diff --git a/libc-test/build.rs b/libc-test/build.rs index 8a06298741c52..ea3d8e8ceafc7 100644 --- a/libc-test/build.rs +++ b/libc-test/build.rs @@ -1789,6 +1789,8 @@ fn test_android(target: &str) { "linux/netfilter/nfnetlink_log.h", "linux/netfilter/nfnetlink_queue.h", "linux/netfilter/nf_tables.h", + "linux/netfilter_arp.h", + "linux/netfilter_bridge.h", "linux/netfilter_ipv4.h", "linux/netfilter_ipv6.h", "linux/netfilter_ipv6/ip6_tables.h", @@ -3592,6 +3594,8 @@ fn test_linux(target: &str) { "linux/netfilter/nfnetlink_log.h", "linux/netfilter/nfnetlink_queue.h", "linux/netfilter/nf_tables.h", + "linux/netfilter_arp.h", + "linux/netfilter_bridge.h", "linux/netfilter_ipv4.h", "linux/netfilter_ipv6.h", "linux/netfilter_ipv6/ip6_tables.h", @@ -4113,9 +4117,15 @@ fn test_linux(target: &str) { | "MINSIGSTKSZ" if gnu => true, - // FIXME: Linux >= 5.16 changed its value: + // FIXME: Linux >= 5.10: + // https://github.com/torvalds/linux/commit/d25e2e9388eda61b6e298585024ee3355f50c493 + "NF_INET_INGRESS" if musl => true, + + // FIXME: Linux >= 5.16: // https://github.com/torvalds/linux/commit/42df6e1d221dddc0f2acf2be37e68d553ad65f96 - "NF_NETDEV_NUMHOOKS" => true, + "NF_NETDEV_EGRESS" if musl || sparc64 => true, + // value changed + "NF_NETDEV_NUMHOOKS" if musl || sparc64 => true, // FIXME: requires Linux >= 5.6: | "RESOLVE_BENEATH" diff --git a/libc-test/semver/android.txt b/libc-test/semver/android.txt index b863ef50906b6..2c49d75c4466f 100644 --- a/libc-test/semver/android.txt +++ b/libc-test/semver/android.txt @@ -1689,8 +1689,29 @@ NFULNL_COPY_PACKET NFULNL_MSG_CONFIG NFULNL_MSG_PACKET NF_ACCEPT +NF_ARP +NF_ARP_FORWARD +NF_ARP_IN +NF_ARP_NUMHOOKS +NF_ARP_OUT +NF_BR_BROUTING +NF_BR_FORWARD +NF_BR_LOCAL_IN +NF_BR_LOCAL_OUT +NF_BR_NUMHOOKS +NF_BR_POST_ROUTING +NF_BR_PRE_ROUTING +NF_BR_PRI_BRNF +NF_BR_PRI_FILTER_BRIDGED +NF_BR_PRI_FILTER_OTHER +NF_BR_PRI_FIRST +NF_BR_PRI_LAST +NF_BR_PRI_NAT_DST_BRIDGED +NF_BR_PRI_NAT_DST_OTHER +NF_BR_PRI_NAT_SRC NF_DROP NF_INET_FORWARD +NF_INET_INGRESS NF_INET_LOCAL_IN NF_INET_LOCAL_OUT NF_INET_NUMHOOKS @@ -1712,6 +1733,7 @@ NF_IP6_PRI_MANGLE NF_IP6_PRI_NAT_DST NF_IP6_PRI_NAT_SRC NF_IP6_PRI_RAW +NF_IP6_PRI_RAW_BEFORE_DEFRAG NF_IP6_PRI_SECURITY NF_IP6_PRI_SELINUX_FIRST NF_IP6_PRI_SELINUX_LAST @@ -1732,10 +1754,12 @@ NF_IP_PRI_MANGLE NF_IP_PRI_NAT_DST NF_IP_PRI_NAT_SRC NF_IP_PRI_RAW +NF_IP_PRI_RAW_BEFORE_DEFRAG NF_IP_PRI_SECURITY NF_IP_PRI_SELINUX_FIRST NF_IP_PRI_SELINUX_LAST NF_MAX_VERDICT +NF_NETDEV_EGRESS NF_NETDEV_INGRESS NF_NETDEV_NUMHOOKS NF_QUEUE diff --git a/libc-test/semver/linux.txt b/libc-test/semver/linux.txt index 5b0fca57b3e11..fff447de3c8fc 100644 --- a/libc-test/semver/linux.txt +++ b/libc-test/semver/linux.txt @@ -1852,8 +1852,29 @@ NFULNL_COPY_PACKET NFULNL_MSG_CONFIG NFULNL_MSG_PACKET NF_ACCEPT +NF_ARP +NF_ARP_FORWARD +NF_ARP_IN +NF_ARP_NUMHOOKS +NF_ARP_OUT +NF_BR_BROUTING +NF_BR_FORWARD +NF_BR_LOCAL_IN +NF_BR_LOCAL_OUT +NF_BR_NUMHOOKS +NF_BR_POST_ROUTING +NF_BR_PRE_ROUTING +NF_BR_PRI_BRNF +NF_BR_PRI_FILTER_BRIDGED +NF_BR_PRI_FILTER_OTHER +NF_BR_PRI_FIRST +NF_BR_PRI_LAST +NF_BR_PRI_NAT_DST_BRIDGED +NF_BR_PRI_NAT_DST_OTHER +NF_BR_PRI_NAT_SRC NF_DROP NF_INET_FORWARD +NF_INET_INGRESS NF_INET_LOCAL_IN NF_INET_LOCAL_OUT NF_INET_NUMHOOKS @@ -1875,6 +1896,7 @@ NF_IP6_PRI_MANGLE NF_IP6_PRI_NAT_DST NF_IP6_PRI_NAT_SRC NF_IP6_PRI_RAW +NF_IP6_PRI_RAW_BEFORE_DEFRAG NF_IP6_PRI_SECURITY NF_IP6_PRI_SELINUX_FIRST NF_IP6_PRI_SELINUX_LAST @@ -1895,10 +1917,12 @@ NF_IP_PRI_MANGLE NF_IP_PRI_NAT_DST NF_IP_PRI_NAT_SRC NF_IP_PRI_RAW +NF_IP_PRI_RAW_BEFORE_DEFRAG NF_IP_PRI_SECURITY NF_IP_PRI_SELINUX_FIRST NF_IP_PRI_SELINUX_LAST NF_MAX_VERDICT +NF_NETDEV_EGRESS NF_QUEUE NF_REPEAT NF_STOLEN diff --git a/src/unix/linux_like/android/mod.rs b/src/unix/linux_like/android/mod.rs index 2829b249dd0b6..75f8a7877b617 100644 --- a/src/unix/linux_like/android/mod.rs +++ b/src/unix/linux_like/android/mod.rs @@ -2349,9 +2349,11 @@ pub const NF_INET_FORWARD: ::c_int = 2; pub const NF_INET_LOCAL_OUT: ::c_int = 3; pub const NF_INET_POST_ROUTING: ::c_int = 4; pub const NF_INET_NUMHOOKS: ::c_int = 5; +pub const NF_INET_INGRESS: ::c_int = NF_INET_NUMHOOKS; pub const NF_NETDEV_INGRESS: ::c_int = 0; -pub const NF_NETDEV_NUMHOOKS: ::c_int = 1; +pub const NF_NETDEV_EGRESS: ::c_int = 1; +pub const NF_NETDEV_NUMHOOKS: ::c_int = 2; pub const NFPROTO_UNSPEC: ::c_int = 0; pub const NFPROTO_INET: ::c_int = 1; @@ -2363,6 +2365,31 @@ pub const NFPROTO_IPV6: ::c_int = 10; pub const NFPROTO_DECNET: ::c_int = 12; pub const NFPROTO_NUMPROTO: ::c_int = 13; +// linux/netfilter_arp.h +pub const NF_ARP: ::c_int = 0; +pub const NF_ARP_IN: ::c_int = 0; +pub const NF_ARP_OUT: ::c_int = 1; +pub const NF_ARP_FORWARD: ::c_int = 2; +pub const NF_ARP_NUMHOOKS: ::c_int = 3; + +// linux/netfilter_bridge.h +pub const NF_BR_PRE_ROUTING: ::c_int = 0; +pub const NF_BR_LOCAL_IN: ::c_int = 1; +pub const NF_BR_FORWARD: ::c_int = 2; +pub const NF_BR_LOCAL_OUT: ::c_int = 3; +pub const NF_BR_POST_ROUTING: ::c_int = 4; +pub const NF_BR_BROUTING: ::c_int = 5; +pub const NF_BR_NUMHOOKS: ::c_int = 6; + +pub const NF_BR_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_BR_PRI_NAT_DST_BRIDGED: ::c_int = -300; +pub const NF_BR_PRI_FILTER_BRIDGED: ::c_int = -200; +pub const NF_BR_PRI_BRNF: ::c_int = 0; +pub const NF_BR_PRI_NAT_DST_OTHER: ::c_int = 100; +pub const NF_BR_PRI_FILTER_OTHER: ::c_int = 200; +pub const NF_BR_PRI_NAT_SRC: ::c_int = 300; +pub const NF_BR_PRI_LAST: ::c_int = ::INT_MAX; + // linux/netfilter_ipv4.h pub const NF_IP_PRE_ROUTING: ::c_int = 0; pub const NF_IP_LOCAL_IN: ::c_int = 1; @@ -2372,6 +2399,7 @@ pub const NF_IP_POST_ROUTING: ::c_int = 4; pub const NF_IP_NUMHOOKS: ::c_int = 5; pub const NF_IP_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450; pub const NF_IP_PRI_CONNTRACK_DEFRAG: ::c_int = -400; pub const NF_IP_PRI_RAW: ::c_int = -300; pub const NF_IP_PRI_SELINUX_FIRST: ::c_int = -225; @@ -2395,6 +2423,7 @@ pub const NF_IP6_POST_ROUTING: ::c_int = 4; pub const NF_IP6_NUMHOOKS: ::c_int = 5; pub const NF_IP6_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP6_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450; pub