From aeb9f6260fa209d7dfb11212ec7b89c668312b1b Mon Sep 17 00:00:00 2001
From: "kali kaneko (leap communications)" <kali@leap.se>
Date: Tue, 6 Jul 2021 19:40:37 +0200
Subject: [bug] ignore ip/routes if ipv6 is disabled

- Resolves: #457
---
 helpers/bitmask-root | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'helpers')

diff --git a/helpers/bitmask-root b/helpers/bitmask-root
index f105bfc..706d6f5 100644
--- a/helpers/bitmask-root
+++ b/helpers/bitmask-root
@@ -59,7 +59,6 @@ cmdcheck = subprocess.check_output
 #
 # CONSTANTS
 
-
 def get_no_group_name():
     """
     Return the right group name to use for the current OS.
@@ -80,11 +79,17 @@ def get_no_group_name():
         except KeyError:
             return None
 
+def is_ipv6_disabled():
+    """
+    Return True if ipv6 support is disabled by the kernel.
+    """
+    code = os.system("sysctl -a 2>/dev/null | grep all.disable_ipv6 | grep 1")
+    return code == 0
 
 def tostr(s):
     return s.decode('utf-8')
 
-VERSION = "13"
+VERSION = "14"
 SCRIPT = "bitmask-root"
 NAMESERVER_TCP = "10.41.0.1"
 NAMESERVER_UDP = "10.42.0.1"
@@ -138,6 +143,11 @@ FIXED_FLAGS = [
 if OPENVPN_GROUP is not None:
     FIXED_FLAGS.extend(["--group", OPENVPN_GROUP])
 
+if is_ipv6_disabled():
+    FIXED_FLAGS.extend([
+        "--pull-filter", "ignore", "ifconfig-ipv6",
+        "--pull-filter", "ignore", "route-ipv6"])
+
 ALLOWED_FLAGS = {
     "--remote": ["IP", "NUMBER", "PROTO"],
     "--tls-cipher": ["CIPHER"],
@@ -205,7 +215,6 @@ syslog.openlog(SCRIPT)
 # UTILITY
 #
 
-
 def is_valid_address(value):
     """
     Validate that the passed ip is a valid IP address.
-- 
cgit v1.2.3