1.\" SPDX-License-Identifier: BSD-2-Clause 2.\" 3.\" Copyright (c) 2006-2021 Roy Marples 4.\" All rights reserved 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.Dd August 23, 2021 28.Dt DHCPCD.CONF 5 29.Os 30.Sh NAME 31.Nm dhcpcd.conf 32.Nd dhcpcd configuration file 33.Sh DESCRIPTION 34Although 35.Nm dhcpcd 36can do everything from the command line, there are cases where it's just easier 37to do it once in a configuration file. 38Most of the options found in 39.Xr dhcpcd 8 40can be used here. 41The first word on the line is the option and the rest of the line is the value. 42Leading and trailing whitespace for the option and value are trimmed. 43You can escape characters in the value using the \\ character. 44Comments can be prefixed with the # character. 45String values should be quoted with the " character. 46.Pp 47Here's a list of available options: 48.Bl -tag -width indent 49.It Ic allowinterfaces Ar pattern 50When discovering interfaces, the interface name must match 51.Ar pattern 52which is a space or comma separated list of patterns passed to 53.Xr fnmatch 3 . 54If the same interface is matched in 55.Ic denyinterfaces 56then it is still denied. 57.It Ic denyinterfaces Ar pattern 58When discovering interfaces, the interface name must not match 59.Ar pattern 60which is a space or comma separated list of patterns passed to 61.Xr fnmatch 3 . 62.It Ic anonymous 63Enables Anonymity Profiles for DHCP, RFC 7844. 64Any DUID is ignored and ClientID is set to LL only. 65All non essential options are then masked at this point, 66but they could be unmasked by explicitly requesting the option 67.Sy after 68the 69.Ic anonymous 70option is processed. 71As such, the 72.Ic anonymous 73option 74.Sy should 75be the last option in the configuration unless you really want to 76send something which could identify you. 77.Nm dhcpcd 78will not try and reboot an old lease, it will go straight into 79DISCOVER/SOLICIT. 80.It Ic randomise_hwaddr 81Forces a hardware address randomisation when the interface is brought up 82or when the carrier is lost. 83This is generally used in tandem with the anonymous option. 84.It Ic arping Ar address Op address 85.Nm dhcpcd 86will arping each address in order before attempting DHCP. 87If an address is found, we will select the replying hardware address as the 88profile, otherwise the IP address. 89Example: 90.Pp 91.D1 interface bge0 92.D1 arping 192.168.0.1 93.Pp 94.D1 # My specific 192.168.0.1 network 95.D1 profile dd:ee:aa:dd:bb:ee 96.D1 static ip_address=192.168.0.10/24 97.Pp 98.D1 # A generic 192.168.0.1 network 99.D1 profile 192.168.0.1 100.D1 static ip_address=192.168.0.98/24 101.It Ic authprotocol Ar protocol Op Ar algorithm Op Ar rdm 102Authenticate DHCP messages. 103See the Supported Authentication Protocols section. 104If 105.Ar protocol 106is 107.Ar token 108then 109.Ar algorithm is 110snd_secretid/rcv_secretid so you can send and receive different tokens. 111.It Ic authtoken Ar secretid Ar realm Ar expire Ar key 112Define a shared key for use in authentication. 113.Ar realm 114can be "" to for use with the 115.Ar delayed 116protocol. 117.Ar expire 118is the date the token expires and should be formatted "yyy-mm-dd HH:MM". 119You can use the keyword 120.Ar forever 121or 122.Ar 0 123which means the token never expires. 124For the token protocol, 125.Ar secretid 126needs to be 0 and 127.Ar realm 128needs to be "". 129If 130.Nm dhcpcd 131has the error 132.D1 dhcp_auth_encode: Invalid argument 133then it means that 134.Nm dhcpcd 135could not find the correct authentication token in your configuration. 136.It Ic background 137Fork to the background immediately. 138This is useful for startup scripts which don't disable link messages for 139carrier status. 140.It Ic blacklist Ar address Ns Op /cidr 141Ignores all packets from 142.Ar address Ns Op /cidr . 143.It Ic whitelist Ar address Ns Op /cidr 144Only accept packets from 145.Ar address Ns Op /cidr . 