IfState 2.4 Configuration Schema
No Additional Propertiesadjust the implicit behaviour of ifstate
No Additional Propertiescshaper templates
All properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:cshaper profile
No Additional Propertiescake - common applications kept enhanced (CAKE)
qdisk type
Specific value:"cake"
unique id
ACKnowledge filter
ATM mode
autorate-ingress
diffserv mode
ingress
overhead
Value must be greater or equal to -64 and lesser or equal to 256
flow mode
fwmark
Value must be greater or equal to 0
memlimit
Value must be greater or equal to 0
MPU
Value must be greater or equal to 0 and lesser or equal to 256
NAT
RAW
well-known RTT
manually specify an RTT (us)
Value must be greater or equal to 1
split GSO
target
Value must be greater or equal to 1
wash
cake - common applications kept enhanced (CAKE)
qdisk type
Specific value:"cake"
unique id
ACKnowledge filter
ATM mode
autorate-ingress
diffserv mode
ingress
overhead
Value must be greater or equal to -64 and lesser or equal to 256
flow mode
fwmark
Value must be greater or equal to 0
memlimit
Value must be greater or equal to 0
MPU
Value must be greater or equal to 0 and lesser or equal to 256
NAT
RAW
well-known RTT
manually specify an RTT (us)
Value must be greater or equal to 1
split GSO
target
Value must be greater or equal to 1
wash
build a ifb ifname using a regex on the ifname
No Additional Propertiespattern to search
replace pattern by string
default settings for configured interfaces
No Additional Itemsfirst matching entry will be used, settings will be overriden by explicit configured interface settings
No Additional Propertiesapply default settings for interfaces matching any list item (OR)
No Additional Itemsall conditions that must match (AND)
No Additional Propertiesregex to match interface name
^eth\d+$
regex to match link type
^physical$
^(physical|vlan)$
implicit remove all ip addresses
implicit remove all permanent fdb entries
implicit remove all permanent ip neighbours
implicit remove all tc qdiscs
network driver and hardware settings via ethtool(8)
No Additional Propertiespause parameters
No Additional Propertiesenable pause autonegotiation
enable Rx pause
enable Tx pause
interrupt coalescing
No Additional Propertiesrx/tx ring parameters
No Additional Propertiesnumber of ring entries for the Rx ring
number of ring entries for the Rx Mini ring
number of ring entries for the Rx Jumbo ring
number of ring entries for the Tx ring
offload parameters and other features
No Additional PropertiesIf the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
Offloads IPsec ESP encryption and decryption to the NIC, reducing CPU load for encrypted traffic
Offloads checksum computation for IPsec ESP transmit packets to the NIC hardware
Merges packets from the same flow into a single larger buffer to reduce receive-side CPU load (replaced by rx-gro)
Segments oversized network packets into MTU-sized chunks in software as a fallback for hardware offloads (replaced by tx-generic-segmentation)
Allows the NIC to DMA directly to high memory, avoiding costly bounce buffering on 32-bit systems
Offloads duplication of outgoing HSR or PRP frames to the NIC hardware to save CPU cycles
Delegates forwarding of redundancy frames between HSR ring ports to hardware, reducing CPU load
Offloads insertion of HSR or PRP redundancy tags onto outgoing frames to save CPU
Removes HSR or PRP redundancy tags from received frames in hardware, reducing CPU load
Offloads traffic control classifiers and actions to hardware, reducing CPU load for packet processing
Offloads unicast packet forwarding between physical and virtual interfaces to hardware
Transmits packets to the internal receive path so the NIC retains them without sending onto the physical link
Coalesces incoming TCP packets into larger buffers to reduce CPU load; disable on router or bridge interfaces (replaced by rx-lro)
Offloads MACsec encryption and authentication to the NIC hardware to reduce CPU load
Directs matching packets to specific receive queues using programmable hardware flow filters (replaced by rx-ntuple-filter)
Offloads incoming TCP and UDP checksum verification to the NIC, reducing CPU load (replaced by rx-checksum)
Receives all frames including errored ones, useful for sniffing links with bad packets
Offloads incoming TCP and UDP checksum verification to the NIC, reducing CPU load
Appends the Ethernet frame checksum to received packets for inspection by packet analyzers
Merges packets from the same flow into a single larger buffer to reduce receive-side CPU load
Offloads GRO packet coalescing to NIC hardware to reduce CPU load
Chains forwarded TCP packets in frag lists during GRO to bypass coalesce-resegment CPU on router paths
Computes a hash of packet headers to steer received flows across multiple queues and CPUs
Coalesces incoming TCP packets into larger buffers to reduce CPU load; disable on router or bridge interfaces
Directs matching packets to specific receive queues using programmable hardware flow filters
Coalesces incoming UDP packets into larger buffers on the forwarding path to reduce per-packet CPU load
Programs the NIC to recognize UDP encapsulation ports for hardware tunnel offload
Offloads VLAN ID filtering to the NIC so packets for unregistered VLANs are dropped in hardware
Lets the NIC strip VLAN tags from received packets and pass tag metadata to the kernel, reducing CPU load
Filters incoming packets by S-tag (service VLAN) ID so unregistered frames are dropped in hardware
Enables the NIC to parse and strip incoming 802.1ad service VLAN tags in hardware, saving CPU on double-tagged traffic
Computes a hash of packet headers to steer received flows across multiple queues and CPUs (replaced by rx-hashing)
Lets the NIC strip VLAN tags from received packets and pass tag metadata to the kernel, reducing CPU load (replaced by rx-vlan-hw-parse)
Delegates TLS record encryption and TCP connection management to the NIC, bypassing the kernel stack for that socket
Offloads TLS record decryption and authentication to the NIC, reducing CPU load on receiving encrypted traffic
Offloads TLS record encryption to the NIC to reduce CPU usage on outbound connections
Offloads FCoE CRC32c checksum computation to the NIC, reducing CPU load on transmit
Offloads transport-layer checksum calculation to the NIC for all protocols and encapsulations
Offloads TCP and UDP checksum computation for outgoing IPv4 packets to the NIC hardware
Offloads TCP and UDP checksum calculation for IPv6 packets to the NIC hardware, reducing CPU load per transmitted packet
Offloads CRC32c checksum computation for outgoing SCTP packets to the NIC hardware
Segments large IPsec ESP packets into MTU-sized frames to reduce CPU load on encrypted tunnels
Segments large Fibre Channel frames in hardware to reduce CPU load for FCoE storage traffic
Segments oversized network packets into MTU-sized chunks in software as a fallback for hardware offloads
Segments large TCP packets inside GRE tunnels with an outer checksum, offloading segmentation to the NIC
Offloads segmentation of large TCP packets tunneled inside GRE to the NIC
Segments chained sub-packet buffers via GSO to reduce CPU load for SCTP traffic
Enables hardware segmentation of inner TCP payload in tunneled packets to reduce CPU load
Recalculates segmentation metadata for GSO packets from untrusted sources
Offloads segmentation of large TCP packets tunneled over IPv4, reducing CPU load on tunnel endpoints
Offloads segmentation of large TCP packets tunneled over IPv6, reducing CPU load on tunnel endpoints
Uses cache-bypassing stores when copying transmit data from user space to reduce CPU cache pollution
Allows the NIC to read packet data from discontiguous memory, reducing CPU load from copying
Lets the NIC DMA from a list of chained skbs instead of a single buffer with page fragments
Segments large SCTP messages into MTU-sized chunks to reduce per-packet CPU load
Permits TSO for Accurate ECN flows where CWR carries feedback instead of being cleared per segment
Segments ECN-marked TCP packets in hardware for CPU savings; disable if NIC corrupts CWR flags
Permits the NIC to reuse or arbitrarily assign IPv4 IDs across TSO segments, enabling hardware segmentation for tunneled TCP flows
Lets the NIC split large TCP sends into MTU-sized segments to reduce CPU load
Lets the NIC split large TCPv6 segments into MSS-sized frames to reduce per-packet CPU load
Defers inner checksum verification to the remote endpoint when segmenting tunneled packets to reduce CPU load
Segments large UDP datagrams into MTU-sized packets in hardware to reduce CPU load
Offloads segmentation of large tunneled TCP packets and outer UDP checksum computation to the NIC
Offloads segmentation of oversized TCP packets inside UDP tunnels to NIC hardware, reducing CPU load
Offloads 802.1Q VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing tagged traffic
Offloads 802.1ad service VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing Q-in-Q traffic
Offloads 802.1Q VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing tagged traffic (replaced by tx-vlan-hw-insert)
Indicates the device hardware cannot process 802.1Q VLAN-tagged packets
device settings
No Additional Propertiesspeed in Mbps
full or half duplex mode
device port selection
MDI-X mode for port
enable autonegotation
speed and duplex advertised by autonegotation
PHY address
transceiver type
Wake-on-LAN options
Must match regular expression:^[pumbagsfd]+$
SecureOnâ„¢ password
Must match regular expression:^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$
driver message flags
driver message flags by number
driver message flags by name
No Additional Itemsflag name
enable flag
number of channels
No Additional Propertiesnumber of channels with only receive queues
number of channels with only transmit queues
number of channels used only for other purposes
number of multi-purpose channels
Energy-Efficient Ethernet (according to the IEEE 802.3az specifications)
No Additional Propertiesenable EEE support
assert Tx LPI
sets the speed for which EEE should be enabled (see also change.advertise)
amount of idle time prior asserting Tx LPI (in microseconds)
PHY tunable parameters
No Additional Propertiesenable downshift
enable downshift
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable downshift
REQUIRED
