Merge pull request #3734 from my4ng/netfilter

feat: add missing netfilter consts

Author: tgross35

libc-test/build.rs

@@ -1635,6 +1635,8 @@ fn test_android(target: &str) {
                 "linux/netfilter/nfnetlink_log.h",
                 "linux/netfilter/nfnetlink_queue.h",
                 "linux/netfilter/nf_tables.h",
+                "linux/netfilter_arp.h",
+                "linux/netfilter_bridge.h",
                 "linux/netfilter_ipv4.h",
                 "linux/netfilter_ipv6.h",
                 "linux/netfilter_ipv6/ip6_tables.h",
@@ -3442,6 +3444,8 @@ fn test_linux(target: &str) {
         "linux/netfilter/nfnetlink_log.h",
         "linux/netfilter/nfnetlink_queue.h",
         "linux/netfilter/nf_tables.h",
+        "linux/netfilter_arp.h",
+        "linux/netfilter_bridge.h",
         "linux/netfilter_ipv4.h",
         "linux/netfilter_ipv6.h",
         "linux/netfilter_ipv6/ip6_tables.h",
@@ -3958,9 +3962,15 @@ fn test_linux(target: &str) {
             | "MINSIGSTKSZ"
                 if gnu => true,
 
-            // FIXME: Linux >= 5.16 changed its value:
+            // FIXME: Linux >= 5.10:
+            // https://github.com/torvalds/linux/commit/d25e2e9388eda61b6e298585024ee3355f50c493
+            "NF_INET_INGRESS" if musl => true,
+
+            // FIXME: Linux >= 5.16:
             // https://github.com/torvalds/linux/commit/42df6e1d221dddc0f2acf2be37e68d553ad65f96
-            "NF_NETDEV_NUMHOOKS" => true,
+            "NF_NETDEV_EGRESS" if musl || sparc64 => true,
+            // value changed
+            "NF_NETDEV_NUMHOOKS" if musl || sparc64 => true,
 
             // FIXME: requires Linux >= 5.6:
             | "RESOLVE_BENEATH"

libc-test/semver/android.txt

@@ -1644,8 +1644,29 @@ NFULNL_COPY_PACKET
 NFULNL_MSG_CONFIG
 NFULNL_MSG_PACKET
 NF_ACCEPT
+NF_ARP
+NF_ARP_FORWARD
+NF_ARP_IN
+NF_ARP_NUMHOOKS
+NF_ARP_OUT
+NF_BR_BROUTING
+NF_BR_FORWARD
+NF_BR_LOCAL_IN
+NF_BR_LOCAL_OUT
+NF_BR_NUMHOOKS
+NF_BR_POST_ROUTING
+NF_BR_PRE_ROUTING
+NF_BR_PRI_BRNF
+NF_BR_PRI_FILTER_BRIDGED
+NF_BR_PRI_FILTER_OTHER
+NF_BR_PRI_FIRST
+NF_BR_PRI_LAST
+NF_BR_PRI_NAT_DST_BRIDGED
+NF_BR_PRI_NAT_DST_OTHER
+NF_BR_PRI_NAT_SRC
 NF_DROP
 NF_INET_FORWARD
+NF_INET_INGRESS
 NF_INET_LOCAL_IN
 NF_INET_LOCAL_OUT
 NF_INET_NUMHOOKS
@@ -1667,6 +1688,7 @@ NF_IP6_PRI_MANGLE
 NF_IP6_PRI_NAT_DST
 NF_IP6_PRI_NAT_SRC
 NF_IP6_PRI_RAW
+NF_IP6_PRI_RAW_BEFORE_DEFRAG
 NF_IP6_PRI_SECURITY
 NF_IP6_PRI_SELINUX_FIRST
 NF_IP6_PRI_SELINUX_LAST
@@ -1687,10 +1709,12 @@ NF_IP_PRI_MANGLE
 NF_IP_PRI_NAT_DST
 NF_IP_PRI_NAT_SRC
 NF_IP_PRI_RAW
+NF_IP_PRI_RAW_BEFORE_DEFRAG
 NF_IP_PRI_SECURITY
 NF_IP_PRI_SELINUX_FIRST
 NF_IP_PRI_SELINUX_LAST
 NF_MAX_VERDICT
+NF_NETDEV_EGRESS
 NF_NETDEV_INGRESS
 NF_NETDEV_NUMHOOKS
 NF_QUEUE

