xref: /dragonfly/sbin/ifconfig/ifconfig.8 (revision 7485684f)

.\" Copyright (c) 1983, 1991, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     From: @(#)ifconfig.8	8.3 (Berkeley) 1/5/94
.\" $FreeBSD: src/sbin/ifconfig/ifconfig.8,v 1.124 2006/10/10 09:44:08 ru Exp $
.\"
.Dd December 15, 2023
.Dt IFCONFIG 8
.Os
.Sh NAME
.Nm ifconfig
.Nd configure network interface parameters
.Sh SYNOPSIS
.Nm
.Op Fl f Ar type:format Ns Op Ar ,type:format
.Op Fl L
.Op Fl k
.Op Fl m
.Op Fl n
.Ar interface
.Op Cm create
.Op Ar address_family
.Oo
.Ar address
.Op Ar dest_address
.Oc
.Op Ar parameters
.Nm
.Op Fl n
.Ar interface
.Cm destroy
.Nm
.Fl a
.Op Fl G Ar nogroup
.Op Fl L
.Oo
.Fl d |
.Fl u
.Oc
.Op Fl g Ar matchgroup
.Op Fl m
.Op Fl v
.Op Ar address_family
.Nm
.Fl l
.Oo
.Fl d |
.Fl u
.Oc
.Op Ar address_family
.Nm
.Op Fl L
.Oo
.Fl d |
.Fl u
.Oc
.Op Fl k
.Op Fl m
.Op Fl v
.Op Fl C
.Nm
.Op Fl g Ar groupname
.Sh DESCRIPTION
The
.Nm
utility is used to assign an address
to a network interface and/or configure
network interface parameters.
The
.Nm
utility must be used at boot time to define the network address
of each interface present on a machine; it may also be used at
a later time to redefine an interface's address
or other operating parameters.
.Pp
.Nm
displays the current configuration for a network interface
when no optional parameters are supplied.
If a protocol family is specified,
.Nm
will report only the details specific to that protocol family.
If no parameters are provided, a summary of all interfaces is provided.
.Pp
Only the super-user may modify the configuration of a network interface.
.Pp
The following options are available:
.Bl -tag -width indent
.It Fl a
Display information about all interfaces on the system.
.Pp
The
.Fl a
flag may be used instead of the
.Ar interface
argument.
This is the default, if no parameters are given to
.Nm .
.It Fl C
List all of the interface cloners available on the system,
with no additional information.
Use of this flag is mutually exclusive with all other flags and commands.
.It Fl d
Display only the interfaces that are down.
.It Fl f Xo
.Ar type Ns Cm \&: Ns Ar format Ns
.Op Cm \&, Ns Ar type Ns Cm \&: Ns Ar format Ar ...
.Xc
Control the output formats of
.Nm .
The format is specified as a comma-separated list of
.Ar type Ns Cm \&: Ns Ar format
pairs.
This option can be supplied multiple times.
Alternatively, the output formats can be specified via the
.Ev IFCONFIG_FORMAT
environment variable.
.Pp
The supported
.Ar type Ns s
and their associated
.Ar format
strings are:
.Bl -tag -width indent
.It Cm addr
Adjust the display of inet and inet6 addresses:
.Pp
.Bl -tag -width default -compact
.It Cm default
Default format, i.e.,
.Cm numeric
.It Cm fqdn
Fully qualified domain names
.Pq FQDN
.It Cm host
Unqualified hostnames
.It Cm numeric
Numeric format
.El
.It Cm ether
Adjust the display of link-level Ethernet (MAC) addresses:
.Pp
.Bl -tag -width default -compact
.It Cm colon
Separate address segments with a colon.
.It Cm dash
Separate address segments with a dash.
.It Cm default
Default format, i.e.,
.Cm colon .
.El
.It Cm inet
Adjust the display of inet address subnet masks:
.Pp
.Bl -tag -width default -compact
.It Cm cidr
CIDR notation, for example:
.Dq 10.0.0.0/8 ,
.Dq 203.0.113.224/26
.It Cm default
Default format, i.e.,
.Cm hex
.It Cm dotted
Dotted quad notation, for example:
.Dq 255.255.0.0 ,
.Dq 255.255.255.192
.It Cm hex
Hexidecimal format, for example:
.Dq 0xffff0000 ,
.Dq 0xffffffc0
.El
.It Cm inet6
Adjust the display of inet6 address prefixes (subnet masks):
.Pp
.Bl -tag -width default -compact
.It Cm cidr
CIDR notation, for example:
.Dq ::1/128 ,
.Dq fe80::1%lo0/64
.It Cm default
Default format, i.e.,
.Cm numeric
.It Cm numeric
Integer format, for example:
.Dq prefixlen 64
.El
.El
.It Fl G Ar groupname
Exclude members of the specified group from the output.
.Pp
Only one
.Fl G
flag should be specified, as the later one overrides previous ones.
The
.Ar groupname
argument may contain shell patterns, but should be quoted in that case.
.It Fl g Ar groupname
Limit the output to the members of the specified group.
.Pp
Only one
.Fl g
flag should be specified, as the later one overrides previous ones.
The
.Ar groupname
argument may contain shell patterns, but should be quoted in that case.
.Pp
If the
.Fl g
flag is specified before any other significant flags (e.g.,
.Fl a
or
.Fl C ) ,
then
.Nm
only lists the names of interfaces belonging to the specified group.
Any other flags and parameters are ignored in that case.
.Pp
Setting
.Ar groupname
to
.Cm all
selects all interfaces.
.It Fl k
Print keying information for the interface, if available.
.Pp
For example, the values of 802.11 WEP keys will be printed,
if accessible to the current user.
This information is not printed by default, as it may be
considered sensitive.
.It Fl L
Display address lifetime for IPv6 addresses as time offset string.
.It Fl l
List all available interfaces on the system,
with no other additional information.
.Pp
If an
.Ar address_family
is specified, only interfaces of that type will be listed.
If the
.Ar address_family
is set to
.Cm ether ,
then this flag will cause
.Nm
to exclude loopback interfaces from the list of Ethernet interfaces.
This is a special case, because all other synonyms of the
.Cm link
address family will include loopback interfaces in the list.
.Pp
Use of this flag is mutually exclusive with all other flags and
parameters, except for
.Fl d ,
.Fl g ,
and
.Fl u .
.It Fl m
Display the capability list,
the maximum amount of data that TCP segmentation offloading is
allowed to aggregate,
and all the supported media for an interface.
.It Fl n
Disable the automatic loading of network interface drivers.
.Pp
By default, if the network interface driver is not present in the kernel,
then
.Nm
will attempt to load it.
.It Fl u
Display only the interfaces that are up.
.It Fl v
Get more verbose status for an interface.
.It Ar interface
Specify the name of the interface to show or configure.
This parameter is usually a string of the form
.Dq name unit ,
for example,
.Dq em0 .
If the interface has been renamed, then this form no longer holds;
for example, an interface can be renamed to be
.Dq vpn-corp .
.It Ar address_family
Specify the address family that affects interpretation of the
remaining parameters.
Since an interface can receive transmissions in differing protocols
with different naming schemes, specifying the address family is
recommended.
.Pp
The address or protocol families currently supported are:
.Pp
.Bl -tag -width default -compact
.It Cm ether
Synonymous with
.Cm link
(with some exceptions, see the
.Fl l
option).
.It Cm inet
Default, if available.
.It Cm inet6
.It Cm link
Default if
.Cm inet
is not available.
.It Cm lladdr
Synonymous with
.Cm link .
.El
.It Ar address
For the
.Cm inet
family, the address is either a host name present in the host name
data base (see
.Xr hosts 5 ) ,
or an IPv4 address expressed in the Internet standard
.Dq dot notation
format.
.Pp
It is also possible to use the CIDR notation (also known as the
slash notation) to include the netmask.
That is, one can specify an address like
.Dq 192.168.0.1/16 .
.Pp
For the
.Cm inet6
family, it is also possible to specify the prefix length using the
slash notation, like
.Dq ::1/128 .
See the
.Cm prefixlen
parameter below for more information.
.Pp
The link-level
.Pq Cm link
address is specified as a series of colon-separated hex digits.
This can be used to, for example,
set a new MAC address on an Ethernet interface,
though the mechanism used is not Ethernet-specific.
.Pp
If the interface is already up when the link-level address is modified,
it will be briefly brought down and then brought back up again
in order to ensure that the receive filter in the underlying
Ethernet hardware is properly reprogrammed.
.It Ar dest_address
Specify the address of the correspondent on the other end
of a point-to-point link.
.El
.\"
.Sh PARAMETERS
.Pp
The following
.Ar parameters
may be set with
.Nm :
.Bl -tag -width indent
.It Cm add
Another name for the
.Cm alias
parameter.
Introduced for compatibility with
.Bsx .
.It Cm alias
Establish an additional network address for this interface.
This is sometimes useful when changing network numbers, and
one wishes to accept packets addressed to the old interface.
If the address is on the same subnet as the first network address
for this interface, a non-conflicting netmask must be given.
Usually
.Li 0xffffffff
is most appropriate.
.It Cm -alias
Remove the network address specified.
This would be used if you incorrectly specified an alias, or it
was no longer needed.
If you have incorrectly set an NS address having the side effect
of specifying the host portion, removing all NS addresses will
allow you to respecify the host portion.
.It Cm arp
Enable the use of the Address Resolution Protocol
.Pq Xr arp 4
in mapping
between network level addresses and link level addresses (default).
This is currently implemented for mapping between
Internet Protocol addresses and
.Tn IEEE
802 48-bit MAC addresses (Ethernet addresses).
.It Cm -arp
Disable the use of the Address Resolution Protocol
.Pq Xr arp 4 .
