https-github-com-bit
diff --git a/‎man/nss-myhostname.xml‎
Lines changed: 7 additions & 0 deletions b/‎man/nss-myhostname.xml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎man/resolvectl.xml‎
Lines changed: 5 additions & 5 deletions b/‎man/resolvectl.xml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎man/systemd-resolved.service.xml‎
Lines changed: 7 additions & 0 deletions b/‎man/systemd-resolved.service.xml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎src/basic/hostname-util.h‎
Lines changed: 5 additions & 0 deletions b/‎src/basic/hostname-util.h‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/nss-myhostname/nss-myhostname.c‎
Lines changed: 17 additions & 2 deletions b/‎src/nss-myhostname/nss-myhostname.c‎
Lines changed: 17 additions & 2 deletions
diff --git a/‎src/resolve/resolved-dns-scope.c‎
Lines changed: 3 additions & 2 deletions b/‎src/resolve/resolved-dns-scope.c‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎src/resolve/resolved-dns-synthesize.c‎
Lines changed: 25 additions & 5 deletions b/‎src/resolve/resolved-dns-synthesize.c‎
Lines changed: 25 additions & 5 deletions
@@ -51,6 +51,13 @@
       ordered by their metric. This assigns a stable hostname to the
       current gateway, useful for referencing it independently of the
       current network configuration state.</para></listitem>
+
+      <listitem><para>The hostname <literal>_outbound</literal> is resolved to the local IPv4 and IPv6
+      addresses that are most likely used for communication with other hosts. This is determined by
+      requesting a routing decision to the configured default gateways from the kernel and then using the
+      local IP addresses selected by this decision. This hostname is only available if there is at least one
+      local default gateway configured. This assigns a stable hostname to the local outbound IP addresses,
+      useful for referencing them independently of the current network configuration state.</para></listitem>
     </itemizedlist>
 
     <para>Various software relies on an always-resolvable local
 
@@ -299,11 +299,11 @@
 
         <listitem><para>Takes a boolean parameter; used in conjunction with <command>query</command>. If true
         (the default), select domains are resolved on the local system, among them
-        <literal>localhost</literal> and <literal>_gateway</literal> or entries from
-        <filename>/etc/hosts</filename>. If false these domains are not resolved locally, and either fail (in
-        case of <literal>localhost</literal> or <literal>_gateway</literal> and suchlike) or go to the
-        network via regular DNS/mDNS/LLMNR lookups (in case of <filename>/etc/hosts</filename>
-        entries).</para></listitem>
+        <literal>localhost</literal>, <literal>_gateway</literal> and <literal>_outbound</literal>, or
+        entries from <filename>/etc/hosts</filename>. If false these domains are not resolved locally, and
+        either fail (in case of <literal>localhost</literal>, <literal>_gateway</literal> or
+        <literal>_outbound</literal> and suchlike) or go to the network via regular DNS/mDNS/LLMNR lookups
+        (in case of <filename>/etc/hosts</filename> entries).</para></listitem>
       </varlistentry>
 
       <varlistentry>
 
@@ -104,6 +104,13 @@
       gateway addresses, ordered by their metric. This assigns a stable hostname to the current gateway,
       useful for referencing it independently of the current network configuration state.</para></listitem>
 
+      <listitem><para>The hostname <literal>_outbound</literal> is resolved to the local IPv4 and IPv6
+      addresses that are most likely used for communication with other hosts. This is determined by
+      requesting a routing decision to the configured default gateways from the kernel and then using the
+      local IP addresses selected by this decision. This hostname is only available if there is at least one
+      local default gateway configured. This assigns a stable hostname to the local outbound IP addresses,
+      useful for referencing them independently of the current network configuration state.</para></listitem>
+
       <listitem><para>The mappings defined in <filename>/etc/hosts</filename> are resolved to their
       configured addresses and back, but they will not affect lookups for non-address types (like MX).
       Support for <filename>/etc/hosts</filename> may be disabled with <varname>ReadEtcHosts=no</varname>,
 
@@ -28,3 +28,8 @@ static inline bool is_gateway_hostname(const char *hostname) {
         /* This tries to identify the valid syntaxes for the our synthetic "gateway" host. */
         return STRCASE_IN_SET(hostname, "_gateway", "_gateway.");
 }
+
+static inline bool is_outbound_hostname(const char *hostname) {
+        /* This tries to identify the valid syntaxes for the our synthetic "outbound" host. */
+        return STRCASE_IN_SET(hostname, "_outbound", "_outbound.");
+}
@@ -54,8 +54,7 @@ enum nss_status _nss_myhostname_gethostbyname4_r(
         assert(h_errnop);
 
         if (is_localhost(name)) {
-                /* We respond to 'localhost', so that /etc/hosts
-                 * is optional */
+                /* We respond to 'localhost', so that /etc/hosts is optional */
 
                 canonical = "localhost";
                 local_address_ipv4 = htobe32(INADDR_LOOPBACK);
@@ -68,6 +67,14 @@ enum nss_status _nss_myhostname_gethostbyname4_r(
 
                 canonical = "_gateway";
 
+        } else if (is_outbound_hostname(name)) {
+
+                n_addresses = local_outbounds(NULL, 0, AF_UNSPEC, &addresses);
+                if (n_addresses <= 0)
+                        goto not_found;
+
+                canonical = "_outbound";
+
         } else {
                 hn = gethostname_malloc();
                 if (!hn) {
@@ -343,6 +350,14 @@ enum nss_status _nss_myhostname_gethostbyname3_r(
 
                 canonical = "_gateway";
 