146.Ic blacklist 147is ignored if 148.Ic whitelist 149is set. 150.It Ic bootp 151Be a BOOTP client. 152Basically, this just doesn't send a DHCP Message Type option and will only 153interact with a BOOTP server. 154All other DHCP options still work. 155.It Ic broadcast 156Instructs the DHCP server to broadcast replies back to the client. 157Normally this is only set for non-Ethernet interfaces, 158such as FireWire and InfiniBand. 159In most cases, 160.Nm dhcpcd 161will set this automatically. 162.It Ic controlgroup Ar group 163Sets the group ownership of 164.Pa /var/run/dhcpcd/sock 165so that users other than root can connect to 166.Nm dhcpcd . 167.It Ic debug 168Echo debug messages to the stderr and syslog. 169.It Ic dev Ar value 170Load the 171.Ar value 172.Pa /dev 173management module. 174.Nm dhcpcd 175will load the first one found to work, if any. 176.It Ic env Ar value 177Push 178.Ar value 179to the environment for use in 180.Xr dhcpcd-run-hooks 8 . 181For example, you can force the hostname hook to always set the hostname with 182.Ic env 183.Va force_hostname=YES . 184Or set which driver 185.Xr wpa_supplicant 8 186should use with 187.Ic env 188.Va wpa_supplicant_driver=nl80211 189.Pp 190If the hostname is set, it will be will set to the FQDN if possible as per 191RFC 4702, section 3.1. 192If the FQDN option is missing, 193.Nm dhcpcd 194will still try and set a FQDN from the hostname and domain options for 195consistency. 196To override this, set 197.Ic env 198.Va hostname_fqdn=[YES|NO|SERVER] . 199A value of 200.Va SERVER 201means just what the server says, don't manipulate it. 202This could lead to an inconsistent hostname on a DHCPv4 and DHCPv6 network 203where the DHCPv4 hostname is short and the DHCPv6 has an FQDN. 204DHCPv6 has no hostname option. 205.It Ic clientid Ar string 206Send the 207.Ar clientid . 208If the string is of the format 01:02:03 then it is encoded as hex. 209For interfaces whose hardware address is longer than 8 bytes, or if the 210.Ar clientid 211is an empty string then 212.Nm dhcpcd 213sends a default 214.Ar clientid 215of the hardware family and the hardware address. 216.It Ic duid Op ll | lt | uuid | value 217Use a DHCP Unique Identifier. 218If a system UUID is available, that will be used to create a DUID-UUID, 219otheriwse if persistent storage is available then a DUID-LLT 220(link local address + time) is generated, 221otherwise DUID-LL is generated (link local address). 222The DUID type can be hinted as an optional parameter if the file 223.Pa /var/db/dhcpcd/duid 224does not exist. 225If not 226.Va ll , 227.Va lt 228or 229.Va uuid 230then 231.Va value 232will be converted from 00:11:22:33 format. 233This, plus the IAID will be used as the 234.Ic clientid . 235The DUID generated will be held in 236.Pa /var/db/dhcpcd/duid 237and should not be copied to other hosts. 238This file also takes precedence over the above rules except for setting a value. 239.It Ic iaid Ar iaid 240Set the Interface Association Identifier to 241.Ar iaid . 242This option must be used in an 243.Ic interface 244block. 245This defaults to the VLANID (prefixed with 0xff) for the interface if set, 246otherwise the last 4 bytes of the hardware address assigned to the 247interface. 248Each instance of this should be unique within the scope of the client and 249.Nm dhcpcd 250warns if a conflict is detected. 251If there is a conflict, it is only a problem if the conflicted IAIDs are 252used on the same network. 253.It Ic dhcp 254Enable DHCP on the interface, on by default. 255.It Ic dhcp6 256Enable DHCPv6 on the interface, on by default. 257.It Ic ipv4 258Enable IPv4 on the interface, on by default. 259.It Ic ipv6 260Enable IPv6 on the interface, on by default. 261.It Ic request Op Ar address 262Request the 263.Ar address 264in the DHCP DISCOVER message. 