PHY downshift re-tries count
enable Fast Link Down
enable Fast Link Down
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable Fast Link Down
REQUIRED
period after which the link is reported as down
enable Energy Detect Power Down (EDPD)
enable EDPD
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable EDPD
REQUIRED
wake-up interval for Tx pulses
private flags
Forward Error Correction
No Additional PropertiesFEC encoding
implicit link settings for matching interfaces
No Additional Propertiesspecifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the base link name or index
specifies the base link's netns name or null if the link isn't in a netns namespace
default settings for configured interfaces
No Additional Itemsfirst matching entry will be used, settings will be overriden by explicit configured interface settings
No Additional Propertiesapply default settings for interfaces matching any list item (OR)
No Additional Itemsall conditions that must match (AND)
No Additional Propertiesregex to match interface name
^eth\d+$
regex to match link type
^physical$
^(physical|vlan)$
implicit remove all ip addresses
implicit remove all permanent fdb entries
implicit remove all permanent ip neighbours
implicit remove all tc qdiscs
network driver and hardware settings via ethtool(8)
No Additional Propertiespause parameters
No Additional Propertiesenable pause autonegotiation
enable Rx pause
enable Tx pause
interrupt coalescing
No Additional Propertiesrx/tx ring parameters
No Additional Propertiesnumber of ring entries for the Rx ring
number of ring entries for the Rx Mini ring
number of ring entries for the Rx Jumbo ring
number of ring entries for the Tx ring
offload parameters and other features
No Additional PropertiesIf the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
Offloads IPsec ESP encryption and decryption to the NIC, reducing CPU load for encrypted traffic
Offloads checksum computation for IPsec ESP transmit packets to the NIC hardware
Merges packets from the same flow into a single larger buffer to reduce receive-side CPU load (replaced by rx-gro)
Segments oversized network packets into MTU-sized chunks in software as a fallback for hardware offloads (replaced by tx-generic-segmentation)
Allows the NIC to DMA directly to high memory, avoiding costly bounce buffering on 32-bit systems
Offloads duplication of outgoing HSR or PRP frames to the NIC hardware to save CPU cycles
Delegates forwarding of redundancy frames between HSR ring ports to hardware, reducing CPU load
Offloads insertion of HSR or PRP redundancy tags onto outgoing frames to save CPU
Removes HSR or PRP redundancy tags from received frames in hardware, reducing CPU load
Offloads traffic control classifiers and actions to hardware, reducing CPU load for packet processing
Offloads unicast packet forwarding between physical and virtual interfaces to hardware
Transmits packets to the internal receive path so the NIC retains them without sending onto the physical link
Coalesces incoming TCP packets into larger buffers to reduce CPU load; disable on router or bridge interfaces (replaced by rx-lro)
Offloads MACsec encryption and authentication to the NIC hardware to reduce CPU load
Directs matching packets to specific receive queues using programmable hardware flow filters (replaced by rx-ntuple-filter)
Offloads incoming TCP and UDP checksum verification to the NIC, reducing CPU load (replaced by rx-checksum)
Receives all frames including errored ones, useful for sniffing links with bad packets
Offloads incoming TCP and UDP checksum verification to the NIC, reducing CPU load
Appends the Ethernet frame checksum to received packets for inspection by packet analyzers
Merges packets from the same flow into a single larger buffer to reduce receive-side CPU load
Offloads GRO packet coalescing to NIC hardware to reduce CPU load
Chains forwarded TCP packets in frag lists during GRO to bypass coalesce-resegment CPU on router paths
Computes a hash of packet headers to steer received flows across multiple queues and CPUs
Coalesces incoming TCP packets into larger buffers to reduce CPU load; disable on router or bridge interfaces
Directs matching packets to specific receive queues using programmable hardware flow filters
Coalesces incoming UDP packets into larger buffers on the forwarding path to reduce per-packet CPU load
Programs the NIC to recognize UDP encapsulation ports for hardware tunnel offload
Offloads VLAN ID filtering to the NIC so packets for unregistered VLANs are dropped in hardware
Lets the NIC strip VLAN tags from received packets and pass tag metadata to the kernel, reducing CPU load
Filters incoming packets by S-tag (service VLAN) ID so unregistered frames are dropped in hardware
Enables the NIC to parse and strip incoming 802.1ad service VLAN tags in hardware, saving CPU on double-tagged traffic
Computes a hash of packet headers to steer received flows across multiple queues and CPUs (replaced by rx-hashing)
Lets the NIC strip VLAN tags from received packets and pass tag metadata to the kernel, reducing CPU load (replaced by rx-vlan-hw-parse)
Delegates TLS record encryption and TCP connection management to the NIC, bypassing the kernel stack for that socket
Offloads TLS record decryption and authentication to the NIC, reducing CPU load on receiving encrypted traffic
Offloads TLS record encryption to the NIC to reduce CPU usage on outbound connections
Offloads FCoE CRC32c checksum computation to the NIC, reducing CPU load on transmit
Offloads transport-layer checksum calculation to the NIC for all protocols and encapsulations
Offloads TCP and UDP checksum computation for outgoing IPv4 packets to the NIC hardware
Offloads TCP and UDP checksum calculation for IPv6 packets to the NIC hardware, reducing CPU load per transmitted packet
Offloads CRC32c checksum computation for outgoing SCTP packets to the NIC hardware
Segments large IPsec ESP packets into MTU-sized frames to reduce CPU load on encrypted tunnels
Segments large Fibre Channel frames in hardware to reduce CPU load for FCoE storage traffic
Segments oversized network packets into MTU-sized chunks in software as a fallback for hardware offloads
Segments large TCP packets inside GRE tunnels with an outer checksum, offloading segmentation to the NIC
Offloads segmentation of large TCP packets tunneled inside GRE to the NIC
Segments chained sub-packet buffers via GSO to reduce CPU load for SCTP traffic
Enables hardware segmentation of inner TCP payload in tunneled packets to reduce CPU load
Recalculates segmentation metadata for GSO packets from untrusted sources
Offloads segmentation of large TCP packets tunneled over IPv4, reducing CPU load on tunnel endpoints
Offloads segmentation of large TCP packets tunneled over IPv6, reducing CPU load on tunnel endpoints
Uses cache-bypassing stores when copying transmit data from user space to reduce CPU cache pollution
Allows the NIC to read packet data from discontiguous memory, reducing CPU load from copying
Lets the NIC DMA from a list of chained skbs instead of a single buffer with page fragments
Segments large SCTP messages into MTU-sized chunks to reduce per-packet CPU load
Permits TSO for Accurate ECN flows where CWR carries feedback instead of being cleared per segment
Segments ECN-marked TCP packets in hardware for CPU savings; disable if NIC corrupts CWR flags
Permits the NIC to reuse or arbitrarily assign IPv4 IDs across TSO segments, enabling hardware segmentation for tunneled TCP flows
Lets the NIC split large TCP sends into MTU-sized segments to reduce CPU load
Lets the NIC split large TCPv6 segments into MSS-sized frames to reduce per-packet CPU load
Defers inner checksum verification to the remote endpoint when segmenting tunneled packets to reduce CPU load
Segments large UDP datagrams into MTU-sized packets in hardware to reduce CPU load
Offloads segmentation of large tunneled TCP packets and outer UDP checksum computation to the NIC
Offloads segmentation of oversized TCP packets inside UDP tunnels to NIC hardware, reducing CPU load
Offloads 802.1Q VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing tagged traffic
Offloads 802.1ad service VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing Q-in-Q traffic
Offloads 802.1Q VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing tagged traffic (replaced by tx-vlan-hw-insert)
Indicates the device hardware cannot process 802.1Q VLAN-tagged packets
device settings
No Additional Propertiesspeed in Mbps
full or half duplex mode
device port selection
MDI-X mode for port
enable autonegotation
speed and duplex advertised by autonegotation
PHY address
transceiver type
Wake-on-LAN options
Must match regular expression:^[pumbagsfd]+$
SecureOnâ„¢ password
Must match regular expression:^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$
driver message flags
driver message flags by number
driver message flags by name
No Additional Itemsflag name
enable flag
number of channels
No Additional Propertiesnumber of channels with only receive queues
number of channels with only transmit queues
number of channels used only for other purposes
number of multi-purpose channels
Energy-Efficient Ethernet (according to the IEEE 802.3az specifications)
No Additional Propertiesenable EEE support
assert Tx LPI
sets the speed for which EEE should be enabled (see also change.advertise)
amount of idle time prior asserting Tx LPI (in microseconds)
PHY tunable parameters
No Additional Propertiesenable downshift
enable downshift
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable downshift
REQUIRED
PHY downshift re-tries count
enable Fast Link Down
enable Fast Link Down
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable Fast Link Down
REQUIRED
period after which the link is reported as down
enable Energy Detect Power Down (EDPD)
enable EDPD
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable EDPD
REQUIRED
wake-up interval for Tx pulses
private flags
Forward Error Correction
No Additional PropertiesFEC encoding
implicit link settings for matching interfaces
No Additional Propertiesspecifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the base link name or index
specifies the base link's netns name or null if the link isn't in a netns namespace
hooks are executed on interface configuration and can be used to spawn commands like DHCP client, wpa_supplicant or pppd.
All properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:hook properties
No Additional Propertiesfilename to be executed on interface configuration: the hook name will be used by default; relatives file are based on /etc/ifstate/hooks
Must be at least 1 characters long
specify if the activation of this hook should follow the vrrp state for interfaces with a vrrp constraint
aliases for dependency tracking
No Additional Itemshooks which should to be run before executing this script (hook names and provides)
No Additional Itemsignore patterns to skip interface, ip address or routing objects
No Additional Propertieslist of ip address prefixes to be ignored
No Additional Itemsip prefix the destination matches
2001:db8::/64
prefix that must contain the destination address
2001:db8::/64
regex to match the interface name
eth0
regex to match the label value
routing protocol number (/etc/iproute2/rt_addrprotos) to match
scope (/etc/iproute2/rt_scopes) to match
list of ip address prefixes to be ignored
No Additional Itemsip prefix the destination matches
2001:db8::/64
prefix that must contain the destination address
2001:db8::/64
regex to match the interface name
eth0
regex to match the label value
routing protocol number (/etc/iproute2/rt_addrprotos) to match
scope (/etc/iproute2/rt_scopes) to match
ignore dynamic assigned ip addresses
interface names matching this list of regex will be ignored
No Additional Itemsregex to match interface name
^br-[\da-f]{12}
^docker\d+
^lo$
^ppp\d+$
^veth
^virbr\d+
^vrrp\d*\.\d+$
interface names matching this list of regex will be ignored
No Additional Itemsregex to match interface name
^br-[\da-f]{12}
^docker\d+
^lo$
^ppp\d+$
^veth
^virbr\d+
^vrrp\d*\.\d+$
fdb entries matching this list of regex will be ignored
No Additional Itemsregex to match link-local addresses
^33:33:
^01:00:5e:
fdb entries matching this list of regex will be ignored
No Additional Itemsregex to match link-local addresses
^33:33:
^01:00:5e:
filter routes by options
No Additional Itemsfilter routes by options
No Additional Itemsfilter rules by options
No Additional Itemsthe type of this rule
the priority of this rule
Value must be greater or equal to 0 and lesser or equal to 4294967295
select the source prefix to match
select the destination prefix to match
select the incoming device to match
select the outgoing device to match
routing protocol number (/etc/iproute2/rt_protos)
select the fwmark value to match
select the ip protocol to match
filter rules by options
No Additional Itemsthe type of this rule
the priority of this rule
Value must be greater or equal to 0 and lesser or equal to 4294967295
select the source prefix to match
select the destination prefix to match
select the incoming device to match
select the outgoing device to match
routing protocol number (/etc/iproute2/rt_protos)
select the fwmark value to match
select the ip protocol to match
netns namespaces matching this list of regex will be ignored
No Additional Itemsregex to match interface name
^tenant-\d+
Use this machine-id instead of the value from /etc/machine-id or /var/lib/dbus/machine-id.
Must be at least 1 characters long
load and pin eBPF programs (i.e. for XDP)
All properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:BPF program
No Additional PropertiesBPF ELF file to load
BPF program's section name
dictionary of interfaces related settings, the name of the interface needs to be specified as key
No Additional PropertiesAll properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:^[^/ ]{1,15}$
netlink and devicetree attributes to identify a specific physical interface; all given attributes must match; if more than a single interface does match, any one is taken; ifstatecli identify can be used to show available attributes
select interface by permanent address [ethtool -P]
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
select interface by bus info [ethtool -i]
select interface by bus name
identifier of the physical port
name of the physical port
identifier of the physical switch
path to the device node in the open firmware devicetree; this is only available if the platform has devicetree support
ip addresses of the interface
No Additional Itemsip address with prefix length in CIDR notation
192.0.2.1
192.168.0.1/24
2001:db8::1/64
ip address with prefix length in CIDR notation
192.0.2.1
192.168.0.1/24
2001:db8::1/64
set label string
Must be at most 15 characters long
configures the local IP address on a point-to-point link, making address the peer's network
192.0.2.1
2001:db8::1
set protocol instance (/etc/iproute2/rt_addrprotos)
the scope (/etc/iproute2/rt_scopes) where the address is valid
IPv6 tokenized interface identifier (draft-chown-6man-tokenised-ipv6-identifiers-02)
settings for bridge ports
No Additional Propertiesset port priority
Value must be greater or equal to 0 and lesser or equal to 63
set port cost
filter BPDU packets
enable hairpin mode
enable multicast fast leave
prevent to become a root port
allow MAC address learning
flood unknown unicasts
flood broadcasts
flood multicasts
clone multicast packets into unicasts
enable proxy ARP
enable proxy ARP (IEEE 802.11 and Hotspot 2.0)
ARP and ND suppression
VLAN to tunnel mapping
backup bridge port on loss carrier
isolated port, can communicate only with non-isolated ports
bridge VLAN membership for bridge ports
No Additional ItemsVLAN ID
Value must be greater or equal to 1 and lesser or equal to 4094
VLAN is the port VLAN ID (PVID)
egress traffic for this VLAN is sent untagged
VLAN entry on the bridge device itself instead of a bridge port (equivalent to bridge vlan add ... self)
forwarding database for bridge interfaces, the entries are distinct by the lladdr property
destination link layer address
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
ip address of the destination VXLAN tunnel endpoint
ecmp nexthop group for the VXLAN device driver
Value must be greater or equal to 1
destination port number to use to connect to the remote VXLAN tunnel endpoint
Value must be greater or equal to 0 and lesser or equal to 65535
virtual network identifier this entry belongs to
Value must be greater or equal to 0 and lesser or equal to 16777215
the VLAN ID this entry belongs to
Value must be greater or equal to 0 and lesser or equal to 4096
list of hook names enabled for the interfaces
No Additional Itemsdictonary to be passed to hooks as environment variables
hook execution timeout in seconds
configure depending on vrrp status
No Additional Propertiesrelated vrrp INSTANCE or GROUP name
failover type
states at which the interface should be configured
No Additional Itemslink settings of the interface
Intermediate Functional Block device
No Additional Propertieslink type
Specific value:"ifb"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Virtual tunnel interface IPv4|IPv6 over IPv6
link type
Specific value:"ip6tnl"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
IP over Infiniband device
link type
Specific value:"ipoib"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Interface for L3 (IPv6/IPv4) based VLANs
link type
Specific value:"ipvlan"
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Virtual interface base on link layer address (MAC)
link type
Specific value:"macvlan"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Virtual interface based on link layer address (MAC) and TAP
link type
Specific value:"macvtap"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Team network device
link type
Specific value:"team"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Virtual software device (TUN/TAP)
No Additional Propertieslink type
Specific value:"tun"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
device mode (Ethernet headers)
provide packet information
persistent device; non-persistent devices cannot be created
prepend frames with struct virtionethdr
enable multiqueue tuntap
device owner
device group
Virtual Routing and Forwarding device
No Additional Propertieslink type
Specific value:"vrf"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
routing table associated with the VRF device
symbolic name for easy reference
Virtual tunnel interface over IPv4
link type
Specific value:"vti"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Virtual tunnel interface over IPv6
link type
Specific value:"vti6"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Bonding network interface
No Additional Propertieslink type
Specific value:"bond"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
the bonding policy
MII link monitoring frequency in milliseconds
Value must be greater or equal to 0
time, in milliseconds, to wait before enabling a slave after a link recovery has been detected
Value must be greater or equal to 0
time, in milliseconds, to wait before disabling a slave after a link failure has been detected
Value must be greater or equal to 0
use MII or ETHTOOL ioctls vs. netifcarrierok() to determine the link status
ARP link monitoring frequency in milliseconds
Value must be greater or equal to 0
arp validation for arp monitoring
quantity of arpiptargets that must be reachable
reselection policy for the primary slave
slave mac address selection
transmit hash policy to use for slave selection
number of IGMP membership reports to be issued after a failover event
Value must be greater or equal to 0 and lesser or equal to 255
Value must be greater or equal to 0
dropped (0) or delivered (1) duplicate frames
number of links that must be active before asserting carrier
Value must be greater or equal to 0
number of seconds between instances where the bonding driver sends learning packets to each slaves peer switch
Value must be greater or equal to 0 and lesser or equal to 2147483647
number of packets to transmit through a slave before moving to the next one
Value must be greater or equal to 0 and lesser or equal to 65535
requested LACPDU packet rate in 802.3ad mode
802.3ad aggregation selection logic to use
dynamic shuffling of flows in tlb mode
Bridge network interface
link type
Specific value:"bridge"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
FDB entry ageing time in milliseconds
Value must be greater or equal to 0
802.1q or 802.1ad (Q-in-Q)
enable VLAN filtering on bridge
enable per-VLAN stats on bridge
enable per-VLAN per-port stats on bridge
bridge default PVID
Value must be greater or equal to 0 and lesser or equal to 4094
Distributed Switch Architecture (DSA) user interface
No Additional Propertieslink type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the base link name or index
specifies the base link's netns name or null if the link isn't in a netns namespace
MACSEC interface
No Additional Propertieslink type
Specific value:"macsec"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the base link name or index
specifies the base link's netns name or null if the link isn't in a netns namespace
Physical network interface
No Additional Propertieslink type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Dummy network interface
No Additional Propertieslink type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
VETH/VXCAN interface
No Additional Propertieslink type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
specifies the base link name or index
specifies the peer's netns name or null if the peer isn't in a netns namespace
