From db7a440197452ac71d2a140fe8a13fce1b466815 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 28 May 2024 08:40:40 +0000
Subject: [PATCH 1/2] Bump sigs.k8s.io/knftables from 0.0.14 to 0.0.16

Bumps [sigs.k8s.io/knftables](https://github.com/kubernetes-sigs/knftables) from 0.0.14 to 0.0.16.
- [Changelog](https://github.com/kubernetes-sigs/knftables/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes-sigs/knftables/compare/v0.0.14...v0.0.16)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/knftables
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ccd4911a0..82e2cff8d 100644
--- a/go.mod
+++ b/go.mod
@@ -35,7 +35,7 @@ require (
 	github.com/avast/retry-go/v4 v4.6.0
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.929
 	github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc v1.0.924
-	sigs.k8s.io/knftables v0.0.14
+	sigs.k8s.io/knftables v0.0.16
 )
 
 require (
diff --git a/go.sum b/go.sum
index 18c4fe7ca..54a766f5d 100644
--- a/go.sum
+++ b/go.sum
@@ -776,8 +776,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
-sigs.k8s.io/knftables v0.0.14 h1:VzKQoDMCGBOH8c85sGrWSXSPCS0XrIpEfOlcCLBXiC0=
-sigs.k8s.io/knftables v0.0.14/go.mod h1:f/5ZLKYEUPUhVjUCg6l80ACdL7CIIyeL0DxfgojGRTk=
+sigs.k8s.io/knftables v0.0.16 h1:ZpTfNsjnidgoXdxxzcZLdSctqkpSO3QB3jo3zQ4PXqM=
+sigs.k8s.io/knftables v0.0.16/go.mod h1:f/5ZLKYEUPUhVjUCg6l80ACdL7CIIyeL0DxfgojGRTk=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
 sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=

From a7920334e91603cd2807ca05a7ca1b5d98b21974 Mon Sep 17 00:00:00 2001
From: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
Date: Thu, 30 May 2024 13:02:18 +0000
Subject: [PATCH 2/2] fix nftables e2e test

knftables now correctly sets comments on chains so this is reflected  in the test.
---
 e2e/run-e2e-tests.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/e2e/run-e2e-tests.sh b/e2e/run-e2e-tests.sh
index d8fc110ec..640088483 100644
--- a/e2e/run-e2e-tests.sh
+++ b/e2e/run-e2e-tests.sh
@@ -323,6 +323,7 @@ check_nftables() {
   read -d '' POSTROUTING_RULES_WORKER << EOM
 table ip flannel-ipv4 {
 	chain postrtg {
+		comment "chain to manage traffic masquerading by flannel"
 		type nat hook postrouting priority srcnat; policy accept;
 		meta mark 0x00004000 return
 		ip saddr ${worker_podcidr} ip daddr 10.42.0.0/16 return
@@ -336,6 +337,7 @@ EOM
   read -r -d '' POSTROUTING_RULES_LEADER << EOM
 table ip flannel-ipv4 {
 	chain postrtg {
+		comment "chain to manage traffic masquerading by flannel"
 		type nat hook postrouting priority srcnat; policy accept;
 		meta mark 0x00004000 return
 		ip saddr ${leader_podcidr} ip daddr 10.42.0.0/16 return
@@ -349,6 +351,7 @@ EOM
   read -r -d '' FORWARD_RULES << EOM
 table ip flannel-ipv4 {
 	chain forward {
+		comment "chain to accept flannel traffic"
 		type filter hook forward priority filter; policy accept;
 		ip saddr 10.42.0.0/16 accept
 		ip daddr 10.42.0.0/16 accept