Any time an IPv6 route lookup happens, the kernel generates a new routing cache entry and notifies userspace using a netlink "new route" message with the RTM_F_CLONED flag set on the route.
Network Manager doesn't check for this flag, so it accepts it as a new real route and adds it to its internal route cache. Then, because the event triggers an interface update, it synchronizes its route cache with the kernel table, putting the cache entry in as a real host route.
I think NM might also overwrite the next hop of the route based on its internal idea of the default route, but I'm not sure.
This causes problems if you have interfaces not managed by NetworkManager, such as manually configured VPNs, since these host routes override the route entries that send traffic down those interfaces rather than to the default router.
To reproduce:
Ensure "Ignore automatically obtained routes" is unchecked in Edit Connection -> IPv6 -> Routes, because this blocks the last stage (copying the spurious route back to the kernel).
Connect to an IPv6 network.
run `ip -6 route` and observe no extra routes
run `ip -6 route get 2600::`
run `ip -6 route` again and observe the new static route to 2600:: via your default gateway
Expected behavior:
No changes to routing table due to a route lookup.
Any time an IPv6 route lookup happens, the kernel generates a new routing cache entry and notifies userspace using a netlink "new route" message with the RTM_F_CLONED flag set on the route.
Network Manager doesn't check for this flag, so it accepts it as a new real route and adds it to its internal route cache. Then, because the event triggers an interface update, it synchronizes its route cache with the kernel table, putting the cache entry in as a real host route.
I think NM might also overwrite the next hop of the route based on its internal idea of the default route, but I'm not sure.
This causes problems if you have interfaces not managed by NetworkManager, such as manually configured VPNs, since these host routes override the route entries that send traffic down those interfaces rather than to the default router.
To reproduce:
Ensure "Ignore automatically obtained routes" is unchecked in Edit Connection -> IPv6 -> Routes, because this blocks the last stage (copying the spurious route back to the kernel).
Connect to an IPv6 network.
run `ip -6 route` and observe no extra routes
run `ip -6 route get 2600::`
run `ip -6 route` again and observe the new static route to 2600:: via your default gateway
Expected behavior:
No changes to routing table due to a route lookup.