diff options
| author | Tobias Heider <tobhe@cvs.openbsd.org> | 2021-09-01 15:30:07 +0000 |
|---|---|---|
| committer | Tobias Heider <tobhe@cvs.openbsd.org> | 2021-09-01 15:30:07 +0000 |
| commit | 6f1cf91bc43eb666cda40d8b10a29ad5593b6420 (patch) | |
| tree | 1cf3abef881111744388754718ef067264c98dfb /sbin/iked/policy.c | |
| parent | 1c09d776bff82d707544477525b40f900a258c6d (diff) | |
Add client side support for DNS configuration. Use RTM_PROPOSAL_STATIC
route messages to propose the name server to resolvd(8).
For now, iked will only propose a single name server from the first
established connection.
Automatic name server configuration is enabled by default for policies using
the 'iface' option.
discussed with deraadt@
ok for the DNS parts florian@
ok for the rest patrick@
Diffstat (limited to 'sbin/iked/policy.c')
| -rw-r--r-- | sbin/iked/policy.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c index 57077c46461..51763014923 100644 --- a/sbin/iked/policy.c +++ b/sbin/iked/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.82 2021/06/23 12:11:40 tobhe Exp $ */ +/* $OpenBSD: policy.c,v 1.83 2021/09/01 15:30:06 tobhe Exp $ */ /* * Copyright (c) 2020-2021 Tobias Heider <tobhe@openbsd.org> @@ -680,6 +680,13 @@ sa_configure_iface(struct iked *env, struct iked_sa *sa, int add) if (sa->sa_policy == NULL || sa->sa_policy->pol_iface == 0) return (0); + if (sa->sa_cp_dns) { + if (vroute_setdns(env, add, + (struct sockaddr *)&sa->sa_cp_dns->addr, + sa->sa_policy->pol_iface) != 0) + return (-1); + } + if (!sa->sa_cp_addr && !sa->sa_cp_addr6) return (0); |