radvd: allow disabling DNSSL per interface

2026-05-28 04:34:51 -04:00 · 2026-05-10 12:47:32 +02:00 · 2026-05-10 12:47:32 +02:00 · 8bf3b729ea
commit 8bf3b729ea
parent 9b93f84c24
4 changed files with 32 additions and 7 deletions
--- a/src/etc/inc/plugins.inc.d/radvd.inc
+++ b/src/etc/inc/plugins.inc.d/radvd.inc
@ -340,7 +340,9 @@ function radvd_configure_do($verbose = false, $ignorelist = [])
                $rdnss[] = $server;
            }

-            if (count($searchlist_tmp)) {
+            if (count($searchlist_tmp) == 1 && $searchlist_tmp[0] == '.') {
+                /* explicitly disabled */
+            } elseif (count($searchlist_tmp)) {
                $dnssl = $searchlist_tmp;
            } elseif (!empty($config['system']['domain'])) {
                $dnssl = [$config['system']['domain']];
--- a/src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms/dialogEntry.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Radvd/forms/dialogEntry.xml
@ -192,7 +192,7 @@
        <type>select_multiple</type>
        <style>tokenize</style>
        <allownew>true</allownew>
-        <help>The default is to use the domain name of this system as the DNSSL option. You may specify explicit domains here instead.</help>
+        <help>The default is to use the domain name of this system as the DNSSL option. You may specify explicit domains here instead. Use "." by itself to disable DNS search domains.</help>
        <grid_view>
            <visible>false</visible>
        </grid_view>
--- a/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.php
@ -37,6 +37,12 @@ use OPNsense\Base\Messages\Message;
 */
 class Radvd extends BaseModel
 {
+    private function isValidSearchDomain(string $domain): bool
+    {
+        return filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME) !== false &&
+            filter_var($domain, FILTER_VALIDATE_IP) === false;
+    }
+
    /**
     * {@inheritdoc}
     */
@ -86,6 +92,27 @@ class Radvd extends BaseModel
                }
            }

+            $dnssl = $entry->DNSSL->getValues();
+            if (in_array('.', $dnssl, true) && count($dnssl) > 1) {
+                $messages->appendMessage(
+                    new Message(
+                        gettext('Use "." by itself to disable DNS search domains.'),
+                        $key . '.DNSSL'
+                    )
+                );
+            }
+            foreach ($dnssl as $domain) {
+                if ($domain !== '.' && !$this->isValidSearchDomain($domain)) {
+                    $messages->appendMessage(
+                        new Message(
+                            gettext('A DNS search domain must be a valid hostname.'),
+                            $key . '.DNSSL'
+                        )
+                    );
+                    break;
+                }
+            }
+
            $raMax = $entry->MaxRtrAdvInterval->asInt();
            if (
                $raMax < $entry->MaxRtrAdvInterval->getMinimumvalue() ||
--- a/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Radvd/Radvd.xml
@ -60,11 +60,7 @@
                <AddressFamily>ipv6</AddressFamily>
                <AsList>Y</AsList>
            </RDNSS>
-            <DNSSL type="HostnameField">
-                <IsDNSName>Y</IsDNSName>
-                <IpAllowed>N</IpAllowed>
-                <AsList>Y</AsList>
-            </DNSSL>
+            <DNSSL type="CSVListField"/>
            <dns type="BooleanField">
                <Required>Y</Required>
                <Default>1</Default>