Skip to content

Commit 8650afb

Browse files
borsbors
committed
Auto merge of #926 - faern:add-netfilter-fields, r=alexcrichton
Add netfilter/nftables fields Adding a few missing `NF_` constants to more complete the story around that header. Then most importantly add a lot of `NFT_` constants needed in my nftables library. Some were added back in #911, but as the library grew I realized I needed more constants.
2 parents 42377bb + b89d662 commit 8650afb

File tree

6 files changed

+592
-30
lines changed

6 files changed

+592
-30
lines changed

libc-test/build.rs

+1
Original file line numberDiff line numberDiff line change
@@ -245,6 +245,7 @@ fn main() {
245245
cfg.header("linux/netlink.h");
246246
cfg.header("linux/genetlink.h");
247247
cfg.header("linux/netfilter_ipv4.h");
248+
cfg.header("linux/netfilter_ipv6.h");
248249
cfg.header("linux/fs.h");
249250
}
250251
if !musl {

src/lib.rs

+3
Original file line numberDiff line numberDiff line change
@@ -148,6 +148,9 @@ cfg_if! {
148148
pub enum FILE {}
149149
pub enum fpos_t {} // TODO: fill this out with a struct
150150

151+
pub const INT_MIN: c_int = -2147483648;
152+
pub const INT_MAX: c_int = 2147483647;
153+
151154
extern {
152155
pub fn isalnum(c: c_int) -> c_int;
153156
pub fn isalpha(c: c_int) -> c_int;

src/unix/notbsd/android/mod.rs

+199
Original file line numberDiff line numberDiff line change
@@ -1001,6 +1001,7 @@ pub const O_TMPFILE: ::c_int = 0o20000000 | O_DIRECTORY;
10011001
pub const MFD_CLOEXEC: ::c_uint = 0x0001;
10021002
pub const MFD_ALLOW_SEALING: ::c_uint = 0x0002;
10031003

1004+
// linux/netfilter.h
10041005
pub const NF_DROP: ::c_int = 0;
10051006
pub const NF_ACCEPT: ::c_int = 1;
10061007
pub const NF_STOLEN: ::c_int = 2;
@@ -1037,12 +1038,90 @@ pub const NFPROTO_IPV6: ::c_int = 10;
10371038
pub const NFPROTO_DECNET: ::c_int = 12;
10381039
pub const NFPROTO_NUMPROTO: ::c_int = 13;
10391040

