From aeb9f6260fa209d7dfb11212ec7b89c668312b1b Mon Sep 17 00:00:00 2001 From: "kali kaneko (leap communications)" Date: Tue, 6 Jul 2021 19:40:37 +0200 Subject: [bug] ignore ip/routes if ipv6 is disabled - Resolves: #457 --- helpers/bitmask-root | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'helpers') diff --git a/helpers/bitmask-root b/helpers/bitmask-root index f105bfc..706d6f5 100644 --- a/helpers/bitmask-root +++ b/helpers/bitmask-root @@ -59,7 +59,6 @@ cmdcheck = subprocess.check_output # # CONSTANTS - def get_no_group_name(): """ Return the right group name to use for the current OS. @@ -80,11 +79,17 @@ def get_no_group_name(): except KeyError: return None +def is_ipv6_disabled(): + """ + Return True if ipv6 support is disabled by the kernel. + """ + code = os.system("sysctl -a 2>/dev/null | grep all.disable_ipv6 | grep 1") + return code == 0 def tostr(s): return s.decode('utf-8') -VERSION = "13" +VERSION = "14" SCRIPT = "bitmask-root" NAMESERVER_TCP = "10.41.0.1" NAMESERVER_UDP = "10.42.0.1" @@ -138,6 +143,11 @@ FIXED_FLAGS = [ if OPENVPN_GROUP is not None: FIXED_FLAGS.extend(["--group", OPENVPN_GROUP]) +if is_ipv6_disabled(): + FIXED_FLAGS.extend([ + "--pull-filter", "ignore", "ifconfig-ipv6", + "--pull-filter", "ignore", "route-ipv6"]) + ALLOWED_FLAGS = { "--remote": ["IP", "NUMBER", "PROTO"], "--tls-cipher": ["CIPHER"], @@ -205,7 +215,6 @@ syslog.openlog(SCRIPT) # UTILITY # - def is_valid_address(value): """ Validate that the passed ip is a valid IP address. -- cgit v1.2.3