tree a2be509af0df42e3d4050a03c1f19fa69c6c36af
parent 43bb2819c5b7b783cbaceffd0e6d4b6e502a0fb5
author Pablo Neira Ayuso <pablo@netfilter.org> 1391527278 +0100
committer Pablo Neira Ayuso <pablo@netfilter.org> 1391527713 +0100

xtables: add xtables-compat-multi for the nftables compatibility layer

This patch should allow distributors to switch to the iptables over
nftables compatibility layer in a transparent way by updating
symbolic links from:

lrwxrwxrwx  1 root    root         13 feb  4 15:35 iptables -> xtables-multi

to:

lrwxrwxrwx  1 root    root         13 feb  4 15:35 iptables -> xtables-compat-multi

Same thing with iptables-save, iptables-restore, ip6tables, ip6tables-save,
ip6tables-restore and arptables.

Note that, after this patch, the following new symlinks are installed:

* iptables-compat
* iptables-compat-save
* iptables-compat-restore
* ip6tables-compat
* ip6tables-compat-save
* ip6tables-compat-restore
* arptables-compat

which point to the new binary xtables-compat-multi.

The idea is to keep both native and compatibility tools installed in the
system, which should also make it easier for testing purposes.

The iptables over nftables compatibility layer is enabled by default
and it requires the libmnl and libnftnl libraries. If you don't want to
compile the compatibility layer, you can still disable it through
--disable-nftables.

This patch also includes changes to adapt the existing code to this
approach.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>