From fc045ad1396dfd78a38f2aa88edd62acf68015d5 Mon Sep 17 00:00:00 2001
From: Albin Kerouanton <albinker@gmail.com>
Date: Mon, 11 Aug 2025 02:23:44 +0200
Subject: [PATCH] libnet/pmapi: remove firewaller arg from Map/UnmapPorts

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
---
 .../drivers/bridge/port_mapping_linux.go           |  6 +++---
 .../drivers/bridge/port_mapping_linux_test.go      |  4 ++--
 daemon/libnetwork/drvregistry/portmappers_test.go  |  4 ++--
 daemon/libnetwork/portmapperapi/api.go             |  4 ++--
 daemon/libnetwork/portmapperapi/firewaller.go      | 14 --------------
 daemon/libnetwork/portmappers/nat/mapper_linux.go  |  6 +++---
 .../portmappers/nat/mapper_linux_test.go           |  2 +-
 .../libnetwork/portmappers/routed/mapper_linux.go  |  4 ++--
 8 files changed, 15 insertions(+), 29 deletions(-)
 delete mode 100644 daemon/libnetwork/portmapperapi/firewaller.go

diff --git a/daemon/libnetwork/drivers/bridge/port_mapping_linux.go b/daemon/libnetwork/drivers/bridge/port_mapping_linux.go
index 5b52540d3e..81307cb84a 100644
--- a/daemon/libnetwork/drivers/bridge/port_mapping_linux.go
+++ b/daemon/libnetwork/drivers/bridge/port_mapping_linux.go
@@ -102,13 +102,13 @@ func (n *bridgeNetwork) mapPorts(ctx context.Context, pms *drvregistry.PortMappe
 		return nil, err
 	}
 
-	bindings, err := pm.MapPorts(ctx, reqs, n.firewallerNetwork)
+	bindings, err := pm.MapPorts(ctx, reqs)
 	if err != nil {
 		return nil, err
 	}
 	defer func() {
 		if retErr != nil {
-			if err := pm.UnmapPorts(ctx, bindings, n.firewallerNetwork); err != nil {
+			if err := pm.UnmapPorts(ctx, bindings); err != nil {
 				log.G(ctx).WithFields(log.Fields{
 					"bindings": bindings,
 					"error":    err,
@@ -413,7 +413,7 @@ func (n *bridgeNetwork) unmapPBs(ctx context.Context, bindings []portmapperapi.P
 			continue
 		}
 
-		if err := pm.UnmapPorts(ctx, []portmapperapi.PortBinding{b}, n.firewallerNetwork); err != nil {
+		if err := pm.UnmapPorts(ctx, []portmapperapi.PortBinding{b}); err != nil {
 			errs = append(errs, fmt.Errorf("unmapping port binding %s: %w", b.PortBinding, err))
 		}
 		if b.StopProxy != nil {
diff --git a/daemon/libnetwork/drivers/bridge/port_mapping_linux_test.go b/daemon/libnetwork/drivers/bridge/port_mapping_linux_test.go
index 7286523ebf..fa7e77071d 100644
--- a/daemon/libnetwork/drivers/bridge/port_mapping_linux_test.go
+++ b/daemon/libnetwork/drivers/bridge/port_mapping_linux_test.go
@@ -990,7 +990,7 @@ type stubPortMapper struct {
 	mapped []portmapperapi.PortBinding
 }
 
-func (pm *stubPortMapper) MapPorts(_ context.Context, reqs []portmapperapi.PortBindingReq, _ portmapperapi.Firewaller) ([]portmapperapi.PortBinding, error) {
+func (pm *stubPortMapper) MapPorts(_ context.Context, reqs []portmapperapi.PortBindingReq) ([]portmapperapi.PortBinding, error) {
 	if len(reqs) == 0 {
 		return []portmapperapi.PortBinding{}, nil
 	}
@@ -1002,7 +1002,7 @@ func (pm *stubPortMapper) MapPorts(_ context.Context, reqs []portmapperapi.PortB
 	return pbs, nil
 }
 
