17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 58810c16bSdanmcd * Common Development and Distribution License (the "License"). 68810c16bSdanmcd * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22*f4b3ec61Sdh155122 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate #ifndef _INET_IPDROP_H 277c478bd9Sstevel@tonic-gate #define _INET_IPDROP_H 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 307c478bd9Sstevel@tonic-gate 317c478bd9Sstevel@tonic-gate #ifdef __cplusplus 327c478bd9Sstevel@tonic-gate extern "C" { 337c478bd9Sstevel@tonic-gate #endif 347c478bd9Sstevel@tonic-gate 35*f4b3ec61Sdh155122 #ifdef _KERNEL 367c478bd9Sstevel@tonic-gate /* 377c478bd9Sstevel@tonic-gate * Opaque data type which will contain state about an entity that is dropping 387c478bd9Sstevel@tonic-gate * a packet (e.g. IPsec SPD, IPsec SADB, TCP, IP forwarding, etc.). 397c478bd9Sstevel@tonic-gate */ 407c478bd9Sstevel@tonic-gate typedef struct ipdropper_s { 417c478bd9Sstevel@tonic-gate char *ipd_name; 427c478bd9Sstevel@tonic-gate } ipdropper_t; 437c478bd9Sstevel@tonic-gate 447c478bd9Sstevel@tonic-gate void ip_drop_register(ipdropper_t *, char *); 457c478bd9Sstevel@tonic-gate void ip_drop_unregister(ipdropper_t *); 467c478bd9Sstevel@tonic-gate void ip_drop_packet(mblk_t *, boolean_t, ill_t *, ire_t *, struct kstat_named *, 477c478bd9Sstevel@tonic-gate ipdropper_t *); 487c478bd9Sstevel@tonic-gate 497c478bd9Sstevel@tonic-gate /* 507c478bd9Sstevel@tonic-gate * ip_dropstats - When a protocol developer comes up with a new reason to 517c478bd9Sstevel@tonic-gate * drop a packet, it should have a bean counter placed here in this structure, 52*f4b3ec61Sdh155122 * and an initializer in ipdrop.c's ip_drop_init(). 537c478bd9Sstevel@tonic-gate * 547c478bd9Sstevel@tonic-gate * This will suffice until we come up with a more dynamic way of adding 557c478bd9Sstevel@tonic-gate * named kstats to a single kstat instance (if that is possible). 567c478bd9Sstevel@tonic-gate */ 577c478bd9Sstevel@tonic-gate struct ip_dropstats { 587c478bd9Sstevel@tonic-gate /* TCP IPsec drop statistics. */ 597c478bd9Sstevel@tonic-gate kstat_named_t ipds_tcp_clear; 607c478bd9Sstevel@tonic-gate kstat_named_t ipds_tcp_secure; 617c478bd9Sstevel@tonic-gate kstat_named_t ipds_tcp_mismatch; 627c478bd9Sstevel@tonic-gate kstat_named_t ipds_tcp_ipsec_alloc; 637c478bd9Sstevel@tonic-gate 647c478bd9Sstevel@tonic-gate /* SADB-specific drop statistics. */ 657c478bd9Sstevel@tonic-gate kstat_named_t ipds_sadb_inlarval_timeout; 667c478bd9Sstevel@tonic-gate kstat_named_t ipds_sadb_inlarval_replace; 677c478bd9Sstevel@tonic-gate kstat_named_t ipds_sadb_acquire_nomem; 687c478bd9Sstevel@tonic-gate kstat_named_t ipds_sadb_acquire_toofull; 697c478bd9Sstevel@tonic-gate kstat_named_t ipds_sadb_acquire_timeout; 707c478bd9Sstevel@tonic-gate 717c478bd9Sstevel@tonic-gate /* SPD drop statistics. */ 727c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_ahesp_diffid; 737c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_loopback_mismatch; 747c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_explicit; 757c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_got_secure; 767c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_got_clear; 777c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_bad_ahalg; 787c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_got_ah; 797c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_bad_espealg; 807c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_bad_espaalg; 817c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_got_esp; 827c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_got_selfencap; 837c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_bad_selfencap; 847c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_nomem; 857c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_ah_badid; 867c478bd9Sstevel@tonic-gate kstat_named_t ipds_spd_esp_badid; 8707b56925Ssommerfe kstat_named_t ipds_spd_ah_innermismatch; 8807b56925Ssommerfe kstat_named_t ipds_spd_esp_innermismatch; 898810c16bSdanmcd kstat_named_t ipds_spd_no_policy; 908810c16bSdanmcd kstat_named_t ipds_spd_malformed_packet; 918810c16bSdanmcd kstat_named_t ipds_spd_malformed_frag; 928810c16bSdanmcd kstat_named_t ipds_spd_overlap_frag; 938810c16bSdanmcd kstat_named_t ipds_spd_evil_frag; 948810c16bSdanmcd kstat_named_t ipds_spd_max_frags; 957c478bd9Sstevel@tonic-gate 967c478bd9Sstevel@tonic-gate /* ESP-specific drop statistics. */ 977c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_nomem; 987c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_no_sa; 997c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_early_replay; 1007c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_replay; 1017c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_bytes_expire; 1027c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_bad_padlen; 1037c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_bad_padding; 1047c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_bad_auth; 1057c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_crypto_failed; 1067c478bd9Sstevel@tonic-gate kstat_named_t ipds_esp_icmp; 1077c478bd9Sstevel@tonic-gate 1087c478bd9Sstevel@tonic-gate /* AH-specific drop statistics. */ 1097c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_nomem; 1107c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_bad_v6_hdrs; 1117c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_bad_v4_opts; 1127c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_no_sa; 1137c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_bad_length; 1147c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_bad_auth; 1157c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_crypto_failed; 1167c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_early_replay; 1177c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_replay; 1187c478bd9Sstevel@tonic-gate kstat_named_t ipds_ah_bytes_expire; 1197c478bd9Sstevel@tonic-gate 1207c478bd9Sstevel@tonic-gate /* IP-specific drop statistics. */ 1217c478bd9Sstevel@tonic-gate kstat_named_t ipds_ip_ipsec_not_loaded; 1227c478bd9Sstevel@tonic-gate }; 1237c478bd9Sstevel@tonic-gate 124*f4b3ec61Sdh155122 #endif /* _KERNEL */ 1257c478bd9Sstevel@tonic-gate 1267c478bd9Sstevel@tonic-gate #ifdef __cplusplus 1277c478bd9Sstevel@tonic-gate } 1287c478bd9Sstevel@tonic-gate #endif 1297c478bd9Sstevel@tonic-gate 1307c478bd9Sstevel@tonic-gate #endif /* _INET_IPDROP_H */ 131