198944Sobrien/* 298944Sobrien * Copyright (C) 2012 by Darren Reed. 3130803Smarcel * 4130803Smarcel * See the IPFILTER.LICENCE file for details on licencing. 598944Sobrien * 698944Sobrien * @(#)ip_fil.h 1.35 6/5/96 798944Sobrien * $Id$ 898944Sobrien */ 998944Sobrien 1098944Sobrien#ifndef __IP_SYNC_H__ 1198944Sobrien#define __IP_SYNC_H__ 1298944Sobrien 1398944Sobrientypedef struct synchdr { 1498944Sobrien u_32_t sm_magic; /* magic */ 1598944Sobrien u_char sm_v; /* version: 4,6 */ 1698944Sobrien u_char sm_p; /* protocol */ 1798944Sobrien u_char sm_cmd; /* command */ 1898944Sobrien u_char sm_table; /* NAT, STATE, etc */ 1998944Sobrien u_int sm_num; /* table entry number */ 2098944Sobrien int sm_rev; /* forward/reverse */ 2198944Sobrien int sm_len; /* length of the data section */ 2298944Sobrien struct synclist *sm_sl; /* back pointer to parent */ 23130803Smarcel} synchdr_t; 2498944Sobrien 25130803Smarcel 2698944Sobrien#define SYNHDRMAGIC 0x0FF51DE5 27130803Smarcel 28130803Smarcel/* 29130803Smarcel * Commands 3098944Sobrien * No delete required as expirey will take care of that! 3198944Sobrien */ 3298944Sobrien#define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */ 3398944Sobrien#define SMC_UPDATE 1 3498944Sobrien#define SMC_MAXCMD 1 3598944Sobrien 3698944Sobrien/* 3798944Sobrien * Tables 3898944Sobrien */ 3998944Sobrien#define SMC_RLOG -2 /* Only used with SIOCIPFFL */ 40130803Smarcel#define SMC_NAT 0 4198944Sobrien#define SMC_STATE 1 4298944Sobrien#define SMC_MAXTBL 1 4398944Sobrien 4498944Sobrien 4598944Sobrien/* 4698944Sobrien * Only TCP requires "more" information than just a reference to the entry 4798944Sobrien * for which an update is being made. 4898944Sobrien */ 4998944Sobrientypedef struct synctcp_update { 5098944Sobrien u_long stu_age; 5198944Sobrien tcpdata_t stu_data[2]; 5298944Sobrien int stu_state[2]; 5398944Sobrien} synctcp_update_t; 5498944Sobrien 5598944Sobrien 5698944Sobrientypedef struct synclist { 5798944Sobrien struct synclist *sl_next; 5898944Sobrien struct synclist **sl_pnext; 5998944Sobrien int sl_idx; /* update index */ 6098944Sobrien struct synchdr sl_hdr; 6198944Sobrien union { 6298944Sobrien struct ipstate *slu_ips; 6398944Sobrien struct nat *slu_ipn; 6498944Sobrien void *slu_ptr; 6598944Sobrien } sl_un; 6698944Sobrien} synclist_t; 6798944Sobrien 6898944Sobrien#define sl_ptr sl_un.slu_ptr 6998944Sobrien#define sl_ips sl_un.slu_ips 7098944Sobrien#define sl_ipn sl_un.slu_ipn 7198944Sobrien#define sl_magic sl_hdr.sm_magic 7298944Sobrien#define sl_v sl_hdr.sm_v 7398944Sobrien#define sl_p sl_hdr.sm_p 74130803Smarcel#define sl_cmd sl_hdr.sm_cmd 75130803Smarcel#define sl_rev sl_hdr.sm_rev 76130803Smarcel#define sl_table sl_hdr.sm_table 77130803Smarcel#define sl_num sl_hdr.sm_num 78130803Smarcel#define sl_len sl_hdr.sm_len 7998944Sobrien 8098944Sobrien/* 8198944Sobrien * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two 82130803Smarcel * up for whatever number of packets per second you expect to see. Be 83130803Smarcel * warned: this index's a table of large elements (upto 272 bytes in size 84130803Smarcel * each), and thus a size of 8192, for example, results in a 2MB table. 8598944Sobrien * The lesson here is not to use small machines for running fast firewalls 8698944Sobrien * (100BaseT) in sync, where you might have upwards of 10k pps. 8798944Sobrien */ 8898944Sobrien#define SYNCLOG_SZ 256 8998944Sobrien 9098944Sobrientypedef struct synclogent { 9198944Sobrien struct synchdr sle_hdr; 9298944Sobrien union { 9398944Sobrien struct ipstate sleu_ips; 9498944Sobrien struct nat sleu_ipn; 9598944Sobrien } sle_un; 9698944Sobrien} synclogent_t; 9798944Sobrien 9898944Sobrientypedef struct syncupdent { /* 28 or 32 bytes */ 9998944Sobrien struct synchdr sup_hdr; 10098944Sobrien struct synctcp_update sup_tcp; 10198944Sobrien} syncupdent_t; 10298944Sobrien 10398944Sobrienextern void *ipf_sync_create __P((ipf_main_softc_t *)); 10498944Sobrienextern int ipf_sync_soft_init __P((ipf_main_softc_t *, void *)); 10598944Sobrienextern int ipf_sync_soft_fini __P((ipf_main_softc_t *, void *)); 10698944Sobrienextern int ipf_sync_canread __P((void *)); 10798944Sobrienextern int ipf_sync_canwrite __P((void *)); 10898944Sobrienextern void ipf_sync_del_nat __P((void *, synclist_t *)); 10998944Sobrienextern void ipf_sync_del_state __P((void *, synclist_t *)); 11098944Sobrienextern int ipf_sync_init __P((void)); 11198944Sobrienextern int ipf_sync_ioctl __P((ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, int, void *)); 11298944Sobrienextern synclist_t *ipf_sync_new __P((ipf_main_softc_t *, int, fr_info_t *, void *)); 11398944Sobrienextern int ipf_sync_read __P((ipf_main_softc_t *, struct uio *uio)); 11498944Sobrienextern int ipf_sync_write __P((ipf_main_softc_t *, struct uio *uio)); 11598944Sobrienextern int ipf_sync_main_unload __P((void)); 11698944Sobrienextern void ipf_sync_update __P((ipf_main_softc_t *, int, fr_info_t *, synclist_t *)); 11798944Sobrienextern void ipf_sync_expire __P((ipf_main_softc_t *)); 11898944Sobrienextern void ipf_sync_soft_destroy __P((ipf_main_softc_t *, void *)); 11998944Sobrienextern void *ipf_sync_soft_create __P((ipf_main_softc_t *)); 12098944Sobrien 12198944Sobrien#endif /* __IP_SYNC_H__ */ 12298944Sobrien