google / gvisor

Application Kernel for Containers

Home Page:https://gvisor.dev

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

netstack: Packets not forwarded for device routes with no gateway

neilalexander opened this issue · comments

commented

Description

Netstack doesn’t appear to have a functional concept of a “device route” — that is, a route that has a NIC ID and a subnet configured but with no gateway address, like an ip route add a.a.a.a/a dev a in Linux.

Therefore if you have two or more NICs without addresses added to them, but you do have route entries for the subnets on the other end of each NIC, packet forwarding is impossible through netstack.

It seems as though something in FindRoute fails to cope with this scenario — probably getEndpointEP or constructAndValidateRoute — therefore the packets are unfortunately dropped instead of forwarded.

Steps to reproduce

New netstack instance with two NICs, neither of which have addresses configured. HandleLocal is false. Use AddRoute to specify a subnet and a NIC ID. but don’t specify a gateway for either route.

Expect packets from one NIC to obey the routing table and be forwarded to the other, similar to a “device route” in the Linux kernel. They don’t and are instead dropped as Unrouteable.

Tested against release-20211115.0-10-g0fd9b69d5. I don’t see anything obvious in newer versions that seems to fix the issue?

@ghanan94 is this something on your plan to fix?

commented

Anything I can do to help? I'd love to get this working for a project of mine.

Neil, I am not sure we have cycles to fix this at the moment but if you would like to make changes to FindRoute to support this use-case we can provide a review. This is not a common use-case for us.

commented

Thanks for the heads-up. I’ll try and find some more time to comb through this myself and raise a PR, although the last time I looked I couldn’t make heads or tails of all of what getEndpointEP and constructAndValidateRoute were doing. If you could provide any advice on any gotchas I should look out for, that’d be much appreciated.

A friendly reminder that this issue had no activity for 120 days.

This issue has been closed due to lack of activity.