xref: /titanic_51/usr/src/uts/common/inet/ipdrop.h (revision bb25c06cca41ca78e5fb87fbb8e81d55beb18c95) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef _INET_IPDROP_H
27 #define	_INET_IPDROP_H
28 
29 #pragma ident	"%Z%%M%	%I%	%E% SMI"
30 
31 #ifdef	__cplusplus
32 extern "C" {
33 #endif
34 
35 /*
36  * Opaque data type which will contain state about an entity that is dropping
37  * a packet (e.g. IPsec SPD, IPsec SADB, TCP, IP forwarding, etc.).
38  */
39 typedef struct ipdropper_s {
40 	char *ipd_name;
41 } ipdropper_t;
42 
43 void ip_drop_register(ipdropper_t *, char *);
44 void ip_drop_unregister(ipdropper_t *);
45 void ip_drop_packet(mblk_t *, boolean_t, ill_t *, ire_t *, struct kstat_named *,
46     ipdropper_t *);
47 
48 extern kstat_t *ip_drop_kstat;
49 extern struct ip_dropstats *ip_drop_types;
50 void ip_drop_init(void);
51 void ip_drop_destroy(void);
52 
53 /*
54  * ip_dropstats - When a protocol developer comes up with a new reason to
55  * drop a packet, it should have a bean counter placed here in this structure,
56  * an ipdrops_* definition for that bean counter, and an initializer in
57  * ipdrop.c's ip_drop_init().
58  *
59  * This will suffice until we come up with a more dynamic way of adding
60  * named kstats to a single kstat instance (if that is possible).
61  */
62 struct ip_dropstats {
63 	/* TCP IPsec drop statistics. */
64 	kstat_named_t ipds_tcp_clear;
65 	kstat_named_t ipds_tcp_secure;
66 	kstat_named_t ipds_tcp_mismatch;
67 	kstat_named_t ipds_tcp_ipsec_alloc;
68 
69 	/* SADB-specific drop statistics. */
70 	kstat_named_t ipds_sadb_inlarval_timeout;
71 	kstat_named_t ipds_sadb_inlarval_replace;
72 	kstat_named_t ipds_sadb_acquire_nomem;
73 	kstat_named_t ipds_sadb_acquire_toofull;
74 	kstat_named_t ipds_sadb_acquire_timeout;
75 
76 	/* SPD drop statistics. */
77 	kstat_named_t ipds_spd_ahesp_diffid;
78 	kstat_named_t ipds_spd_loopback_mismatch;
79 	kstat_named_t ipds_spd_explicit;
80 	kstat_named_t ipds_spd_got_secure;
81 	kstat_named_t ipds_spd_got_clear;
82 	kstat_named_t ipds_spd_bad_ahalg;
83 	kstat_named_t ipds_spd_got_ah;
84 	kstat_named_t ipds_spd_bad_espealg;
85 	kstat_named_t ipds_spd_bad_espaalg;
86 	kstat_named_t ipds_spd_got_esp;
87 	kstat_named_t ipds_spd_got_selfencap;
88 	kstat_named_t ipds_spd_bad_selfencap;
89 	kstat_named_t ipds_spd_nomem;
90 	kstat_named_t ipds_spd_ah_badid;
91 	kstat_named_t ipds_spd_esp_badid;
92 	kstat_named_t ipds_spd_ah_innermismatch;
93 	kstat_named_t ipds_spd_esp_innermismatch;
94 	kstat_named_t ipds_spd_no_policy;
95 	kstat_named_t ipds_spd_malformed_packet;
96 	kstat_named_t ipds_spd_malformed_frag;
97 	kstat_named_t ipds_spd_overlap_frag;
98 	kstat_named_t ipds_spd_evil_frag;
99 	kstat_named_t ipds_spd_max_frags;
100 
101 	/* ESP-specific drop statistics. */
102 	kstat_named_t ipds_esp_nomem;
103 	kstat_named_t ipds_esp_no_sa;
104 	kstat_named_t ipds_esp_early_replay;
105 	kstat_named_t ipds_esp_replay;
106 	kstat_named_t ipds_esp_bytes_expire;
107 	kstat_named_t ipds_esp_bad_padlen;
108 	kstat_named_t ipds_esp_bad_padding;
109 	kstat_named_t ipds_esp_bad_auth;
110 	kstat_named_t ipds_esp_crypto_failed;
111 	kstat_named_t ipds_esp_icmp;
112 
113 	/* AH-specific drop statistics. */
114 	kstat_named_t ipds_ah_nomem;
115 	kstat_named_t ipds_ah_bad_v6_hdrs;
116 	kstat_named_t ipds_ah_bad_v4_opts;
117 	kstat_named_t ipds_ah_no_sa;
118 	kstat_named_t ipds_ah_bad_length;
119 	kstat_named_t ipds_ah_bad_auth;
120 	kstat_named_t ipds_ah_crypto_failed;
121 	kstat_named_t ipds_ah_early_replay;
122 	kstat_named_t ipds_ah_replay;
123 	kstat_named_t ipds_ah_bytes_expire;
124 
125 	/* IP-specific drop statistics. */
126 	kstat_named_t ipds_ip_ipsec_not_loaded;
127 };
128 
129 /*
130  * Use this section to create easy-to-name definitions for specific IP Drop
131  * statistics.  As a naming convention, prefix them with ipdrops_<foo>.