265There is no guarantee this is the address the DHCP server will actually give. 266If no 267.Ar address 268is given then the first address currently assigned to the 269.Ar interface 270is used. 271.It Ic inform Op Ar address Ns Op Ar /cidr Ns Op Ar /broadcast_address 272Behaves like 273.Ic request 274as above, but sends a DHCP INFORM instead of DISCOVER/REQUEST. 275This does not get a lease as such, just notifies the DHCP server of the 276.Ar address 277in use. 278You should also include the optional 279.Ar cidr 280network number in case the address is not already configured on the interface. 281.Nm dhcpcd 282remains running and pretends it has an infinite lease. 283.Nm dhcpcd 284will not de-configure the interface when it exits. 285If 286.Nm dhcpcd 287fails to contact a DHCP server then it returns a failure instead of falling 288back on IPv4LL. 289.It Ic inform6 290Performs a DHCPv6 Information Request. 291No address is requested or specified, but all other DHCPv6 options are allowed. 292This is normally performed automatically when an IPv6 Router Advertisement 293indicates that the client should perform this operation. 294This option is only needed when 295.Nm dhcpcd 296is not processing IPv6 RA messages and the need for a DHCPv6 Information Request 297exists. 298.It Ic persistent 299.Nm dhcpcd 300normally de-configures the interface and configuration when it exits. 301Sometimes, this isn't desirable if, for example, you have root mounted over 302NFS or SSH clients connect to this host and they need to be notified of 303the host shutting down. 304You can use this option to stop this from happening. 305.It Ic fallback Ar profile 306Fall back to using this profile if DHCP fails. 307This allows you to configure a static profile instead of using ZeroConf. 308.It Ic hostname Ar name 309Sends the hostname 310.Ar name 311to the DHCP server so it can be registered in DNS. 312If 313.Ar name 314is an empty string then the current system hostname is sent. 315If 316.Ar name 317is a FQDN (i.e., contains a .) then it will be encoded as such. 318.It Ic hostname_short 319Sends the short hostname to the DHCP server instead of the FQDN. 320This is useful because DHCP servers will not register the FQDN in their 321DNS if the domain part does not match theirs. 322.Pp 323Also, see the 324.Ic env 325option above to control how the hostname is set on the host. 326.It Ic ia_na Op Ar iaid Op / address 327Request a DHCPv6 Normal Address for 328.Ar iaid . 329.Ar iaid 330defaults to the 331.Ic iaid 332option as described above. 333You can request more than one ia_na by specifying a unique 334.Ar iaid 335for each one. 336.It Ic ia_ta Op Ar iaid 337Request a DHCPv6 Temporary Address for 338.Ar iaid . 339You can request more than one ia_ta by specifying a unique 340.Ar iaid 341for each one. 342.It Ic ia_pd Op Ar iaid Oo / Ar prefix / Ar prefix_len Oc Op Ar interface Op / Ar sla_id Op / Ar prefix_len Op / Ar suffix 343Request a DHCPv6 Delegated Prefix for 344.Ar iaid . 345This option must be used in an 346.Ic interface 347block. 348Unless a 349.Ar sla_id 350of 0 is assigned with the same resultant prefix length as the delegation, 351a reject route is installed for the Delegated Prefix to 352stop unallocated addresses being resolved upstream. 353If no 354.Ar interface 355is given then we will assign a prefix to every other interface with a 356.Ar sla_id 357equivalent to the interface index assigned by the OS. 358Otherwise addresses are only assigned for each 359.Ar interface 360and 361.Ar sla_id . 362Each assigned address will have a 363.Ar suffix , 364defaulting to 1. 365If the 366.Ar suffix 367is 0 then a SLAAC address is assigned. 368You cannot assign a prefix to the requesting interface unless the 369DHCPv6 server supports the 370.Li RFC 6603 371Prefix Exclude Option. 372.Nm dhcpcd 373has to be running for all the interfaces it is delegating to. 374A default 375.Ar prefix_len 376of 64 is assumed, unless the maximum 377.Ar sla_id 378does not fit. 379In this case 380.Ar prefix_len 381is increased to the highest multiple of 8 that can accommodate the 382.Ar sla_id . 