+        } else if (is_outbound_hostname(name)) {
+
+                n_addresses = local_outbounds(NULL, 0, af, &addresses);
+                if (n_addresses <= 0)
+                        goto not_found;
+
+                canonical = "_outbound";
+
         } else {
                 hn = gethostname_malloc();
                 if (!hn) {
 
@@ -630,8 +630,8 @@ DnsScopeMatch dns_scope_good_domain(
         if (dns_name_endswith(domain, "invalid") > 0)
                 return DNS_SCOPE_NO;
 
-        /* Never go to network for the _gateway domain, it's something special, synthesized locally. */
-        if (is_gateway_hostname(domain))
+        /* Never go to network for the _gateway or _outbound domain — they're something special, synthesized locally. */
+        if (is_gateway_hostname(domain) || is_outbound_hostname(domain))
                 return DNS_SCOPE_NO;
 
         switch (s->protocol) {
@@ -739,6 +739,7 @@ DnsScopeMatch dns_scope_good_domain(
 
                 if ((dns_name_is_single_label(domain) && /* only resolve single label names via LLMNR */
                      !is_gateway_hostname(domain) && /* don't resolve "_gateway" with LLMNR, let local synthesizing logic handle that */
+                     !is_outbound_hostname(domain) && /* similar for "_outbound" */
                      dns_name_equal(domain, "local") == 0 && /* don't resolve "local" with LLMNR, it's the top-level domain of mDNS after all, see above */
                      manager_is_own_hostname(s->manager, domain) <= 0))  /* never resolve the local hostname via LLMNR */
                         return DNS_SCOPE_YES_BASE + 1; /* Return +1, as we consider ourselves authoritative
 
@@ -311,27 +311,33 @@ static int synthesize_system_hostname_ptr(Manager *m, int af, const union in_add
         return added;
 }
 
-static int synthesize_gateway_rr(Manager *m, const DnsResourceKey *key, int ifindex, DnsAnswer **answer) {
+static int synthesize_gateway_rr(
+                Manager *m,
+                const DnsResourceKey *key,
+                int ifindex,
+                int (*lookup)(sd_netlink *context, int ifindex, int af, struct local_address **ret), /* either local_gateways() or local_outbound() */
+                DnsAnswer **answer) {
         _cleanup_free_ struct local_address *addresses = NULL;
         int n = 0, af, r;
 
         assert(m);
         assert(key);
+        assert(lookup);
         assert(answer);
 
         af = dns_type_to_af(key->type);
         if (af >= 0) {
-                n = local_gateways(m->rtnl, ifindex, af, &addresses);
+                n = lookup(m->rtnl, ifindex, af, &addresses);
                 if (n < 0) /* < 0 means: error */
                         return n;
 
                 if (n == 0) { /* == 0 means we have no gateway */
                         /* See if there's a gateway on the other protocol */
                         if (af == AF_INET)
-                                n = local_gateways(m->rtnl, ifindex, AF_INET6, NULL);
+                                n = lookup(m->rtnl, ifindex, AF_INET6, NULL);
                         else {
                                 assert(af == AF_INET6);
-                                n = local_gateways(m->rtnl, ifindex, AF_INET, NULL);
+                                n = lookup(m->rtnl, ifindex, AF_INET, NULL);
                         }
                         if (n <= 0) /* error (if < 0) or really no gateway at all (if == 0) */
                                 return n;
@@ -402,14 +408,24 @@ int dns_synthesize_answer(
 
                 } else if (is_gateway_hostname(name)) {
 
-                        r = synthesize_gateway_rr(m, key, ifindex, &answer);
+                        r = synthesize_gateway_rr(m, key, ifindex, local_gateways, &answer);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to synthesize gateway RRs: %m");
                         if (r == 0) { /* if we have no gateway return NXDOMAIN */
                                 nxdomain = true;
                                 continue;
                         }
 
+                } else if (is_outbound_hostname(name)) {
+
+                        r = synthesize_gateway_rr(m, key, ifindex, local_outbounds, &answer);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to synthesize outbound RRs: %m");
+                        if (r == 0) { /* if we have no gateway return NXDOMAIN */
+                                nxdomain = true;
+                                continue;
+                        }
+
                 } else if ((dns_name_endswith(name, "127.in-addr.arpa") > 0 && dns_name_equal(name, "2.0.0.127.in-addr.arpa") == 0) ||
                            dns_name_equal(name, "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0) {
 
@@ -431,6 +447,10 @@ int dns_synthesize_answer(
                         if (v == 0 && w == 0) /* This IP address is neither a local one nor a gateway */
                                 continue;
 
+                        /* Note that we never synthesize reverse PTR for _outbound, since those are local
+                         * addresses and thus mapped to the local hostname anyway, hence they already have a
+                         * mapping. */
+
                 } else
                         continue;
Original file line number	Diff line number	Diff line change
`@@ -28,3 +28,8 @@ static inline bool is_gateway_hostname(const char *hostname) {`
`28`	`28`	`/* This tries to identify the valid syntaxes for the our synthetic "gateway" host. */`
`29`	`29`	`return STRCASE_IN_SET(hostname, "_gateway", "_gateway.");`
`30`	`30`	`}`
	`31`	`+`
	`32`	`+static inline bool is_outbound_hostname(const char *hostname) {`
	`33`	`+ /* This tries to identify the valid syntaxes for the our synthetic "outbound" host. */`
	`34`	`+ return STRCASE_IN_SET(hostname, "_outbound", "_outbound.");`
	`35`	`+}`