xref: /titanic_41/usr/src/uts/common/inet/ipdrop.h (revision 5aefb6555731130ca4fd295960123d71f2d21fe8)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _INET_IPDROP_H
28 #define	_INET_IPDROP_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef	__cplusplus
33 extern "C" {
34 #endif
35 
36 /*
37  * Opaque data type which will contain state about an entity that is dropping
38  * a packet (e.g. IPsec SPD, IPsec SADB, TCP, IP forwarding, etc.).
39  */
40 typedef struct ipdropper_s {
41 	char *ipd_name;
42 } ipdropper_t;
43 
44 void ip_drop_register(ipdropper_t *, char *);
45 void ip_drop_unregister(ipdropper_t *);
46 void ip_drop_packet(mblk_t *, boolean_t, ill_t *, ire_t *, struct kstat_named *,
47     ipdropper_t *);
48 
49 extern kstat_t *ip_drop_kstat;
50 extern struct ip_dropstats *ip_drop_types;
51 void ip_drop_init(void);
52 void ip_drop_destroy(void);
53 
54 /*
55  * ip_dropstats - When a protocol developer comes up with a new reason to
56  * drop a packet, it should have a bean counter placed here in this structure,
57  * an ipdrops_* definition for that bean counter, and an initializer in
58  * ipdrop.c's ip_drop_init().
59  *
60  * This will suffice until we come up with a more dynamic way of adding
61  * named kstats to a single kstat instance (if that is possible).
62  */
63 struct ip_dropstats {
64 	/* TCP IPsec drop statistics. */
65 	kstat_named_t ipds_tcp_clear;
66 	kstat_named_t ipds_tcp_secure;
67 	kstat_named_t ipds_tcp_mismatch;
68 	kstat_named_t ipds_tcp_ipsec_alloc;
69 
70 	/* SADB-specific drop statistics. */
71 	kstat_named_t ipds_sadb_inlarval_timeout;
72 	kstat_named_t ipds_sadb_inlarval_replace;
73 	kstat_named_t ipds_sadb_acquire_nomem;
74 	kstat_named_t ipds_sadb_acquire_toofull;
75 	kstat_named_t ipds_sadb_acquire_timeout;
76 
77 	/* SPD drop statistics. */
78 	kstat_named_t ipds_spd_ahesp_diffid;
79 	kstat_named_t ipds_spd_loopback_mismatch;
80 	kstat_named_t ipds_spd_explicit;
81 	kstat_named_t ipds_spd_got_secure;
82 	kstat_named_t ipds_spd_got_clear;
83 	kstat_named_t ipds_spd_bad_ahalg;
84 	kstat_named_t ipds_spd_got_ah;
85 	kstat_named_t ipds_spd_bad_espealg;
86 	kstat_named_t ipds_spd_bad_espaalg;
87 	kstat_named_t ipds_spd_got_esp;
88 	kstat_named_t ipds_spd_got_selfencap;
89 	kstat_named_t ipds_spd_bad_selfencap;
90 	kstat_named_t ipds_spd_nomem;
91 	kstat_named_t ipds_spd_ah_badid;
92 	kstat_named_t ipds_spd_esp_badid;
93 	kstat_named_t ipds_spd_ah_innermismatch;
94 	kstat_named_t ipds_spd_esp_innermismatch;
95 
96 	/* ESP-specific drop statistics. */
97 	kstat_named_t ipds_esp_nomem;
98 	kstat_named_t ipds_esp_no_sa;
99 	kstat_named_t ipds_esp_early_replay;
100 	kstat_named_t ipds_esp_replay;
101 	kstat_named_t ipds_esp_bytes_expire;
102 	kstat_named_t ipds_esp_bad_padlen;
103 	kstat_named_t ipds_esp_bad_padding;
104 	kstat_named_t ipds_esp_bad_auth;
105 	kstat_named_t ipds_esp_crypto_failed;
106 	kstat_named_t ipds_esp_icmp;
107 
108 	/* AH-specific drop statistics. */
109 	kstat_named_t ipds_ah_nomem;
110 	kstat_named_t ipds_ah_bad_v6_hdrs;
111 	kstat_named_t ipds_ah_bad_v4_opts;
112 	kstat_named_t ipds_ah_no_sa;
113 	kstat_named_t ipds_ah_bad_length;
114 	kstat_named_t ipds_ah_bad_auth;
115 	kstat_named_t ipds_ah_crypto_failed;
116 	kstat_named_t ipds_ah_early_replay;
117 	kstat_named_t ipds_ah_replay;
118 	kstat_named_t ipds_ah_bytes_expire;
119 
120 	/* IP-specific drop statistics. */
121 	kstat_named_t ipds_ip_ipsec_not_loaded;
122 };
123 
124 /*
125  * Use this section to create easy-to-name definitions for specific IP Drop
126  * statistics.  As a naming convention, prefix them with ipdrops_<foo>.
