xref: /titanic_41/usr/src/uts/common/inet/ipdrop.h (revision 8eea8e29cc4374d1ee24c25a07f45af132db3499) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #ifndef _INET_IPDROP_H
28 #define	_INET_IPDROP_H
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 #ifdef	__cplusplus
33 extern "C" {
34 #endif
35 
36 /*
37  * Opaque data type which will contain state about an entity that is dropping
38  * a packet (e.g. IPsec SPD, IPsec SADB, TCP, IP forwarding, etc.).
39  */
40 typedef struct ipdropper_s {
41 	char *ipd_name;
42 } ipdropper_t;
43 
44 void ip_drop_register(ipdropper_t *, char *);
45 void ip_drop_unregister(ipdropper_t *);
46 void ip_drop_packet(mblk_t *, boolean_t, ill_t *, ire_t *, struct kstat_named *,
47     ipdropper_t *);
48 
49 extern kstat_t *ip_drop_kstat;
50 extern struct ip_dropstats *ip_drop_types;
51 void ip_drop_init(void);
52 void ip_drop_destroy(void);
53 
54 /*
55  * ip_dropstats - When a protocol developer comes up with a new reason to
56  * drop a packet, it should have a bean counter placed here in this structure,
57  * an ipdrops_* definition for that bean counter, and an initializer in
58  * ipdrop.c's ip_drop_init().
59  *
60  * This will suffice until we come up with a more dynamic way of adding
61  * named kstats to a single kstat instance (if that is possible).
62  */
63 struct ip_dropstats {
64 	/* TCP IPsec drop statistics. */
65 	kstat_named_t ipds_tcp_clear;
66 	kstat_named_t ipds_tcp_secure;
67 	kstat_named_t ipds_tcp_mismatch;
68 	kstat_named_t ipds_tcp_ipsec_alloc;
69 
70 	/* SADB-specific drop statistics. */
71 	kstat_named_t ipds_sadb_inlarval_timeout;
72 	kstat_named_t ipds_sadb_inlarval_replace;
73 	kstat_named_t ipds_sadb_acquire_nomem;
74 	kstat_named_t ipds_sadb_acquire_toofull;
75 	kstat_named_t ipds_sadb_acquire_timeout;
76 
77 	/* SPD drop statistics. */
78 	kstat_named_t ipds_spd_ahesp_diffid;
79 	kstat_named_t ipds_spd_loopback_mismatch;
80 	kstat_named_t ipds_spd_explicit;
81 	kstat_named_t ipds_spd_got_secure;
82 	kstat_named_t ipds_spd_got_clear;
83 	kstat_named_t ipds_spd_bad_ahalg;
84 	kstat_named_t ipds_spd_got_ah;
85 	kstat_named_t ipds_spd_bad_espealg;
86 	kstat_named_t ipds_spd_bad_espaalg;
87 	kstat_named_t ipds_spd_got_esp;
88 	kstat_named_t ipds_spd_got_selfencap;
89 	kstat_named_t ipds_spd_bad_selfencap;
90 	kstat_named_t ipds_spd_nomem;
91 	kstat_named_t ipds_spd_ah_badid;
92 	kstat_named_t ipds_spd_esp_badid;
93 
94 	/* ESP-specific drop statistics. */
95 	kstat_named_t ipds_esp_nomem;
96 	kstat_named_t ipds_esp_no_sa;
97 	kstat_named_t ipds_esp_early_replay;
98 	kstat_named_t ipds_esp_replay;
99 	kstat_named_t ipds_esp_bytes_expire;
100 	kstat_named_t ipds_esp_bad_padlen;
101 	kstat_named_t ipds_esp_bad_padding;
102 	kstat_named_t ipds_esp_bad_auth;
103 	kstat_named_t ipds_esp_crypto_failed;
104 	kstat_named_t ipds_esp_icmp;
105 
106 	/* AH-specific drop statistics. */
107 	kstat_named_t ipds_ah_nomem;
108 	kstat_named_t ipds_ah_bad_v6_hdrs;
109 	kstat_named_t ipds_ah_bad_v4_opts;
110 	kstat_named_t ipds_ah_no_sa;
111 	kstat_named_t ipds_ah_bad_length;
112 	kstat_named_t ipds_ah_bad_auth;
113 	kstat_named_t ipds_ah_crypto_failed;
114 	kstat_named_t ipds_ah_early_replay;
115 	kstat_named_t ipds_ah_replay;
116 	kstat_named_t ipds_ah_bytes_expire;
117 
118 	/* IP-specific drop statistics. */
119 	kstat_named_t ipds_ip_ipsec_not_loaded;
120 };
121 
122 /*
123  * Use this section to create easy-to-name definitions for specific IP Drop
124  * statistics.  As a naming convention, prefix them with ipdrops_<foo>.