.It Cm broadcast
(inet only)
Specify the address to use to represent broadcasts to the network.
The default broadcast address is the address with a host part of all 1's.
.It Cm compress
Another name for the
.Cm link0
parameter.
.It Cm create
Create the specified network pseudo-device.
If the interface is given without a unit number,
try to create a new device with an arbitrary unit number.
If the creation of an arbitrary device is successful,
the new device name is printed,
unless the interface is renamed or destroyed in the same
.Nm
invocation.
.It Cm debug
Enable driver dependent debugging code; usually, this turns on
extra console error logging.
.It Cm -debug
Disable driver dependent debugging code.
.It Cm delete
Another name for the
.Cm -alias
parameter.
.It Cm descr Ns Oo Cm iption Oc Ar value
Specify a description for the interface.
This can be used to label interfaces in situations where they may
otherwise be difficult to distinguish.
.It Cm -descr Ns Op Cm iption
Clear the interface description.
.It Cm destroy
Destroy the specified network pseudo-device.
.It Cm down
Mark an interface
.Dq down .
When an interface is marked
.Dq down ,
the system will not attempt to
transmit messages through that interface.
If possible, the interface will be reset to disable reception as well.
This action does not automatically disable routes using the interface.
.It Cm group Ar group-name
Assign the interface to the specified group.
The name of the group may not be longer than 15 characters and
must not end in a digit.
An interface can be in multiple groups.
.Pp
Cloned interfaces are members of their interface family group by default.
For example, a tunnel interface such as
.Em tun0
is a member of the TUN interface family group,
.Em tun .
.\" The interface(s) that the default route(s) point to are members of the
.\" .Em egress
.\" interface group.
.It Cm -group Ar group-name
Remove the interface from the given group.
.It Cm link0 , link1 , link2
Enable special processing of the link level of the interface.
These three options are interface specific in actual effect;
however, they are in general used to select special modes of operation.
.Pp
An example of this is to enable SLIP compression,
or to select the connector type for some Ethernet cards.
Refer to the man page for the specific driver for more information.
.It Cm -link0 , -link1 , -link2
Disable special processing at the link level with the specified interface.
.It Cm media Ar type
If the driver supports the media selection system, set the media type
of the interface to
.Ar type .
Some interfaces support the mutually exclusive use of one of several
different physical media connectors.
For example, a 10Mbit/s Ethernet interface might support the use of either
.Tn AUI
or twisted pair connectors.
Setting the media type to
.Cm 10base5/AUI
would change the currently active connector to the AUI port.
Setting it to
.Cm 10baseT/UTP
would activate twisted pair.
Refer to the interfaces' driver specific documentation or man page
for a complete list of the available types.
.It Cm mediaopt Ar opts
If the driver supports the media selection system, set the specified
media options on the interface.
The
.Ar opts
argument is a comma-delimited list of options to apply to the interface.
Refer to the interfaces' driver specific man page for a complete
list of available options.
.It Cm -mediaopt Ar opts
If the driver supports the media selection system, disable the
specified media options on the interface.
.It Cm metric Ar n
Set the routing metric of the interface to
.Ar n ;
the default is 0.
The routing metric is used by the routing protocol
.Pq Xr routed 8 .
Higher metrics have the effect of making a route
less favorable; metrics are counted as additional hops
to the destination network or host.
.It Cm mode Ar mode
If the driver supports the media selection system, set the specified
operating mode on the interface to
.Ar mode .
For IEEE 802.11 wireless interfaces that support multiple operating modes
this directive is used to select between 802.11a
.Pq Cm 11a ,
802.11b
.Pq Cm 11b ,
and 802.11g
.Pq Cm 11g
operating modes.
.It Cm monitor
Put the interface in monitor mode.
No packets are transmitted, and received packets are discarded after
.Xr bpf 4
processing.
.It Cm -monitor
Take the interface out of monitor mode.
.It Cm mtu Ar n
Set the maximum transmission unit of the interface to
.Ar n ;
the default is interface specific.
The MTU is used to limit the size of packets that are transmitted on an
interface.
Not all interfaces support setting the MTU, and some interfaces have
range restrictions.
.It Cm name Ar name
Set the interface name to
.Ar name .
.It Cm netmask Ar mask
.\" (Inet and ISO.)
(inet only)
Specify how much of the address to reserve for subdividing
networks into sub-networks.
The mask includes the network part of the local address
and the subnet part, which is taken from the host field of the address.
The mask can be specified as a single hexadecimal number
with a leading
.Ql 0x ,
with a dot-notation Internet address,
or with a pseudo-network name listed in the network table
.Xr networks 5 .
The mask contains 1's for the bit positions in the 32-bit address
which are to be used for the network and subnet parts,
and 0's for the host part.
The mask should contain at least the standard network portion,
and the subnet field should be contiguous with the network
portion.
.Pp
The netmask can also be specified in CIDR notation after the address.
See the
.Ar address
option above for more information.
.It Cm noicmp
Another name for the
.Cm link1
parameter.
.It Cm normal
Another name for the
.Cm -link0
parameter.
.It Cm plumb
Another name for the
.Cm create
parameter.
Included for
.Tn Solaris
compatibility.
.It Cm pollcpu Ar cpu
(deprecated)
Use the
.Cm polling
or
.Cm npolling
parameters below instead.
.It Cm polling , npolling
Turn on
.Xr polling 4
feature and disable interrupts on the interface, if the driver supports
this mode.
.It Cm -polling , -npolling
Turn off
.Xr polling 4
feature and enable interrupt mode on the interface.
.It Cm promisc
Put interface into permanently promiscuous mode.
.It Cm -promisc
Disable permanently promiscuous mode.
.It Cm remove
Another name for the
.Cm -alias
parameter.
Introduced for compatibility
with
.Bsx .
.It Cm rss
If the driver supports Receive Side Scaling (RSS),
enable RSS on the interface.
.It Cm -rss
If the driver supports Receive Side Scaling (RSS),
disable RSS on the interface.
.It Cm rxcsum , txcsum
If the driver supports user-configurable checksum offloading,
enable receive (or transmit) checksum offloading on the interface.
Some drivers may not be able to enable these flags independently
of each other, so setting one may also set the other.
The driver will offload as much checksum work as it can reliably
support, the exact level of offloading varies between drivers.
.It Cm -rxcsum , -txcsum
If the driver supports user-configurable checksum offloading,
disable receive (or transmit) checksum offloading on the interface.
These settings may not always be independent of each other.
.It Cm staticarp
If the Address Resolution Protocol is enabled,
the host will only reply to requests for its addresses,
and will never send any requests.
.It Cm -staticarp
If the Address Resolution Protocol is enabled,
the host will perform normally,
sending out requests and listening for replies.
.It Cm tso
If the driver supports TCP segmentation offloading (TSO),
enable TSO on the interface.
.It Cm -tso
If the driver supports TCP segmentation offloading (TSO),
disable TSO on the interface.
.It Cm tsolen Ar n
Set the maximum amount of data that TCP segmentation offloading (TSO)
is allowed to aggregate to
.Ar n ,
the default value is interface specific.
This setting only takes effect on interfaces that support TSO.
.It Cm unplumb
Another name for the
.Cm destroy
parameter.
Included for
.Tn Solaris
compatibility.
.It Cm up
Mark an interface
.Dq up .
This may be used to enable an interface after an
.Dq Nm Cm down .
It happens automatically when setting the first address on an interface.
If the interface was reset when previously marked down,
the hardware will be re-initialized.
.It Cm vlanmtu , vlanhwtag
If the driver offers user-configurable VLAN support, enable
reception of extended frames or tag processing in hardware,
respectively.
Note that this must be issued on a physical interface associated with
.Xr vlan 4 ,
not on a
.Xr vlan 4
interface itself.
.It Cm -vlanmtu , -vlanhwtag
If the driver offers user-configurable VLAN support, disable
reception of extended frames or tag processing in hardware,
respectively.
.El
.\"
.Ss IPv6 Parameters
The following parameters are specific to IPv6 addresses.
Note that the
.Ar address_family
argument must be specified as
.Cm inet6
for them.
.Bl -tag -width indent
.It Cm anycast
Specify that the address configured is an anycast address.
Based on the current specification,
only routers may configure anycast addresses.
Anycast address will not be used as source address of any of
outgoing IPv6 packets.
.It Cm autoconf
Enable IPv6 auto-configuration.
.It Cm -autoconf
Disable IPv6 auto-configuration.
.It Cm deprecated
Set the IPv6 deprecated address bit.
.It Cm -deprecated
Clear the IPv6 deprecated address bit.
.It Cm eui64
Automatically configure the interface identifier
(i.e., lowermost 64 bits of an IPv6 address)
using the EUI-64 (Extended Unique Identifier) format.
.It Cm pltime Ar n
Set the preferred lifetime for the address.
.It Cm prefixlen Ar len
Specify that
.Ar len
bits are reserved for subdividing networks into sub-networks.
The
.Ar len
must be integer, and for syntactical reason it must be between 0 to 128.
It is almost always 64 under the current IPv6 assignment rule.
If the parameter is omitted, 64 is used.
.Pp
The prefix length can also be specified using the slash notation
after the address.
See the
.Ar address
option above for more information.
.It Cm tentative
Set the IPv6 tentative address bit.
.It Cm -tentative
Clear the IPv6 tentative address bit.
.It Cm vltime Ar n
Set the valid lifetime for the address.
.El
.\"
.Ss IEEE 802.11 Wireless Interface Cloning Parameters
The following parameters are specific to cloning
IEEE 802.11 wireless interfaces with the
.Cm create
request:
.Bl -tag -width indent
.It Cm wlandev Ar device
Use
.Ar device
as the parent for the cloned device.
