1145516Sdarrenr/* 2255332Scy * Copyright (C) 2012 by Darren Reed. 3145516Sdarrenr * 4145516Sdarrenr * See the IPFILTER.LICENCE file for details on licencing. 5145516Sdarrenr * 6145516Sdarrenr * @(#)ip_fil.h 1.35 6/5/96 7255332Scy * $Id$ 8145516Sdarrenr */ 9145516Sdarrenr 10145516Sdarrenr#ifndef __IP_SYNC_H__ 11145516Sdarrenr#define __IP_SYNC_H__ 12145516Sdarrenr 13145516Sdarrenrtypedef struct synchdr { 14145516Sdarrenr u_32_t sm_magic; /* magic */ 15145516Sdarrenr u_char sm_v; /* version: 4,6 */ 16145516Sdarrenr u_char sm_p; /* protocol */ 17145516Sdarrenr u_char sm_cmd; /* command */ 18145516Sdarrenr u_char sm_table; /* NAT, STATE, etc */ 19145516Sdarrenr u_int sm_num; /* table entry number */ 20145516Sdarrenr int sm_rev; /* forward/reverse */ 21145516Sdarrenr int sm_len; /* length of the data section */ 22145516Sdarrenr struct synclist *sm_sl; /* back pointer to parent */ 23145516Sdarrenr} synchdr_t; 24145516Sdarrenr 25145516Sdarrenr 26145516Sdarrenr#define SYNHDRMAGIC 0x0FF51DE5 27145516Sdarrenr 28145516Sdarrenr/* 29145516Sdarrenr * Commands 30145516Sdarrenr * No delete required as expirey will take care of that! 31145516Sdarrenr */ 32145516Sdarrenr#define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */ 33145516Sdarrenr#define SMC_UPDATE 1 34145516Sdarrenr#define SMC_MAXCMD 1 35145516Sdarrenr 36145516Sdarrenr/* 37145516Sdarrenr * Tables 38145516Sdarrenr */ 39255332Scy#define SMC_RLOG -2 /* Only used with SIOCIPFFL */ 40145516Sdarrenr#define SMC_NAT 0 41145516Sdarrenr#define SMC_STATE 1 42145516Sdarrenr#define SMC_MAXTBL 1 43145516Sdarrenr 44145516Sdarrenr 45145516Sdarrenr/* 46145516Sdarrenr * Only TCP requires "more" information than just a reference to the entry 47145516Sdarrenr * for which an update is being made. 48145516Sdarrenr */ 49145516Sdarrenrtypedef struct synctcp_update { 50145516Sdarrenr u_long stu_age; 51145516Sdarrenr tcpdata_t stu_data[2]; 52145516Sdarrenr int stu_state[2]; 53145516Sdarrenr} synctcp_update_t; 54145516Sdarrenr 55145516Sdarrenr 56145516Sdarrenrtypedef struct synclist { 57145516Sdarrenr struct synclist *sl_next; 58145516Sdarrenr struct synclist **sl_pnext; 59145516Sdarrenr int sl_idx; /* update index */ 60145516Sdarrenr struct synchdr sl_hdr; 61145516Sdarrenr union { 62145516Sdarrenr struct ipstate *slu_ips; 63145516Sdarrenr struct nat *slu_ipn; 64145516Sdarrenr void *slu_ptr; 65145516Sdarrenr } sl_un; 66145516Sdarrenr} synclist_t; 67145516Sdarrenr 68145516Sdarrenr#define sl_ptr sl_un.slu_ptr 69145516Sdarrenr#define sl_ips sl_un.slu_ips 70145516Sdarrenr#define sl_ipn sl_un.slu_ipn 71145516Sdarrenr#define sl_magic sl_hdr.sm_magic 72145516Sdarrenr#define sl_v sl_hdr.sm_v 73145516Sdarrenr#define sl_p sl_hdr.sm_p 74145516Sdarrenr#define sl_cmd sl_hdr.sm_cmd 75145516Sdarrenr#define sl_rev sl_hdr.sm_rev 76145516Sdarrenr#define sl_table sl_hdr.sm_table 77145516Sdarrenr#define sl_num sl_hdr.sm_num 78145516Sdarrenr#define sl_len sl_hdr.sm_len 79145516Sdarrenr 80145516Sdarrenr/* 81145516Sdarrenr * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two 82145516Sdarrenr * up for whatever number of packets per second you expect to see. Be 83145516Sdarrenr * warned: this index's a table of large elements (upto 272 bytes in size 84145516Sdarrenr * each), and thus a size of 8192, for example, results in a 2MB table. 85145516Sdarrenr * The lesson here is not to use small machines for running fast firewalls 86145516Sdarrenr * (100BaseT) in sync, where you might have upwards of 10k pps. 87145516Sdarrenr */ 88145516Sdarrenr#define SYNCLOG_SZ 256 89145516Sdarrenr 90145516Sdarrenrtypedef struct synclogent { 91145516Sdarrenr struct synchdr sle_hdr; 92145516Sdarrenr union { 93145516Sdarrenr struct ipstate sleu_ips; 94145516Sdarrenr struct nat sleu_ipn; 95145516Sdarrenr } sle_un; 96145516Sdarrenr} synclogent_t; 97145516Sdarrenr 98145516Sdarrenrtypedef struct syncupdent { /* 28 or 32 bytes */ 99145516Sdarrenr struct synchdr sup_hdr; 100145516Sdarrenr struct synctcp_update sup_tcp; 101145516Sdarrenr} syncupdent_t; 102145516Sdarrenr 103255332Scyextern void *ipf_sync_create __P((ipf_main_softc_t *)); 104255332Scyextern int ipf_sync_soft_init __P((ipf_main_softc_t *, void *)); 105255332Scyextern int ipf_sync_soft_fini __P((ipf_main_softc_t *, void *)); 106255332Scyextern int ipf_sync_canread __P((void *)); 107255332Scyextern int ipf_sync_canwrite __P((void *)); 108255332Scyextern void ipf_sync_del_nat __P((void *, synclist_t *)); 109255332Scyextern void ipf_sync_del_state __P((void *, synclist_t *)); 110255332Scyextern int ipf_sync_init __P((void)); 111255332Scyextern int ipf_sync_ioctl __P((ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, int, void *)); 112255332Scyextern synclist_t *ipf_sync_new __P((ipf_main_softc_t *, int, fr_info_t *, void *)); 113255332Scyextern int ipf_sync_read __P((ipf_main_softc_t *, struct uio *uio)); 114255332Scyextern int ipf_sync_write __P((ipf_main_softc_t *, struct uio *uio)); 115255332Scyextern int ipf_sync_main_unload __P((void)); 116255332Scyextern void ipf_sync_update __P((ipf_main_softc_t *, int, fr_info_t *, synclist_t *)); 117255332Scyextern void ipf_sync_expire __P((ipf_main_softc_t *)); 118255332Scyextern void ipf_sync_soft_destroy __P((ipf_main_softc_t *, void *)); 119255332Scyextern void *ipf_sync_soft_create __P((ipf_main_softc_t *)); 120145516Sdarrenr 121255332Scy#endif /* __IP_SYNC_H__ */ 122