1 .TH IP\-LINK 8 "13 Dec 2012" "iproute2" "Linux"
3 ip-link \- network device configuration
10 .RI " { " COMMAND " | "
48 .BR "ip link delete " {
61 .RB "[ { " up " | " down " } ]"
64 .IR "ETYPE TYPE_ARGS" " ]"
66 .RB "[ " arp " { " on " | " off " } ]"
68 .RB "[ " dynamic " { " on " | " off " } ]"
70 .RB "[ " multicast " { " on " | " off " } ]"
72 .RB "[ " allmulticast " { " on " | " off " } ]"
74 .RB "[ " promisc " { " on " | " off " } ]"
76 .RB "[ " protodown " { " on " | " off " } ]"
78 .RB "[ " protodown_reason
79 .IR PREASON " { " on " | " off " } ]"
81 .RB "[ " trailers " { " on " | " off " } ]"
99 .IR PID " | " NETNSNAME " } ]"
101 .RB "[ " link-netnsid
113 .RI "[ " VFVLAN-LIST " ]"
124 .RB "[ " spoofchk " { " on " | " off " } ]"
126 .RB "[ " query_rss " { " on " | " off " } ]"
128 .RB "[ " state " { " auto " | " enable " | " disable " } ]"
130 .RB "[ " trust " { " on " | " off " } ]"
132 .RB "[ " node_guid " eui64 ]"
134 .RB "[ " port_guid " eui64 ] ]"
137 .RB "[ { " xdp " | " xdpgeneric " | " xdpdrv " | " xdpoffload " } { " off " | "
144 .RB "[ " verbose " ] |"
153 .RB "[ " nomaster " ]"
158 .RB "[ " addrgenmode " { " eui64 " | " none " | " stable_secret " | " random " } ]"
161 .RI "[ " MACADDR " ]"
164 .RB "[ { " flush " | " add " | " del " } "
173 .RI "[ " DEVICE " | "
237 .IR ETYPE " := [ " TYPE " |"
238 .BR bridge_slave " | " bond_slave " ]"
241 .IR VFVLAN-LIST " := [ " VFVLAN-LIST " ] " VFVLAN
250 .IR VLAN-PROTO " ] ]"
254 .BI "ip link property add"
259 .BI "ip link property del"
264 .SS ip link add - add virtual link
268 specifies the physical device to act operate on.
271 specifies the name of the new virtual device.
274 specifies the type of the new device.
280 - Ethernet Bridge device
286 - Dummy network interface
289 - High-availability Seamless Redundancy device
292 - Intermediate Functional Block device
295 - IP over Infiniband device
298 - Virtual interface base on link layer address (MAC)
301 - Virtual interface based on link layer address (MAC) and TAP.
304 - Virtual Controller Area Network interface
307 - Virtual Controller Area Network tunnel interface
310 - Virtual ethernet interface
313 - 802.1q tagged virtual LAN interface
316 - Virtual eXtended LAN
319 - Virtual tunnel interface IPv4|IPv6 over IPv6
322 - Virtual tunnel interface IPv4 over IPv4
325 - Virtual tunnel interface IPv6 over IPv4
328 - Virtual tunnel interface GRE over IPv4
331 - Virtual L2 tunnel interface GRE over IPv4
334 - Encapsulated Remote SPAN over GRE and IPv4
337 - Virtual tunnel interface GRE over IPv6
340 - Virtual L2 tunnel interface GRE over IPv6
343 - Encapsulated Remote SPAN over GRE and IPv6
346 - Virtual tunnel interface
349 - Netlink monitoring device
352 - Interface for L3 (IPv6/IPv4) based VLANs
355 - Interface for L3 (IPv6/IPv4) based VLANs and TAP
358 - Interface for 6LoWPAN (IPv6) over IEEE 802.15.4 / Bluetooth
361 - GEneric NEtwork Virtualization Encapsulation
364 - Bare UDP L3 encapsulation support
367 - Interface for IEEE 802.1AE MAC Security (MACsec)
370 - Interface for L3 VRF domains
373 - Interface for netdev API tests
376 - Qualcomm rmnet device
379 - Virtual xfrm interface
383 .BI numtxqueues " QUEUE_COUNT "
384 specifies the number of transmit queues for new device.
387 .BI numrxqueues " QUEUE_COUNT "
388 specifies the number of receive queues for new device.
391 .BI gso_max_size " BYTES "
392 specifies the recommended maximum size of a Generic Segment Offload
393 packet the new device should accept.
396 .BI gso_max_segs " SEGMENTS "
397 specifies the recommended maximum number of a Generic Segment Offload
398 segments the new device should accept.
402 specifies the desired index of the new virtual device. The link
403 creation fails, if the index is busy.
409 the following additional arguments are supported:
416 .BI protocol " VLAN_PROTO "
420 .BR reorder_hdr " { " on " | " off " } "
423 .BR gvrp " { " on " | " off " } "
426 .BR mvrp " { " on " | " off " } "
429 .BR loose_binding " { " on " | " off " } "
432 .BR bridge_binding " { " on " | " off " } "
435 .BI ingress-qos-map " QOS-MAP "
438 .BI egress-qos-map " QOS-MAP "
443 .BI protocol " VLAN_PROTO "
444 - either 802.1Q or 802.1ad.
447 - specifies the VLAN Identifer to use. Note that numbers with a leading " 0 " or " 0x " are interpreted as octal or hexadeimal, respectively.
449 .BR reorder_hdr " { " on " | " off " } "
450 - specifies whether ethernet headers are reordered or not (default is
455 .BR reorder_hdr " is " on
456 then VLAN header will be not inserted immediately but only before
457 passing to the physical device (if this device does not support VLAN
458 offloading), the similar on the RX direction - by default the packet
459 will be untagged before being received by VLAN device. Reordering
460 allows to accelerate tagging on egress and to hide VLAN header on
461 ingress so the packet looks like regular Ethernet packet, at the same
462 time it might be confusing for packet capture as the VLAN header does
463 not exist within the packet.
465 VLAN offloading can be checked by
471 .RB grep " tx-vlan-offload"
474 where <phy_dev> is the physical device to which VLAN device is bound.
477 .BR gvrp " { " on " | " off " } "
478 - specifies whether this VLAN should be registered using GARP VLAN
479 Registration Protocol.
481 .BR mvrp " { " on " | " off " } "
482 - specifies whether this VLAN should be registered using Multiple VLAN
483 Registration Protocol.
485 .BR loose_binding " { " on " | " off " } "
486 - specifies whether the VLAN device state is bound to the physical device state.
488 .BR bridge_binding " { " on " | " off " } "
489 - specifies whether the VLAN device link state tracks the state of bridge ports
490 that are members of the VLAN.
492 .BI ingress-qos-map " QOS-MAP "
493 - defines a mapping of VLAN header prio field to the Linux internal packet
494 priority on incoming frames. The format is FROM:TO with multiple mappings
497 .BI egress-qos-map " QOS-MAP "
498 - defines a mapping of Linux internal packet priority to VLAN header prio field
499 but for outgoing frames. The format is the same as for ingress-qos-map.
