Fix parse_virtual_addr_network minimum network size

ae407791 · Paolo Inglese · 14a60472 · ae407791 · ae407791 · ae407791
Commit ae407791 authored Oct 03, 2016 by Paolo Inglese
--- a/changes/ticket20151
+++ b/changes/ticket20151
+ o Minor features:
+   - Increase the maximum number of bits for the IPv6 virtual network prefix
+     from 16 to 104. In this way, the condition for address allocation is less
+     restrictive. Also, the variable max_bits is called max_prefix_bits,
+     making it clearer the meaning of the condition (bits > max_prefix_bits).
+     Closes ticket 20151; feature on 0.2.4.7-alpha.
+
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1275,8 +1275,11 @@ The following options are useful only for clients (that is, if
    "172.16.0.0/12" and change the IPv6 network to "[FC00::]/7".
    The default **VirtualAddrNetwork** address ranges on a
    properly configured machine will route to the loopback or link-local
-    interface. For
-    local use, no change to the default VirtualAddrNetwork setting is needed.
+    interface. The maximum number of bits for the network prefix is set to 104
+    for IPv6 and 16 for IPv4. However, a wider network - smaller prefix length
+    - is preferable since it reduces the chances for an attacker to guess the
+    used IP. For local use, no change to the default VirtualAddrNetwork setting
+    is needed.

 [[AllowNonRFC953Hostnames]] **AllowNonRFC953Hostnames** **0**|**1**::
    When this option is disabled, Tor blocks hostnames containing illegal

--- a/src/or/addressmap.c
+++ b/src/or/addressmap.c
@@ -774,7 +774,7 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
  const int ipv6 = (family == AF_INET6);
  tor_addr_t addr;
  maskbits_t bits;
-  const int max_bits = ipv6 ? 40 : 16;
+  const int max_prefix_bits = ipv6 ? 104 : 16;
  virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;

  if (!val || val[0] == '\0') {
@@ -804,10 +804,10 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
  }
 #endif

-  if (bits > max_bits) {
+  if (bits > max_prefix_bits) {
    if (msg)
      tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d "
-                   "network or larger",ipv6?"IPv6":"", max_bits);
+                   "network or larger",ipv6?"IPv6":"", max_prefix_bits);
    return -1;
  }