search

google / gvisor

Application Kernel for Containers
https://gvisor.dev
Apache License 2.0
15.85k stars 1.3k forks source link

netstack: Packets not forwarded for device routes with no gateway #7184

Closed neilalexander closed 11 months ago

neilalexander commented 2 years ago

Description

Netstack doesn’t appear to have a functional concept of a “device route” — that is, a route that has a NIC ID and a subnet configured but with no gateway address, like an ip route add a.a.a.a/a dev a in Linux.

Therefore if you have two or more NICs without addresses added to them, but you do have route entries for the subnets on the other end of each NIC, packet forwarding is impossible through netstack.

It seems as though something in FindRoute fails to cope with this scenario — probably getEndpointEP or constructAndValidateRoute — therefore the packets are unfortunately dropped instead of forwarded.

Steps to reproduce

New netstack instance with two NICs, neither of which have addresses configured. HandleLocal is false. Use AddRoute to specify a subnet and a NIC ID. but don’t specify a gateway for either route.

Expect packets from one NIC to obey the routing table and be forwarded to the other, similar to a “device route” in the Linux kernel. They don’t and are instead dropped as Unrouteable.

Tested against release-20211115.0-10-g0fd9b69d5. I don’t see anything obvious in newer versions that seems to fix the issue?

hbhasker commented 2 years ago

@ghanan94 is this something on your plan to fix?

neilalexander commented 2 years ago

Anything I can do to help? I'd love to get this working for a project of mine.

hbhasker commented 2 years ago

Neil, I am not sure we have cycles to fix this at the moment but if you would like to make changes to FindRoute to support this use-case we can provide a review. This is not a common use-case for us.

neilalexander commented 2 years ago

Thanks for the heads-up. I’ll try and find some more time to comb through this myself and raise a PR, although the last time I looked I couldn’t make heads or tails of all of what getEndpointEP and constructAndValidateRoute were doing. If you could provide any advice on any gotchas I should look out for, that’d be much appreciated.

github-actions[bot] commented 1 year ago

A friendly reminder that this issue had no activity for 120 days.

github-actions[bot] commented 11 months ago

This issue has been closed due to lack of activity.