502 Linux packet priority can be set by
507 -t mangle -A POSTROUTING [...] -j CLASSIFY --set-class 0:4
510 and this "4" priority can be used in the egress qos mapping to set
515 link set veth0.10 type vlan egress 4:5
524 the following additional arguments are supported:
526 .BI "ip link add " DEVICE
527 .BI type " vxlan " id " VNI"
530 .RB " ] [ { " group " | " remote " } "
534 .RI "{ "IPADDR " | "any " } "
542 .BI flowlabel " FLOWLABEL "
546 .BI srcport " MIN MAX "
560 .RB [ no ] udp6zerocsumtx
562 .RB [ no ] udp6zerocsumrx
564 .BI ageing " SECONDS "
566 .BI maxaddress " NUMBER "
578 - specifies the VXLAN Network Identifer (or VXLAN Segment
582 - specifies the physical device to use for tunnel endpoint communication.
586 - specifies the multicast IP address to join.
587 This parameter cannot be specified with the
593 - specifies the unicast destination IP address to use in outgoing packets
594 when the destination link layer address is not known in the VXLAN device
595 forwarding database. This parameter cannot be specified with the
601 - specifies the source IP address to use in outgoing packets.
605 - specifies the TTL value to use in outgoing packets.
609 - specifies the TOS value to use in outgoing packets.
613 - specifies the usage of the Don't Fragment flag (DF) bit in outgoing packets
614 with IPv4 headers. The value
616 causes the bit to be copied from the original IP header. The values
620 cause the bit to be always unset or always set, respectively. By default, the
624 .BI flowlabel " FLOWLABEL"
625 - specifies the flow label to use in outgoing packets.
629 - specifies the UDP destination port to communicate to the remote
630 VXLAN tunnel endpoint.
633 .BI srcport " MIN MAX"
634 - specifies the range of port numbers to use as UDP
635 source ports to communicate to the remote VXLAN tunnel endpoint.
639 - specifies if unknown source link layer addresses and IP addresses
640 are entered into the VXLAN device forwarding database.
644 - specifies if route short circuit is turned on.
648 - specifies ARP proxy is turned on.
652 - specifies if netlink LLADDR miss notifications are generated.
656 - specifies if netlink IP ADDR miss notifications are generated.
660 - specifies if UDP checksum is calculated for transmitted packets over IPv4.
663 .RB [ no ] udp6zerocsumtx
664 - skip UDP checksum calculation for transmitted packets over IPv6.
667 .RB [ no ] udp6zerocsumrx
668 - allow incoming UDP packets over IPv6 with zero checksum field.
671 .BI ageing " SECONDS"
672 - specifies the lifetime in seconds of FDB entries learnt by the kernel.
675 .BI maxaddress " NUMBER"
676 - specifies the maximum number of FDB entries.
680 - specifies whether an external control plane
681 .RB "(e.g. " "ip route encap" )
682 or the internal FDB should be used.
686 - enables the Group Policy extension (VXLAN-GBP).
689 Allows to transport group policy context across VXLAN network peers.
690 If enabled, includes the mark of a packet in the VXLAN header for outgoing
691 packets and fills the packet mark based on the information found in the
692 VXLAN header for incoming packets.
694 Format of upper 16 bits of packet mark (flags);
697 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
699 |-|-|-|-|-|-|-|-|-|D|-|-|A|-|-|-|
701 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
704 Don't Learn bit. When set, this bit indicates that the egress
705 VTEP MUST NOT learn the source address of the encapsulated frame.
708 Indicates that the group policy has already been applied to
709 this packet. Policies MUST NOT be applied by devices when the A bit is set.
712 Format of lower 16 bits of packet mark (policy ID):
715 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
719 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
723 iptables -A OUTPUT [...] -j MARK --set-mark 0x800FF
729 - enables the Generic Protocol extension (VXLAN-GPE). Currently, this is
730 only supported together with the
737 VETH, VXCAN Type Support
740 the following additional arguments are supported:
742 .BI "ip link add " DEVICE
743 .BR type " { " veth " | " vxcan " }"
753 - specifies the virtual pair device name of the
760 IPIP, SIT Type Support
763 the following additional arguments are supported:
765 .BI "ip link add " DEVICE
766 .BR type " { " ipip " | " sit " }"
767 .BI " remote " ADDR " local " ADDR
769 .BR encap " { " fou " | " gue " | " none " }"
771 .BR encap-sport " { " \fIPORT " | " auto " }"
773 .BI "encap-dport " PORT
775 .RB [ no ] encap-csum
777 .I " [no]encap-remcsum "
779 .I " mode " { ip6ip | ipip | mplsip | any } "
787 - specifies the remote address of the tunnel.
791 - specifies the fixed local address for tunneled packets.
792 It must be an address on another interface on this host.
795 .BR encap " { " fou " | " gue " | " none " }"
796 - specifies type of secondary UDP encapsulation. "fou" indicates
797 Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation.
800 .BR encap-sport " { " \fIPORT " | " auto " }"
801 - specifies the source port in UDP encapsulation.
803 indicates the port by number, "auto"
804 indicates that the port number should be chosen automatically
805 (the kernel picks a flow based on the flow hash of the
806 encapsulated packet).
809 .RB [ no ] encap-csum
810 - specifies if UDP checksums are enabled in the secondary
814 .RB [ no ] encap-remcsum
815 - specifies if Remote Checksum Offload is enabled. This is only
816 applicable for Generic UDP Encapsulation.
819 .BI mode " { ip6ip | ipip | mplsip | any } "
820 - specifies mode in which device should run. "ip6ip" indicates
821 IPv6-Over-IPv4, "ipip" indicates "IPv4-Over-IPv4", "mplsip" indicates
822 MPLS-Over-IPv4, "any" indicates IPv6, IPv4 or MPLS Over IPv4. Supported for
823 SIT where the default is "ip6ip" and IPIP where the default is "ipip".
824 IPv6-Over-IPv4 is not supported for IPIP.
828 - make this tunnel externally controlled
829 .RB "(e.g. " "ip route encap" ).
835 .IR GRE " or " GRETAP
836 the following additional arguments are supported:
838 .BI "ip link add " DEVICE
839 .BR type " { " gre " | " gretap " }"
840 .BI " remote " ADDR " local " ADDR
842 .RB [ no ] "" [ i | o ] seq
849 .RB [ no ] "" [ i | o ] csum
861 .BR encap " { " fou " | " gue " | " none " }"
863 .BR encap-sport " { " \fIPORT " | " auto " }"
865 .BI "encap-dport " PORT
867 .RB [ no ] encap-csum
869 .RB [ no ] encap-remcsum
877 - specifies the remote address of the tunnel.
881 - specifies the fixed local address for tunneled packets.
882 It must be an address on another interface on this host.
885 .RB [ no ] "" [ i | o ] seq
889 flag enables sequencing of outgoing packets.
892 flag requires that all input packets are serialized.
899 - use keyed GRE with key
901 is either a number or an IPv4 address-like dotted quad.
