Container networking does not follow the linux routing table correctly, missing the 'src' attribute

Hi,

My Linux host has a static routing entry to an IPv4 prefix, 10.1.0.0/24, with the ‘src’ attribute set to 10.1.0.40. This IPv4 address is configured on a dummy NIC called dummy0 as a /32. In the real setup this all forms a BGP routed fabric across servers.

However, the docker containers which use bridge networking can’t connect to the other hosts in the subnet 10.1.0.0/24. Everything is correctly NAT’ed and the correct route is used, but the source address of outgoing packets is a different address that is configured on the hosts.

Steps to reproduce:

ip link add dummy0 type dummy
ip link set up dev dummy0
ip addr add 10.1.0.40/32 dev dummy0
ip route add 10.1.0.0/24 via 10.10.101.1 src 10.1.0.40

ip route output afterwards:

default via 10.10.101.1 dev ens3 proto dhcp src 10.10.101.148 metric 100
10.1.0.0/24 via 10.10.101.1 dev ens3 src 10.1.0.40

Start a ping on the host (outside container)

ping 10.1.0.2

Verify correct source-ip

tcpdump -ni ens3 host 10.1.0.2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:32:53.319806 IP 10.1.0.40 > 10.1.0.2: ICMP echo request, id 8, seq 1, length 64
13:32:54.328542 IP 10.1.0.40 > 10.1.0.2: ICMP echo request, id 8, seq 2, length 64
13:32:55.352590 IP 10.1.0.40 > 10.1.0.2: ICMP echo request, id 8, seq 3, length 64
13:32:56.376578 IP 10.1.0.40 > 10.1.0.2: ICMP echo request, id 8, seq 4, length 64

Start ping inside container and verify source-ip is wrong

tcpdump -ni ens3 host 10.1.0.2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:34:34.273068 IP 10.10.101.148 > 10.1.0.2: ICMP echo request, id 9, seq 1, length 64
13:34:35.288603 IP 10.10.101.148 > 10.1.0.2: ICMP echo request, id 9, seq 2, length 64
13:34:36.312603 IP 10.10.101.148 > 10.1.0.2: ICMP echo request, id 9, seq 3, length 64
13:34:37.336644 IP 10.10.101.148 > 10.1.0.2: ICMP echo request, id 9, seq 4, length 64

Happens on Docker CE 26.1.4 on Ubuntu 22.04.

Any help is appreciated