commit ae4077916c94e9c15fa2800f51409ccb116bf63f Author: Paolo Inglese paolo.ingls@gmail.com Date: Mon Oct 3 12:18:51 2016 +0100
Fix parse_virtual_addr_network minimum network size --- changes/ticket20151 | 7 +++++++ doc/tor.1.txt | 7 +++++-- src/or/addressmap.c | 6 +++--- 3 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/changes/ticket20151 b/changes/ticket20151 new file mode 100644 index 0000000..5d246d9 --- /dev/null +++ b/changes/ticket20151 @@ -0,0 +1,7 @@ + o Minor features: + - Increase the maximum number of bits for the IPv6 virtual network prefix + from 16 to 104. In this way, the condition for address allocation is less + restrictive. Also, the variable max_bits is called max_prefix_bits, + making it clearer the meaning of the condition (bits > max_prefix_bits). + Closes ticket 20151; feature on 0.2.4.7-alpha. + diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 2e73b27..9f4eb31 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1275,8 +1275,11 @@ The following options are useful only for clients (that is, if "172.16.0.0/12" and change the IPv6 network to "[FC00::]/7". The default **VirtualAddrNetwork** address ranges on a properly configured machine will route to the loopback or link-local - interface. For - local use, no change to the default VirtualAddrNetwork setting is needed. + interface. The maximum number of bits for the network prefix is set to 104 + for IPv6 and 16 for IPv4. However, a wider network - smaller prefix length + - is preferable since it reduces the chances for an attacker to guess the + used IP. For local use, no change to the default VirtualAddrNetwork setting + is needed.
[[AllowNonRFC953Hostnames]] **AllowNonRFC953Hostnames** **0**|**1**:: When this option is disabled, Tor blocks hostnames containing illegal diff --git a/src/or/addressmap.c b/src/or/addressmap.c index f7544ab..33fd7e0 100644 --- a/src/or/addressmap.c +++ b/src/or/addressmap.c @@ -774,7 +774,7 @@ parse_virtual_addr_network(const char *val, sa_family_t family, const int ipv6 = (family == AF_INET6); tor_addr_t addr; maskbits_t bits; - const int max_bits = ipv6 ? 40 : 16; + const int max_prefix_bits = ipv6 ? 104 : 16; virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
if (!val || val[0] == '\0') { @@ -804,10 +804,10 @@ parse_virtual_addr_network(const char *val, sa_family_t family, } #endif
- if (bits > max_bits) { + if (bits > max_prefix_bits) { if (msg) tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d " - "network or larger",ipv6?"IPv6":"", max_bits); + "network or larger",ipv6?"IPv6":"", max_prefix_bits); return -1; }