networkd: optinally use DHCP lease domain info for routing only This changes the UseDomains= setting of .network files to take an optional third value "route", in addition to the boolean values. If set, the passed domain information is used for routing rules only, but not for the search path logic.

networkd: rename a few Network object properties to be more like the configuration settings All booleans called dhcp_xyz are now called ".dhcp_use_xyz", to match their respective configuration file settings. This should clarify things a bit, in particular as there is a DHCP hostname that was previously called just ".hostname" because ".dhcp_hostname" was already existing as a bool. Since this confusion is removed now because the bool is called ".dhcp_use_hostname", the string field is now renamed to ".dhcp_hostname".

networkd: rework Domains= setting Previously, .network files only knew a vaguely defined "Domains=" concept, for which the documentation declared it was the "DNS domain" for the network connection, without specifying what that means. With this the Domains setting is reworked, so that there are now "routing" domains and "search" domains. The former are to be used by resolved to route DNS request to specific network interfaces, the latter is to be used for searching single-label hostnames with (in addition to being used for routing). Both settings are configured in the "Domains=" setting. Normal domain names listed in it are now considered search domains (for compatibility with existing setups), while those prefixed with "~" are considered routing domains only. To route all lookups to a specific interface the routing domain "." may be used, referring to the root domain. An alternative syntax for this is the "*", as was already implemented before using the "wildcard" domain concept. This commit adds proper parsers for this new logic, and exposes this via the sd-network API. This information is not used by resolved yet, this will be added in a later commit.

resolved: introduce support for per-interface negative trust anchors

resolved,networkd: add a per-interface DNSSEC setting This adds a DNSSEC= setting to .network files, and makes resolved honour them.

networkd,resolved: add a per-interface mdns configuration option

resolved,networkd: unify ResolveSupport enum networkd previously knew an enum "ResolveSupport" for configuring per-interface LLMNR support, resolved had a similar enum just called "Support", with the same value and similar pasers. Unify this, call the enum ResolveSupport, and port both daemons to it.

networkd: Add support to configure IPV6 hop limit This patch adds support to configure IPV6 hop limit. For example: /proc/sys/net/ipv6/conf/wlp3s0/hop_limit

networkd: add support for configure IPv6 DAD Configures Ipv6 Duplicate Address Detection. 10

networkd: add support to configure preferred source of static routes

networkd:add support to configure ipv6 acceprt ra This patch support to configure the ipv6 acceprt ra option. for more information see http://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/proc-sys-net-ipv6..html

networkd: dhcp-server - allow configuration of the pool The constraints we place on the pool is that it is a contiguous sequence of addresses in the same subnet as the server address, not including the subnet nor broadcast addresses, but possibly including the server address itself. If the server address is included in the pool it is (obviously) reserved and not handed out to clients.

dhcp,network: support emitting DNS/NTP server information from DHCP server For now, this is very simple and IP addresses have to be configured manually.

networkd: make DHCP lease timeouts configurable

dhcp,network: implement RFC 4833 (DHCP Timezone option) This one is simply to add: encode the tzdata timezone in the DHCP options and optionally make use of it.

sd-network: make LLMNR specific config parser generic Rename the enum, the lookup functions and the parser for LLMNRSupport so the type can be reused for mDNS.

networkd: add support for macvtap This patch add support for macvtap. see http://virt.kernelnewbies.org/MacVTap

networkd: rename RootBlock to AllowPortToBeRoot Justification is similar to BPDUGuard rename. "Positive" values are easier. This is a rather uncommon option, so using a slightly longer name should not be a problem, and may in fact may make it easier to guess what the option does without reading the documentation.

networkd: rename BPDUGuard to UseBPDU Rename to follow the follow the style of other options. In general "positive" options are preferred to "negative" ones, because they are easier to describe and easier for humans to parse (c.f. the shortening on the man page entry).

networkd: add bridge link properties new bridge properties br.network [Match] Name=enp0s25 [Network] Bridge=br-test [Bridge] Cost=332 BPDUGuard = true HairPin = true FastLeave = true RootBlock = true UnicastFlood = true

networkd: DHCP override hostname This patch enhances the DHCP client to send the hostname reference http://lists.freedesktop.org/archives/systemd-devel/2014-July/021550.html Tested with Example conf: [Match] Name=eth1 [Network] DHCP=v4 [DHCP] SendHostname=true Hostname=test

networkd: Add support for ipv6 privacy extension This patch add support for ipv6 privacy extensions. The variable /proc/sys/net/ipv6/conf/<if>/use_tempaddr can be changed via the boolean IPv6PrivacyExtensions=[yes/no/prefer-temporary] When true enables privacy extensions, but prefer public addresses over temporary addresses. prefer-temporary prefers temporary adresses over public addresses. Defaults to false. [Match] Name=enp0s25 [Network] IPv6PrivacyExtensions=prefer-temporary

networkd: create "kernel" setting for IPForwarding In 5a8bcb674f71a20e95df55319b34c556638378ce, IPForwarding was introduced to set forwarding flags on interfaces in .network files. networkd sets forwarding options regardless of the previous setting, even if it was set by e.g. sysctl. This commit creates a new option for IPForwarding, "kernel", that preserves the sysctl settings rather than always setting them. See https://bugs.freedesktop.org/show_bug.cgi?id=89509 for the initial bug report.

