From: David Ahern <dsahern@kernel.org>
To: Ido Schimmel <idosch@nvidia.com>, netdev@vger.kernel.org
Cc: davem@davemloft.net, kuba@kernel.org, pabeni@redhat.com,
edumazet@google.com, horms@kernel.org, petrm@nvidia.com
Subject: Re: [PATCH net-next 4/5] ipv6: Allow for nexthop device mismatch with "onlink"
Date: Mon, 12 Jan 2026 08:29:29 -0700 [thread overview]
Message-ID: <e843db42-b38d-4987-91ca-3cc204fc2915@kernel.org> (raw)
In-Reply-To: <20260111120813.159799-5-idosch@nvidia.com>
On 1/11/26 5:08 AM, Ido Schimmel wrote:
> IPv4 allows for a nexthop device mismatch when the "onlink" keyword is
> specified:
>
> # ip link add name dummy1 up type dummy
> # ip address add 192.0.2.1/24 dev dummy1
> # ip link add name dummy2 up type dummy
> # ip route add 198.51.100.0/24 nexthop via 192.0.2.2 dev dummy2
> Error: Nexthop has invalid gateway.
> # ip route add 198.51.100.0/24 nexthop via 192.0.2.2 dev dummy2 onlink
> # echo $?
> 0
>
> This seems to be consistent with the description of "onlink" in the
> ip-route man page: "Pretend that the nexthop is directly attached to
> this link, even if it does not match any interface prefix".
>
> On the other hand, IPv6 rejects a nexthop device mismatch, even when
> "onlink" is specified:
>
> # ip link add name dummy1 up type dummy
> # ip address add 2001:db8:1::1/64 dev dummy1
> # ip link add name dummy2 up type dummy
> # ip route add 2001:db8:10::/64 nexthop via 2001:db8:1::2 dev dummy2
> RTNETLINK answers: No route to host
> # ip route add 2001:db8:10::/64 nexthop via 2001:db8:1::2 dev dummy2 onlink
> Error: Nexthop has invalid gateway or device mismatch.
>
> This is intentional according to commit fc1e64e1092f ("net/ipv6: Add
> support for onlink flag") which added IPv6 "onlink" support and states
> that "any unicast gateway is allowed as long as the gateway is not a
> local address and if it resolves it must match the given device".
>
> The condition was later relaxed in commit 4ed591c8ab44 ("net/ipv6: Allow
> onlink routes to have a device mismatch if it is the default route") to
> allow for a nexthop device mismatch if the gateway address is resolved
> via the default route:
>
> # ip link add name dummy1 up type dummy
> # ip route add ::/0 dev dummy1
> # ip link add name dummy2 up type dummy
> # ip route add 2001:db8:10::/64 nexthop via 2001:db8:1::2 dev dummy2
> RTNETLINK answers: No route to host
> # ip route add 2001:db8:10::/64 nexthop via 2001:db8:1::2 dev dummy2 onlink
> # echo $?
> 0
>
> While the decision to forbid a nexthop device mismatch in IPv6 seems to
> be intentional, it is unclear why it was made. Especially when it
> differs from IPv4 and seems to go against the intended behavior of
> "onlink".
>
> Therefore, relax the condition further and allow for a nexthop device
> mismatch when "onlink" is specified:
>
> # ip link add name dummy1 up type dummy
> # ip address add 2001:db8:1::1/64 dev dummy1
> # ip link add name dummy2 up type dummy
> # ip route add 2001:db8:10::/64 nexthop via 2001:db8:1::2 dev dummy2 onlink
> # echo $?
> 0
>
> The motivating use case is the fact that FRR would like to be able to
> configure overlay routes of the following form:
>
> # ip route add <host-Z> vrf <VRF> encap ip id <ID> src <VTEP-A> dst <VTEP-Z> via <VTEP-Z> dev vxlan0 onlink
>
> Where vxlan0 is in the default VRF in which "VTEP-Z" is reachable via
> one of the underlay routes (e.g., via swpX). Without this patch, the
> above only works with IPv4, but not with IPv6.
>
> Reviewed-by: Petr Machata <petrm@nvidia.com>
> Signed-off-by: Ido Schimmel <idosch@nvidia.com>
> ---
> net/ipv6/route.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
Reviewed-by: David Ahern <dsahern@kernel.org>
next prev parent reply other threads:[~2026-01-12 15:29 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-11 12:08 [PATCH net-next 0/5] ipv6: Allow for nexthop device mismatch with "onlink" Ido Schimmel
2026-01-11 12:08 ` [PATCH net-next 1/5] selftests: fib-onlink: Remove "wrong nexthop device" IPv4 tests Ido Schimmel
2026-01-12 15:25 ` David Ahern
2026-01-11 12:08 ` [PATCH net-next 2/5] selftests: fib-onlink: Remove "wrong nexthop device" IPv6 tests Ido Schimmel
2026-01-12 15:25 ` David Ahern
2026-01-11 12:08 ` [PATCH net-next 3/5] selftests: fib-onlink: Add a test case for IPv4 multicast gateway Ido Schimmel
2026-01-12 15:26 ` David Ahern
2026-01-11 12:08 ` [PATCH net-next 4/5] ipv6: Allow for nexthop device mismatch with "onlink" Ido Schimmel
2026-01-12 15:29 ` David Ahern [this message]
2026-01-11 12:08 ` [PATCH net-next 5/5] selftests: fib-onlink: Add test cases for nexthop device mismatch Ido Schimmel
2026-01-12 15:31 ` David Ahern
2026-01-14 3:00 ` [PATCH net-next 0/5] ipv6: Allow for nexthop device mismatch with "onlink" patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e843db42-b38d-4987-91ca-3cc204fc2915@kernel.org \
--to=dsahern@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=idosch@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox