From 750fcf5c5a2820c477683be50107fa10728bb506 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Linus=20F=C3=A4rnstrand?= Date: Sun, 25 Feb 2018 22:41:50 +0100 Subject: [PATCH] Add missing netfilter constants Was able to move some of them up one level so they are valid on more platforms with less duplication --- libc-test/build.rs | 1 + src/unix/notbsd/android/mod.rs | 47 ++++++++++++++++++ src/unix/notbsd/linux/mips/mod.rs | 6 +++ src/unix/notbsd/linux/mod.rs | 78 ++++++++++++++++++++++++++++++ src/unix/notbsd/linux/other/mod.rs | 31 +----------- 5 files changed, 133 insertions(+), 30 deletions(-) diff --git a/libc-test/build.rs b/libc-test/build.rs index 92865f04..dedbc5a7 100644 --- a/libc-test/build.rs +++ b/libc-test/build.rs @@ -245,6 +245,7 @@ fn main() { cfg.header("linux/netlink.h"); cfg.header("linux/genetlink.h"); cfg.header("linux/netfilter_ipv4.h"); + cfg.header("linux/netfilter_ipv6.h"); cfg.header("linux/fs.h"); } if !musl { diff --git a/src/unix/notbsd/android/mod.rs b/src/unix/notbsd/android/mod.rs index 0504699b..e69e0aee 100644 --- a/src/unix/notbsd/android/mod.rs +++ b/src/unix/notbsd/android/mod.rs @@ -1001,6 +1001,7 @@ pub const O_TMPFILE: ::c_int = 0o20000000 | O_DIRECTORY; pub const MFD_CLOEXEC: ::c_uint = 0x0001; pub const MFD_ALLOW_SEALING: ::c_uint = 0x0002; +// linux/netfilter.h pub const NF_DROP: ::c_int = 0; pub const NF_ACCEPT: ::c_int = 1; pub const NF_STOLEN: ::c_int = 2; @@ -1037,6 +1038,52 @@ pub const NFPROTO_IPV6: ::c_int = 10; pub const NFPROTO_DECNET: ::c_int = 12; pub const NFPROTO_NUMPROTO: ::c_int = 13; +// linux/netfilter_ipv4.h +pub const NF_IP_PRE_ROUTING: ::c_int = 0; +pub const NF_IP_LOCAL_IN: ::c_int = 1; +pub const NF_IP_FORWARD: ::c_int = 2; +pub const NF_IP_LOCAL_OUT: ::c_int = 3; +pub const NF_IP_POST_ROUTING: ::c_int = 4; +pub const NF_IP_NUMHOOKS: ::c_int = 5; + +pub const NF_IP_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP_PRI_CONNTRACK_DEFRAG: ::c_int = -400; +pub const NF_IP_PRI_RAW: ::c_int = -300; +pub const NF_IP_PRI_SELINUX_FIRST: ::c_int = -225; +pub const NF_IP_PRI_CONNTRACK: ::c_int = -200; +pub const NF_IP_PRI_MANGLE: ::c_int = -150; +pub const NF_IP_PRI_NAT_DST: ::c_int = -100; +pub const NF_IP_PRI_FILTER: ::c_int = 0; +pub const NF_IP_PRI_SECURITY: ::c_int = 50; +pub const NF_IP_PRI_NAT_SRC: ::c_int = 100; +pub const NF_IP_PRI_SELINUX_LAST: ::c_int = 225; +pub const NF_IP_PRI_CONNTRACK_HELPER: ::c_int = 300; +pub const NF_IP_PRI_CONNTRACK_CONFIRM: ::c_int = ::INT_MAX; +pub const NF_IP_PRI_LAST: ::c_int = ::INT_MAX; + +// linux/netfilter_ipv6.h +pub const NF_IP6_PRE_ROUTING: ::c_int = 0; +pub const NF_IP6_LOCAL_IN: ::c_int = 1; +pub const NF_IP6_FORWARD: ::c_int = 2; +pub const NF_IP6_LOCAL_OUT: ::c_int = 3; +pub const NF_IP6_POST_ROUTING: ::c_int = 4; +pub const NF_IP6_NUMHOOKS: ::c_int = 5; + +pub const NF_IP6_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP6_PRI_CONNTRACK_DEFRAG: ::c_int = -400; +pub const NF_IP6_PRI_RAW: ::c_int = -300; +pub const NF_IP6_PRI_SELINUX_FIRST: ::c_int = -225; +pub const NF_IP6_PRI_CONNTRACK: ::c_int = -200; +pub const NF_IP6_PRI_MANGLE: ::c_int = -150; +pub