network: add UseNTP DHCP option Despite having the internal logic in place to enable/disable using NTP servers provided by DHCP the network config didn't expose the option.

networkd: Make DHCP client ID creation configurable

networkd: add support for Uplink Failure Detection Introduce BindCarrier= to indicate the set of links that determine if the current link should be brought UP or DOWN. [tomegun: add a bit to commit message]

networkd: network - rename ipv6token parser Too generic name.

networkd: .network - rename LinkLocal to LinkLocalAddressing Makes it a bit less ambiguous.

net: support globbing and disjunction in Match logic Match{Name,OrginalName,Type,Driver,Path} can now take a space-separated glob of matches.

networkd: support route scopes For now we only support the hardcoded values RT_SCOPE_{UNIVERSE,LOCAL,HOST}, and not numerical values or values from /etc/iproute2/rt_scopes. This addresses https://bugs.freedesktop.org/show_bug.cgi?id=88508.

networkd: add support for IPv6 tokens This allows the admin to set the host-specific part of IPv6 addresses, but still receive the prefix via SLAAC. .network file snippet: [Network] IPv6Token=::12 gives: $ ip token token ::12 dev eth0 This closes https://bugs.freedesktop.org/show_bug.cgi?id=81177.

networkd: generalize IPv4LL to LinkLocal This allows both IPv4 and IPv6 link-local addresses to be enabled or disabled. By default we still enable IPv6LL and disable IPv4LL. The old config option is kept for backwards compatibility, but removed from the documentation.

networkd: netdev - add ipvlan support

networkd: make IP forwarding for IPv4 and IPv6 individually configurable

networkd: add minimal IP forwarding and masquerading support to .network files This adds two new settings to networkd's .network files: IPForwarding=yes and IPMasquerade=yes. The former controls the "forwarding" sysctl setting of the interface, thus controlling whether IP forwarding shall be enabled on the specific interface. The latter controls whether a firewall rule shall be installed that exposes traffic coming from the interface as coming from the local host to all other interfaces. This also enables both options by default for container network interfaces, thus making "systemd-nspawn --network-veth" have network connectivity out of the box.

networkd: integrate LLDP This patch integrates LLDP with networkd. Example conf: file : lldp.network [Match] Name=em1 [Network] LLDP=yes

networkd: add FDB support

networkd: rename section [BridgePort] → [Bridge] Let's stick to generic sections that describe the general technology, instead of specific per-object sections, unless we really have a reason to do that otherwise.

networkd: add basic [Link] settings to .network files This allows the default link settings (set in .link files) to be overridden per Network. Only MTU and MACAddress is supported for now.

networkd: add support for source routing

networkd: Add bridge port path cost This patch add support to specify path cost of the bridge port to be configured via conf file. Exampe: conf file: br.netdev [NetDev] Name=br-test Kind=bridge file: br.network [Match] Name=em1 [Network] Bridge=br-test [BridgePort] Cost=332 bridge link 2: em1 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br-test state disabled priority 32 cost 332

networkd: allow specification of DHCP route metric This lets the routing metric for links to be specified per-network, still defaulting to DHCP_ROUTE_METRIC (1024) if unspecified. Hopefully this helps with multiple interfaces configured via DHCP.

networkd: add support for Domains= to .network files This allows the search/routing domanis to be specified per link/network and be passed on to resolved.

networkd: rename UseDomainName to UseDomains This option will also apply to the search domains, so make it plural.

networkd: add and expose per-link LLMNR config option

networkd: unify handling of stacked netdevs

networkd: ipv4ll - default to setting up ipv4ll routes This is necessary for non-ipv4ll hosts to communicate with ipv4ll-only hosts on the same link. Defaults to being enabled, but can be opted out. See: <http://avahi.org/wiki/AvahiAutoipd#Routes>

networkd: merge DNS and NTP entries when exporting In the state files, do not distinguish where the various entries came from (static or DHCP), but include them all in the same list.