.It Cm wlanmode Ar mode
Specify the operating mode for this cloned device.
.Ar mode
is one of
.Cm sta ,
.Cm ahdemo
(or
.Cm adhoc-demo ) ,
.Cm ibss
(or
.Cm adhoc ) ,
.Cm ap
(or
.Cm hostap ) ,
.Cm wds ,
.Cm tdma ,
.Cm mesh ,
and
.Cm monitor .
The operating mode of a cloned interface cannot be changed.
The
.Cm tdma
mode is actually implemented as an
.Cm adhoc-demo
interface with special properties.
.It Cm wlanbssid Ar bssid
The 802.11 MAC address to use for the bssid.
This must be specified at create time for a legacy
.Cm wds
device.
.It Cm wlanaddr Ar address
The local MAC address.
If this is not specified then a MAC address will automatically be assigned
to the cloned device.
Typically this address is the same as the address of the parent device
but if the
.Cm bssid
parameter is specified then the driver will craft a unique address for
the device (if supported).
.It Cm wdslegacy
Mark a
.Cm wds
device as operating in
.Dq legacy mode .
Legacy
.Cm wds
devices have a fixed peer relationship and do not, for example, roam
if their peer stops communicating.
For completeness, a Dynamic WDS (DWDS) interface may be marked as
.Cm -wdslegacy .
.It Cm bssid
Request a unique local MAC address for the cloned device.
This is only possible if the device supports multiple MAC addresses.
To force use of the parent's MAC address, use
.Cm -bssid .
.It Cm beacons
Mark the cloned interface as depending on hardware support to
track received beacons.
To have beacons tracked in software, use
.Cm -beacons .
For
.Cm hostap
mode,
.Cm -beacons
can also be used to indicate no beacons should be transmitted;
this can be useful when creating a WDS configuration but
.Cm wds
interfaces can only be created as companions to an access point (AP).
.El
.\"
.Ss IEEE 802.11 Wireless Cloned Interface Parameters
The following parameters are specific to IEEE 802.11 wireless interfaces
cloned with a
.Cm create
operation:
.Bl -tag -width indent
.It Cm ampdu
Enable sending and receiving AMPDU frames when using 802.11n (default).
The 802.11n specification states a compliant station must be capable
of receiving AMPDU frames but transmission is optional.
Use
.Cm -ampdu
to disable all use of AMPDU with 802.11n.
For testing and/or to work around interoperability problems one can use
.Cm ampdutx
and
.Cm ampdurx
to control use of AMPDU in one direction.
.It Cm ampdudensity Ar density
Set the AMPDU density parameter used when operating with 802.11n.
This parameter controls the inter-packet gap for AMPDU frames.
The sending device normally controls this setting but a receiving station
may request wider gaps.
Legal values for
.Ar density
are 0, .25, .5, 1, 2, 4, 8, and 16 (microseconds).
A value of
.Cm -
is treated the same as 0.
.It Cm ampdulimit Ar limit
Set the limit on packet size for receiving AMPDU frames when operating
with 802.11n.
Legal values for
.Ar limit
are 8192, 16384, 32768, and 65536 but one can also specify
just the unique prefix: 8, 16, 32, 64.
Note the sender may limit the size of AMPDU frames to be less
than the maximum specified by the receiving station.
.It Cm amsdu
Enable sending and receiving AMSDU frames when using 802.11n.
By default AMSDU is received but not transmitted.
Use
.Cm -amsdu
to disable all use of AMSDU with 802.11n.
For testing and/or to work around interoperability problems one can use
.Cm amsdutx
and
.Cm amsdurx
to control use of AMSDU in one direction.
.It Cm amsdulimit Ar limit
Set the limit on packet size for sending and receiving AMSDU frames
when operating with 802.11n.
Legal values for
.Ar limit
are 7935 and 3839 (bytes).
Note the sender may limit the size of AMSDU frames to be less
than the maximum specified by the receiving station.
Note also that devices are not required to support the 7935 limit,
only 3839 is required by the specification and the larger value
may require more memory to be dedicated to support functionality
that is rarely used.
.It Cm apbridge
When operating as an access point, pass packets between
wireless clients directly (default).
To instead let them pass up through the
system and be forwarded using some other mechanism, use
.Cm -apbridge .
Disabling the internal bridging
is useful when traffic is to be processed with
packet filtering.
.It Cm authmode Ar mode
Set the desired authentication mode in infrastructure mode.
Not all adapters support all modes.
The set of
valid modes is
.Cm none , open , shared
(shared key),
.Cm 8021x
(IEEE 802.1x),
and
.Cm wpa
(IEEE WPA/WPA2/802.11i).
The
.Cm 8021x
and
.Cm wpa
modes are only useful when using an authentication service
(a supplicant for client operation or an authenticator when
operating as an access point).
Modes are case insensitive.
.It Cm bgscan
Enable background scanning when operating as a station.
Background scanning is a technique whereby a station associated to
an access point will temporarily leave the channel to scan for
neighboring stations.
This allows a station to maintain a cache of nearby access points
so that roaming between access points can be done without
a lengthy scan operation.
Background scanning is done only when a station is not busy and
any outbound traffic will cancel a scan operation.
Background scanning should never cause packets to be lost though
there may be some small latency if outbound traffic interrupts a
scan operation.
By default background scanning is enabled if the device is capable.
To disable background scanning, use
.Cm -bgscan .
Background scanning is controlled by the
.Cm bgscanidle
and
.Cm bgscanintvl
parameters.
Background scanning must be enabled for roaming; this is an artifact
of the current implementation and may not be required in the future.
.It Cm bgscanidle Ar idletime
Set the minimum time a station must be idle (not transmitting or
receiving frames) before a background scan is initiated.
The
.Ar idletime
parameter is specified in milliseconds.
By default a station must be idle at least 250 milliseconds before
a background scan is initiated.
The idle time may not be set to less than 100 milliseconds.
.It Cm bgscanintvl Ar interval
Set the interval at which background scanning is attempted.
The
.Ar interval
parameter is specified in seconds.
By default a background scan is considered every 300 seconds (5 minutes).
The
.Ar interval
may not be set to less than 15 seconds.
.It Cm bintval Ar interval
Set the interval at which beacon frames are sent when operating in
ad-hoc or AP mode.
The
.Ar interval
parameter is specified in TU's (1024 microseconds).
By default beacon frames are transmitted every 100 TU's.
.It Cm bmissthreshold Ar count
Set the number of consecutive missed beacons at which the station
will attempt to roam (i.e., search for a new access point).
The
.Ar count
parameter must be in the range 1 to 255; though the
upper bound may be reduced according to device capabilities.
The default threshold is 7 consecutive missed beacons; but
this may be overridden by the device driver.
Another name for the
.Cm bmissthreshold
parameter is
.Cm bmiss .
.It Cm bssid Ar address
Specify the MAC address of the access point to use when operating
as a station in a BSS network.
This overrides any automatic selection done by the system.
To disable a previously selected access point, supply
.Cm any , none ,
or
.Cm -
for the address.
This option is useful when more than one access point uses the same SSID.
Another name for the
.Cm bssid
parameter is
.Cm ap .
.It Cm burst
Enable packet bursting.
Packet bursting is a transmission technique whereby the wireless
medium is acquired once to send multiple frames and the interframe
spacing is reduced.
This technique can significantly increase throughput by reducing
transmission overhead.
Packet bursting is supported by the 802.11e QoS specification
and some devices that do not support QoS may still be capable.
By default packet bursting is enabled if a device is capable
of doing it.
To disable packet bursting, use
.Cm -burst .
.It Cm chanlist Ar channels
Set the desired channels to use when scanning for access
points, neighbors in an IBSS network, or looking for unoccupied
channels when operating as an access point.
The set of channels is specified as a comma-separated list with
each element in the list representing either a single channel number
or a range of the form
.Dq Li a-b .
Channel numbers must be in the range 1 to 255 and be permissible
according to the operating characteristics of the device.
.It Cm channel Ar number
Set a single desired channel.
Channels range from 1 to 255, but the exact selection available
depends on the region your adapter was manufactured for.
Setting the channel to
.Cm any ,
or
.Cm -
will clear any desired channel and, if the device is marked up,
force a scan for a channel to operate on.
Alternatively the frequency, in megahertz, may be specified
instead of the channel number.
.Pp
When there are several ways to use a channel the channel
number/frequency may be appended with attributes to clarify.
For example, if a device is capable of operating on channel 6
with 802.11n and 802.11g then one can specify that g-only use
should be used by specifying
.Dq 6:g .
Similarly the channel width can be specified by appending it with
.Ql / ;
for example,
.Dq 6/40
specifies a 40MHz wide channel,
These attributes can be combined as in
.Dq 6:ht/40 .
.Pp
The full set of flags specified following a
.Ql \&:
are:
.Pp
.Bl -tag -compact
.It Cm a
802.11a
.It Cm b
802.11b
.It Cm d
Atheros Dynamic Turbo mode
.It Cm g
802.11g
.It Cm h
Same as
.Cm n
.It Cm n
802.11n, aka HT
.It Cm s
Atheros Static Turbo mode
.It Cm t
Atheros Dynamic Turbo mode, or appended to
.Cm st
and
.Cm dt
.El
.Pp
The full set of channel widths following a
.Ql \&/
are:
.Pp
.Bl -tag -compact
.It Cm 5
5MHz, aka quarter-rate channel
.It Cm 10
10MHz, aka half-rate channel
.It Cm 20
20MHz, mostly for use in specifying
.Cm ht20
.It Cm 40
40MHz, mostly for use in specifying
.Cm ht40
.El
.Pp
In addition, a 40MHz HT channel specification may include the location
of the extension channel by appending
.Ql +
or
.Ql -
for above and below, respectively; e.g.,
.Dq 2437:ht/40+
specifies 40MHz wide HT operation
with the center channel at frequency 2437 and the extension channel above.
