diff --git a/libc-test/build.rs b/libc-test/build.rs index 2da148caa61ba..9e85d05e57cc0 100644 --- a/libc-test/build.rs +++ b/libc-test/build.rs @@ -1631,6 +1631,8 @@ fn test_android(target: &str) { "linux/netfilter/nfnetlink_log.h", "linux/netfilter/nfnetlink_queue.h", "linux/netfilter/nf_tables.h", + "linux/netfilter_arp.h", + "linux/netfilter_bridge.h", "linux/netfilter_ipv4.h", "linux/netfilter_ipv6.h", "linux/netfilter_ipv6/ip6_tables.h", @@ -3419,6 +3421,8 @@ fn test_linux(target: &str) { "linux/netfilter/nfnetlink_log.h", "linux/netfilter/nfnetlink_queue.h", "linux/netfilter/nf_tables.h", + "linux/netfilter_arp.h", + "linux/netfilter_bridge.h", "linux/netfilter_ipv4.h", "linux/netfilter_ipv6.h", "linux/netfilter_ipv6/ip6_tables.h", @@ -3935,9 +3939,15 @@ fn test_linux(target: &str) { | "MINSIGSTKSZ" if gnu => true, - // FIXME: Linux >= 5.16 changed its value: + // FIXME: Linux >= 5.10: + // https://github.com/torvalds/linux/commit/d25e2e9388eda61b6e298585024ee3355f50c493 + "NF_INET_INGRESS" if musl => true, + + // FIXME: Linux >= 5.16: // https://github.com/torvalds/linux/commit/42df6e1d221dddc0f2acf2be37e68d553ad65f96 - "NF_NETDEV_NUMHOOKS" => true, + "NF_NETDEV_EGRESS" if musl || sparc64 => true, + // value changed + "NF_NETDEV_NUMHOOKS" if musl => true, // FIXME: requires Linux >= 5.6: | "RESOLVE_BENEATH" diff --git a/libc-test/semver/android.txt b/libc-test/semver/android.txt index 5210a8a643287..8bca8a5245948 100644 --- a/libc-test/semver/android.txt +++ b/libc-test/semver/android.txt @@ -1644,8 +1644,29 @@ NFULNL_COPY_PACKET NFULNL_MSG_CONFIG NFULNL_MSG_PACKET NF_ACCEPT +NF_ARP +NF_ARP_FORWARD +NF_ARP_IN +NF_ARP_NUMHOOKS +NF_ARP_OUT +NF_BR_BROUTING +NF_BR_FORWARD +NF_BR_LOCAL_IN +NF_BR_LOCAL_OUT +NF_BR_NUMHOOKS +NF_BR_POST_ROUTING +NF_BR_PRE_ROUTING +NF_BR_PRI_BRNF +NF_BR_PRI_FILTER_BRIDGED +NF_BR_PRI_FILTER_OTHER +NF_BR_PRI_FIRST +NF_BR_PRI_LAST +NF_BR_PRI_NAT_DST_BRIDGED +NF_BR_PRI_NAT_DST_OTHER +NF_BR_PRI_NAT_SRC NF_DROP NF_INET_FORWARD +NF_INET_INGRESS NF_INET_LOCAL_IN NF_INET_LOCAL_OUT NF_INET_NUMHOOKS @@ -1667,6 +1688,7 @@ NF_IP6_PRI_MANGLE NF_IP6_PRI_NAT_DST NF_IP6_PRI_NAT_SRC NF_IP6_PRI_RAW +NF_IP6_PRI_RAW_BEFORE_DEFRAG NF_IP6_PRI_SECURITY NF_IP6_PRI_SELINUX_FIRST NF_IP6_PRI_SELINUX_LAST @@ -1687,10 +1709,12 @@ NF_IP_PRI_MANGLE NF_IP_PRI_NAT_DST NF_IP_PRI_NAT_SRC NF_IP_PRI_RAW +NF_IP_PRI_RAW_BEFORE_DEFRAG NF_IP_PRI_SECURITY NF_IP_PRI_SELINUX_FIRST NF_IP_PRI_SELINUX_LAST NF_MAX_VERDICT +NF_NETDEV_EGRESS NF_NETDEV_INGRESS NF_NETDEV_NUMHOOKS NF_QUEUE diff --git a/libc-test/semver/linux.txt b/libc-test/semver/linux.txt index 715af2dc0fadf..5691855371f66 100644 --- a/libc-test/semver/linux.txt +++ b/libc-test/semver/linux.txt @@ -1692,8 +1692,29 @@ NFULNL_COPY_PACKET NFULNL_MSG_CONFIG NFULNL_MSG_PACKET NF_ACCEPT +NF_ARP +NF_ARP_FORWARD +NF_ARP_IN +NF_ARP_NUMHOOKS +NF_ARP_OUT +NF_BR_BROUTING +NF_BR_FORWARD +NF_BR_LOCAL_IN +NF_BR_LOCAL_OUT +NF_BR_NUMHOOKS +NF_BR_POST_ROUTING +NF_BR_PRE_ROUTING +NF_BR_PRI_BRNF +NF_BR_PRI_FILTER_BRIDGED +NF_BR_PRI_FILTER_OTHER +NF_BR_PRI_FIRST +NF_BR_PRI_LAST +NF_BR_PRI_NAT_DST_BRIDGED +NF_BR_PRI_NAT_DST_OTHER +NF_BR_PRI_NAT_SRC NF_DROP NF_INET_FORWARD +NF_INET_INGRESS NF_INET_LOCAL_IN NF_INET_LOCAL_OUT NF_INET_NUMHOOKS @@ -1715,6 +1736,7 @@ NF_IP6_PRI_MANGLE NF_IP6_PRI_NAT_DST NF_IP6_PRI_NAT_SRC NF_IP6_PRI_RAW +NF_IP6_PRI_RAW_BEFORE_DEFRAG NF_IP6_PRI_SECURITY NF_IP6_PRI_SELINUX_FIRST NF_IP6_PRI_SELINUX_LAST @@ -1735,10 +1757,12 @@ NF_IP_PRI_MANGLE NF_IP_PRI_NAT_DST NF_IP_PRI_NAT_SRC NF_IP_PRI_RAW +NF_IP_PRI_RAW_BEFORE_DEFRAG NF_IP_PRI_SECURITY NF_IP_PRI_SELINUX_FIRST NF_IP_PRI_SELINUX_LAST NF_MAX_VERDICT +NF_NETDEV_EGRESS NF_QUEUE NF_REPEAT NF_STOLEN diff --git a/src/unix/linux_like/android/mod.rs b/src/unix/linux_like/android/mod.rs index ef8c2ccaa4fde..4a920f2d172b7 100644 --- a/src/unix/linux_like/android/mod.rs +++ b/src/unix/linux_like/android/mod.rs @@ -2311,9 +2311,11 @@ pub const NF_INET_FORWARD: ::c_int = 2; pub const NF_INET_LOCAL_OUT: ::c_int = 3; pub const NF_INET_POST_ROUTING: ::c_int = 4; pub const NF_INET_NUMHOOKS: ::c_int = 5; +pub const NF_INET_INGRESS: ::c_int = NF_INET_NUMHOOKS; pub const NF_NETDEV_INGRESS: ::c_int = 0; -pub const NF_NETDEV_NUMHOOKS: ::c_int = 1; +pub const NF_NETDEV_EGRESS: ::c_int = 1; +pub const NF_NETDEV_NUMHOOKS: ::c_int = 2; pub const NFPROTO_UNSPEC: ::c_int = 0; pub const NFPROTO_INET: ::c_int = 1; @@ -2325,6 +2327,31 @@ pub const NFPROTO_IPV6: ::c_int = 10; pub const NFPROTO_DECNET: ::c_int = 12; pub const NFPROTO_NUMPROTO: ::c_int = 13; +// linux/netfilter_arp.h +pub const NF_ARP: ::c_int = 0; +pub const NF_ARP_IN: ::c_int = 0; +pub const NF_ARP_OUT: ::c_int = 1; +pub const NF_ARP_FORWARD: ::c_int = 2; +pub const NF_ARP_NUMHOOKS: ::c_int = 3; + +// linux/netfilter_bridge.h +pub const NF_BR_PRE_ROUTING: ::c_int = 0; +pub const NF_BR_LOCAL_IN: ::c_int = 1; +pub const NF_BR_FORWARD: ::c_int = 2; +pub const NF_BR_LOCAL_OUT: ::c_int = 3; +pub const NF_BR_POST_ROUTING: ::c_int = 4; +pub const NF_BR_BROUTING: ::c_int = 5; +pub const NF_BR_NUMHOOKS: ::c_int = 6; + +pub const NF_BR_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_BR_PRI_NAT_DST_BRIDGED: ::c_int = -300; +pub const NF_BR_PRI_FILTER_BRIDGED: ::c_int = -200; +pub const NF_BR_PRI_BRNF: ::c_int = 0; +pub const NF_BR_PRI_NAT_DST_OTHER: ::c_int = 100; +pub const NF_BR_PRI_FILTER_OTHER: ::c_int = 200; +pub const NF_BR_PRI_NAT_SRC: ::c_int = 300; +pub const NF_BR_PRI_LAST: ::c_int = ::INT_MAX; + // linux/netfilter_ipv4.h pub const NF_IP_PRE_ROUTING: ::c_int = 0; pub const NF_IP_LOCAL_IN: ::c_int = 1; @@ -2334,6 +2361,7 @@ pub const NF_IP_POST_ROUTING: ::c_int = 4; pub const NF_IP_NUMHOOKS: ::c_int = 5; pub const NF_IP_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450; pub const NF_IP_PRI_CONNTRACK_DEFRAG: ::c_int = -400; pub const NF_IP_PRI_RAW: ::c_int = -300; pub const NF_IP_PRI_SELINUX_FIRST: ::c_int = -225; @@ -2357,6 +2385,7 @@ pub const NF_IP6_POST_ROUTING: ::c_int = 4; pub const NF_IP6_NUMHOOKS: ::c_int = 5; pub const NF_IP6_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP6_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450; pub