904 parameter specifies the same key to use in both directions.
906 .BR ikey " and " okey
907 parameters specify different keys for input and output.
910 .RB [ no ] "" [ i | o ] csum
911 - generate/require checksums for tunneled packets.
914 flag calculates checksums for outgoing packets.
917 flag requires that all input packets have the correct
920 flag is equivalent to the combination
925 - specifies the TTL value to use in outgoing packets.
929 - specifies the TOS value to use in outgoing packets.
933 - enables/disables Path MTU Discovery on this tunnel.
934 It is enabled by default. Note that a fixed ttl is incompatible
935 with this option: tunneling with a fixed ttl always makes pmtu
940 - enables/disables IPv4 DF suppression on this tunnel.
941 Normally datagrams that exceed the MTU will be fragmented; the presence
942 of the DF flag inhibits this, resulting instead in an ICMP Unreachable
943 (Fragmentation Required) message. Enabling this attribute causes the
944 DF flag to be ignored.
948 - specifies the physical device to use for tunnel endpoint communication.
951 .BR encap " { " fou " | " gue " | " none " }"
952 - specifies type of secondary UDP encapsulation. "fou" indicates
953 Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation.
956 .BR encap-sport " { " \fIPORT " | " auto " }"
957 - specifies the source port in UDP encapsulation.
959 indicates the port by number, "auto"
960 indicates that the port number should be chosen automatically
961 (the kernel picks a flow based on the flow hash of the
962 encapsulated packet).
965 .RB [ no ] encap-csum
966 - specifies if UDP checksums are enabled in the secondary
970 .RB [ no ] encap-remcsum
971 - specifies if Remote Checksum Offload is enabled. This is only
972 applicable for Generic UDP Encapsulation.
976 - make this tunnel externally controlled
977 .RB "(e.g. " "ip route encap" ).
982 IP6GRE/IP6GRETAP Type Support
985 the following additional arguments are supported:
987 .BI "ip link add " DEVICE
988 .BR type " { " ip6gre " | " ip6gretap " }"
989 .BI remote " ADDR " local " ADDR"
991 .RB [ no ] "" [ i | o ] seq
998 .RB [ no ] "" [ i | o ] csum
1000 .BI hoplimit " TTL "
1002 .BI encaplimit " ELIM "
1004 .BI tclass " TCLASS "
1006 .BI flowlabel " FLOWLABEL "
1010 .BI "[no]allow-localremote"
1012 .BI dev " PHYS_DEV "
1020 - specifies the remote IPv6 address of the tunnel.
1024 - specifies the fixed local IPv6 address for tunneled packets.
1025 It must be an address on another interface on this host.
1028 .RB [ no ] "" [ i | o ] seq
1029 - serialize packets.
1032 flag enables sequencing of outgoing packets.
1035 flag requires that all input packets are serialized.
1041 .BR no [ i | o ] key
1042 - use keyed GRE with key
1044 is either a number or an IPv4 address-like dotted quad.
1047 parameter specifies the same key to use in both directions.
1049 .BR ikey " and " okey
1050 parameters specify different keys for input and output.
1053 .RB [ no ] "" [ i | o ] csum
1054 - generate/require checksums for tunneled packets.
1057 flag calculates checksums for outgoing packets.
1060 flag requires that all input packets have the correct
1063 flag is equivalent to the combination
1068 - specifies Hop Limit value to use in outgoing packets.
1071 .BI encaplimit " ELIM"
1072 - specifies a fixed encapsulation limit. Default is 4.
1075 .BI flowlabel " FLOWLABEL"
1076 - specifies a fixed flowlabel.
1079 .BI [no]allow-localremote
1080 - specifies whether to allow remote endpoint to have an address configured on
1084 .BI tclass " TCLASS"
1085 - specifies the traffic class field on
1086 tunneled packets, which can be specified as either a two-digit
1087 hex value (e.g. c0) or a predefined string (e.g. internet).
1090 causes the field to be copied from the original IP header. The
1092 .BI "inherit/" STRING
1094 .BI "inherit/" 00 ".." ff
1095 will set the field to
1099 when tunneling non-IP packets. The default value is 00.
1103 - make this tunnel externally controlled (or not, which is the default).
1104 In the kernel, this is referred to as collect metadata mode. This flag is
1105 mutually exclusive with the
1113 .BR flowlabel " and " tclass
1122 the following additional arguments are supported:
1124 .BI "ip link add " DEVICE " name " NAME
1125 .BR "type ipoib " [ " pkey \fIPKEY" " ] [ " mode " \fIMODE \fR]"
1130 - specifies the IB P-Key to use.
1133 - specifies the mode (datagram or connected) to use.
1139 the following additional arguments are supported:
1141 .BI "ip link add " DEVICE
1142 .BR type " { " erspan " | " ip6erspan " }"
1143 .BI remote " ADDR " local " ADDR " seq
1146 .BR erspan_ver " \fIversion "
1148 .BR erspan " \fIIDX "
1150 .BR erspan_dir " { " \fIingress " | " \fIegress " }"
1152 .BR erspan_hwid " \fIhwid "
1154 .BI "[no]allow-localremote"
1162 - specifies the remote address of the tunnel.
1166 - specifies the fixed local address for tunneled packets.
1167 It must be an address on another interface on this host.
1170 .BR erspan_ver " \fIversion "
1171 - specifies the ERSPAN version number.
1173 indicates the ERSPAN version to be created: 0 for version 0 type I,
1174 1 for version 1 (type II) or 2 for version 2 (type III).
1177 .BR erspan " \fIIDX "
1178 - specifies the ERSPAN v1 index field.
1180 indicates a 20 bit index/port number associated with the ERSPAN
1181 traffic's source port and direction.
1184 .BR erspan_dir " { " \fIingress " | " \fIegress " }"
1185 - specifies the ERSPAN v2 mirrored traffic's direction.
1188 .BR erspan_hwid " \fIhwid "
1189 - an unique identifier of an ERSPAN v2 engine within a system.
1191 is a 6-bit value for users to configure.
1194 .BI [no]allow-localremote
1195 - specifies whether to allow remote endpoint to have an address configured on
1200 - make this tunnel externally controlled (or not, which is the default).
1201 In the kernel, this is referred to as collect metadata mode. This flag is
1202 mutually exclusive with the
1207 .BR erspan_dir " and " erspan_hwid
1216 the following additional arguments are supported:
1218 .BI "ip link add " DEVICE
1219 .BI type " geneve " id " VNI " remote " IPADDR"
1227 .BI flowlabel " FLOWLABEL "
1235 .RB [ no ] udp6zerocsumtx
1237 .RB [ no ] udp6zerocsumrx
1243 - specifies the Virtual Network Identifer to use.
1246 .BI remote " IPADDR"
1247 - specifies the unicast destination IP address to use in outgoing packets.
1251 - specifies the TTL value to use in outgoing packets. "0" or "auto" means
1252 use whatever default value, "inherit" means inherit the inner protocol's
1253 ttl. Default option is "0".
1257 - specifies the TOS value to use in outgoing packets.
