From 4feff05601f349d56348c2a7a82f61364eca8f1b Mon Sep 17 00:00:00 2001
From: Tamilmani Manoharan <tamanoha@microsoft.com>
Date: Tue, 31 Mar 2020 18:37:21 -0700
Subject: [PATCH] added ipv6 changes

---
 cnms/Dockerfile          |  5 +++--
 network/monitor_linux.go | 29 ++++++++++++++++++++++++++---
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/cnms/Dockerfile b/cnms/Dockerfile
index 1c3f0da745..7932e489e3 100644
--- a/cnms/Dockerfile
+++ b/cnms/Dockerfile
@@ -3,5 +3,6 @@ RUN apt -y update
 RUN apt-get -y upgrade
 RUN apt install -y ebtables
 RUN apt install -y net-tools
-COPY networkmonitor /usr/bin/networkmonitor
-CMD ["/usr/bin/networkmonitor"]
\ No newline at end of file
+COPY azure-cnms /usr/bin/azure-cnms
+RUN chmod +x /usr/bin/azure-cnms
+CMD ["/usr/bin/azure-cnms"]
diff --git a/network/monitor_linux.go b/network/monitor_linux.go
index 4de1e76540..15d41ed543 100644
--- a/network/monitor_linux.go
+++ b/network/monitor_linux.go
@@ -8,6 +8,10 @@ import (
 	"github.com/Azure/azure-container-networking/log"
 )
 
+const (
+	ipv6Mask = "/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"
+)
+
 // monitorNetworkState compares current ebtable nat rules with state rules and matches state.
 func (nm *networkManager) monitorNetworkState(networkMonitor *cnms.NetworkMonitor) error {
 	currentEbtableRulesMap, err := cnms.GetEbTableRulesInMap()
@@ -34,13 +38,32 @@ func (nm *networkManager) AddStateRulesToMap() map[string]string {
 		snatKey := fmt.Sprintf("-s Unicast -o %s -j snat --to-src %s --snat-arp --snat-target ACCEPT", extIf.Name, extIf.MacAddress.String())
 		rulesMap[snatKey] = ebtables.PostRouting
 
+		for _, extIP := range extIf.IPAddresses {
+			if extIP.IP.To4() != nil {
+				arpReplyKey := fmt.Sprintf("-p ARP --arp-op Request --arp-ip-dst %s -j arpreply --arpreply-mac %s", extIP.IP.String(), extIf.MacAddress.String())
+				rulesMap[arpReplyKey] = ebtables.PreRouting
+			}
+		}
+
 		for _, nw := range extIf.Networks {
 			for _, ep := range nw.Endpoints {
 				for _, ipAddr := range ep.IPAddresses {
-					arpReplyKey := fmt.Sprintf("-p ARP --arp-op Request --arp-ip-dst %s -j arpreply --arpreply-mac %s", ipAddr.IP.String(), ep.MacAddress.String())
-					rulesMap[arpReplyKey] = ebtables.PreRouting
+					if ipAddr.IP.To4() != nil {
+						arpReplyKey := fmt.Sprintf("-p ARP --arp-op Request --arp-ip-dst %s -j arpreply --arpreply-mac %s", ipAddr.IP.String(), ep.MacAddress.String())
+						rulesMap[arpReplyKey] = ebtables.PreRouting
+					}
+
+					dst := "--ip-dst"
+					proto := "IPv4"
+					ipAddress := ipAddr.IP.String()
+					if ipAddr.IP.To4() == nil {
+						dst = "--ip6-dst"
+						proto = "IPv6"
+						ipAddress = ipAddr.IP.String() + ipv6Mask
+					}
 
-					dnatMacKey := fmt.Sprintf("-p IPv4 -i %s --ip-dst %s -j dnat --to-dst %s --dnat-target ACCEPT", extIf.Name, ipAddr.IP.String(), ep.MacAddress.String())
+					dnatMacKey := fmt.Sprintf("-p %s -i %s %s %s -j dnat --to-dst %s --dnat-target ACCEPT",
+						proto, extIf.Name, dst, ipAddress, ep.MacAddress.String())
 					rulesMap[dnatMacKey] = ebtables.PreRouting
 				}
 			}