1041+
// linux/netfilter_ipv4.h
1042+
pub const NF_IP_PRE_ROUTING: ::c_int = 0;
1043+
pub const NF_IP_LOCAL_IN: ::c_int = 1;
1044+
pub const NF_IP_FORWARD: ::c_int = 2;
1045+
pub const NF_IP_LOCAL_OUT: ::c_int = 3;
1046+
pub const NF_IP_POST_ROUTING: ::c_int = 4;
1047+
pub const NF_IP_NUMHOOKS: ::c_int = 5;
1048+
1049+
pub const NF_IP_PRI_FIRST: ::c_int = ::INT_MIN;
1050+
pub const NF_IP_PRI_CONNTRACK_DEFRAG: ::c_int = -400;
1051+
pub const NF_IP_PRI_RAW: ::c_int = -300;
1052+
pub const NF_IP_PRI_SELINUX_FIRST: ::c_int = -225;
1053+
pub const NF_IP_PRI_CONNTRACK: ::c_int = -200;
1054+
pub const NF_IP_PRI_MANGLE: ::c_int = -150;
1055+
pub const NF_IP_PRI_NAT_DST: ::c_int = -100;
1056+
pub const NF_IP_PRI_FILTER: ::c_int = 0;
1057+
pub const NF_IP_PRI_SECURITY: ::c_int = 50;
1058+
pub const NF_IP_PRI_NAT_SRC: ::c_int = 100;
1059+
pub const NF_IP_PRI_SELINUX_LAST: ::c_int = 225;
1060+
pub const NF_IP_PRI_CONNTRACK_HELPER: ::c_int = 300;
1061+
pub const NF_IP_PRI_CONNTRACK_CONFIRM: ::c_int = ::INT_MAX;
1062+
pub const NF_IP_PRI_LAST: ::c_int = ::INT_MAX;
1063+
1064+
// linux/netfilter_ipv6.h
1065+
pub const NF_IP6_PRE_ROUTING: ::c_int = 0;
1066+
pub const NF_IP6_LOCAL_IN: ::c_int = 1;
1067+
pub const NF_IP6_FORWARD: ::c_int = 2;
1068+
pub const NF_IP6_LOCAL_OUT: ::c_int = 3;
1069+
pub const NF_IP6_POST_ROUTING: ::c_int = 4;
1070+
pub const NF_IP6_NUMHOOKS: ::c_int = 5;
1071+
1072+
pub const NF_IP6_PRI_FIRST: ::c_int = ::INT_MIN;
1073+
pub const NF_IP6_PRI_CONNTRACK_DEFRAG: ::c_int = -400;
1074+
pub const NF_IP6_PRI_RAW: ::c_int = -300;
1075+
pub const NF_IP6_PRI_SELINUX_FIRST: ::c_int = -225;
1076+
pub const NF_IP6_PRI_CONNTRACK: ::c_int = -200;
1077+
pub const NF_IP6_PRI_MANGLE: ::c_int = -150;
1078+
pub const NF_IP6_PRI_NAT_DST: ::c_int = -100;
1079+
pub const NF_IP6_PRI_FILTER: ::c_int = 0;
1080+
pub const NF_IP6_PRI_SECURITY: ::c_int = 50;
1081+
pub const NF_IP6_PRI_NAT_SRC: ::c_int = 100;
1082+
pub const NF_IP6_PRI_SELINUX_LAST: ::c_int = 225;
1083+
pub const NF_IP6_PRI_CONNTRACK_HELPER: ::c_int = 300;
1084+
pub const NF_IP6_PRI_LAST: ::c_int = ::INT_MAX;
1085+
1086+
// linux/netfilter/nf_tables.h
10401087
pub const NFT_TABLE_MAXNAMELEN: ::c_int = 32;
10411088
pub const NFT_CHAIN_MAXNAMELEN: ::c_int = 32;
10421089
pub const NFT_SET_MAXNAMELEN: ::c_int = 32;
10431090
pub const NFT_OBJ_MAXNAMELEN: ::c_int = 32;
10441091
pub const NFT_USERDATA_MAXLEN: ::c_int = 256;
10451092

1093+
pub const NFT_REG_VERDICT: ::c_int = 0;
1094+
pub const NFT_REG_1: ::c_int = 1;
1095+
pub const NFT_REG_2: ::c_int = 2;
1096+
pub const NFT_REG_3: ::c_int = 3;
1097+
pub const NFT_REG_4: ::c_int = 4;
1098+
pub const __NFT_REG_MAX: ::c_int = 5;
1099+
pub const NFT_REG32_00: ::c_int = 8;
1100+
pub const NFT_REG32_01: ::c_int = 9;
1101+
pub const NFT_REG32_02: ::c_int = 10;
1102+
pub const NFT_REG32_03: ::c_int = 11;
1103+
pub const NFT_REG32_04: ::c_int = 12;
1104+
pub const NFT_REG32_05: ::c_int = 13;
1105+
pub const NFT_REG32_06: ::c_int = 14;
1106+
pub const NFT_REG32_07: ::c_int = 15;
1107+
pub const NFT_REG32_08: ::c_int = 16;
1108+
pub const NFT_REG32_09: ::c_int = 17;
1109+
pub const NFT_REG32_10: ::c_int = 18;
1110+
pub const NFT_REG32_11: ::c_int = 19;
1111+
pub const NFT_REG32_12: ::c_int = 20;
1112+
pub const NFT_REG32_13: ::c_int = 21;
1113+
pub const NFT_REG32_14: ::c_int = 22;
1114+
pub const NFT_REG32_15: ::c_int = 23;
1115+
1116+
pub const NFT_REG_SIZE: ::c_int = 16;
1117+
pub const NFT_REG32_SIZE: ::c_int = 4;
1118+
1119+
pub const NFT_CONTINUE: ::c_int = -1;
1120+
pub const NFT_BREAK: ::c_int = -2;
1121+
pub const NFT_JUMP: ::c_int = -3;
1122+
pub const NFT_GOTO: ::c_int = -4;
1123+
pub const NFT_RETURN: ::c_int = -5;
1124+
10461125
pub const NFT_MSG_NEWTABLE: ::c_int = 0;
10471126
pub const NFT_MSG_GETTABLE: ::c_int = 1;
10481127
pub const NFT_MSG_DELTABLE: ::c_int = 2;
@@ -1067,6 +1146,126 @@ pub const NFT_MSG_DELOBJ: ::c_int = 20;
10671146
pub const NFT_MSG_GETOBJ_RESET: ::c_int = 21;
10681147
pub const NFT_MSG_MAX: ::c_int = 22;
10691148