const NF_IP6_PRI_NAT_DST: ::c_int = -100; +pub const NF_IP6_PRI_FILTER: ::c_int = 0; +pub const NF_IP6_PRI_SECURITY: ::c_int = 50; +pub const NF_IP6_PRI_NAT_SRC: ::c_int = 100; +pub const NF_IP6_PRI_SELINUX_LAST: ::c_int = 225; +pub const NF_IP6_PRI_CONNTRACK_HELPER: ::c_int = 300; +pub const NF_IP6_PRI_LAST: ::c_int = ::INT_MAX; + +// linux/netfilter/nf_tables.h pub const NFT_TABLE_MAXNAMELEN: ::c_int = 32; pub const NFT_CHAIN_MAXNAMELEN: ::c_int = 32; pub const NFT_SET_MAXNAMELEN: ::c_int = 32; diff --git a/src/unix/notbsd/linux/mips/mod.rs b/src/unix/notbsd/linux/mips/mod.rs index ac4f3b42..13febedb 100644 --- a/src/unix/notbsd/linux/mips/mod.rs +++ b/src/unix/notbsd/linux/mips/mod.rs @@ -700,6 +700,12 @@ pub const EHWPOISON: ::c_int = 168; pub const SIGEV_THREAD_ID: ::c_int = 4; pub const EPOLLWAKEUP: ::c_int = 0x20000000; +pub const NF_NETDEV_INGRESS: ::c_int = 0; +pub const NF_NETDEV_NUMHOOKS: ::c_int = 1; + +pub const NFPROTO_INET: ::c_int = 1; +pub const NFPROTO_NETDEV: ::c_int = 5; + pub const NLA_ALIGNTO: ::c_int = 4; pub const GENL_UNS_ADMIN_PERM: ::c_int = 0x10; diff --git a/src/unix/notbsd/linux/mod.rs b/src/unix/notbsd/linux/mod.rs index 25f7ed3b..33c39762 100644 --- a/src/unix/notbsd/linux/mod.rs +++ b/src/unix/notbsd/linux/mod.rs @@ -1316,6 +1316,84 @@ pub const CTRL_ATTR_MCAST_GRP_UNSPEC: ::c_int = 0; pub const CTRL_ATTR_MCAST_GRP_NAME: ::c_int = 1; pub const CTRL_ATTR_MCAST_GRP_ID: ::c_int = 2; +// linux/netfilter.h +pub const NF_DROP: ::c_int = 0; +pub const NF_ACCEPT: ::c_int = 1; +pub const NF_STOLEN: ::c_int = 2; +pub const NF_QUEUE: ::c_int = 3; +pub const NF_REPEAT: ::c_int = 4; +pub const NF_STOP: ::c_int = 5; +pub const NF_MAX_VERDICT: ::c_int = NF_STOP; + +pub const NF_VERDICT_MASK: ::c_int = 0x000000ff; +pub const NF_VERDICT_FLAG_QUEUE_BYPASS: ::c_int = 0x00008000; + +pub const NF_VERDICT_QMASK: ::c_int = 0xffff0000; +pub const NF_VERDICT_QBITS: ::c_int = 16; + +pub const NF_VERDICT_BITS: ::c_int = 16; + +pub const NF_INET_PRE_ROUTING: ::c_int = 0; +pub const NF_INET_LOCAL_IN: ::c_int = 1; +pub const NF_INET_FORWARD: ::c_int = 2; +pub const NF_INET_LOCAL_OUT: ::c_int = 3; +pub const NF_INET_POST_ROUTING: ::c_int = 4; +pub const NF_INET_NUMHOOKS: ::c_int = 5; + +// Some NFPROTO are not compatible with musl and are defined in submodules. +pub const NFPROTO_UNSPEC: ::c_int = 0; +pub const NFPROTO_IPV4: ::c_int = 2; +pub const NFPROTO_ARP: ::c_int = 3; +pub const NFPROTO_BRIDGE: ::c_int = 7; +pub const NFPROTO_IPV6: ::c_int = 10; +pub const NFPROTO_DECNET: ::c_int = 12; +pub const NFPROTO_NUMPROTO: ::c_int = 13; + +// linux/netfilter_ipv4.h +pub const NF_IP_PRE_ROUTING: ::c_int = 0; +pub const NF_IP_LOCAL_IN: ::c_int = 1; +pub const NF_IP_FORWARD: ::c_int = 2; +pub const NF_IP_LOCAL_OUT: ::c_int = 3; +pub const NF_IP_POST_ROUTING: ::c_int = 4; +pub const NF_IP_NUMHOOKS: ::c_int = 5; + +pub const NF_IP_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP_PRI_CONNTRACK_DEFRAG: ::c_int = -400; +pub const NF_IP_PRI_RAW: ::c_int = -300; +pub const NF_IP_PRI_SELINUX_FIRST: ::c_int = -225; +pub const NF_IP_PRI_CONNTRACK: ::c_int = -200; +pub const