1/* 2 * Copyright (C) 1993-2001 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * 6 * @(#)ip_fil.h 1.35 6/5/96 7 * $Id: ip_sync.h,v 2.11.2.4 2006/07/14 06:12:20 darrenr Exp $ 8 */ 9 10#ifndef __IP_SYNC_H__ 11#define __IP_SYNC_H__ 12 13typedef struct synchdr { 14 u_32_t sm_magic; /* magic */ 15 u_char sm_v; /* version: 4,6 */ 16 u_char sm_p; /* protocol */ 17 u_char sm_cmd; /* command */ 18 u_char sm_table; /* NAT, STATE, etc */ 19 u_int sm_num; /* table entry number */ 20 int sm_rev; /* forward/reverse */ 21 int sm_len; /* length of the data section */ 22 struct synclist *sm_sl; /* back pointer to parent */ 23} synchdr_t; 24 25 26#define SYNHDRMAGIC 0x0FF51DE5 27 28/* 29 * Commands 30 * No delete required as expirey will take care of that! 31 */ 32#define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */ 33#define SMC_UPDATE 1 34#define SMC_MAXCMD 1 35 36/* 37 * Tables 38 */ 39#define SMC_NAT 0 40#define SMC_STATE 1 41#define SMC_MAXTBL 1 42 43 44/* 45 * Only TCP requires "more" information than just a reference to the entry 46 * for which an update is being made. 47 */ 48typedef struct synctcp_update { 49 u_long stu_age; 50 tcpdata_t stu_data[2]; 51 int stu_state[2]; 52} synctcp_update_t; 53 54 55typedef struct synclist { 56 struct synclist *sl_next; 57 struct synclist **sl_pnext; 58 int sl_idx; /* update index */ 59 struct synchdr sl_hdr; 60 union { 61 struct ipstate *slu_ips; 62 struct nat *slu_ipn; 63 void *slu_ptr; 64 } sl_un; 65} synclist_t; 66 67#define sl_ptr sl_un.slu_ptr 68#define sl_ips sl_un.slu_ips 69#define sl_ipn sl_un.slu_ipn 70#define sl_magic sl_hdr.sm_magic 71#define sl_v sl_hdr.sm_v 72#define sl_p sl_hdr.sm_p 73#define sl_cmd sl_hdr.sm_cmd 74#define sl_rev sl_hdr.sm_rev 75#define sl_table sl_hdr.sm_table 76#define sl_num sl_hdr.sm_num 77#define sl_len sl_hdr.sm_len 78 79/* 80 * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two 81 * up for whatever number of packets per second you expect to see. Be 82 * warned: this index's a table of large elements (upto 272 bytes in size 83 * each), and thus a size of 8192, for example, results in a 2MB table. 84 * The lesson here is not to use small machines for running fast firewalls 85 * (100BaseT) in sync, where you might have upwards of 10k pps. 86 */ 87#define SYNCLOG_SZ 256 88 89typedef struct synclogent { 90 struct synchdr sle_hdr; 91 union { 92 struct ipstate sleu_ips; 93 struct nat sleu_ipn; 94 } sle_un; 95} synclogent_t; 96 97typedef struct syncupdent { /* 28 or 32 bytes */ 98 struct synchdr sup_hdr; 99 struct synctcp_update sup_tcp; 100} syncupdent_t; 101 102extern synclogent_t synclog[SYNCLOG_SZ]; 103 104 105extern int fr_sync_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); 106extern synclist_t *ipfsync_new __P((int, fr_info_t *, void *)); 107extern void ipfsync_del __P((synclist_t *)); 108extern void ipfsync_update __P((int, fr_info_t *, synclist_t *)); 109extern int ipfsync_init __P((void)); 110extern int ipfsync_nat __P((synchdr_t *sp, void *data)); 111extern int ipfsync_state __P((synchdr_t *sp, void *data)); 112extern int ipfsync_read __P((struct uio *uio)); 113extern int ipfsync_write __P((struct uio *uio)); 114extern int ipfsync_canread __P((void)); 115extern int ipfsync_canwrite __P((void)); 116 117#endif /* IP_SYNC */ 118