1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _INET_IPDROP_H 27 #define _INET_IPDROP_H 28 29 #pragma ident "%Z%%M% %I% %E% SMI" 30 31 #ifdef __cplusplus 32 extern "C" { 33 #endif 34 35 #ifdef _KERNEL 36 /* 37 * Opaque data type which will contain state about an entity that is dropping 38 * a packet (e.g. IPsec SPD, IPsec SADB, TCP, IP forwarding, etc.). 39 */ 40 typedef struct ipdropper_s { 41 char *ipd_name; 42 } ipdropper_t; 43 44 void ip_drop_register(ipdropper_t *, char *); 45 void ip_drop_unregister(ipdropper_t *); 46 void ip_drop_packet(mblk_t *, boolean_t, ill_t *, ire_t *, struct kstat_named *, 47 ipdropper_t *); 48 49 /* 50 * ip_dropstats - When a protocol developer comes up with a new reason to 51 * drop a packet, it should have a bean counter placed here in this structure, 52 * and an initializer in ipdrop.c's ip_drop_init(). 53 * 54 * This will suffice until we come up with a more dynamic way of adding 55 * named kstats to a single kstat instance (if that is possible). 56 */ 57 struct ip_dropstats { 58 /* TCP IPsec drop statistics. */ 59 kstat_named_t ipds_tcp_clear; 60 kstat_named_t ipds_tcp_secure; 61 kstat_named_t ipds_tcp_mismatch; 62 kstat_named_t ipds_tcp_ipsec_alloc; 63 64 /* SADB-specific drop statistics. */ 65 kstat_named_t ipds_sadb_inlarval_timeout; 66 kstat_named_t ipds_sadb_inlarval_replace; 67 kstat_named_t ipds_sadb_acquire_nomem; 68 kstat_named_t ipds_sadb_acquire_toofull; 69 kstat_named_t ipds_sadb_acquire_timeout; 70 71 /* SPD drop statistics. */ 72 kstat_named_t ipds_spd_ahesp_diffid; 73 kstat_named_t ipds_spd_loopback_mismatch; 74 kstat_named_t ipds_spd_explicit; 75 kstat_named_t ipds_spd_got_secure; 76 kstat_named_t ipds_spd_got_clear; 77 kstat_named_t ipds_spd_bad_ahalg; 78 kstat_named_t ipds_spd_got_ah; 79 kstat_named_t ipds_spd_bad_espealg; 80 kstat_named_t ipds_spd_bad_espaalg; 81 kstat_named_t ipds_spd_got_esp; 82 kstat_named_t ipds_spd_got_selfencap; 83 kstat_named_t ipds_spd_bad_selfencap; 84 kstat_named_t ipds_spd_nomem; 85 kstat_named_t ipds_spd_ah_badid; 86 kstat_named_t ipds_spd_esp_badid; 87 kstat_named_t ipds_spd_ah_innermismatch; 88 kstat_named_t ipds_spd_esp_innermismatch; 89 kstat_named_t ipds_spd_no_policy; 90 kstat_named_t ipds_spd_malformed_packet; 91 kstat_named_t ipds_spd_malformed_frag; 92 kstat_named_t ipds_spd_overlap_frag; 93 kstat_named_t ipds_spd_evil_frag; 94 kstat_named_t ipds_spd_max_frags; 95 96 /* ESP-specific drop statistics. */ 97 kstat_named_t ipds_esp_nomem; 98 kstat_named_t ipds_esp_no_sa; 99 kstat_named_t ipds_esp_early_replay; 100 kstat_named_t ipds_esp_replay; 101 kstat_named_t ipds_esp_bytes_expire; 102 kstat_named_t ipds_esp_bad_padlen; 103 kstat_named_t ipds_esp_bad_padding; 104 kstat_named_t ipds_esp_bad_auth; 105 kstat_named_t ipds_esp_crypto_failed; 106 kstat_named_t ipds_esp_icmp; 107 kstat_named_t ipds_esp_nat_t_ipsec; 108 kstat_named_t ipds_esp_nat_t_ka; 109 110 /* AH-specific drop statistics. */ 111 kstat_named_t ipds_ah_nomem; 112 kstat_named_t ipds_ah_bad_v6_hdrs; 113 kstat_named_t ipds_ah_bad_v4_opts; 114 kstat_named_t ipds_ah_no_sa; 115 kstat_named_t ipds_ah_bad_length; 116 kstat_named_t ipds_ah_bad_auth; 117 kstat_named_t ipds_ah_crypto_failed; 118 kstat_named_t ipds_ah_early_replay; 119 kstat_named_t ipds_ah_replay; 120 kstat_named_t ipds_ah_bytes_expire; 121 122 /* IP-specific drop statistics. */ 123 kstat_named_t ipds_ip_ipsec_not_loaded; 124 }; 125 126 #endif /* _KERNEL */ 127 128 #ifdef __cplusplus 129 } 130 #endif 131 132 #endif /* _INET_IPDROP_H */ 133