util/linuxfw: fix nil pointer panic in connmark rules without IPv6 (#18946)

When IPv6 is unavailable on a system, AddConnmarkSaveRule() and
DelConnmarkSaveRule() would panic with a nil pointer dereference.
Both methods directly iterated over []iptablesInterface{i.ipt4, i.ipt6}
without checking if ipt6 was nil.

Use `getTables()` instead to properly retrieve the available tables
on a given system

Fixes #3310

Signed-off-by: Mike O'Driscoll <mikeo@tailscale.com>

util/linuxfw/fake.go

@@ -26,13 +26,15 @@ type fakeRule struct {
 func newFakeIPTables() *fakeIPTables {
 	return &fakeIPTables{
 		n: map[string][]string{
-			"filter/INPUT":    nil,
-			"filter/OUTPUT":   nil,
-			"filter/FORWARD":  nil,
-			"nat/PREROUTING":  nil,
-			"nat/OUTPUT":      nil,
-			"nat/POSTROUTING": nil,
-			"mangle/FORWARD":  nil,
+			"filter/INPUT":      nil,
+			"filter/OUTPUT":     nil,
+			"filter/FORWARD":    nil,
+			"nat/PREROUTING":    nil,
+			"nat/OUTPUT":        nil,
+			"nat/POSTROUTING":   nil,
+			"mangle/FORWARD":    nil,
+			"mangle/PREROUTING": nil,
+			"mangle/OUTPUT":     nil,
 		},
 	}
 }
@@ -80,7 +82,7 @@ func (n *fakeIPTables) Delete(table, chain string, args ...string) error {
 				return nil
 			}
 		}
-		return fmt.Errorf("delete of unknown rule %q from %s", strings.Join(args, " "), k)
+		return errors.New("exitcode:1")
 	} else {
 		return fmt.Errorf("unknown table/chain %s", k)
 	}