[openfortivpn] Control IPv6 data leak prevention with additional PPPD…

… noipv6. JB#53542 Add the PPPD supported option noipv6 to be used to control IPv6 data leak prevention feature. The value must be explicitly set to true to enable the feature. OpenFortiVPN does not yet support the option but as it uses PPPD the option it may be enabled in the future releases.
sailfishos · Apr 27, 2021 · a7aecf1 · a7aecf1
1 parent 22c0dc7
commit a7aecf1
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/connman/vpn/plugins/openfortivpn.c b/connman/vpn/plugins/openfortivpn.c
@@ -70,6 +70,7 @@ struct {
 								OPT_BOOL},
 	{ "openfortivpn.TrustedCert", "--trusted-cert", 1, 1, OPT_STRING},
 	{ "openfortivpn.Port", NULL, 1, 0, OPT_STRING},
+	{ "PPPD.NoIPv6", "--pppd-noipv6", 0, 1, OPT_BOOL },
 };
 
 #define ROUTE_NETWORK_KEY_PREFIX "route_network_"
@@ -278,6 +279,7 @@ static int task_append_config_data(struct vpn_provider *provider,
 					struct connman_task *task)
 {
 	const char *value = NULL;
+	bool no_ipv6 = false;
 	int i;
 
 	for (i = 0; i < (int)ARRAY_SIZE(ofv_options); i++) {
@@ -305,11 +307,17 @@ static int task_append_config_data(struct vpn_provider *provider,
 						ofv_options[i].cm_opt, false))
 				continue;
 
-			connman_task_add_argument(task, ofv_options[i].ofv_opt,
-						NULL);
+			if (!g_strcmp0(ofv_options[i].cm_opt, "PPPD.NoIPv6"))
+				no_ipv6 = true;
+			else
+				connman_task_add_argument(task,
+							ofv_options[i].ofv_opt,
+							NULL);
 		}
 	}
 
+	vpn_provider_set_supported_ip_networks(provider, true, !no_ipv6);
+
 	return 0;
 }