DHCPv4 Classless routes : Gateway dropped explicitely

[Gugli]

systemd version the issue has been seen with

systemd 252 (252.5-2ubuntu3)

Used distribution

Ubuntu

Linux kernel version used

6.2.0-24-generic

CPU architectures issue was seen on

x86_64

Component

systemd-networkd

Expected behaviour you didn't see

After DHCP configuration, the following routes should have been added :

ip route
default via 192.168.1.1 dev eno1 proto dhcp src 192.168.1.42 metric 100
192.168.0.0/16 dev eno1 proto kernel scope link src 192.168.1.42 metric 100
192.168.10.0/24 via 192.168.14.1 dev eno1 proto dhcp

Unexpected behaviour you saw

But the following routes have been added :

ip route
default via 192.168.1.1 dev eno1 proto dhcp src 192.168.1.42 metric 100
192.168.0.0/16 dev eno1 proto kernel scope link src 192.168.1.42 metric 100
192.168.10.0/24 dev eno1 proto dhcp scope link src 192.168.1.42 metric 100

Steps to reproduce the problem

Use a machine on a network that includes a DHCPv4 sending the following options :
DHCP option 1 : [SubnetMask]
DHCP option 121 : classless static route [DestCIDR] [Gateway]

Ensure DestCIDR is within the SubnetMask.

Additional program output to the terminal or log subsystem illustrating the issue

When running systemd-networkd with "SYSTEMD_LOG_LEVEL=debug", the logs states :

eno1: DHCP: requested route destination 192.168.123.0/24 is in the assigned network 192.168.0.0/16, ignoring gateway address 192.168.1.2

[Gugli]

This issue seems to be related to
7f20627
that is still present in today's code.

This commit added 4 cases of invalid DHCP routes configuration.

It seem to me that the 3rd case "requested route destination XYZ is in the assigned network" is responsible of this behaviour.

I believe this comes in violation of RFC 3442.
The RFC states that "DHCP clients that support this option MUST install the routes specified in the option, except as specified in the Local Subnet Routes section."
The "Local Subnet Routes section" refers to links with multiple IP subnets, but says nothing about routes with a destination within the subnet, and a gateway.

To my knowledge this is a valid routing case.

Also note that "dhclient" tool adds the route as excpected.

An real-life example to illustrate such cases :
A company's local network, with a /16 subnet mask, contains some sensitive servers, and mandate that all their incoming traffic goes through a "audit/forensics" proxy first (a gateway that keeps logs of all the traffic). Having these machines in a different subnet (outside of /16) may not be practical or feasible. But everyone needing access to this machines will need to have the proper route.

[yuwata]

Fix is waiting in #28286.