383.Ar sla_id 384is an integer which must be unique inside the 385.Ar iaid 386and is added to the prefix which must fit inside 387.Ar prefix_len 388less the length of the delegated prefix. 389You can specify multiple 390.Ar interface / 391.Ar sla_id / 392.Ar prefix_len 393per 394.Ic ia_pd , 395space separated. 396IPv6RS should be disabled globally when requesting a Prefix Delegation. 397.Pp 398In the following example eth0 is the externally facing interface to be 399configured for both IPv4 and IPv6. 400The DHCPv4 server will provide us with an IPv4 address and a default route. 401The DHCPv6 server is going to provide us with an IPv6 address, a default 402route and a /64 subnet to be delegated to the internal interface. 403The eth1 interface will be automatically configured 404for IPv6 using the first address (::1) from the delegated prefix. 405A second prefix is requested and assigned to two other interfaces. 406.Xr rtadvd 8 407can be used with an empty configuration file on eth1, eth2 and eth3, 408to provide automatic 409IPv6 address configuration for the internal network. 410.Bd -literal 411noipv6rs # disable routing solicitation 412denyinterfaces eth2 # Don't touch eth2 at all 413interface eth0 414 ipv6rs # enable routing solicitation for eth0 415 ia_na 1 # request an IPv6 address 416 ia_pd 2 eth1/0 # request a PD and assign it to eth1 417 ia_pd 3 eth2/1 eth3/2 # req a PD and assign it to eth2 and eth3 418.Ed 419.It Ic ipv4only 420Only configure IPv4. 421.It Ic ipv6only 422Only configure IPv6. 423.It Ic fqdn Op disable | none | ptr | both 424.Ar none 425will not ask the DHCP server to update DNS. 426.Ar ptr 427just asks the DHCP server to update the PTR 428record of the host in DNS, whereas 429.Ar both 430also updates the A record. 431.Ar disable 432will disable the FQDN option. 433The default is 434.Ar both . 435.Nm dhcpcd 436itself never does any DNS updates. 437.Nm dhcpcd 438encodes the FQDN hostname as specified in 439.Li RFC 1035 . 440.It Ic interface Ar interface 441Subsequent options are only parsed for this 442.Ar interface . 443.It Ic ipv6ra_autoconf 444Generate SLAAC addresses for each Prefix advertised by an IPv6 445Router Advertisement message with the Auto flag set. 446On by default. 447.It Ic ipv6ra_noautoconf 448Disables the above option. 449.It Ic ipv6ra_fork 450By default, when 451.Nm dhcpcd 452receives an IPv6 Router Advertisement, 453.Nm dhcpcd 454will only fork to the background if the RA contains at least one unexpired 455RDNSS option and a valid prefix or no DHCPv6 instruction. 456Set this option so to make 457.Nm dhcpcd 458always fork on a RA. 459.It Ic ipv6rs 460Enables IPv6 Router Advertisement solicitation. 461This is on by default, but is documented here in the case where it is disabled 462globally but needs to be enabled for one interface. 463.It Ic leasetime Ar seconds 464Request a lease time of 465.Ar seconds . 466.Ar -1 467represents an infinite lease time. 468By default 469.Nm dhcpcd 470does not request any lease time and leaves it in the hands of the 471DHCP server. 472.It Ic link_rcvbuf Ar size 473Override the size of the link receive buffer from the kernel default. 474While 475.Nm dhcpcd 476will recover from link buffer overflows, 477this may not be desirable on heavily loaded systems. 478.It Ic logfile Ar logfile 479Writes to the specified 480.Ar logfile . 481.Nm dhcpcd 482still writes to 483.Xr syslog 3 . 484The 485.Ar logfile 486is reopened when 487.Nm dhcpcd 488receives the 489.Dv SIGUSR2 490signal. 491.It Ic metric Ar metric 492Metrics are used to prefer an interface over another one, lowest wins. 493.Nm dhcpcd 494will supply a default metric of 1000 + 495.Xr if_nametoindex 3 . 496This will be offset by 2000 for wireless interfaces, with additional offsets 497of 1000000 for IPv4LL and 2000000 for roaming interfaces. 498.It Ic mudurl Ar url 499Specifies the URL for a Manufacturer Usage Description (MUD). 