Fix parse_virtual_addr_network minimum network size
This commit is contained in:
parent
14a6047210
commit
ae4077916c
|
@ -0,0 +1,7 @@
|
|||
o Minor features:
|
||||
- Increase the maximum number of bits for the IPv6 virtual network prefix
|
||||
from 16 to 104. In this way, the condition for address allocation is less
|
||||
restrictive. Also, the variable max_bits is called max_prefix_bits,
|
||||
making it clearer the meaning of the condition (bits > max_prefix_bits).
|
||||
Closes ticket 20151; feature on 0.2.4.7-alpha.
|
||||
|
|
@ -1275,8 +1275,11 @@ The following options are useful only for clients (that is, if
|
|||
"172.16.0.0/12" and change the IPv6 network to "[FC00::]/7".
|
||||
The default **VirtualAddrNetwork** address ranges on a
|
||||
properly configured machine will route to the loopback or link-local
|
||||
interface. For
|
||||
local use, no change to the default VirtualAddrNetwork setting is needed.
|
||||
interface. The maximum number of bits for the network prefix is set to 104
|
||||
for IPv6 and 16 for IPv4. However, a wider network - smaller prefix length
|
||||
- is preferable since it reduces the chances for an attacker to guess the
|
||||
used IP. For local use, no change to the default VirtualAddrNetwork setting
|
||||
is needed.
|
||||
|
||||
[[AllowNonRFC953Hostnames]] **AllowNonRFC953Hostnames** **0**|**1**::
|
||||
When this option is disabled, Tor blocks hostnames containing illegal
|
||||
|
|
|
@ -774,7 +774,7 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
|
|||
const int ipv6 = (family == AF_INET6);
|
||||
tor_addr_t addr;
|
||||
maskbits_t bits;
|
||||
const int max_bits = ipv6 ? 40 : 16;
|
||||
const int max_prefix_bits = ipv6 ? 104 : 16;
|
||||
virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
|
||||
|
||||
if (!val || val[0] == '\0') {
|
||||
|
@ -804,10 +804,10 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
|
|||
}
|
||||
#endif
|
||||
|
||||
if (bits > max_bits) {
|
||||
if (bits > max_prefix_bits) {
|
||||
if (msg)
|
||||
tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d "
|
||||
"network or larger",ipv6?"IPv6":"", max_bits);
|
||||
"network or larger",ipv6?"IPv6":"", max_prefix_bits);
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue