section " NAME "
+- Specifies a section name that contains the BPF program code. If no section
+name is specified, the default one ("prog") will be used. This option is
+to be passed with the
+.B object
+option.
+
+.BI verbose
+- Act in verbose mode. For example, even in case of success, this will
+print the verifier log in case a program was loaded from a BPF ELF file.
+
+.BI pinned " FILE "
+- Attaches a XDP/BPF program to the given device. The
+.I FILE
+points to an already pinned BPF program in the BPF file system. The option
+.B section
+doesn't apply here, but otherwise semantics are the same as with the option
+.B object
+described already.
+
.TP
.BI master " DEVICE"
set master device of the device (enslave device).
.B "ip link set type bridge_slave"
[
+.B fdb_flush
+] [
.BI state " STATE"
] [
.BI priority " PRIO"
] [
.BI mcast_router " MULTICAST_ROUTER"
] [
-.BR mcast_fast_leave " { " on " | " off "} ]"
+.BR mcast_fast_leave " { " on " | " off "}"
+] [
+.BR mcast_flood " { " on " | " off " } ]"
.in +8
.sp
+.B fdb_flush
+- flush bridge slave's fdb dynamic entries.
+
.BI state " STATE"
- Set port state.
.I STATE
.B fastleave
option above.
+.BR mcast_flood " { " on " | " off " }"
+- controls whether a given port will be flooded with multicast traffic for which there is no MDB entry.
+
.in -8
.TP
.in -8
+.TP
+MACVLAN and MACVTAP Support
+Modify list of allowed macaddr for link in source mode.
+
+.B "ip link set type { macvlan | macvap } "
+[
+.BI macaddr " " "" COMMAND " " MACADDR " ..."
+]
+
+Commands:
+.in +8
+.B add
+- add MACADDR to allowed list
+.sp
+.B set
+- replace allowed list
+.sp
+.B del
+- remove MACADDR from allowed list
+.sp
+.B flush
+- flush whole allowed list
+.sp
+.in -8
+
+
.SS ip link show - display device attributes
.TP
didn't filter already. Therefore any string is accepted, but may lead to empty
output.
+.SS ip link xstats - display extended statistics
+
+.TP
+.BI type " TYPE "
+.I TYPE
+specifies the type of devices to display extended statistics for.
+
+.SS ip link afstats - display address-family specific statistics
+
+.TP
+.BI dev " DEVICE "
+.I DEVICE
+specifies the device to display address-family statistics for.
+
.SS ip link help - display help
.PP
.RS 4
Creates an IPIP that is encapsulated with Generic UDP Encapsulation,
and the outer UDP checksum and remote checksum offload are enabled.
-
+.RE
+.PP
+ip link set dev eth0 xdp obj prog.o
+.RS 4
+Attaches a XDP/BPF program to device eth0, where the program is
+located in prog.o, section "prog" (default section). In case a
+XDP/BPF program is already attached, throw an error.
+.RE
+.PP
+ip -force link set dev eth0 xdp obj prog.o sec foo
+.RS 4
+Attaches a XDP/BPF program to device eth0, where the program is
+located in prog.o, section "foo". In case a XDP/BPF program is
+already attached, it will be overridden by the new one.
+.RE
+.PP
+ip -force link set dev eth0 xdp pinned /sys/fs/bpf/foo
+.RS 4
+Attaches a XDP/BPF program to device eth0, where the program was
+previously pinned as an object node into BPF file system under
+name foo.
+.RE
+.PP
+ip link set dev eth0 xdp off
+.RS 4
+If a XDP/BPF program is attached on device eth0, detach it and
+effectively turn off XDP for device eth0.
.RE
.PP
ip link add link wpan0 lowpan0 type lowpan
projects / mirror_iproute2.git / blobdiff