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
external created VETH/VXCAN interface
No Additional Propertieslink type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
VLAN interface
No Additional Propertieslink type
Specific value:"vlan"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the base link name or index
specifies the base link's netns name or null if the link isn't in a netns namespace
whether ethernet headers are reordered or not
whether this VLAN should be registered using GARP VLAN Registration Protocol
whether the VLAN device state is bound to the physical device state
whether this VLAN should be registered using Multiple VLAN Registration Protocol
whether the VLAN device link state tracks the state of bridge ports that are members of the VLAN
specifies the VLAN identifier to use
Value must be greater or equal to 0 and lesser or equal to 4094
802.1q or 802.1ad (Q-in-Q)
VXLAN interface
No Additional Propertieslink type
Specific value:"vxlan"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the VNI
Value must be greater or equal to 0 and lesser or equal to 16777215
specifies the lifetime in seconds of FDB entries learnt by the kernel (0: none)
Value must be greater or equal to 0 and lesser or equal to 4294967296
specifies the usage of the DF bit in outgoing packets with IPv4 headers
specifies a fixed flowlabel
Value must be greater or equal to 0 and lesser or equal to 1048575
specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device fdb
Value must be greater or equal to 0 and lesser or equal to 1
specifies the maximum number of FDB entries (0: none)
Value must be greater or equal to 0 and lesser or equal to 4294967296
specifies the UDP destination port to communicate to the remote VXLAN tunnel endpoint
Value must be greater or equal to 0 and lesser or equal to 65535
specifies the range of port numbers to use as UDP source ports to communicate to the remote VXLAN tunnel endpoint
No Additional PropertiesValue must be greater or equal to 0 and lesser or equal to 65535
Value must be greater or equal to 0 and lesser or equal to 65535
specifies if ARP proxy is turned on
Value must be greater or equal to 0 and lesser or equal to 1
specifies if route short circuit is turned on
Value must be greater or equal to 0 and lesser or equal to 1
specifies if netlink LLADDR miss notifications are generated
Value must be greater or equal to 0 and lesser or equal to 1
specifies if netlink IP ADDR miss notifications are generated
Value must be greater or equal to 0 and lesser or equal to 1
specifies if UDP checksum is calculated for tx packets over IPv4
Value must be greater or equal to 0 and lesser or equal to 1
interface to use for tunnel endpoint communication
tunnel source IPv4 address
tunnel source IPv6 address
remote unicast destination or multicast group IPv4 address
remote unicast destination or multicast group IPv6 address
specifies the TOS value to use in outgoing packets (0: inherit)
Value must be greater or equal to 0 and lesser or equal to 255
specifies the TTL value to use in outgoing packets (0: auto)
Value must be greater or equal to 0 and lesser or equal to 255
control whether TTL is propagated
IPIP interface
No Additional Propertieslink type
Specific value:"ipip"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
SIT interface
No Additional Propertieslink type
Specific value:"sit"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
GRE interface
No Additional Propertieslink type
Specific value:"gre"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
interface to use for tunnel endpoint communication
GRETAP interface
No Additional Propertieslink mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
link type
Specific value:"gretap"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
interface to use for tunnel endpoint communication
IP6GRE interface
No Additional Propertieslink type
Specific value:"ip6gre"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
interface to use for tunnel endpoint communication
IP6GRETAP interface
No Additional Propertieslink type
Specific value:"ip6gretap"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
interface to use for tunnel endpoint communication
GENEVE interface over IPv4
No Additional Propertieslink type
Specific value:"geneve"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the VNI to use
Value must be greater or equal to 0 and lesser or equal to 16777215
remote IPv4 address of the tunnel
GENEVE interface over IPv6
No Additional Propertieslink type
Specific value:"geneve"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the VNI to use
Value must be greater or equal to 0 and lesser or equal to 16777215
remote IPv4 address of the tunnel
WireGuard interface; WireGuard settings can be configured using a wireguard block
link type
Specific value:"wireguard"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
XFRM interface
No Additional Propertieslink type
Specific value:"xfrm"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
underlying interface used to send and receive the transformed traffic
lookup key to match xfrm policies
Value must be greater or equal to 0 and lesser or equal to 4294967295
static ARP or NDISC cache entries
No Additional Itemsprotocol address of the neighbour
link layer address of the neighbour
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
interface sysctl settings
No Additional Propertiessettings in /proc/sys/net/ipv4/<interface>/conf/
settings in /proc/sys/net/ipv6/<interface>/conf/
perform Optimistic Duplicate Address Detection (RFC 4429); This option is enabled by default in ifstate!
MPLS interface sysctl settings in /proc/sys/net/mpls/<interface>/
control whether packets can be input on this interface
Value must be greater or equal to 0 and lesser or equal to 1
network driver and hardware settings via ethtool(8)
No Additional Propertiespause parameters
No Additional Propertiesenable pause autonegotiation
enable Rx pause
enable Tx pause
interrupt coalescing
No Additional Propertiesrx/tx ring parameters
No Additional Propertiesnumber of ring entries for the Rx ring
number of ring entries for the Rx Mini ring
number of ring entries for the Rx Jumbo ring
number of ring entries for the Tx ring
offload parameters and other features
No Additional PropertiesIf the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
Offloads IPsec ESP encryption and decryption to the NIC, reducing CPU load for encrypted traffic
Offloads checksum computation for IPsec ESP transmit packets to the NIC hardware
Merges packets from the same flow into a single larger buffer to reduce receive-side CPU load (replaced by rx-gro)
Segments oversized network packets into MTU-sized chunks in software as a fallback for hardware offloads (replaced by tx-generic-segmentation)
Allows the NIC to DMA directly to high memory, avoiding costly bounce buffering on 32-bit systems
Offloads duplication of outgoing HSR or PRP frames to the NIC hardware to save CPU cycles
Delegates forwarding of redundancy frames between HSR ring ports to hardware, reducing CPU load
Offloads insertion of HSR or PRP redundancy tags onto outgoing frames to save CPU
Removes HSR or PRP redundancy tags from received frames in hardware, reducing CPU load
Offloads traffic control classifiers and actions to hardware, reducing CPU load for packet processing
Offloads unicast packet forwarding between physical and virtual interfaces to hardware
Transmits packets to the internal receive path so the NIC retains them without sending onto the physical link
Coalesces incoming TCP packets into larger buffers to reduce CPU load; disable on router or bridge interfaces (replaced by rx-lro)
Offloads MACsec encryption and authentication to the NIC hardware to reduce CPU load
Directs matching packets to specific receive queues using programmable hardware flow filters (replaced by rx-ntuple-filter)
Offloads incoming TCP and UDP checksum verification to the NIC, reducing CPU load (replaced by rx-checksum)
Receives all frames including errored ones, useful for sniffing links with bad packets
Offloads incoming TCP and UDP checksum verification to the NIC, reducing CPU load
Appends the Ethernet frame checksum to received packets for inspection by packet analyzers
Merges packets from the same flow into a single larger buffer to reduce receive-side CPU load
Offloads GRO packet coalescing to NIC hardware to reduce CPU load
Chains forwarded TCP packets in frag lists during GRO to bypass coalesce-resegment CPU on router paths
Computes a hash of packet headers to steer received flows across multiple queues and CPUs
Coalesces incoming TCP packets into larger buffers to reduce CPU load; disable on router or bridge interfaces
Directs matching packets to specific receive queues using programmable hardware flow filters
Coalesces incoming UDP packets into larger buffers on the forwarding path to reduce per-packet CPU load
Programs the NIC to recognize UDP encapsulation ports for hardware tunnel offload
Offloads VLAN ID filtering to the NIC so packets for unregistered VLANs are dropped in hardware
Lets the NIC strip VLAN tags from received packets and pass tag metadata to the kernel, reducing CPU load
Filters incoming packets by S-tag (service VLAN) ID so unregistered frames are dropped in hardware
Enables the NIC to parse and strip incoming 802.1ad service VLAN tags in hardware, saving CPU on double-tagged traffic
Computes a hash of packet headers to steer received flows across multiple queues and CPUs (replaced by rx-hashing)
Lets the NIC strip VLAN tags from received packets and pass tag metadata to the kernel, reducing CPU load (replaced by rx-vlan-hw-parse)
Delegates TLS record encryption and TCP connection management to the NIC, bypassing the kernel stack for that socket
Offloads TLS record decryption and authentication to the NIC, reducing CPU load on receiving encrypted traffic
Offloads TLS record encryption to the NIC to reduce CPU usage on outbound connections
Offloads FCoE CRC32c checksum computation to the NIC, reducing CPU load on transmit
Offloads transport-layer checksum calculation to the NIC for all protocols and encapsulations
Offloads TCP and UDP checksum computation for outgoing IPv4 packets to the NIC hardware
Offloads TCP and UDP checksum calculation for IPv6 packets to the NIC hardware, reducing CPU load per transmitted packet
Offloads CRC32c checksum computation for outgoing SCTP packets to the NIC hardware
Segments large IPsec ESP packets into MTU-sized frames to reduce CPU load on encrypted tunnels
Segments large Fibre Channel frames in hardware to reduce CPU load for FCoE storage traffic
Segments oversized network packets into MTU-sized chunks in software as a fallback for hardware offloads
Segments large TCP packets inside GRE tunnels with an outer checksum, offloading segmentation to the NIC
Offloads segmentation of large TCP packets tunneled inside GRE to the NIC
Segments chained sub-packet buffers via GSO to reduce CPU load for SCTP traffic
Enables hardware segmentation of inner TCP payload in tunneled packets to reduce CPU load
Recalculates segmentation metadata for GSO packets from untrusted sources
Offloads segmentation of large TCP packets tunneled over IPv4, reducing CPU load on tunnel endpoints
Offloads segmentation of large TCP packets tunneled over IPv6, reducing CPU load on tunnel endpoints
