From: Tobias Brunner Date: Wed, 19 Oct 2022 13:55:04 +0000 (+0200) Subject: resolve: Avoid dots in protocol part of interface names when using resolvconf X-Git-Tag: 5.9.9rc1~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd6014a97bbeb7d196ed4e428817f258a088b00f;p=thirdparty%2Fstrongswan.git resolve: Avoid dots in protocol part of interface names when using resolvconf Newer releases of systemd contain a change that removes not the part after the first dot but the part after the last when determining the interface name (apparently some interface names actually contain a dot). This changes the default prefix to only contain one dot and avoids the dots added by IPv4 addresses to create a unique interface/protocol for each DNS server (it also replaces the `:` in IPv6 addresses with something that might cause less conflicts). References strongswan/strongswan#1353 --- diff --git a/conf/plugins/resolve.opt b/conf/plugins/resolve.opt index 089576102f..39931e4be3 100644 --- a/conf/plugins/resolve.opt +++ b/conf/plugins/resolve.opt @@ -1,7 +1,7 @@ charon.plugins.resolve.file = /etc/resolv.conf File where to add DNS server entries if not using resolvconf(8). -charon.plugins.resolve.resolvconf.iface_prefix = lo.inet.ipsec. +charon.plugins.resolve.resolvconf.iface_prefix = lo.ipsec Prefix used for interface names sent to resolvconf(8). Prefix used for interface names sent to **resolvconf**(8). The nameserver diff --git a/src/libcharon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c index 391d0b276b..e666727d20 100644 --- a/src/libcharon/plugins/resolve/resolve_handler.c +++ b/src/libcharon/plugins/resolve/resolve_handler.c @@ -30,7 +30,7 @@ #define RESOLVCONF_EXEC "/sbin/resolvconf" /* default prefix used for resolvconf interfaces (should have high prio) */ -#define RESOLVCONF_PREFIX "lo.inet.ipsec." +#define RESOLVCONF_PREFIX "lo.ipsec" typedef struct private_resolve_handler_t private_resolve_handler_t; @@ -191,13 +191,20 @@ static bool invoke_resolvconf(private_resolve_handler_t *this, host_t *addr, { process_t *process; FILE *shell; + char buf[BUF_LEN]; int in, out, retval; + if (snprintf(buf, sizeof(buf), "%H", addr) >= sizeof(buf)) + { + return FALSE; + } + translate(buf, ".:", "__"); + /* we use the nameserver's IP address as part of the interface name to * make them unique */ process = process_start_shell(NULL, install ? &in : NULL, &out, NULL, - "2>&1 %s %s %s%H", this->resolvconf, - install ? "-a" : "-d", this->iface_prefix, addr); + "2>&1 %s %s %s%s", this->resolvconf, + install ? "-a" : "-d", this->iface_prefix, buf); if (!process) {