fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-01-05 05:40:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
32118 commits 497 branches 611 tags 231 MiB
Commit graph

10 commits

Author SHA1 Message Date
Thomas Haller
e9268e3924
firewall: add mlag firewall utils for multi chassis link aggregation (MLAG) for bonding-slb 
Add a way to configure MLAG NFT rules for SLB bonding.

OVS supports "bonding-slb" (source load balancing, [1]). This is
basically setting "mode=balance-xor" and "xmit_hash_policy=vlan+srcmac",
which requires no special switch configuration (like LACP). For that to
work, we need to filter out packets that the switch sends back on the
other port, for which we configure some NFT rules.

The rules are taken from mlag.sh at [2] or [3].

See-also: https://bugzilla.redhat.com/show_bug.cgi?id=1724795

[1] https://docs.openvswitch.org/en/latest/topics/bonding/#slb-bondin
[2] https://gitlab.com/egarver/virtual-networking
[3] https://gitlab.com/jtoppins_redhat/bond-slb-nft
 2022-10-04 12:37:41 +02:00
Thomas Haller
cfeecbedff
firewall: expose nm_firewall_nft_call() in header file 2022-09-21 10:08:52 +02:00
Thomas Haller
dc66fb7d04
firewall/trivial: rename nm_firewall_config_apply() to nm_firewall_config_apply_sync() 
Sync/blocking methods are ugly. Their name should highlight this.
Also, we may have an async variant, so we will need the "good" name
for apply() and apply_finish().
 2022-09-21 10:08:35 +02:00
Thomas Haller
7ad3fb1956
firewall/trivial: rename nm_firewall_config_new() to nm_firewall_config_new_shared() 2022-09-19 18:51:38 +02:00
Thomas Haller
e185f7966d
firewall/trivial: rename "shared"/"add" argument in firewall utils to "up" 2022-09-19 18:51:37 +02:00
Thomas Haller
a79d5e2218
firewall: add special firewall-backend "none" 2021-05-14 11:41:33 +02:00
Thomas Haller
1da1ad9c99
firewall: make firewall-backend configurable via "NetworkManager.conf" 
"iptables" and "nftables" will be supported. Currently, the code is
unused and only "iptables" is supported.
 2021-05-14 11:41:32 +02:00
Thomas Haller
aa859d85d9
firewall: rename NMUtilsShareRules to NMFirewallConfig 
It's still not a very good name, but it seems better then
NMUtilsShareRules.

Currently, NMFirewallConfig is mostly about masquerading for shared
mode. But in practice, it's a piece of configuration for something to
configure in the firewall (the NAT and filter rules).
 2021-05-07 11:42:51 +02:00
Thomas Haller
b1625697cb
firewall: move firewall code to new "nm-firewall-utils.c" file 2021-05-07 11:42:50 +02:00
Thomas Haller
e9c1d2a9dd
firewall: add new "nm-firewall-utils.[ch]" module 2021-05-07 11:42:50 +02:00