From 27799a1a964c4dc0d514122b99360b3054a457ca Mon Sep 17 00:00:00 2001 From: Maisem Ali Date: Mon, 18 Oct 2021 10:13:36 -0700 Subject: [PATCH] wgengine: only use AmbientCaps on DSM7+ Signed-off-by: Maisem Ali --- wgengine/router/router_linux.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/wgengine/router/router_linux.go b/wgengine/router/router_linux.go index 9dcf18b72..578311884 100644 --- a/wgengine/router/router_linux.go +++ b/wgengine/router/router_linux.go @@ -156,7 +156,7 @@ func newUserspaceRouter(logf logger.Logf, tunDev tun.Device, linkMon *monitor.Mo } cmd := osCommandRunner{ - ambientCapNetAdmin: distro.Get() == distro.Synology, + ambientCapNetAdmin: useAmbientCaps(), } return newUserspaceRouterAdvanced(logf, tunname, linkMon, ipt4, ipt6, cmd, supportsV6, supportsV6NAT) @@ -185,6 +185,17 @@ func newUserspaceRouterAdvanced(logf logger.Logf, tunname string, linkMon *monit return r, nil } +func useAmbientCaps() bool { + if distro.Get() != distro.Synology { + return false + } + v, err := strconv.Atoi(os.Getenv("SYNOPKG_DSM_VERSION_MAJOR")) + if err != nil { + return false + } + return v >= 7 +} + // onIPRuleDeleted is the callback from the link monitor for when an IP policy // rule is deleted. See Issue 1591. //