On Tue, Oct 15, 2019 at 06:32:39PM +0200, Pablo Neira Ayuso wrote: > On Tue, Oct 15, 2019 at 06:11:34PM +0200, Phil Sutter wrote: > > Hi, > > > > On Tue, Oct 15, 2019 at 05:53:46PM +0200, Pablo Neira Ayuso wrote: > > > On Tue, Oct 15, 2019 at 04:16:56PM +0200, Phil Sutter wrote: > > > > By calling nftnl_set_set(), any data size checks are effectively > > > > bypassed. Better call nftnl_set_set_data() directly, passing the real > > > > size for validation. > > > > > > > > Signed-off-by: Phil Sutter <phil@xxxxxx> > > > > > > Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > > > > > > Probably attribute((deprecated)) is better so we don't forget. Anyway, > > > we can probably nuke this function in the next release. > > > > But if we drop it, we break ABI, no? Sadly, nftables use(d) the symbol, > > so we would break older nftables versions with the new libnftnl release. > > > > Should I send a v2 setting attribute((deprecated))? I think it's worth > > doing it. > > OK. Well, given that there are more cases like this (e.g. nftnl_obj_set()), I'll just drop the comment from existing patch and follow-up with a separate one deprecating all unqualified setter symbols at once. Cheers, Phil
