Auto merge of #2152 - namib-project:nftables-musl, r=JohnTitor

Make netfilter constants available for musl Linux targets

The netfilter constants added in #911 and #926 are currently only available for Linux targets using glibc because they weren't available in the musl-sanitized kernel headers at the time these PRs were made.

With current versions of the sanitized headers, these constants are available, and this PR moves them to `unix/linux_like/linux/mod.rs` so that they can be used on targets using musl libc.

The kernel header version currently set in `ci/install_musl.sh` already supports these constants, but has different values for e.g. `NFT_TABLE_MAXNAMELEN` than the ones that were already defined for glibc. It seems like the maximum name length for various netfilter objects has been changed in the kernel (the respective commits are [1](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/uapi/linux/netfilter/nf_tables.h?id=e46abbcc05aa8a16b0e7f5c94e86d11af9aa2770) [2](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/uapi/linux/netfilter/nf_tables.h?id=b7263e071aba736cea9e71cdf2e76dfa7aebd039) [3](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/uapi/linux/netfilter/nf_tables.h?id=387454901bd62022ac1b04e15bd8d4fcc60bbed4) and [4](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/include/uapi/linux/netfilter/nf_tables.h?id=615095752100748e221028fc96163c2b78185ae4)). To match these values with the ones that were already defined, this PR also updates the used kernel header version in `ci/install_musl.sh`.

Author: bors

ci/install-musl.sh

@@ -79,7 +79,7 @@ cd ..
 rm -rf $MUSL
 
 # Download, configure, build, and install musl-sanitized kernel headers:
-KERNEL_HEADER_VER="4.4.2-2"
+KERNEL_HEADER_VER="4.19.88"
 curl --retry 5 -L \
      "https://github.com/sabotage-linux/kernel-headers/archive/v${KERNEL_HEADER_VER}.tar.gz" | \
     tar xzf -

src/unix/linux_like/linux/gnu/mod.rs

@@ -948,12 +948,6 @@ pub const TIOCM_RTS: ::c_int = 0x004;
 pub const TIOCM_CD: ::c_int = TIOCM_CAR;
 pub const TIOCM_RI: ::c_int = TIOCM_RNG;
 
-pub const NF_NETDEV_INGRESS: ::c_int = 0;
-pub const NF_NETDEV_NUMHOOKS: ::c_int = 1;
-
-pub const NFPROTO_INET: ::c_int = 1;
-pub const NFPROTO_NETDEV: ::c_int = 5;
-
 // linux/keyctl.h
 pub const KEYCTL_DH_COMPUTE: u32 = 23;
 pub const KEYCTL_PKEY_QUERY: u32 = 24;
@@ -985,193 +979,6 @@ cfg_if! {
     }
 }
 
