diff options
Diffstat (limited to 'ip_sync.h')
-rw-r--r-- | ip_sync.h | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/ip_sync.h b/ip_sync.h new file mode 100644 index 0000000..e319a95 --- /dev/null +++ b/ip_sync.h @@ -0,0 +1,117 @@ +/* $NetBSD$ */ + +/* + * Copyright (C) 1993-2001 by Darren Reed. + * + * See the IPFILTER.LICENCE file for details on licencing. + * + * @(#)ip_fil.h 1.35 6/5/96 + * Id: ip_sync.h,v 2.11.2.2 2004/11/04 19:29:07 darrenr Exp + */ + +#ifndef __IP_SYNC_H__ +#define __IP_SYNC_H__ + +typedef struct synchdr { + u_32_t sm_magic; /* magic */ + u_char sm_v; /* version: 4,6 */ + u_char sm_p; /* protocol */ + u_char sm_cmd; /* command */ + u_char sm_table; /* NAT, STATE, etc */ + u_int sm_num; /* table entry number */ + int sm_rev; /* forward/reverse */ + int sm_len; /* length of the data section */ + struct synclist *sm_sl; /* back pointer to parent */ +} synchdr_t; + + +#define SYNHDRMAGIC 0x0FF51DE5 + +/* + * Commands + * No delete required as expirey will take care of that! + */ +#define SMC_CREATE 0 /* pass ipstate_t after synchdr_t */ +#define SMC_UPDATE 1 +#define SMC_MAXCMD 1 + +/* + * Tables + */ +#define SMC_NAT 0 +#define SMC_STATE 1 +#define SMC_MAXTBL 1 + + +/* + * Only TCP requires "more" information than just a reference to the entry + * for which an update is being made. + */ +typedef struct synctcp_update { + u_long stu_age; + tcpdata_t stu_data[2]; + int stu_state[2]; +} synctcp_update_t; + + +typedef struct synclist { + struct synclist *sl_next; + struct synclist **sl_pnext; + int sl_idx; /* update index */ + struct synchdr sl_hdr; + union { + struct ipstate *slu_ips; + struct nat *slu_ipn; + void *slu_ptr; + } sl_un; +} synclist_t; + +#define sl_ptr sl_un.slu_ptr +#define sl_ips sl_un.slu_ips +#define sl_ipn sl_un.slu_ipn +#define sl_magic sl_hdr.sm_magic +#define sl_v sl_hdr.sm_v +#define sl_p sl_hdr.sm_p +#define sl_cmd sl_hdr.sm_cmd +#define sl_rev sl_hdr.sm_rev +#define sl_table sl_hdr.sm_table +#define sl_num sl_hdr.sm_num +#define sl_len sl_hdr.sm_len + +/* + * NOTE: SYNCLOG_SZ is defined *low*. It should be the next power of two + * up for whatever number of packets per second you expect to see. Be + * warned: this index's a table of large elements (upto 272 bytes in size + * each), and thus a size of 8192, for example, results in a 2MB table. + * The lesson here is not to use small machines for running fast firewalls + * (100BaseT) in sync, where you might have upwards of 10k pps. + */ +#define SYNCLOG_SZ 256 + +typedef struct synclogent { + struct synchdr sle_hdr; + union { + struct ipstate sleu_ips; + struct nat sleu_ipn; + } sle_un; +} synclogent_t; + +typedef struct syncupdent { /* 28 or 32 bytes */ + struct synchdr sup_hdr; + struct synctcp_update sup_tcp; +} syncupdent_t; + +extern synclogent_t synclog[SYNCLOG_SZ]; + + +extern int fr_sync_ioctl __P((caddr_t, ioctlcmd_t, int)); +extern synclist_t *ipfsync_new __P((int, fr_info_t *, void *)); +extern void ipfsync_del __P((synclist_t *)); +extern void ipfsync_update __P((int, fr_info_t *, synclist_t *)); +extern int ipfsync_init __P((void)); +extern int ipfsync_nat __P((synchdr_t *sp, void *data)); +extern int ipfsync_state __P((synchdr_t *sp, void *data)); +extern int ipfsync_read __P((struct uio *uio)); +extern int ipfsync_write __P((struct uio *uio)); + +#endif /* IP_SYNC */ |