Uses cache-bypassing stores when copying transmit data from user space to reduce CPU cache pollution
Allows the NIC to read packet data from discontiguous memory, reducing CPU load from copying
Lets the NIC DMA from a list of chained skbs instead of a single buffer with page fragments
Segments large SCTP messages into MTU-sized chunks to reduce per-packet CPU load
Permits TSO for Accurate ECN flows where CWR carries feedback instead of being cleared per segment
Segments ECN-marked TCP packets in hardware for CPU savings; disable if NIC corrupts CWR flags
Permits the NIC to reuse or arbitrarily assign IPv4 IDs across TSO segments, enabling hardware segmentation for tunneled TCP flows
Lets the NIC split large TCP sends into MTU-sized segments to reduce CPU load
Lets the NIC split large TCPv6 segments into MSS-sized frames to reduce per-packet CPU load
Defers inner checksum verification to the remote endpoint when segmenting tunneled packets to reduce CPU load
Segments large UDP datagrams into MTU-sized packets in hardware to reduce CPU load
Offloads segmentation of large tunneled TCP packets and outer UDP checksum computation to the NIC
Offloads segmentation of oversized TCP packets inside UDP tunnels to NIC hardware, reducing CPU load
Offloads 802.1Q VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing tagged traffic
Offloads 802.1ad service VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing Q-in-Q traffic
Offloads 802.1Q VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing tagged traffic (replaced by tx-vlan-hw-insert)
Indicates the device hardware cannot process 802.1Q VLAN-tagged packets
device settings
No Additional Propertiesspeed in Mbps
full or half duplex mode
device port selection
MDI-X mode for port
enable autonegotation
speed and duplex advertised by autonegotation
PHY address
transceiver type
Wake-on-LAN options
Must match regular expression:^[pumbagsfd]+$
SecureOnâ„¢ password
Must match regular expression:^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$
driver message flags
driver message flags by number
driver message flags by name
No Additional Itemsflag name
enable flag
number of channels
No Additional Propertiesnumber of channels with only receive queues
number of channels with only transmit queues
number of channels used only for other purposes
number of multi-purpose channels
Energy-Efficient Ethernet (according to the IEEE 802.3az specifications)
No Additional Propertiesenable EEE support
assert Tx LPI
sets the speed for which EEE should be enabled (see also change.advertise)
amount of idle time prior asserting Tx LPI (in microseconds)
PHY tunable parameters
No Additional Propertiesenable downshift
enable downshift
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable downshift
REQUIRED
PHY downshift re-tries count
enable Fast Link Down
enable Fast Link Down
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable Fast Link Down
REQUIRED
period after which the link is reported as down
enable Energy Detect Power Down (EDPD)
enable EDPD
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable EDPD
REQUIRED
wake-up interval for Tx pulses
private flags
Forward Error Correction
No Additional PropertiesFEC encoding
simple shaper setup based on the cake queue discipline; replaces any tc settings
No Additional Propertiestarget ingress bandwidth
target egress bandwidth
cshaper profile
settings for traffic control
No Additional Propertiesenable the ingress qdisc for policing and shaping in ingress
root queueing disciplines
generic classless qdisc
qdisk type
cake - common applications kept enhanced (CAKE)
qdisk type
Specific value:"cake"
unique id
ACKnowledge filter
ATM mode
autorate-ingress
diffserv mode
ingress
overhead
Value must be greater or equal to -64 and lesser or equal to 256
flow mode
fwmark
Value must be greater or equal to 0
memlimit
Value must be greater or equal to 0
MPU
Value must be greater or equal to 0 and lesser or equal to 256
NAT
RAW
well-known RTT
manually specify an RTT (us)
Value must be greater or equal to 1
split GSO
target
Value must be greater or equal to 1
wash
choke - choose and keep scheduler
qdisk type
Specific value:"choke"
CoDel - Controlled-Delay Active Queue Management algorithm
qdisk type
Specific value:"codel"
bfifo - Byte limited First In, First Out queue; pfifo - Packet limited First In, First Out queue
No Additional Propertiesqdisk type
queue size in bytes or packets
fq - Fair Queue traffic policing
qdisk type
Specific value:"fq"
hard limit on the real queue size (number of packets)
hard limit on the max number of packets per flow
fq_codel - Fair Queuing (FQ) with Controlled Delay (CoDel)
qdisk type
Specific value:"fq_codel"
hard limit on the real queue size (number of packets)
number of flows
generic classful qdisc
qdisk type
classful multiqueue dummy scheduler
qdisk type
Specific value:"mq"
list child qdiscs for each device TX queue
No Additional Itemsunique id
filter used by qdiscs
No Additional Itemsbasic - basic traffic control filter
No Additional Propertiesqdisc id
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
No Additional Itemsmirred - mirror/redirect action
No Additional Properties"mirred"
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
vlan - vlan manipulation module
No Additional Properties"vlan"
VLAN id
Value must be greater or equal to 0 and lesser or equal to 4095
VLAN priority
Value must be greater or equal to 0 and lesser or equal to 7
match packets using the extended match infrastructure
No Additional Itemsflow - flow based traffic control filter
filter mode
map to class ID by key
filter mode
hash over keys for class ID calculation
No Additional Itemsrehashing interval (in seconds)
Value must be greater or equal to 0 and lesser or equal to 294967295
qdisc id
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
No Additional Itemsmirred - mirror/redirect action
No Additional Properties"mirred"
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
vlan - vlan manipulation module
No Additional Properties"vlan"
VLAN id
Value must be greater or equal to 0 and lesser or equal to 4095
VLAN priority
Value must be greater or equal to 0 and lesser or equal to 7
offset for the class ID calculation
Value must be greater or equal to 0 and lesser or equal to 65535
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
fw - fwmark traffic control filter
No Additional Propertiesqdisc id
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
No Additional Itemsmirred - mirror/redirect action
No Additional Properties"mirred"
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
vlan - vlan manipulation module
No Additional Properties"vlan"
VLAN id
Value must be greater or equal to 0 and lesser or equal to 4095
VLAN priority
Value must be greater or equal to 0 and lesser or equal to 7
fwmark (iptables) to match
Value must be greater or equal to 0
matchall - traffic control filter that matches every packet
No Additional Propertiesqdisc id
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
No Additional Itemsmirred - mirror/redirect action
No Additional Properties"mirred"
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
vlan - vlan manipulation module
No Additional Properties"vlan"
VLAN id
Value must be greater or equal to 0 and lesser or equal to 4095
VLAN priority
Value must be greater or equal to 0 and lesser or equal to 7
push matching packets into class
Value must be greater or equal to 0 and lesser or equal to 4294967295
process flags (1: SKIPHW, 2: SKIPSW)
Value must be greater or equal to 0 and lesser or equal to 4294967295
filter type
settings for WireGuard interfaces
No Additional Propertieslocal private key (consider to use the !include tag to read the key from file)
port for listening
Value must be greater or equal to 0 and lesser or equal to 65535
fwmark for outgoing packets
Value must be greater or equal to 0 and lesser or equal to 4294967295
add routes for peer's prefixes to the specified routing table, required routing quirks for peer endpoint addresses (i.e. when the default route points into wireguard) are not added automatically
main
dictonary with peers: the keys of the dictionary are the public keys of the peers (base64 encoded)
No Additional PropertiesAll properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:^[-A-Za-z0-9+/]{43}=$
initial endpoint IP or hostname
keepalive interval seconds
Value must be greater or equal to 0 and lesser or equal to 65535
list of prefixes in CIDR notation
No Additional Itemssettings for XDP ("eXpress Data Path") BPF program
remove attached XDP program
attach already pinned XDP program
No Additional Propertiespath to already pinned XDP program
BPF program from ifstate's bpf config section
No Additional PropertiesBPF program (key in bpf config section)
The mac_seed is used to assign reproducible MAC addresses to virtual interfaces. The default mac_seed is based on the host's machine-id and the network namespace of the interface. Interfaces with identical names and mac_seed gets the same MAC addresses.
Must be at least 1 characters long
Do not handle MAC addresses for virtual interfaces. If an interfaces has no link.address property, it will get a random MAC addresses assigned by the Linux kernel.
the type of this route
the output device name
the nexthop router is forced on link
the routing protool identifier of this route
the realm to which this route is assigned
the scope (/etc/iproute2/rt_scopes) of the destinations covered by the route prefix
the table to add this route to
the destination prefix of the route
address of the nexthop router
configure depending on vrrp status
No Additional Propertiesrelated vrrp INSTANCE or GROUP name
failover type
states at which the interface should be configured
No Additional Itemsthe source address to prefer
preference of the route
Value must be greater or equal to 0 and lesser or equal to 4294967295
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
"to_tbl"
the type of this rule
the priority of this rule
Value must be greater or equal to 0 and lesser or equal to 4294967295
select the source prefix to match
select the destination prefix to match
select the incoming device to match
select the outgoing device to match
routing protocol number (/etc/iproute2/rt_protos)
select the fwmark value to match
select the ip protocol to match
configure depending on vrrp status
No Additional Propertiesrelated vrrp INSTANCE or GROUP name
failover type
states at which the interface should be configured
No Additional ItemsIP family (IPv4 or IPv6) to add the rule to. One of AF_INET, inet, 2 for IPv4 or AF_INET6, inet6, 10 for IPv6. Leave undefined to let ifstate and pyroute2 automatically detect it from the 'to' and 'from' addresses, defaulting to IPv4.
network sysctl settings
No Additional Propertiesoverrides per interface sysctl settings in /proc/sys/net/ipv*/conf/all/
settings in /proc/sys/net/ipv4/<interface>/conf/
settings in /proc/sys/net/ipv6/<interface>/conf/
perform Optimistic Duplicate Address Detection (RFC 4429); This option is enabled by default in ifstate!
default per interface sysctl settings in /proc/sys/net/ipv*/conf/default/
settings in /proc/sys/net/ipv4/<interface>/conf/
settings in /proc/sys/net/ipv6/<interface>/conf/
perform Optimistic Duplicate Address Detection (RFC 4429); This option is enabled by default in ifstate!
