1 /* $NetBSD: ip_sync.h,v 1.3 2012/07/22 14:27:51 darrenr Exp $ */ 2 3 /* 4 * Copyright (C) 2012 by Darren Reed. 5 * 6 * See the IPFILTER.LICENCE file for details on licencing. 7 * 8 * @(#)ip_fil.h 1.35 6/5/96 9 * Id: ip_sync.h,v 2.19.2.1 2012/01/26 05:29:13 darrenr Exp 10 */ 11 12 #ifndef __IP_SYNC_H__ 13 #define __IP_SYNC_H__ 14 15 typedef struct synchdr { 16 u_32_t sm_magic; /* magic */ 17 u_char sm_v; /* version: 4,6 */ 18 u_char sm_p; /* protocol */ 19 u_char sm_cmd; /* command */ 20 u_char sm_table; /* NAT, STATE, etc */ 21 u_int sm_num; /* table entry number */ 22 int sm_rev; /* forward/reverse */ 23 int sm_len; /* length of the data section */ 24 struct synclist *sm_sl; /* back pointer to parent */ 25 } synchdr_t; 26 27 28 #define SYNHDRMAGIC 0x0FF51DE5 29 30 /* 31 * Commands 32 * No delete required as expirey will take care of that! 33 */ 34 #define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */ 35 #define SMC_UPDATE 1 36 #define SMC_MAXCMD 1 37 38 /* 39 * Tables 40 */ 41 #define SMC_RLOG -2 /* Only used with SIOCIPFFL */ 42 #define SMC_NAT 0 43 #define SMC_STATE 1 44 #define SMC_MAXTBL 1 45 46 47 /* 48 * Only TCP requires "more" information than just a reference to the entry 49 * for which an update is being made. 50 */ 51 typedef struct synctcp_update { 52 u_long stu_age; 53 tcpdata_t stu_data[2]; 54 int stu_state[2]; 55 } synctcp_update_t; 56 57 58 typedef struct synclist { 59 struct synclist *sl_next; 60 struct synclist **sl_pnext; 61 int sl_idx; /* update index */ 62 struct synchdr sl_hdr; 63 union { 64 struct ipstate *slu_ips; 65 struct nat *slu_ipn; 66 void *slu_ptr; 67 } sl_un; 68 } synclist_t; 69 70 #define sl_ptr sl_un.slu_ptr 71 #define sl_ips sl_un.slu_ips 72 #define sl_ipn sl_un.slu_ipn 73 #define sl_magic sl_hdr.sm_magic 74 #define sl_v sl_hdr.sm_v 75 #define sl_p sl_hdr.sm_p 76 #define sl_cmd sl_hdr.sm_cmd 77 #define sl_rev sl_hdr.sm_rev 78 #define sl_table sl_hdr.sm_table 79 #define sl_num sl_hdr.sm_num 80 #define sl_len sl_hdr.sm_len 81 82 /* 83 * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two 84 * up for whatever number of packets per second you expect to see. Be 85 * warned: this index's a table of large elements (upto 272 bytes in size 86 * each), and thus a size of 8192, for example, results in a 2MB table. 87 * The lesson here is not to use small machines for running fast firewalls 88 * (100BaseT) in sync, where you might have upwards of 10k pps. 89 */ 90 #define SYNCLOG_SZ 256 91 92 typedef struct synclogent { 93 struct synchdr sle_hdr; 94 union { 95 struct ipstate sleu_ips; 96 struct nat sleu_ipn; 97 } sle_un; 98 } synclogent_t; 99 100 typedef struct syncupdent { /* 28 or 32 bytes */ 101 struct synchdr sup_hdr; 102 struct synctcp_update sup_tcp; 103 } syncupdent_t; 104 105 extern void *ipf_sync_create(ipf_main_softc_t *); 106 extern int ipf_sync_soft_init(ipf_main_softc_t *, void *); 107 extern int ipf_sync_soft_fini(ipf_main_softc_t *, void *); 108 extern int ipf_sync_canread(void *); 109 extern int ipf_sync_canwrite(void *); 110 extern void ipf_sync_del_nat(void *, synclist_t *); 111 extern void ipf_sync_del_state(void *, synclist_t *); 112 extern int ipf_sync_init(void); 113 extern int ipf_sync_ioctl(ipf_main_softc_t *, void *, ioctlcmd_t, int, int, void *); 114 extern synclist_t *ipf_sync_new(ipf_main_softc_t *, int, fr_info_t *, void *); 115 extern int ipf_sync_read(ipf_main_softc_t *, struct uio *uio); 116 extern int ipf_sync_write(ipf_main_softc_t *, struct uio *uio); 117 extern int ipf_sync_main_unload(void); 118 extern void ipf_sync_update(ipf_main_softc_t *, int, fr_info_t *, synclist_t *); 119 extern void ipf_sync_expire(ipf_main_softc_t *); 120 extern void ipf_sync_soft_destroy(ipf_main_softc_t *, void *); 121 extern void *ipf_sync_soft_create(ipf_main_softc_t *); 122 123 #endif /* __IP_SYNC_H__ */ 124