From 8e335fec1b32599e2eb5ea3a1b33e226768ad03b Mon Sep 17 00:00:00 2001 From: Mygod Date: Fri, 1 Jun 2018 22:30:31 +0800 Subject: [PATCH] Add option to disable IPv6 tethering Partially addresses #6, #20. --- .../src/main/java/be/mygod/vpnhotspot/TetheringService.kt | 1 + mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt | 6 ++++++ mobile/src/main/res/values-zh-rCN/strings.xml | 2 ++ mobile/src/main/res/values/strings.xml | 2 ++ mobile/src/main/res/xml/pref_settings.xml | 4 ++++ 5 files changed, 15 insertions(+) diff --git a/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt b/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt index feb039cc..61c96083 100644 --- a/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt +++ b/mobile/src/main/java/be/mygod/vpnhotspot/TetheringService.kt @@ -49,6 +49,7 @@ class TetheringService : IpNeighbourMonitoringService(), VpnMonitor.Callback { // system tethering already has working forwarding rules // so it doesn't make sense to add additional forwarding rules val routing = Routing(upstream, downstream).rule().forward().masquerade().dnsRedirect(dns) + if (app.pref.getBoolean("service.disableIpv6", false)) routing.disableIpv6() routings[downstream] = routing if (!routing.start()) failed = true } catch (e: SocketException) { diff --git a/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt b/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt index c74da64c..8e74bed7 100644 --- a/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt +++ b/mobile/src/main/java/be/mygod/vpnhotspot/net/Routing.kt @@ -47,6 +47,12 @@ class Routing(val upstream: String?, private val downstream: String, ownerAddres return this } + fun disableIpv6(): Routing { + startScript.add("echo 1 >/proc/sys/net/ipv6/conf/$downstream/disable_ipv6") + stopScript.add("echo 0 >/proc/sys/net/ipv6/conf/$downstream/disable_ipv6") + return this + } + /** * Since Android 5.0, RULE_PRIORITY_TETHERING = 18000. * This also works for Wi-Fi direct where there's no rule at 18000. diff --git a/mobile/src/main/res/values-zh-rCN/strings.xml b/mobile/src/main/res/values-zh-rCN/strings.xml index 20658089..a74ead10 100644 --- a/mobile/src/main/res/values-zh-rCN/strings.xml +++ b/mobile/src/main/res/values-zh-rCN/strings.xml @@ -60,6 +60,8 @@ "自动 (1\u201114 = 2.4GHz, 15\u2011165 = 5GHz)" 严格模式 只允许通过 VPN 隧道的包通过,不适用于系统共享 + 禁用 IPv6 共享 + 防止 IPv6 VPN 泄漏。 备用 DNS 服务器[:端口] 清理/重新应用路由规则 杂项 diff --git a/mobile/src/main/res/values/strings.xml b/mobile/src/main/res/values/strings.xml index 4ff94a63..507e27cf 100644 --- a/mobile/src/main/res/values/strings.xml +++ b/mobile/src/main/res/values/strings.xml @@ -64,6 +64,8 @@ Strict mode Only allow packets that goes through VPN tunnel. Does not apply to system tethering. + Disable IPv6 tethering + Enabling this option will prevent VPN leaks via IPv6. Fallback DNS server[:port] Clean/reapply routing rules Misc diff --git a/mobile/src/main/res/xml/pref_settings.xml b/mobile/src/main/res/xml/pref_settings.xml index 28a0d525..9f8dd9b0 100644 --- a/mobile/src/main/res/xml/pref_settings.xml +++ b/mobile/src/main/res/xml/pref_settings.xml @@ -6,6 +6,10 @@ android:key="service.repeater.strict" android:title="@string/settings_service_repeater_strict" android:summary="@string/settings_service_repeater_strict_summary"/> +