From 132956a132f2f70c0670a4940cbce2e539d7e396 Mon Sep 17 00:00:00 2001
From: rbrtbnfgl <roberto.bonafiglia@gmail.com>
Date: Mon, 27 Jun 2022 19:25:10 +0200
Subject: [PATCH 1/3] Fixed public ipv6 in case of dualstack config

---
 main.go              |  6 +++++-
 pkg/ipmatch/match.go | 29 ++++++++++++++++++++---------
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/main.go b/main.go
index 6dbfa37ce..2c5ee02e6 100644
--- a/main.go
+++ b/main.go
@@ -265,7 +265,11 @@ func main() {
 	}
 	// Check the default interface only if no interfaces are specified
 	if len(opts.iface) == 0 && len(opts.ifaceRegex) == 0 && len(opts.ifaceCanReach) == 0 {
-		extIface, err = ipmatch.LookupExtIface(opts.publicIP, "", "", ipStack, optsPublicIP)
+		if len(opts.publicIP) > 0 {
+			extIface, err = ipmatch.LookupExtIface(opts.publicIP, "", "", ipStack, optsPublicIP)
+		} else {
+			extIface, err = ipmatch.LookupExtIface(opts.publicIPv6, "", "", ipStack, optsPublicIP)
+		}
 		if err != nil {
 			log.Error("Failed to find any valid interface to use: ", err)
 			os.Exit(1)
diff --git a/pkg/ipmatch/match.go b/pkg/ipmatch/match.go
index a758b122d..0ee208c07 100644
--- a/pkg/ipmatch/match.go
+++ b/pkg/ipmatch/match.go
@@ -83,16 +83,27 @@ func LookupExtIface(ifname string, ifregexS string, ifcanreach string, ipStack i
 					return nil, fmt.Errorf("error looking up v6 interface %s: %s", ifname, err)
 				}
 			case dualStack:
-				iface, err = ip.GetInterfaceByIP(ifaceAddr)
-				if err != nil {
-					return nil, fmt.Errorf("error looking up interface %s: %s", ifname, err)
-				}
-				v6Iface, err := ip.GetInterfaceByIP6(ifaceAddr)
-				if err != nil {
-					return nil, fmt.Errorf("error looking up v6 interface %s: %s", ifname, err)
+				if ifaceAddr.To4() != nil {
+					iface, err = ip.GetInterfaceByIP(ifaceAddr)
+					if err != nil {
+						return nil, fmt.Errorf("error looking up interface %s: %s", ifname, err)
+					}
 				}
-				if iface.Name != v6Iface.Name {
-					return nil, fmt.Errorf("v6 interface %s must be the same with v4 interface %s", v6Iface.Name, iface.Name)
+				if len(opts.PublicIPv6) > 0 {
+					if ifaceV6Addr = net.ParseIP(opts.PublicIPv6); ifaceV6Addr != nil {
+						v6Iface, err := ip.GetInterfaceByIP6(ifaceV6Addr)
+						if err != nil {
+							return nil, fmt.Errorf("error looking up v6 interface %s: %s", opts.PublicIPv6, err)
+						}
+						if ifaceAddr.To4() == nil {
+							iface = v6Iface
+							ifaceAddr = nil
+						} else {
+							if iface.Name != v6Iface.Name {
+								return nil, fmt.Errorf("v6 interface %s must be the same with v4 interface %s", v6Iface.Name, iface.Name)
+							}
+						}
+					}
 				}
 			}
 		} else {

From f4f02dbb015046fe975fbc66594b75e8c4baecae Mon Sep 17 00:00:00 2001
From: rbrtbnfgl <roberto.bonafiglia@gmail.com>
Date: Mon, 27 Jun 2022 19:25:40 +0200
Subject: [PATCH 2/3] Added iptables func for windows

---
 network/iptables_windows.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/network/iptables_windows.go b/network/iptables_windows.go
index 541665cd8..a984721b4 100644
--- a/network/iptables_windows.go
+++ b/network/iptables_windows.go
@@ -33,9 +33,9 @@ type IPTablesRule struct {
 
 func MasqRules(ipn ip.IP4Net, lease *subnet.Lease) []IPTablesRule    { return nil }
 func ForwardRules(flannelNetwork string) []IPTablesRule              { return nil }
-func SetupAndEnsureIPTables(rules []IPTablesRule, resyncPeriod int)  {}
-func DeleteIPTables(rules []IPTablesRule) error                      { return nil }
 func teardownIPTables(ipt IPTables, rules []IPTablesRule)            {}
+func SetupAndEnsureIP4Tables(rules []IPTablesRule, resyncPeriod int) {}
 func SetupAndEnsureIP6Tables(rules []IPTablesRule, resyncPeriod int) {}
 func MasqIP6Rules(ipn ip.IP6Net, lease *subnet.Lease) []IPTablesRule { return nil }
+func DeleteIP4Tables(rules []IPTablesRule) error                     { return nil }
 func DeleteIP6Tables(rules []IPTablesRule) error                     { return nil }

From 6083b05fbcd98e274b3c6a5e3f9396f32e7036bf Mon Sep 17 00:00:00 2001
From: rbrtbnfgl <roberto.bonafiglia@gmail.com>
Date: Mon, 4 Jul 2022 10:34:23 +0200
Subject: [PATCH 3/3] Fixed rule test when tables are not listed on same order

---
 network/iptables_restore_test.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/network/iptables_restore_test.go b/network/iptables_restore_test.go
index 74e1b0fc0..338701bf8 100644
--- a/network/iptables_restore_test.go
+++ b/network/iptables_restore_test.go
@@ -29,17 +29,18 @@ func TestRules(t *testing.T) {
 			{"-A", "INPUT", "-s", "127.0.0.1", "!", "-d", "224.0.0.0/4", "-m", "comment", "--comment", "flanneld masq", "-j", "MASQUERADE", "--random-fully"},
 		},
 	}
-	expectedPayload := `*filter
+	expectedFilterPayload := `*filter
 -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j RETURN
 -A INPUT -s 127.0.0.1 ! -d 224.0.0.0/4 -m comment --comment "flanneld masq" -j MASQUERADE --random-fully
 COMMIT
-*nat
+`
+	expectedNATPayload := `*nat
 -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j RETURN
 -A INPUT -s 127.0.0.1 ! -d 224.0.0.0/4 -m comment --comment "flanneld masq" -j MASQUERADE --random-fully
 COMMIT
 `
 	payload := buildIPTablesRestorePayload(baseRules)
-	if payload != expectedPayload {
-		t.Errorf("iptables-restore payload not as expected. Expected: %#v, Actual: %#v", expectedPayload, payload)
+	if payload != expectedFilterPayload+expectedNATPayload && payload != expectedNATPayload+expectedFilterPayload {
+		t.Errorf("iptables-restore payload not as expected. Expected: %#v, Actual: %#v", expectedFilterPayload+expectedNATPayload, payload)
 	}
 }