libnftables: Simplify nft_run_cmd_from_buffer footprint

With libnftables documentation being upstream and one confirmed external
user (nftlb), time to break the API!

First of all, the command buffer passed to nft_run_cmd_from_buffer may
(and should) be const. One should consider it a bug if that function
ever changed it's content.

On the other hand, there is no point in passing the buffer's length as
separate argument: NULL bytes are not expected to occur in the input, so
it is safe to rely upon strlen(). Also, the actual parsers don't require
a buffer length passed to them, either. The only use-case for it is when
reallocating the buffer to append a final newline character, there
strlen() is perfectly sufficient.

Suggested-by: Harald Welte <laforge@gnumonks.org>
Cc: Laura Garcia Liebana <nevola@gmail.com>
Cc: Eric Leblond <eric@regit.org>
Cc: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/doc/libnftables.adoc b/doc/libnftables.adoc
index c947ef37f8f1d9ce2d219d4d1ed4d595561a501d..adfc94205a8a54793764c19874ba64e27830ea80 100644 (file)
--- a/doc/libnftables.adoc
+++ b/doc/libnftables.adoc
@@ -53,8 +53,7 @@ const char *nft_ctx_get_error_buffer(struct nft_ctx* '\*ctx'*);
 int nft_ctx_add_include_path(struct nft_ctx* '\*ctx'*, const char* '\*path'*);
 void nft_ctx_clear_include_paths(struct nft_ctx* '\*ctx'*);
 
-int nft_run_cmd_from_buffer(struct nft_ctx* '\*nft'*,
-                           char* '\*buf'*, size_t* 'buflen'*);
+int nft_run_cmd_from_buffer(struct nft_ctx* '\*nft'*, const char* '\*buf'*);
 int nft_run_cmd_from_filename(struct nft_ctx* '\*nft'*,
                              const char* '\*filename'*);*
 
@@ -244,7 +243,7 @@ The *nft_ctx_clear_include_paths*() function removes all include paths, even the
 === nft_run_cmd_from_buffer() and nft_run_cmd_from_filename()
 These functions perform the actual work of parsing user input into nftables commands and executing them.
 
-The *nft_run_cmd_from_buffer*() function passes the command(s) contained in 'buf' with size 'buflen' to the library, respecting settings and state in 'nft'.
+The *nft_run_cmd_from_buffer*() function passes the command(s) contained in 'buf' (which must be null-terminated) to the library, respecting settings and state in 'nft'.
 
 The *nft_run_cmd_from_filename*() function passes the content of 'filename' to the library, respecting settings and state in 'nft'.
 
@@ -272,7 +271,7 @@ int main(void)
 
        while (1) {
                if (nft_ctx_buffer_output(nft) ||
-                   nft_run_cmd_from_buffer(nft, list_cmd, strlen(list_cmd))) {
+                   nft_run_cmd_from_buffer(nft, list_cmd)) {
                        rc = 1;
                        break;
                }
@@ -300,7 +299,7 @@ int main(void)
                if (buf[0] == 'q' && buf[1] == '\0')
                        break;
 
-               if (nft_run_cmd_from_buffer(nft, buf, strlen(buf))) {
+               if (nft_run_cmd_from_buffer(nft, buf)) {
                        rc = 1;
                        break;
                }

diff --git a/include/json.h b/include/json.h
index 0a93bca8d9eadf3de2fb8bed7dc95738e00864be..b75512b8475fb68ea9717e895005e37daedca294 100644 (file)
--- a/include/json.h
+++ b/include/json.h
@@ -78,7 +78,7 @@ json_t *connlimit_stmt_json(const struct stmt *stmt, struct output_ctx *octx);
 
 int do_command_list_json(struct netlink_ctx *ctx, struct cmd *cmd);
 
-int nft_parse_json_buffer(struct nft_ctx *nft, char *buf, size_t buflen,
+int nft_parse_json_buffer(struct nft_ctx *nft, const char *buf,
                          struct list_head *msgs, struct list_head *cmds);
 int nft_parse_json_filename(struct nft_ctx *nft, const char *filename,
                            struct list_head *msgs, struct list_head *cmds);
@@ -168,11 +168,12 @@ static inline int do_command_list_json(struct netlink_ctx *ctx, struct cmd *cmd)
 }
 
 static inline int
-nft_parse_json_buffer(struct nft_ctx *nft, char *buf, size_t buflen,
+nft_parse_json_buffer(struct nft_ctx *nft, const char *buf,
                      struct list_head *msgs, struct list_head *cmds)
 {
        return -EINVAL;
 }
+
 static inline int
 nft_parse_json_filename(struct nft_ctx *nft, const char *filename,
                        struct list_head *msgs, struct list_head *cmds)

diff --git a/include/nftables/libnftables.h b/include/nftables/libnftables.h
index 4bfdaf9a26885817e480f51aa5e085940a8eebb9..13ec39273581645c2523da4f7f58604e11510c5a 100644 (file)
--- a/include/nftables/libnftables.h
+++ b/include/nftables/libnftables.h
@@ -71,7 +71,7 @@ const char *nft_ctx_get_error_buffer(struct nft_ctx *ctx);
 int nft_ctx_add_include_path(struct nft_ctx *ctx, const char *path);
 void nft_ctx_clear_include_paths(struct nft_ctx *ctx);
 
-int nft_run_cmd_from_buffer(struct nft_ctx *nft, char *buf, size_t buflen);
+int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf);
 int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename);
 
