1145516Sdarrenr/* 2145516Sdarrenr * Copyright (C) 1993-2001 by Darren Reed. 3145516Sdarrenr * 4145516Sdarrenr * See the IPFILTER.LICENCE file for details on licencing. 5145516Sdarrenr * 6145516Sdarrenr * @(#)ip_fil.h 1.35 6/5/96 7170263Sdarrenr * $Id: ip_sync.h,v 2.11.2.4 2006/07/14 06:12:20 darrenr Exp $ 8145516Sdarrenr */ 9145516Sdarrenr 10145516Sdarrenr#ifndef __IP_SYNC_H__ 11145516Sdarrenr#define __IP_SYNC_H__ 12145516Sdarrenr 13145516Sdarrenrtypedef struct synchdr { 14145516Sdarrenr u_32_t sm_magic; /* magic */ 15145516Sdarrenr u_char sm_v; /* version: 4,6 */ 16145516Sdarrenr u_char sm_p; /* protocol */ 17145516Sdarrenr u_char sm_cmd; /* command */ 18145516Sdarrenr u_char sm_table; /* NAT, STATE, etc */ 19145516Sdarrenr u_int sm_num; /* table entry number */ 20145516Sdarrenr int sm_rev; /* forward/reverse */ 21145516Sdarrenr int sm_len; /* length of the data section */ 22145516Sdarrenr struct synclist *sm_sl; /* back pointer to parent */ 23145516Sdarrenr} synchdr_t; 24145516Sdarrenr 25145516Sdarrenr 26145516Sdarrenr#define SYNHDRMAGIC 0x0FF51DE5 27145516Sdarrenr 28145516Sdarrenr/* 29145516Sdarrenr * Commands 30145516Sdarrenr * No delete required as expirey will take care of that! 31145516Sdarrenr */ 32145516Sdarrenr#define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */ 33145516Sdarrenr#define SMC_UPDATE 1 34145516Sdarrenr#define SMC_MAXCMD 1 35145516Sdarrenr 36145516Sdarrenr/* 37145516Sdarrenr * Tables 38145516Sdarrenr */ 39145516Sdarrenr#define SMC_NAT 0 40145516Sdarrenr#define SMC_STATE 1 41145516Sdarrenr#define SMC_MAXTBL 1 42145516Sdarrenr 43145516Sdarrenr 44145516Sdarrenr/* 45145516Sdarrenr * Only TCP requires "more" information than just a reference to the entry 46145516Sdarrenr * for which an update is being made. 47145516Sdarrenr */ 48145516Sdarrenrtypedef struct synctcp_update { 49145516Sdarrenr u_long stu_age; 50145516Sdarrenr tcpdata_t stu_data[2]; 51145516Sdarrenr int stu_state[2]; 52145516Sdarrenr} synctcp_update_t; 53145516Sdarrenr 54145516Sdarrenr 55145516Sdarrenrtypedef struct synclist { 56145516Sdarrenr struct synclist *sl_next; 57145516Sdarrenr struct synclist **sl_pnext; 58145516Sdarrenr int sl_idx; /* update index */ 59145516Sdarrenr struct synchdr sl_hdr; 60145516Sdarrenr union { 61145516Sdarrenr struct ipstate *slu_ips; 62145516Sdarrenr struct nat *slu_ipn; 63145516Sdarrenr void *slu_ptr; 64145516Sdarrenr } sl_un; 65145516Sdarrenr} synclist_t; 66145516Sdarrenr 67145516Sdarrenr#define sl_ptr sl_un.slu_ptr 68145516Sdarrenr#define sl_ips sl_un.slu_ips 69145516Sdarrenr#define sl_ipn sl_un.slu_ipn 70145516Sdarrenr#define sl_magic sl_hdr.sm_magic 71145516Sdarrenr#define sl_v sl_hdr.sm_v 72145516Sdarrenr#define sl_p sl_hdr.sm_p 73145516Sdarrenr#define sl_cmd sl_hdr.sm_cmd 74145516Sdarrenr#define sl_rev sl_hdr.sm_rev 75145516Sdarrenr#define sl_table sl_hdr.sm_table 76145516Sdarrenr#define sl_num sl_hdr.sm_num 77145516Sdarrenr#define sl_len sl_hdr.sm_len 78145516Sdarrenr 79145516Sdarrenr/* 80145516Sdarrenr * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two 81145516Sdarrenr * up for whatever number of packets per second you expect to see. Be 82145516Sdarrenr * warned: this index's a table of large elements (upto 272 bytes in size 83145516Sdarrenr * each), and thus a size of 8192, for example, results in a 2MB table. 84145516Sdarrenr * The lesson here is not to use small machines for running fast firewalls 85145516Sdarrenr * (100BaseT) in sync, where you might have upwards of 10k pps. 86145516Sdarrenr */ 87145516Sdarrenr#define SYNCLOG_SZ 256 88145516Sdarrenr 89145516Sdarrenrtypedef struct synclogent { 90145516Sdarrenr struct synchdr sle_hdr; 91145516Sdarrenr union { 92145516Sdarrenr struct ipstate sleu_ips; 93145516Sdarrenr struct nat sleu_ipn; 94145516Sdarrenr } sle_un; 95145516Sdarrenr} synclogent_t; 96145516Sdarrenr 97145516Sdarrenrtypedef struct syncupdent { /* 28 or 32 bytes */ 98145516Sdarrenr struct synchdr sup_hdr; 99145516Sdarrenr struct synctcp_update sup_tcp; 100145516Sdarrenr} syncupdent_t; 101145516Sdarrenr 102145516Sdarrenrextern synclogent_t synclog[SYNCLOG_SZ]; 103145516Sdarrenr 104145516Sdarrenr 105170263Sdarrenrextern int fr_sync_ioctl __P((caddr_t, ioctlcmd_t, int, int, void *)); 106170263Sdarrenrextern synclist_t *ipfsync_new __P((int, fr_info_t *, void *)); 107170263Sdarrenrextern void ipfsync_del __P((synclist_t *)); 108170263Sdarrenrextern void ipfsync_update __P((int, fr_info_t *, synclist_t *)); 109170263Sdarrenrextern int ipfsync_init __P((void)); 110170263Sdarrenrextern int ipfsync_nat __P((synchdr_t *sp, void *data)); 111170263Sdarrenrextern int ipfsync_state __P((synchdr_t *sp, void *data)); 112170263Sdarrenrextern int ipfsync_read __P((struct uio *uio)); 113170263Sdarrenrextern int ipfsync_write __P((struct uio *uio)); 114170263Sdarrenrextern int ipfsync_canread __P((void)); 115170263Sdarrenrextern int ipfsync_canwrite __P((void)); 116145516Sdarrenr 117145516Sdarrenr#endif /* IP_SYNC */ 118