-func (pm *stubPortMapper) UnmapPorts(_ context.Context, reqs []portmapperapi.PortBinding, _ portmapperapi.Firewaller) error {
+func (pm *stubPortMapper) UnmapPorts(_ context.Context, reqs []portmapperapi.PortBinding) error {
 	for _, req := range reqs {
 		// We're only checking for the PortBinding here, not any other
 		// property of [portmapperapi.PortBinding].
diff --git a/daemon/libnetwork/drvregistry/portmappers_test.go b/daemon/libnetwork/drvregistry/portmappers_test.go
index 30c3a8a183..ad05f952c7 100644
--- a/daemon/libnetwork/drvregistry/portmappers_test.go
+++ b/daemon/libnetwork/drvregistry/portmappers_test.go
@@ -10,11 +10,11 @@ import (
 
 type fakePortMapper struct{}
 
-func (f fakePortMapper) MapPorts(_ context.Context, _ []portmapperapi.PortBindingReq, _ portmapperapi.Firewaller) ([]portmapperapi.PortBinding, error) {
+func (f fakePortMapper) MapPorts(_ context.Context, _ []portmapperapi.PortBindingReq) ([]portmapperapi.PortBinding, error) {
 	return nil, nil
 }
 
-func (f fakePortMapper) UnmapPorts(_ context.Context, _ []portmapperapi.PortBinding, _ portmapperapi.Firewaller) error {
+func (f fakePortMapper) UnmapPorts(_ context.Context, _ []portmapperapi.PortBinding) error {
 	return nil
 }
 
diff --git a/daemon/libnetwork/portmapperapi/api.go b/daemon/libnetwork/portmapperapi/api.go
index d161a068da..40531248b0 100644
--- a/daemon/libnetwork/portmapperapi/api.go
+++ b/daemon/libnetwork/portmapperapi/api.go
@@ -29,10 +29,10 @@ type PortMapper interface {
 	// When an ephemeral port, or a single port from a range is requested
 	// MapPorts should attempt a few times to find a free port available
 	// across all IP addresses.
-	MapPorts(ctx context.Context, reqs []PortBindingReq, fwn Firewaller) ([]PortBinding, error)
+	MapPorts(ctx context.Context, reqs []PortBindingReq) ([]PortBinding, error)
 
 	// UnmapPorts takes a list of port bindings to unmap.
-	UnmapPorts(ctx context.Context, pbs []PortBinding, fwn Firewaller) error
+	UnmapPorts(ctx context.Context, pbs []PortBinding) error
 }
 
 type PortBindingReq struct {
diff --git a/daemon/libnetwork/portmapperapi/firewaller.go b/daemon/libnetwork/portmapperapi/firewaller.go
deleted file mode 100644
index e09484147e..0000000000
--- a/daemon/libnetwork/portmapperapi/firewaller.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package portmapperapi
-
-import (
-	"context"
-
-	"github.com/moby/moby/v2/daemon/libnetwork/types"
-)
-
-type Firewaller interface {
-	// AddPorts adds the configuration needed for NATing ports.
-	AddPorts(ctx context.Context, pbs []types.PortBinding) error
-	// DelPorts deletes the configuration needed for NATing ports.
-	DelPorts(ctx context.Context, pbs []types.PortBinding) error
-}
diff --git a/daemon/libnetwork/portmappers/nat/mapper_linux.go b/daemon/libnetwork/portmappers/nat/mapper_linux.go
index 002ba4c8ee..aa175e018c 100644
--- a/daemon/libnetwork/portmappers/nat/mapper_linux.go
+++ b/daemon/libnetwork/portmappers/nat/mapper_linux.go
@@ -47,7 +47,7 @@ func NewPortMapper(cfg Config) PortMapper {
 // MapPorts allocates and binds host ports for the given cfg. The caller is
 // responsible for ensuring that all entries in cfg have the same proto,
 // container port, and host port range (their host addresses must differ).
-func (pm PortMapper) MapPorts(ctx context.Context, cfg []portmapperapi.PortBindingReq, fwn portmapperapi.Firewaller) (_ []portmapperapi.PortBinding, retErr error) {
+func (pm PortMapper) MapPorts(ctx context.Context, cfg []portmapperapi.PortBindingReq) (_ []portmapperapi.PortBinding, retErr error) {
 	if len(cfg) == 0 {
 		return nil, nil
 	}
@@ -64,7 +64,7 @@ func (pm PortMapper) MapPorts(ctx context.Context, cfg []portmapperapi.PortBindi
 	bindings := make([]portmapperapi.PortBinding, 0, len(cfg))
 	defer func() {
 		if retErr != nil {
-			if err := pm.UnmapPorts(ctx, bindings, fwn); err != nil {
+			if err := pm.UnmapPorts(ctx, bindings); err != nil {
 				log.G(ctx).WithFields(log.Fields{
 					"pbs":   bindings,
 					"error": err,
@@ -107,7 +107,7 @@ func (pm PortMapper) MapPorts(ctx context.Context, cfg []portmapperapi.PortBindi
 	return bindings, nil
 }
 