const NF_IP6_PRI_CONNTRACK_DEFRAG: ::c_int = -400; pub const NF_IP6_PRI_RAW: ::c_int = -300; pub const NF_IP6_PRI_SELINUX_FIRST: ::c_int = -225; diff --git a/src/unix/linux_like/linux/mod.rs b/src/unix/linux_like/linux/mod.rs index aa7213f77ee70..495db499b9a29 100644 --- a/src/unix/linux_like/linux/mod.rs +++ b/src/unix/linux_like/linux/mod.rs @@ -3336,20 +3336,47 @@ pub const NF_INET_FORWARD: ::c_int = 2; pub const NF_INET_LOCAL_OUT: ::c_int = 3; pub const NF_INET_POST_ROUTING: ::c_int = 4; pub const NF_INET_NUMHOOKS: ::c_int = 5; +pub const NF_INET_INGRESS: ::c_int = NF_INET_NUMHOOKS; + +pub const NF_NETDEV_INGRESS: ::c_int = 0; +pub const NF_NETDEV_EGRESS: ::c_int = 1; +pub const NF_NETDEV_NUMHOOKS: ::c_int = 2; // Some NFPROTO are not compatible with musl and are defined in submodules. pub const NFPROTO_UNSPEC: ::c_int = 0; +pub const NFPROTO_INET: ::c_int = 1; pub const NFPROTO_IPV4: ::c_int = 2; pub const NFPROTO_ARP: ::c_int = 3; +pub const NFPROTO_NETDEV: ::c_int = 5; pub const NFPROTO_BRIDGE: ::c_int = 7; pub const NFPROTO_IPV6: ::c_int = 10; pub const NFPROTO_DECNET: ::c_int = 12; pub const NFPROTO_NUMPROTO: ::c_int = 13; -pub const NFPROTO_INET: ::c_int = 1; -pub const NFPROTO_NETDEV: ::c_int = 5; -pub const NF_NETDEV_INGRESS: ::c_int = 0; -pub const NF_NETDEV_NUMHOOKS: ::c_int = 1; +// linux/netfilter_arp.h +pub const NF_ARP: ::c_int = 0; +pub const NF_ARP_IN: ::c_int = 0; +pub const NF_ARP_OUT: ::c_int = 1; +pub const NF_ARP_FORWARD: ::c_int = 2; +pub const NF_ARP_NUMHOOKS: ::c_int = 3; + +// linux/netfilter_bridge.h +pub const NF_BR_PRE_ROUTING: ::c_int = 0; +pub const NF_BR_LOCAL_IN: ::c_int = 1; +pub const NF_BR_FORWARD: ::c_int = 2; +pub const NF_BR_LOCAL_OUT: ::c_int = 3; +pub const NF_BR_POST_ROUTING: ::c_int = 4; +pub const NF_BR_BROUTING: ::c_int = 5; +pub const NF_BR_NUMHOOKS: ::c_int = 6; + +pub const NF_BR_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_BR_PRI_NAT_DST_BRIDGED: ::c_int = -300; +pub const NF_BR_PRI_FILTER_BRIDGED: ::c_int = -200; +pub const NF_BR_PRI_BRNF: ::c_int = 0; +pub const NF_BR_PRI_NAT_DST_OTHER: ::c_int = 100; +pub const NF_BR_PRI_FILTER_OTHER: ::c_int = 200; +pub const NF_BR_PRI_NAT_SRC: ::c_int = 300; +pub const NF_BR_PRI_LAST: ::c_int = ::INT_MAX; // linux/netfilter_ipv4.h pub const NF_IP_PRE_ROUTING: ::c_int = 0; @@ -3360,6 +3387,7 @@ pub const NF_IP_POST_ROUTING: ::c_int = 4; pub const NF_IP_NUMHOOKS: ::c_int = 5; pub const NF_IP_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450; pub const NF_IP_PRI_CONNTRACK_DEFRAG: ::c_int = -400; pub const NF_IP_PRI_RAW: ::c_int = -300; pub const NF_IP_PRI_SELINUX_FIRST: ::c_int = -225; @@ -3383,6 +3411,7 @@ pub const NF_IP6_POST_ROUTING: ::c_int = 4; pub const NF_IP6_NUMHOOKS: ::c_int = 5; pub const NF_IP6_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP6_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450; pub const NF_IP6_PRI_CONNTRACK_DEFRAG: ::c_int = -400; pub const NF_IP6_PRI_RAW: ::c_int = -300; pub const NF_IP6_PRI_SELINUX_FIRST: ::c_int = -225;