127  */
128 /* TCP IPsec drop statistics. */
129 #define	ipdrops_tcp_clear	ip_drop_types->ipds_tcp_clear
130 #define	ipdrops_tcp_secure	ip_drop_types->ipds_tcp_secure
131 #define	ipdrops_tcp_mismatch	ip_drop_types->ipds_tcp_mismatch
132 #define	ipdrops_tcp_ipsec_alloc	ip_drop_types->ipds_tcp_ipsec_alloc
133 
134 /* SADB-specific drop statistics. */
135 #define	ipdrops_sadb_inlarval_timeout ip_drop_types->ipds_sadb_inlarval_timeout
136 #define	ipdrops_sadb_inlarval_replace ip_drop_types->ipds_sadb_inlarval_replace
137 #define	ipdrops_sadb_acquire_nomem	ip_drop_types->ipds_sadb_acquire_nomem
138 #define	ipdrops_sadb_acquire_toofull	ip_drop_types->ipds_sadb_acquire_toofull
139 #define	ipdrops_sadb_acquire_timeout	ip_drop_types->ipds_sadb_acquire_timeout
140 
141 /* SPD drop statistics. */
142 #define	ipdrops_spd_ahesp_diffid	ip_drop_types->ipds_spd_ahesp_diffid
143 #define	ipdrops_spd_loopback_mismatch ip_drop_types->ipds_spd_loopback_mismatch
144 #define	ipdrops_spd_explicit		ip_drop_types->ipds_spd_explicit
145 #define	ipdrops_spd_got_secure		ip_drop_types->ipds_spd_got_secure
146 #define	ipdrops_spd_got_clear		ip_drop_types->ipds_spd_got_clear
147 #define	ipdrops_spd_bad_ahalg		ip_drop_types->ipds_spd_bad_ahalg
148 #define	ipdrops_spd_got_ah		ip_drop_types->ipds_spd_got_ah
149 #define	ipdrops_spd_bad_espealg		ip_drop_types->ipds_spd_bad_espealg
150 #define	ipdrops_spd_bad_espaalg		ip_drop_types->ipds_spd_bad_espaalg
151 #define	ipdrops_spd_got_esp		ip_drop_types->ipds_spd_got_esp
152 #define	ipdrops_spd_got_selfencap	ip_drop_types->ipds_spd_got_selfencap
153 #define	ipdrops_spd_bad_selfencap	ip_drop_types->ipds_spd_bad_selfencap
154 #define	ipdrops_spd_nomem		ip_drop_types->ipds_spd_nomem
155 #define	ipdrops_spd_ah_badid		ip_drop_types->ipds_spd_ah_badid
156 #define	ipdrops_spd_esp_badid		ip_drop_types->ipds_spd_esp_badid
157 #define	ipdrops_spd_ah_innermismatch	\
158 				ip_drop_types->ipds_spd_ah_innermismatch
159 #define	ipdrops_spd_esp_innermismatch	\
160 				ip_drop_types->ipds_spd_esp_innermismatch
161 
162 /* ESP-specific drop statistics. */
163 #define	ipdrops_esp_nomem		ip_drop_types->ipds_esp_nomem
164 #define	ipdrops_esp_no_sa		ip_drop_types->ipds_esp_no_sa
165 #define	ipdrops_esp_early_replay	ip_drop_types->ipds_esp_early_replay
166 #define	ipdrops_esp_replay		ip_drop_types->ipds_esp_replay
167 #define	ipdrops_esp_bytes_expire	ip_drop_types->ipds_esp_bytes_expire
168 #define	ipdrops_esp_bad_padlen		ip_drop_types->ipds_esp_bad_padlen
169 #define	ipdrops_esp_bad_padding		ip_drop_types->ipds_esp_bad_padding
170 #define	ipdrops_esp_bad_auth		ip_drop_types->ipds_esp_bad_auth
171 #define	ipdrops_esp_crypto_failed	ip_drop_types->ipds_esp_crypto_failed
172 #define	ipdrops_esp_icmp		ip_drop_types->ipds_esp_icmp
173 
174 /* AH-specific drop statistics. */
175 #define	ipdrops_ah_nomem		ip_drop_types->ipds_ah_nomem
176 #define	ipdrops_ah_bad_v6_hdrs		ip_drop_types->ipds_ah_bad_v6_hdrs
177 #define	ipdrops_ah_bad_v4_opts		ip_drop_types->ipds_ah_bad_v4_opts
178 #define	ipdrops_ah_no_sa		ip_drop_types->ipds_ah_no_sa
179 #define	ipdrops_ah_bad_length		ip_drop_types->ipds_ah_bad_length
180 #define	ipdrops_ah_bad_auth		ip_drop_types->ipds_ah_bad_auth
181 #define	ipdrops_ah_crypto_failed	ip_drop_types->ipds_ah_crypto_failed
182 #define	ipdrops_ah_early_replay		ip_drop_types->ipds_ah_early_replay
183 #define	ipdrops_ah_replay		ip_drop_types->ipds_ah_replay
184 #define	ipdrops_ah_bytes_expire		ip_drop_types->ipds_ah_bytes_expire
185 
186 /* IP-specific drop statistics. */
187 #define	ipdrops_ip_ipsec_not_loaded	ip_drop_types->ipds_ip_ipsec_not_loaded
188 
189 #ifdef	__cplusplus
190 }
191 #endif
192 
193 #endif	/* _INET_IPDROP_H */
194