500The description is used by upstream network devices to instantiate any 501desired access lists. 502See draft-ietf-opsawg-mud for more information. 503.It Ic noalias 504Any pre-existing IPv4 addresses will be removed from the interface when 505adding a new IPv4 address. 506.It Ic noarp 507Don't send any ARP requests. 508This also disables IPv4LL. 509.It Ic noauthrequired 510Don't require authentication even though we requested it. 511Also allows FORCERENEW and RECONFIGURE messages without authentication. 512.It Ic nodelay 513Don't delay for an initial randomised time when starting protocols. 514.It Ic nodev 515Don't load 516.Pa /dev 517management modules. 518.It Ic nodhcp 519Don't start DHCP or listen to DHCP messages. 520This is only useful when allowing IPv4LL. 521.It Ic nodhcp6 522Don't start DHCPv6 or listen to DHCPv6 messages. 523Normally DHCPv6 is started by an IPv6 Router Advertisement instruction or 524configuration. 525.It Ic nogateway 526Don't install any default routes. 527.It Ic gateway 528Install a default route if available (default). 529.It Ic nohook Ar script 530Don't run this hook script. 531Matches full name, or prefixed with 2 numbers optionally ending with 532.Pa .sh . 533.Pp 534So to stop 535.Nm dhcpcd 536from touching your DNS settings or starting wpa_supplicant you would do:- 537.D1 nohook resolv.conf, wpa_supplicant 538.It Ic noipv4 539Don't attempt to configure an IPv4 address. 540.It Ic noipv4ll 541Don't attempt to obtain an IPv4LL address if we failed to get one via DHCP. 542See 543.Rs 544.%T "RFC 3927" 545.Re 546.It Ic noipv6 547Don't solicit or accept IPv6 Router Advertisements and DHCPv6. 548.It Ic noipv6rs 549Don't solicit or accept IPv6 Router Advertisements. 550.It Ic nolink 551Don't receive link messages about carrier status. 552You should only set this for buggy interface drivers. 553.It Ic noup 554Don't bring the interface up when in manager mode. 555.It Ic option Ar option 556Requests the 557.Ar option 558from the server. 559It can be a variable to be used in 560.Xr dhcpcd-run-hooks 8 561or the numerical value. 562You can specify more 563.Ar option Ns s 564separated by commas, spaces or more 565.Ic option 566lines. 567Prepend dhcp6_ to 568.Ar option 569to request a DHCPv6 option. 570If no DHCPv6 options are configured, 571then DHCPv4 options are mapped to equivalent DHCPv6 options. 572.Pp 573Prepend nd_ to 574.Ar option 575to handle ND options, but this only works for the 576.Ic nooption , 577.Ic reject 578and 579.Ic require 580options. 581.Pp 582To see a list of options you can use, call 583.Nm dhcpcd 584with the 585.Fl V , Fl Fl variables 586argument. 587.It Ic nooption Ar option 588Remove the option from the message before it's processed. 589.It Ic require Ar option 590Requires the 591.Ar option 592to be present in all messages, otherwise the message is ignored. 593To enforce that 594.Nm dhcpcd 595only responds to DHCP servers and not BOOTP servers, you can 596.Ic require 597.Ar dhcp_message_type . 598This isn't an exact science though because a BOOTP server can send DHCP-like 599options. 600.It Ic reject Ar option 601Reject a message that contains the 602.Ar option . 603This is useful when you cannot use 604.Ic require 605to select / de-select BOOTP messages. 606.It Ic destination Ar option 607If 608.Nm 609detects an address added to a point to point interface (PPP, TUN, etc) then 610it will set the listed DHCP options to the destination address of the 611interface. 612.It Ic profile Ar name 613Subsequent options are only parsed for this profile 614.Ar name . 615.It Ic quiet 616Suppress any dhcpcd output to the console, except for errors. 617.It Ic reboot Ar seconds 618Allow 619.Ar reboot 620seconds before moving to the DISCOVER phase if we have an old lease to use. 621Allow 622.Ar reboot 623seconds before starting fallback states from the DISCOVER phase. 624IPv4LL is started when the first 625.Ar reboot 626timeout is reached. 627The default is 5 seconds. 