.It Cm country Ar name
Set the country code to use in calculating the regulatory constraints
for operation.
In particular the set of available channels, how the wireless device
will operation on the channels, and the maximum transmit power that
can be used on a channel are defined by this setting.
Country/Region codes are specified as a 2-character abbreviation
defined by ISO 3166 or using a longer, but possibly ambiguous, spelling;
e.g.,
.Dq ES
and
.Dq Spain .
The set of country codes are taken from
.Pa /etc/regdomain.xml
and can also be viewed with the
.Cm list countries
request.
Note that not all devices support changing the country code from a default
setting; typically stored in EEPROM.
See also
.Cm regdomain ,
.Cm indoor ,
.Cm outdoor ,
and
.Cm anywhere .
.It Cm dfs
Enable Dynamic Frequency Selection (DFS) as specified in 802.11h.
DFS embodies several facilities including detection of overlapping
radar signals, dynamic transmit power control, and channel selection
according to a least-congested criteria.
DFS support is mandatory for some 5GHz frequencies in certain
locales (e.g.\& ETSI).
By default DFS is enabled according to the regulatory definitions
specified in
.Pa /etc/regdomain.xml
and the current country code, regdomain, and channel.
Note the underlying device (and driver) must support radar detection
for full DFS support to work.
To be fully compliant with the local regulatory agency frequencies that
require DFS should not be used unless it is fully supported.
Use
.Cm -dfs
to disable this functionality for testing.
.It Cm dotd
Enable support for the 802.11d specification (default).
When this support is enabled in station mode, beacon frames that advertise
a country code different than the currently configured country code will
cause an event to be dispatched to user applications.
This event can be used by the station to adopt that country code and
operate according to the associated regulatory constraints.
When operating as an access point with 802.11d enabled the beacon and
probe response frames transmitted will advertise the current regulatory
domain settings.
To disable 802.11d, use
.Cm -dotd .
.It Cm doth
Enable 802.11h support including spectrum management.
When 802.11h is enabled beacon and probe response frames will have
the SpectrumMgt bit set in the capabilities field and
country and power constraint information elements will be present.
802.11h support also includes handling Channel Switch Announcements (CSA)
which are a mechanism to coordinate channel changes by an access point.
By default 802.11h is enabled if the device is capable.
To disable 802.11h, use
.Cm -doth .
.It Cm deftxkey Ar index
Set the default key to use for transmission.
Typically this is only set when using WEP encryption.
Note that you must set a default transmit key
for the system to know which key to use in encrypting outbound traffic.
The
.Cm weptxkey
is an alias for this request; it is provided for backwards compatibility.
.It Cm dtimperiod Ar period
Set the
DTIM
period for transmitting buffered multicast data frames when
operating in AP mode.
The
.Ar period
specifies the number of beacon intervals between DTIM
and must be in the range 1 to 15.
By default DTIM is 1 (i.e., DTIM occurs at each beacon).
.It Cm dturbo
Enable the use of Atheros Dynamic Turbo mode when communicating with
another Dynamic Turbo-capable station.
Dynamic Turbo mode is an Atheros-specific mechanism by which
stations switch between normal 802.11 operation and a
.Dq boosted
mode in which a 40MHz wide channel is used for communication.
Stations using Dynamic Turbo mode operate boosted only when the
channel is free of non-dturbo stations; when a non-dturbo station
is identified on the channel all stations will automatically drop
back to normal operation.
By default, Dynamic Turbo mode is not enabled, even if the device is capable.
Note that turbo mode (dynamic or static) is only allowed on some
channels depending on the regulatory constraints; use the
.Cm list chan
command to identify the channels where turbo mode may be used.
To disable Dynamic Turbo mode, use
.Cm -dturbo .
.It Cm dwds
Enable Dynamic WDS (DWDS) support.
DWDS is a facility by which 4-address traffic can be carried between
stations operating in infrastructure mode.
A station first associates to an access point and authenticates using
normal procedures (e.g.\& WPA).
Then 4-address frames are passed to carry traffic for stations
operating on either side of the wireless link.
DWDS extends the normal WDS mechanism by leveraging existing security
protocols and eliminating static binding.
.Pp
When DWDS is enabled on an access point 4-address frames received from
an authorized station will generate a
.Dq DWDS discovery
event to user applications.
This event should be used to create a WDS interface that is bound
to the remote station (and usually plumbed into a bridge).
Once the WDS interface is up and running 4-address traffic then logically
flows through that interface.
.Pp
When DWDS is enabled on a station, traffic with a destination address
different from the peer station are encapsulated in a 4-address frame
and transmitted to the peer.
All 4-address traffic uses the security information of the stations
(e.g.\& cryptographic keys).
A station is associated using 802.11n facilities may transport
4-address traffic using these same mechanisms; this depends on available
resources and capabilities of the device.
The DWDS implementation guards against layer 2 routing loops of
multicast traffic.
.It Cm ff
Enable the use of Atheros Fast Frames when communicating with
another Fast Frames-capable station.
Fast Frames are an encapsulation technique by which two 802.3
frames are transmitted in a single 802.11 frame.
This can noticeably improve throughput but requires that the
receiving station understand how to decapsulate the frame.
Fast frame use is negotiated using the Atheros 802.11 vendor-specific
protocol extension so enabling use is safe when communicating with
non-Atheros devices.
By default, use of fast frames is enabled if the device is capable.
To explicitly disable fast frames, use
.Cm -ff .
.It Cm fragthreshold Ar length
Set the threshold for which transmitted frames are broken into fragments.
The
.Ar length
argument is the frame size in bytes and must be in the range 256 to 2346.
Setting
.Ar length
to
.Cm 2346 , any ,
or
.Cm -
disables transmit fragmentation.
Not all adapters honor the fragmentation threshold.
.It Cm hidessid
When operating as an access point, do not broadcast the SSID
in beacon frames or respond to probe request frames unless
they are directed to the AP (i.e., they include the AP's SSID).
By default, the SSID is included in beacon frames and
undirected probe request frames are answered.
To re-enable the broadcast of the SSID etc., use
.Cm -hidessid .
.It Cm ht
Enable use of High Throughput (HT) when using 802.11n (default).
The 802.11n specification includes mechanisms for operation
on 20MHz and 40MHz wide channels using different signaling mechanisms
than specified in 802.11b, 802.11g, and 802.11a.
Stations negotiate use of these facilities, termed HT20 and HT40,
when they associate.
To disable all use of 802.11n, use
.Cm -ht ;
to disable use of HT20 (e.g.\& to force only HT40 use), use
.Cm -ht20 ;
to disable use of HT40, use
.Cm -ht40 .
.Pp
HT configuration is used to
.Dq auto promote
operation when several choices are available.
For example, if a station associates to an 11n-capable access point
it controls whether the station uses legacy operation, HT20, or HT40.
When an 11n-capable device is setup as an access point and
Auto Channel Selection is used to locate a channel to operate on,
HT configuration controls whether legacy, HT20, or HT40 operation is setup
on the selected channel.
If a fixed channel is specified for a station then HT configuration can
be given as part of the channel specification; e.g.,
.Dq 6:ht/20
to setup HT20 operation on channel 6.
.It Cm htcompat
Enable use of compatibility support for pre-802.11n devices (default).
The 802.11n protocol specification went through several incompatible iterations.
Some vendors implemented 11n support to older specifications that
will not interoperate with a purely 11n-compliant station.
In particular the information elements included in management frames
for old devices are different.
When compatibility support is enabled both standard and compatible data
will be provided.
Stations that associate using the compatibility mechanisms are flagged in
.Cm list sta
operation.
To disable compatibility support, use
.Cm -htcompat .
.It Cm htprotmode Ar technique
For interfaces operating in 802.11n, use the specified
.Ar technique
for protecting HT frames in a mixed legacy/HT network.
The set of valid techniques is
.Cm off ,
and
.Cm rts
(RTS/CTS, default).
Technique names are case insensitive.
.It Cm inact
Enable inactivity processing for stations associated to an
access point (default).
When operating as an access point the 802.11 layer monitors
the activity of each associated station.
When a station is inactive for 5 minutes it will send several
.Dq probe frames
to see if the station is still present.
If no response is received then the station is deauthenticated.
Applications that prefer to handle this work can disable this
facility by using
.Cm -inact .
.It Cm indoor
Set the location to use in calculating regulatory constraints.
The location is also advertised in beacon and probe response frames
when 802.11d is enabled with
.Cm dotd .
See also
.Cm outdoor ,
.Cm anywhere ,
.Cm country ,
and
.Cm regdomain .
.It Cm list active
Display the list of channels available for use taking into account
any restrictions set with the
.Cm chanlist
directive.
See the description of
.Cm list chan
for more information.
.It Cm list caps
Display the adaptor's capabilities, including the operating
modes supported.
.It Cm list chan
Display the list of channels available for use.
Channels are shown with their IEEE channel number, equivalent
frequency, and usage modes.
Channels identified as
.Ql 11g
are also usable in
.Ql 11b
mode.
Channels identified as
.Ql 11a Turbo
may be used only for Atheros' Static Turbo mode
(specified with
.Cm mediaopt turbo ) .
Channels marked with a
.Ql *
have a regulatory constraint that they be passively scanned.
This means a station is not permitted to transmit on the channel until
it identifies the channel is being used for 802.11 communication;
typically by hearing a beacon frame from an access point operating
on the channel.
.Cm list freq
is another way of requesting this information.
By default a compacted list of channels is displayed; if the
.Fl v
option is specified then all channels are shown.
