NekoBoxForAndroid icon indicating copy to clipboard operation
NekoBoxForAndroid copied to clipboard
verified publisher icon MatsuriDayo

BUG: missing subnets in bypass_private_route

Open tiaga opened this issue 7 months ago • 2 comments

Hello,

I noticed two problems with the bypass_private_route array (using for "Bypass LAN"):

  1. 112.124.47.0/24 and 114.114.114.0/24 (both ranges are global and used in China) are not included.
  2. 192.0.0.0/24 (private network) is not fully excluded.

Is there any specific reason for that?

tiaga avatar May 29 '25 09:05 tiaga

LAN subnet are 192.168.0.0/16 (not 192.0.0.0/24), 172.16.0.0/12 and 10.0.0.0/8, see RFC 112.124.47.0/24 and 114.114.114.0/24 aren't private network subnets: they are public, routable subnets (AS37963 delegated to Aliyun Computing Co., LTD and AS21859 delegated to NanJing XinFeng Information Technologies, Inc)

Nik-mmzd avatar Jun 13 '25 22:06 Nik-mmzd

@Nik-mmzd

not 192.0.0.0/24

https://en.wikipedia.org/wiki/Reserved_IP_addresses

112.124.47.0/24 and 114.114.114.0/24 aren't private network subnets

Yep, and that is why these ranges should be present in the array. See: https://github.com/xchacha20-poly1305/husi/commit/45f5c142059b6f2db154427c698c8ee436fef9e6 for details.

tiaga avatar Jun 16 '25 07:06 tiaga