Description of problem: An error in /src/util/virsocketaddr.c prevents starting default network when it has an address of 172.31.2.1 Version-Release number of selected component (if applicable): Vendor: OpenSUSE Version: 12.2 Tumbleweed Component: libvirt-1.0.1-4.1.x86_64.rpm (dated Jan 24th 2013) Component: dnsmasq-2.61-2.1.3.x86_64.rpm How reproducible: Consistently reproducible. Steps to Reproduce: 1. virsh net-edit default 2. change <ip address='192.168.122.1' netmask='255.255.255.0'> to <ip address='172.31.2.1' netmask='255.255.255.0'> 3. virsh net-start default Actual results: error: Failed to start network default error: unsupported configuration: Publicly routable address 172.31.2.1 is prohibited. The version of dnsmasq on this host (2.61) doesn't support the bind-dynamic option, which is required for safe operation on a publicly routable subnet (see CVE-2012-3411). You must either upgrade dnsmasq, or use a private/local subnet range for this network (as described in RFC1918/RFC3484/RFC4193) Expected results: Network should be started without error as 172.31.2.1 is a legal private address with the 172.16/12 range. Additional info: From https://www.redhat.com/archives/libvir-list/2012-November/msg00944.html The comments underneath virSocketAddrIsPrivate: state "For IPv4, private addresses are in the range of 192.168.0.0/16, 172.16.0.0/16, or 10.0.0.0/8" but the correct range per the RFC is 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
Thanks for reporting this issue. It is now fixed upstream by commit 6405713f2ab9243db7d856914aaefbd4f9747daa Author: Jiri Denemark <jdenemar> Date: Wed Jan 30 12:01:01 2013 +0100 util: Fix mask for 172.16.0.0 private address range https://bugzilla.redhat.com/show_bug.cgi?id=905708 Only the first 12 bits should be set in the mask for this range. All addresses between 172.16.0.0 and 172.31.255.255 are private.