xref: /titanic_41/usr/src/uts/common/inet/ipdrop.h (revision d1a98e54c39b20b053009684438e5f3b1cdfeb82) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _INET_IPDROP_H
27 #define	_INET_IPDROP_H
28 
29 #ifdef	__cplusplus
30 extern "C" {
31 #endif
32 
33 #ifdef _KERNEL
34 /*
35  * Opaque data type which will contain state about an entity that is dropping
36  * a packet (e.g. IPsec SPD, IPsec SADB, TCP, IP forwarding, etc.).
37  */
38 typedef struct ipdropper_s {
39 	char *ipd_name;
40 } ipdropper_t;
41 
42 void ip_drop_register(ipdropper_t *, char *);
43 void ip_drop_unregister(ipdropper_t *);
44 void ip_drop_packet(mblk_t *, boolean_t, ill_t *, struct kstat_named *,
45     ipdropper_t *);
46 void ip_drop_input(char *, mblk_t *, ill_t *);
47 void ip_drop_output(char *, mblk_t *, ill_t *);
48 
49 /*
50  * ip_dropstats - When a protocol developer comes up with a new reason to
51  * drop a packet, it should have a bean counter placed here in this structure,
52  * and an initializer in ipdrop.c's ip_drop_init().
53  *
54  * This will suffice until we come up with a more dynamic way of adding
55  * named kstats to a single kstat instance (if that is possible).
56  */
57 struct ip_dropstats {
58 	/* TCP IPsec drop statistics. */
59 	kstat_named_t ipds_tcp_clear;
60 	kstat_named_t ipds_tcp_secure;
61 	kstat_named_t ipds_tcp_mismatch;
62 	kstat_named_t ipds_tcp_ipsec_alloc;
63 
64 	/* SADB-specific drop statistics. */
65 	kstat_named_t ipds_sadb_inlarval_timeout;
66 	kstat_named_t ipds_sadb_inlarval_replace;
67 	kstat_named_t ipds_sadb_inidle_timeout;
68 	kstat_named_t ipds_sadb_inidle_overflow;
69 	kstat_named_t ipds_sadb_acquire_nomem;
70 	kstat_named_t ipds_sadb_acquire_toofull;
71 	kstat_named_t ipds_sadb_acquire_timeout;
72 
73 	/* SPD drop statistics. */
74 	kstat_named_t ipds_spd_ahesp_diffid;
75 	kstat_named_t ipds_spd_loopback_mismatch;
76 	kstat_named_t ipds_spd_explicit;
77 	kstat_named_t ipds_spd_got_secure;
78 	kstat_named_t ipds_spd_got_clear;
79 	kstat_named_t ipds_spd_bad_ahalg;
80 	kstat_named_t ipds_spd_got_ah;
81 	kstat_named_t ipds_spd_bad_espealg;
82 	kstat_named_t ipds_spd_bad_espaalg;
83 	kstat_named_t ipds_spd_got_esp;
84 	kstat_named_t ipds_spd_got_selfencap;
85 	kstat_named_t ipds_spd_bad_selfencap;
86 	kstat_named_t ipds_spd_nomem;
87 	kstat_named_t ipds_spd_ah_badid;
88 	kstat_named_t ipds_spd_esp_badid;
89 	kstat_named_t ipds_spd_ah_innermismatch;
90 	kstat_named_t ipds_spd_esp_innermismatch;
91 	kstat_named_t ipds_spd_no_policy;
92 	kstat_named_t ipds_spd_malformed_packet;
93 	kstat_named_t ipds_spd_malformed_frag;
94 	kstat_named_t ipds_spd_overlap_frag;
95 	kstat_named_t ipds_spd_evil_frag;
96 	kstat_named_t ipds_spd_max_frags;
97 	kstat_named_t ipds_spd_expired_frags;
98 
99 	/* ESP-specific drop statistics. */
100 	kstat_named_t ipds_esp_nomem;
101 	kstat_named_t ipds_esp_no_sa;
102 	kstat_named_t ipds_esp_early_replay;
103 	kstat_named_t ipds_esp_replay;
104 	kstat_named_t ipds_esp_bytes_expire;
105 	kstat_named_t ipds_esp_bad_padlen;
106 	kstat_named_t ipds_esp_bad_padding;
107 	kstat_named_t ipds_esp_bad_auth;
108 	kstat_named_t ipds_esp_crypto_failed;
109 	kstat_named_t ipds_esp_icmp;
110 	kstat_named_t ipds_esp_nat_t_ipsec;
111 	kstat_named_t ipds_esp_nat_t_ka;
112 	kstat_named_t ipds_esp_iv_wrap;
113 
114 	/* AH-specific drop statistics. */
115 	kstat_named_t ipds_ah_nomem;
116 	kstat_named_t ipds_ah_bad_v6_hdrs;
117 	kstat_named_t ipds_ah_bad_v4_opts;
118 	kstat_named_t ipds_ah_no_sa;
119 	kstat_named_t ipds_ah_bad_length;
120 	kstat_named_t ipds_ah_bad_auth;
121 	kstat_named_t ipds_ah_crypto_failed;
122 	kstat_named_t ipds_ah_early_replay;
123 	kstat_named_t ipds_ah_replay;
124 	kstat_named_t ipds_ah_bytes_expire;
125 
126 	/* IP-specific drop statistics. */
127 	kstat_named_t ipds_ip_ipsec_not_loaded;
128 };
129 
130 #endif /* _KERNEL */
131 #ifdef	__cplusplus
132 }
133 #endif
134 
135 #endif	/* _INET_IPDROP_H */
136