1 1.3 darrenr /* $NetBSD: ip_sync.h,v 1.3 2012/07/22 14:27:51 darrenr Exp $ */ 2 1.1 christos 3 1.1 christos /* 4 1.3 darrenr * Copyright (C) 2012 by Darren Reed. 5 1.1 christos * 6 1.1 christos * See the IPFILTER.LICENCE file for details on licencing. 7 1.1 christos * 8 1.1 christos * @(#)ip_fil.h 1.35 6/5/96 9 1.2 christos * Id: ip_sync.h,v 2.19.2.1 2012/01/26 05:29:13 darrenr Exp 10 1.1 christos */ 11 1.1 christos 12 1.1 christos #ifndef __IP_SYNC_H__ 13 1.1 christos #define __IP_SYNC_H__ 14 1.1 christos 15 1.1 christos typedef struct synchdr { 16 1.1 christos u_32_t sm_magic; /* magic */ 17 1.1 christos u_char sm_v; /* version: 4,6 */ 18 1.1 christos u_char sm_p; /* protocol */ 19 1.1 christos u_char sm_cmd; /* command */ 20 1.1 christos u_char sm_table; /* NAT, STATE, etc */ 21 1.1 christos u_int sm_num; /* table entry number */ 22 1.1 christos int sm_rev; /* forward/reverse */ 23 1.1 christos int sm_len; /* length of the data section */ 24 1.1 christos struct synclist *sm_sl; /* back pointer to parent */ 25 1.1 christos } synchdr_t; 26 1.1 christos 27 1.1 christos 28 1.1 christos #define SYNHDRMAGIC 0x0FF51DE5 29 1.1 christos 30 1.1 christos /* 31 1.1 christos * Commands 32 1.1 christos * No delete required as expirey will take care of that! 33 1.1 christos */ 34 1.1 christos #define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */ 35 1.1 christos #define SMC_UPDATE 1 36 1.1 christos #define SMC_MAXCMD 1 37 1.1 christos 38 1.1 christos /* 39 1.1 christos * Tables 40 1.1 christos */ 41 1.1 christos #define SMC_RLOG -2 /* Only used with SIOCIPFFL */ 42 1.1 christos #define SMC_NAT 0 43 1.1 christos #define SMC_STATE 1 44 1.1 christos #define SMC_MAXTBL 1 45 1.1 christos 46 1.1 christos 47 1.1 christos /* 48 1.1 christos * Only TCP requires "more" information than just a reference to the entry 49 1.1 christos * for which an update is being made. 50 1.1 christos */ 51 1.1 christos typedef struct synctcp_update { 52 1.1 christos u_long stu_age; 53 1.1 christos tcpdata_t stu_data[2]; 54 1.1 christos int stu_state[2]; 55 1.1 christos } synctcp_update_t; 56 1.1 christos 57 1.1 christos 58 1.1 christos typedef struct synclist { 59 1.1 christos struct synclist *sl_next; 60 1.1 christos struct synclist **sl_pnext; 61 1.1 christos int sl_idx; /* update index */ 62 1.1 christos struct synchdr sl_hdr; 63 1.1 christos union { 64 1.1 christos struct ipstate *slu_ips; 65 1.1 christos struct nat *slu_ipn; 66 1.1 christos void *slu_ptr; 67 1.1 christos } sl_un; 68 1.1 christos } synclist_t; 69 1.1 christos 70 1.1 christos #define sl_ptr sl_un.slu_ptr 71 1.1 christos #define sl_ips sl_un.slu_ips 72 1.1 christos #define sl_ipn sl_un.slu_ipn 73 1.1 christos #define sl_magic sl_hdr.sm_magic 74 1.1 christos #define sl_v sl_hdr.sm_v 75 1.1 christos #define sl_p sl_hdr.sm_p 76 1.1 christos #define sl_cmd sl_hdr.sm_cmd 77 1.1 christos #define sl_rev sl_hdr.sm_rev 78 1.1 christos #define sl_table sl_hdr.sm_table 79 1.1 christos #define sl_num sl_hdr.sm_num 80 1.1 christos #define sl_len sl_hdr.sm_len 81 1.1 christos 82 1.1 christos /* 83 1.1 christos * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two 84 1.1 christos * up for whatever number of packets per second you expect to see. Be 85 1.1 christos * warned: this index's a table of large elements (upto 272 bytes in size 86 1.1 christos * each), and thus a size of 8192, for example, results in a 2MB table. 87 1.1 christos * The lesson here is not to use small machines for running fast firewalls 88 1.1 christos * (100BaseT) in sync, where you might have upwards of 10k pps. 89 1.1 christos */ 90 1.1 christos #define SYNCLOG_SZ 256 91 1.1 christos 92 1.1 christos typedef struct synclogent { 93 1.1 christos struct synchdr sle_hdr; 94 1.1 christos union { 95 1.1 christos struct ipstate sleu_ips; 96 1.1 christos struct nat sleu_ipn; 97 1.1 christos } sle_un; 98 1.1 christos } synclogent_t; 99 1.1 christos 100 1.1 christos typedef struct syncupdent { /* 28 or 32 bytes */ 101 1.1 christos struct synchdr sup_hdr; 102 1.1 christos struct synctcp_update sup_tcp; 103 1.1 christos } syncupdent_t; 104 1.1 christos 105 1.2 christos extern void *ipf_sync_create(ipf_main_softc_t *); 106 1.2 christos extern int ipf_sync_soft_init(ipf_main_softc_t *, void *); 107 1.2 christos extern int ipf_sync_soft_fini(ipf_main_softc_t *, void *); 108 1.2 christos extern int ipf_sync_canread(void *); 109 1.2 christos extern int ipf_sync_canwrite(void *); 110 1.2 christos extern void ipf_sync_del_nat(void *, synclist_t *); 111 1.2 christos extern void ipf_sync_del_state(void *, synclist_t *); 112 1.2 christos extern int ipf_sync_init(void); 113 1.2 christos extern int ipf_sync_ioctl(ipf_main_softc_t *, void *, ioctlcmd_t, int, int, void *); 114 1.2 christos extern synclist_t *ipf_sync_new(ipf_main_softc_t *, int, fr_info_t *, void *); 115 1.2 christos extern int ipf_sync_read(ipf_main_softc_t *, struct uio *uio); 116 1.2 christos extern int ipf_sync_write(ipf_main_softc_t *, struct uio *uio); 117 1.2 christos extern int ipf_sync_main_unload(void); 118 1.2 christos extern void ipf_sync_update(ipf_main_softc_t *, int, fr_info_t *, synclist_t *); 119 1.2 christos extern void ipf_sync_expire(ipf_main_softc_t *); 120 1.2 christos extern void ipf_sync_soft_destroy(ipf_main_softc_t *, void *); 121 1.2 christos extern void *ipf_sync_soft_create(ipf_main_softc_t *); 122 1.1 christos 123 1.3 darrenr #endif /* __IP_SYNC_H__ */ 124
Indexes created Sat Sep 20 22:09:52 GMT 2025