libc-test/semver/linux.txt

@@ -1693,8 +1693,29 @@ NFULNL_COPY_PACKET
 NFULNL_MSG_CONFIG
 NFULNL_MSG_PACKET
 NF_ACCEPT
+NF_ARP
+NF_ARP_FORWARD
+NF_ARP_IN
+NF_ARP_NUMHOOKS
+NF_ARP_OUT
+NF_BR_BROUTING
+NF_BR_FORWARD
+NF_BR_LOCAL_IN
+NF_BR_LOCAL_OUT
+NF_BR_NUMHOOKS
+NF_BR_POST_ROUTING
+NF_BR_PRE_ROUTING
+NF_BR_PRI_BRNF
+NF_BR_PRI_FILTER_BRIDGED
+NF_BR_PRI_FILTER_OTHER
+NF_BR_PRI_FIRST
+NF_BR_PRI_LAST
+NF_BR_PRI_NAT_DST_BRIDGED
+NF_BR_PRI_NAT_DST_OTHER
+NF_BR_PRI_NAT_SRC
 NF_DROP
 NF_INET_FORWARD
+NF_INET_INGRESS
 NF_INET_LOCAL_IN
 NF_INET_LOCAL_OUT
 NF_INET_NUMHOOKS
@@ -1716,6 +1737,7 @@ NF_IP6_PRI_MANGLE
 NF_IP6_PRI_NAT_DST
 NF_IP6_PRI_NAT_SRC
 NF_IP6_PRI_RAW
+NF_IP6_PRI_RAW_BEFORE_DEFRAG
 NF_IP6_PRI_SECURITY
 NF_IP6_PRI_SELINUX_FIRST
 NF_IP6_PRI_SELINUX_LAST
@@ -1736,10 +1758,12 @@ NF_IP_PRI_MANGLE
 NF_IP_PRI_NAT_DST
 NF_IP_PRI_NAT_SRC
 NF_IP_PRI_RAW
+NF_IP_PRI_RAW_BEFORE_DEFRAG
 NF_IP_PRI_SECURITY
 NF_IP_PRI_SELINUX_FIRST
 NF_IP_PRI_SELINUX_LAST
 NF_MAX_VERDICT
+NF_NETDEV_EGRESS
 NF_QUEUE
 NF_REPEAT
 NF_STOLEN

src/unix/linux_like/android/mod.rs

@@ -2312,9 +2312,11 @@ pub const NF_INET_FORWARD: ::c_int = 2;
 pub const NF_INET_LOCAL_OUT: ::c_int = 3;
 pub const NF_INET_POST_ROUTING: ::c_int = 4;
 pub const NF_INET_NUMHOOKS: ::c_int = 5;
+pub const NF_INET_INGRESS: ::c_int = NF_INET_NUMHOOKS;
 
 pub const NF_NETDEV_INGRESS: ::c_int = 0;
-pub const NF_NETDEV_NUMHOOKS: ::c_int = 1;
+pub const NF_NETDEV_EGRESS: ::c_int = 1;
+pub const NF_NETDEV_NUMHOOKS: ::c_int = 2;
 
 pub const NFPROTO_UNSPEC: ::c_int = 0;
 pub const NFPROTO_INET: ::c_int = 1;
@@ -2326,6 +2328,31 @@ pub const NFPROTO_IPV6: ::c_int = 10;
 pub const NFPROTO_DECNET: ::c_int = 12;
 pub const NFPROTO_NUMPROTO: ::c_int = 13;
 
+// linux/netfilter_arp.h
+pub const NF_ARP: ::c_int = 0;
+pub const NF_ARP_IN: ::c_int = 0;
+pub const NF_ARP_OUT: ::c_int = 1;
+pub const NF_ARP_FORWARD: ::c_int = 2;
+pub const NF_ARP_NUMHOOKS: ::c_int = 3;
+
+// linux/netfilter_bridge.h
+pub const NF_BR_PRE_ROUTING: ::c_int = 0;
+pub const NF_BR_LOCAL_IN: ::c_int = 1;
+pub const NF_BR_FORWARD: ::c_int = 2;
+pub const NF_BR_LOCAL_OUT: ::c_int = 3;
+pub const NF_BR_POST_ROUTING: ::c_int = 4;
+pub const NF_BR_BROUTING: ::c_int = 5;
+pub const NF_BR_NUMHOOKS: ::c_int = 6;
+
+pub const NF_BR_PRI_FIRST: ::c_int = ::INT_MIN;
+pub const NF_BR_PRI_NAT_DST_BRIDGED: ::c_int = -300;
+pub const NF_BR_PRI_FILTER_BRIDGED: ::c_int = -200;
+pub const NF_BR_PRI_BRNF: ::c_int = 0;
+pub const NF_BR_PRI_NAT_DST_OTHER: ::c_int = 100;
+pub const NF_BR_PRI_FILTER_OTHER: ::c_int = 200;
+pub const NF_BR_PRI_NAT_SRC: ::c_int = 300;
+pub const NF_BR_PRI_LAST: ::c_int = ::INT_MAX;
+
 // linux/netfilter_ipv4.h
 pub const NF_IP_PRE_ROUTING: ::c_int = 0;
 pub const NF_IP_LOCAL_IN: ::c_int = 1;
@@ -2335,6 +2362,7 @@ pub const NF_IP_POST_ROUTING: ::c_int = 4;
 pub const NF_IP_NUMHOOKS: ::c_int = 5;
 
 pub const NF_IP_PRI_FIRST: ::c_int = ::INT_MIN;
+pub const NF_IP_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450;
 pub const NF_IP_PRI_CONNTRACK_DEFRAG: ::c_int = -400;
 pub const NF_IP_PRI_RAW: ::c_int = -300;
 pub const NF_IP_PRI_SELINUX_FIRST: ::c_int = -225;
@@ -2358,6 +2386,7 @@ pub const NF_IP6_POST_ROUTING: ::c_int = 4;
 pub const NF_IP6_NUMHOOKS: ::c_int = 5;
 
