diff --git a/neutron/db/db_base_plugin_v2.py b/neutron/db/db_base_plugin_v2.py index 0b203094e02..be4f2a42c3c 100644 --- a/neutron/db/db_base_plugin_v2.py +++ b/neutron/db/db_base_plugin_v2.py @@ -564,6 +564,16 @@ class NeutronDbPluginV2(neutron_plugin_base_v2.NeutronPluginBaseV2, CIDR if overlapping IPs are disabled. """ new_subnet_ipset = netaddr.IPSet([new_subnet_cidr]) + # Disallow subnets with prefix length 0 as they will lead to + # dnsmasq failures (see bug 1362651). + # This is not a discrimination against /0 subnets. + # A /0 subnet is conceptually possible but hardly a practical + # scenario for neutron's use cases. + for cidr in new_subnet_ipset.iter_cidrs(): + if cidr.prefixlen == 0: + err_msg = _("0 is not allowed as CIDR prefix length") + raise n_exc.InvalidInput(error_message=err_msg) + if cfg.CONF.allow_overlapping_ips: subnet_list = network.subnets else: diff --git a/neutron/tests/unit/test_db_plugin.py b/neutron/tests/unit/test_db_plugin.py index a2b8db8cdd3..0fb4023115c 100644 --- a/neutron/tests/unit/test_db_plugin.py +++ b/neutron/tests/unit/test_db_plugin.py @@ -2349,6 +2349,17 @@ class TestSubnetsV2(NeutronDbPluginV2TestCase): res = subnet_req.get_response(self.api) self.assertEqual(res.status_int, webob.exc.HTTPClientError.code) + def test_create_subnet_bad_V4_cidr_prefix_len(self): + with self.network() as network: + data = {'subnet': {'network_id': network['network']['id'], + 'cidr': '0.0.0.0/0', + 'ip_version': '4', + 'tenant_id': network['network']['tenant_id'], + 'gateway_ip': '0.0.0.1'}} + subnet_req = self.new_create_request('subnets', data) + res = subnet_req.get_response(self.api) + self.assertEqual(res.status_int, webob.exc.HTTPClientError.code) + def test_create_subnet_bad_V6_cidr(self): with self.network() as network: data = {'subnet': {'network_id': network['network']['id'],