628A setting of 0 seconds causes 629.Nm 630to skip the reboot phase and go straight into DISCOVER. 631This is desirable for mobile users because if you change from network A to 632network B and they use the same subnet and the address from network A isn't 633in use on network B, then the DHCP server will remain silent even if 634authoritative which means 635.Nm dhcpcd 636will timeout before moving back to the DISCOVER phase. 637This has no effect on DHCPv6 other than skipping the reboot phase. 638.It Ic release 639.Nm dhcpcd 640will release the lease prior to stopping the interface. 641.It Ic script Ar script 642Use 643.Ar script 644instead of the default 645.Pa /usr/libexec/dhcpcd-run-hooks . 646.It Ic ssid Ar ssid 647Subsequent options are only parsed for this wireless 648.Ar ssid . 649.It Ic slaac Ar hwaddr | Ar private Op Ar temp | Ar temporary 650Selects the interface identifier used for SLAAC generated IPv6 addresses. 651If 652.Ar private 653is used, a RFC 7217 address is generated. 654The 655.Ar temporary 656directive will create a temporary address for the prefix as well. 657.It Ic static Ar value 658Configures a static 659.Ar value . 660If you set 661.Ic ip_address 662then 663.Nm dhcpcd 664will not attempt to obtain a lease and will just use the value for the address 665with an infinite lease time. 666If you set 667.Ic ip6_address , 668.Nm dhcpcd 669will continue auto-configuration as normal. 670.Pp 671Here is an example which configures two static address, overriding the default 672IPv4 broadcast address, an IPv4 router, DNS and disables IPv6 auto-configuration. 673You could also use the 674.Ic inform6 675command here if you wished to obtain more information via DHCPv6. 676For IPv4, you should use the 677.Ic inform Ar ipaddress 678option instead of setting a static address. 679.D1 interface eth0 680.D1 noipv6rs 681.D1 static ip_address=192.168.0.10/24 682.D1 static broadcast_address=192.168.0.63 683.D1 static ip6_address=fd51:42f8:caae:d92e::ff/64 684.D1 static routers=192.168.0.1 685.D1 static domain_name_servers=192.168.0.1 fd51:42f8:caae:d92e::1 686.Pp 687Here is an example for PPP which gives the destination a default route. 688It uses the special 689.Ar destination 690keyword to insert the destination address 691into the value. 692.D1 interface ppp0 693.D1 static ip_address= 694.D1 destination routers 695.It Ic timeout Ar seconds 696Time out after 697.Ar seconds , 698instead of the default 30. 699A setting of 0 700.Ar seconds 701causes 702.Nm dhcpcd 703to wait forever to get a lease. 704If 705.Nm dhcpcd 706is working on a single interface then 707.Nm dhcpcd 708will exit when a timeout occurs, otherwise 709.Nm dhcpcd 710will fork into the background. 711If using IPv4LL then 712.Nm dhcpcd 713start the IPv4LL process after the timeout and then wait a little longer 714before really timing out. 715.It Ic userclass Ar string 716Tag the DHCPv4 message with the userclass. 717You can specify more than one. 718.It Ic msuserclass Ar string 719Tag the DHCPv4 mesasge with the Microsoft userclass. 720Unlike the 721.Ic userclass 722option, this one can only be added once. 723It should only be used for Microsoft DHCP servers and the 724.Ic vendorclassid 725should be set to "MSFT 98" or "MSFT 5.0". 726This option is not RFC compliant. 727.It Ic vendor Ar code , Ns Ar value 728Add an encapsulated vendor option. 729.Ar code 730should be between 1 and 254 inclusive. 731To add a raw vendor string, omit 732.Ar code 733but keep the comma. 734Examples. 735.Pp 736Set the vendor option 01 with an IP address. 737.D1 vendor 01,192.168.0.2 738Set the vendor option 02 with a hex code. 739.D1 vendor 02,01:02:03:04:05 740Set the vendor option 03 with an IP address as a string. 741.D1 vendor 03,\e"192.168.0.2\e" 742Set un-encapsulated vendor option to hello world. 743.D1 vendor ,"hello world" 744.It Ic vendorclassid Ar string 745Set the DHCP Vendor Class. 746DHCPv6 has its own option as shown below. 