MPLS sysctl settings in /proc/sys/net/mpls/
number of entries in the platform label table
Value must be greater or equal to 0 and lesser or equal to 1048575
control whether TTL is propagated
Value must be greater or equal to 0 and lesser or equal to 1
default TTL value to use for MPLS packets
Value must be greater or equal to 1 and lesser or equal to 255
Multipath TCP sysctl settings in /proc/sys/net/mptcp/
timeout in seconds after which an ADD_ADDR control message will be resent
Value must be greater or equal to -8589934 and lesser or equal to 8589934
allow peers to send join requests to the IP address and port number used by the initial subflow
initial time period in second to disable MPTCP on active MPTCP sockets when a MPTCP firewall blackhole issue happens
Value must be greater or equal to 0 and lesser or equal to 2147483647
control whether DSS checksum can be enabled
set the make-after-break timeout
Value must be greater or equal to -8589934 and lesser or equal to 8589934
control whether MPTCP sockets can be created
control whether MPTCP sockets can be created
set the default path manager type to use for each new MPTCP socket
select the scheduler of your choice
number of MPTCP-level retransmission intervals with no traffic and pending outstanding data on a given subflow required to declare it stale
Value must be greater or equal to 0 and lesser or equal to 4294967295
number of SYN + MP_CAPABLE retransmissions before falling back to TCP
Value must be greater or equal to 0
All properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:.+
load and pin eBPF programs (i.e. for XDP)
All properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:BPF program
No Additional PropertiesBPF ELF file to load
BPF program's section name
dictionary of interfaces related settings, the name of the interface needs to be specified as key
No Additional PropertiesAll properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:^[^/ ]{1,15}$
netlink and devicetree attributes to identify a specific physical interface; all given attributes must match; if more than a single interface does match, any one is taken; ifstatecli identify can be used to show available attributes
select interface by permanent address [ethtool -P]
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
select interface by bus info [ethtool -i]
select interface by bus name
identifier of the physical port
name of the physical port
identifier of the physical switch
path to the device node in the open firmware devicetree; this is only available if the platform has devicetree support
ip addresses of the interface
No Additional Itemsip address with prefix length in CIDR notation
192.0.2.1
192.168.0.1/24
2001:db8::1/64
ip address with prefix length in CIDR notation
192.0.2.1
192.168.0.1/24
2001:db8::1/64
set label string
Must be at most 15 characters long
configures the local IP address on a point-to-point link, making address the peer's network
192.0.2.1
2001:db8::1
set protocol instance (/etc/iproute2/rt_addrprotos)
the scope (/etc/iproute2/rt_scopes) where the address is valid
IPv6 tokenized interface identifier (draft-chown-6man-tokenised-ipv6-identifiers-02)
settings for bridge ports
No Additional Propertiesset port priority
Value must be greater or equal to 0 and lesser or equal to 63
set port cost
filter BPDU packets
enable hairpin mode
enable multicast fast leave
prevent to become a root port
allow MAC address learning
flood unknown unicasts
flood broadcasts
flood multicasts
clone multicast packets into unicasts
enable proxy ARP
enable proxy ARP (IEEE 802.11 and Hotspot 2.0)
ARP and ND suppression
VLAN to tunnel mapping
backup bridge port on loss carrier
isolated port, can communicate only with non-isolated ports
bridge VLAN membership for bridge ports
No Additional ItemsVLAN ID
Value must be greater or equal to 1 and lesser or equal to 4094
VLAN is the port VLAN ID (PVID)
egress traffic for this VLAN is sent untagged
VLAN entry on the bridge device itself instead of a bridge port (equivalent to bridge vlan add ... self)
forwarding database for bridge interfaces, the entries are distinct by the lladdr property
destination link layer address
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
ip address of the destination VXLAN tunnel endpoint
ecmp nexthop group for the VXLAN device driver
Value must be greater or equal to 1
destination port number to use to connect to the remote VXLAN tunnel endpoint
Value must be greater or equal to 0 and lesser or equal to 65535
virtual network identifier this entry belongs to
Value must be greater or equal to 0 and lesser or equal to 16777215
the VLAN ID this entry belongs to
Value must be greater or equal to 0 and lesser or equal to 4096
list of hook names enabled for the interfaces
No Additional Itemsdictonary to be passed to hooks as environment variables
hook execution timeout in seconds
configure depending on vrrp status
No Additional Propertiesrelated vrrp INSTANCE or GROUP name
failover type
states at which the interface should be configured
No Additional Itemslink settings of the interface
Intermediate Functional Block device
No Additional Propertieslink type
Specific value:"ifb"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Virtual tunnel interface IPv4|IPv6 over IPv6
link type
Specific value:"ip6tnl"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
IP over Infiniband device
link type
Specific value:"ipoib"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Interface for L3 (IPv6/IPv4) based VLANs
link type
Specific value:"ipvlan"
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Virtual interface base on link layer address (MAC)
link type
Specific value:"macvlan"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Virtual interface based on link layer address (MAC) and TAP
link type
Specific value:"macvtap"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Team network device
link type
Specific value:"team"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Virtual software device (TUN/TAP)
No Additional Propertieslink type
Specific value:"tun"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
device mode (Ethernet headers)
provide packet information
persistent device; non-persistent devices cannot be created
prepend frames with struct virtionethdr
enable multiqueue tuntap
device owner
device group
Virtual Routing and Forwarding device
No Additional Propertieslink type
Specific value:"vrf"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
routing table associated with the VRF device
symbolic name for easy reference
Virtual tunnel interface over IPv4
link type
Specific value:"vti"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Virtual tunnel interface over IPv6
link type
Specific value:"vti6"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Bonding network interface
No Additional Propertieslink type
Specific value:"bond"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
the bonding policy
MII link monitoring frequency in milliseconds
Value must be greater or equal to 0
time, in milliseconds, to wait before enabling a slave after a link recovery has been detected
Value must be greater or equal to 0
time, in milliseconds, to wait before disabling a slave after a link failure has been detected
Value must be greater or equal to 0
use MII or ETHTOOL ioctls vs. netifcarrierok() to determine the link status
ARP link monitoring frequency in milliseconds
Value must be greater or equal to 0
arp validation for arp monitoring
quantity of arpiptargets that must be reachable
reselection policy for the primary slave
slave mac address selection
transmit hash policy to use for slave selection
number of IGMP membership reports to be issued after a failover event
Value must be greater or equal to 0 and lesser or equal to 255
Value must be greater or equal to 0
dropped (0) or delivered (1) duplicate frames
number of links that must be active before asserting carrier
Value must be greater or equal to 0
number of seconds between instances where the bonding driver sends learning packets to each slaves peer switch
Value must be greater or equal to 0 and lesser or equal to 2147483647
number of packets to transmit through a slave before moving to the next one
Value must be greater or equal to 0 and lesser or equal to 65535
requested LACPDU packet rate in 802.3ad mode
802.3ad aggregation selection logic to use
dynamic shuffling of flows in tlb mode
Bridge network interface
link type
Specific value:"bridge"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
FDB entry ageing time in milliseconds
Value must be greater or equal to 0
802.1q or 802.1ad (Q-in-Q)
enable VLAN filtering on bridge
enable per-VLAN stats on bridge
enable per-VLAN per-port stats on bridge
bridge default PVID
Value must be greater or equal to 0 and lesser or equal to 4094
Distributed Switch Architecture (DSA) user interface
No Additional Propertieslink type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the base link name or index
specifies the base link's netns name or null if the link isn't in a netns namespace
MACSEC interface
No Additional Propertieslink type
Specific value:"macsec"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the base link name or index
specifies the base link's netns name or null if the link isn't in a netns namespace
Physical network interface
No Additional Propertieslink type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
Dummy network interface
No Additional Propertieslink type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
VETH/VXCAN interface
No Additional Propertieslink type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
specifies the base link name or index
specifies the peer's netns name or null if the peer isn't in a netns namespace
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
external created VETH/VXCAN interface
No Additional Propertieslink type
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
VLAN interface
No Additional Propertieslink type
Specific value:"vlan"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the base link name or index
specifies the base link's netns name or null if the link isn't in a netns namespace
whether ethernet headers are reordered or not
whether this VLAN should be registered using GARP VLAN Registration Protocol
whether the VLAN device state is bound to the physical device state
whether this VLAN should be registered using Multiple VLAN Registration Protocol
whether the VLAN device link state tracks the state of bridge ports that are members of the VLAN
specifies the VLAN identifier to use
Value must be greater or equal to 0 and lesser or equal to 4094
802.1q or 802.1ad (Q-in-Q)
VXLAN interface
No Additional Propertieslink type
Specific value:"vxlan"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the VNI
Value must be greater or equal to 0 and lesser or equal to 16777215
specifies the lifetime in seconds of FDB entries learnt by the kernel (0: none)
Value must be greater or equal to 0 and lesser or equal to 4294967296
specifies the usage of the DF bit in outgoing packets with IPv4 headers
specifies a fixed flowlabel
Value must be greater or equal to 0 and lesser or equal to 1048575
specifies if unknown source link layer addresses and IP addresses are entered into the VXLAN device fdb
Value must be greater or equal to 0 and lesser or equal to 1
specifies the maximum number of FDB entries (0: none)
Value must be greater or equal to 0 and lesser or equal to 4294967296
specifies the UDP destination port to communicate to the remote VXLAN tunnel endpoint
Value must be greater or equal to 0 and lesser or equal to 65535
specifies the range of port numbers to use as UDP source ports to communicate to the remote VXLAN tunnel endpoint
No Additional PropertiesValue must be greater or equal to 0 and lesser or equal to 65535
Value must be greater or equal to 0 and lesser or equal to 65535
specifies if ARP proxy is turned on
Value must be greater or equal to 0 and lesser or equal to 1
specifies if route short circuit is turned on
Value must be greater or equal to 0 and lesser or equal to 1
specifies if netlink LLADDR miss notifications are generated
Value must be greater or equal to 0 and lesser or equal to 1
specifies if netlink IP ADDR miss notifications are generated
Value must be greater or equal to 0 and lesser or equal to 1
specifies if UDP checksum is calculated for tx packets over IPv4
Value must be greater or equal to 0 and lesser or equal to 1
interface to use for tunnel endpoint communication
tunnel source IPv4 address
tunnel source IPv6 address
remote unicast destination or multicast group IPv4 address
remote unicast destination or multicast group IPv6 address
specifies the TOS value to use in outgoing packets (0: inherit)
Value must be greater or equal to 0 and lesser or equal to 255
specifies the TTL value to use in outgoing packets (0: auto)
Value must be greater or equal to 0 and lesser or equal to 255
control whether TTL is propagated
IPIP interface
No Additional Propertieslink type
Specific value:"ipip"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
SIT interface
No Additional Propertieslink type
Specific value:"sit"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
GRE interface
No Additional Propertieslink type
Specific value:"gre"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
interface to use for tunnel endpoint communication
GRETAP interface
No Additional Propertieslink mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
link type
Specific value:"gretap"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
interface to use for tunnel endpoint communication
IP6GRE interface
No Additional Propertieslink type
Specific value:"ip6gre"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
interface to use for tunnel endpoint communication
IP6GRETAP interface
No Additional Propertieslink type
Specific value:"ip6gretap"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
remote IPv4 address of the tunnel
local IPv4 address of the tunnel
interface to use for tunnel endpoint communication
GENEVE interface over IPv4
No Additional Propertieslink type
Specific value:"geneve"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the VNI to use
Value must be greater or equal to 0 and lesser or equal to 16777215
remote IPv4 address of the tunnel
GENEVE interface over IPv6
No Additional Propertieslink type
Specific value:"geneve"
link mac address (xx:xx:xx:xx:xx:xx)
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
specifies the VNI to use
Value must be greater or equal to 0 and lesser or equal to 16777215
remote IPv4 address of the tunnel
WireGuard interface; WireGuard settings can be configured using a wireguard block
link type
Specific value:"wireguard"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
XFRM interface
No Additional Propertieslink type
Specific value:"xfrm"
specifies the netns name or null where the tunnel or underlay should be bind, if not set the binding will happen in the netns namespace of the link
specifies a device group name or index
set device state
specifies a master device name or index, use null to remove the master
change the mtu of the device
Value must be greater or equal to 68 and lesser or equal to 65536
the transmit queue length of the device
symbolic name for easy reference
underlying interface used to send and receive the transformed traffic
lookup key to match xfrm policies
Value must be greater or equal to 0 and lesser or equal to 4294967295
static ARP or NDISC cache entries
No Additional Itemsprotocol address of the neighbour
link layer address of the neighbour
Must match regular expression:^([a-fA-F0-9]{2}([:-]?)([a-fA-F0-9]{2}\2){4}[a-fA-F0-9]{2}|[a-fA-F0-9]{4}\.[a-fA-F0-9]{4}\.[a-fA-F0-9]{4})$
interface sysctl settings
No Additional Propertiessettings in /proc/sys/net/ipv4/<interface>/conf/
settings in /proc/sys/net/ipv6/<interface>/conf/
perform Optimistic Duplicate Address Detection (RFC 4429); This option is enabled by default in ifstate!
