| 29 Jun 2025 |
 emily | like, NM without iptables or dhcpcd is not a use case | 16:47:12 |
| emily | openconnect and dnsmasq, yes | 16:47:20 |
 hexa (clat on linux when) | iptables can absolutely go away 😄 | 16:47:34 |
 Marie | nftables by default when | 16:47:51 |
| hexa (clat on linux when) | we're using nft these days | 16:47:51 |
| emily | well, sure | 16:47:56 |
| emily | but the closure size is like zero | 16:48:00 |
| hexa (clat on linux when) | it is using the iptables-nft wrapper probabl;y | 16:48:04 |
| hexa (clat on linux when) | * it is using the iptables-nft wrapper probably | 16:48:05 |
| emily | not worth any patching | 16:48:11 |
| hexa (clat on linux when) | for the most part, yeah | 16:48:11 |
| hexa (clat on linux when) | depending on systemd is not adding anything 😄 | 16:48:18 |
| emily | like, look at that _firewall_backend_detect patch | 16:48:26 |
| emily | totally not worth it | 16:48:29 |
| hexa (clat on linux when) | nm uses its internal dhcp client by default | 16:49:34 |
| hexa (clat on linux when) | so dhcpcd can be made optional | 16:49:43 |
| emily | hmm | 16:50:13 |
| emily | fair enough | 16:50:15 |
| emily | that one does not need special patching | 16:50:42 |
| hexa (clat on linux when) | but in general more stuff should be looked up from the path | 16:50:45 |
| emily | it seems like most of it comes for free just by patching their main function | 16:50:47 |
| hexa (clat on linux when) | * but in general more stuff should be looked up from the path at runtime | 16:50:52 |
| emily | but the firewall stuff, no | 16:50:56 |
| hexa (clat on linux when) | like … when firewalling is enabled you have the ipt or nft executables in the path already | 16:51:43 |
| hexa (clat on linux when) | so just pick those | 16:51:45 |
| emily | I agree that late-binding is not the devil fwiw | 16:52:36 |
| emily | but that's an argument to have with upstream re: NFT_PATH | 16:53:00 |
| emily | and in the meantime it doesn't matter | 16:53:10 |
| emily | (but I think we agree on this) | 16:53:12 |
| hexa (clat on linux when) |
nmcli or nmtui tools pull in the NetworkManager library and use those functions to search for binaries. If you then, for example, add an openconnect VPN and try to connect, they will search for the openconnect binary in their PATH as well.
| 16:54:03 |