747The default is 748dhcpcd-<version>:<os>:<machine>:<platform>. 749For example 750.D1 dhcpcd-5.5.6:NetBSD-6.99.5:i386:i386 751If not set then none is sent. 752Some badly configured DHCP servers reject unknown vendorclassids. 753To work around it, try and impersonate Windows by using the MSFT vendorclassid. 754.It Ic vendclass Ar en Ar data 755Add the DHCPv6 Vendor Indetifying Vendor Class with the IANA assigned Enterprise 756Number 757.Ar en 758with the 759.Ar data . 760This option can be set more than once to add more data, but the behaviour, 761as per RFC 3925 is undefined if the Enterprise Number differs. 762.It Ic waitip Op 4 | 6 763Wait for an address to be assigned before forking to the background. 7644 means wait for an IPv4 address to be assigned. 7656 means wait for an IPv6 address to be assigned. 766If no argument is given, 767.Nm 768will wait for any address protocol to be assigned. 769It is possible to wait for more than one address protocol and 770.Nm 771will only fork to the background when all waiting conditions are satisfied. 772.It Ic xidhwaddr 773Use the last four bytes of the hardware address as the DHCP xid instead 774of a randomly generated number. 775.El 776.Ss Defining new options 777DHCP, ND and DHCPv6 allow for the use of custom options, and RFC 3925 vendor 778options for DHCP can also be supplied. 779Each option needs to be started with the 780.Ic define , 781.Ic definend , 782.Ic define6 783or 784.Ic vendopt 785directive. 786This can optionally be followed by both 787.Ic embed 788or 789.Ic encap 790options. 791Both can be specified more than once and 792.Ic embed 793must come before 794.Ic encap . 795.Bl -tag -width indent 796.It Ic define Ar code Ar type Ar variable 797Defines the DHCP option 798.Ar code 799of 800.Ar type 801with a name of 802.Ar variable 803exported to 804.Xr dhcpcd-run-hooks 8 . 805.It Ic definend Ar code Ar type Ar variable 806Defines the ND option 807.Ar code 808of 809.Ar type 810with a name of 811.Ar variable 812exported to 813.Xr dhcpcd-run-hooks 8 , 814with a prefix of 815.Va nd_ . 816.It Ic define6 Ar code Ar type Ar variable 817Defines the DHCPv6 option 818.Ar code 819of 820.Ar type 821with a name of 822.Ar variable 823exported to 824.Xr dhcpcd-run-hooks 8 , 825with a prefix of 826.Va dhcp6_ . 827.It Ic vendopt Ar code Ar type Ar variable 828Defines the Vendor-Identifying Vendor Options. 829The 830.Ar code 831is the IANA Enterprise Number which will uniquely describe the encapsulated 832options. 833.Ar type 834is normally 835.Ar encap . 836.Ar variable 837names the Vendor option to be exported. 838.It Ic embed Ar type Ar variable 839Defines an embedded variable within the defined option. 840The length is determined by the 841.Ar type . 842If the 843.Ar variable 844is not the same as defined in the parent option, 845it is prefixed with the parent 846.Ar variable 847first with an underscore. 848If the 849.Ar variable 850has the name of 851.Ar reserved 852then it is not processed. 853.It Ic encap Ar code Ar type Ar variable 854Defines an encapsulated variable within the defined option. 855The length is determined by the 856.Ar type . 857If the 858.Ar variable 859is not the same as defined in the parent option, 860it is prefixed with the parent 861.Ar variable 862first with an underscore. 863.El 864.Ss Type prefix 865These keywords come before the type itself, to describe it more fully. 866You can use more than one, but they must appear in the order listed below. 867.Bl -tag -width -indent 868.It Ic request 869Requests the option by default without having to be specified in user 870configuration. 871.It Ic norequest 872This option cannot be requested, regardless of user configuration. 873.It Ic optional 874This option is optional. 875Only makes sense for embedded options like the client FQDN option, where 876the FQDN string itself is optional. 877.It Ic index 878The option can appear more than once and will be indexed. 