xref: /netbsd-current/sys/external/bsd/ipf/netinet/ip_sync.h

/*	$NetBSD: ip_sync.h,v 1.2 2012/03/23 20:39:50 christos Exp $	*/

/*
 * Copyright (C) 2012 by Darren Reed.
 *
 * See the IPFILTER.LICENCE file for details on licencing.
 *
 * @(#)ip_fil.h	1.35 6/5/96
 * Id: ip_sync.h,v 2.19.2.1 2012/01/26 05:29:13 darrenr Exp
 */

#ifndef __IP_SYNC_H__
#define __IP_SYNC_H__

typedef	struct	synchdr	{
	u_32_t		sm_magic;	/* magic */
	u_char		sm_v;		/* version: 4,6 */
	u_char		sm_p;		/* protocol */
	u_char		sm_cmd;		/* command */
	u_char		sm_table;	/* NAT, STATE, etc */
	u_int		sm_num;		/* table entry number */
	int		sm_rev;		/* forward/reverse */
	int		sm_len;		/* length of the data section */
	struct	synclist	*sm_sl;		/* back pointer to parent */
} synchdr_t;


#define SYNHDRMAGIC 0x0FF51DE5

/*
 * Commands
 * No delete required as expirey will take care of that!
 */
#define	SMC_CREATE	0	/* pass ipstate_t after synchdr_t */
#define	SMC_UPDATE	1
#define	SMC_MAXCMD	1

/*
 * Tables
 */
#define	SMC_RLOG	-2	/* Only used with SIOCIPFFL */
#define	SMC_NAT		0
#define	SMC_STATE	1
#define	SMC_MAXTBL	1


/*
 * Only TCP requires "more" information than just a reference to the entry
 * for which an update is being made.
 */
typedef	struct	synctcp_update	{
	u_long		stu_age;
	tcpdata_t	stu_data[2];
	int		stu_state[2];
} synctcp_update_t;


typedef	struct	synclist	{
	struct	synclist	*sl_next;
	struct	synclist	**sl_pnext;
	int			sl_idx;		/* update index */
	struct	synchdr		sl_hdr;
	union	{
		struct	ipstate	*slu_ips;
		struct	nat	*slu_ipn;
		void		*slu_ptr;
	} sl_un;
} synclist_t;

#define	sl_ptr	sl_un.slu_ptr
#define	sl_ips	sl_un.slu_ips
#define	sl_ipn	sl_un.slu_ipn
#define	sl_magic sl_hdr.sm_magic
#define	sl_v	sl_hdr.sm_v
#define	sl_p	sl_hdr.sm_p
#define	sl_cmd	sl_hdr.sm_cmd
#define	sl_rev	sl_hdr.sm_rev
#define	sl_table	sl_hdr.sm_table
#define	sl_num	sl_hdr.sm_num
#define	sl_len	sl_hdr.sm_len

/*
 * NOTE: SYNCLOG_SZ is defined *low*.  It should be the next power of two
 * up for whatever number of packets per second you expect to see.  Be
 * warned: this index's a table of large elements (upto 272 bytes in size
 * each), and thus a size of 8192, for example, results in a 2MB table.
 * The lesson here is not to use small machines for running fast firewalls
 * (100BaseT) in sync, where you might have upwards of 10k pps.
 */
#define	SYNCLOG_SZ	256

typedef	struct	synclogent	{
	struct	synchdr	sle_hdr;
	union	{
		struct	ipstate	sleu_ips;
		struct	nat	sleu_ipn;
	} sle_un;
} synclogent_t;

typedef	struct	syncupdent	{		/* 28 or 32 bytes */
	struct	synchdr	sup_hdr;
	struct	synctcp_update	sup_tcp;
} syncupdent_t;

extern	void *ipf_sync_create(ipf_main_softc_t *);
extern	int ipf_sync_soft_init(ipf_main_softc_t *, void *);
extern	int ipf_sync_soft_fini(ipf_main_softc_t *, void *);
extern	int ipf_sync_canread(void *);
extern	int ipf_sync_canwrite(void *);
extern	void ipf_sync_del_nat(void *, synclist_t *);
extern	void ipf_sync_del_state(void *, synclist_t *);
extern	int ipf_sync_init(void);
extern	int ipf_sync_ioctl(ipf_main_softc_t *, void *, ioctlcmd_t, int, int, void *);
extern	synclist_t *ipf_sync_new(ipf_main_softc_t *, int, fr_info_t *, void *);
extern	int ipf_sync_read(ipf_main_softc_t *, struct uio *uio);
extern	int ipf_sync_write(ipf_main_softc_t *, struct uio *uio);
extern	int ipf_sync_main_unload(void);
extern	void ipf_sync_update(ipf_main_softc_t *, int, fr_info_t *, synclist_t *);
extern	void ipf_sync_expire(ipf_main_softc_t *);
extern	void	ipf_sync_soft_destroy(ipf_main_softc_t *, void *);
extern	void	*ipf_sync_soft_create(ipf_main_softc_t *);

#endif /* __IP_SYNC_H__ */