diff options
author | kali kaneko (leap communications) <kali@leap.se> | 2021-07-06 19:40:37 +0200 |
---|---|---|
committer | kali kaneko (leap communications) <kali@leap.se> | 2021-07-06 19:40:37 +0200 |
commit | aeb9f6260fa209d7dfb11212ec7b89c668312b1b (patch) | |
tree | fb6c2675372f6be60518f198036db8d1c88acb7d | |
parent | ae680e0087e42798190d44b51df05b773b8f909c (diff) |
[bug] ignore ip/routes if ipv6 is disabled
- Resolves: #457
-rw-r--r-- | helpers/bitmask-root | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/helpers/bitmask-root b/helpers/bitmask-root index f105bfc..706d6f5 100644 --- a/helpers/bitmask-root +++ b/helpers/bitmask-root @@ -59,7 +59,6 @@ cmdcheck = subprocess.check_output # # CONSTANTS - def get_no_group_name(): """ Return the right group name to use for the current OS. @@ -80,11 +79,17 @@ def get_no_group_name(): except KeyError: return None +def is_ipv6_disabled(): + """ + Return True if ipv6 support is disabled by the kernel. + """ + code = os.system("sysctl -a 2>/dev/null | grep all.disable_ipv6 | grep 1") + return code == 0 def tostr(s): return s.decode('utf-8') -VERSION = "13" +VERSION = "14" SCRIPT = "bitmask-root" NAMESERVER_TCP = "10.41.0.1" NAMESERVER_UDP = "10.42.0.1" @@ -138,6 +143,11 @@ FIXED_FLAGS = [ if OPENVPN_GROUP is not None: FIXED_FLAGS.extend(["--group", OPENVPN_GROUP]) +if is_ipv6_disabled(): + FIXED_FLAGS.extend([ + "--pull-filter", "ignore", "ifconfig-ipv6", + "--pull-filter", "ignore", "route-ipv6"]) + ALLOWED_FLAGS = { "--remote": ["IP", "NUMBER", "PROTO"], "--tls-cipher": ["CIPHER"], @@ -205,7 +215,6 @@ syslog.openlog(SCRIPT) # UTILITY # - def is_valid_address(value): """ Validate that the passed ip is a valid IP address. |