fix: add a link-scope route if the cmdline gateway is not reachable

Fixes #7020

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>

internal/app/machined/pkg/controllers/network/route_config.go

@@ -192,27 +192,43 @@ func (ctrl *RouteConfigController) parseCmdline(logger *zap.Logger) (routes []ne
 			continue
 		}
 
-		var route network.RouteSpecSpec
-
-		route.Gateway = linkConfig.Gateway
+		// add a default gateway route
+		defaultGatewayRoute := network.RouteSpecSpec{
+			Gateway:     linkConfig.Gateway,
+			Scope:       nethelpers.ScopeGlobal,
+			Table:       nethelpers.TableMain,
+			Priority:    DefaultRouteMetric + uint32(idx), // set different priorities to avoid a conflict
+			Protocol:    nethelpers.ProtocolBoot,
+			Type:        nethelpers.TypeUnicast,
+			OutLinkName: linkConfig.LinkName,
+			ConfigLayer: network.ConfigCmdline,
+		}
 
-		if route.Gateway.Is6() {
-			route.Family = nethelpers.FamilyInet6
+		if defaultGatewayRoute.Gateway.Is6() {
+			defaultGatewayRoute.Family = nethelpers.FamilyInet6
 		} else {
-			route.Family = nethelpers.FamilyInet4
+			defaultGatewayRoute.Family = nethelpers.FamilyInet4
 		}
 
-		route.Scope = nethelpers.ScopeGlobal
-		route.Table = nethelpers.TableMain
-		route.Priority = DefaultRouteMetric + uint32(idx) // set different priorities to avoid a conflict
-		route.Protocol = nethelpers.ProtocolBoot
-		route.Type = nethelpers.TypeUnicast
-		route.OutLinkName = linkConfig.LinkName
-		route.ConfigLayer = network.ConfigCmdline
-
-		route.Normalize()
-
-		routes = append(routes, route)
+		defaultGatewayRoute.Normalize()
+
+		routes = append(routes, defaultGatewayRoute)
+
+		// for IPv4, if the gateway is not directly reachable on the link, add a link-scope route for the gateway
+		if linkConfig.Gateway.Is4() && !linkConfig.Address.Contains(linkConfig.Gateway) {
+			routes = append(routes, network.RouteSpecSpec{
+				Family:      nethelpers.FamilyInet4,
+				Destination: netip.PrefixFrom(linkConfig.Gateway, linkConfig.Gateway.BitLen()),
+				Source:      linkConfig.Address.Addr(),
+				OutLinkName: linkConfig.LinkName,
+				Table:       nethelpers.TableMain,
+				Priority:    defaultGatewayRoute.Priority,
+				Scope:       nethelpers.ScopeLink,
+				Type:        nethelpers.TypeUnicast,
+				Protocol:    nethelpers.ProtocolBoot,
+				ConfigLayer: network.ConfigCmdline,
+			})
+		}
 	}
 
 	return routes

internal/app/machined/pkg/controllers/network/route_config_test.go

@@ -102,6 +102,39 @@ func (suite *RouteConfigSuite) TestCmdline() {
 	)
 }
 
+func (suite *RouteConfigSuite) TestCmdlineNotReachable() {
+	suite.Require().NoError(
+		suite.runtime.RegisterController(
+			&netctrl.RouteConfigController{
+				Cmdline: procfs.NewCmdline("ip=172.20.0.2::172.20.0.1:255.255.255.255::eth1:::::"),
+			},
+		),
+	)
+
+	suite.startRuntime()
+
+	suite.assertRoutes(
+		[]string{
+			"cmdline/inet4/172.20.0.1//1024",
+			"cmdline/inet4//172.20.0.1/32/1024",
+		}, func(r *network.RouteSpec, asrt *assert.Assertions) {
+			asrt.Equal(network.ConfigCmdline, r.TypedSpec().ConfigLayer)
+			asrt.Equal(nethelpers.FamilyInet4, r.TypedSpec().Family)
+
+			switch r.Metadata().ID() {
+			case "cmdline/inet4/172.20.0.1//1024":
+				asrt.Equal("eth1", r.TypedSpec().OutLinkName)
+				asrt.EqualValues(netctrl.DefaultRouteMetric, r.TypedSpec().Priority)
+			case "cmdline/inet4//172.20.0.1/32/1024":
+				asrt.Equal("eth1", r.TypedSpec().OutLinkName)
+				asrt.Equal(netip.Addr{}, r.TypedSpec().Gateway)
+				asrt.Equal(netip.MustParsePrefix("172.20.0.1/32"), r.TypedSpec().Destination)
+				asrt.EqualValues(netctrl.DefaultRouteMetric, r.TypedSpec().Priority)
+			}
+		},
+	)
+}
+
 func (suite *RouteConfigSuite) TestMachineConfiguration() {
 	suite.Require().NoError(suite.runtime.RegisterController(&netctrl.RouteConfigController{}))