1261 - specifies the usage of the Don't Fragment flag (DF) bit in outgoing packets
1262 with IPv4 headers. The value
1264 causes the bit to be copied from the original IP header. The values
1268 cause the bit to be always unset or always set, respectively. By default, the
1272 .BI flowlabel " FLOWLABEL"
1273 - specifies the flow label to use in outgoing packets.
1277 - select a destination port other than the default of 6081.
1281 - make this tunnel externally controlled (or not, which is the default). This
1282 flag is mutually exclusive with the
1286 .BR tos " and " flowlabel
1291 - specifies if UDP checksum is calculated for transmitted packets over IPv4.
1294 .RB [ no ] udp6zerocsumtx
1295 - skip UDP checksum calculation for transmitted packets over IPv6.
1298 .RB [ no ] udp6zerocsumrx
1299 - allow incoming UDP packets over IPv6 with zero checksum field.
1304 Bareudp Type Support
1307 the following additional arguments are supported:
1309 .BI "ip link add " DEVICE
1310 .BI type " bareudp " dstport " PORT " ethertype " ETHERTYPE"
1312 .BI srcportmin " SRCPORTMIN "
1314 .RB [ no ] multiproto
1320 - specifies the destination port for the UDP tunnel.
1323 .BI ethertype " ETHERTYPE"
1324 - specifies the ethertype of the L3 protocol being tunnelled.
1327 .BI srcportmin " SRCPORTMIN"
1328 - selects the lowest value of the UDP tunnel source port range.
1331 .RB [ no ] multiproto
1332 - activates support for protocols similar to the one
1333 .RB "specified by " ethertype .
1336 is "mpls_uc" (that is, unicast MPLS), this allows the tunnel to also handle
1340 is "ipv4", this allows the tunnel to also handle IPv6. This option is disabled
1344 MACVLAN and MACVTAP Type Support
1349 the following additional arguments are supported:
1351 .BI "ip link add link " DEVICE " name " NAME
1352 .BR type " { " macvlan " | " macvtap " } "
1353 .BR mode " { " private " | " vepa " | " bridge " | " passthru
1354 .RB " [ " nopromisc " ] | " source " } "
1358 .BR type " { " macvlan " | " macvtap " } "
1359 - specifies the link type to use.
1360 .BR macvlan " creates just a virtual interface, while "
1361 .BR macvtap " in addition creates a character device "
1362 .BR /dev/tapX " to be used just like a " tuntap " device."
1365 - Do not allow communication between
1367 instances on the same physical interface, even if the external switch supports
1371 - Virtual Ethernet Port Aggregator mode. Data from one
1373 instance to the other on the same physical interface is transmitted over the
1374 physical interface. Either the attached switch needs to support hairpin mode,
1375 or there must be a TCP/IP router forwarding the packets in order to allow
1376 communication. This is the default mode.
1379 - In bridge mode, all endpoints are directly connected to each other,
1380 communication is not redirected through the physical interface's peer.
1382 .BR mode " " passthru " [ " nopromisc " ] "
1383 - This mode gives more power to a single endpoint, usually in
1384 .BR macvtap " mode. It is not allowed for more than one endpoint on the same "
1385 physical interface. All traffic will be forwarded to this endpoint, allowing
1386 virtio guests to change MAC address or set promiscuous mode in order to bridge
1387 the interface or create vlan interfaces on top of it. By default, this mode
1388 forces the underlying interface into promiscuous mode. Passing the
1389 .BR nopromisc " flag prevents this, so the promisc flag may be controlled "
1390 using standard tools.
1393 - allows one to set a list of allowed mac address, which is used to match
1394 against source mac address from received frames on underlying interface. This
1395 allows creating mac based VLAN associations, instead of standard port or tag
1396 based. The feature is useful to deploy 802.1x mac based behavior,
1397 where drivers of underlying interfaces doesn't allows that.
1401 High-availability Seamless Redundancy (HSR) Support
1404 the following additional arguments are supported:
1406 .BI "ip link add link " DEVICE " name " NAME " type hsr"
1407 .BI slave1 " SLAVE1-IF " slave2 " SLAVE2-IF "
1408 .RB [ " supervision"
1409 .IR ADDR-BYTE " ] ["
1410 .BR version " { " 0 " | " 1 " } ["
1411 .BR proto " { " 0 " | " 1 " } ]"
1416 - specifies the link type to use, here HSR.
1418 .BI slave1 " SLAVE1-IF "
1419 - Specifies the physical device used for the first of the two ring ports.
1421 .BI slave2 " SLAVE2-IF "
1422 - Specifies the physical device used for the second of the two ring ports.
1424 .BI supervision " ADDR-BYTE"
1425 - The last byte of the multicast address used for HSR supervision frames.
1426 Default option is "0", possible values 0-255.
1428 .BR version " { " 0 " | " 1 " }"
1429 - Selects the protocol version of the interface. Default option is "0", which
1430 corresponds to the 2010 version of the HSR standard. Option "1" activates the
1433 .BR proto " { " 0 " | " 1 " }"
1434 - Selects the protocol at the interface. Default option is "0", which
1435 corresponds to the HSR standard. Option "1" activates the Parallel
1436 Redundancy Protocol (PRP).
1444 the following additional arguments are supported:
1446 .BI "ip link add " DEVICE " type bridge "
1448 .BI ageing_time " AGEING_TIME "
1450 .BI group_fwd_mask " MASK "
1452 .BI group_address " ADDRESS "
1454 .BI forward_delay " FORWARD_DELAY "
1456 .BI hello_time " HELLO_TIME "
1458 .BI max_age " MAX_AGE "
1460 .BI stp_state " STP_STATE "
1462 .BI priority " PRIORITY "
1464 .BI vlan_filtering " VLAN_FILTERING "
1466 .BI vlan_protocol " VLAN_PROTOCOL "
1468 .BI vlan_default_pvid " VLAN_DEFAULT_PVID "
1470 .BI vlan_stats_enabled " VLAN_STATS_ENABLED "
1472 .BI vlan_stats_per_port " VLAN_STATS_PER_PORT "
1474 .BI mcast_snooping " MULTICAST_SNOOPING "
1476 .BI mcast_router " MULTICAST_ROUTER "
1478 .BI mcast_query_use_ifaddr " MCAST_QUERY_USE_IFADDR "
1480 .BI mcast_querier " MULTICAST_QUERIER "
1482 .BI mcast_hash_elasticity " HASH_ELASTICITY "
1484 .BI mcast_hash_max " HASH_MAX "
1486 .BI mcast_last_member_count " LAST_MEMBER_COUNT "
1488 .BI mcast_startup_query_count " STARTUP_QUERY_COUNT "
1490 .BI mcast_last_member_interval " LAST_MEMBER_INTERVAL "
1492 .BI mcast_membership_interval " MEMBERSHIP_INTERVAL "
1494 .BI mcast_querier_interval " QUERIER_INTERVAL "
1496 .BI mcast_query_interval " QUERY_INTERVAL "
1498 .BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL "
1500 .BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL "
1502 .BI mcast_stats_enabled " MCAST_STATS_ENABLED "
1504 .BI mcast_igmp_version " IGMP_VERSION "
1506 .BI mcast_mld_version " MLD_VERSION "
1508 .BI nf_call_iptables " NF_CALL_IPTABLES "
1510 .BI nf_call_ip6tables " NF_CALL_IP6TABLES "
1512 .BI nf_call_arptables " NF_CALL_ARPTABLES "
1517 .BI ageing_time " AGEING_TIME "
1518 - configure the bridge's FDB entries ageing time, ie the number of
1519 seconds a MAC address will be kept in the FDB after a packet has been
1520 received from that address. after this time has passed, entries are
1523 .BI group_fwd_mask " MASK "
1524 - set the group forward mask. This is the bitmask that is applied to
1525 decide whether to forward incoming frames destined to link-local
1526 addresses, ie addresses of the form 01:80:C2:00:00:0X (defaults to 0,
1527 ie the bridge does not forward any link-local frames).