132  */
133 /* TCP IPsec drop statistics. */
134 #define	ipdrops_tcp_clear	ip_drop_types->ipds_tcp_clear
135 #define	ipdrops_tcp_secure	ip_drop_types->ipds_tcp_secure
136 #define	ipdrops_tcp_mismatch	ip_drop_types->ipds_tcp_mismatch
137 #define	ipdrops_tcp_ipsec_alloc	ip_drop_types->ipds_tcp_ipsec_alloc
138 
139 /* SADB-specific drop statistics. */
140 #define	ipdrops_sadb_inlarval_timeout ip_drop_types->ipds_sadb_inlarval_timeout
141 #define	ipdrops_sadb_inlarval_replace ip_drop_types->ipds_sadb_inlarval_replace
142 #define	ipdrops_sadb_acquire_nomem	ip_drop_types->ipds_sadb_acquire_nomem
143 #define	ipdrops_sadb_acquire_toofull	ip_drop_types->ipds_sadb_acquire_toofull
144 #define	ipdrops_sadb_acquire_timeout	ip_drop_types->ipds_sadb_acquire_timeout
145 
146 /* SPD drop statistics. */
147 #define	ipdrops_spd_ahesp_diffid	ip_drop_types->ipds_spd_ahesp_diffid
148 #define	ipdrops_spd_loopback_mismatch ip_drop_types->ipds_spd_loopback_mismatch
149 #define	ipdrops_spd_explicit		ip_drop_types->ipds_spd_explicit
150 #define	ipdrops_spd_got_secure		ip_drop_types->ipds_spd_got_secure
151 #define	ipdrops_spd_got_clear		ip_drop_types->ipds_spd_got_clear
152 #define	ipdrops_spd_bad_ahalg		ip_drop_types->ipds_spd_bad_ahalg
153 #define	ipdrops_spd_got_ah		ip_drop_types->ipds_spd_got_ah
154 #define	ipdrops_spd_bad_espealg		ip_drop_types->ipds_spd_bad_espealg
155 #define	ipdrops_spd_bad_espaalg		ip_drop_types->ipds_spd_bad_espaalg
156 #define	ipdrops_spd_got_esp		ip_drop_types->ipds_spd_got_esp
157 #define	ipdrops_spd_got_selfencap	ip_drop_types->ipds_spd_got_selfencap
158 #define	ipdrops_spd_bad_selfencap	ip_drop_types->ipds_spd_bad_selfencap
159 #define	ipdrops_spd_nomem		ip_drop_types->ipds_spd_nomem
160 #define	ipdrops_spd_ah_badid		ip_drop_types->ipds_spd_ah_badid
161 #define	ipdrops_spd_esp_badid		ip_drop_types->ipds_spd_esp_badid
162 #define	ipdrops_spd_ah_innermismatch	\
163 				ip_drop_types->ipds_spd_ah_innermismatch
164 #define	ipdrops_spd_esp_innermismatch	\
165 				ip_drop_types->ipds_spd_esp_innermismatch
166 #define	ipdrops_spd_no_policy		ip_drop_types->ipds_spd_no_policy
167 #define	ipdrops_spd_malformed_packet	ip_drop_types->ipds_spd_malformed_packet
168 #define	ipdrops_spd_malformed_frag	ip_drop_types->ipds_spd_malformed_frag
169 #define	ipdrops_spd_overlap_frag	ip_drop_types->ipds_spd_overlap_frag
170 #define	ipdrops_spd_evil_frag		ip_drop_types->ipds_spd_evil_frag
171 #define	ipdrops_spd_max_frags		ip_drop_types->ipds_spd_max_frags
172 
173 /* ESP-specific drop statistics. */
174 #define	ipdrops_esp_nomem		ip_drop_types->ipds_esp_nomem
175 #define	ipdrops_esp_no_sa		ip_drop_types->ipds_esp_no_sa
176 #define	ipdrops_esp_early_replay	ip_drop_types->ipds_esp_early_replay
177 #define	ipdrops_esp_replay		ip_drop_types->ipds_esp_replay
178 #define	ipdrops_esp_bytes_expire	ip_drop_types->ipds_esp_bytes_expire
179 #define	ipdrops_esp_bad_padlen		ip_drop_types->ipds_esp_bad_padlen
180 #define	ipdrops_esp_bad_padding		ip_drop_types->ipds_esp_bad_padding
181 #define	ipdrops_esp_bad_auth		ip_drop_types->ipds_esp_bad_auth
182 #define	ipdrops_esp_crypto_failed	ip_drop_types->ipds_esp_crypto_failed
183 #define	ipdrops_esp_icmp		ip_drop_types->ipds_esp_icmp
184 
185 /* AH-specific drop statistics. */
186 #define	ipdrops_ah_nomem		ip_drop_types->ipds_ah_nomem
187 #define	ipdrops_ah_bad_v6_hdrs		ip_drop_types->ipds_ah_bad_v6_hdrs
188 #define	ipdrops_ah_bad_v4_opts		ip_drop_types->ipds_ah_bad_v4_opts
189 #define	ipdrops_ah_no_sa		ip_drop_types->ipds_ah_no_sa
190 #define	ipdrops_ah_bad_length		ip_drop_types->ipds_ah_bad_length
191 #define	ipdrops_ah_bad_auth		ip_drop_types->ipds_ah_bad_auth
192 #define	ipdrops_ah_crypto_failed	ip_drop_types->ipds_ah_crypto_failed
193 #define	ipdrops_ah_early_replay		ip_drop_types->ipds_ah_early_replay
194 #define	ipdrops_ah_replay		ip_drop_types->ipds_ah_replay
195 #define	ipdrops_ah_bytes_expire		ip_drop_types->ipds_ah_bytes_expire
196 
197 /* IP-specific drop statistics. */
198 #define	ipdrops_ip_ipsec_not_loaded	ip_drop_types->ipds_ip_ipsec_not_loaded
199 
200 #ifdef	__cplusplus
201 }
202 #endif
203 
204 #endif	/* _INET_IPDROP_H */
205