1149+
pub const NFT_SET_ANONYMOUS: ::c_int = 0x1;
1150+
pub const NFT_SET_CONSTANT: ::c_int = 0x2;
1151+
pub const NFT_SET_INTERVAL: ::c_int = 0x4;
1152+
pub const NFT_SET_MAP: ::c_int = 0x8;
1153+
pub const NFT_SET_TIMEOUT: ::c_int = 0x10;
1154+
pub const NFT_SET_EVAL: ::c_int = 0x20;
1155+
1156+
pub const NFT_SET_POL_PERFORMANCE: ::c_int = 0;
1157+
pub const NFT_SET_POL_MEMORY: ::c_int = 1;
1158+
1159+
pub const NFT_SET_ELEM_INTERVAL_END: ::c_int = 0x1;
1160+
1161+
pub const NFT_DATA_VALUE: ::c_uint = 0;
1162+
pub const NFT_DATA_VERDICT: ::c_uint = 0xffffff00;
1163+
1164+
pub const NFT_DATA_RESERVED_MASK: ::c_uint = 0xffffff00;
1165+
1166+
pub const NFT_DATA_VALUE_MAXLEN: ::c_int = 64;
1167+
1168+
pub const NFT_BYTEORDER_NTOH: ::c_int = 0;
1169+
pub const NFT_BYTEORDER_HTON: ::c_int = 1;
1170+
1171+
pub const NFT_CMP_EQ: ::c_int = 0;
1172+
pub const NFT_CMP_NEQ: ::c_int = 1;
1173+
pub const NFT_CMP_LT: ::c_int = 2;
1174+
pub const NFT_CMP_LTE: ::c_int = 3;
1175+
pub const NFT_CMP_GT: ::c_int = 4;
1176+
pub const NFT_CMP_GTE: ::c_int = 5;
1177+
1178+
pub const NFT_RANGE_EQ: ::c_int = 0;
1179+
pub const NFT_RANGE_NEQ: ::c_int = 1;
1180+
1181+
pub const NFT_LOOKUP_F_INV: ::c_int = (1 << 0);
1182+
1183+
pub const NFT_DYNSET_OP_ADD: ::c_int = 0;
1184+
pub const NFT_DYNSET_OP_UPDATE: ::c_int = 1;
1185+
1186+
pub const NFT_DYNSET_F_INV: ::c_int = (1 << 0);
1187+
1188+
pub const NFT_PAYLOAD_LL_HEADER: ::c_int = 0;
1189+
pub const NFT_PAYLOAD_NETWORK_HEADER: ::c_int = 1;
1190+
pub const NFT_PAYLOAD_TRANSPORT_HEADER: ::c_int = 2;
1191+
1192+
pub const NFT_PAYLOAD_CSUM_NONE: ::c_int = 0;
1193+
pub const NFT_PAYLOAD_CSUM_INET: ::c_int = 1;
1194+
1195+
pub const NFT_META_LEN: ::c_int = 0;
1196+
pub const NFT_META_PROTOCOL: ::c_int = 1;
1197+
pub const NFT_META_PRIORITY: ::c_int = 2;
1198+
pub const NFT_META_MARK: ::c_int = 3;
1199+
pub const NFT_META_IIF: ::c_int = 4;
1200+
pub const NFT_META_OIF: ::c_int = 5;
1201+
pub const NFT_META_IIFNAME: ::c_int = 6;
1202+
pub const NFT_META_OIFNAME: ::c_int = 7;
1203+
pub const NFT_META_IIFTYPE: ::c_int = 8;
1204+
pub const NFT_META_OIFTYPE: ::c_int = 9;
1205+
pub const NFT_META_SKUID: ::c_int = 10;
1206+
pub const NFT_META_SKGID: ::c_int = 11;
1207+
pub const NFT_META_NFTRACE: ::c_int = 12;
1208+
pub const NFT_META_RTCLASSID: ::c_int = 13;
1209+
pub const NFT_META_SECMARK: ::c_int = 14;
1210+
pub const NFT_META_NFPROTO: ::c_int = 15;
1211+
pub const NFT_META_L4PROTO: ::c_int = 16;
1212+
