Support a default route without a gateway (#628)

dkovba · web-flow · commit 11bbbbb8526d · 2026-04-02T14:27:56.000-07:00
Adds the support for a default route without a gateway.

```
/ # ip route show default
default dev eth0 scope link 
```
diff --git a/Sources/Containerization/LinuxContainer.swift b/Sources/Containerization/LinuxContainer.swift
@@ -598,6 +598,9 @@ extension LinuxContainer {
                                 try await agent.routeAddLink(name: name, dstIPv4Addr: ipv4Gateway, srcIPv4Addr: i.ipv4Address.address)
                             }
                             try await agent.routeAddDefault(name: name, ipv4Gateway: ipv4Gateway)
+                        } else {
+                            self.logger?.debug("no gateway for \(name)")
+                            try await agent.routeAddDefault(name: name, ipv4Gateway: nil)
                         }
                     }
 
diff --git a/Sources/Containerization/LinuxPod.swift b/Sources/Containerization/LinuxPod.swift
@@ -457,6 +457,9 @@ extension LinuxPod {
                                 try await agent.routeAddLink(name: name, dstIPv4Addr: ipv4Gateway, srcIPv4Addr: nil)
                             }
                             try await agent.routeAddDefault(name: name, ipv4Gateway: ipv4Gateway)
+                        } else {
+                            self.logger?.debug("no gateway for \(name)")
+                            try await agent.routeAddDefault(name: name, ipv4Gateway: nil)
                         }
                     }
 
diff --git a/Sources/Containerization/VirtualMachineAgent.swift b/Sources/Containerization/VirtualMachineAgent.swift
@@ -69,7 +69,7 @@ public protocol VirtualMachineAgent: Sendable {
     func down(name: String) async throws
     func addressAdd(name: String, ipv4Address: CIDRv4) async throws
     func routeAddLink(name: String, dstIPv4Addr: IPv4Address, srcIPv4Addr: IPv4Address?) async throws
-    func routeAddDefault(name: String, ipv4Gateway: IPv4Address) async throws
+    func routeAddDefault(name: String, ipv4Gateway: IPv4Address?) async throws
     func configureDNS(config: DNS, location: String) async throws
     func configureHosts(config: Hosts, location: String) async throws
 
diff --git a/Sources/Containerization/Vminitd.swift b/Sources/Containerization/Vminitd.swift
@@ -398,11 +398,11 @@ extension Vminitd {
     }
 
     /// Set the default route in the sandbox's environment.
-    public func routeAddDefault(name: String, ipv4Gateway: IPv4Address) async throws {
+    public func routeAddDefault(name: String, ipv4Gateway: IPv4Address?) async throws {
         _ = try await client.ipRouteAddDefault(
             .with {
                 $0.interface = name
-                $0.ipv4Gateway = ipv4Gateway.description
+                $0.ipv4Gateway = ipv4Gateway?.description ?? ""
             })
     }
 
diff --git a/Sources/ContainerizationNetlink/NetlinkSession.swift b/Sources/ContainerizationNetlink/NetlinkSession.swift
@@ -348,14 +348,20 @@ public struct NetlinkSession {
     /// Adds a default IPv4 route to an interface.
     /// - Parameters:
     ///   - interface: The name of the interface.
-    ///   - ipv4Gateway: The gateway address.
+    ///   - ipv4Gateway: The gateway address, or nil.
     public func routeAddDefault(
         interface: String,
-        ipv4Gateway: IPv4Address
+        ipv4Gateway: IPv4Address?
     ) throws {
-        // ip route add default via [dst-address] src [src-address]
-        let dstAddrBytes = ipv4Gateway.bytes
-        let dstAddrAttrSize = RTAttribute.size + dstAddrBytes.count
+        // ip route add default via [gateway] dev [interface] or
+        // ip route add default dev [interface]
+        let dstAddrBytes = ipv4Gateway?.bytes
+        let dstAddrAttrSize: Int
+        if let dstAddrBytes {
+            dstAddrAttrSize = RTAttribute.size + dstAddrBytes.count
+        } else {
+            dstAddrAttrSize = 0
+        }
 
         let interfaceAttrSize = RTAttribute.size + MemoryLayout<UInt32>.size
         let interfaceIndex = try getInterfaceIndex(interface)
@@ -379,16 +385,20 @@ public struct NetlinkSession {
             tos: 0,
             table: RouteTable.MAIN,
             proto: RouteProtocol.BOOT,
-            scope: RouteScope.UNIVERSE,
+            scope: ipv4Gateway != nil ? RouteScope.UNIVERSE : RouteScope.LINK,
             type: RouteType.UNICAST,
             flags: 0)
         requestOffset = try requestInfo.appendBuffer(&requestBuffer, offset: requestOffset)
 