 pub const NF_IP6_PRI_FIRST: ::c_int = ::INT_MIN;
+pub const NF_IP6_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450;
 pub const NF_IP6_PRI_CONNTRACK_DEFRAG: ::c_int = -400;
 pub const NF_IP6_PRI_RAW: ::c_int = -300;
 pub const NF_IP6_PRI_SELINUX_FIRST: ::c_int = -225;

src/unix/linux_like/linux/mod.rs

@@ -3289,20 +3289,47 @@ pub const NF_INET_FORWARD: ::c_int = 2;
 pub const NF_INET_LOCAL_OUT: ::c_int = 3;
 pub const NF_INET_POST_ROUTING: ::c_int = 4;
 pub const NF_INET_NUMHOOKS: ::c_int = 5;
+pub const NF_INET_INGRESS: ::c_int = NF_INET_NUMHOOKS;
+
+pub const NF_NETDEV_INGRESS: ::c_int = 0;
+pub const NF_NETDEV_EGRESS: ::c_int = 1;
+pub const NF_NETDEV_NUMHOOKS: ::c_int = 2;
 
 // Some NFPROTO are not compatible with musl and are defined in submodules.
 pub const NFPROTO_UNSPEC: ::c_int = 0;
+pub const NFPROTO_INET: ::c_int = 1;
 pub const NFPROTO_IPV4: ::c_int = 2;
 pub const NFPROTO_ARP: ::c_int = 3;
+pub const NFPROTO_NETDEV: ::c_int = 5;
 pub const NFPROTO_BRIDGE: ::c_int = 7;
 pub const NFPROTO_IPV6: ::c_int = 10;
 pub const NFPROTO_DECNET: ::c_int = 12;
 pub const NFPROTO_NUMPROTO: ::c_int = 13;
-pub const NFPROTO_INET: ::c_int = 1;
-pub const NFPROTO_NETDEV: ::c_int = 5;
 
-pub const NF_NETDEV_INGRESS: ::c_int = 0;
-pub const NF_NETDEV_NUMHOOKS: ::c_int = 1;
+// linux/netfilter_arp.h
+pub const NF_ARP: ::c_int = 0;
+pub const NF_ARP_IN: ::c_int = 0;
+pub const NF_ARP_OUT: ::c_int = 1;
+pub const NF_ARP_FORWARD: ::c_int = 2;
+pub const NF_ARP_NUMHOOKS: ::c_int = 3;
+
+// linux/netfilter_bridge.h
+pub const NF_BR_PRE_ROUTING: ::c_int = 0;
+pub const NF_BR_LOCAL_IN: ::c_int = 1;
+pub const NF_BR_FORWARD: ::c_int = 2;
+pub const NF_BR_LOCAL_OUT: ::c_int = 3;
+pub const NF_BR_POST_ROUTING: ::c_int = 4;
+pub const NF_BR_BROUTING: ::c_int = 5;
+pub const NF_BR_NUMHOOKS: ::c_int = 6;
+
+pub const NF_BR_PRI_FIRST: ::c_int = ::INT_MIN;
+pub const NF_BR_PRI_NAT_DST_BRIDGED: ::c_int = -300;
+pub const NF_BR_PRI_FILTER_BRIDGED: ::c_int = -200;
+pub const NF_BR_PRI_BRNF: ::c_int = 0;
+pub const NF_BR_PRI_NAT_DST_OTHER: ::c_int = 100;
+pub const NF_BR_PRI_FILTER_OTHER: ::c_int = 200;
+pub const NF_BR_PRI_NAT_SRC: ::c_int = 300;
+pub const NF_BR_PRI_LAST: ::c_int = ::INT_MAX;
 
 // linux/netfilter_ipv4.h
 pub const NF_IP_PRE_ROUTING: ::c_int = 0;
@@ -3313,6 +3340,7 @@ pub const NF_IP_POST_ROUTING: ::c_int = 4;
 pub const NF_IP_NUMHOOKS: ::c_int = 5;
 
 pub const NF_IP_PRI_FIRST: ::c_int = ::INT_MIN;
+pub const NF_IP_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450;
 pub const NF_IP_PRI_CONNTRACK_DEFRAG: ::c_int = -400;
 pub const NF_IP_PRI_RAW: ::c_int = -300;
 pub const NF_IP_PRI_SELINUX_FIRST: ::c_int = -225;
@@ -3336,6 +3364,7 @@ pub const NF_IP6_POST_ROUTING: ::c_int = 4;
 pub const NF_IP6_NUMHOOKS: ::c_int = 5;
 
 pub const NF_IP6_PRI_FIRST: ::c_int = ::INT_MIN;
+pub const NF_IP6_PRI_RAW_BEFORE_DEFRAG: ::c_int = -450;
 pub const NF_IP6_PRI_CONNTRACK_DEFRAG: ::c_int = -400;
 pub const NF_IP6_PRI_RAW: ::c_int = -300;
 pub const NF_IP6_PRI_SELINUX_FIRST: ::c_int = -225;