17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 58810c16bSdanmcd * Common Development and Distribution License (the "License"). 68810c16bSdanmcd * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22628b0c67SMark Fenwick * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #ifndef _INET_IPDROP_H 277c478bd9Sstevel@tonic-gate #define _INET_IPDROP_H 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #ifdef __cplusplus 307c478bd9Sstevel@tonic-gate extern "C" { 317c478bd9Sstevel@tonic-gate #endif 327c478bd9Sstevel@tonic-gate 33f4b3ec61Sdh155122 #ifdef _KERNEL 347c478bd9Sstevel@tonic-gate /* 357c478bd9Sstevel@tonic-gate * Opaque data type which will contain state about an entity that is dropping 367c478bd9Sstevel@tonic-gate * a packet (e.g. IPsec SPD, IPsec SADB, TCP, IP forwarding, etc.). 377c478bd9Sstevel@tonic-gate */ 387c478bd9Sstevel@tonic-gate typedef struct ipdropper_s { 397c478bd9Sstevel@tonic-gate char *ipd_name; 407c478bd9Sstevel@tonic-gate } ipdropper_t; 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate void ip_drop_register(ipdropper_t *, char *); 437c478bd9Sstevel@tonic-gate void ip_drop_unregister(ipdropper_t *); 44bd670b35SErik Nordmark void ip_drop_packet(mblk_t *, boolean_t, ill_t *, struct kstat_named *, 457c478bd9Sstevel@tonic-gate ipdropper_t *); 46bd670b35SErik Nordmark void ip_drop_input(char *, mblk_t *, ill_t *); 47bd670b35SErik Nordmark void ip_drop_output(char *, mblk_t *, ill_t *); 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate /* 507c478bd9Sstevel@tonic-gate * ip_dropstats - When a protocol developer comes up with a new reason to 517c478bd9Sstevel@tonic-gate * drop a packet, it should have a bean counter placed here in this structure, 52f4b3ec61Sdh155122 * and an initializer in ipdrop.c's ip_drop_init(). 537c478bd9Sstevel@tonic-gate * 547c478bd9Sstevel@tonic-gate * This will suffice until we come up with a more dynamic way of adding 557c478bd9Sstevel@tonic-gate * named kstats to a single kstat instance (if that is possible). 567c478bd9Sstevel@tonic-gate */ 577c478bd9Sstevel@tonic-gate struct ip_dropstats { 587c478bd9Sstevel@tonic-gate /* TCP IPsec drop statistics. */ 597c478bd9Sstevel@tonic-gate kstat_named_t ipds_tcp_clear; 607c478bd9Sstevel@tonic-gate kstat_named_t ipds_tcp_secure; 617c478bd9Sstevel@tonic-gate kstat_named_t ipds_tcp_mismatch; 627c478bd9Sstevel@tonic-gate kstat_named_t ipds_tcp_ipsec_alloc; 637c478bd9Sstevel@tonic-gate 647c478bd9Sstevel@tonic-gate /* SADB-specific drop statistics. */ 657c478bd9Sstevel@tonic-gate kstat_named_t ipds_sadb_inlarval_timeout; 667c478bd9Sstevel@tonic-gate kstat_named_t ipds_sadb_inlarval_replace; 679c2c14abSThejaswini Singarajipura kstat_named_t ipds_sadb_inidle_timeout; 689c2c14abSThejaswini Singarajipura kstat_named_t ipds_sadb_inidle_overflow; 697c478bd9Sstevel@tonic-gate kstat_named_t ipds_sadb_acquire_nomem; 707c478bd9Sstevel@tonic-gate kstat_named_t ipds_sadb_acquire_toofull; 717c478bd9Sstevel@tonic-gate kstat_named_t ipds_sadb_acquire_timeout; 727c478bd9Sstevel@tonic-gate 737c478bd9Sstevel@tonic-gate /* SPD drop statistics. */ 747c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_ahesp_diffid; 757c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_loopback_mismatch; 767c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_explicit; 777c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_got_secure; 787c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_got_clear; 797c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_bad_ahalg; 807c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_got_ah; 817c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_bad_espealg; 827c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_bad_espaalg; 837c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_got_esp; 847c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_got_selfencap; 857c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_bad_selfencap; 867c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_nomem; 877c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_ah_badid; 887c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_esp_badid; 8907b56925Ssommerfe kstat_named_t ipds_spd_ah_innermismatch; 9007b56925Ssommerfe kstat_named_t ipds_spd_esp_innermismatch; 918810c16bSdanmcd kstat_named_t ipds_spd_no_policy; 928810c16bSdanmcd kstat_named_t ipds_spd_malformed_packet; 938810c16bSdanmcd kstat_named_t ipds_spd_malformed_frag; 948810c16bSdanmcd kstat_named_t ipds_spd_overlap_frag; 958810c16bSdanmcd kstat_named_t ipds_spd_evil_frag; 968810c16bSdanmcd kstat_named_t ipds_spd_max_frags; 97*d1a98e54SPaul Wernau kstat_named_t ipds_spd_expired_frags; 987c478bd9Sstevel@tonic-gate 997c478bd9Sstevel@tonic-gate /* ESP-specific drop statistics. */ 1007c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_nomem; 1017c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_no_sa; 1027c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_early_replay; 1037c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_replay; 1047c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_bytes_expire; 1057c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_bad_padlen; 1067c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_bad_padding; 1077c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_bad_auth; 1087c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_crypto_failed; 1097c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_icmp; 110437220cdSdanmcd kstat_named_t ipds_esp_nat_t_ipsec; 111437220cdSdanmcd kstat_named_t ipds_esp_nat_t_ka; 112628b0c67SMark Fenwick kstat_named_t ipds_esp_iv_wrap; 1137c478bd9Sstevel@tonic-gate 1147c478bd9Sstevel@tonic-gate /* AH-specific drop statistics. */ 1157c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_nomem; 1167c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_bad_v6_hdrs; 1177c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_bad_v4_opts; 1187c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_no_sa; 1197c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_bad_length; 1207c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_bad_auth; 1217c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_crypto_failed; 1227c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_early_replay; 1237c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_replay; 1247c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_bytes_expire; 1257c478bd9Sstevel@tonic-gate 1267c478bd9Sstevel@tonic-gate /* IP-specific drop statistics. */ 1277c478bd9Sstevel@tonic-gate kstat_named_t ipds_ip_ipsec_not_loaded; 1287c478bd9Sstevel@tonic-gate }; 1297c478bd9Sstevel@tonic-gate 130f4b3ec61Sdh155122 #endif /* _KERNEL */ 1317c478bd9Sstevel@tonic-gate #ifdef __cplusplus 1327c478bd9Sstevel@tonic-gate } 1337c478bd9Sstevel@tonic-gate #endif 1347c478bd9Sstevel@tonic-gate 1357c478bd9Sstevel@tonic-gate #endif /* _INET_IPDROP_H */ 136