1 /* 2 * Copyright (C) 2012 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * 6 * @(#)ip_fil.h 1.35 6/5/96 7 * $Id$ 8 */ 9 10 #ifndef __IP_SYNC_H__ 11 #define __IP_SYNC_H__ 12 13 typedef struct synchdr { 14 u_32_t sm_magic; /* magic */ 15 u_char sm_v; /* version: 4,6 */ 16 u_char sm_p; /* protocol */ 17 u_char sm_cmd; /* command */ 18 u_char sm_table; /* NAT, STATE, etc */ 19 u_int sm_num; /* table entry number */ 20 int sm_rev; /* forward/reverse */ 21 int sm_len; /* length of the data section */ 22 struct synclist *sm_sl; /* back pointer to parent */ 23 } synchdr_t; 24 25 26 #define SYNHDRMAGIC 0x0FF51DE5 27 28 /* 29 * Commands 30 * No delete required as expirey will take care of that! 31 */ 32 #define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */ 33 #define SMC_UPDATE 1 34 #define SMC_MAXCMD 1 35 36 /* 37 * Tables 38 */ 39 #define SMC_RLOG -2 /* Only used with SIOCIPFFL */ 40 #define SMC_NAT 0 41 #define SMC_STATE 1 42 #define SMC_MAXTBL 1 43 44 45 /* 46 * Only TCP requires "more" information than just a reference to the entry 47 * for which an update is being made. 48 */ 49 typedef struct synctcp_update { 50 u_long stu_age; 51 tcpdata_t stu_data[2]; 52 int stu_state[2]; 53 } synctcp_update_t; 54 55 56 typedef struct synclist { 57 struct synclist *sl_next; 58 struct synclist **sl_pnext; 59 int sl_idx; /* update index */ 60 struct synchdr sl_hdr; 61 union { 62 struct ipstate *slu_ips; 63 struct nat *slu_ipn; 64 void *slu_ptr; 65 } sl_un; 66 } synclist_t; 67 68 #define sl_ptr sl_un.slu_ptr 69 #define sl_ips sl_un.slu_ips 70 #define sl_ipn sl_un.slu_ipn 71 #define sl_magic sl_hdr.sm_magic 72 #define sl_v sl_hdr.sm_v 73 #define sl_p sl_hdr.sm_p 74 #define sl_cmd sl_hdr.sm_cmd 75 #define sl_rev sl_hdr.sm_rev 76 #define sl_table sl_hdr.sm_table 77 #define sl_num sl_hdr.sm_num 78 #define sl_len sl_hdr.sm_len 79 80 /* 81 * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two 82 * up for whatever number of packets per second you expect to see. Be 83 * warned: this index's a table of large elements (upto 272 bytes in size 84 * each), and thus a size of 8192, for example, results in a 2MB table. 85 * The lesson here is not to use small machines for running fast firewalls 86 * (100BaseT) in sync, where you might have upwards of 10k pps. 87 */ 88 #define SYNCLOG_SZ 256 89 90 typedef struct synclogent { 91 struct synchdr sle_hdr; 92 union { 93 struct ipstate sleu_ips; 94 struct nat sleu_ipn; 95 } sle_un; 96 } synclogent_t; 97 98 typedef struct syncupdent { /* 28 or 32 bytes */ 99 struct synchdr sup_hdr; 100 struct synctcp_update sup_tcp; 101 } syncupdent_t; 102 103 extern void *ipf_sync_create(ipf_main_softc_t *); 104 extern int ipf_sync_soft_init(ipf_main_softc_t *, void *); 105 extern int ipf_sync_soft_fini(ipf_main_softc_t *, void *); 106 extern int ipf_sync_canread(void *); 107 extern int ipf_sync_canwrite(void *); 108 extern void ipf_sync_del_nat(void *, synclist_t *); 109 extern void ipf_sync_del_state(void *, synclist_t *); 110 extern int ipf_sync_init(void); 111 extern int ipf_sync_ioctl(ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, int, void *); 112 extern synclist_t *ipf_sync_new(ipf_main_softc_t *, int, fr_info_t *, void *); 113 extern int ipf_sync_read(ipf_main_softc_t *, struct uio *uio); 114 extern int ipf_sync_write(ipf_main_softc_t *, struct uio *uio); 115 extern int ipf_sync_main_unload(void); 116 extern void ipf_sync_update(ipf_main_softc_t *, int, fr_info_t *, synclist_t *); 117 extern void ipf_sync_expire(ipf_main_softc_t *); 118 extern void ipf_sync_soft_destroy(ipf_main_softc_t *, void *); 119 extern void *ipf_sync_soft_create(ipf_main_softc_t *); 120 121 #endif /* __IP_SYNC_H__ */ 122