Add service proxy This adds a service proxy based on nfproxy and changes to the service IP allocation to make it work. Also adds support for masquerading outbound traffic for outbound network connectivity. Test Plan: Currently manually tested by creating an alpine pod and running 'apk add curl && curl -k https://192.168.188.1:443/'. Will be covered later by CTS. Bug: T810 X-Origin-Diff: phab/D580 GitOrigin-RevId: cace863fd8c2f045560f8abf84c40cc77bc275d4

commit: b682ba55d4a51babad2beebb470b0fef0e6067ca [log] [tgz]
author: Lorenz Brun <lorenz@nexantic.com> Wed Jul 08 14:51:36 2020 +0200
committer: Lorenz Brun <lorenz@nexantic.com> Wed Jul 08 14:51:36 2020 +0200
tree: d94c2bb98f3a47896558d9cd4d2cc0271a4558c7
parent: f85748717f32f0a74816de01b1e5f2e0104342c5 [diff]
diff --git a/build/fietsje/main.go b/build/fietsje/main.go
index f227d9b..c62d6c7 100644
--- a/build/fietsje/main.go
+++ b/build/fietsje/main.go

@@ -110,6 +110,13 @@
 		"github.com/mdlayher/genetlink",
 	)
 
+	p.collect(
+		"github.com/sbezverk/nfproxy", "7fac5f39824e7f34228b08ba8b7640770ca6a9f4",
+		patches("nfproxy.patch"),
+	).use(
+		"github.com/sbezverk/nftableslib",
+	)
+
 	// First generate the repositories starlark rule into memory. This is because rendering will lock all unlocked
 	// dependencies, which might take a while. If a use were to interrupt it now, they would end up with an incomplete
 	// repositories.bzl and would have to restore from git.
commit	b682ba55d4a51babad2beebb470b0fef0e6067ca	[log] [tgz]
author	Lorenz Brun <lorenz@nexantic.com>	Wed Jul 08 14:51:36 2020 +0200
committer	Lorenz Brun <lorenz@nexantic.com>	Wed Jul 08 14:51:36 2020 +0200
tree	d94c2bb98f3a47896558d9cd4d2cc0271a4558c7
parent	f85748717f32f0a74816de01b1e5f2e0104342c5 [diff]