Merge pull request #34114 from yuwata/resolvconf-p

resolve: support 'resolvconf -p'

NEWS

@@ -51,6 +51,11 @@ CHANGES WITH 257 in spe:
           filesystem. `$SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=0` can be used to override
           this behavior.
 
+        systemd-resolved:
+
+        * 'resolvconf' command now supports '-p' switch. If specified, the
+          interface will not be used as the default route.
+
         — <place>, <date>
 
 CHANGES WITH 256:

man/resolvectl.xml

@@ -570,10 +570,19 @@
       </varlistentry>
 
       <varlistentry>
-        <term><option>-m</option></term>
         <term><option>-p</option></term>
 
-        <listitem><para>These switches are not supported and are silently ignored.</para>
+        <listitem><para>When specified, the interface will not be used as the default route. See also
+        <citerefentry><refentrytitle>systemd-resolved.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        about the default route.</para>
+
+        <xi:include href="version-info.xml" xpointer="v257"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><option>-m</option></term>
+
+        <listitem><para>The switch is not supported and is silently ignored.</para>
 
         <xi:include href="version-info.xml" xpointer="v239"/></listitem>
       </varlistentry>

src/resolve/resolvconf-compat.c

@@ -34,13 +34,14 @@ static int resolvconf_help(void) {
                "     --version  Show package version\n"
                "  -a            Register per-interface DNS server and domain data\n"
                "  -d            Unregister per-interface DNS server and domain data\n"
+               "  -p            Do not use this interface as default route\n"
                "  -f            Ignore if specified interface does not exist\n"
                "  -x            Send DNS traffic preferably over this interface\n"
                "\n"
                "This is a compatibility alias for the resolvectl(1) tool, providing native\n"
                "command line compatibility with the resolvconf(8) tool of various Linux\n"
                "distributions and BSD systems. Some options supported by other implementations\n"
-               "are not supported and are ignored: -m, -p, -u. Various options supported by other\n"
+               "are not supported and are ignored: -m, -u. Various options supported by other\n"
                "implementations are not supported and will cause the invocation to fail:\n"
                "-I, -i, -l, -R, -r, -v, -V, --enable-updates, --disable-updates,\n"
                "--updates-are-enabled.\n"
@@ -119,7 +120,7 @@ int resolvconf_parse_argv(int argc, char *argv[]) {
 
         enum {
                 TYPE_REGULAR,
-                TYPE_PRIVATE,   /* -p: Not supported, treated identically to TYPE_REGULAR */
+                TYPE_PRIVATE,
                 TYPE_EXCLUSIVE, /* -x */
         } type = TYPE_REGULAR;
 
@@ -132,7 +133,7 @@ int resolvconf_parse_argv(int argc, char *argv[]) {
         if (getenv("IF_EXCLUSIVE"))
                 type = TYPE_EXCLUSIVE;
         if (getenv("IF_PRIVATE"))
-                type = TYPE_PRIVATE; /* not actually supported */
+                type = TYPE_PRIVATE;
 
         arg_mode = _MODE_INVALID;
 
@@ -160,7 +161,7 @@ int resolvconf_parse_argv(int argc, char *argv[]) {
                         break;
 
                 case 'p':
-                        type = TYPE_PRIVATE; /* not actually supported */
+                        type = TYPE_PRIVATE;
                         break;
 
                 case 'f':
@@ -256,21 +257,37 @@ int resolvconf_parse_argv(int argc, char *argv[]) {
                         log_syntax(NULL, LOG_DEBUG, "stdin", n, 0, "Ignoring resolv.conf line: %s", line);
                 }
 
-                if (type == TYPE_EXCLUSIVE) {
+                switch (type) {
+                case TYPE_REGULAR:
+                        break;
 
+                case TYPE_PRIVATE:
+                        arg_disable_default_route = true;
+                        break;
+
+                case TYPE_EXCLUSIVE:
                         /* If -x mode is selected, let's preferably route non-suffixed lookups to this interface. This
                          * somewhat matches the original -x behaviour */
 
