diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-11-21 21:17:58 +0100 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-11-21 21:24:18 +0100 |
| commit | cf289b1415026bac43b39f1c8d8a95005ea57ed3 (patch) | |
| tree | 9906c5b872b6b868895ada2f162d15c730262be8 /man | |
| parent | man: [DHCPv4] RapidCommit= is disabled when Anonymize=yes (diff) | |
| download | systemd-cf289b1415026bac43b39f1c8d8a95005ea57ed3.tar.xz systemd-cf289b1415026bac43b39f1c8d8a95005ea57ed3.zip | |
network/dhcp: disable RapidCommit= by default when AllowList=/DenyList= is specified
AllowList= and DenyList= filter only DHCPOFFER messages. So, if
RapidCommit= is enabled, then networkd unconditionally accepts a rapid
ACK message even if its sender is filtered out by the lists.
As AllowList=/DenyList= implemented earlier than RapidCommit=, so
enabling RapidCommit= unconditionally by default may break existing
setups that use AllowList=/DenyList=.
Let's disable RapidCommit= by default when AllowList=/DenyList= is
enabled. Still the setting can be enabled by setting explicitly even
AllowList=/DenyList= is also specified.
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd.network.xml | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/man/systemd.network.xml b/man/systemd.network.xml index 8bdcd42b39..63a3eef942 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml @@ -2236,7 +2236,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting> four-message exchange (discover, offer, request, and ack) is used. The two-message exchange provides faster client configuration. See <ulink url="https://tools.ietf.org/html/rfc4039">RFC 4039</ulink> for details. - Defaults to true.</para> + Defaults to true when <varname>Anonymize=no</varname> and neither <varname>AllowList=</varname> + nor <varname>DenyList=</varname> is specified, and false otherwise.</para> <xi:include href="version-info.xml" xpointer="v255"/> </listitem> @@ -2670,6 +2671,9 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting> prefix length after <literal>/</literal>. DHCP offers from servers in the list are rejected. Note that if <varname>AllowList=</varname> is configured then <varname>DenyList=</varname> is ignored.</para> + <para>Note that this filters only DHCP offers, so the filtering may not work when + <varname>RapidCommit=</varname> is enabled. See also <varname>RapidCommit=</varname> in the above. + </para> <xi:include href="version-info.xml" xpointer="v246"/> </listitem> @@ -2681,6 +2685,9 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting> <para>A whitespace-separated list of IPv4 addresses. Each address can optionally take a prefix length after <literal>/</literal>. DHCP offers from servers in the list are accepted. </para> + <para>Note that this filters only DHCP offers, so the filtering may not work when + <varname>RapidCommit=</varname> is enabled. See also <varname>RapidCommit=</varname> in the above. + </para> <xi:include href="version-info.xml" xpointer="v246"/> </listitem> |