You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The wrong scope may be used when the host has multiple interfaces and the container is set to unbound (INSTANCE_IP: 0.0.0.0 and INSTANCE_LISTEN: 0.0.0.0).
This is because the Instance.IP is used to determine the scope rather than using the IP of the interface that received the request (see the following patch). This bug may be present in other functions, but I did not review any others.
PATCH
--- scopes.go.bug 2024-01-30 05:49:52.000000000 -0500
+++ scopes.go 2024-01-30 18:59:15.000000000 -0500
@@ -99,6 +99,21 @@
// To prioritise requests from a DHCP relay being matched correctly, give their subnet
// match a 1 bit more priority
const dhcpRelayBias = 1
+ // Use the instance ip unless the the interface is not bound
+ ip := extconfig.Get().Instance.IP
+ if req.oob != nil {
+ if ief, err := net.InterfaceByIndex(req.oob.IfIndex); err == nil {
+ if addrs, err := ief.Addrs(); err == nil {
+ for _, addr := range addrs {
+ if ipv4Addr := addr.(*net.IPNet).IP.To4(); ipv4Addr != nil {
+ ip = ipv4Addr.String()
+ req.log.Debug("Unbound interface found", zap.String("ifname", ief.Name), zap.String("ip", ip))
+ break
+ }
+ }
+ }
+ }
+ }
for _, scope := range r.scopes {
// Check based on gateway IP (highest priority)
gatewayMatchBits := scope.match(req.GatewayIPAddr)
@@ -106,12 +121,12 @@
req.log.Debug("selected scope based on cidr match (gateway IP)", zap.String("scope", scope.Name))
match = scope
longestBits = gatewayMatchBits + dhcpRelayBias
// Handle local broadcast, check with the instance's listening IP
// Only consider local scopes if we don't have a match already
- localMatchBits := scope.match(net.ParseIP(extconfig.Get().Instance.IP))
+ localMatchBits := scope.match(net.ParseIP(ip))
if localMatchBits > -1 && localMatchBits > longestBits {
- req.log.Debug("selected scope based on cidr match (instance IP)", zap.String("scope", scope.Name))
+ req.log.Debug("selected scope based on cidr match (instance/interface IP)", zap.String("scope", scope.Name))
match = scope
longestBits = localMatchBits
}
The text was updated successfully, but these errors were encountered:
The wrong scope may be used when the host has multiple interfaces and the container is set to unbound (INSTANCE_IP: 0.0.0.0 and INSTANCE_LISTEN: 0.0.0.0).
This is because the Instance.IP is used to determine the scope rather than using the IP of the interface that received the request (see the following patch). This bug may be present in other functions, but I did not review any others.
PATCH
The text was updated successfully, but these errors were encountered: