Add support for ipv6 subnet in ipStrategy

pkg/config/dynamic/middlewares.go

@@ -1,6 +1,7 @@
 package dynamic
 
 import (
+	"fmt"
 	"net/http"
 	"time"
 
@@ -405,6 +406,8 @@ type IPStrategy struct {
 	Depth int `json:"depth,omitempty" toml:"depth,omitempty" yaml:"depth,omitempty" export:"true"`
 	// ExcludedIPs configures Traefik to scan the X-Forwarded-For header and select the first IP not in the list.
 	ExcludedIPs []string `json:"excludedIPs,omitempty" toml:"excludedIPs,omitempty" yaml:"excludedIPs,omitempty"`
+	// IPv6Subnet configures Traefik to consider all IPv6 addresses from the defined subnet as originating from the same IP. Applies to RemoteAddrStrategy and DepthStrategy.
+	IPv6Subnet *int `json:"ipv6Subnet,omitempty" toml:"ipv6Subnet,omitempty" yaml:"ipv6Subnet,omitempty"`
 	// TODO(mpl): I think we should make RemoteAddr an explicit field. For one thing, it would yield better documentation.
 }
 
@@ -418,8 +421,13 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
 	}
 
 	if s.Depth > 0 {
+		if s.IPv6Subnet != nil && (*s.IPv6Subnet <= 0 || *s.IPv6Subnet > 128) {
+			return nil, fmt.Errorf("invalid IPv6 subnet %d value, should be greater to 0 and lower or equal to 128", *s.IPv6Subnet)
+		}
+
 		return &ip.DepthStrategy{
-			Depth: s.Depth,
+			Depth:      s.Depth,
+			IPv6Subnet: s.IPv6Subnet,
 		}, nil
 	}
 
@@ -433,7 +441,13 @@ func (s *IPStrategy) Get() (ip.Strategy, error) {
 		}, nil
 	}
 
-	return &ip.RemoteAddrStrategy{}, nil
+	if s.IPv6Subnet != nil && (*s.IPv6Subnet <= 0 || *s.IPv6Subnet > 128) {
+		return nil, fmt.Errorf("invalid IPv6 subnet %d value, should be greater to 0 and lower or equal to 128", *s.IPv6Subnet)
+	}
+
+	return &ip.RemoteAddrStrategy{
+		IPv6Subnet: s.IPv6Subnet,
+	}, nil
 }
 
 // +k8s:deepcopy-gen=true