diff options
| author | Adrian Freihofer <adrian.freihofer@siemens.com> | 2022-08-30 08:26:59 +0200 |
|---|---|---|
| committer | Thomas Haller <thaller@redhat.com> | 2022-08-31 09:19:01 +0200 |
| commit | ff7c5f402424ec4d6ae2e3d61762a4c64b99b903 (patch) | |
| tree | 33167369a8ce967487f70c16e1cb361ecc64f244 | |
| parent | b336b249f5fafd4850b78b3c9df9ceb1bd7d9bc7 (diff) | |
| download | NetworkManager-ff7c5f402424ec4d6ae2e3d61762a4c64b99b903.tar.gz | |
device: load only required modules
Honor firewall-backend for modules loading and ip forwarding enabling as
well:
* iptables: do not load nftables modules
* nftables: do not load iptables modules
* none: do not load any modules and do not enable ip forwarding
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1356
| -rw-r--r-- | src/core/devices/nm-device.c | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/src/core/devices/nm-device.c b/src/core/devices/nm-device.c index 1df99a82ee..0a046f1e45 100644 --- a/src/core/devices/nm-device.c +++ b/src/core/devices/nm-device.c @@ -12263,16 +12263,28 @@ _dev_ipshared4_new_l3cd(NMDevice *self, NMConnection *connection, NMPlatformIP4A static gboolean _dev_ipshared4_init(NMDevice *self) { - static const char *const modules[] = {"ip_tables", - "iptable_nat", - "nf_nat_ftp", - "nf_nat_irc", - "nf_nat_sip", - "nf_nat_tftp", - "nf_nat_pptp", - "nf_nat_h323"}; - int errsv; - guint i; + static const char *const modules_iptables[] = {"ip_tables", "iptable_nat"}; + static const char *const modules_nftables[] = + {"nf_nat_ftp", "nf_nat_irc", "nf_nat_sip", "nf_nat_tftp", "nf_nat_pptp", "nf_nat_h323"}; + int errsv; + guint i; + + switch (nm_firewall_utils_get_backend()) { + case NM_FIREWALL_BACKEND_IPTABLES: + for (i = 0; i < G_N_ELEMENTS(modules_iptables); i++) + nmp_utils_modprobe(NULL, FALSE, modules_iptables[i], NULL); + break; + case NM_FIREWALL_BACKEND_NFTABLES: + for (i = 0; i < G_N_ELEMENTS(modules_nftables); i++) + nmp_utils_modprobe(NULL, FALSE, modules_nftables[i], NULL); + break; + case NM_FIREWALL_BACKEND_NONE: + /* do not modify network settings like ip forwarding */ + return TRUE; + default: + nm_assert_not_reached(); + break; + } if (nm_platform_sysctl_get_int32(nm_device_get_platform(self), NMP_SYSCTL_PATHID_ABSOLUTE("/proc/sys/net/ipv4/ip_forward"), @@ -12301,9 +12313,6 @@ _dev_ipshared4_init(NMDevice *self) nm_strerror_native(errsv)); } - for (i = 0; i < G_N_ELEMENTS(modules); i++) - nmp_utils_modprobe(NULL, FALSE, modules[i], NULL); - return TRUE; } |