[systemd-devel] nftables support for nspawn/networkd
Lennart Poettering
lennart at poettering.net
Mon Jun 22 11:46:52 UTC 2020
On Mo, 22.06.20 11:54, Florian Westphal (fw at strlen.de) wrote:
> > BTW, is there any perspective of using sd-netlink as library backend
> > for the interaction with the kernel side of things?
>
> I extended sd-netlink with support for nfnetlink for this to work, so
> instead of RTNETLINK+GENETLINK there is now an nfnetlink backend as
> well.
Excellent!
> >From your comments so far I would guess an acceptable solution would
> be to retain the '--with-libiptc' switch, but build the
> nfnetlink/nftables backend unconditionally.
Yes, sounds excellent.
> Then, if nftables initialisation fails (e.g. because kernel was
> built without nftables support), fall back to libiptc/iptables-classic.
Yes, perfect!
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list