-        let dstAddrAttr = RTAttribute(len: UInt16(dstAddrAttrSize), type: RouteAttributeType.GATEWAY)
-        requestOffset = try dstAddrAttr.appendBuffer(&requestBuffer, offset: requestOffset)
-        guard var requestOffset = requestBuffer.copyIn(buffer: dstAddrBytes, offset: requestOffset) else {
-            throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_GATEWAY")
+        if let dstAddrBytes {
+            let dstAddrAttr = RTAttribute(len: UInt16(dstAddrAttrSize), type: RouteAttributeType.GATEWAY)
+            requestOffset = try dstAddrAttr.appendBuffer(&requestBuffer, offset: requestOffset)
+            guard let newOffset = requestBuffer.copyIn(buffer: dstAddrBytes, offset: requestOffset) else {
+                throw BindError.sendMarshalFailure(type: "RTAttribute", field: "RTA_GATEWAY")
+            }
+            requestOffset = newOffset
         }
+
         let interfaceAttr = RTAttribute(len: UInt16(interfaceAttrSize), type: RouteAttributeType.OIF)
         requestOffset = try interfaceAttr.appendBuffer(&requestBuffer, offset: requestOffset)
         guard
diff --git a/vminitd/Sources/vminitd/Server+GRPC.swift b/vminitd/Sources/vminitd/Server+GRPC.swift
@@ -1177,7 +1177,7 @@ extension Initd: Com_Apple_Containerization_Sandbox_V3_SandboxContextAsyncProvid
         do {
             let socket = try DefaultNetlinkSocket()
             let session = NetlinkSession(socket: socket, log: log)
-            let ipv4Gateway = try IPv4Address(request.ipv4Gateway)
+            let ipv4Gateway = !request.ipv4Gateway.isEmpty ? try IPv4Address(request.ipv4Gateway) : nil
             try session.routeAddDefault(interface: request.interface, ipv4Gateway: ipv4Gateway)
         } catch {
             log.error(

Original file line number	Diff line number	Diff line change
`@@ -598,6 +598,9 @@ extension LinuxContainer {`
`598`	`598`	`try await agent.routeAddLink(name: name, dstIPv4Addr: ipv4Gateway, srcIPv4Addr: i.ipv4Address.address)`
`599`	`599`	`}`
`600`	`600`	`try await agent.routeAddDefault(name: name, ipv4Gateway: ipv4Gateway)`
	`601`	`+ } else {`
	`602`	`+ self.logger?.debug("no gateway for \(name)")`
	`603`	`+ try await agent.routeAddDefault(name: name, ipv4Gateway: nil)`
`601`	`604`	`}`
`602`	`605`	`}`
`603`	`606`
Original file line number	Diff line number	Diff line change
`@@ -457,6 +457,9 @@ extension LinuxPod {`
`457`	`457`	`try await agent.routeAddLink(name: name, dstIPv4Addr: ipv4Gateway, srcIPv4Addr: nil)`
`458`	`458`	`}`
`459`	`459`	`try await agent.routeAddDefault(name: name, ipv4Gateway: ipv4Gateway)`
	`460`	`+ } else {`
	`461`	`+ self.logger?.debug("no gateway for \(name)")`
	`462`	`+ try await agent.routeAddDefault(name: name, ipv4Gateway: nil)`
`460`	`463`	`}`
`461`	`464`	`}`
`462`	`465`
Original file line number	Diff line number	Diff line change
`@@ -398,11 +398,11 @@ extension Vminitd {`
`398`	`398`	`}`
`399`	`399`
`400`	`400`	`/// Set the default route in the sandbox's environment.`
`401`		`- public func routeAddDefault(name: String, ipv4Gateway: IPv4Address) async throws {`
	`401`	`+ public func routeAddDefault(name: String, ipv4Gateway: IPv4Address?) async throws {`
`402`	`402`	`_ = try await client.ipRouteAddDefault(`
`403`	`403`	`.with {`
`404`	`404`	`$0.interface = name`
`405`		`- $0.ipv4Gateway = ipv4Gateway.description`
	`405`	`+ $0.ipv4Gateway = ipv4Gateway?.description ?? ""`
`406`	`406`	`})`
`407`	`407`	`}`
`408`	`408`