1529 .BI group_address " ADDRESS "
1530 - set the MAC address of the multicast group this bridge uses for STP.
1531 The address must be a link-local address in standard Ethernet MAC
1532 address format, ie an address of the form 01:80:C2:00:00:0X, with X
1535 .BI forward_delay " FORWARD_DELAY "
1536 - set the forwarding delay in seconds, ie the time spent in LISTENING
1537 state (before moving to LEARNING) and in LEARNING state (before
1538 moving to FORWARDING). Only relevant if STP is enabled. Valid values
1539 are between 2 and 30.
1541 .BI hello_time " HELLO_TIME "
1542 - set the time in seconds between hello packets sent by the bridge,
1543 when it is a root bridge or a designated bridges.
1544 Only relevant if STP is enabled. Valid values are between 1 and 10.
1546 .BI max_age " MAX_AGE "
1547 - set the hello packet timeout, ie the time in seconds until another
1548 bridge in the spanning tree is assumed to be dead, after reception of
1549 its last hello message. Only relevant if STP is enabled. Valid values
1550 are between 6 and 40.
1552 .BI stp_state " STP_STATE "
1553 - turn spanning tree protocol on
1554 .RI ( STP_STATE " > 0) "
1556 .RI ( STP_STATE " == 0). "
1559 .BI priority " PRIORITY "
1560 - set this bridge's spanning tree priority, used during STP root
1563 is a 16bit unsigned integer.
1565 .BI vlan_filtering " VLAN_FILTERING "
1566 - turn VLAN filtering on
1567 .RI ( VLAN_FILTERING " > 0) "
1569 .RI ( VLAN_FILTERING " == 0). "
1570 When disabled, the bridge will not consider the VLAN tag when handling packets.
1572 .BR vlan_protocol " { " 802.1Q " | " 802.1ad " } "
1573 - set the protocol used for VLAN filtering.
1575 .BI vlan_default_pvid " VLAN_DEFAULT_PVID "
1576 - set the default PVID (native/untagged VLAN ID) for this bridge.
1578 .BI vlan_stats_enabled " VLAN_STATS_ENABLED "
1580 .RI ( VLAN_STATS_ENABLED " == 1) "
1582 .RI ( VLAN_STATS_ENABLED " == 0) "
1583 per-VLAN stats accounting.
1585 .BI vlan_stats_per_port " VLAN_STATS_PER_PORT "
1587 .RI ( VLAN_STATS_PER_PORT " == 1) "
1589 .RI ( VLAN_STATS_PER_PORT " == 0) "
1590 per-VLAN per-port stats accounting. Can be changed only when there are no port VLANs configured.
1592 .BI mcast_snooping " MULTICAST_SNOOPING "
1593 - turn multicast snooping on
1594 .RI ( MULTICAST_SNOOPING " > 0) "
1596 .RI ( MULTICAST_SNOOPING " == 0). "
1598 .BI mcast_router " MULTICAST_ROUTER "
1599 - set bridge's multicast router if IGMP snooping is enabled.
1601 is an integer value having the following meaning:
1608 - automatic (queried).
1611 - permanently enabled.
1614 .BI mcast_query_use_ifaddr " MCAST_QUERY_USE_IFADDR "
1615 - whether to use the bridge's own IP address as source address for IGMP queries
1616 .RI ( MCAST_QUERY_USE_IFADDR " > 0) "
1617 or the default of 0.0.0.0
1618 .RI ( MCAST_QUERY_USE_IFADDR " == 0). "
1620 .BI mcast_querier " MULTICAST_QUERIER "
1622 .RI ( MULTICAST_QUERIER " > 0) "
1624 .RI ( MULTICAST_QUERIER " == 0) "
1625 IGMP querier, ie sending of multicast queries by the bridge (default: disabled).
1627 .BI mcast_querier_interval " QUERIER_INTERVAL "
1628 - interval between queries sent by other routers. if no queries are seen
1629 after this delay has passed, the bridge will start to send its own queries
1634 .BI mcast_hash_elasticity " HASH_ELASTICITY "
1635 - set multicast database hash elasticity, ie the maximum chain length
1636 in the multicast hash table (defaults to 4).
1638 .BI mcast_hash_max " HASH_MAX "
1639 - set maximum size of multicast hash table (defaults to 512,
1640 value must be a power of 2).
1642 .BI mcast_last_member_count " LAST_MEMBER_COUNT "
1643 - set multicast last member count, ie the number of queries the bridge
1644 will send before stopping forwarding a multicast group after a "leave"
1645 message has been received (defaults to 2).
1647 .BI mcast_last_member_interval " LAST_MEMBER_INTERVAL "
1648 - interval between queries to find remaining members of a group,
1649 after a "leave" message is received.
1651 .BI mcast_startup_query_count " STARTUP_QUERY_COUNT "
1652 - set the number of IGMP queries to send during startup phase (defaults to 2).
1654 .BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL "
1655 - interval between queries in the startup phase.
1657 .BI mcast_query_interval " QUERY_INTERVAL "
1658 - interval between queries sent by the bridge after the end of the
1661 .BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL "
1662 - set the Max Response Time/Maximum Response Delay for IGMP/MLD
1663 queries sent by the bridge.
1665 .BI mcast_membership_interval " MEMBERSHIP_INTERVAL "
1666 - delay after which the bridge will leave a group,
1667 if no membership reports for this group are received.
1669 .BI mcast_stats_enabled " MCAST_STATS_ENABLED "
1671 .RI ( MCAST_STATS_ENABLED " > 0) "
1673 .RI ( MCAST_STATS_ENABLED " == 0) "
1674 multicast (IGMP/MLD) stats accounting.
1676 .BI mcast_igmp_version " IGMP_VERSION "
1677 - set the IGMP version.
1679 .BI mcast_mld_version " MLD_VERSION "
1680 - set the MLD version.
1682 .BI nf_call_iptables " NF_CALL_IPTABLES "
1684 .RI ( NF_CALL_IPTABLES " > 0) "
1686 .RI ( NF_CALL_IPTABLES " == 0) "
1687 iptables hooks on the bridge.
