On 02/29/2016 07:17 AM, Zheng, Wu wrote:
> Indeed I was thinking to replace iptables and not have nftables
and iptables to coexist.
Can we need to think about the compatibility for connman?
If some system don't use nftable, connman can't work well in
Unless we keep the current iptables implementation alive.
At best, can we have nftables and iptables to coexist?
Someone told me that nftables and iptables can coexist in the kernel. I
haven't really verified it.
After checked iptable-1.6.0, I found that the feature of iptable
over nftable exists in iptable-1.6.0.
I think you are referring here to the userland part of iptables and
nftables. ConnMan does not use the command line tool iptables instead we
use libxtables directly. So we don't have this kind of compatibility
To my knowledge,
can we refer to the feature of iptable over nftable in
iptables-1.6.0, we can keep the all the existed iptable functions in Connman.
And we can implement iptable over nftable for the functions in Connman,
Just following the reference of iptable over nftable in iptables.
It should not be difficult in connman and iptable over nftable has
been implemented in iptables-1.6.0
As I said we don't use the iptables command line tool to install the
rules. Also vice verse, I do not plan to use nft command line tool which
translates old iptable rules to nftable rules.
Anyway my plan was to have either iptables or nftables support enabled
at compile time. That means you need to decided which implementation you
need for you kernel. Both implementation will do the same thing (feature
Does that work for you?