MPLS interface sysctl settings in /proc/sys/net/mpls/<interface>/
control whether packets can be input on this interface
Value must be greater or equal to 0 and lesser or equal to 1
network driver and hardware settings via ethtool(8)
No Additional Propertiespause parameters
No Additional Propertiesenable pause autonegotiation
enable Rx pause
enable Tx pause
interrupt coalescing
No Additional Propertiesrx/tx ring parameters
No Additional Propertiesnumber of ring entries for the Rx ring
number of ring entries for the Rx Mini ring
number of ring entries for the Rx Jumbo ring
number of ring entries for the Tx ring
offload parameters and other features
No Additional PropertiesIf the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
Offloads IPsec ESP encryption and decryption to the NIC, reducing CPU load for encrypted traffic
Offloads checksum computation for IPsec ESP transmit packets to the NIC hardware
Merges packets from the same flow into a single larger buffer to reduce receive-side CPU load (replaced by rx-gro)
Segments oversized network packets into MTU-sized chunks in software as a fallback for hardware offloads (replaced by tx-generic-segmentation)
Allows the NIC to DMA directly to high memory, avoiding costly bounce buffering on 32-bit systems
Offloads duplication of outgoing HSR or PRP frames to the NIC hardware to save CPU cycles
Delegates forwarding of redundancy frames between HSR ring ports to hardware, reducing CPU load
Offloads insertion of HSR or PRP redundancy tags onto outgoing frames to save CPU
Removes HSR or PRP redundancy tags from received frames in hardware, reducing CPU load
Offloads traffic control classifiers and actions to hardware, reducing CPU load for packet processing
Offloads unicast packet forwarding between physical and virtual interfaces to hardware
Transmits packets to the internal receive path so the NIC retains them without sending onto the physical link
Coalesces incoming TCP packets into larger buffers to reduce CPU load; disable on router or bridge interfaces (replaced by rx-lro)
Offloads MACsec encryption and authentication to the NIC hardware to reduce CPU load
Directs matching packets to specific receive queues using programmable hardware flow filters (replaced by rx-ntuple-filter)
Offloads incoming TCP and UDP checksum verification to the NIC, reducing CPU load (replaced by rx-checksum)
Receives all frames including errored ones, useful for sniffing links with bad packets
Offloads incoming TCP and UDP checksum verification to the NIC, reducing CPU load
Appends the Ethernet frame checksum to received packets for inspection by packet analyzers
Merges packets from the same flow into a single larger buffer to reduce receive-side CPU load
Offloads GRO packet coalescing to NIC hardware to reduce CPU load
Chains forwarded TCP packets in frag lists during GRO to bypass coalesce-resegment CPU on router paths
Computes a hash of packet headers to steer received flows across multiple queues and CPUs
Coalesces incoming TCP packets into larger buffers to reduce CPU load; disable on router or bridge interfaces
Directs matching packets to specific receive queues using programmable hardware flow filters
Coalesces incoming UDP packets into larger buffers on the forwarding path to reduce per-packet CPU load
Programs the NIC to recognize UDP encapsulation ports for hardware tunnel offload
Offloads VLAN ID filtering to the NIC so packets for unregistered VLANs are dropped in hardware
Lets the NIC strip VLAN tags from received packets and pass tag metadata to the kernel, reducing CPU load
Filters incoming packets by S-tag (service VLAN) ID so unregistered frames are dropped in hardware
Enables the NIC to parse and strip incoming 802.1ad service VLAN tags in hardware, saving CPU on double-tagged traffic
Computes a hash of packet headers to steer received flows across multiple queues and CPUs (replaced by rx-hashing)
Lets the NIC strip VLAN tags from received packets and pass tag metadata to the kernel, reducing CPU load (replaced by rx-vlan-hw-parse)
Delegates TLS record encryption and TCP connection management to the NIC, bypassing the kernel stack for that socket
Offloads TLS record decryption and authentication to the NIC, reducing CPU load on receiving encrypted traffic
Offloads TLS record encryption to the NIC to reduce CPU usage on outbound connections
Offloads FCoE CRC32c checksum computation to the NIC, reducing CPU load on transmit
Offloads transport-layer checksum calculation to the NIC for all protocols and encapsulations
Offloads TCP and UDP checksum computation for outgoing IPv4 packets to the NIC hardware
Offloads TCP and UDP checksum calculation for IPv6 packets to the NIC hardware, reducing CPU load per transmitted packet
Offloads CRC32c checksum computation for outgoing SCTP packets to the NIC hardware
Segments large IPsec ESP packets into MTU-sized frames to reduce CPU load on encrypted tunnels
Segments large Fibre Channel frames in hardware to reduce CPU load for FCoE storage traffic
Segments oversized network packets into MTU-sized chunks in software as a fallback for hardware offloads
Segments large TCP packets inside GRE tunnels with an outer checksum, offloading segmentation to the NIC
Offloads segmentation of large TCP packets tunneled inside GRE to the NIC
Segments chained sub-packet buffers via GSO to reduce CPU load for SCTP traffic
Enables hardware segmentation of inner TCP payload in tunneled packets to reduce CPU load
Recalculates segmentation metadata for GSO packets from untrusted sources
Offloads segmentation of large TCP packets tunneled over IPv4, reducing CPU load on tunnel endpoints
Offloads segmentation of large TCP packets tunneled over IPv6, reducing CPU load on tunnel endpoints
Uses cache-bypassing stores when copying transmit data from user space to reduce CPU cache pollution
Allows the NIC to read packet data from discontiguous memory, reducing CPU load from copying
Lets the NIC DMA from a list of chained skbs instead of a single buffer with page fragments
Segments large SCTP messages into MTU-sized chunks to reduce per-packet CPU load
Permits TSO for Accurate ECN flows where CWR carries feedback instead of being cleared per segment
Segments ECN-marked TCP packets in hardware for CPU savings; disable if NIC corrupts CWR flags
Permits the NIC to reuse or arbitrarily assign IPv4 IDs across TSO segments, enabling hardware segmentation for tunneled TCP flows
Lets the NIC split large TCP sends into MTU-sized segments to reduce CPU load
Lets the NIC split large TCPv6 segments into MSS-sized frames to reduce per-packet CPU load
Defers inner checksum verification to the remote endpoint when segmenting tunneled packets to reduce CPU load
Segments large UDP datagrams into MTU-sized packets in hardware to reduce CPU load
Offloads segmentation of large tunneled TCP packets and outer UDP checksum computation to the NIC
Offloads segmentation of oversized TCP packets inside UDP tunnels to NIC hardware, reducing CPU load
Offloads 802.1Q VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing tagged traffic
Offloads 802.1ad service VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing Q-in-Q traffic
Offloads 802.1Q VLAN tag insertion to the NIC hardware, reducing CPU load on outgoing tagged traffic (replaced by tx-vlan-hw-insert)
Indicates the device hardware cannot process 802.1Q VLAN-tagged packets
device settings
No Additional Propertiesspeed in Mbps
full or half duplex mode
device port selection
MDI-X mode for port
enable autonegotation
speed and duplex advertised by autonegotation
PHY address
transceiver type
Wake-on-LAN options
Must match regular expression:^[pumbagsfd]+$
SecureOnâ„¢ password
Must match regular expression:^[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}$
driver message flags
driver message flags by number
driver message flags by name
No Additional Itemsflag name
enable flag
number of channels
No Additional Propertiesnumber of channels with only receive queues
number of channels with only transmit queues
number of channels used only for other purposes
number of multi-purpose channels
Energy-Efficient Ethernet (according to the IEEE 802.3az specifications)
No Additional Propertiesenable EEE support
assert Tx LPI
sets the speed for which EEE should be enabled (see also change.advertise)
amount of idle time prior asserting Tx LPI (in microseconds)
PHY tunable parameters
No Additional Propertiesenable downshift
enable downshift
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable downshift
REQUIRED
PHY downshift re-tries count
enable Fast Link Down
enable Fast Link Down
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable Fast Link Down
REQUIRED
period after which the link is reported as down
enable Energy Detect Power Down (EDPD)
enable EDPD
Must contain a minimum of 3 items
Must contain a maximum of 3 items
enable EDPD
REQUIRED
wake-up interval for Tx pulses
private flags
Forward Error Correction
No Additional PropertiesFEC encoding
simple shaper setup based on the cake queue discipline; replaces any tc settings
No Additional Propertiestarget ingress bandwidth
target egress bandwidth
cshaper profile
settings for traffic control
No Additional Propertiesenable the ingress qdisc for policing and shaping in ingress
root queueing disciplines
generic classless qdisc
qdisk type
cake - common applications kept enhanced (CAKE)
qdisk type
Specific value:"cake"
unique id
ACKnowledge filter
ATM mode
autorate-ingress
diffserv mode
ingress
overhead
Value must be greater or equal to -64 and lesser or equal to 256