1689 .BI nf_call_ip6tables " NF_CALL_IP6TABLES "
1691 .RI ( NF_CALL_IP6TABLES " > 0) "
1693 .RI ( NF_CALL_IP6TABLES " == 0) "
1694 ip6tables hooks on the bridge.
1696 .BI nf_call_arptables " NF_CALL_ARPTABLES "
1698 .RI ( NF_CALL_ARPTABLES " > 0) "
1700 .RI ( NF_CALL_ARPTABLES " == 0) "
1701 arptables hooks on the bridge.
1710 the following additional arguments are supported:
1712 .BI "ip link add link " DEVICE " name " NAME " type macsec"
1714 .BI address " <lladdr>"
1720 .BI cipher " CIPHER_SUITE"
1725 .BR on " | " off " } ] [ "
1726 .BR send_sci " { " on " | " off " } ] ["
1727 .BR end_station " { " on " | " off " } ] ["
1728 .BR scb " { " on " | " off " } ] ["
1729 .BR protect " { " on " | " off " } ] ["
1730 .BR replay " { " on " | " off " }"
1732 .IR 0..2^32-1 " } ] ["
1733 .BR validate " { " strict " | " check " | " disabled " } ] ["
1734 .BR encodingsa " { "
1739 .BI address " <lladdr> "
1740 - sets the system identifier component of secure channel for this MACsec device.
1744 - sets the port number component of secure channel for this MACsec
1745 device, in a range from 1 to 65535 inclusive. Numbers with a leading "
1746 0 " or " 0x " are interpreted as octal and hexadecimal, respectively.
1750 - sets the secure channel identifier for this MACsec device.
1752 is a 64bit wide number in hexadecimal format.
1755 .BI cipher " CIPHER_SUITE "
1756 - defines the cipher suite to use.
1759 .BI icvlen " LENGTH "
1760 - sets the length of the Integrity Check Value (ICV).
1763 .BR "encrypt on " or " encrypt off"
1764 - switches between authenticated encryption, or authenticity mode only.
1767 .BR "send_sci on " or " send_sci off"
1768 - specifies whether the SCI is included in every packet,
1769 or only when it is necessary.
1772 .BR "end_station on " or " end_station off"
1773 - sets the End Station bit.
1776 .BR "scb on " or " scb off"
1777 - sets the Single Copy Broadcast bit.
1780 .BR "protect on " or " protect off"
1781 - enables MACsec protection on the device.
1784 .BR "replay on " or " replay off"
1785 - enables replay protection on the device.
1791 - sets the size of the replay window.
1796 .BR "validate strict " or " validate check " or " validate disabled"
1797 - sets the validation mode on the device.
1800 .BI encodingsa " AN "
1801 - sets the active secure association for transmission.
1809 the following additional arguments are supported:
1811 .BI "ip link add " DEVICE " type vrf table " TABLE
1815 .BR table " table id associated with VRF device"
1823 the following additional arguments are supported:
1825 .BI "ip link add link " DEVICE " name " NAME " type rmnet mux_id " MUXID
1829 .BI mux_id " MUXID "
1830 - specifies the mux identifier for the rmnet device, possible values 1-254.
1838 the following additional arguments are supported:
1840 .BI "ip link add " DEVICE " type xfrm dev " PHYS_DEV " [ if_id " IF_ID " ]"
1844 .BI dev " PHYS_DEV "
1845 - specifies the underlying physical interface from which transform traffic is sent and received.
1849 - specifies the hexadecimal lookup key used to send traffic to and from specific xfrm
1850 policies. Policies must be configured with the same key. If not set, the key defaults to
1851 0 and will match any policies which similarly do not have a lookup key configuration.
1855 .SS ip link delete - delete virtual link
1859 specifies the virtual device to act operate on.
1863 specifies the group of virtual links to delete. Group 0 is not allowed to be
1864 deleted since it is the default group.
1868 specifies the type of the device.
1870 .SS ip link set - change device attributes
1874 If multiple parameter changes are requested,
1876 aborts immediately after any of the changes have failed.
1877 This is the only case when
1879 can move the system to an unpredictable state. The solution
1880 is to avoid changing several parameters with one
1892 specifies network device to operate on. When configuring SR-IOV
1893 Virtual Function (VF) devices, this keyword should specify the
1894 associated Physical Function (PF) device.
1899 has a dual role: If both group and dev are present, then move the device to the
1900 specified group. If only a group is specified, then the command operates on
1901 all devices in that group.
1905 change the state of the device to
1911 .BR "arp on " or " arp off"
1917 .BR "multicast on " or " multicast off"
1923 .BR "allmulticast on " or " allmulticast off"
1926 flag on the device. When enabled, instructs network driver to retrieve all
1927 multicast packets from the network to the kernel for further processing.
1930 .BR "promisc on " or " promisc off"
1933 flag on the device. When enabled, activates promiscuous operation of the
1937 .BR "trailers on " or " trailers off"
1942 used by the Linux and exists for BSD compatibility.
1945 .BR "protodown on " or " protodown off"
1948 state on the device. Indicates that a protocol error has been detected
1949 on the port. Switch drivers can react to this error by doing a phys
1950 down on the switch port.
1953 .BR "protodown_reason PREASON on " or " off"
1956 reasons on the device. protodown reason bit names can be enumerated under
1957 /etc/iproute2/protodown_reasons.d/. possible reasons bits 0-31
1960 .BR "dynamic on " or " dynamic off"
1963 flag on the device. Indicates that address can change when interface
1964 goes down (currently
1970 change the name of the device. This operation is not
1971 recommended if the device is running or has some addresses
1975 .BI txqueuelen " NUMBER"
1977 .BI txqlen " NUMBER"
1978 change the transmit queue length of the device.
1987 .BI address " LLADDRESS"
1988 change the station address of the interface.
1991 .BI broadcast " LLADDRESS"
1993 .BI brd " LLADDRESS"
1995 .BI peer " LLADDRESS"
1996 change the link layer broadcast address or the peer address when
2001 .BI netns " NETNSNAME " \fR| " PID"
2002 move the device to the network namespace associated with name
2006 Some devices are not allowed to change network namespace: loopback, bridge,
2007 wireless. These are network namespace local devices. In such case
2009 tool will return "Invalid argument" error. It is possible to find out
2010 if device is local to a single network namespace by checking
2012 flag in the output of the
2020 To change network namespace for wireless devices the
2022 tool can be used. But it allows to change network namespace only for
2023 physical devices and by process
2028 give the device a symbolic name for easy reference.
2032 specify the group the device belongs to.
2033 The available groups are listed in file
2034 .BR "@SYSCONFDIR@/group" .
2038 specify a Virtual Function device to be configured. The associated PF device
2039 must be specified using the
2044 .BI mac " LLADDRESS"
2045 - change the station address for the specified VF. The
2047 parameter must be specified.
2051 - change the assigned VLAN for the specified VF. When specified, all traffic
2052 sent from the VF will be tagged with the specified VLAN ID. Incoming traffic
2053 will be filtered for the specified VLAN ID, and will have all VLAN tags
2054 stripped before being passed to the VF. Setting this parameter to 0 disables
2055 VLAN tagging and filtering. The
2057 parameter must be specified.