                         r = strv_extend(&arg_set_domain, "~.");
                         if (r < 0)
                                 return log_oom();
+                        break;
 
-                } else if (type == TYPE_PRIVATE)
-                        log_debug("Private DNS server data not supported, ignoring.");
+                default:
+                        assert_not_reached();
+                }
 
-                if (!arg_set_dns)
+                if (strv_isempty(arg_set_dns))
                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                                "No DNS servers specified, refusing operation.");
+
+                if (strv_isempty(arg_set_domain)) {
+                        /* When no domain/search is set, clear the current domains. */
+                        r = strv_extend(&arg_set_domain, "");
+                        if (r < 0)
+                                return log_oom();
+                }
         }
 
         return 1; /* work to do */

src/resolve/resolvectl.c

@@ -71,10 +71,11 @@ typedef enum RawType {
 } RawType;
 static RawType arg_raw = RAW_NONE;
 
+/* Used by compat interfaces: systemd-resolve and resolvconf. */
 ExecutionMode arg_mode = MODE_RESOLVE_HOST;
-
 char **arg_set_dns = NULL;
 char **arg_set_domain = NULL;
+bool arg_disable_default_route = false;
 static const char *arg_set_llmnr = NULL;
 static const char *arg_set_mdns = NULL;
 static const char *arg_set_dns_over_tls = NULL;
@@ -3520,7 +3521,7 @@ static int compat_parse_argv(int argc, char *argv[]) {
                 ARG_SET_DOMAIN,
                 ARG_SET_LLMNR,
                 ARG_SET_MDNS,
-                ARG_SET_PRIVATE,
+                ARG_SET_DNS_OVER_TLS,
                 ARG_SET_DNSSEC,
                 ARG_SET_NTA,
                 ARG_REVERT_LINK,
@@ -3552,7 +3553,7 @@ static int compat_parse_argv(int argc, char *argv[]) {
                 { "set-domain",            required_argument, NULL, ARG_SET_DOMAIN            },
                 { "set-llmnr",             required_argument, NULL, ARG_SET_LLMNR             },
                 { "set-mdns",              required_argument, NULL, ARG_SET_MDNS              },
-                { "set-dnsovertls",        required_argument, NULL, ARG_SET_PRIVATE           },
+                { "set-dnsovertls",        required_argument, NULL, ARG_SET_DNS_OVER_TLS      },
                 { "set-dnssec",            required_argument, NULL, ARG_SET_DNSSEC            },
                 { "set-nta",               required_argument, NULL, ARG_SET_NTA               },
                 { "revert",                no_argument,       NULL, ARG_REVERT_LINK           },
@@ -3760,7 +3761,7 @@ static int compat_parse_argv(int argc, char *argv[]) {
                         arg_mode = MODE_SET_LINK;
                         break;
 
-                case ARG_SET_PRIVATE:
+                case ARG_SET_DNS_OVER_TLS:
                         arg_set_dns_over_tls = optarg;
                         arg_mode = MODE_SET_LINK;
                         break;
@@ -4178,6 +4179,12 @@ static int compat_main(int argc, char *argv[]) {
         case MODE_SET_LINK:
                 assert(arg_ifname);
 
