Line data Source code
1 : /* $OpenBSD: ip_esp.h,v 1.46 2017/11/08 16:29:20 visa Exp $ */
2 : /*
3 : * The authors of this code are John Ioannidis (ji@tla.org),
4 : * Angelos D. Keromytis (kermit@csd.uch.gr) and
5 : * Niels Provos (provos@physnet.uni-hamburg.de).
6 : *
7 : * The original version of this code was written by John Ioannidis
8 : * for BSD/OS in Athens, Greece, in November 1995.
9 : *
10 : * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
11 : * by Angelos D. Keromytis.
12 : *
13 : * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
14 : * and Niels Provos.
15 : *
16 : * Additional features in 1999 by Angelos D. Keromytis.
17 : *
18 : * Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,
19 : * Angelos D. Keromytis and Niels Provos.
20 : * Copyright (c) 2001 Angelos D. Keromytis.
21 : *
22 : * Permission to use, copy, and modify this software with or without fee
23 : * is hereby granted, provided that this entire notice is included in
24 : * all copies of any software which is or includes a copy or
25 : * modification of this software.
26 : * You may use this code under the GNU public license if you so wish. Please
27 : * contribute changes back to the authors under this freer than GPL license
28 : * so that we may further the use of strong encryption without limitations to
29 : * all.
30 : *
31 : * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
32 : * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
33 : * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
34 : * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
35 : * PURPOSE.
36 : */
37 :
38 : #ifndef _NETINET_IP_ESP_H_
39 : #define _NETINET_IP_ESP_H_
40 :
41 : struct espstat {
42 : uint64_t esps_hdrops; /* Packet shorter than header shows */
43 : uint64_t esps_nopf; /* Protocol family not supported */
44 : uint64_t esps_notdb;
45 : uint64_t esps_badkcr;
46 : uint64_t esps_qfull;
47 : uint64_t esps_noxform;
48 : uint64_t esps_badilen;
49 : uint64_t esps_wrap; /* Replay counter wrapped around */
50 : uint64_t esps_badenc; /* Bad encryption detected */
51 : uint64_t esps_badauth; /* Only valid for transforms
52 : * with auth */
53 : uint64_t esps_replay; /* Possible packet replay detected */
54 : uint64_t esps_input; /* Input ESP packets */
55 : uint64_t esps_output; /* Output ESP packets */
56 : uint64_t esps_invalid; /* Trying to use an invalid TDB */
57 : uint64_t esps_ibytes; /* Input bytes */
58 : uint64_t esps_obytes; /* Output bytes */
59 : uint64_t esps_toobig; /* Packet got larger than
60 : * IP_MAXPACKET */
61 : uint64_t esps_pdrops; /* Packet blocked due to policy */
62 : uint64_t esps_crypto; /* Crypto processing failure */
63 : uint64_t esps_udpencin; /* Input ESP-in-UDP packets */
64 : uint64_t esps_udpencout; /* Output ESP-in-UDP packets */
65 : uint64_t esps_udpinval; /* Invalid input ESP-in-UDP packets */
66 : uint64_t esps_udpneeded; /* Trying to use a ESP-in-UDP TDB */
67 : uint64_t esps_outfail; /* Packet output failure */
68 : };
69 :
70 : /*
71 : * Names for ESP sysctl objects
72 : */
73 : #define ESPCTL_ENABLE 1 /* Enable ESP processing */
74 : #define ESPCTL_UDPENCAP_ENABLE 2 /* Enable ESP over UDP */
75 : #define ESPCTL_UDPENCAP_PORT 3 /* UDP port for encapsulation */
76 : #define ESPCTL_STATS 4 /* ESP Stats */
77 : #define ESPCTL_MAXID 5
78 :
79 : #define ESPCTL_NAMES { \
80 : { 0, 0 }, \
81 : { "enable", CTLTYPE_INT }, \
82 : { "udpencap", CTLTYPE_INT }, \
83 : { "udpencap_port", CTLTYPE_INT }, \
84 : { "stats", CTLTYPE_STRUCT }, \
85 : }
86 :
87 : #define ESPCTL_VARS { \
88 : NULL, \
89 : &esp_enable, \
90 : &udpencap_enable, \
91 : &udpencap_port, \
92 : NULL \
93 : }
94 :
95 : #ifdef _KERNEL
96 :
97 : #include <sys/percpu.h>
98 :
99 : enum espstat_counters {
100 : esps_hdrops, /* Packet shorter than header shows */
101 : esps_nopf, /* Protocol family not supported */
102 : esps_notdb,
103 : esps_badkcr,
104 : esps_qfull,
105 : esps_noxform,
106 : esps_badilen,
107 : esps_wrap, /* Replay counter wrapped around */
108 : esps_badenc, /* Bad encryption detected */
109 : esps_badauth, /* Only valid for transformsx
110 : * with auth */
111 : esps_replay, /* Possible packet replay detected */
112 : esps_input, /* Input ESP packets */
113 : esps_output, /* Output ESP packets */
114 : esps_invalid, /* Trying to use an invalid TDB */
115 : esps_ibytes, /* Input bytes */
116 : esps_obytes, /* Output bytes */
117 : esps_toobig, /* Packet got larger than
118 : * IP_MAXPACKET */
119 : esps_pdrops, /* Packet blocked due to policy */
120 : esps_crypto, /* Crypto processing failure */
121 : esps_udpencin, /* Input ESP-in-UDP packets */
122 : esps_udpencout, /* Output ESP-in-UDP packets */
123 : esps_udpinval, /* Invalid input ESP-in-UDP packets */
124 : esps_udpneeded, /* Trying to use a ESP-in-UDP TDB */
125 : esps_outfail, /* Packet output failure */
126 :
127 : esps_ncounters
128 : };
129 :
130 : extern struct cpumem *espcounters;
131 :
132 : static inline void
133 0 : espstat_inc(enum espstat_counters c)
134 : {
135 0 : counters_inc(espcounters, c);
136 0 : }
137 :
138 : static inline void
139 0 : espstat_add(enum espstat_counters c, uint64_t v)
140 : {
141 0 : counters_add(espcounters, c, v);
142 0 : }
143 :
144 : extern int esp_enable;
145 : extern int udpencap_enable;
146 : extern int udpencap_port;
147 :
148 : #endif /* _KERNEL */
149 : #endif /* _NETINET_IP_ESP_H_ */
|