2061 - assign VLAN QOS (priority) bits for the VLAN tag. When specified, all VLAN
2062 tags transmitted by the VF will include the specified priority bits in the
2063 VLAN tag. If not specified, the value is assumed to be 0. Both the
2067 parameters must be specified. Setting both
2071 as 0 disables VLAN tagging and filtering for the VF.
2074 .BI proto " VLAN-PROTO"
2075 - assign VLAN PROTOCOL for the VLAN tag, either 802.1Q or 802.1ad.
2076 Setting to 802.1ad, all traffic sent from the VF will be tagged with
2077 VLAN S-Tag. Incoming traffic will have VLAN S-Tags stripped before
2078 being passed to the VF. Setting to 802.1ad also enables an option to
2079 concatenate another VLAN tag, so both S-TAG and C-TAG will be
2080 inserted/stripped for outgoing/incoming traffic, respectively. If not
2081 specified, the value is assumed to be 802.1Q. Both the
2085 parameters must be specified.
2089 -- change the allowed transmit bandwidth, in Mbps, for the specified VF.
2090 Setting this parameter to 0 disables rate limiting.
2092 parameter must be specified.
2098 .BI max_tx_rate " TXRATE"
2099 - change the allowed maximum transmit bandwidth, in Mbps, for the
2100 specified VF. Setting this parameter to 0 disables rate limiting.
2102 parameter must be specified.
2105 .BI min_tx_rate " TXRATE"
2106 - change the allowed minimum transmit bandwidth, in Mbps, for the specified VF.
2107 Minimum TXRATE should be always <= Maximum TXRATE.
2108 Setting this parameter to 0 disables rate limiting.
2110 parameter must be specified.
2113 .BI spoofchk " on|off"
2114 - turn packet spoof checking on or off for the specified VF.
2116 .BI query_rss " on|off"
2117 - toggle the ability of querying the RSS configuration of a specific
2118 VF. VF RSS information like RSS hash key may be considered sensitive
2119 on some devices where this information is shared between VF and PF
2120 and thus its querying may be prohibited by default.
2122 .BI state " auto|enable|disable"
2123 - set the virtual link state as seen by the specified VF. Setting to
2124 auto means a reflection of the PF link state, enable lets the VF to
2125 communicate with other VFs on this host even if the PF link state is
2126 down, disable causes the HW to drop any packets sent by the VF.
2129 - trust the specified VF user. This enables that VF user can set a
2130 specific feature which may impact security and/or
2131 performance. (e.g. VF multicast promiscuous mode)
2133 .BI node_guid " eui64"
2134 - configure node GUID for Infiniband VFs.
2136 .BI port_guid " eui64"
2137 - configure port GUID for Infiniband VFs.
2141 .B xdp object "|" pinned "|" off
2142 set (or unset) a XDP ("eXpress Data Path") BPF program to run on every
2143 packet at driver level.
2145 output will indicate a
2147 flag for the networking device. If the driver does not have native XDP
2148 support, the kernel will fall back to a slower, driver-independent "generic"
2151 output will in that case indicate
2155 only. If the driver does have native XDP support, but the program is
2157 .B xdpgeneric object "|" pinned
2158 then the kernel will use the generic XDP variant instead of the native one.
2160 has the opposite effect of requestsing that the automatic fallback to the
2161 generic XDP variant be disabled and in case driver is not XDP-capable error
2164 also disables hardware offloads.
2166 in ip link output indicates that the program has been offloaded to hardware
2167 and can also be used to request the "offload" mode, much like
2169 it forces program to be installed specifically in HW/FW of the apater.
2175 - Detaches any currently attached XDP/BPF program from the given device.
2178 - Attaches a XDP/BPF program to the given device. The
2180 points to a BPF ELF file (f.e. generated by LLVM) that contains the BPF
2181 program code, map specifications, etc. If a XDP/BPF program is already
2182 attached to the given device, an error will be thrown. If no XDP/BPF
2183 program is currently attached, the device supports XDP and the program
2184 from the BPF ELF file passes the kernel verifier, then it will be attached
2185 to the device. If the option
2189 then any prior attached XDP/BPF program will be atomically overridden and
2190 no error will be thrown in this case. If no
2192 option is passed, then the default section name ("prog") will be assumed,
2193 otherwise the provided section name will be used. If no
2195 option is passed, then a verifier log will only be dumped on load error.
2198 section for usage examples.
2200 .BI section " NAME "
2201 - Specifies a section name that contains the BPF program code. If no section
2202 name is specified, the default one ("prog") will be used. This option is
2203 to be passed with the
2208 - Act in verbose mode. For example, even in case of success, this will
2209 print the verifier log in case a program was loaded from a BPF ELF file.
2212 - Attaches a XDP/BPF program to the given device. The
2214 points to an already pinned BPF program in the BPF file system. The option
2216 doesn't apply here, but otherwise semantics are the same as with the option
2221 .BI master " DEVICE"
2222 set master device of the device (enslave device).
2226 unset master device of the device (release device).
2229 .BI addrgenmode " eui64|none|stable_secret|random"
2230 set the IPv6 address generation mode
2233 - use a Modified EUI-64 format interface identifier
2236 - disable automatic address generation
2239 - generate the interface identifier based on a preset
2240 /proc/sys/net/ipv6/conf/{default,DEVICE}/stable_secret
2243 - like stable_secret, but auto-generate a new random secret if none is set
2247 set peer netnsid for a cross-netns interface
2250 .BI type " ETYPE TYPE_ARGS"
2251 Change type-specific settings. For a list of supported types and arguments refer
2252 to the description of
2254 above. In addition to that, it is possible to manipulate settings to slave
2258 Bridge Slave Support
2259 For a link with master
2261 the following additional arguments are supported:
2263 .B "ip link set type bridge_slave"
2269 .BI priority " PRIO"
2273 .BR guard " { " on " | " off " }"
2275 .BR hairpin " { " on " | " off " }"
2277 .BR fastleave " { " on " | " off " }"
2279 .BR root_block " { " on " | " off " }"
2281 .BR learning " { " on " | " off " }"
2283 .BR flood " { " on " | " off " }"
2285 .BR proxy_arp " { " on " | " off " }"
2287 .BR proxy_arp_wifi " { " on " | " off " }"
2289 .BI mcast_router " MULTICAST_ROUTER"
2291 .BR mcast_fast_leave " { " on " | " off "}"
2293 .BR mcast_flood " { " on " | " off " }"
2295 .BR mcast_to_unicast " { " on " | " off " }"
2297 .BR group_fwd_mask " MASK"
2299 .BR neigh_suppress " { " on " | " off " }"
2301 .BR vlan_tunnel " { " on " | " off " }"
2303 .BR isolated " { " on " | " off " }"
2305 .BR backup_port " DEVICE"
2307 .BR nobackup_port " ]"
2312 - flush bridge slave's fdb dynamic entries.
