Currently, the BPF-based SNAT uses IPV4_MASQUERADE addr for SNAT'ing. This works fine as long as there is a single global scope IP addr. However, if we add multiple IP addrs then only one will be selected.

To improve the selection we could do the bpf_fib_lookup() to determine src IP addr instead. This would also eliminate the IPV4_MASQUERADE. However, the kernel helper might need to be relaxed, as currently it errors out if no L2 neigh entry is found for a nexthop of the given dst IP addr.