const NF_IP6_PRI_CONNTRACK_DEFRAG: ::c_int = -400; pub const NF_IP6_PRI_RAW: ::c_int = -300; pub const NF_IP6_PRI_SELINUX_FIRST: ::c_int = -225; diff --git a/src/unix/linux_like/linux/mod.rs b/src/unix/linux_like/linux/mod.rs index ac0bb87b2ced4..d660face6d04a 100644 --- a/src/unix/linux_like/linux/mod.rs +++ b/src/unix/linux_like/linux/mod.rs @@ -3288,20 +3288,47 @@ pub const NF_INET_FORWARD: ::c_int = 2; pub const NF_INET_LOCAL_OUT: ::c_int = 3; pub const NF_INET_POST_ROUTING: ::c_int = 4; pub const NF_INET_NUMHOOKS: ::c_int = 5; +pub const NF_INET_INGRESS: ::c_int = NF_INET_NUMHOOKS; + +pub const NF_NETDEV_INGRESS: ::c_int = 0; +pub const NF_NETDEV_EGRESS: ::c_int = 1; +pub const NF_NETDEV_NUMHOOKS: ::c_int = 2; // Some NFPROTO are not compatible with musl and are defined in submodules. pub const NFPROTO_UNSPEC: ::c_int = 0; +pub const NFPROTO_INET: ::c_int = 1; pub const NFPROTO_IPV4: ::c_int = 2; pub const NFPROTO_ARP: ::c_int = 3; +pub const NFPROTO_NETDEV: ::c_int = 5; pub const NFPROTO_BRIDGE: ::c_int = 7; pub const NFPROTO_IPV6: ::c_int = 10; pub const NFPROTO_DECNET: ::c_int = 12; pub const NFPROTO_NUMPROTO: ::c_int = 13; -pub const NFPROTO_INET: ::c_int = 1; -pub const NFPROTO_NETDEV: ::c_int = 5; -pub const NF_NETDEV_INGRESS: ::c_int = 0; -pub const NF_NETDEV_NUMHOOKS: ::c_int = 1; +// linux/netfilter_arp.h +pub const NF_ARP: ::c_int = 0; +pub const NF_ARP_IN: ::c_int = 0; +pub const NF_ARP_OUT: ::c_int = 1; +pub const NF_ARP_FORWARD: ::c_int = 2; +pub const NF_ARP_NUMHOOKS: ::c_int = 3; + +// linux/netfilter_bridge.h +pub const NF_BR_PRE_ROUTING: ::c_int = 0; +pub const NF_BR_LOCAL_IN: ::c_int = 1; +pub const NF_BR_FORWARD: ::c_int = 2; +pub const NF_BR_LOCAL_OUT: ::c_int = 3; +pub const NF_BR_POST_ROUTING: ::c_int = 4; +pub const NF_BR_BROUTING: ::c_int = 5; +pub const NF_BR_NUMHOOKS: ::c_int = 6; + +pub const NF_BR_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_BR_PRI_NAT_DST_BRIDGED: ::c_int = -300; +pub const NF_BR_PRI_FILTER_BRIDGED: ::c_int = -200; +pub const NF_BR_PRI_BRNF: ::c_int = 0; +pub const NF_BR_PRI_NAT_DST_OTHER: ::c_int = 100; +pub const NF_BR_PRI_FILTER_OTHER: ::c_int = 200; +pub const NF_BR_PRI_NAT_SRC: ::c_int = 300; +pub const NF_BR_PRI_LAST: ::c_int = ::INT_MAX; // linux/netfilter_ipv4.h pub const NF_IP_PRE_ROUTING: ::c_int = 0; @@ -3312,6 +3339,7 @@ pub const NF_IP_POST_ROUTING: ::c_int = 4; pub const NF_IP_NUMHOOKS: ::c_int = 5; pub const NF_IP_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450; pub const NF_IP_PRI_CONNTRACK_DEFRAG: ::c_int = -400; pub const NF_IP_PRI_RAW: ::c_int = -300; pub const NF_IP_PRI_SELINUX_FIRST: ::c_int = -225; @@ -3335,6 +3363,7 @@ pub const NF_IP6_POST_ROUTING: ::c_int = 4; pub const NF_IP6_NUMHOOKS: ::c_int = 5; pub const NF_IP6_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP6_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450; pub const NF_IP6_PRI_CONNTRACK_DEFRAG: ::c_int = -400; pub const NF_IP6_PRI_RAW: ::c_int = -300; pub const NF_IP6_PRI_SELINUX_FIRST: ::c_int = -225;