2317 is a number representing the following states:
2318 .BR 0 " (disabled),"
2319 .BR 1 " (listening),"
2320 .BR 2 " (learning),"
2321 .BR 3 " (forwarding),"
2322 .BR 4 " (blocking)."
2324 .BI priority " PRIO"
2325 - set port priority (allowed values are between 0 and 63, inclusively).
2328 - set port cost (allowed values are between 1 and 65535, inclusively).
2330 .BR guard " { " on " | " off " }"
2331 - block incoming BPDU packets on this port.
2333 .BR hairpin " { " on " | " off " }"
2334 - enable hairpin mode on this port. This will allow incoming packets on this
2335 port to be reflected back.
2337 .BR fastleave " { " on " | " off " }"
2338 - enable multicast fast leave on this port.
2340 .BR root_block " { " on " | " off " }"
2341 - block this port from becoming the bridge's root port.
2343 .BR learning " { " on " | " off " }"
2344 - allow MAC address learning on this port.
2346 .BR flood " { " on " | " off " }"
2347 - open the flood gates on this port, i.e. forward all unicast frames to this
2349 .BR proxy_arp " and " proxy_arp_wifi
2352 .BR proxy_arp " { " on " | " off " }"
2353 - enable proxy ARP on this port.
2355 .BR proxy_arp_wifi " { " on " | " off " }"
2356 - enable proxy ARP on this port which meets extended requirements by IEEE
2357 802.11 and Hotspot 2.0 specifications.
2359 .BI mcast_router " MULTICAST_ROUTER"
2360 - configure this port for having multicast routers attached. A port with a
2361 multicast router will receive all multicast traffic.
2365 to disable multicast routers on this port,
2367 to let the system detect the presence of of routers (this is the default),
2369 to permanently enable multicast traffic forwarding on this port or
2371 to enable multicast routers temporarily on this port, not depending on incoming
2374 .BR mcast_fast_leave " { " on " | " off " }"
2375 - this is a synonym to the
2379 .BR mcast_flood " { " on " | " off " }"
2380 - controls whether a given port will flood multicast traffic for which
2381 there is no MDB entry.
2383 .BR mcast_to_unicast " { " on " | " off " }"
2384 - controls whether a given port will replicate packets using unicast
2385 instead of multicast. By default this flag is off.
2387 .BI group_fwd_mask " MASK "
2388 - set the group forward mask. This is the bitmask that is applied to
2389 decide whether to forward incoming frames destined to link-local
2390 addresses, ie addresses of the form 01:80:C2:00:00:0X (defaults to
2391 0, ie the bridge does not forward any link-local frames coming on
2394 .BR neigh_suppress " { " on " | " off " }"
2395 - controls whether neigh discovery (arp and nd) proxy and suppression
2396 is enabled on the port. By default this flag is off.
2398 .BR vlan_tunnel " { " on " | " off " }"
2399 - controls whether vlan to tunnel mapping is enabled on the port. By
2400 default this flag is off.
2402 .BI backup_port " DEVICE"
2403 - if the port loses carrier all traffic will be redirected to the
2404 configured backup port
2407 - removes the currently configured backup port
2412 Bonding Slave Support
2413 For a link with master
2415 the following additional arguments are supported:
2417 .B "ip link set type bond_slave"
2425 - set the slave's queue ID (a 16bit unsigned value).
2430 MACVLAN and MACVTAP Support
2431 Modify list of allowed macaddr for link in source mode.
2433 .B "ip link set type { macvlan | macvap } "
2435 .BI macaddr " " "" COMMAND " " MACADDR " ..."
2441 - add MACADDR to allowed list
2444 - replace allowed list
2447 - remove MACADDR from allowed list
2450 - flush whole allowed list
2455 .SS ip link show - display device attributes
2458 .BI dev " NAME " (default)
2460 specifies the network device to show.
2465 specifies what group of devices to show.
2469 only display running interfaces.
2472 .BI master " DEVICE "
2474 specifies the master device which enslaves devices to show.
2479 speficies the VRF which enslaves devices to show.
2484 specifies the type of devices to show.
2486 Note that the type name is not checked against the list of supported types -
2487 instead it is sent as-is to the kernel. Later it is used to filter the returned
2488 interface list by comparing it with the relevant attribute in case the kernel
2489 didn't filter already. Therefore any string is accepted, but may lead to empty
2492 .SS ip link xstats - display extended statistics
2497 specifies the type of devices to display extended statistics for.
2499 .SS ip link afstats - display address-family specific statistics
2504 specifies the device to display address-family statistics for.
2506 .SS ip link help - display help
2510 specifies which help of link type to dislpay.
2514 may be a number or a string from the file
2515 .B @SYSCONFDIR@/group
2516 which can be manually filled.
2522 Shows the state of all network interfaces on the system.
2525 ip link show type bridge
2527 Shows the bridge devices.
2530 ip link show type vlan
2532 Shows the vlan devices.
2535 ip link show master br0
2537 Shows devices enslaved by br0
2540 ip link set dev ppp0 mtu 1400
2542 Change the MTU the ppp0 device.
2545 ip link add link eth0 name eth0.10 type vlan id 10
2547 Creates a new vlan device eth0.10 on device eth0.
2550 ip link delete dev eth0.10
2552 Removes vlan device.
2557 Display help for the gre link type.
2560 ip link add name tun1 type ipip remote 192.168.1.1
2561 local 192.168.1.2 ttl 225 encap gue encap-sport auto
2562 encap-dport 5555 encap-csum encap-remcsum
2564 Creates an IPIP that is encapsulated with Generic UDP Encapsulation,
2565 and the outer UDP checksum and remote checksum offload are enabled.
2568 ip link set dev eth0 xdp obj prog.o
2570 Attaches a XDP/BPF program to device eth0, where the program is
2571 located in prog.o, section "prog" (default section). In case a
2572 XDP/BPF program is already attached, throw an error.
2575 ip -force link set dev eth0 xdp obj prog.o sec foo
2577 Attaches a XDP/BPF program to device eth0, where the program is
2578 located in prog.o, section "foo". In case a XDP/BPF program is
2579 already attached, it will be overridden by the new one.
2582 ip -force link set dev eth0 xdp pinned /sys/fs/bpf/foo
2584 Attaches a XDP/BPF program to device eth0, where the program was
2585 previously pinned as an object node into BPF file system under
2589 ip link set dev eth0 xdp off
2591 If a XDP/BPF program is attached on device eth0, detach it and
2592 effectively turn off XDP for device eth0.
2595 ip link add link wpan0 lowpan0 type lowpan
2597 Creates a 6LoWPAN interface named lowpan0 on the underlying
2598 IEEE 802.15.4 device wpan0.
2601 ip link add dev ip6erspan11 type ip6erspan seq key 102
2602 local fc00:100::2 remote fc00:100::1
2603 erspan_ver 2 erspan_dir ingress erspan_hwid 17
2605 Creates a IP6ERSPAN version 2 interface named ip6erspan00.
2616 Original Manpage by Michail Litvak <mci@owl.openwall.com>