+                if (arg_disable_default_route) {
+                        r = translate("default-route", arg_ifname, 1, STRV_MAKE("no"));
+                        if (r < 0)
+                                return r;
+                }
+
                 if (arg_set_dns) {
                         r = translate("dns", arg_ifname, strv_length(arg_set_dns), arg_set_dns);
                         if (r < 0)

src/resolve/resolvectl.h

@@ -24,6 +24,7 @@ typedef enum ExecutionMode {
 extern ExecutionMode arg_mode;
 extern char **arg_set_dns;
 extern char **arg_set_domain;
+extern bool arg_disable_default_route;
 extern bool arg_ifindex_permissive;
 
 int ifname_mangle_full(const char *s, bool drop_protocol_specifier);

test/units/TEST-75-RESOLVED.sh

@@ -243,6 +243,8 @@ manual_testcase_01_resolvectl() {
         RESOLVCONF="$TMPDIR"/resolvconf
         ln -s "$(command -v resolvectl 2>/dev/null)" "$RESOLVCONF"
     fi
+
+    # DNS servers
     echo nameserver 10.0.2.1 10.0.2.2 | "$RESOLVCONF" -a hoge
     echo nameserver 10.0.2.3 10.0.2.4 | "$RESOLVCONF" -a hoge.foo
     assert_in '10.0.2.1 10.0.2.2' "$(resolvectl dns hoge)"
@@ -252,6 +254,44 @@ manual_testcase_01_resolvectl() {
     assert_in '10.0.3.1 10.0.3.2' "$(resolvectl dns hoge)"
     assert_in '10.0.3.3 10.0.3.4' "$(resolvectl dns hoge.foo)"
 
+    # domain
+    # without domain/search clears existing domain
+    resolvectl domain hoge test-domain.example.com
+    assert_in 'test-domain.example.com' "$(resolvectl domain hoge)"
+    echo nameserver 10.0.2.1 10.0.2.2 | "$RESOLVCONF" -a hoge
+    assert_not_in 'test-domain.example.com' "$(resolvectl domain hoge)"
+    # cannot set domain without DNS servers
+    (! echo domain test-domain.example.com | "$RESOLVCONF" -a hoge)
+    # can set domain with DNS server(s)
+    echo -e "nameserver 10.0.2.1 10.0.2.2\ndomain test-domain1.example.com test-domain2.example.com\nsearch test-search-domain.example.com" | "$RESOLVCONF" -a hoge
+    assert_in 'test-domain1.example.com' "$(resolvectl domain hoge)"
+    assert_in 'test-domain2.example.com' "$(resolvectl domain hoge)"
+    assert_in 'test-search-domain.example.com' "$(resolvectl domain hoge)"
+
+    # Tests for 'resolvconf -x'
+    echo nameserver 10.0.2.1 | "$RESOLVCONF" -x -a hoge
+    assert_in '~.' "$(resolvectl domain hoge)"
+    resolvectl domain hoge "hoge.example.com"
+    assert_in 'hoge.example.com' "$(resolvectl domain hoge)"
+    assert_not_in '~.' "$(resolvectl domain hoge)"
+    echo -e "nameserver 10.0.2.1\ndomain test-domain.example.com" | "$RESOLVCONF" -x -a hoge
+    assert_in 'test-domain.example.com' "$(resolvectl domain hoge)"
+    assert_in '~.' "$(resolvectl domain hoge)"
+
+    # Tests for 'resolvconf -p'
+    resolvectl default-route hoge yes
+    assert_in 'yes' "$(resolvectl default-route hoge)"
+    echo nameserver 10.0.3.3 10.0.3.4 | "$RESOLVCONF" -p -a hoge
+    assert_in 'no' "$(resolvectl default-route hoge)"
+
+    # Tests for 'resolvconf -d'
+    resolvectl dns hoge 10.0.3.1 10.0.3.2
+    resolvectl domain hoge test-domain.example.com
+    "$RESOLVCONF" -d hoge
+    assert_not_in '10.0.3.1' "$(resolvectl dns hoge)"
+    assert_not_in '10.0.3.2' "$(resolvectl dns hoge)"
+    assert_not_in 'test-domain.example.com' "$(resolvectl domain hoge)"
+
     # Tests for _localdnsstub and _localdnsproxy
     assert_in '127.0.0.53' "$(resolvectl query _localdnsstub)"
     assert_in '_localdnsstub' "$(resolvectl query 127.0.0.53)"