-// linux/netfilter/nf_tables.h
-pub const NFT_TABLE_MAXNAMELEN: ::c_int = 256;
-pub const NFT_CHAIN_MAXNAMELEN: ::c_int = 256;
-pub const NFT_SET_MAXNAMELEN: ::c_int = 256;
-pub const NFT_OBJ_MAXNAMELEN: ::c_int = 256;
-pub const NFT_USERDATA_MAXLEN: ::c_int = 256;
-
-pub const NFT_REG_VERDICT: ::c_int = 0;
-pub const NFT_REG_1: ::c_int = 1;
-pub const NFT_REG_2: ::c_int = 2;
-pub const NFT_REG_3: ::c_int = 3;
-pub const NFT_REG_4: ::c_int = 4;
-pub const __NFT_REG_MAX: ::c_int = 5;
-pub const NFT_REG32_00: ::c_int = 8;
-pub const NFT_REG32_01: ::c_int = 9;
-pub const NFT_REG32_02: ::c_int = 10;
-pub const NFT_REG32_03: ::c_int = 11;
-pub const NFT_REG32_04: ::c_int = 12;
-pub const NFT_REG32_05: ::c_int = 13;
-pub const NFT_REG32_06: ::c_int = 14;
-pub const NFT_REG32_07: ::c_int = 15;
-pub const NFT_REG32_08: ::c_int = 16;
-pub const NFT_REG32_09: ::c_int = 17;
-pub const NFT_REG32_10: ::c_int = 18;
-pub const NFT_REG32_11: ::c_int = 19;
-pub const NFT_REG32_12: ::c_int = 20;
-pub const NFT_REG32_13: ::c_int = 21;
-pub const NFT_REG32_14: ::c_int = 22;
-pub const NFT_REG32_15: ::c_int = 23;
-
-pub const NFT_REG_SIZE: ::c_int = 16;
-pub const NFT_REG32_SIZE: ::c_int = 4;
-
-pub const NFT_CONTINUE: ::c_int = -1;
-pub const NFT_BREAK: ::c_int = -2;
-pub const NFT_JUMP: ::c_int = -3;
-pub const NFT_GOTO: ::c_int = -4;
-pub const NFT_RETURN: ::c_int = -5;
-
-pub const NFT_MSG_NEWTABLE: ::c_int = 0;
-pub const NFT_MSG_GETTABLE: ::c_int = 1;
-pub const NFT_MSG_DELTABLE: ::c_int = 2;
-pub const NFT_MSG_NEWCHAIN: ::c_int = 3;
-pub const NFT_MSG_GETCHAIN: ::c_int = 4;
-pub const NFT_MSG_DELCHAIN: ::c_int = 5;
-pub const NFT_MSG_NEWRULE: ::c_int = 6;
-pub const NFT_MSG_GETRULE: ::c_int = 7;
-pub const NFT_MSG_DELRULE: ::c_int = 8;
-pub const NFT_MSG_NEWSET: ::c_int = 9;
-pub const NFT_MSG_GETSET: ::c_int = 10;
-pub const NFT_MSG_DELSET: ::c_int = 11;
-pub const NFT_MSG_NEWSETELEM: ::c_int = 12;
-pub const NFT_MSG_GETSETELEM: ::c_int = 13;
-pub const NFT_MSG_DELSETELEM: ::c_int = 14;
-pub const NFT_MSG_NEWGEN: ::c_int = 15;
-pub const NFT_MSG_GETGEN: ::c_int = 16;
-pub const NFT_MSG_TRACE: ::c_int = 17;
-cfg_if! {
-    if #[cfg(not(target_arch = "sparc64"))] {
-        pub const NFT_MSG_NEWOBJ: ::c_int = 18;
-        pub const NFT_MSG_GETOBJ: ::c_int = 19;
-        pub const NFT_MSG_DELOBJ: ::c_int = 20;
-        pub const NFT_MSG_GETOBJ_RESET: ::c_int = 21;
-    }
-}
-pub const NFT_MSG_MAX: ::c_int = 25;
-
-pub const NFT_SET_ANONYMOUS: ::c_int = 0x1;
-pub const NFT_SET_CONSTANT: ::c_int = 0x2;
-pub const NFT_SET_INTERVAL: ::c_int = 0x4;
-pub const NFT_SET_MAP: ::c_int = 0x8;
-pub const NFT_SET_TIMEOUT: ::c_int = 0x10;
-pub const NFT_SET_EVAL: ::c_int = 0x20;
-
-pub const NFT_SET_POL_PERFORMANCE: ::c_int = 0;
-pub const NFT_SET_POL_MEMORY: ::c_int = 1;
-
-pub const NFT_SET_ELEM_INTERVAL_END: ::c_int = 0x1;
-
-pub const NFT_DATA_VALUE: ::c_uint = 0;
-pub const NFT_DATA_VERDICT: ::c_uint = 0xffffff00;
-
-pub const NFT_DATA_RESERVED_MASK: ::c_uint = 0xffffff00;
-
-pub const NFT_DATA_VALUE_MAXLEN: ::c_int = 64;
-
-pub const NFT_BYTEORDER_NTOH: ::c_int = 0;
-pub const NFT_BYTEORDER_HTON: ::c_int = 1;
-
-pub const NFT_CMP_EQ: ::c_int = 0;
-pub const NFT_CMP_NEQ: ::c_int = 1;
-pub const NFT_CMP_LT: ::c_int = 2;
-pub const NFT_CMP_LTE: ::c_int = 3;
-pub const NFT_CMP_GT: ::c_int = 4;
-pub const NFT_CMP_GTE: ::c_int = 5;
-
