Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   systemd.netdev    ( 5 )

конфигурация виртуального сетевого устройства (Virtual Network Device configuration)
  Name  |  Synopsis  |  Description  |  Supported netdev kinds  |  Match section options  |  [netdev] section options  |  [bridge] section options  |  [vlan] section options  |  [macvlan] section options  |  [macvtap] section options  |  [ipvlan] section options  |  [ipvtap] section options  |  [vxlan] section options  |  [geneve] section options  |  [bareudp] section options  |  [l2tp] section options  |  [l2tpsession] section options  |  [macsec] section options  |  [macsecreceivechannel] section options  |    [macsectransmitassociation] section options    |  [macsecreceiveassociation] section options  |  [tunnel] section options  |  [foooverudp] section options  |  [peer] section options  |  [vxcan] section options  |  [tun] section options  |  [tap] section options  |  [wireguard] section options  |  [wireguardpeer] section options  |  [bond] section options  |  [xfrm] section options  |  [vrf] section options  |  [batmanadvanced] section options  |  Examples  |  See also  |  Note  |

[MACSECTRANSMITASSOCIATION] SECTION OPTIONS

The [MACsecTransmitAssociation] section only applies for network devices of kind "macsec", and accepts the following keys:

PacketNumber= Specifies the packet number to be used for replay protection and the construction of the initialization vector (along with the secure channel identifier [SCI]). Takes a value between 1-4,294,967,295. Defaults to unset.

KeyId= Specifies the identification for the key. Takes a number between 0-255. This option is compulsory, and is not set by default.

Key= Specifies the encryption key used in the transmission channel. The same key must be configured on the peer's matching receive channel. This setting is compulsory, and is not set by default. Takes a 128-bit key encoded in a hexadecimal string, for example "dffafc8d7b9a43d5b9a3dfbbf6a30c16".

KeyFile= Takes an absolute path to a file which contains a 128-bit key encoded in a hexadecimal string, which will be used in the transmission channel. When this option is specified, Key= is ignored. Note that the file must be readable by the user "systemd-network", so it should be, e.g., owned by "root:systemd-network" with a "0640" file mode. If the path refers to an AF_UNIX stream socket in the file system a connection is made to it and the key read from it.

Activate= Takes a boolean. If enabled, then the security association is activated. Defaults to unset.

UseForEncoding= Takes a boolean. If enabled, then the security association is used for encoding. Only one [MACsecTransmitAssociation] section can enable this option. When enabled, Activate=yes is implied. Defaults to unset.