path: root/doc/libnftables.adoc
diff options
authorPhil Sutter <>2018-06-18 10:11:46 +0200
committerPablo Neira Ayuso <>2018-06-18 11:18:02 +0200
commit4677971a01dc4d92087dab139428cf4eaa189536 (patch)
tree6f287f244a935755cf004f737b2b850694820871 /doc/libnftables.adoc
parent5ca7ad252366865225d5c59d297e71215b68f027 (diff)
libnftables: Simplify nft_run_cmd_from_buffer footprint
With libnftables documentation being upstream and one confirmed external user (nftlb), time to break the API! First of all, the command buffer passed to nft_run_cmd_from_buffer may (and should) be const. One should consider it a bug if that function ever changed it's content. On the other hand, there is no point in passing the buffer's length as separate argument: NULL bytes are not expected to occur in the input, so it is safe to rely upon strlen(). Also, the actual parsers don't require a buffer length passed to them, either. The only use-case for it is when reallocating the buffer to append a final newline character, there strlen() is perfectly sufficient. Suggested-by: Harald Welte <> Cc: Laura Garcia Liebana <> Cc: Eric Leblond <> Cc: Arturo Borrero Gonzalez <> Signed-off-by: Phil Sutter <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'doc/libnftables.adoc')
1 files changed, 4 insertions, 5 deletions
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index c947ef37..adfc9420 100644
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -53,8 +53,7 @@ const char *nft_ctx_get_error_buffer(struct nft_ctx* '\*ctx'*);
int nft_ctx_add_include_path(struct nft_ctx* '\*ctx'*, const char* '\*path'*);
void nft_ctx_clear_include_paths(struct nft_ctx* '\*ctx'*);
-int nft_run_cmd_from_buffer(struct nft_ctx* '\*nft'*,
- char* '\*buf'*, size_t* 'buflen'*);
+int nft_run_cmd_from_buffer(struct nft_ctx* '\*nft'*, const char* '\*buf'*);
int nft_run_cmd_from_filename(struct nft_ctx* '\*nft'*,
const char* '\*filename'*);*
@@ -244,7 +243,7 @@ The *nft_ctx_clear_include_paths*() function removes all include paths, even the
=== nft_run_cmd_from_buffer() and nft_run_cmd_from_filename()
These functions perform the actual work of parsing user input into nftables commands and executing them.
-The *nft_run_cmd_from_buffer*() function passes the command(s) contained in 'buf' with size 'buflen' to the library, respecting settings and state in 'nft'.
+The *nft_run_cmd_from_buffer*() function passes the command(s) contained in 'buf' (which must be null-terminated) to the library, respecting settings and state in 'nft'.
The *nft_run_cmd_from_filename*() function passes the content of 'filename' to the library, respecting settings and state in 'nft'.
@@ -272,7 +271,7 @@ int main(void)
while (1) {
if (nft_ctx_buffer_output(nft) ||
- nft_run_cmd_from_buffer(nft, list_cmd, strlen(list_cmd))) {
+ nft_run_cmd_from_buffer(nft, list_cmd)) {
rc = 1;
@@ -300,7 +299,7 @@ int main(void)
if (buf[0] == 'q' && buf[1] == '\0')
- if (nft_run_cmd_from_buffer(nft, buf, strlen(buf))) {
+ if (nft_run_cmd_from_buffer(nft, buf)) {
rc = 1;