-pub const NFT_RANGE_EQ: ::c_int = 0;
-pub const NFT_RANGE_NEQ: ::c_int = 1;
-
-pub const NFT_LOOKUP_F_INV: ::c_int = 1 << 0;
-
-pub const NFT_DYNSET_OP_ADD: ::c_int = 0;
-pub const NFT_DYNSET_OP_UPDATE: ::c_int = 1;
-
-pub const NFT_DYNSET_F_INV: ::c_int = 1 << 0;
-
-pub const NFT_PAYLOAD_LL_HEADER: ::c_int = 0;
-pub const NFT_PAYLOAD_NETWORK_HEADER: ::c_int = 1;
-pub const NFT_PAYLOAD_TRANSPORT_HEADER: ::c_int = 2;
-
-pub const NFT_PAYLOAD_CSUM_NONE: ::c_int = 0;
-pub const NFT_PAYLOAD_CSUM_INET: ::c_int = 1;
-
-pub const NFT_META_LEN: ::c_int = 0;
-pub const NFT_META_PROTOCOL: ::c_int = 1;
-pub const NFT_META_PRIORITY: ::c_int = 2;
-pub const NFT_META_MARK: ::c_int = 3;
-pub const NFT_META_IIF: ::c_int = 4;
-pub const NFT_META_OIF: ::c_int = 5;
-pub const NFT_META_IIFNAME: ::c_int = 6;
-pub const NFT_META_OIFNAME: ::c_int = 7;
-pub const NFT_META_IIFTYPE: ::c_int = 8;
-pub const NFT_META_OIFTYPE: ::c_int = 9;
-pub const NFT_META_SKUID: ::c_int = 10;
-pub const NFT_META_SKGID: ::c_int = 11;
-pub const NFT_META_NFTRACE: ::c_int = 12;
-pub const NFT_META_RTCLASSID: ::c_int = 13;
-pub const NFT_META_SECMARK: ::c_int = 14;
-pub const NFT_META_NFPROTO: ::c_int = 15;
-pub const NFT_META_L4PROTO: ::c_int = 16;
-pub const NFT_META_BRI_IIFNAME: ::c_int = 17;
-pub const NFT_META_BRI_OIFNAME: ::c_int = 18;
-pub const NFT_META_PKTTYPE: ::c_int = 19;
-pub const NFT_META_CPU: ::c_int = 20;
-pub const NFT_META_IIFGROUP: ::c_int = 21;
-pub const NFT_META_OIFGROUP: ::c_int = 22;
-pub const NFT_META_CGROUP: ::c_int = 23;
-pub const NFT_META_PRANDOM: ::c_int = 24;
-
-pub const NFT_CT_STATE: ::c_int = 0;
-pub const NFT_CT_DIRECTION: ::c_int = 1;
-pub const NFT_CT_STATUS: ::c_int = 2;
-pub const NFT_CT_MARK: ::c_int = 3;
-pub const NFT_CT_SECMARK: ::c_int = 4;
-pub const NFT_CT_EXPIRATION: ::c_int = 5;
-pub const NFT_CT_HELPER: ::c_int = 6;
-pub const NFT_CT_L3PROTOCOL: ::c_int = 7;
-pub const NFT_CT_SRC: ::c_int = 8;
-pub const NFT_CT_DST: ::c_int = 9;
-pub const NFT_CT_PROTOCOL: ::c_int = 10;
-pub const NFT_CT_PROTO_SRC: ::c_int = 11;
-pub const NFT_CT_PROTO_DST: ::c_int = 12;
-pub const NFT_CT_LABELS: ::c_int = 13;
-pub const NFT_CT_PKTS: ::c_int = 14;
-pub const NFT_CT_BYTES: ::c_int = 15;
-
-pub const NFT_LIMIT_PKTS: ::c_int = 0;
-pub const NFT_LIMIT_PKT_BYTES: ::c_int = 1;
-
-pub const NFT_LIMIT_F_INV: ::c_int = 1 << 0;
-
-pub const NFT_QUEUE_FLAG_BYPASS: ::c_int = 0x01;
-pub const NFT_QUEUE_FLAG_CPU_FANOUT: ::c_int = 0x02;
-pub const NFT_QUEUE_FLAG_MASK: ::c_int = 0x03;
-
-pub const NFT_QUOTA_F_INV: ::c_int = 1 << 0;
-
-pub const NFT_REJECT_ICMP_UNREACH: ::c_int = 0;
-pub const NFT_REJECT_TCP_RST: ::c_int = 1;
-pub const NFT_REJECT_ICMPX_UNREACH: ::c_int = 2;
-
-pub const NFT_REJECT_ICMPX_NO_ROUTE: ::c_int = 0;
-pub const NFT_REJECT_ICMPX_PORT_UNREACH: ::c_int = 1;
-pub const NFT_REJECT_ICMPX_HOST_UNREACH: ::c_int = 2;
-pub const NFT_REJECT_ICMPX_ADMIN_PROHIBITED: ::c_int = 3;
-
-pub const NFT_NAT_SNAT: ::c_int = 0;
-pub const NFT_NAT_DNAT: ::c_int = 1;
-
-pub const NFT_TRACETYPE_UNSPEC: ::c_int = 0;
-pub const NFT_TRACETYPE_POLICY: ::c_int = 1;
-pub const NFT_TRACETYPE_RETURN: ::c_int = 2;
-pub const NFT_TRACETYPE_RULE: ::c_int = 3;
-
-pub const NFT_NG_INCREMENTAL: ::c_int = 0;
-pub const NFT_NG_RANDOM: ::c_int = 1;
-
 pub const M_MXFAST: ::c_int = 1;
 pub const M_NLBLKS: ::c_int = 2;
 pub const M_GRAIN: ::c_int = 3;