xref: /netbsd-src/sys/netipsec/ipsec_var.h (revision d48f14661dda8638fee055ba15d35bdfb29b9fa8) 
1 /*	$NetBSD: ipsec_var.h,v 1.4 2005/12/10 23:44:08 elad Exp $ */
2 /*	$FreeBSD: src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $	*/
3 
4 /*-
5  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * $FreeBSD: src/tools/tools/crypto/ipsecstats.c,v 1.1.4.1 2003/06/03 00:13:13 sam Exp $
30  */
31 
32 #ifndef _NETIPSEC_IPSEC_VAR_H_
33 #define _NETIPSEC_IPSEC_VAR_H_
34 
35 /* statistics for ipsec processing */
36 struct newipsecstat {
37 	u_int64_t ips_in_polvio;	/* input: sec policy violation */
38 	u_int64_t ips_out_polvio;	/* output: sec policy violation */
39 	u_int64_t ips_out_nosa;		/* output: SA unavailable  */
40 	u_int64_t ips_out_nomem;	/* output: no memory available */
41 	u_int64_t ips_out_noroute;	/* output: no route available */
42 	u_int64_t ips_out_inval;	/* output: generic error */
43 	u_int64_t ips_out_bundlesa;	/* output: bundled SA processed */
44 	u_int64_t ips_mbcoalesced;	/* mbufs coalesced during clone */
45 	u_int64_t ips_clcoalesced;	/* clusters coalesced during clone */
46 	u_int64_t ips_clcopied;		/* clusters copied during clone */
47 	u_int64_t ips_mbinserted;	/* mbufs inserted during makespace */
48 #ifdef __NetBSD__
49 	u_int64_t ips_spdcache_lookup;
50 	u_int64_t ips_spdcache_miss;
51 #endif /* __NetBSD__ */
52 
53 	/*
54 	 * Temporary statistics for performance analysis.
55 	 */
56 	/* See where ESP/AH/IPCOMP header land in mbuf on input */
57 	u_int64_t ips_input_front;
58 	u_int64_t ips_input_middle;
59 	u_int64_t ips_input_end;
60 
61 };
62 
63 #ifdef _KERNEL
64 /*
65  * XXX JRS FIXME: later replace NetBSD sourcecode with an IPSECSTAT_POLVIO() macro.
66  * for now, map the old fields to the new fields.  */
67 #define ipsecstat newipsecstat
68 
69 #define in_polvio ips_in_polvio
70 #define out_polvio ips_out_polvio
71 #define out_inval ips_out_inval
72 #endif /*_KERNEL*/
73 
74 /*
75  * Definitions for IPsec & Key sysctl operations.
76  */
77 /*
78  * Names for IPsec & Key sysctl objects
79  */
80 #define IPSECCTL_STATS			1	/* KAME compat stats */
81 #define IPSECCTL_DEF_POLICY		2
82 #define IPSECCTL_DEF_ESP_TRANSLEV	3	/* int; ESP transport mode */
83 #define IPSECCTL_DEF_ESP_NETLEV		4	/* int; ESP tunnel mode */
84 #define IPSECCTL_DEF_AH_TRANSLEV	5	/* int; AH transport mode */
85 #define IPSECCTL_DEF_AH_NETLEV		6	/* int; AH tunnel mode */
86 #if 0	/* obsolete, do not reuse */
87 #define IPSECCTL_INBOUND_CALL_IKE	7
88 #endif
89 #define	IPSECCTL_AH_CLEARTOS		8
90 #define	IPSECCTL_AH_OFFSETMASK		9
91 #define	IPSECCTL_DFBIT			10
92 #define	IPSECCTL_ECN			11
93 #define	IPSECCTL_DEBUG			12
94 #define	IPSECCTL_ESP_RANDPAD		13
95 #define IPSECCTL_MAXID			14
96 
97 #define IPSECCTL_NAMES { \
98 	{ 0, 0 }, \
99 	{ 0, 0 }, \
100 	{ "def_policy", CTLTYPE_INT }, \
101 	{ "esp_trans_deflev", CTLTYPE_INT }, \
102 	{ "esp_net_deflev", CTLTYPE_INT }, \
103 	{ "ah_trans_deflev", CTLTYPE_INT }, \
104 	{ "ah_net_deflev", CTLTYPE_INT }, \
105 	{ 0, 0 }, \
106 	{ "ah_cleartos", CTLTYPE_INT }, \
107 	{ "ah_offsetmask", CTLTYPE_INT }, \
108 	{ "dfbit", CTLTYPE_INT }, \
109 	{ "ecn", CTLTYPE_INT }, \
110 	{ "debug", CTLTYPE_INT }, \
111 	{ "esp_randpad", CTLTYPE_INT }, \
112 }
113 
114 #define IPSEC6CTL_NAMES { \
115 	{ 0, 0 }, \
116 	{ 0, 0 }, \
117 	{ "def_policy", CTLTYPE_INT }, \
118 	{ "esp_trans_deflev", CTLTYPE_INT }, \
119 	{ "esp_net_deflev", CTLTYPE_INT }, \
120 	{ "ah_trans_deflev", CTLTYPE_INT }, \
121 	{ "ah_net_deflev", CTLTYPE_INT }, \
122 	{ 0, 0 }, \
123 	{ 0, 0 }, \
124 	{ 0, 0 }, \
125 	{ 0, 0 }, \
126 	{ "ecn", CTLTYPE_INT }, \
127 	{ "debug", CTLTYPE_INT }, \
128 	{ "esp_randpad", CTLTYPE_INT }, \
129 }
130 
131 #endif /* !_NETIPSEC_IPSEC_VAR_H_ */
132