1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2005 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #ifndef _INET_IPDROP_H 28 #define _INET_IPDROP_H 29 30 #pragma ident "%Z%%M% %I% %E% SMI" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 /* 37 * Opaque data type which will contain state about an entity that is dropping 38 * a packet (e.g. IPsec SPD, IPsec SADB, TCP, IP forwarding, etc.). 39 */ 40 typedef struct ipdropper_s { 41 char *ipd_name; 42 } ipdropper_t; 43 44 void ip_drop_register(ipdropper_t *, char *); 45 void ip_drop_unregister(ipdropper_t *); 46 void ip_drop_packet(mblk_t *, boolean_t, ill_t *, ire_t *, struct kstat_named *, 47 ipdropper_t *); 48 49 extern kstat_t *ip_drop_kstat; 50 extern struct ip_dropstats *ip_drop_types; 51 void ip_drop_init(void); 52 void ip_drop_destroy(void); 53 54 /* 55 * ip_dropstats - When a protocol developer comes up with a new reason to 56 * drop a packet, it should have a bean counter placed here in this structure, 57 * an ipdrops_* definition for that bean counter, and an initializer in 58 * ipdrop.c's ip_drop_init(). 59 * 60 * This will suffice until we come up with a more dynamic way of adding 61 * named kstats to a single kstat instance (if that is possible). 62 */ 63 struct ip_dropstats { 64 /* TCP IPsec drop statistics. */ 65 kstat_named_t ipds_tcp_clear; 66 kstat_named_t ipds_tcp_secure; 67 kstat_named_t ipds_tcp_mismatch; 68 kstat_named_t ipds_tcp_ipsec_alloc; 69 70 /* SADB-specific drop statistics. */ 71 kstat_named_t ipds_sadb_inlarval_timeout; 72 kstat_named_t ipds_sadb_inlarval_replace; 73 kstat_named_t ipds_sadb_acquire_nomem; 74 kstat_named_t ipds_sadb_acquire_toofull; 75 kstat_named_t ipds_sadb_acquire_timeout; 76 77 /* SPD drop statistics. */ 78 kstat_named_t ipds_spd_ahesp_diffid; 79 kstat_named_t ipds_spd_loopback_mismatch; 80 kstat_named_t ipds_spd_explicit; 81 kstat_named_t ipds_spd_got_secure; 82 kstat_named_t ipds_spd_got_clear; 83 kstat_named_t ipds_spd_bad_ahalg; 84 kstat_named_t ipds_spd_got_ah; 85 kstat_named_t ipds_spd_bad_espealg; 86 kstat_named_t ipds_spd_bad_espaalg; 87 kstat_named_t ipds_spd_got_esp; 88 kstat_named_t ipds_spd_got_selfencap; 89 kstat_named_t ipds_spd_bad_selfencap; 90 kstat_named_t ipds_spd_nomem; 91 kstat_named_t ipds_spd_ah_badid; 92 kstat_named_t ipds_spd_esp_badid; 93 kstat_named_t ipds_spd_ah_innermismatch; 94 kstat_named_t ipds_spd_esp_innermismatch; 95 96 /* ESP-specific drop statistics. */ 97 kstat_named_t ipds_esp_nomem; 98 kstat_named_t ipds_esp_no_sa; 99 kstat_named_t ipds_esp_early_replay; 100 kstat_named_t ipds_esp_replay; 101 kstat_named_t ipds_esp_bytes_expire; 102 kstat_named_t ipds_esp_bad_padlen; 103 kstat_named_t ipds_esp_bad_padding; 104 kstat_named_t ipds_esp_bad_auth; 105 kstat_named_t ipds_esp_crypto_failed; 106 kstat_named_t ipds_esp_icmp; 107 108 /* AH-specific drop statistics. */ 109 kstat_named_t ipds_ah_nomem; 110 kstat_named_t ipds_ah_bad_v6_hdrs; 111 kstat_named_t ipds_ah_bad_v4_opts; 112 kstat_named_t ipds_ah_no_sa; 113 kstat_named_t ipds_ah_bad_length; 114 kstat_named_t ipds_ah_bad_auth; 115 kstat_named_t ipds_ah_crypto_failed; 116 kstat_named_t ipds_ah_early_replay; 117 kstat_named_t ipds_ah_replay; 118 kstat_named_t ipds_ah_bytes_expire; 119 120 /* IP-specific drop statistics. */ 121 kstat_named_t ipds_ip_ipsec_not_loaded; 122 }; 123 124 /* 125 * Use this section to create easy-to-name definitions for specific IP Drop 126 * statistics. As a naming convention, prefix them with ipdrops_<foo>. 