1 /* 2 * Copyright (C) 2012 by Darren Reed. 3 * 4 * See the IPFILTER.LICENCE file for details on licencing. 5 * $Id$ 6 */ 7 8 #ifndef __IP_SYNC_H__ 9 #define __IP_SYNC_H__ 10 11 typedef struct synchdr { 12 u_32_t sm_magic; /* magic */ 13 u_char sm_v; /* version: 4,6 */ 14 u_char sm_p; /* protocol */ 15 u_char sm_cmd; /* command */ 16 u_char sm_table; /* NAT, STATE, etc */ 17 u_int sm_num; /* table entry number */ 18 int sm_rev; /* forward/reverse */ 19 int sm_len; /* length of the data section */ 20 struct synclist *sm_sl; /* back pointer to parent */ 21 } synchdr_t; 22 23 24 #define SYNHDRMAGIC 0x0FF51DE5 25 26 /* 27 * Commands 28 * No delete required as expirey will take care of that! 29 */ 30 #define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */ 31 #define SMC_UPDATE 1 32 #define SMC_MAXCMD 1 33 34 /* 35 * Tables 36 */ 37 #define SMC_RLOG -2 /* Only used with SIOCIPFFL */ 38 #define SMC_NAT 0 39 #define SMC_STATE 1 40 #define SMC_MAXTBL 1 41 42 43 /* 44 * Only TCP requires "more" information than just a reference to the entry 45 * for which an update is being made. 46 */ 47 typedef struct synctcp_update { 48 u_long stu_age; 49 tcpdata_t stu_data[2]; 50 int stu_state[2]; 51 } synctcp_update_t; 52 53 54 typedef struct synclist { 55 struct synclist *sl_next; 56 struct synclist **sl_pnext; 57 int sl_idx; /* update index */ 58 struct synchdr sl_hdr; 59 union { 60 struct ipstate *slu_ips; 61 struct nat *slu_ipn; 62 void *slu_ptr; 63 } sl_un; 64 } synclist_t; 65 66 #define sl_ptr sl_un.slu_ptr 67 #define sl_ips sl_un.slu_ips 68 #define sl_ipn sl_un.slu_ipn 69 #define sl_magic sl_hdr.sm_magic 70 #define sl_v sl_hdr.sm_v 71 #define sl_p sl_hdr.sm_p 72 #define sl_cmd sl_hdr.sm_cmd 73 #define sl_rev sl_hdr.sm_rev 74 #define sl_table sl_hdr.sm_table 75 #define sl_num sl_hdr.sm_num 76 #define sl_len sl_hdr.sm_len 77 78 /* 79 * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two 80 * up for whatever number of packets per second you expect to see. Be 81 * warned: this index's a table of large elements (upto 272 bytes in size 82 * each), and thus a size of 8192, for example, results in a 2MB table. 83 * The lesson here is not to use small machines for running fast firewalls 84 * (100BaseT) in sync, where you might have upwards of 10k pps. 85 */ 86 #define SYNCLOG_SZ 256 87 88 typedef struct synclogent { 89 struct synchdr sle_hdr; 90 union { 91 struct ipstate sleu_ips; 92 struct nat sleu_ipn; 93 } sle_un; 94 } synclogent_t; 95 96 typedef struct syncupdent { /* 28 or 32 bytes */ 97 struct synchdr sup_hdr; 98 struct synctcp_update sup_tcp; 99 } syncupdent_t; 100 101 extern void *ipf_sync_create(ipf_main_softc_t *); 102 extern int ipf_sync_soft_init(ipf_main_softc_t *, void *); 103 extern int ipf_sync_soft_fini(ipf_main_softc_t *, void *); 104 extern int ipf_sync_canread(void *); 105 extern int ipf_sync_canwrite(void *); 106 extern void ipf_sync_del_nat(void *, synclist_t *); 107 extern void ipf_sync_del_state(void *, synclist_t *); 108 extern int ipf_sync_init(void); 109 extern int ipf_sync_ioctl(ipf_main_softc_t *, caddr_t, ioctlcmd_t, int, int, void *); 110 extern synclist_t *ipf_sync_new(ipf_main_softc_t *, int, fr_info_t *, void *); 111 extern int ipf_sync_read(ipf_main_softc_t *, struct uio *uio); 112 extern int ipf_sync_write(ipf_main_softc_t *, struct uio *uio); 113 extern int ipf_sync_main_unload(void); 114 extern void ipf_sync_update(ipf_main_softc_t *, int, fr_info_t *, synclist_t *); 115 extern void ipf_sync_expire(ipf_main_softc_t *); 116 extern void ipf_sync_soft_destroy(ipf_main_softc_t *, void *); 117 extern void *ipf_sync_soft_create(ipf_main_softc_t *); 118 119 #endif /* __IP_SYNC_H__ */ 120