NF_IP_PRI_MANGLE: ::c_int = -150; +pub const NF_IP_PRI_NAT_DST: ::c_int = -100; +pub const NF_IP_PRI_FILTER: ::c_int = 0; +pub const NF_IP_PRI_SECURITY: ::c_int = 50; +pub const NF_IP_PRI_NAT_SRC: ::c_int = 100; +pub const NF_IP_PRI_SELINUX_LAST: ::c_int = 225; +pub const NF_IP_PRI_CONNTRACK_HELPER: ::c_int = 300; +pub const NF_IP_PRI_CONNTRACK_CONFIRM: ::c_int = ::INT_MAX; +pub const NF_IP_PRI_LAST: ::c_int = ::INT_MAX; + +// linux/netfilter_ipv6.h +pub const NF_IP6_PRE_ROUTING: ::c_int = 0; +pub const NF_IP6_LOCAL_IN: ::c_int = 1; +pub const NF_IP6_FORWARD: ::c_int = 2; +pub const NF_IP6_LOCAL_OUT: ::c_int = 3; +pub const NF_IP6_POST_ROUTING: ::c_int = 4; +pub const NF_IP6_NUMHOOKS: ::c_int = 5; + +pub const NF_IP6_PRI_FIRST: ::c_int = ::INT_MIN; +pub const NF_IP6_PRI_CONNTRACK_DEFRAG: ::c_int = -400; +pub const NF_IP6_PRI_RAW: ::c_int = -300; +pub const NF_IP6_PRI_SELINUX_FIRST: ::c_int = -225; +pub const NF_IP6_PRI_CONNTRACK: ::c_int = -200; +pub const NF_IP6_PRI_MANGLE: ::c_int = -150; +pub const NF_IP6_PRI_NAT_DST: ::c_int = -100; +pub const NF_IP6_PRI_FILTER: ::c_int = 0; +pub const NF_IP6_PRI_SECURITY: ::c_int = 50; +pub const NF_IP6_PRI_NAT_SRC: ::c_int = 100; +pub const NF_IP6_PRI_SELINUX_LAST: ::c_int = 225; +pub const NF_IP6_PRI_CONNTRACK_HELPER: ::c_int = 300; +pub const NF_IP6_PRI_LAST: ::c_int = ::INT_MAX; + f! { pub fn CPU_ZERO(cpuset: &mut cpu_set_t) -> () { for slot in cpuset.bits.iter_mut() { diff --git a/src/unix/notbsd/linux/other/mod.rs b/src/unix/notbsd/linux/other/mod.rs index f842d3f3..c42646f1 100644 --- a/src/unix/notbsd/linux/other/mod.rs +++ b/src/unix/notbsd/linux/other/mod.rs @@ -589,42 +589,13 @@ pub const TIOCM_DSR: ::c_int = 0x100; pub const TIOCM_CD: ::c_int = TIOCM_CAR; pub const TIOCM_RI: ::c_int = TIOCM_RNG; -pub const NF_DROP: ::c_int = 0; -pub const NF_ACCEPT: ::c_int = 1; -pub const NF_STOLEN: ::c_int = 2; -pub const NF_QUEUE: ::c_int = 3; -pub const NF_REPEAT: ::c_int = 4; -pub const NF_STOP: ::c_int = 5; -pub const NF_MAX_VERDICT: ::c_int = NF_STOP; - -pub const NF_VERDICT_MASK: ::c_int = 0x000000ff; -pub const NF_VERDICT_FLAG_QUEUE_BYPASS: ::c_int = 0x00008000; - -pub const NF_VERDICT_QMASK: ::c_int = 0xffff0000; -pub const NF_VERDICT_QBITS: ::c_int = 16; - -pub const NF_VERDICT_BITS: ::c_int = 16; - -pub const NF_INET_PRE_ROUTING: ::c_int = 0; -pub const NF_INET_LOCAL_IN: ::c_int = 1; -pub const NF_INET_FORWARD: ::c_int = 2; -pub const NF_INET_LOCAL_OUT: ::c_int = 3; -pub const NF_INET_POST_ROUTING: ::c_int = 4; -pub const NF_INET_NUMHOOKS: ::c_int = 5; - pub const NF_NETDEV_INGRESS: ::c_int = 0; pub const NF_NETDEV_NUMHOOKS: ::c_int = 1; -pub const NFPROTO_UNSPEC: ::c_int = 0; pub const NFPROTO_INET: ::c_int = 1; -pub const NFPROTO_IPV4: ::c_int = 2; -pub const NFPROTO_ARP: ::c_int = 3; pub const NFPROTO_NETDEV: ::c_int = 5; -pub const NFPROTO_BRIDGE: ::c_int = 7; -pub const NFPROTO_IPV6: ::c_int = 10; -pub const NFPROTO_DECNET: ::c_int = 12; -pub const NFPROTO_NUMPROTO: ::c_int = 13; +// linux/netfilter/nf_tables.h cfg_if!{ if #[cfg(any(target_arch = "arm", target_arch = "powerpc", target_arch = "powerpc64", target_arch = "aarch64"))] {