wgengine/router: disable IPv6 if v6 policy routing is unavailable.

Fixes #895.

Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
David Anderson 2020-11-11 15:05:15 -08:00 committed by Dave Anderson
parent a2d78b4d3e
commit a664aac877
1 changed files with 14 additions and 0 deletions

View File

@ -1023,6 +1023,20 @@ func supportsV6() bool {
return false
}
// Older kernels don't support IPv6 policy routing.
bs, err = ioutil.ReadFile("/proc/sys/net/ipv6/conf/all/disable_policy")
if err != nil {
// Absent knob means policy routing is unsupported.
return false
}
disabled, err = strconv.ParseBool(strings.TrimSpace(string(bs)))
if err != nil {
return false
}
if disabled {
return false
}
// Some distros ship ip6tables separately from iptables.
if _, err := exec.LookPath("ip6tables"); err != nil {
return false