diff options
| author | Phil Sutter <phil@nwl.cc> | 2018-06-18 10:11:46 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-18 11:18:02 +0200 |
| commit | 4677971a01dc4d92087dab139428cf4eaa189536 (patch) | |
| tree | 6f287f244a935755cf004f737b2b850694820871 /doc | |
| parent | 5ca7ad252366865225d5c59d297e71215b68f027 (diff) | |
libnftables: Simplify nft_run_cmd_from_buffer footprint
With libnftables documentation being upstream and one confirmed external
user (nftlb), time to break the API!
First of all, the command buffer passed to nft_run_cmd_from_buffer may
(and should) be const. One should consider it a bug if that function
ever changed it's content.
On the other hand, there is no point in passing the buffer's length as
separate argument: NULL bytes are not expected to occur in the input, so
it is safe to rely upon strlen(). Also, the actual parsers don't require
a buffer length passed to them, either. The only use-case for it is when
reallocating the buffer to append a final newline character, there
strlen() is perfectly sufficient.
Suggested-by: Harald Welte <laforge@gnumonks.org>
Cc: Laura Garcia Liebana <nevola@gmail.com>
Cc: Eric Leblond <eric@regit.org>
Cc: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/libnftables.adoc | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc index c947ef37..adfc9420 100644 --- a/doc/libnftables.adoc +++ b/doc/libnftables.adoc @@ -53,8 +53,7 @@ const char *nft_ctx_get_error_buffer(struct nft_ctx* '\*ctx'*); int nft_ctx_add_include_path(struct nft_ctx* '\*ctx'*, const char* '\*path'*); void nft_ctx_clear_include_paths(struct nft_ctx* '\*ctx'*); -int nft_run_cmd_from_buffer(struct nft_ctx* '\*nft'*, - char* '\*buf'*, size_t* 'buflen'*); +int nft_run_cmd_from_buffer(struct nft_ctx* '\*nft'*, const char* '\*buf'*); int nft_run_cmd_from_filename(struct nft_ctx* '\*nft'*, const char* '\*filename'*);* @@ -244,7 +243,7 @@ The *nft_ctx_clear_include_paths*() function removes all include paths, even the === nft_run_cmd_from_buffer() and nft_run_cmd_from_filename() These functions perform the actual work of parsing user input into nftables commands and executing them. -The *nft_run_cmd_from_buffer*() function passes the command(s) contained in 'buf' with size 'buflen' to the library, respecting settings and state in 'nft'. +The *nft_run_cmd_from_buffer*() function passes the command(s) contained in 'buf' (which must be null-terminated) to the library, respecting settings and state in 'nft'. The *nft_run_cmd_from_filename*() function passes the content of 'filename' to the library, respecting settings and state in 'nft'. @@ -272,7 +271,7 @@ int main(void) while (1) { if (nft_ctx_buffer_output(nft) || - nft_run_cmd_from_buffer(nft, list_cmd, strlen(list_cmd))) { + nft_run_cmd_from_buffer(nft, list_cmd)) { rc = 1; break; } @@ -300,7 +299,7 @@ int main(void) if (buf[0] == 'q' && buf[1] == '\0') break; - if (nft_run_cmd_from_buffer(nft, buf, strlen(buf))) { + if (nft_run_cmd_from_buffer(nft, buf)) { rc = 1; break; } |