.It Cm list countries
Display the set of country codes and regulatory domains that can be
used in regulatory configuration.
.It Cm list mac
Display the current MAC Access Control List state.
Each address is prefixed with a character that indicates the
current policy applied to it:
.Ql +
indicates the address is allowed access,
.Ql -
indicates the address is denied access,
.Ql *
indicates the address is present but the current policy open
(so the ACL is not consulted).
.It Cm list mesh
Displays the mesh routing table, used for forwarding packets on a mesh
network.
.It Cm list regdomain
Display the current regulatory settings including the available channels
and transmit power caps.
.It Cm list roam
Display the parameters that govern roaming operation.
.It Cm list txparam
Display the parameters that govern transmit operation.
.It Cm list txpower
Display the transmit power caps for each channel.
.It Cm list scan
Display the access points and/or ad-hoc neighbors
located in the vicinity.
This information may be updated automatically by the adapter
with a
.Cm scan
request or through background scanning.
Depending on the capabilities of the stations the following
flags can be included in the output:
.Bl -tag -width 3n
.It Li A
Authorized.
Indicates that the station is permitted to send/receive data frames.
.It Li E
Extended Rate Phy (ERP).
Indicates that the station is operating in an 802.11g network
using extended transmit rates.
.It Li H
High Throughput (HT).
Indicates that the station is using HT transmit rates.
If a
.Ql +
follows immediately after then the station associated
using deprecated mechanisms supported only when
.Cm htcompat
is enabled.
.It Li P
Power Save.
Indicates that the station is operating in power save mode.
.It Li Q
Quality of Service (QoS).
Indicates that the station is using QoS encapsulation for
data frame.
QoS encapsulation is enabled only when WME mode is enabled.
.It Li T
Transitional Security Network (TSN).
Indicates that the station associated using TSN; see also
.Cm tsn
below.
.It Li W
Wi-Fi Protected Setup (WPS).
Indicates that the station associated using WPS.
.El
.Pp
By default interesting information elements captured from the neighboring
stations are displayed at the end of each row.
Possible elements include:
.Cm WME
(station supports WME),
.Cm WPA
(station supports WPA),
.Cm WPS
(station supports WPS),
.Cm RSN
(station supports 802.11i/RSN),
.Cm HTCAP
(station supports 802.11n/HT communication),
.Cm ATH
(station supports Atheros protocol extensions),
.Cm VEN
(station supports unknown vendor-specific extensions).
If the
.Fl v
flag is used all the information elements and their
contents will be shown.
Specifying the
.Fl v
flag also enables display of long SSIDs.
The
.Cm list ap
command is another way of requesting this information.
.It Cm list sta
When operating as an access point display the stations that are
currently associated.
When operating in ad-hoc mode display stations identified as
neighbors in the IBSS.
When operating in mesh mode display stations identified as
neighbors in the MBSS.
When operating in station mode display the access point.
Capabilities advertised by the stations are described under
the
.Cm scan
request.
Depending on the capabilities of the stations the following
flags can be included in the output:
.Bl -tag -width 3n
.It Li A
Authorized.
Indicates that the station is permitted to send/receive data frames.
.It Li E
Extended Rate Phy (ERP).
Indicates that the station is operating in an 802.11g network
using extended transmit rates.
.It Li H
High Throughput (HT).
Indicates that the station is using HT transmit rates.
If a
.Ql +
follows immediately after then the station associated
using deprecated mechanisms supported only when
.Cm htcompat
is enabled.
.It Li P
Power Save.
Indicates that the station is operating in power save mode.
.It Li Q
Quality of Service (QoS).
Indicates that the station is using QoS encapsulation for
data frame.
QoS encapsulation is enabled only when WME mode is enabled.
.It Li T
Transitional Security Network (TSN).
Indicates that the station associated using TSN; see also
.Cm tsn
below.
.It Li W
Wi-Fi Protected Setup (WPS).
Indicates that the station associated using WPS.
.El
.Pp
By default information elements received from associated stations
are displayed in a short form; the
.Fl v
flag causes this information to be displayed symbolically.
.It Cm list wme
Display the current channel parameters to use when operating in WME mode.
If the
.Fl v
option is specified then both channel and BSS parameters are displayed
for each AC (first channel, then BSS).
When WME mode is enabled for an adapter this information will be
displayed with the regular status; this command is mostly useful
for examining parameters when WME mode is disabled.
See the description of the
.Cm wme
directive for information on the various parameters.
.It Cm lscan
A variant of
.Cm scan
(see below) that displays long SSIDs.
.It Cm maxretry Ar count
Set the maximum number of tries to use in sending unicast frames.
The default setting is 6 but drivers may override this with a value
they choose.
.It Cm mcastrate Ar rate
Set the rate for transmitting multicast/broadcast frames.
Rates are specified as megabits/second in decimal;
e.g.\& 5.5 for 5.5 Mb/s.
This rate should be valid for the current operating conditions;
if an invalid rate is specified drivers are free to choose an
appropriate rate.
.It Cm mgtrate Ar rate
Set the rate for transmitting management and/or control frames.
Rates are specified as megabits/second in decimal;
e.g.\& 5.5 for 5.5 Mb/s.
.It Cm outdoor
Set the location to use in calculating regulatory constraints.
The location is also advertised in beacon and probe response frames
when 802.11d is enabled with
.Cm dotd .
See also
.Cm anywhere ,
.Cm country ,
.Cm indoor ,
and
.Cm regdomain .
.It Cm powersave
Enable powersave operation.
When operating as a client, the station will conserve power by
periodically turning off the radio and listening for
messages from the access point telling it there are packets waiting.
The station must then retrieve the packets.
Not all devices support power save operation as a client.
The 802.11 specification requires that all access points support
power save but some drivers do not.
Use
.Cm -powersave
to disable powersave operation when operating as a client.
.It Cm powersavemode Ar mode
Set powersave mode.
The set of valid modes is
.Cm off
(same as
.Cm -powersave ) ,
.Cm on
(same as
.Cm powersave ) ,
and
.Cm cam
(same as
.Cm powersave ) .
.It Cm powersavesleep Ar sleep
Set the desired max powersave sleep time in TU's (1024 microseconds).
By default the max powersave sleep time is 100 TU's.
.It Cm protmode Ar technique
For interfaces operating in 802.11g, use the specified
.Ar technique
for protecting OFDM frames in a mixed 11b/11g network.
The set of valid techniques is
.Cm off , cts
(CTS to self),
and
.Cm rtscts
(RTS/CTS).
Technique names are case insensitive.
Not all devices support
.Cm cts
as a protection technique.
.It Cm pureg
When operating as an access point in 802.11g mode allow only
11g-capable stations to associate (11b-only stations are not
permitted to associate).
To allow both 11g and 11b-only stations to associate, use
.Cm -pureg .
.It Cm puren
When operating as an access point in 802.11n mode allow only
HT-capable stations to associate (legacy stations are not
permitted to associate).
To allow both HT and legacy stations to associate, use
.Cm -puren .
.It Cm regdomain Ar sku
Set the regulatory domain to use in calculating the regulatory constraints
for operation.
In particular the set of available channels, how the wireless device
will operation on the channels, and the maximum transmit power that
can be used on a channel are defined by this setting.
Regdomain codes (SKU's) are taken from
.Pa /etc/regdomain.xml
and can also be viewed with the
.Cm list countries
request.
Note that not all devices support changing the regdomain from a default
setting; typically stored in EEPROM.
See also
.Cm country ,
.Cm indoor ,
.Cm outdoor ,
and
.Cm anywhere .
.It Cm rifs
Enable use of Reduced InterFrame Spacing (RIFS) when operating in 802.11n
on an HT channel.
Note that RIFS must be supported by both the station and access point
for it to be used.
To disable RIFS, use
.Cm -rifs .
.It Cm roam:rate Ar rate
Set the threshold for controlling roaming when operating in a BSS.
The
.Ar rate
parameter specifies the transmit rate in megabits
at which roaming should be considered.
If the current transmit rate drops below this setting and background scanning
is enabled, then the system will check if a more desirable access point is
available and switch over to it.
The current scan cache contents are used if they are considered
valid according to the
.Cm scanvalid
parameter; otherwise a background scan operation is triggered before
any selection occurs.
Each channel type has a separate rate threshold; the default values are:
12 Mb/s (11a), 2 Mb/s (11b), 2 Mb/s (11g), MCS 1 (11na, 11ng).
.It Cm roam:rssi Ar rssi
Set the threshold for controlling roaming when operating in a BSS.
The
.Ar rssi
parameter specifies the receive signal strength in dBm units
at which roaming should be considered.
If the current rssi drops below this setting and background scanning
is enabled, then the system will check if a more desirable access point is
available and switch over to it.
The current scan cache contents are used if they are considered
valid according to the
.Cm scanvalid
parameter; otherwise a background scan operation is triggered before
any selection occurs.
Each channel type has a separate rssi threshold; the default values are
all 7 dBm.
.It Cm roaming Ar mode
When operating as a station, control how the system will
behave when communication with the current access point
is broken.
The
.Ar mode
argument may be one of
.Cm device
(leave it to the hardware device to decide),
.Cm auto
(handle either in the device or the operating system\[em]as appropriate),
.Cm manual
(do nothing until explicitly instructed).
By default, the device is left to handle this if it is
capable; otherwise, the operating system will automatically
attempt to reestablish communication.
Manual mode is used by applications such as
.Xr wpa_supplicant 8
that want to control the selection of an access point.
.It Cm rtsthreshold Ar length
Set the threshold for which
transmitted frames are preceded by transmission of an
RTS
control frame.
The
.Ar length
argument
is the frame size in bytes and must be in the range 1 to 2346.
