google / gvisor

Description

When a NIC has multiple suitable IP addresses the stack should select the best address. In case of IPv6 the stack does a proper source IP selection based on the IPv6 RFC. But for IPv4 the stack today picks the first IP address on the NIC.

The stack should do a longest prefix match to find the most suitable IPv4 address when picking the src IP.

See:

gvisor/pkg/tcpip/network/ipv4/ipv4.go

Line 1085 in ae089ad

    
           func (e *endpoint) AcquireOutgoingPrimaryAddress(remoteAddr tcpip.Address, allowExpired bool) stack.AddressEndpoint {

vs

gvisor/pkg/tcpip/network/ipv6/ipv6.go

Line 1714 in 94b1c16

    
           func (e *endpoint) AcquireOutgoingPrimaryAddress(remoteAddr tcpip.Address, allowExpired bool) stack.AddressEndpoint {

Steps to reproduce

No response

runsc version

No response

docker version (if using docker)

No response

uname

No response

kubectl (if using Kubernetes)

No response

repo state (if built from source)

No response

runsc debug logs (if available)

No response

A friendly reminder that this issue had no activity for 120 days.

Fixed by fd95313, baf097a, and 19399cd.

IPv4 should do longest prefix match for src ip selection

Description

Steps to reproduce

runsc version

docker version (if using docker)

uname

kubectl (if using Kubernetes)

repo state (if built from source)

runsc debug logs (if available)