xref: /titanic_51/usr/src/uts/common/inet/ipdrop.h (revision 0cd13cbfb4270b840b4bd22ec5f673b2b6a2c02b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _INET_IPDROP_H
27 #define	_INET_IPDROP_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef	__cplusplus
32 extern "C" {
33 #endif
34 
35 #ifdef _KERNEL
36 /*
37  * Opaque data type which will contain state about an entity that is dropping
38  * a packet (e.g. IPsec SPD, IPsec SADB, TCP, IP forwarding, etc.).
39  */
40 typedef struct ipdropper_s {
41 	char *ipd_name;
42 } ipdropper_t;
43 
44 void ip_drop_register(ipdropper_t *, char *);
45 void ip_drop_unregister(ipdropper_t *);
46 void ip_drop_packet(mblk_t *, boolean_t, ill_t *, ire_t *, struct kstat_named *,
47     ipdropper_t *);
48 
49 /*
50  * ip_dropstats - When a protocol developer comes up with a new reason to
51  * drop a packet, it should have a bean counter placed here in this structure,
52  * and an initializer in ipdrop.c's ip_drop_init().
53  *
54  * This will suffice until we come up with a more dynamic way of adding
55  * named kstats to a single kstat instance (if that is possible).
56  */
57 struct ip_dropstats {
58 	/* TCP IPsec drop statistics. */
59 	kstat_named_t ipds_tcp_clear;
60 	kstat_named_t ipds_tcp_secure;
61 	kstat_named_t ipds_tcp_mismatch;
62 	kstat_named_t ipds_tcp_ipsec_alloc;
63 
64 	/* SADB-specific drop statistics. */
65 	kstat_named_t ipds_sadb_inlarval_timeout;
66 	kstat_named_t ipds_sadb_inlarval_replace;
67 	kstat_named_t ipds_sadb_acquire_nomem;
68 	kstat_named_t ipds_sadb_acquire_toofull;
69 	kstat_named_t ipds_sadb_acquire_timeout;
70 
71 	/* SPD drop statistics. */
72 	kstat_named_t ipds_spd_ahesp_diffid;
73 	kstat_named_t ipds_spd_loopback_mismatch;
74 	kstat_named_t ipds_spd_explicit;
75 	kstat_named_t ipds_spd_got_secure;
76 	kstat_named_t ipds_spd_got_clear;
77 	kstat_named_t ipds_spd_bad_ahalg;
78 	kstat_named_t ipds_spd_got_ah;
79 	kstat_named_t ipds_spd_bad_espealg;
80 	kstat_named_t ipds_spd_bad_espaalg;
81 	kstat_named_t ipds_spd_got_esp;
82 	kstat_named_t ipds_spd_got_selfencap;
83 	kstat_named_t ipds_spd_bad_selfencap;
84 	kstat_named_t ipds_spd_nomem;
85 	kstat_named_t ipds_spd_ah_badid;
86 	kstat_named_t ipds_spd_esp_badid;
87 	kstat_named_t ipds_spd_ah_innermismatch;
88 	kstat_named_t ipds_spd_esp_innermismatch;
89 	kstat_named_t ipds_spd_no_policy;
90 	kstat_named_t ipds_spd_malformed_packet;
91 	kstat_named_t ipds_spd_malformed_frag;
92 	kstat_named_t ipds_spd_overlap_frag;
93 	kstat_named_t ipds_spd_evil_frag;
94 	kstat_named_t ipds_spd_max_frags;
95 
96 	/* ESP-specific drop statistics. */
97 	kstat_named_t ipds_esp_nomem;
98 	kstat_named_t ipds_esp_no_sa;
99 	kstat_named_t ipds_esp_early_replay;
100 	kstat_named_t ipds_esp_replay;
101 	kstat_named_t ipds_esp_bytes_expire;
102 	kstat_named_t ipds_esp_bad_padlen;
103 	kstat_named_t ipds_esp_bad_padding;
104 	kstat_named_t ipds_esp_bad_auth;
105 	kstat_named_t ipds_esp_crypto_failed;
106 	kstat_named_t ipds_esp_icmp;
107 	kstat_named_t ipds_esp_nat_t_ipsec;
108 	kstat_named_t ipds_esp_nat_t_ka;
109 
110 	/* AH-specific drop statistics. */
111 	kstat_named_t ipds_ah_nomem;
112 	kstat_named_t ipds_ah_bad_v6_hdrs;
113 	kstat_named_t ipds_ah_bad_v4_opts;
114 	kstat_named_t ipds_ah_no_sa;
115 	kstat_named_t ipds_ah_bad_length;
116 	kstat_named_t ipds_ah_bad_auth;
117 	kstat_named_t ipds_ah_crypto_failed;
118 	kstat_named_t ipds_ah_early_replay;
119 	kstat_named_t ipds_ah_replay;
120 	kstat_named_t ipds_ah_bytes_expire;
121 
122 	/* IP-specific drop statistics. */
123 	kstat_named_t ipds_ip_ipsec_not_loaded;
124 };
125 
126 #endif /* _KERNEL */
127 
128 #ifdef	__cplusplus
129 }
130 #endif
131 
132 #endif	/* _INET_IPDROP_H */
133