-func (pm PortMapper) UnmapPorts(ctx context.Context, pbs []portmapperapi.PortBinding, fwn portmapperapi.Firewaller) error {
+func (pm PortMapper) UnmapPorts(ctx context.Context, pbs []portmapperapi.PortBinding) error {
 	var errs []error
 	for _, pb := range pbs {
 		if pb.BoundSocket != nil {
diff --git a/daemon/libnetwork/portmappers/nat/mapper_linux_test.go b/daemon/libnetwork/portmappers/nat/mapper_linux_test.go
index 2edf6c0489..e5b1882841 100644
--- a/daemon/libnetwork/portmappers/nat/mapper_linux_test.go
+++ b/daemon/libnetwork/portmappers/nat/mapper_linux_test.go
@@ -30,7 +30,7 @@ func TestBindHostPortsError(t *testing.T) {
 		},
 	}
 	pm := &PortMapper{}
-	pbs, err := pm.MapPorts(context.Background(), cfg, nil)
+	pbs, err := pm.MapPorts(context.Background(), cfg)
 	assert.Check(t, is.Error(err, "port binding mismatch 80/tcp:8080-8080, 80/tcp:8080-8081"))
 	assert.Check(t, is.Nil(pbs))
 }
diff --git a/daemon/libnetwork/portmappers/routed/mapper_linux.go b/daemon/libnetwork/portmappers/routed/mapper_linux.go
index d27f51b1b2..5c4ad5d1d5 100644
--- a/daemon/libnetwork/portmappers/routed/mapper_linux.go
+++ b/daemon/libnetwork/portmappers/routed/mapper_linux.go
@@ -22,7 +22,7 @@ func NewPortMapper() PortMapper {
 
 // MapPorts returns a PortBinding for every PortBindingReq received, with Forwarding enabled for each. If a HostPort is
 // specified, it's logged and ignored.
-func (pm PortMapper) MapPorts(ctx context.Context, reqs []portmapperapi.PortBindingReq, fwn portmapperapi.Firewaller) ([]portmapperapi.PortBinding, error) {
+func (pm PortMapper) MapPorts(ctx context.Context, reqs []portmapperapi.PortBindingReq) ([]portmapperapi.PortBinding, error) {
 	if len(reqs) == 0 {
 		return nil, nil
 	}
@@ -45,6 +45,6 @@ func (pm PortMapper) MapPorts(ctx context.Context, reqs []portmapperapi.PortBind
 	return res, nil
 }
 
-func (pm PortMapper) UnmapPorts(_ context.Context, _ []portmapperapi.PortBinding, _ portmapperapi.Firewaller) error {
+func (pm PortMapper) UnmapPorts(_ context.Context, _ []portmapperapi.PortBinding) error {
 	return nil
 }