sd-dhcp-client: make request broadcasts opt-in It appears there is no good way to decide whether or not broadcasts should be enabled, there is hardware that must have broadcast, and there are networks that only allow unicast. So we give up and make this configurable. By default, unicast is used, but if the kernel were to inform us abotu certain interfaces requiring broadcast, we could change this to opt-in by default in those cases.

networkd: add back route destination support This was accidentally dropped when adding metric support.

networkd: dhcp add vendor class indentifier option 60 Vendor Class Identifier be used by DHCP clients to identify their vendor type and configuration. When using this option, vendors can define their own specific identifier values, such as to convey a particular hardware or operating system configuration or other identifying information. Vendor-specified DHCP options—features that let administrators assign separate options to clients with similar configuration requirements. For example, if DHCP-aware clients for example we want to separate different gateway and option for different set of people (dev/test/hr/finance) in a org or devices for example web/database servers or let's say in a embedded device etc and require a different default gateway or DNS server than the rest of clients.

networkd: make metric of routes configurable Now route metric can be configuted via conf file: example conf: [Match] Name=em1 [Route] Gateway=192.168.1.12 Metric=10 Test: ip route output default via 192.168.1.12 dev em1 metric 10 [tomegun: squash TODO update and reword man page a bit]

networkd: add support for peer address This patch adds peer address support for networkd . In the [Address] a new configurable param is Peer. [Match] Name=ipip-tun [Address] Address=10.0.0.1/32 Peer=10.0.0.2/32

networkd: fix alignment of gperf source

networkd: send hostname to dhcp server Send hostname (option 12) in DISCOVER and REQUEST messages so the DHCP server could use it to register with dynamic DNS and such. To opt-out of this behaviour set SendHostname to false in [DHCP] section of .network file [tomegun: rebased, made sure a failing set_hostname is a noop and moved config from DHCPv4 to DHCP]

Add support for DHCP static route options This adds support for DHCP options 33 and 121: Static Route and Classless Static Route. To enable this feature, set UseRoutes=true in .network file. Returned routes are added to the routing table.

networkd: merge DHCPv4 and DHCPv6 config If there are v4 or v6 specific options we can keep those in separate sections, but for the common options, we will use only one. Moreovere only use DHCP=[yes/both|no/none|v4|v6] to enable or disable the clients.

networkd: Add initial DHCPv6 support Enable DHCPv6 support by creating a DHCPv6 boolean in the Network section. Add necessary DHCPv6 structures and initial function calls.

networkd: introduce vxlan This patch enables netwokd to create vxlan Changes: Added: 1. File networkd networkd-vxlan.c 2. to netdev bool learning struct in_addr group uint64_t vxlanid; 3. VXLAN subsection and config parameters

networkd: add dhcp server support When enabled in [Network] it will set up a dhcp server on the interface, listening on one of its statically configured IPv4 addresses and with a fixed size pool of leases determined from it. Example: [Match] Name=ve-arch-tree [Network] Address=192.168.12.5/24 DHCPServer=yes [Route] Gateway=192.168.12.5 Destination=192.168.12.0/24 In this case we will configure ve-arch-tree with the address 192.168.12.5 and hand out addresses in the range 192.168.12.6 - 192.168.12.38. In the future, we should (as suggested by Lennart) introduce a syntax to pick the server address automatically.

networkd/sd-network: expose statically configured NTP servers

networkd: introduce ipip tunnel This patch enables basic ipip tunnel support. It works with kernel module ipip example conf: file: ipip.netdev [NetDev] Name=ipip-tun Kind=ipip MTUBytes=1480 [Tunnel] Local=192.168.223.238 Remote=192.169.224.239 TTL=64 file: ipip.network [Match] Name=em1 [Network] Tunnel=ipip-tun [tomegun: - drop unused variable - take ref when enslaving]

networkd: network - merge all netdev parsing into one function

libsystemd-network: move network-utils from src/shared This does not belong in shared as it is mostly a detail of our networking subsystem. Moreover, now we can use libudev here, which will simplify things.

sd-network: IPv4 link-local support [v2] Implements IPv4LL with respect to RFC 3927 (http://tools.ietf.org/rfc/rfc3927.txt) and integrates it with networkd. Majority of the IPv4LL state machine is taken from avahi (http://avahi.org/) project's autoip. IPv4LL can be enabled by IPv4LL=yes under [Network] section of .network file. IPv4LL works independent of DHCP but if DHCP lease is aquired, then LL address will be dropped. [tomegun: removed a trailing newline and a compiler warning]

networkd: add basic support for MACVLANs

.network/.netdev/.link: allow to match on architecture

networkd: netdev - allow filtering on kernel cmdline, host and virt