diff options
| author | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2025-04-08 09:34:43 +0200 |
|---|---|---|
| committer | Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> | 2025-04-08 10:08:28 +0200 |
| commit | c4021c8d3863624c25782956db21272862ed7d19 (patch) | |
| tree | 5ccc9c88381e5c04b06edce0b01c4929d624fafa | |
| parent | ae0bb4eaa210381ae55fe347ddccac0747a5b67d (diff) | |
| download | nextcloud-server-c4021c8d3863624c25782956db21272862ed7d19.tar.gz nextcloud-server-c4021c8d3863624c25782956db21272862ed7d19.zip | |
feat(ip): use larger IPv6 range by defaultfeat/larger_ipv6_range
Some providers assign `/48` IPv6 blocks instead of `/64` so it sounds safer
to use this mask by default.
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
| -rw-r--r-- | lib/private/Security/Normalizer/IpAddress.php | 8 | ||||
| -rw-r--r-- | tests/lib/Security/Normalizer/IpAddressTest.php | 10 |
2 files changed, 9 insertions, 9 deletions
diff --git a/lib/private/Security/Normalizer/IpAddress.php b/lib/private/Security/Normalizer/IpAddress.php index e9232c5fe9f..6ef8763f6d9 100644 --- a/lib/private/Security/Normalizer/IpAddress.php +++ b/lib/private/Security/Normalizer/IpAddress.php @@ -24,7 +24,7 @@ class IpAddress { } /** - * Return the given subnet for an IPv6 address (64 first bits) + * Return the given subnet for an IPv6 address (48 first bits) */ private function getIPv6Subnet(string $ip): string { if ($ip[0] === '[' && $ip[-1] === ']') { // If IP is with brackets, for example [::1] @@ -36,9 +36,9 @@ class IpAddress { } $binary = \inet_pton($ip); - $mask = inet_pton('FFFF:FFFF:FFFF:FFFF::'); + $mask = inet_pton('FFFF:FFFF:FFFF::'); - return inet_ntop($binary & $mask) . '/64'; + return inet_ntop($binary & $mask) . '/48'; } /** @@ -63,7 +63,7 @@ class IpAddress { /** - * Gets either the /32 (IPv4) or the /64 (IPv6) subnet of an IP address + * Gets either the /32 (IPv4) or the /48 (IPv6) subnet of an IP address */ public function getSubnet(): string { if (filter_var($this->ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) { diff --git a/tests/lib/Security/Normalizer/IpAddressTest.php b/tests/lib/Security/Normalizer/IpAddressTest.php index 55cb149309a..c2989c44ef2 100644 --- a/tests/lib/Security/Normalizer/IpAddressTest.php +++ b/tests/lib/Security/Normalizer/IpAddressTest.php @@ -36,20 +36,20 @@ class IpAddressTest extends TestCase { '192.168.0.123/32', ], [ - '2001:0db8:85a3:0000:0000:8a2e:0370:7334', - '2001:db8:85a3::/64', + '2001:0db8:0000:0000:0000:8a2e:0370:7334', + '2001:db8::/48', ], [ '2001:db8:3333:4444:5555:6666:7777:8888', - '2001:db8:3333:4444::/64', + '2001:db8:3333::/48', ], [ '::1234:5678', - '::/64', + '::/48', ], [ '[::1]', - '::/64', + '::/48', ], ]; } |