Disable IPv6 in WireGuard according to options

author: Emīls <emils@mullvad.net> 2020-04-28 14:38:02 +0100
committer: Emīls <emils@mullvad.net> 2020-04-28 15:44:56 +0100
commit: a75abdd24f87029df7fdf2dd5fb745924feabbd4 (patch)
tree: 19c87020ee83e698f862eade81e1c9f9c4952fb0
parent: 332863f26a3039f74e94da4a981a04668bd3e054 (diff)
download: mullvadvpn-a75abdd24f87029df7fdf2dd5fb745924feabbd4.tar.xz
mullvadvpn-a75abdd24f87029df7fdf2dd5fb745924feabbd4.zip
1 files changed, 28 insertions, 5 deletions
diff --git a/talpid-core/src/tunnel/wireguard/config.rs b/talpid-core/src/tunnel/wireguard/config.rs
index 33599e5b65..4f0e851b1e 100644
--- a/talpid-core/src/tunnel/wireguard/config.rs
+++ b/talpid-core/src/tunnel/wireguard/config.rs
@@ -3,7 +3,7 @@ use std::{
     ffi::CString,
     net::{Ipv4Addr, Ipv6Addr},
 };
-use talpid_types::net::wireguard;
+use talpid_types::net::{wireguard, GenericTunnelOptions};
 
 /// Config required to set up a single WireGuard tunnel
 pub struct Config {
@@ -42,22 +42,34 @@ impl Config {
     pub fn from_parameters(params: &wireguard::TunnelParameters) -> Result<Config, Error> {
         let tunnel = params.connection.tunnel.clone();
         let peer = vec![params.connection.peer.clone()];
-        Self::new(tunnel, peer, &params.connection, &params.options)
+        Self::new(
+            tunnel,
+            peer,
+            &params.connection,
+            &params.options,
+            &params.generic_options,
+        )
     }
 
     /// Constructs a new Config struct
     pub fn new(
-        tunnel: wireguard::TunnelConfig,
+        mut tunnel: wireguard::TunnelConfig,
         mut peers: Vec<wireguard::PeerConfig>,
         connection_config: &wireguard::ConnectionConfig,
         wg_options: &wireguard::TunnelOptions,
+        generic_options: &GenericTunnelOptions,
     ) -> Result<Config, Error> {
         if peers.is_empty() {
             return Err(Error::NoPeersSuppliedError);
         }
         let mtu = wg_options.mtu.unwrap_or(DEFAULT_MTU);
         for peer in &mut peers {
-            peer.allowed_ips = peer.allowed_ips.clone();
+            peer.allowed_ips = peer
+                .allowed_ips
+                .iter()
+                .cloned()
+                .filter(|ip| ip.is_ipv4() || generic_options.enable_ipv6)
+                .collect();
             if peer.allowed_ips.is_empty() {
                 return Err(Error::InvalidPeerIpError);
             }
@@ -66,12 +78,23 @@ impl Config {
         if tunnel.addresses.is_empty() {
             return Err(Error::InvalidTunnelIpError);
         }
+        tunnel.addresses = tunnel
+            .addresses
+            .into_iter()
+            .filter(|ip| ip.is_ipv4() || generic_options.enable_ipv6)
+            .collect();
+
+        let ipv6_gateway = if generic_options.enable_ipv6 {
+            connection_config.ipv6_gateway
+        } else {
+            None
+        };
 
         Ok(Config {
             tunnel,
             peers,
             ipv4_gateway: connection_config.ipv4_gateway,
-            ipv6_gateway: connection_config.ipv6_gateway,
+            ipv6_gateway,
             mtu,
         })
     }
author	Emīls <emils@mullvad.net>	2020-04-28 14:38:02 +0100
committer	Emīls <emils@mullvad.net>	2020-04-28 15:44:56 +0100
commit	a75abdd24f87029df7fdf2dd5fb745924feabbd4 (patch)
tree	19c87020ee83e698f862eade81e1c9f9c4952fb0
parent	332863f26a3039f74e94da4a981a04668bd3e054 (diff)
download	mullvadvpn-a75abdd24f87029df7fdf2dd5fb745924feabbd4.tar.xz mullvadvpn-a75abdd24f87029df7fdf2dd5fb745924feabbd4.zip