in cmd/ip-masq-agent-v2/ip-masq-agent.go [359:400]
func (m *MasqDaemon) syncMasqRulesIPv6() error {
isIPv6Enabled := *enableIPv6
if isIPv6Enabled {
// make sure our custom chain for ipv6 non-masquerade exists
_, err := m.ip6tables.EnsureChain(utiliptables.TableNAT, masqChain)
if err != nil {
return err
}
// ensure that any non-local in POSTROUTING jumps to masqChain
err = m.ensurePostroutingJumpIPv6()
if err != nil {
return err
}
// build up lines to pass to ip6tables-restore
lines6 := bytes.NewBuffer(nil)
writeLine(lines6, "*nat")
writeLine(lines6, utiliptables.MakeChainLine(masqChain)) // effectively flushes masqChain atomically with rule restore
// link-local IPv6 CIDR is non-masquerade by default
if !m.config.MasqLinkLocalIPv6 {
writeNonMasqRule(lines6, linkLocalCIDRIPv6)
}
for _, cidr := range m.config.NonMasqueradeCIDRs {
if isIPv6CIDR(cidr) {
writeNonMasqRule(lines6, cidr)
}
}
// masquerade all other traffic that is not bound for a --dst-type LOCAL destination
writeMasqRule(lines6)
writeLine(lines6, "COMMIT")
err = m.ip6tables.RestoreAll(lines6.Bytes(), utiliptables.NoFlushTables, utiliptables.NoRestoreCounters)
if err != nil {
return err
}
}
return nil
}