Portal:DeveloperDocs/Development environment

From nftables wiki
Jump to navigation Jump to search

Setting up a proper development environment is key to success when trying to write any code. In the case of the Netfilter project, software will interact network and the kernel itself, so special care should be taken.

Our software is mostly written in C language, so the proper tooling/toolchains should be present.

Source code

To download the source code, use git clone with repositories at http://git.netfilter.org/.

Take dependencies into account. For example, to work with nftables you will need:

  • libnftnl source code from git
  • nftables source code from git

To work with conntrack-tools, you will need:

  • libnetfilter-conntrack
  • libnetfilter-cttimeout
  • libnetfilter-cthelper
  • libnetfilter-queue
  • libsystemd
  • conntrack-tools

You may discover additional dependencies by looking at the configure.ac script contained into each source code tree from git.

To work with the Linux kernel, you will need to download the sources from nf-next. This is where the development happens for the next Linux kernel release.

You may find the nf-next branch and other related repositories at:



This is the bare minimum bits you should have, but take into account that these could be discussed, as different developers have different environments.

  • git: our code uses git
  • gcc: the GNU C compiler
  • virtual machine: to isolate all your new code and tests in a VM, so you don't destroy your actual hardware by mistake. Specially when working with custom kernels
  • automake, autoconf, autotools-dev, libtool and friends: to build the projects
  • pkg-config: for libraries, like libnftnl or libmnl
  • valgrind: this utility collects data about memory usage and reports memory leaks and memory-related crashes
  • gdb: this utility can print the stack trace of functions inside programs. You would need debugging symbols to know function names
  • strace: this tool reports the syscalls that any program does
  • tcpdump: this can help in determining what's happening with network packets/flows in the kernel
  • stgit: (optional) tool to work with series of patches

In Debian systems, you could probably start by installing the 'build-essential' package.

First builds

For userspace programs (like nftables), start by building and installing the dependencies:

  • libnftnl: $ ./autogen.sh && ./configure && make -j8 && sudo make install
  • nftables: $ ./autogen.sh && ./configure && make -j8 && sudo make install

If all was OK, both libnftnl and nftables should be installed into /usr/local/. If something went wrong, you should read the output (usually really verbose) and try to figure out how to address the issue (probably, a missing package or dependency).

See also

Valuable additional information: