resolve: Avoid dots in protocol part of interface names when using resolvconf

Newer releases of systemd contain a change that removes not the part
after the first dot but the part after the last when determining the
interface name (apparently some interface names actually contain a dot).

This changes the default prefix to only contain one dot and avoids the
dots added by IPv4 addresses to create a unique interface/protocol for
each DNS server (it also replaces the `:` in IPv6 addresses with
something that might cause less conflicts).

References strongswan/strongswan#1353

diff --git a/conf/plugins/resolve.opt b/conf/plugins/resolve.opt
index 089576102f25a62b7e91eb5b378e4fa598904dbb..39931e4be36828c716113beb60a4a05d5d0ce826 100644 (file)
--- a/conf/plugins/resolve.opt
+++ b/conf/plugins/resolve.opt
@@ -1,7 +1,7 @@
 charon.plugins.resolve.file = /etc/resolv.conf
        File where to add DNS server entries if not using resolvconf(8).
 
-charon.plugins.resolve.resolvconf.iface_prefix = lo.inet.ipsec.
+charon.plugins.resolve.resolvconf.iface_prefix = lo.ipsec
        Prefix used for interface names sent to resolvconf(8).
 
        Prefix used for interface names sent to **resolvconf**(8). The nameserver

diff --git a/src/libcharon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c
index 391d0b276b03e0015df0d571389f6cafa928d8c3..e666727d20f4bcbc4199ecb59a296a6fb113e213 100644 (file)
--- a/src/libcharon/plugins/resolve/resolve_handler.c
+++ b/src/libcharon/plugins/resolve/resolve_handler.c
@@ -30,7 +30,7 @@
 #define RESOLVCONF_EXEC "/sbin/resolvconf"
 
 /* default prefix used for resolvconf interfaces (should have high prio) */
-#define RESOLVCONF_PREFIX "lo.inet.ipsec."
+#define RESOLVCONF_PREFIX "lo.ipsec"
 
 typedef struct private_resolve_handler_t private_resolve_handler_t;
 
@@ -191,13 +191,20 @@ static bool invoke_resolvconf(private_resolve_handler_t *this, host_t *addr,
 {
        process_t *process;
        FILE *shell;
+       char buf[BUF_LEN];
        int in, out, retval;
 
+       if (snprintf(buf, sizeof(buf), "%H", addr) >= sizeof(buf))
+       {
+               return FALSE;
+       }
+       translate(buf, ".:", "__");
+
        /* we use the nameserver's IP address as part of the interface name to
         * make them unique */
        process = process_start_shell(NULL, install ? &in : NULL, &out, NULL,
-                                                       "2>&1 %s %s %s%H", this->resolvconf,
-                                                       install ? "-a" : "-d", this->iface_prefix, addr);
+                                                       "2>&1 %s %s %s%s", this->resolvconf,
+                                                       install ? "-a" : "-d", this->iface_prefix, buf);
 
        if (!process)
        {