 #endif /* LIB_NFTABLES_H */

diff --git a/py/nftables.py b/py/nftables.py
index 47ff14afc97414960675cb89e40687587ab6938e..e6e66fb776be72701de288310e3c473baa458c99 100644 (file)
--- a/py/nftables.py
+++ b/py/nftables.py
@@ -100,7 +100,7 @@ class Nftables:
 
         self.nft_run_cmd_from_buffer = lib.nft_run_cmd_from_buffer
         self.nft_run_cmd_from_buffer.restype = c_int
-        self.nft_run_cmd_from_buffer.argtypes = [c_void_p, c_char_p, c_int]
+        self.nft_run_cmd_from_buffer.argtypes = [c_void_p, c_char_p]
 
         self.nft_ctx_free = lib.nft_ctx_free
         lib.nft_ctx_free.argtypes = [c_void_p]
@@ -267,7 +267,7 @@ class Nftables:
         output -- a string containing output written to stdout
         error  -- a string containing output written to stderr
         """
-        rc = self.nft_run_cmd_from_buffer(self.__ctx, cmdline, len(cmdline))
+        rc = self.nft_run_cmd_from_buffer(self.__ctx, cmdline)
         output = self.nft_ctx_get_output_buffer(self.__ctx)
         error = self.nft_ctx_get_error_buffer(self.__ctx)
 

diff --git a/src/Makefile.am b/src/Makefile.am
index a4ad8cb31236bd876e017d89cb37dbc96fd9331e..92ac61a6044e6dbdc3552e48bcc88ff4d8236747 100644 (file)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -70,6 +70,7 @@ libparser_la_CFLAGS = ${AM_CFLAGS} \
                      -Wno-redundant-decls
 
 libnftables_la_LIBADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} libparser.la
+libnftables_la_LDFLAGS = -version-info 1:0:0
 
 if BUILD_MINIGMP
 noinst_LTLIBRARIES += libminigmp.la

diff --git a/src/cli.c b/src/cli.c
index 241ea0105512fa508cb7fec5206b2db02fa8c31f..ca3869abe335fc25e01e384964c56f169e456503 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -110,7 +110,7 @@ static void cli_complete(char *line)
        if (hist == NULL || strcmp(hist->line, line))
                add_history(line);
 
-       nft_run_cmd_from_buffer(cli_nft, line, strlen(line) + 1);
+       nft_run_cmd_from_buffer(cli_nft, line);
        xfree(line);
 }
 

diff --git a/src/libnftables.c b/src/libnftables.c
index dda986ca27eade620d391d1525bb9dd27a9215ec..9a97a3c5342fa3d0356488bb39096ec95d6e640b 100644 (file)
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -396,7 +396,7 @@ static const struct input_descriptor indesc_cmdline = {
        .name   = "<cmdline>",
 };
 
-static int nft_parse_bison_buffer(struct nft_ctx *nft, char *buf, size_t buflen,
+static int nft_parse_bison_buffer(struct nft_ctx *nft, const char *buf,
                                  struct list_head *msgs, struct list_head *cmds)
 {
        struct cmd *cmd;
@@ -438,23 +438,21 @@ static int nft_parse_bison_filename(struct nft_ctx *nft, const char *filename,
        return 0;
 }
 
-int nft_run_cmd_from_buffer(struct nft_ctx *nft, char *buf, size_t buflen)
+int nft_run_cmd_from_buffer(struct nft_ctx *nft, const char *buf)
 {
        struct cmd *cmd, *next;
        LIST_HEAD(msgs);
        LIST_HEAD(cmds);
-       size_t nlbuflen;
        char *nlbuf;
        int rc = -EINVAL;
 
-       nlbuflen = max(buflen + 1, strlen(buf) + 2);
-       nlbuf = xzalloc(nlbuflen);
-       snprintf(nlbuf, nlbuflen, "%s\n", buf);
+       nlbuf = xzalloc(strlen(buf) + 2);
+       sprintf(nlbuf, "%s\n", buf);
 
        if (nft->output.json)
-               rc = nft_parse_json_buffer(nft, nlbuf, nlbuflen, &msgs, &cmds);
+               rc = nft_parse_json_buffer(nft, nlbuf, &msgs, &cmds);
        if (rc == -EINVAL)
-               rc = nft_parse_bison_buffer(nft, nlbuf, nlbuflen, &msgs, &cmds);
+               rc = nft_parse_bison_buffer(nft, nlbuf, &msgs, &cmds);
        if (rc)
                goto err;
 

diff --git a/src/main.c b/src/main.c
index f36159744744a44b41b4233863c455c81c724079..b2966a41e14f6f12cc9c8dc1021545edbd986222 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -279,7 +279,7 @@ int main(int argc, char * const *argv)
                        if (i + 1 < argc)
                                strcat(buf, " ");
                }
-               rc = !!nft_run_cmd_from_buffer(nft, buf, len);
+               rc = !!nft_run_cmd_from_buffer(nft, buf);
        } else if (filename != NULL) {
                rc = !!nft_run_cmd_from_filename(nft, filename);
        } else if (interactive) {

diff --git a/src/parser_json.c b/src/parser_json.c
index 2fd0ef832bd0e46df45d33ce4bcc8a4a1bce6dee..8f29aaf71f13643967ac180a27bf8bdaaa9d1d63 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -3120,7 +3120,7 @@ static int __json_parse(struct json_ctx *ctx, json_t *root)
 }
 
 
-int nft_parse_json_buffer(struct nft_ctx *nft, char *buf, size_t buflen,
+int nft_parse_json_buffer(struct nft_ctx *nft, const char *buf,
                          struct list_head *msgs, struct list_head *cmds)
 {
        struct json_ctx ctx = {