vpnc: Control IPv6 data leak prevention with additional option

[vpnc] Control IPv6 data leak prevention with additional option. JB#53542 Add "VPNC.BlockIPv6" option for VPNC to control the IPv6 data leak prevention feature. If omitted default to false and require the feature to be explicitly set to true. VPNC does not have a separate option that is to be used but for convenience is saved along the VPNC provider configuration.
sailfishos · Apr 27, 2021 · 22c0dc7 · 22c0dc7
1 parent dca4f68
commit 22c0dc7
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/connman/vpn/plugins/vpnc.c b/connman/vpn/plugins/vpnc.c
@@ -91,6 +91,7 @@ struct {
 	{ "VPNC.SingleDES", "Enable Single DES", NULL, OPT_BOOLEAN, true },
 	{ "VPNC.NoEncryption", "Enable no encryption", NULL, OPT_BOOLEAN,
 									true },
+	{ "VPNC.BlockIPv6", "BlockIPv6", NULL, OPT_BOOLEAN, true},
 };
 
 struct vc_private_data {
@@ -314,6 +315,7 @@ static ssize_t write_bool_option(int fd, const char *key, const char *value)
 static int vc_write_config_data(struct vpn_provider *provider, int fd)
 {
 	const char *opt_s;
+	bool block_ipv6 = false;
 	int i;
 
 	for (i = 0; i < (int)ARRAY_SIZE(vpnc_options); i++) {
@@ -325,6 +327,12 @@ static int vc_write_config_data(struct vpn_provider *provider, int fd)
 		if (!opt_s)
 			continue;
 
+		if (g_strcmp0(opt_s, "VPNC.BlockIPv6") && !g_ascii_strcasecmp(
+					vpnc_options[i].vpnc_opt, "true")) {
+			block_ipv6 = true;
+			continue;
+		}
+
 		if (vpnc_options[i].type == OPT_STRING) {
 			if (write_option(fd,
 					vpnc_options[i].vpnc_opt, opt_s) < 0)
@@ -337,6 +345,8 @@ static int vc_write_config_data(struct vpn_provider *provider, int fd)
 
 	}
 
+	vpn_provider_set_supported_ip_networks(provider, true, !block_ipv6);
+
 	return 0;
 }