On Tue, Oct 15, 2019 at 06:11:34PM +0200, Phil Sutter wrote: > Hi, > > On Tue, Oct 15, 2019 at 05:53:46PM +0200, Pablo Neira Ayuso wrote: > > On Tue, Oct 15, 2019 at 04:16:56PM +0200, Phil Sutter wrote: > > > By calling nftnl_set_set(), any data size checks are effectively > > > bypassed. Better call nftnl_set_set_data() directly, passing the real > > > size for validation. > > > > > > Signed-off-by: Phil Sutter <p...@nwl.cc> > > > > Acked-by: Pablo Neira Ayuso <pa...@netfilter.org> > > > > Probably attribute((deprecated)) is better so we don't forget. Anyway, > > we can probably nuke this function in the next release. > > But if we drop it, we break ABI, no? Sadly, nftables use(d) the symbol, > so we would break older nftables versions with the new libnftnl release. > > Should I send a v2 setting attribute((deprecated))? I think it's worth > doing it.
OK.
