Univention Bugzilla – Bug 44135
bad subnet number/mask combination fails dhcpd
Last modified: 2020-01-15 16:59:53 CET
When a DHCP (shared) subnet is created, care must be taken to zero out all host bits; otherwise dhcpd fails to start: > dhcpd: LDAP line 11: subnet 172.17.42.1 netmask 255.255.0.0: bad subnet number/mask combination. > dhcpd: }subnet 172.17.42.1 netmask 255.255.0.0 As the subnet address cannot be changed afterwards, the full LDAP hierarchy must be deleted and re-added by hand. assert ipaddr.IPv4Network('%(subnet)s/%(subnetmask)s' % udm.info).network == ipaddr.IPv4Address('%(subnet)s' % udm.info)
*** Bug 37149 has been marked as a duplicate of this bug. ***
Happened for a customer. Having no clue how to troubleshoot. Can be found only on second view. UMC should either not allow to add such (sub)networks or zero out the non-masked values. Nov 25 16:26:50 master dhcpd[34640]: LDAP line 11: subnet 192.168.142.0 netmask 255.255.0.0: bad subnet number/mask combination. Nov 25 16:26:50 master dhcpd[34640]: subnet 192.168.142.0 netmask 255.255.0.0 Nov 25 16:26:50 master dhcpd[34640]: ^ Nov 25 16:26:50 master dhcpd[34640]: LDAP: cannot parse dhcpService entry 'cn=multi.ucs,cn=dhcp,dc=multi,dc=ucs' Nov 25 16:26:50 master dhcpd[34640]: Configuration file errors encountered -- exiting
server/confpars.c > 2821 »·······»·······parse_warn (cfile, > 2822 »·······»······· "subnet %s netmask %s: bad subnet number/mask combination.", > 2823 »·······»·······»······· piaddr (subnet -> net), maskstr); This is only a warning > 2825 »·······»·······subnet_dereference (&subnet, MDL); but the broken declaration is removed and the server probably fails as the last subnet declaration was removed, which is invalid. A simple fix here would be to mask out any host bits by using subnet_number() if host_addr() returns any set host bits: @ server/confpars.c - 2825 »·······»·······subnet_dereference (&subnet, MDL); - 2826 »·······»·······skip_to_semi (cfile); - 2827 »·······»·······return; + 2825 »·······»·······subnet -> net = subnet_number(subnet -> net, subnet -> netmask); Untested!
Basis for a UDM patch in git:fbest/44135-dhcp-bad-subnet-number-mask-combination → use the ready() method for consistency checks
univention-directory-manager-modules (14.0.14-22) cdde67c8c829 | Bug #44135: prevent adding DHCP (sub)nets which break the dhcpd configuration univention-directory-manager-modules.yaml 6cf9cf50e0b1 | YAML Bug #44135
ucs-test (9.0.3-133) 102aeb34eb6c | Bug #44135: add tests/65_udm-dhcp/62_dhcp_subnets_invalid_values
OK: errata-announce -V --only univention-directory-manager-modules.yaml FIXED: univention-directory-manager-modules.yaml 5107cd9298 OK: apt install -t apt univention-directory-manager-tools python-univention-directory-manager OK: 1.2.3.0/8 -> rejected OK: 1.2.3.0/24 -> accepted OK: 1.2.3.0/25 + 1.2.3.10…127 -> rejected OK: 1.2.3.0/24 + 1.2.3.10…253 -> accepted ~FAIL: subnetmask can be changed after creating the network; the pool definitions thus can become invalid if the pools are no longer contained in the subnet. OK: cdde67c8c82950edbd8eeb9e6aba41bac80518fb udm OK: 102aeb34eb6c ucs-test OK: python 62_dhcp_subnets_invalid_values
<http://errata.software-univention.de/ucs/4.4/421.html>