firewall-util: prepare for alternative to iptables backend

In a nutshell: 1. git mv firewall-util.c firewall-util-iptables.c 2. existing external functions gain _iptables_ in their names 3. firewall-util.c provides old function names 4. build system always compiles firewall-util.c, firewall-util-iptables.c is conditional instead (libiptc). 5. On first call to any of the 'old' API functions performs a probe that should return the preferred backend. In a future step, can add firewall-util-FOOTYPE.c, add its probe function to firewall-util.c and then have calls to fw_add_masq/local_dnat handed to the detected backend. For now, only iptables backend exists, and no special probing takes place for it, i.e. when systemd was built with iptables, that will be used. If not, requets to add masquerade/dnat will fail with same error (-EOPNOTSUPP) as before this change. For reference, the rules added by the libiptc/iptables backend look like this: for service export (via systemd-nspawn): [0:0] -A PREROUTING -p tcp -m tcp --dport $exportedport -m addrtype --dst-type LOCAL -j DNAT --to-destination $containerip:$port [0:0] -A OUTPUT ! -d 127.0.0.0/8 -p tcp -m tcp --dport $exportedport -m addrtype --dst-type LOCAL -j DNAT --to-destination $containerip:$port for ip masquerade: [0:0] -A POSTROUTING -s network/prefix -j MASQUERADE
author: Florian Westphal <fw@strlen.de> 2020-06-25 15:00:54 +0200
committer: Florian Westphal <fw@strlen.de> 2020-12-16 00:35:56 +0100
commit: 3122097217a6ea44709c6ec053e57097df921331 (patch)
tree: 233a20154f0217406d2769dda35335cdc07b0196 /src/shared/firewall-util.h
parent: 47ed20e1e08d800e722b05a3fb33ba6be4b48afc (diff)
download: systemd-3122097217a6ea44709c6ec053e57097df921331.tar.gz
1 files changed, 0 insertions, 25 deletions
diff --git a/src/shared/firewall-util.h b/src/shared/firewall-util.h
index f7191ba006..bb6dc5a0f0 100644
--- a/src/shared/firewall-util.h
+++ b/src/shared/firewall-util.h
@@ -6,8 +6,6 @@
 
 #include "in-addr-util.h"
 
-#if HAVE_LIBIPTC
-
 int fw_add_masquerade(
                 bool add,
                 int af,
@@ -22,26 +20,3 @@ int fw_add_local_dnat(
                 const union in_addr_union *remote,
                 uint16_t remote_port,
                 const union in_addr_union *previous_remote);
-
-#else
-
-static inline int fw_add_masquerade(
-                bool add,
-                int af,
-                const union in_addr_union *source,
-                unsigned source_prefixlen) {
-        return -EOPNOTSUPP;
-}
-
-static inline int fw_add_local_dnat(
-                bool add,
-                int af,
-                int protocol,
-                uint16_t local_port,
-                const union in_addr_union *remote,
-                uint16_t remote_port,
-                const union in_addr_union *previous_remote) {
-        return -EOPNOTSUPP;
-}
-
-#endif
author	Florian Westphal <fw@strlen.de>	2020-06-25 15:00:54 +0200
committer	Florian Westphal <fw@strlen.de>	2020-12-16 00:35:56 +0100
commit	3122097217a6ea44709c6ec053e57097df921331 (patch)
tree	233a20154f0217406d2769dda35335cdc07b0196 /src/shared/firewall-util.h
parent	47ed20e1e08d800e722b05a3fb33ba6be4b48afc (diff)
download	systemd-3122097217a6ea44709c6ec053e57097df921331.tar.gz