Setting
.Ar length
to
.Cm 2346 , any ,
or
.Cm -
disables transmission of RTS frames.
Not all adapters support setting the RTS threshold.
.It Cm scan
Initiate a scan of neighboring stations, wait for it to complete, and
display all stations found.
Only the super-user can initiate a scan.
See
.Cm list scan
for information on the display.
By default a background scan is done; otherwise a foreground
scan is done and the station may roam to a different access point.
The
.Cm list scan
request can be used to show recent scan results without
initiating a new scan.
.It Cm scanvalid Ar threshold
Set the maximum time the scan cache contents are considered valid;
i.e., will be used without first triggering a scan operation to
refresh the data.
The
.Ar threshold
parameter is specified in seconds and defaults to 60 seconds.
The minimum setting for
.Ar threshold
is 10 seconds.
One should take care setting this threshold; if it is set too low
then attempts to roam to another access point may trigger unnecessary
background scan operations.
.It Cm shortgi
Enable use of Short Guard Interval when operating in 802.11n
on an HT channel.
NB: this currently enables Short GI on both HT40 and HT20 channels.
To disable Short GI, use
.Cm -shortgi .
.It Cm smps
Enable use of Static Spatial Multiplexing Power Save (SMPS)
when operating in 802.11n.
A station operating with Static SMPS maintains only a single
receive chain active (this can significantly reduce power consumption).
To disable SMPS, use
.Cm -smps .
.It Cm smpsdyn
Enable use of Dynamic Spatial Multiplexing Power Save (SMPS)
when operating in 802.11n.
A station operating with Dynamic SMPS maintains only a single
receive chain active but switches to multiple receive chains when it
receives an RTS frame (this can significantly reduce power consumption).
Note that stations cannot distinguish between RTS/CTS intended to
enable multiple receive chains and those used for other purposes.
To disable SMPS, use
.Cm -smps .
.It Cm ssid Ar ssid
Set the desired Service Set Identifier (aka network name).
The SSID is a string up to 32 characters
in length and may be specified as either a normal string or in
hexadecimal when preceded by
.Ql 0x .
Additionally, the SSID may be cleared by setting it to
.Ql - .
.It Cm tdmaslot Ar slot
When operating with TDMA, use the specified
.Ar slot
configuration.
The
.Ar slot
is a number between 0 and the maximum number of slots in the BSS.
Note that a station configured as slot 0 is a master and
will broadcast beacon frames advertising the BSS;
stations configured to use other slots will always
scan to locate a master before they ever transmit.
By default
.Cm tdmaslot
is set to 1.
.It Cm tdmaslotcnt Ar cnt
When operating with TDMA, setup a BSS with
.Ar cnt
slots.
The slot count may be at most 8.
The current implementation is only tested with two stations
(i.e., point-to-point applications).
This setting is only meaningful when a station is configured as slot 0;
other stations adopt this setting from the BSS they join.
By default
.Cm tdmaslotcnt
is set to 2.
.It Cm tdmaslotlen Ar len
When operating with TDMA, setup a BSS such that each station has a slot
.Ar len
microseconds long.
The slot length must be at least 150 microseconds (1/8 TU)
and no more than 65 milliseconds.
Note that setting too small a slot length may result in poor channel
bandwidth utilization due to factors such as timer granularity and
guard time.
This setting is only meaningful when a station is configured as slot 0;
other stations adopt this setting from the BSS they join.
By default
.Cm tdmaslotlen
is set to 10 milliseconds.
.It Cm tdmabintval Ar intval
When operating with TDMA, setup a BSS such that beacons are transmitted every
.Ar intval
superframes to synchronize the TDMA slot timing.
A superframe is defined as the number of slots times the slot length; e.g.,
a BSS with two slots of 10 milliseconds has a 20 millisecond superframe.
The beacon interval may not be zero.
A lower setting of
.Cm tdmabintval
causes the timers to be resynchronized more often; this can be help if
significant timer drift is observed.
By default
.Cm tdmabintval
is set to 5.
.It Cm tsn
When operating as an access point with WPA/802.11i allow legacy
stations to associate using static key WEP and open authentication.
To disallow legacy station use of WEP, use
.Cm -tsn .
.It Cm txpower Ar power
Set the power used to transmit frames.
The
.Ar power
argument is specified in .5 dBm units.
Out of range values are truncated.
Typically only a few discreet power settings are available and
the driver will use the setting closest to the specified value.
Not all adapters support changing the transmit power.
.It Cm ucastrate Ar rate
Set a fixed rate for transmitting unicast frames.
Rates are specified as megabits/second in decimal;
e.g.\& 5.5 for 5.5 Mb/s.
This rate should be valid for the current operating conditions;
if an invalid rate is specified drivers are free to choose an
appropriate rate.
.It Cm wepmode Ar mode
Set the desired WEP mode.
Not all adapters support all modes.
The set of valid modes is
.Cm off , on ,
and
.Cm mixed .
The
.Cm mixed
mode explicitly tells the adapter to allow association with access
points which allow both encrypted and unencrypted traffic.
On these adapters,
.Cm on
means that the access point must only allow encrypted connections.
On other adapters,
.Cm on
is generally another name for
.Cm mixed .
Modes are case insensitive.
.It Cm weptxkey Ar index
Set the WEP key to be used for transmission.
This is the same as setting the default transmission key with
.Cm deftxkey .
.It Cm wepkey Ar key Ns | Ns Ar index : Ns Ar key
Set the selected WEP key.
If an
.Ar index
is not given, key 1 is set.
A WEP key will be either 5 or 13
characters (40 or 104 bits) depending on the local network and the
capabilities of the adapter.
It may be specified either as a plain
string or as a string of hexadecimal digits preceded by
.Ql 0x .
For maximum portability, hex keys are recommended;
the mapping of text keys to WEP encryption is usually driver-specific.
In particular, the
.Tn Windows
drivers do this mapping differently to
.Fx .
A key may be cleared by setting it to
.Ql - .
If WEP is supported then there are at least four keys.
Some adapters support more than four keys.
If that is the case, then the first four keys
(1-4) will be the standard temporary keys and any others will be adapter
specific keys such as permanent keys stored in NVRAM.
.Pp
Note that you must set a default transmit key with
.Cm deftxkey
for the system to know which key to use in encrypting outbound traffic.
.It Cm wme
Enable Wireless Multimedia Extensions (WME) support, if available,
for the specified interface.
WME is a subset of the IEEE 802.11e standard to support the
efficient communication of realtime and multimedia data.
To disable WME support, use
.Cm -wme .
Another name for this parameter is
.Cm wmm .
.Pp
The following parameters are meaningful only when WME support is in use.
Parameters are specified per-AC (Access Category) and
split into those that are used by a station when acting
as an access point and those for client stations in the BSS.
The latter are received from the access point and may not be changed
(at the station).
The following Access Categories are recognized:
.Pp
.Bl -tag -width ".Cm AC_BK" -compact
.It Cm AC_BE
(or
.Cm BE )
best effort delivery,
.It Cm AC_BK
(or
.Cm BK )
background traffic,
.It Cm AC_VI
(or
.Cm VI )
video traffic,
.It Cm AC_VO
(or
.Cm VO )
voice traffic.
.El
.Pp
AC parameters are case-insensitive.
Traffic classification is done in the operating system using the
vlan priority associated with data frames or the
ToS (Type of Service) indication in IP-encapsulated frames.
If neither information is present, traffic is assigned to the
Best Effort (BE) category.
.Bl -tag -width indent
.It Cm ack Ar ac
Set the ACK policy for QoS transmissions by the local station;
this controls whether or not data frames transmitted by a station
require an ACK response from the receiving station.
To disable waiting for an ACK, use
.Cm -ack .
This parameter is applied only to the local station.
.It Cm acm Ar ac
Enable the Admission Control Mandatory (ACM) mechanism
for transmissions by the local station.
To disable the ACM, use
.Cm -acm .
On stations in a BSS this parameter is read-only and indicates
the setting received from the access point.
NB: ACM is not supported right now.
.It Cm aifs Ar ac Ar count
Set the Arbitration Inter Frame Spacing (AIFS)
channel access parameter to use for transmissions
by the local station.
On stations in a BSS this parameter is read-only and indicates
the setting received from the access point.
.It Cm cwmin Ar ac Ar count
Set the CWmin channel access parameter to use for transmissions
by the local station.
On stations in a BSS this parameter is read-only and indicates
the setting received from the access point.
.It Cm cwmax Ar ac Ar count
Set the CWmax channel access parameter to use for transmissions
by the local station.
On stations in a BSS this parameter is read-only and indicates
the setting received from the access point.
.It Cm txoplimit Ar ac Ar limit
Set the Transmission Opportunity Limit channel access parameter
to use for transmissions by the local station.
This parameter defines an interval of time when a WME station
has the right to initiate transmissions onto the wireless medium.
On stations in a BSS this parameter is read-only and indicates
the setting received from the access point.
.It Cm bss:aifs Ar ac Ar count
Set the AIFS channel access parameter to send to stations in a BSS.
This parameter is meaningful only when operating in AP mode.
.It Cm bss:cwmin Ar ac Ar count
Set the CWmin channel access parameter to send to stations in a BSS.
This parameter is meaningful only when operating in AP mode.
.It Cm bss:cwmax Ar ac Ar count
Set the CWmax channel access parameter to send to stations in a BSS.
This parameter is meaningful only when operating in AP mode.
.It Cm bss:txoplimit Ar ac Ar limit
Set the TxOpLimit channel access parameter to send to stations in a BSS.
This parameter is meaningful only when operating in AP mode.
.El
.It Cm wps
Enable Wireless Privacy Subscriber support.
Note that WPS support requires a WPS-capable supplicant.
To disable this function, use
.Cm -wps .
