Skip to content

RDKBNETWOR-80 : Transform to Nftables from Iptables#292

Open
vsai1990 wants to merge 1 commit into
rdkcentral:developfrom
vsai1990:rdk_nft
Open

RDKBNETWOR-80 : Transform to Nftables from Iptables#292
vsai1990 wants to merge 1 commit into
rdkcentral:developfrom
vsai1990:rdk_nft

Conversation

@vsai1990
Copy link
Copy Markdown

@vsai1990 vsai1990 commented Apr 21, 2026

Reason for change:

  1. Translate all the RDKB IPtables rules to nftables
  2. write into /tmp/.nft and /tmp/.nft_v6 files and apply into netfilter
  3. all the nftables rules are added under firewall_nft dir

Test Procedure: RDKB Firewall functionality
Risks: Medium

@vsai1990 vsai1990 requested review from a team as code owners April 21, 2026 15:35
@rdkcmf-jenkins
Copy link
Copy Markdown
Contributor

rdkcmf-jenkins commented Apr 21, 2026

b'## Blackduck scan failure details

Summary: 0 violations, 0 files pending approval, 1 file pending identification.

  • Protex Server Path: /home/blackduck/github/utopia/292/rdkb/components/opensource/ccsp/Utopia

  • Commit: 7655a49

Report detail: gist'

rdkcmf-jenkins
rdkcmf-jenkins reviewed Apr 21, 2026
View reviewed changes
Comment thread source/utapi/lib/utapi.c Outdated
@rdkcmf-jenkins
Copy link
Copy Markdown
Contributor

rdkcmf-jenkins commented Apr 22, 2026

b'## WARNING: A Blackduck scan failure has been waived

A prior failure has been upvoted

  • Upvote reason: ok

  • Commit: 7655a49
    '

@vsai1990
RDKBNETWOR-80 : Transform to Nftables from Iptables
5c6e1b2 
Reason for change: 1) Translate all the RDKB IPtables rules to nftables
2) write into /tmp/.nft and /tmp/.nft_v6 files and apply into netfilter
3) all the nftables rules are added under firewall_nft dir

Test Procedure: RDKB Firewall functionality
Risks: Medium
snayak002c
snayak002c requested changes May 11, 2026
View reviewed changes
Comment thread source/utapi/lib/utapi.c
Comment on lines +7600 to +7602
if ( isNatReady )
{
v_secure_system("iptables -t nat -%c prerouting_fromwan -p tcp -m tcp -d %s --dport %s -s %s -j DNAT --to-destination %s%s",
ciptableOprationCode,natip4, external_dest_port, external_ip, toip, port_modifier);
if (atoi(nft_enable) == 0)
Copy link
Copy Markdown
Contributor

@snayak002c snayak002c May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All changes must be guarded under a distro/CFLAG. The new changes should compile only when the distro is enabled, and there should be no impact when the distro is disabled.

Comment thread source/utapi/lib/utapi.c
if (atoi(nft_enable) == 0)
{
v_secure_system("iptables -t nat -%c prerouting_fromlan -p udp -m udp -d %s --dport %s -s %s -j DNAT --to-destination %s%s",
ciptableOprationCode,lan_ipaddr, external_dest_port, external_ip, toip, port_modifier);
Copy link
Copy Markdown
Contributor

@snayak002c snayak002c May 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rdkcmf-jenkins rdkcmf-jenkins rdkcmf-jenkins left review comments

@snayak002c snayak002c snayak002c requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vsai1990 @rdkcmf-jenkins @snayak002c