summaryrefslogtreecommitdiff
path: root/helpers
diff options
context:
space:
mode:
authorkali kaneko (leap communications) <kali@leap.se>2021-07-06 19:40:37 +0200
committerkali kaneko (leap communications) <kali@leap.se>2021-07-06 19:40:37 +0200
commitaeb9f6260fa209d7dfb11212ec7b89c668312b1b (patch)
treefb6c2675372f6be60518f198036db8d1c88acb7d /helpers
parentae680e0087e42798190d44b51df05b773b8f909c (diff)
[bug] ignore ip/routes if ipv6 is disabled
- Resolves: #457
Diffstat (limited to 'helpers')
-rw-r--r--helpers/bitmask-root15
1 files changed, 12 insertions, 3 deletions
diff --git a/helpers/bitmask-root b/helpers/bitmask-root
index f105bfc..706d6f5 100644
--- a/helpers/bitmask-root
+++ b/helpers/bitmask-root
@@ -59,7 +59,6 @@ cmdcheck = subprocess.check_output
#
# CONSTANTS
-
def get_no_group_name():
"""
Return the right group name to use for the current OS.
@@ -80,11 +79,17 @@ def get_no_group_name():
except KeyError:
return None
+def is_ipv6_disabled():
+ """
+ Return True if ipv6 support is disabled by the kernel.
+ """
+ code = os.system("sysctl -a 2>/dev/null | grep all.disable_ipv6 | grep 1")
+ return code == 0
def tostr(s):
return s.decode('utf-8')
-VERSION = "13"
+VERSION = "14"
SCRIPT = "bitmask-root"
NAMESERVER_TCP = "10.41.0.1"
NAMESERVER_UDP = "10.42.0.1"
@@ -138,6 +143,11 @@ FIXED_FLAGS = [
if OPENVPN_GROUP is not None:
FIXED_FLAGS.extend(["--group", OPENVPN_GROUP])
+if is_ipv6_disabled():
+ FIXED_FLAGS.extend([
+ "--pull-filter", "ignore", "ifconfig-ipv6",
+ "--pull-filter", "ignore", "route-ipv6"])
+
ALLOWED_FLAGS = {
"--remote": ["IP", "NUMBER", "PROTO"],
"--tls-cipher": ["CIPHER"],
@@ -205,7 +215,6 @@ syslog.openlog(SCRIPT)
# UTILITY
#
-
def is_valid_address(value):
"""
Validate that the passed ip is a valid IP address.