.El
.\"
.Ss WLAN ACL Parameters
The following parameters support an optional access control list (ACL)
feature available with some adapters when operating in AP mode;
see
.Xr wlan_acl 4 .
This facility allows an access point to accept/deny association
requests based on the MAC address of the station.
Note that this feature does not significantly enhance security
as MAC address spoofing is easy to do.
.Bl -tag -width indent
.It Cm mac:add Ar address
Add the specified MAC address to the database.
Depending on the policy setting association requests from the
specified station will be allowed or denied.
.It Cm mac:allow
Set the ACL policy to permit association only by
stations registered in the database.
.It Cm mac:del Ar address
Delete the specified MAC address from the database.
.It Cm mac:deny
Set the ACL policy to deny association only by
stations registered in the database.
.It Cm mac:kick Ar address
Force the specified station to be deauthenticated.
This typically is done to block a station after updating the
address database.
.It Cm mac:open
Set the ACL policy to allow all stations to associate.
.It Cm mac:flush
Delete all entries in the database.
.It Cm mac:radius
Set the ACL policy to permit association only by
stations approved by a RADIUS server.
Note that this feature requires the
.Xr hostapd 8
program be configured to do the right thing
as it handles the RADIUS processing
(and marks stations as authorized).
.El
.\"
.Ss WLAN Mesh Mode Parameters
The following parameters are related to a wireless interface
operating in mesh mode:
.Bl -tag -width indent
.It Cm meshid Ar meshid
Set the desired Mesh Identifier.
The Mesh ID is a string up to 32 characters in length.
A mesh interface must have a Mesh Identifier specified
to reach an operational state.
.It Cm meshttl Ar ttl
Set the desired
.Dq time to live
for mesh forwarded packets; this is the number of hops a packet
may be forwarded before it is discarded.
The default setting for
.Cm meshttl
is 31.
.It Cm meshpeering
Enable or disable peering with neighbor mesh stations.
Stations must peer before any data packets can be exchanged.
By default
.Cm meshpeering
is enabled.
.It Cm meshforward
Enable or disable forwarding packets by a mesh interface.
By default
.Cm meshforward
is enabled.
.It Cm meshmetric Ar protocol
Set the specified
.Ar protocol
as the link metric protocol used on a mesh network.
The default protocol is called
.Ar AIRTIME .
The mesh interface will restart after changing this setting.
.It Cm meshpath Ar protocol
Set the specified
.Ar protocol
as the path selection protocol used on a mesh network.
The only available protocol at the moment is called
.Ar HWMP
(Hybrid Wireless Mesh Protocol).
The mesh interface will restart after changing this setting.
.It Cm hwmprootmode Ar mode
Stations on a mesh network can operate as
.Dq root nodes .
Root nodes try to find paths to all mesh nodes and advertise themselves
regularly.
When there is a root mesh node on a network, other mesh nodes can setup
paths between themselves faster because they can use the root node
to find the destination.
This path may not be the best, but on-demand
routing will eventually find the best path.
The following modes are recognized:
.Pp
.Bl -tag -width ".Cm PROACTIVE" -compact
.It Cm DISABLED
Disable root mode.
.It Cm NORMAL
Send broadcast path requests every two seconds.
Nodes on the mesh without a path to this root mesh station with try to
discover a path to us.
.It Cm PROACTIVE
Send broadcast path requests every two seconds and every node must reply
with a path reply even if it already has a path to this root mesh station,
.It Cm RANN
Send broadcast root announcement (RANN) frames.
Nodes on the mesh without a path to this root mesh station with try to
discover a path to us.
.El
.Pp
By default
.Cm hwmprootmode
is set to
.Ar DISABLED .
.It Cm hwmpmaxhops Ar cnt
Set the maximum number of hops allowed in an HMWP path to
.Ar cnt .
The default setting for
.Cm hwmpmaxhops
is 31.
.El
.\"
.Ss WLAN Compatibility Parameters
The following parameters are for compatibility with other systems:
.Bl -tag -width indent
.It Cm nwid Ar ssid
Another name for the
.Cm ssid
parameter.
Included for
.Nx
compatibility.
.It Cm stationname Ar name
Set the name of this station.
The station name is not part of the IEEE 802.11
protocol though some interfaces support it.
As such it only
seems to be meaningful to identical or virtually identical equipment.
Setting the station name is identical in syntax to setting the SSID.
One can also use
.Cm station
for
.Bsx
compatibility.
.It Cm wep
Another way of saying
.Cm wepmode on .
Included for
.Bsx
compatibility.
.It Cm -wep
Another way of saying
.Cm wepmode off .
Included for
.Bsx
compatibility.
.It Cm nwkey key
Another way of saying:
.Dq Li "wepmode on weptxkey 1 wepkey 1:key wepkey 2:- wepkey 3:- wepkey 4:-" .
Included for
.Nx
compatibility.
.It Cm nwkey Xo
.Sm off
.Ar n : k1 , k2 , k3 , k4
.Sm on
.Xc
Another way of saying:
.Dq Li "wepmode on weptxkey n wepkey 1:k1 wepkey 2:k2 wepkey 3:k3 wepkey 4:k4" .
Included for
.Nx
compatibility.
.It Cm -nwkey
Another way of saying
.Cm wepmode off .
Included for
.Nx
compatibility.
.El
.\"
.Ss Bridge Interface Parameters
The following parameters are specific to bridge interfaces:
.Bl -tag -width indent
.It Cm addm Ar interface
Add the interface named by
.Ar interface
as a member of the bridge.
The interface is put into promiscuous mode
so that it can receive every packet sent on the network.
.It Cm deletem Ar interface
Remove the interface named by
.Ar interface
from the bridge.
Promiscuous mode is disabled on the interface when
it is removed from the bridge.
.It Cm maxaddr Ar size
Set the size of the bridge address cache to
.Ar size .
The default is 100 entries.
.It Cm timeout Ar seconds
Set the timeout of address cache entries to
.Ar seconds
seconds.
If
.Ar seconds
is zero, then address cache entries will not be expired.
The default is 1200 seconds.
.It Cm addr
Display the addresses that have been learned by the bridge.
.It Cm static Ar interface-name Ar address
Add a static entry into the address cache pointing to
.Ar interface-name .
Static entries are never aged out of the cache or re-placed, even if the
address is seen on a different interface.
.It Cm deladdr Ar address
Delete
.Ar address
from the address cache.
.It Cm flush
Delete all dynamically-learned addresses from the address cache.
.It Cm flushall
Delete all addresses, including static addresses, from the address cache.
.It Cm discover Ar interface
Mark an interface as a
.Dq discovering
interface.
When the bridge has no address cache entry
(either dynamic or static)
for the destination address of a packet,
the bridge will forward the packet to all
member interfaces marked as
.Dq discovering .
This is the default for all interfaces added to a bridge.
.It Cm -discover Ar interface
Clear the
.Dq discovering
attribute on a member interface.
For packets without the
.Dq discovering
attribute, the only packets forwarded on the interface are broadcast
or multicast packets and packets for which the destination address
is known to be on the interface's segment.
.It Cm learn Ar interface
Mark an interface as a
.Dq learning
interface.
When a packet arrives on such an interface, the source
address of the packet is entered into the address cache as being a
destination address on the interface's segment.
This is the default for all interfaces added to a bridge.
.It Cm -learn Ar interface
Clear the
.Dq learning
attribute on a member interface.
.It Cm span Ar interface
Add the interface named by
.Ar interface
as a span port on the bridge.
Span ports transmit a copy of every frame received by the bridge.
This is most useful for snooping a bridged network passively on
another host connected to one of the span ports of the bridge.
.It Cm -span Ar interface
Delete the interface named by
.Ar interface
from the list of span ports of the bridge.
.It Cm stp Ar interface
Enable Spanning Tree protocol on
.Ar interface .
The
.Xr bridge 4
driver has support for the IEEE 802.1D Spanning Tree protocol (STP).
Spanning Tree is used to detect and remove loops in a network topology.
.It Cm -stp Ar interface
Disable Spanning Tree protocol on
.Ar interface .
This is the default for all interfaces added to a bridge.
.It Cm maxage Ar seconds
Set the time that a Spanning Tree protocol configuration is valid.
The default is 20 seconds.
The minimum is 1 second and the maximum is 255 seconds.
.It Cm fwddelay Ar seconds
Set the time that must pass before an interface begins forwarding
packets when Spanning Tree is enabled.
The default is 15 seconds.
The minimum is 1 second and the maximum is 255 seconds.
.It Cm hellotime Ar seconds
Set the time between broadcasting of Spanning Tree protocol
configuration messages.
The default is 2 seconds.
The minimum is 1 second and the maximum is 255 seconds.
.It Cm priority Ar value
Set the bridge priority for Spanning Tree.
The default is 32768.
The minimum is 0 and the maximum is 65536.
.It Cm ifpriority Ar interface Ar value
Set the Spanning Tree priority of
.Ar interface
to
.Ar value .
The default is 128.
The minimum is 0 and the maximum is 255.
.Pp
The priority is used to select which interface out of all
forwarding and bonded interfaces with the same MAC
to output a packet on.
The interface with the highest priority will be
selected.
When multiple interfaces are valid and share the same (highest) priority,
the
.Cm link2
flag on the bridge interface determines determines operation.
If not set, packets will only be output on one interface.
If set, packets will be round-robined on all valid interfaces sharing the
same priority by counting
.Cm ifbondweight
packets on each interface, then moving to the next.
Note that interfaces in the
.Dq blocking
or any other less-than-good state
does not participate in the priority selection.
If the priorities are the same on a non-bonded member, the
designated member will be used.
.It Cm ifpathcost Ar interface Ar value
Set the Spanning Tree path cost of
.Ar interface
to
.Ar value .
