1/* 2 * Copyright (C) 2012 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * 6 * @(#)ip_fil.h 1.35 6/5/96 7 * $Id$ 8 */ 9 10#ifndef __IP_SYNC_H__ 11#define __IP_SYNC_H__ 12 13typedef struct synchdr { 14 u_32_t sm_magic; /* magic */ 15 u_char sm_v; /* version: 4,6 */ 16 u_char sm_p; /* protocol */ 17 u_char sm_cmd; /* command */ 18 u_char sm_table; /* NAT, STATE, etc */ 19 u_int sm_num; /* table entry number */ 20 int sm_rev; /* forward/reverse */ 21 int sm_len; /* length of the data section */ 22 struct synclist *sm_sl; /* back pointer to parent */ 23} synchdr_t; 24 25 26#define SYNHDRMAGIC 0x0FF51DE5 27 28/* 29 * Commands 30 * No delete required as expirey will take care of that! 31 */ 32#define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */ 33#define SMC_UPDATE 1 34#define SMC_MAXCMD 1 35 36/* 37 * Tables 38 */ 39#define SMC_RLOG -2 /* Only used with SIOCIPFFL */ 40#define SMC_NAT 0 41#define SMC_STATE 1 42#define SMC_MAXTBL 1 43 44 45/* 46 * Only TCP requires "more" information than just a reference to the entry 47 * for which an update is being made. 48 */ 49typedef struct synctcp_update { 50 u_long stu_age; 51 tcpdata_t stu_data[2]; 52 int stu_state[2]; 53} synctcp_update_t; 54 55 56typedef struct synclist { 57 struct synclist *sl_next; 58 struct synclist **sl_pnext; 59 int sl_idx; /* update index */ 60 struct synchdr sl_hdr; 61 union { 62 struct ipstate *slu_ips; 63 struct nat *slu_ipn; 64 void *slu_ptr; 65 } sl_un; 66} synclist_t; 67 68#define sl_ptr sl_un.slu_ptr 69#define sl_ips sl_un.slu_ips 70#define sl_ipn sl_un.slu_ipn 71#define sl_magic sl_hdr.sm_magic 72#define sl_v sl_hdr.sm_v 73#define sl_p sl_hdr.sm_p 74#define sl_cmd sl_hdr.sm_cmd 75#define sl_rev sl_hdr.sm_rev 76#define sl_table sl_hdr.sm_table 77#define sl_num sl_hdr.sm_num 78#define sl_len sl_hdr.sm_len 79 80/* 81 * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two 82 * up for whatever number of packets per second you expect to see. Be 83 * warned: this index's a table of large elements (upto 272 bytes in size 84 * each), and thus a size of 8192, for example, results in a 2MB table. 85 * The lesson here is not to use small machines for running fast firewalls 86 * (100BaseT) in sync, where you might have upwards of 10k pps. 87 */ 88#define SYNCLOG_SZ 256 89 90typedef struct synclogent { 91 struct synchdr sle_hdr; 92 union { 93 struct ipstate sleu_ips; 94 struct nat sleu_ipn; 95 } sle_un; 96} synclogent_t; 97 98typedef struct syncupdent { /* 28 or 32 bytes */ 99 struct synchdr sup_hdr; 100 struct synctcp_update sup_tcp; 101} syncupdent_t; 102 103extern void *ipf_sync_create __P((ipf_main_softc_t *)); 104extern int ipf_sync_soft_init __P((ipf_main_softc_t *, void *)); 105extern int ipf_sync_soft_fini __P((ipf_main_softc_t *, void *)); 106extern int ipf_sync_canread __P((void *)); 107extern int ipf_sync_canwrite __P((void *)); 108extern void ipf_sync_del_nat __P((void *, synclist_t *)); 109extern void ipf_sync_del_state __P((void *, synclist_t *)); 110extern int ipf_sync_init __P((void)); 111extern int ipf_sync_ioctl __P((ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, int, void *)); 112extern synclist_t *ipf_sync_new __P((ipf_main_softc_t *, int, fr_info_t *, void *)); 113extern int ipf_sync_read __P((ipf_main_softc_t *, struct uio *uio)); 114extern int ipf_sync_write __P((ipf_main_softc_t *, struct uio *uio)); 115extern int ipf_sync_main_unload __P((void)); 116extern void ipf_sync_update __P((ipf_main_softc_t *, int, fr_info_t *, synclist_t *)); 117extern void ipf_sync_expire __P((ipf_main_softc_t *)); 118extern void ipf_sync_soft_destroy __P((ipf_main_softc_t *, void *)); 119extern void *ipf_sync_soft_create __P((ipf_main_softc_t *)); 120 121#endif /* __IP_SYNC_H__ */ 122