879.It Ic array 880The option data is split into a space separated array, each element being 881the same type. 882.El 883.Ss Types to define 884The type directly affects the length of data consumed inside the option. 885Any remaining data is normally discarded. 886Lengths can be specified for string and binhex types, but this is generally 887with other data embedded afterwards in the same option. 888.Bl -tag -width indent 889.It Ic ipaddress 890An IPv4 address, 4 bytes. 891.It Ic ip6address 892An IPv6 address, 16 bytes. 893.It Ic string Op : Ic length 894A NVT ASCII string of printable characters. 895.It Ic byte 896A byte. 897.It Ic bitflags : Ic flags 898A byte represented as a string of flags, most significant bit first. 899For example, using ABCDEFGH then A would equal 10000000, B 01000000, 900C 00100000, etc. 901If the bit is not set, the flag is not printed. 902A flag of 0 is not printed even if the bit position is set. 903This is to allow reservation of the first bits while assigning the last bits. 904.It Ic int16 905A signed 16bit integer, 2 bytes. 906.It Ic uint16 907An unsigned 16bit integer, 2 bytes. 908.It Ic int32 909A signed 32bit integer, 4 bytes. 910.It Ic uint32 911An unsigned 32bit integer, 4 bytes. 912.It Ic flag 913A fixed value (1) to indicate that the option is present, 0 bytes. 914.It Ic domain 915An RFC 3397 encoded string. 916.It Ic dname 917An RFC 1035 validated string. 918.It Ic binhex Op : Ic length 919Binary data expressed as hexadecimal. 920.It Ic embed 921Contains embedded options (implies encap as well). 922.It Ic encap 923Contains encapsulated options (implies embed as well). 924.It Ic option 925References an option from the global definition. 926.El 927.Ss Example definition 928.D1 # DHCP option 81, Fully Qualified Domain Name, RFC 4702 929.D1 define 81 embed fqdn 930.D1 embed byte flags 931.D1 embed byte rcode1 932.D1 embed byte rcode2 933.D1 embed domain fqdn 934.Pp 935.D1 # DHCP option 125, Vendor Specific Information Option, RFC 3925 936.D1 define 125 encap vsio 937.D1 embed uint32 enterprise_number 938.D1 # Options defined for the enterprise number 939.D1 encap 1 ipaddress ipaddress 940.Ss Supported Authentication Protocols 941.Bl -tag -width -indent 942.It Ic token 943Sends a plain text token the server expects and matches a token sent by 944the server. 945The tokens do not have to be the same. 946If unspecified, the token with a 947.Ar secretid 948of 0 will be used in sending messages 949and validating received messages. 950.It Ic delayedrealm 951Delayed Authentication. 952.Nm dhcpcd 953will send an authentication option with no key or MAC. 954The server will see this option, and select a key for 955.Nm , writing the 956.Ar realm 957and 958.Ar secretid 959in it. 960.Nm dhcpcd 961will then look for an unexpired token with a matching 962.Ar realm 963and 964.Ar secretid . 965This token is used to authenticate all other messages. 966.It Ic delayed 967Same as above, but without a realm. 968.El 969.Ss Supported Authentication Algorithms 970If none specified, 971.Ic hmac-md5 972is the default. 973.Bl -tag -width -indent 974.It Ic hmac-md5 975.El 976.Ss Supported Replay Detection Mechanisms 977If none specified, 978.Ic monotonic 979is the default. 980If this is changed from what was previously used, 981or the means of calculating or storing it is broken, then the DHCP server 982will probably have to have its notion of the client's Replay Detection Value 983reset. 984.Bl -tag -width -indent 985.It Ic monocounter 986Read the number in the file 987.Pa /var/db/dhcpcd/dhcpcd-rdm.monotonic 988and add one to it. 989.It Ic monotime 990Create an NTP timestamp from the system time. 991.It Ic monotonic 992Same as 993.Ic monotime . 994.El 995.Sh SEE ALSO 996.Xr fnmatch 3 , 997.Xr if_nametoindex 3 , 998.Xr dhcpcd 8 , 999.Xr dhcpcd-run-hooks 8 1000.Sh AUTHORS 1001.An Roy Marples Aq Mt roy@marples.name 1002.Sh BUGS 1003Please report them to 1004.Lk http://roy.marples.name/projects/dhcpcd 1005