jleung/libnftables-dotnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handle empty successful snapshot output in high-level client

Browse Source
This commit is contained in:
Vibe Myass
2026-03-11 01:52:57 +00:00
parent 05fda54da2
commit 775bb7813d
1 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/LibNftables/NftablesClient.cs
View File

@@ -77,10 +77,21 @@ public sealed class NftablesClient : INftablesClient
NftApplyRequest request = NftApplyRequest.FromText(_options.SnapshotCommandText, dryRun: false);
CommandExecutionResult result = Execute(request, forceDryRun: null, ct);
string snapshotText = result.Output ?? string.Empty;
string errorText = result.Error ?? string.Empty;
if (string.IsNullOrWhiteSpace(snapshotText))
{
throw new NftException("Snapshot returned an empty ruleset output.", nativeErrorOutput: result.Error);
if (ContainsAny(errorText, "Operation not permitted", "Permission denied", "CAP_NET_ADMIN"))
{
throw new NftPermissionException("Snapshot requires elevated privileges.", 0, result.Error);
}
if (!string.IsNullOrWhiteSpace(errorText))
{
throw new NftException("Snapshot returned an empty ruleset output.", nativeErrorOutput: result.Error);
}
snapshotText = "flush ruleset";
}
return new NftSnapshot(snapshotText, System.DateTimeOffset.UtcNow);
@@ -175,5 +186,23 @@ public sealed class NftablesClient : INftablesClient
}
}
private static bool ContainsAny(string value, params string[] candidates)
{
if (string.IsNullOrWhiteSpace(value))
{
return false;
}
foreach (string candidate in candidates)
{
if (value.Contains(candidate, System.StringComparison.OrdinalIgnoreCase))
{
return true;
}
}
return false;
}
private sealed record CommandExecutionResult(string? Output, string? Error);
}