#6296 client-install with IPv6 address fails on link-local address (always)
Closed: Fixed None Opened 5 years ago by mbasti.

Steps to reproduce:

  • ipa-client-install --ip-address 2001:db8:: # address that does not match any local interface


[root@vm-058-089 ~]# ipa-client-install --ip-address '2001:db8::'
WARNING: ntpd time&date synchronization service will not be configured as
conflicting service (chronyd) is enabled
Use --force-ntpd option to disable it and force configuration of ntpd

Traceback (most recent call last):
  File "/sbin/ipa-client-install", line 3142, in <module>
  File "/sbin/ipa-client-install", line 3123, in main
    rval = install(options, env, fstore, statestore)
  File "/sbin/ipa-client-install", line 2320, in install
    if not check_ip_addresses(options):
  File "/sbin/ipa-client-install", line 1807, in check_ip_addresses
    ipautil.CheckedIPAddress(ip, match_local=True)
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 177, in __init__
  File "/usr/lib/python2.7/site-packages/netaddr/ip/__init__.py", line 933, in __init__
    raise AddrFormatError('invalid IPNetwork %s' % addr)
netaddr.core.AddrFormatError: invalid IPNetwork fe80::21a:4aff:fe23:1595%ens3/ffff:ffff:ffff:ffff::

It looks that netaddr.IPNetwork does not allow %suffix (interface, scope)

In [3]: ifnet = netaddr.IPNetwork('fe80::21a:4aff:fe23:1595%ens3/64')
AddrFormatError                           Traceback (most recent call last)
<ipython-input-3-363588007859> in <module>()
----> 1 ifnet = netaddr.IPNetwork('fe80::21a:4aff:fe23:1595%ens3/64')

/usr/lib/python2.7/site-packages/netaddr/ip/__init__.pyc in __init__(self, addr, implicit_prefix, version, flags)
    932                 if value is None:
--> 933                     raise AddrFormatError('invalid IPNetwork %s' % addr)
    935         self._value = value

In [4]: ifnet = netaddr.IPNetwork('fe80::21a:4aff:fe23:1595/64')

I'm not sure if this is our bug or netaddr.IPNetwork

This fails only when:

  • ipv6 address is used
  • --ip-address option is used


  • db55bde Fix parse errors with link-local addresses


  • d900c22 Fix parse errors with link-local addresses

This "fix" will cause issues when link-local address is really used somewhere. The address without network scope is invalid/not usable. It would be better to fix IPNetwork to accept network scope ID.

I can't imagine use case for link-local address with IPA. AFAIK even python3 standard module (ipaddress) does not support scope ID

Metadata Update from @mbasti:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.4.2

5 years ago

Login to comment on this ticket.