From 38fb0dd10c612309723d7001d9de8ec33104a2ec Mon Sep 17 00:00:00 2001
From: Rob Murray <rob.murray@docker.com>
Date: Fri, 26 Sep 2025 13:33:40 +0000
Subject: [PATCH] Add build tag "no_libnftables"

With this tag, a dynamically linked binary will exec
the nft tool instead of using cgo to call libnftables
directly.

Signed-off-by: Rob Murray <rob.murray@docker.com>
---
 daemon/libnetwork/internal/nftables/nft_cgo_linux.go  | 2 +-
 daemon/libnetwork/internal/nftables/nft_exec_linux.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/daemon/libnetwork/internal/nftables/nft_cgo_linux.go b/daemon/libnetwork/internal/nftables/nft_cgo_linux.go
index 7bdac59001..b996e309bd 100644
--- a/daemon/libnetwork/internal/nftables/nft_cgo_linux.go
+++ b/daemon/libnetwork/internal/nftables/nft_cgo_linux.go
@@ -1,4 +1,4 @@
-//go:build cgo && !static_build
+//go:build cgo && !static_build && !no_libnftables
 
 package nftables
 
diff --git a/daemon/libnetwork/internal/nftables/nft_exec_linux.go b/daemon/libnetwork/internal/nftables/nft_exec_linux.go
index 87409c4f44..dd9432a35d 100644
--- a/daemon/libnetwork/internal/nftables/nft_exec_linux.go
+++ b/daemon/libnetwork/internal/nftables/nft_exec_linux.go
@@ -1,4 +1,4 @@
-//go:build !cgo || static_build
+//go:build !cgo || static_build || no_libnftables
 
 package nftables