pub const NFT_META_BRI_IIFNAME: ::c_int = 17;
1213+
pub const NFT_META_BRI_OIFNAME: ::c_int = 18;
1214+
pub const NFT_META_PKTTYPE: ::c_int = 19;
1215+
pub const NFT_META_CPU: ::c_int = 20;
1216+
pub const NFT_META_IIFGROUP: ::c_int = 21;
1217+
pub const NFT_META_OIFGROUP: ::c_int = 22;
1218+
pub const NFT_META_CGROUP: ::c_int = 23;
1219+
pub const NFT_META_PRANDOM: ::c_int = 24;
1220+
1221+
pub const NFT_CT_STATE: ::c_int = 0;
1222+
pub const NFT_CT_DIRECTION: ::c_int = 1;
1223+
pub const NFT_CT_STATUS: ::c_int = 2;
1224+
pub const NFT_CT_MARK: ::c_int = 3;
1225+
pub const NFT_CT_SECMARK: ::c_int = 4;
1226+
pub const NFT_CT_EXPIRATION: ::c_int = 5;
1227+
pub const NFT_CT_HELPER: ::c_int = 6;
1228+
pub const NFT_CT_L3PROTOCOL: ::c_int = 7;
1229+
pub const NFT_CT_SRC: ::c_int = 8;
1230+
pub const NFT_CT_DST: ::c_int = 9;
1231+
pub const NFT_CT_PROTOCOL: ::c_int = 10;
1232+
pub const NFT_CT_PROTO_SRC: ::c_int = 11;
1233+
pub const NFT_CT_PROTO_DST: ::c_int = 12;
1234+
pub const NFT_CT_LABELS: ::c_int = 13;
1235+
pub const NFT_CT_PKTS: ::c_int = 14;
1236+
pub const NFT_CT_BYTES: ::c_int = 15;
1237+
1238+
pub const NFT_LIMIT_PKTS: ::c_int = 0;
1239+
pub const NFT_LIMIT_PKT_BYTES: ::c_int = 1;
1240+
1241+
pub const NFT_LIMIT_F_INV: ::c_int = (1 << 0);
1242+
1243+
pub const NFT_QUEUE_FLAG_BYPASS: ::c_int = 0x01;
1244+
pub const NFT_QUEUE_FLAG_CPU_FANOUT: ::c_int = 0x02;
1245+
pub const NFT_QUEUE_FLAG_MASK: ::c_int = 0x03;
1246+
1247+
pub const NFT_QUOTA_F_INV: ::c_int = (1 << 0);
1248+
1249+
pub const NFT_REJECT_ICMP_UNREACH: ::c_int = 0;
1250+
pub const NFT_REJECT_TCP_RST: ::c_int = 1;
1251+
pub const NFT_REJECT_ICMPX_UNREACH: ::c_int = 2;
1252+
1253+
pub const NFT_REJECT_ICMPX_NO_ROUTE: ::c_int = 0;
1254+
pub const NFT_REJECT_ICMPX_PORT_UNREACH: ::c_int = 1;
1255+
pub const NFT_REJECT_ICMPX_HOST_UNREACH: ::c_int = 2;
1256+
pub const NFT_REJECT_ICMPX_ADMIN_PROHIBITED: ::c_int = 3;
1257+
1258+
pub const NFT_NAT_SNAT: ::c_int = 0;
1259+
pub const NFT_NAT_DNAT: ::c_int = 1;
1260+
1261+
pub const NFT_TRACETYPE_UNSPEC: ::c_int = 0;
1262+
pub const NFT_TRACETYPE_POLICY: ::c_int = 1;
1263+
pub const NFT_TRACETYPE_RETURN: ::c_int = 2;
1264+
pub const NFT_TRACETYPE_RULE: ::c_int = 3;
1265+
1266+
pub const NFT_NG_INCREMENTAL: ::c_int = 0;
1267+
pub const NFT_NG_RANDOM: ::c_int = 1;
1268+
10701269
pub const IFF_TUN: ::c_int = 0x0001;
10711270
pub const IFF_TAP: ::c_int = 0x0002;
10721271
pub const IFF_NO_PI: ::c_int = 0x1000;

0 commit comments

Comments
 (0)