127 */ 128 /* TCP IPsec drop statistics. */ 129 #define ipdrops_tcp_clear ip_drop_types->ipds_tcp_clear 130 #define ipdrops_tcp_secure ip_drop_types->ipds_tcp_secure 131 #define ipdrops_tcp_mismatch ip_drop_types->ipds_tcp_mismatch 132 #define ipdrops_tcp_ipsec_alloc ip_drop_types->ipds_tcp_ipsec_alloc 133 134 /* SADB-specific drop statistics. */ 135 #define ipdrops_sadb_inlarval_timeout ip_drop_types->ipds_sadb_inlarval_timeout 136 #define ipdrops_sadb_inlarval_replace ip_drop_types->ipds_sadb_inlarval_replace 137 #define ipdrops_sadb_acquire_nomem ip_drop_types->ipds_sadb_acquire_nomem 138 #define ipdrops_sadb_acquire_toofull ip_drop_types->ipds_sadb_acquire_toofull 139 #define ipdrops_sadb_acquire_timeout ip_drop_types->ipds_sadb_acquire_timeout 140 141 /* SPD drop statistics. */ 142 #define ipdrops_spd_ahesp_diffid ip_drop_types->ipds_spd_ahesp_diffid 143 #define ipdrops_spd_loopback_mismatch ip_drop_types->ipds_spd_loopback_mismatch 144 #define ipdrops_spd_explicit ip_drop_types->ipds_spd_explicit 145 #define ipdrops_spd_got_secure ip_drop_types->ipds_spd_got_secure 146 #define ipdrops_spd_got_clear ip_drop_types->ipds_spd_got_clear 147 #define ipdrops_spd_bad_ahalg ip_drop_types->ipds_spd_bad_ahalg 148 #define ipdrops_spd_got_ah ip_drop_types->ipds_spd_got_ah 149 #define ipdrops_spd_bad_espealg ip_drop_types->ipds_spd_bad_espealg 150 #define ipdrops_spd_bad_espaalg ip_drop_types->ipds_spd_bad_espaalg 151 #define ipdrops_spd_got_esp ip_drop_types->ipds_spd_got_esp 152 #define ipdrops_spd_got_selfencap ip_drop_types->ipds_spd_got_selfencap 153 #define ipdrops_spd_bad_selfencap ip_drop_types->ipds_spd_bad_selfencap 154 #define ipdrops_spd_nomem ip_drop_types->ipds_spd_nomem 155 #define ipdrops_spd_ah_badid ip_drop_types->ipds_spd_ah_badid 156 #define ipdrops_spd_esp_badid ip_drop_types->ipds_spd_esp_badid 157 #define ipdrops_spd_ah_innermismatch \ 158 ip_drop_types->ipds_spd_ah_innermismatch 159 #define ipdrops_spd_esp_innermismatch \ 160 ip_drop_types->ipds_spd_esp_innermismatch 161 162 /* ESP-specific drop statistics. */ 163 #define ipdrops_esp_nomem ip_drop_types->ipds_esp_nomem 164 #define ipdrops_esp_no_sa ip_drop_types->ipds_esp_no_sa 165 #define ipdrops_esp_early_replay ip_drop_types->ipds_esp_early_replay 166 #define ipdrops_esp_replay ip_drop_types->ipds_esp_replay 167 #define ipdrops_esp_bytes_expire ip_drop_types->ipds_esp_bytes_expire 168 #define ipdrops_esp_bad_padlen ip_drop_types->ipds_esp_bad_padlen 169 #define ipdrops_esp_bad_padding ip_drop_types->ipds_esp_bad_padding 170 #define ipdrops_esp_bad_auth ip_drop_types->ipds_esp_bad_auth 171 #define ipdrops_esp_crypto_failed ip_drop_types->ipds_esp_crypto_failed 172 #define ipdrops_esp_icmp ip_drop_types->ipds_esp_icmp 173 174 /* AH-specific drop statistics. */ 175 #define ipdrops_ah_nomem ip_drop_types->ipds_ah_nomem 176 #define ipdrops_ah_bad_v6_hdrs ip_drop_types->ipds_ah_bad_v6_hdrs 177 #define ipdrops_ah_bad_v4_opts ip_drop_types->ipds_ah_bad_v4_opts 178 #define ipdrops_ah_no_sa ip_drop_types->ipds_ah_no_sa 179 #define ipdrops_ah_bad_length ip_drop_types->ipds_ah_bad_length 180 #define ipdrops_ah_bad_auth ip_drop_types->ipds_ah_bad_auth 181 #define ipdrops_ah_crypto_failed ip_drop_types->ipds_ah_crypto_failed 182 #define ipdrops_ah_early_replay ip_drop_types->ipds_ah_early_replay 183 #define ipdrops_ah_replay ip_drop_types->ipds_ah_replay 184 #define ipdrops_ah_bytes_expire ip_drop_types->ipds_ah_bytes_expire 185 186 /* IP-specific drop statistics. */ 187 #define ipdrops_ip_ipsec_not_loaded ip_drop_types->ipds_ip_ipsec_not_loaded 188 189 #ifdef __cplusplus 190 } 191 #endif 192 193 #endif /* _INET_IPDROP_H */ 194