The default is 55.
The minimum is 0 and the maximum is 65535.
.Pp
The path cost is added to both incoming and outgoing packets on the
member, lower values will make the member more valuable.
.It Cm ifbondweight Ar interface Ar value
Set the number of packets to output on a bonded member before
round-robining to the next member.
The default is 1.
Larger values or different values for each member can be used
if bursting would be beneficial or if the outgoing bandwidth
on each of the members is asymmetric.
For example, one specify a value of 6 on tap0 and 4 on tap1
for a 6:4 ratio.
Remember that this also controls packet bursting.
.It Cm link0
This option enables transparent bridging mode.
The bridge will make every effort to retain the Ethernet header
when forwarding packets between interfaces, making the bridging
function work more like a hardware bridge device.
.It Cm link1
This option enables keepalive transmission and automatically
places a member into a special blocked mode if no keepalive reception
occurs.
If either sides of the link uses this option then both sides must use
this option.
This option is implemented by sending CFG updates on the hello interval
to the remote.
The link is considered lost after 10 intervals (typically 20 seconds).
.It Cm link2
This option enables channel bonding (see also
.Cm ifbondweight
and
.Cm ifpriority
parameters).
All member interfaces with the same MAC address are considered to
be in a bonding group.
If multiple interfaces in the bonding group share the highest priority via
.Cm ifpriority ,
packets will be round-robined between them.
When something like
.Xr tap 4
is used, you can manually control or copy the MAC to create bonding groups.
When interface bonding is enabled normally blocked interfaces belonging
to the same bonding group as an active forwarding interface will be
changed to the bonding state.
Both sides of link the member represents must operate in bonding mode
for this to work, otherwise the remote end may decide to throw away
half your packets.
.El
.\"
.Ss Generic IP Tunnel Parameters
The following parameters are specific to
.Xr gif 4
IP tunnel interfaces:
.Bl -tag -width indent
.It Cm tunnel Ar src_addr dest_addr
Configure the physical source and destination address for IP tunnel
interfaces.
The arguments
.Ar src_addr
and
.Ar dest_addr
are interpreted as the outer source/destination for the encapsulating
IPv4/IPv6 header.
.It Cm -tunnel
Unconfigure the physical source and destination address for IP tunnel
interfaces previously configured with
.Cm tunnel .
.It Cm deletetunnel
Another name for the
.Cm -tunnel
parameter.
.El
.\"
.Ss VLAN Parameters
The following parameters are specific to
.Xr vlan 4
interfaces:
.Bl -tag -width indent
.It Cm vlan Ar vlan_tag
Set the VLAN tag value to
.Ar vlan_tag .
This value is a 16-bit number which is used to create an 802.1Q
VLAN header for packets sent from the
.Xr vlan 4
interface.
Note that
.Cm vlan
and
.Cm vlandev
must both be set at the same time.
.It Cm vlandev Ar iface
Associate the physical interface
.Ar iface
with a
.Xr vlan 4
interface.
Packets transmitted through the
.Xr vlan 4
interface will be
diverted to the specified physical interface
.Ar iface
with 802.1Q VLAN encapsulation.
Packets with 802.1Q encapsulation received
by the parent interface with the correct VLAN tag will be diverted to
the associated
.Xr vlan 4
pseudo-interface.
The
.Xr vlan 4
interface is assigned a
copy of the parent interface's flags and the parent's Ethernet address.
The
.Cm vlandev
and
.Cm vlan
must both be set at the same time.
If the
.Xr vlan 4
interface already has
a physical interface associated with it, this command will fail.
To change the association to another physical interface,
the existing association must be cleared first.
.Pp
Note: if the hardware tagging capability
is set on the parent interface, the
.Xr vlan 4
pseudo
interface's behavior changes:
the
.Xr vlan 4
interface recognizes that the
parent interface supports insertion and extraction of VLAN tags on its
own (usually in firmware) and that it should pass packets to and from
the parent unaltered.
.It Cm -vlandev Op Ar iface
If the driver is a
.Xr vlan 4
pseudo device, disassociate the parent interface from it.
This breaks the link between the
.Xr vlan 4
interface and its parent, clears its VLAN tag,
flags and its link address and shuts the interface down.
The
.Ar iface
argument is useless and hence deprecated.
.El
.\"
.Ss CARP Parameters
The following parameters are specific to
.Xr carp 4
interfaces:
.Bl -tag -width indent
.It Cm advbase Ar seconds
Specifies the base of the advertisement interval in seconds.
The acceptable values are 1 to 255.
The default value is 1.
.\" The default value is
.\" .Dv CARP_DFLTINTV .
.It Cm advskew Ar interval
Specifies the skew to add to the base advertisement interval to
make one host advertise slower than another host.
It is specified in 1/256 of seconds.
The acceptable values are 1 to 254.
The default value is 0.
.It Cm pass Ar phrase
Set the authentication key to
.Ar phrase .
.It Cm vhid Ar n
Set the virtual host ID.
This is a required setting.
Acceptable values are 1 to 255.
.El
.\"
.Ss WireGuard Parameters
The following parameters are available to
.Xr wg 4
interfaces:
.Bl -tag -width indent
.\" TODO: uncomment this when ipfw/pf is ready ...
.\" .It Cm wgcookie Ar cookie
.\" Set a custom
.\" .Ar cookie ,
.\" which is an arbitrary 32-bit unsigned integer,
.\" for the interface's underlying socket.
.\" The cookie can then be used by
.\" .Xr ipfw 4
.\" or
.\" .Xr pf 4
.\" to manipulate the traffic of this interface.
.\" .It Cm -wgcookie
.\" Remove the custom cookie from the interface's underlying socket.
.It Cm wgkey Ar privatekey
Set the private key of the interface.
The
.Ar privatekey
is 32 bytes in base64 encoding.
It can be generated as follows:
.Pp
.Dl $ openssl rand -base64 32
.Pp
The corresponding public key will then be displayed
in the interface status for distribution to peers.
By default, the status output will exclude the private key,
unless the
.Fl k
flag is specified.
.It Cm wgpeer Ar publickey
Add or specify a peer by its
.Ar publickey ,
which is also 32 bytes in base64 encoding.
Repeat this parameter to specify multiple peers in a single command.
.It Cm -wgpeer Ar publickey
Remove the peer with the given
.Ar publickey .
.It Cm -wgpeerall
Remove all peers from the interface.
.It Cm wgport Ar port
Set the interface's UDP
.Ar port
for exchanging traffic with its peers.
The interface will bind to
.Dv INADDR_ANY
and
.Dv IN6ADDR_ANY_INIT .
By default, the interface will choose a port automatically.
.El
.Pp
Peer configuration parameters, which apply to the
.Cm wgpeer
parameter immediately preceding them,
are as follows:
.Bl -tag -width indent
.It Cm wgdescr Ns Oo Cm iption Oc Ar value
Specify a description for the peer.
This can be used to label peers in situations where they may
otherwise be difficult to distinguish.
.It Cm -wgdescr Ns Op Cm iption
Clear the peer description.
.It Cm wgaip Ar address/prefix
Set the peer's IPv4 or IPv6 address range (in CIDR notation)
allowed for its tunneled traffic.
Repeat this parameter to set multiple ranges.
By default, no address is allowed.
.It Cm wgendpoint Ar address port
Address traffic to the peer's IPv4 or IPv6
.Ar address
and UDP
.Ar port .
The interface will track the peer and update
.Cm wgendpoint
to the source of its last authenticated packet.
By default, the endpoint is unknown and so the peer cannot
be addressed until it initiates communication.
This implies that at least one peer in each pair must specify
.Cm wgendpoint .
.It Cm wgpka Ar interval
Set the
.Ar interval
of persistent keepalive packets in seconds.
They can be used to maintain connectivity to a peer otherwise blocked
to unsolicited traffic by an intermediate firewall or NAT device.
For this, an
.Ar interval
of 25 seconds should suffice.
By default, the persistent keepalive is disabled.
.It Cm -wgpka
Disable the persistent keepalive for this peer.
.It Cm wgpsk Ar presharedkey
Set a unique key pre-shared with the peer.
This strengthens the Diffie-Hellman exchange should in future
an attack on it become feasible.
The
.Ar presharedkey
is also 32 bytes in base64 encoding.
It is optional but recommended;
it can be generated in the same way as the
.Cm wgkey
private key.
.It Cm -wgpsk
Remove the pre-shared key for this peer.
.El
.\"
.Sh ENVIRONMENT
The following environment variables affect the execution of
.Nm :
.Bl -tag -width IFCONFIG_FORMAT
.It Ev IFCONFIG_FORMAT
This variable can contain a specification of the output format.
See the description of the
.Fl f
option for more details.
.El
.Sh DIAGNOSTICS
Messages indicating the specified interface does not exist, the
requested address is unknown, or the user is not privileged and
tried to alter an interface's configuration.
.Sh SEE ALSO
.Xr netstat 1 ,
.Xr carp 4 ,
.Xr ifmedia 4 ,
.Xr netintro 4 ,
.Xr polling 4 ,
.Xr vlan 4 ,
.Xr wg 4 ,
.Xr rc 8 ,
.Xr routed 8 ,
.Xr sysctl 8
.Sh HISTORY
The
.Nm
utility appeared in
.Bx 4.2 .
.Sh BUGS
Basic IPv6 node operation requires a link-local address on each
interface configured for IPv6.
Normally, such an address is automatically configured by the
kernel on each interface added to the system; this behavior may
be disabled by setting the sysctl MIB variable
.Va net.inet6.ip6.auto_linklocal
to 0.
.Pp
If you delete such an address using
.Nm ,
the kernel may act very odd.
Do this at your own risk.