Commit ae407791 authored by Paolo Inglese's avatar Paolo Inglese
Browse files

Fix parse_virtual_addr_network minimum network size

parent 14a60472
o Minor features:
- Increase the maximum number of bits for the IPv6 virtual network prefix
from 16 to 104. In this way, the condition for address allocation is less
restrictive. Also, the variable max_bits is called max_prefix_bits,
making it clearer the meaning of the condition (bits > max_prefix_bits).
Closes ticket 20151; feature on 0.2.4.7-alpha.
......@@ -1275,8 +1275,11 @@ The following options are useful only for clients (that is, if
"172.16.0.0/12" and change the IPv6 network to "[FC00::]/7".
The default **VirtualAddrNetwork** address ranges on a
properly configured machine will route to the loopback or link-local
interface. For
local use, no change to the default VirtualAddrNetwork setting is needed.
interface. The maximum number of bits for the network prefix is set to 104
for IPv6 and 16 for IPv4. However, a wider network - smaller prefix length
- is preferable since it reduces the chances for an attacker to guess the
used IP. For local use, no change to the default VirtualAddrNetwork setting
is needed.
[[AllowNonRFC953Hostnames]] **AllowNonRFC953Hostnames** **0**|**1**::
When this option is disabled, Tor blocks hostnames containing illegal
......
......@@ -774,7 +774,7 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
const int ipv6 = (family == AF_INET6);
tor_addr_t addr;
maskbits_t bits;
const int max_bits = ipv6 ? 40 : 16;
const int max_prefix_bits = ipv6 ? 104 : 16;
virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
if (!val || val[0] == '\0') {
......@@ -804,10 +804,10 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
}
#endif
if (bits > max_bits) {
if (bits > max_prefix_bits) {
if (msg)
tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d "
"network or larger",ipv6?"IPv6":"", max_bits);
"network or larger",ipv6?"IPv6":"", max_prefix_bits);
return -1;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment