Configure IPv6 DNS server using router advertisements.

Package.swift

@@ -29,6 +29,7 @@ let package = Package(
         .library(name: "ContainerizationEXT4", targets: ["ContainerizationEXT4"]),
         .library(name: "ContainerizationOCI", targets: ["ContainerizationOCI"]),
         .library(name: "ContainerizationNetlink", targets: ["ContainerizationNetlink"]),
+        .library(name: "ContainerizationICMP", targets: ["ContainerizationICMP"]),
         .library(name: "ContainerizationIO", targets: ["ContainerizationIO"]),
         .library(name: "ContainerizationOS", targets: ["ContainerizationOS"]),
         .library(name: "ContainerizationExtras", targets: ["ContainerizationExtras"]),
@@ -205,6 +206,20 @@ let package = Package(
                 .product(name: "Crypto", package: "swift-crypto"),
             ]
         ),
+        .target(
+            name: "ContainerizationICMP",
+            dependencies: [
+                .product(name: "Logging", package: "swift-log"),
+                "ContainerizationExtras",
+            ]
+        ),
+        .testTarget(
+            name: "ContainerizationICMPTests",
+            dependencies: [
+                "ContainerizationExtras",
+                "ContainerizationICMP",
+            ]
+        ),
         .target(
             name: "ContainerizationNetlink",
             dependencies: [

Sources/Containerization/DNSConfiguration.swift

@@ -29,17 +29,22 @@ public struct DNS: Sendable {
     public var searchDomains: [String]
     /// The DNS options to use.
     public var options: [String]
+    /// When true, vminitd will listen for IPv6 Router Advertisements and
+    /// merge RDNSS nameservers into this resolv.conf entry.
+    public var enableRDNSSMonitor: Bool
 
     public init(
         nameservers: [String] = defaultNameservers,
         domain: String? = nil,
         searchDomains: [String] = [],
-        options: [String] = []
+        options: [String] = [],
+        enableRDNSSMonitor: Bool = false
     ) {
         self.nameservers = nameservers
         self.domain = domain
         self.searchDomains = searchDomains
         self.options = options
+        self.enableRDNSSMonitor = enableRDNSSMonitor
     }
 }
 

Sources/Containerization/LinuxContainer.swift

@@ -996,6 +996,18 @@ extension LinuxContainer {
         }
     }
 
+    /// Update the DNS configuration for this container on the running VM.
+    /// Replaces the current /etc/resolv.conf content and updates the RDNSS
+    /// monitor state to match the new config's `enableRDNSSMonitor` flag.
+    public func updateDNS(_ dns: DNS) async throws {
+        try await self.state.withLock {
+            let state = try $0.startedState("updateDNS")
+            try await state.vm.withAgent { agent in
+                try await agent.configureDNS(config: dns, location: Self.guestRootfsPath(self.id))
+            }
+        }
+    }
+
     /// Get statistics for the container.
     public func statistics(categories: StatCategory = .all) async throws -> ContainerStatistics {
         try await self.state.withLock {

Sources/Containerization/LinuxPod.swift

@@ -834,6 +834,18 @@ extension LinuxPod {
         }
     }
 
+    /// Update the DNS configuration for a container in the pod on the running VM.
+    /// Replaces the container's /etc/resolv.conf content and updates the RDNSS
+    /// monitor state to match the new config's `enableRDNSSMonitor` flag.
+    public func updateDNS(_ dns: DNS, containerID: String) async throws {
+        try await self.state.withLock { state in
+            let createdState = try state.phase.createdState("updateDNS")
+            try await createdState.vm.withAgent { agent in
+                try await agent.configureDNS(config: dns, location: Self.guestRootfsPath(containerID))
+            }
+        }
+    }
+
     /// Get statistics for containers in the pod.
     public func statistics(containerIDs: [String]? = nil, categories: StatCategory = .all) async throws -> [ContainerStatistics] {
         let (createdState, ids) = try await self.state.withLock { state in

Sources/Containerization/SandboxContext/SandboxContext.pb.swift

@@ -1072,6 +1072,8 @@ public struct Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest: Sendabl
 
   public var options: [String] = []
 
+  public var enableRdnssMonitor: Bool = false
+
   public var unknownFields = SwiftProtobuf.UnknownStorage()
 
   public init() {}
@@ -3046,7 +3048,7 @@ extension Com_Apple_Containerization_Sandbox_V3_IpRouteAddDefaultResponse: Swift
 
 extension Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest: SwiftProtobuf.Message, SwiftProtobuf._MessageImplementationBase, SwiftProtobuf._ProtoNameProviding {
   public static let protoMessageName: String = _protobuf_package + ".ConfigureDnsRequest"
-  public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}location\0\u{1}nameservers\0\u{1}domain\0\u{1}searchDomains\0\u{1}options\0")
+  public static let _protobuf_nameMap = SwiftProtobuf._NameMap(bytecode: "\0\u{1}location\0\u{1}nameservers\0\u{1}domain\0\u{1}searchDomains\0\u{1}options\0\u{3}enable_rdnss_monitor\0")
 
   public mutating func decodeMessage<D: SwiftProtobuf.Decoder>(decoder: inout D) throws {
     while let fieldNumber = try decoder.nextFieldNumber() {
@@ -3059,6 +3061,7 @@ extension Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest: SwiftProtob
       case 3: try { try decoder.decodeSingularStringField(value: &self._domain) }()
       case 4: try { try decoder.decodeRepeatedStringField(value: &self.searchDomains) }()
       case 5: try { try decoder.decodeRepeatedStringField(value: &self.options) }()
+      case 6: try { try decoder.decodeSingularBoolField(value: &self.enableRdnssMonitor) }()
       default: break
       }
     }
@@ -3084,6 +3087,9 @@ extension Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest: SwiftProtob
     if !self.options.isEmpty {
       try visitor.visitRepeatedStringField(value: self.options, fieldNumber: 5)
     }
+    if self.enableRdnssMonitor != false {
+      try visitor.visitSingularBoolField(value: self.enableRdnssMonitor, fieldNumber: 6)
+    }
     try unknownFields.traverse(visitor: &visitor)
   }
 
@@ -3093,6 +3099,7 @@ extension Com_Apple_Containerization_Sandbox_V3_ConfigureDnsRequest: SwiftProtob
     if lhs._domain != rhs._domain {return false}
     if lhs.searchDomains != rhs.searchDomains {return false}
     if lhs.options != rhs.options {return false}
+    if lhs.enableRdnssMonitor != rhs.enableRdnssMonitor {return false}
     if lhs.unknownFields != rhs.unknownFields {return false}
     return true
   }

Sources/Containerization/SandboxContext/SandboxContext.proto

@@ -303,6 +303,7 @@ message ConfigureDnsRequest {
   optional string domain = 3;
   repeated string searchDomains = 4;
   repeated string options = 5;
+  bool enable_rdnss_monitor = 6;
 }
 
 message ConfigureDnsResponse {}

Sources/Containerization/Vminitd.swift

@@ -496,6 +496,7 @@ extension Vminitd {
                 }
                 $0.searchDomains = config.searchDomains
                 $0.options = config.options
+                $0.enableRdnssMonitor = config.enableRDNSSMonitor
             })
     }