Compatibility issue with version 7.16

Question

Compatibility issue with version 7.16

Closed this issue 4 months ago · 7 comments

this-cat commented 5 months ago

The addition of IPSET_OPT_BITMASK in version 7.16 caused a protocol error for IPSET_OPT_ETHER(24).

this-cat commented 4 months ago

got it

Answer 1 · 2024-05-06T01:14:04.000Z

Can you test with ipset command if this works in 7.16?

Answer 2 · 2024-05-06T07:34:32.000Z

The protocol error occurred in the MAC section due to the ipset 7.16 version's 'Add support for new bitmask parameter.' For more details, please refer to: https://git.netfilter.org/ipset/commit/?id=b50666c0973336f6341dd74288352d2f611d7430

--- a/include/libipset/data.h
+++ b/include/libipset/data.h
@@ -37,6 +37,7 @@ enum ipset_opt {
     IPSET_OPT_RESIZE,
     IPSET_OPT_SIZE,
     IPSET_OPT_FORCEADD,
+    IPSET_OPT_BITMASK,
     /* Create-specific options, filled out by the kernel */
     IPSET_OPT_ELEMENTS,
     IPSET_OPT_REFERENCES,

Answer 3 · 2024-05-06T07:43:58.000Z

Perhaps you can consider using lazy_static! for dynamic global static variables.

libipset.c

#include <libipset/types.h>
#include <libipset/session.h>


enum ipset_opt enum_IPSET_SETNAME() {
    return IPSET_SETNAME;
}
enum ipset_opt enum_IPSET_OPT_FAMILY() {
    return IPSET_OPT_FAMILY;
}
enum ipset_opt enum_IPSET_OPT_IP() {
    return IPSET_OPT_IP;
}
enum ipset_opt enum_IPSET_OPT_ETHER() {
    return IPSET_OPT_ETHER;
}
enum ipset_opt enum_IPSET_OPT_TYPENAME() {
    return IPSET_OPT_TYPENAME;
}

enum ipset_cmd enum_IPSET_CMD_CREATE() {
    return IPSET_CMD_CREATE;
}
enum ipset_cmd enum_IPSET_CMD_FLUSH() {
    return IPSET_CMD_FLUSH;
}
enum ipset_cmd enum_IPSET_CMD_LIST() {
    return IPSET_CMD_LIST;
}
enum ipset_cmd enum_IPSET_CMD_DEL() {
    return IPSET_CMD_DEL;
}
enum ipset_cmd enum_IPSET_CMD_ADD() {
    return IPSET_CMD_ADD;
}

enum ipset_err_type enum_IPSET_ERROR() {
    return IPSET_ERROR;
}

libipset.rs

lazy_static! {
    // enum ipset_opt
    pub static ref IPSET_SETNAME: ipset_opt = unsafe { enum_IPSET_SETNAME() };
    pub static ref IPSET_OPT_FAMILY: ipset_opt = unsafe { enum_IPSET_OPT_FAMILY() };
    pub static ref IPSET_OPT_IP: ipset_opt = unsafe { enum_IPSET_OPT_IP() };
    pub static ref IPSET_OPT_ETHER: ipset_opt = unsafe { enum_IPSET_OPT_ETHER() };
    pub static ref IPSET_OPT_TYPENAME: ipset_opt = unsafe { enum_IPSET_OPT_TYPENAME() };

    // enum ipset_cmd
    pub static ref IPSET_CMD_CREATE: ipset_cmd = unsafe { enum_IPSET_CMD_CREATE() };
    pub static ref IPSET_CMD_FLUSH: ipset_cmd = unsafe { enum_IPSET_CMD_FLUSH() };
    pub static ref IPSET_CMD_LIST: ipset_cmd = unsafe { enum_IPSET_CMD_LIST() };
    pub static ref IPSET_CMD_DEL: ipset_cmd = unsafe { enum_IPSET_CMD_DEL() };
    pub static ref IPSET_CMD_ADD: ipset_cmd = unsafe { enum_IPSET_CMD_ADD() };

    // enum ipset_err_type
    pub static ref IPSET_ERROR: ipset_err_type = unsafe { enum_IPSET_ERROR() };
}

build.rs

fn main() {
    cc::Build::new()
        .file("src/ipset/libipset.c")
        .debug(true)
        .compile("libipset");
    println!("cargo:rustc-link-lib=ipset");
    println!("cargo:rerun-if-changed=src/ipset/libipset.c");
}

Answer 4 · 2024-05-08T03:45:41.000Z

This seems like a common issue that needs to be resolved with bindgen, let me check if bindgen offers a similar solution

Answer 5 · 2024-05-08T05:20:00.000Z

You can run build.sh then rebuild the crate. I will merge build.sh with build.rs later

Answer 6 · 2024-05-08T05:55:07.000Z

v0.7.1 solved this