125  */
126 /* TCP IPsec drop statistics. */
127 #define	ipdrops_tcp_clear	ip_drop_types->ipds_tcp_clear
128 #define	ipdrops_tcp_secure	ip_drop_types->ipds_tcp_secure
129 #define	ipdrops_tcp_mismatch	ip_drop_types->ipds_tcp_mismatch
130 #define	ipdrops_tcp_ipsec_alloc	ip_drop_types->ipds_tcp_ipsec_alloc
131 
132 /* SADB-specific drop statistics. */
133 #define	ipdrops_sadb_inlarval_timeout ip_drop_types->ipds_sadb_inlarval_timeout
134 #define	ipdrops_sadb_inlarval_replace ip_drop_types->ipds_sadb_inlarval_replace
135 #define	ipdrops_sadb_acquire_nomem	ip_drop_types->ipds_sadb_acquire_nomem
136 #define	ipdrops_sadb_acquire_toofull	ip_drop_types->ipds_sadb_acquire_toofull
137 #define	ipdrops_sadb_acquire_timeout	ip_drop_types->ipds_sadb_acquire_timeout
138 
139 /* SPD drop statistics. */
140 #define	ipdrops_spd_ahesp_diffid	ip_drop_types->ipds_spd_ahesp_diffid
141 #define	ipdrops_spd_loopback_mismatch ip_drop_types->ipds_spd_loopback_mismatch
142 #define	ipdrops_spd_explicit		ip_drop_types->ipds_spd_explicit
143 #define	ipdrops_spd_got_secure		ip_drop_types->ipds_spd_got_secure
144 #define	ipdrops_spd_got_clear		ip_drop_types->ipds_spd_got_clear
145 #define	ipdrops_spd_bad_ahalg		ip_drop_types->ipds_spd_bad_ahalg
146 #define	ipdrops_spd_got_ah		ip_drop_types->ipds_spd_got_ah
147 #define	ipdrops_spd_bad_espealg		ip_drop_types->ipds_spd_bad_espealg
148 #define	ipdrops_spd_bad_espaalg		ip_drop_types->ipds_spd_bad_espaalg
149 #define	ipdrops_spd_got_esp		ip_drop_types->ipds_spd_got_esp
150 #define	ipdrops_spd_got_selfencap	ip_drop_types->ipds_spd_got_selfencap
151 #define	ipdrops_spd_bad_selfencap	ip_drop_types->ipds_spd_bad_selfencap
152 #define	ipdrops_spd_nomem		ip_drop_types->ipds_spd_nomem
153 #define	ipdrops_spd_ah_badid		ip_drop_types->ipds_spd_ah_badid
154 #define	ipdrops_spd_esp_badid		ip_drop_types->ipds_spd_esp_badid
155 
156 /* ESP-specific drop statistics. */
157 #define	ipdrops_esp_nomem		ip_drop_types->ipds_esp_nomem
158 #define	ipdrops_esp_no_sa		ip_drop_types->ipds_esp_no_sa
159 #define	ipdrops_esp_early_replay	ip_drop_types->ipds_esp_early_replay
160 #define	ipdrops_esp_replay		ip_drop_types->ipds_esp_replay
161 #define	ipdrops_esp_bytes_expire	ip_drop_types->ipds_esp_bytes_expire
162 #define	ipdrops_esp_bad_padlen		ip_drop_types->ipds_esp_bad_padlen
163 #define	ipdrops_esp_bad_padding		ip_drop_types->ipds_esp_bad_padding
164 #define	ipdrops_esp_bad_auth		ip_drop_types->ipds_esp_bad_auth
165 #define	ipdrops_esp_crypto_failed	ip_drop_types->ipds_esp_crypto_failed
166 #define	ipdrops_esp_icmp		ip_drop_types->ipds_esp_icmp
167 
168 /* AH-specific drop statistics. */
169 #define	ipdrops_ah_nomem		ip_drop_types->ipds_ah_nomem
170 #define	ipdrops_ah_bad_v6_hdrs		ip_drop_types->ipds_ah_bad_v6_hdrs
171 #define	ipdrops_ah_bad_v4_opts		ip_drop_types->ipds_ah_bad_v4_opts
172 #define	ipdrops_ah_no_sa		ip_drop_types->ipds_ah_no_sa
173 #define	ipdrops_ah_bad_length		ip_drop_types->ipds_ah_bad_length
174 #define	ipdrops_ah_bad_auth		ip_drop_types->ipds_ah_bad_auth
175 #define	ipdrops_ah_crypto_failed	ip_drop_types->ipds_ah_crypto_failed
176 #define	ipdrops_ah_early_replay		ip_drop_types->ipds_ah_early_replay
177 #define	ipdrops_ah_replay		ip_drop_types->ipds_ah_replay
178 #define	ipdrops_ah_bytes_expire		ip_drop_types->ipds_ah_bytes_expire
179 
180 /* IP-specific drop statistics. */
181 #define	ipdrops_ip_ipsec_not_loaded	ip_drop_types->ipds_ip_ipsec_not_loaded
182 
183 #ifdef	__cplusplus
184 }
185 #endif
186 
187 #endif	/* _INET_IPDROP_H */
188