jleung/libnftables-dotnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
458494221e978d1ffd8889a1fa430eec54cf94b0
libnftables-dotnet/README.md
Vibe Myass 458494221e Improve testability, packaging, and docs
2026-03-16 03:45:00 +00:00

137 lines
3.2 KiB
Markdown
Raw Blame History

# libnftables-dotnet
`libnftables-dotnet` is a command-centric .NET wrapper over system-installed `libnftables`, with low-level SWIG-generated bindings and a small managed API for common workflows.
## Current Scope
This library is intentionally narrow.
- High-level managed API:
- `Validate`
- `Apply`
- `Snapshot`
- `Restore`
- Low-level managed wrapper:
- `NftContext` for direct control over flags, buffering, include paths, variables, and command execution
Non-goals for the current release:
- Typed .NET models for tables, chains, rules, sets, or maps
- Event monitoring or subscriptions
- Cross-platform support beyond Linux x64
## Runtime Support
Native operations currently support:
- Linux only
- x64 only
- System-installed `libnftables`
The package includes the generated Linux x64 native wrapper, but it still depends on the host system providing `libnftables`.
## Requirements
- Linux
- `libnftables` headers and shared library installed
- `gcc`
- .NET SDK 10+
- `swig` only if you regenerate bindings
On Debian/Ubuntu-like systems, the runtime dependency is typically installed from the system package repository. Exact package names can vary by distro.
## Build
```bash
dotnet build
```
`dotnet build` compiles the native SWIG wrapper (`libLibNftablesBindings.so`) from the checked-in generated C wrapper code.
## Test
```bash
dotnet test LibNftables.slnx
```
The test suite contains:
- Managed/unit tests that do not require a native runtime
- Native integration tests that self-gate when `libnftables` is unavailable
- Capability-dependent tests that only run when `CAP_NET_ADMIN` is available
## High-Level Example
```csharp
using LibNftables;
INftablesClient client = new NftablesClient();
var validation = client.Validate(NftApplyRequest.FromText("add table inet my_table"));
if (validation.IsValid)
{
client.Apply(NftApplyRequest.FromText("add table inet my_table"));
}
```
## Low-Level Example
```csharp
using LibNftables;
using var context = new NftContext();
context.DryRun = true;
context.BufferOutput();
context.BufferError();
context.RunCommand("add table inet demo");
string? output = context.GetOutputBuffer();
string? error = context.GetErrorBuffer();
```
## Troubleshooting
### `NftNativeLoadException`
This usually means one of these is missing or incompatible:
- the bundled wrapper `libLibNftablesBindings.so`
- the host `libnftables` shared library
- Linux x64 runtime compatibility
### `NftUnsupportedException`
This is expected on:
- non-Linux hosts
- non-x64 processes
### `NftPermissionException`
Some operations require elevated privileges or `CAP_NET_ADMIN`, especially when interacting with the live ruleset.
### Validation failures
`Validate` returns `IsValid = false` for invalid nft syntax. `Apply` and `Restore` throw when the request shape is invalid or native parsing fails.
## Bindings and Regeneration
- Native wrapper build only:
```bash
./eng/build-native.sh
```
- Regenerate SWIG bindings:
```bash
./eng/regen-bindings.sh
```
Low-level generated binding reference:
- `docs/low-level-bindings-reference.md`
Generated SWIG files under `src/LibNftables.Bindings/Generated/` are generated artifacts and should not be edited by hand.
Reference in New Issue View Git Blame Copy Permalink