flow mode
fwmark
Value must be greater or equal to 0
memlimit
Value must be greater or equal to 0
MPU
Value must be greater or equal to 0 and lesser or equal to 256
NAT
RAW
well-known RTT
manually specify an RTT (us)
Value must be greater or equal to 1
split GSO
target
Value must be greater or equal to 1
wash
choke - choose and keep scheduler
qdisk type
Specific value:"choke"
CoDel - Controlled-Delay Active Queue Management algorithm
qdisk type
Specific value:"codel"
bfifo - Byte limited First In, First Out queue; pfifo - Packet limited First In, First Out queue
No Additional Propertiesqdisk type
queue size in bytes or packets
fq - Fair Queue traffic policing
qdisk type
Specific value:"fq"
hard limit on the real queue size (number of packets)
hard limit on the max number of packets per flow
fq_codel - Fair Queuing (FQ) with Controlled Delay (CoDel)
qdisk type
Specific value:"fq_codel"
hard limit on the real queue size (number of packets)
number of flows
generic classful qdisc
qdisk type
classful multiqueue dummy scheduler
qdisk type
Specific value:"mq"
list child qdiscs for each device TX queue
No Additional Itemsunique id
filter used by qdiscs
No Additional Itemsbasic - basic traffic control filter
No Additional Propertiesqdisc id
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
No Additional Itemsmirred - mirror/redirect action
No Additional Properties"mirred"
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
vlan - vlan manipulation module
No Additional Properties"vlan"
VLAN id
Value must be greater or equal to 0 and lesser or equal to 4095
VLAN priority
Value must be greater or equal to 0 and lesser or equal to 7
match packets using the extended match infrastructure
No Additional Itemsflow - flow based traffic control filter
filter mode
map to class ID by key
filter mode
hash over keys for class ID calculation
No Additional Itemsrehashing interval (in seconds)
Value must be greater or equal to 0 and lesser or equal to 294967295
qdisc id
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
No Additional Itemsmirred - mirror/redirect action
No Additional Properties"mirred"
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
vlan - vlan manipulation module
No Additional Properties"vlan"
VLAN id
Value must be greater or equal to 0 and lesser or equal to 4095
VLAN priority
Value must be greater or equal to 0 and lesser or equal to 7
offset for the class ID calculation
Value must be greater or equal to 0 and lesser or equal to 65535
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
Value must be greater or equal to 0 and lesser or equal to 4294967295
fw - fwmark traffic control filter
No Additional Propertiesqdisc id
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
No Additional Itemsmirred - mirror/redirect action
No Additional Properties"mirred"
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
vlan - vlan manipulation module
No Additional Properties"vlan"
VLAN id
Value must be greater or equal to 0 and lesser or equal to 4095
VLAN priority
Value must be greater or equal to 0 and lesser or equal to 7
fwmark (iptables) to match
Value must be greater or equal to 0
matchall - traffic control filter that matches every packet
No Additional Propertiesqdisc id
protocol selector
priority
Value must be greater or equal to 0 and lesser or equal to 65535
traffic control filter action
No Additional Itemsmirred - mirror/redirect action
No Additional Properties"mirred"
packet direction
copy (mirror) or move (redirect) packets to the destination interface
destination interface where packets are redirected or mirrored to
unique action ID
Value must be greater or equal to 0 and lesser or equal to 4294967295
vlan - vlan manipulation module
No Additional Properties"vlan"
VLAN id
Value must be greater or equal to 0 and lesser or equal to 4095
VLAN priority
Value must be greater or equal to 0 and lesser or equal to 7
push matching packets into class
Value must be greater or equal to 0 and lesser or equal to 4294967295
process flags (1: SKIPHW, 2: SKIPSW)
Value must be greater or equal to 0 and lesser or equal to 4294967295
filter type
settings for WireGuard interfaces
No Additional Propertieslocal private key (consider to use the !include tag to read the key from file)
port for listening
Value must be greater or equal to 0 and lesser or equal to 65535
fwmark for outgoing packets
Value must be greater or equal to 0 and lesser or equal to 4294967295
add routes for peer's prefixes to the specified routing table, required routing quirks for peer endpoint addresses (i.e. when the default route points into wireguard) are not added automatically
main
dictonary with peers: the keys of the dictionary are the public keys of the peers (base64 encoded)
No Additional PropertiesAll properties whose name matches the following regular expression must respect the following conditions
Property name regular expression:^[-A-Za-z0-9+/]{43}=$
initial endpoint IP or hostname
keepalive interval seconds
Value must be greater or equal to 0 and lesser or equal to 65535
list of prefixes in CIDR notation
No Additional Itemssettings for XDP ("eXpress Data Path") BPF program
remove attached XDP program
attach already pinned XDP program
No Additional Propertiespath to already pinned XDP program
BPF program from ifstate's bpf config section
No Additional PropertiesBPF program (key in bpf config section)
The mac_seed is used to assign reproducible MAC addresses to virtual interfaces. The default mac_seed is based on the host's machine-id and the network namespace of the interface. Interfaces with identical names and mac_seed gets the same MAC addresses.
Must be at least 1 characters long
Do not handle MAC addresses for virtual interfaces. If an interfaces has no link.address property, it will get a random MAC addresses assigned by the Linux kernel.
the type of this route
the output device name
the nexthop router is forced on link
the routing protool identifier of this route
the realm to which this route is assigned
the scope (/etc/iproute2/rt_scopes) of the destinations covered by the route prefix
the table to add this route to
the destination prefix of the route
address of the nexthop router
configure depending on vrrp status
No Additional Propertiesrelated vrrp INSTANCE or GROUP name
failover type
states at which the interface should be configured
No Additional Itemsthe source address to prefer
preference of the route
Value must be greater or equal to 0 and lesser or equal to 4294967295
If the conditions in the "If" tab are respected, then the conditions in the "Then" tab should be respected. Otherwise, the conditions in the "Else" tab should be respected.
"to_tbl"
the type of this rule
the priority of this rule
Value must be greater or equal to 0 and lesser or equal to 4294967295
select the source prefix to match
select the destination prefix to match
select the incoming device to match
select the outgoing device to match
routing protocol number (/etc/iproute2/rt_protos)
select the fwmark value to match
select the ip protocol to match
configure depending on vrrp status
No Additional Propertiesrelated vrrp INSTANCE or GROUP name
failover type
states at which the interface should be configured
No Additional ItemsIP family (IPv4 or IPv6) to add the rule to. One of AF_INET, inet, 2 for IPv4 or AF_INET6, inet6, 10 for IPv6. Leave undefined to let ifstate and pyroute2 automatically detect it from the 'to' and 'from' addresses, defaulting to IPv4.
network sysctl settings
No Additional Propertiesoverrides per interface sysctl settings in /proc/sys/net/ipv*/conf/all/
settings in /proc/sys/net/ipv4/<interface>/conf/
settings in /proc/sys/net/ipv6/<interface>/conf/
perform Optimistic Duplicate Address Detection (RFC 4429); This option is enabled by default in ifstate!
default per interface sysctl settings in /proc/sys/net/ipv*/conf/default/
settings in /proc/sys/net/ipv4/<interface>/conf/
settings in /proc/sys/net/ipv6/<interface>/conf/
perform Optimistic Duplicate Address Detection (RFC 4429); This option is enabled by default in ifstate!
MPLS sysctl settings in /proc/sys/net/mpls/
number of entries in the platform label table
Value must be greater or equal to 0 and lesser or equal to 1048575
control whether TTL is propagated
Value must be greater or equal to 0 and lesser or equal to 1
default TTL value to use for MPLS packets
Value must be greater or equal to 1 and lesser or equal to 255
Multipath TCP sysctl settings in /proc/sys/net/mptcp/
timeout in seconds after which an ADD_ADDR control message will be resent
Value must be greater or equal to -8589934 and lesser or equal to 8589934
allow peers to send join requests to the IP address and port number used by the initial subflow
initial time period in second to disable MPTCP on active MPTCP sockets when a MPTCP firewall blackhole issue happens
Value must be greater or equal to 0 and lesser or equal to 2147483647
control whether DSS checksum can be enabled
set the make-after-break timeout
Value must be greater or equal to -8589934 and lesser or equal to 8589934
control whether MPTCP sockets can be created
control whether MPTCP sockets can be created
set the default path manager type to use for each new MPTCP socket
select the scheduler of your choice
number of MPTCP-level retransmission intervals with no traffic and pending outstanding data on a given subflow required to declare it stale
Value must be greater or equal to 0 and lesser or equal to 4294967295
number of SYN + MP_CAPABLE retransmissions before falling back to TCP
Value must be greater or equal to 0