diff options
| -rw-r--r-- | man/strongswan.conf.5.in | 6 | ||||
| -rw-r--r-- | src/libhydra/plugins/resolve/resolve_handler.c | 12 |
2 files changed, 16 insertions, 2 deletions
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in index 12528565c..75398919f 100644 --- a/man/strongswan.conf.5.in +++ b/man/strongswan.conf.5.in @@ -470,6 +470,12 @@ Section to configure the load-tester plugin, see LOAD TESTS .BR charon.plugins.resolve.file " [/etc/resolv.conf]" File where to add DNS server entries .TP +.BR charon.plugins.resolve.resolvconf.iface_prefix " [lo.inet.ipsec.]" +Prefix used for interface names sent to resolvconf(8). The nameserver address +is appended to this prefix to make it unique. The result has to be a valid +interface name according to the rules defined by resolvconf. Also, it should +have a high priority according to the order defined in interface-order(5). +.TP .BR charon.plugins.sql.database Database URI for charons SQL plugin .TP diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c index 18e46f196..011ebbaaf 100644 --- a/src/libhydra/plugins/resolve/resolve_handler.c +++ b/src/libhydra/plugins/resolve/resolve_handler.c @@ -27,7 +27,7 @@ /* path to resolvconf executable */ #define RESOLVCONF_EXEC "/sbin/resolvconf" -/* prefix used for resolvconf interfaces */ +/* default prefix used for resolvconf interfaces (should have high prio) */ #define RESOLVCONF_PREFIX "lo.inet.ipsec." typedef struct private_resolve_handler_t private_resolve_handler_t; @@ -53,6 +53,11 @@ struct private_resolve_handler_t { bool use_resolvconf; /** + * prefix to be used for interface names sent to resolvconf + */ + char *iface_prefix; + + /** * Mutex to access file exclusively */ mutex_t *mutex; @@ -149,7 +154,7 @@ static bool invoke_resolvconf(private_resolve_handler_t *this, /* we use the nameserver's IP address as part of the interface name to * make them unique */ if (snprintf(cmd, sizeof(cmd), "%s %s %s%H", RESOLVCONF_EXEC, - install ? "-a" : "-d", RESOLVCONF_PREFIX, addr) >= sizeof(cmd)) + install ? "-a" : "-d", this->iface_prefix, addr) >= sizeof(cmd)) { return FALSE; } @@ -336,6 +341,9 @@ resolve_handler_t *resolve_handler_create() if (stat(RESOLVCONF_EXEC, &st) == 0) { this->use_resolvconf = TRUE; + this->iface_prefix = lib->settings->get_str(lib->settings, + "%s.plugins.resolve.resolvconf.iface_prefix", + RESOLVCONF_PREFIX, hydra->daemon); } return &this->public; |