wgengine: only use AmbientCaps on DSM7+

Signed-off-by: Maisem Ali <maisem@tailscale.com>
3 years ago · 27799a1a96
parent a6d02dc122
commit 27799a1a96
1 changed files with 12 additions and 1 deletions
--- a/wgengine/router/router_linux.go
+++ b/wgengine/router/router_linux.go
@ -156,7 +156,7 @@ func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, linkMon *monitor.Mo
 	}

 	cmd := osCommandRunner{
-		ambientCapNetAdmin: distro.Get() == distro.Synology,
+		ambientCapNetAdmin: useAmbientCaps(),
 	}

 	return newUserspaceRouterAdvanced(logf, tunname, linkMon, ipt4, ipt6, cmd, supportsV6, supportsV6NAT)
@ -185,6 +185,17 @@ func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, linkMon *monit
 	return r, nil
 }

+func useAmbientCaps() bool {
+	if distro.Get() != distro.Synology {
+		return false
+	}
+	v, err := strconv.Atoi(os.Getenv("SYNOPKG_DSM_VERSION_MAJOR"))
+	if err != nil {
+		return false
+	}
+	return v >= 7
+}
+
 // onIPRuleDeleted is the callback from the link monitor for when an IP policy
 // rule is deleted. See Issue 1591.
 //