master
1/* $NetBSD: ip_sync.h,v 1.3 2012/07/22 14:27:51 darrenr Exp $ */
2
3/*
4 * Copyright (C) 2012 by Darren Reed.
5 *
6 * See the IPFILTER.LICENCE file for details on licencing.
7 *
8 * @(#)ip_fil.h 1.35 6/5/96
9 * Id: ip_sync.h,v 2.19.2.1 2012/01/26 05:29:13 darrenr Exp
10 */
11
12#ifndef __IP_SYNC_H__
13#define __IP_SYNC_H__
14
15typedef struct synchdr {
16 u_32_t sm_magic; /* magic */
17 u_char sm_v; /* version: 4,6 */
18 u_char sm_p; /* protocol */
19 u_char sm_cmd; /* command */
20 u_char sm_table; /* NAT, STATE, etc */
21 u_int sm_num; /* table entry number */
22 int sm_rev; /* forward/reverse */
23 int sm_len; /* length of the data section */
24 struct synclist *sm_sl; /* back pointer to parent */
25} synchdr_t;
26
27
28#define SYNHDRMAGIC 0x0FF51DE5
29
30/*
31 * Commands
32 * No delete required as expirey will take care of that!
33 */
34#define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */
35#define SMC_UPDATE 1
36#define SMC_MAXCMD 1
37
38/*
39 * Tables
40 */
41#define SMC_RLOG -2 /* Only used with SIOCIPFFL */
42#define SMC_NAT 0
43#define SMC_STATE 1
44#define SMC_MAXTBL 1
45
46
47/*
48 * Only TCP requires "more" information than just a reference to the entry
49 * for which an update is being made.
50 */
51typedef struct synctcp_update {
52 u_long stu_age;
53 tcpdata_t stu_data[2];
54 int stu_state[2];
55} synctcp_update_t;
56
57
58typedef struct synclist {
59 struct synclist *sl_next;
60 struct synclist **sl_pnext;
61 int sl_idx; /* update index */
62 struct synchdr sl_hdr;
63 union {
64 struct ipstate *slu_ips;
65 struct nat *slu_ipn;
66 void *slu_ptr;
67 } sl_un;
68} synclist_t;
69
70#define sl_ptr sl_un.slu_ptr
71#define sl_ips sl_un.slu_ips
72#define sl_ipn sl_un.slu_ipn
73#define sl_magic sl_hdr.sm_magic
74#define sl_v sl_hdr.sm_v
75#define sl_p sl_hdr.sm_p
76#define sl_cmd sl_hdr.sm_cmd
77#define sl_rev sl_hdr.sm_rev
78#define sl_table sl_hdr.sm_table
79#define sl_num sl_hdr.sm_num
80#define sl_len sl_hdr.sm_len
81
82/*
83 * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two
84 * up for whatever number of packets per second you expect to see. Be
85 * warned: this index's a table of large elements (upto 272 bytes in size
86 * each), and thus a size of 8192, for example, results in a 2MB table.
87 * The lesson here is not to use small machines for running fast firewalls
88 * (100BaseT) in sync, where you might have upwards of 10k pps.
89 */
90#define SYNCLOG_SZ 256
91
92typedef struct synclogent {
93 struct synchdr sle_hdr;
94 union {
95 struct ipstate sleu_ips;
96 struct nat sleu_ipn;
97 } sle_un;
98} synclogent_t;
99
100typedef struct syncupdent { /* 28 or 32 bytes */
101 struct synchdr sup_hdr;
102 struct synctcp_update sup_tcp;
103} syncupdent_t;
104
105extern void *ipf_sync_create(ipf_main_softc_t *);
106extern int ipf_sync_soft_init(ipf_main_softc_t *, void *);
107extern int ipf_sync_soft_fini(ipf_main_softc_t *, void *);
108extern int ipf_sync_canread(void *);
109extern int ipf_sync_canwrite(void *);
110extern void ipf_sync_del_nat(void *, synclist_t *);
111extern void ipf_sync_del_state(void *, synclist_t *);
112extern int ipf_sync_init(void);
113extern int ipf_sync_ioctl(ipf_main_softc_t *, void *, ioctlcmd_t, int, int, void *);
114extern synclist_t *ipf_sync_new(ipf_main_softc_t *, int, fr_info_t *, void *);
115extern int ipf_sync_read(ipf_main_softc_t *, struct uio *uio);
116extern int ipf_sync_write(ipf_main_softc_t *, struct uio *uio);
117extern int ipf_sync_main_unload(void);
118extern void ipf_sync_update(ipf_main_softc_t *, int, fr_info_t *, synclist_t *);
119extern void ipf_sync_expire(ipf_main_softc_t *);
120extern void ipf_sync_soft_destroy(ipf_main_softc_t *, void *);
121extern void *ipf_sync_soft_create(ipf_main_softc_t *);
122
123#endif /* __IP_SYNC_H__ */