10Sstevel@tonic-gate /*
20Sstevel@tonic-gate * CDDL HEADER START
30Sstevel@tonic-gate *
40Sstevel@tonic-gate * The contents of this file are subject to the terms of the
53055Sdanmcd * Common Development and Distribution License (the "License").
63055Sdanmcd * You may not use this file except in compliance with the License.
70Sstevel@tonic-gate *
80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
100Sstevel@tonic-gate * See the License for the specific language governing permissions
110Sstevel@tonic-gate * and limitations under the License.
120Sstevel@tonic-gate *
130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
180Sstevel@tonic-gate *
190Sstevel@tonic-gate * CDDL HEADER END
200Sstevel@tonic-gate */
210Sstevel@tonic-gate /*
2210824SMark.Fenwick@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
230Sstevel@tonic-gate * Use is subject to license terms.
240Sstevel@tonic-gate */
250Sstevel@tonic-gate
260Sstevel@tonic-gate #include <sys/types.h>
270Sstevel@tonic-gate #include <sys/stream.h>
280Sstevel@tonic-gate #include <sys/strsun.h>
290Sstevel@tonic-gate #include <sys/sunddi.h>
300Sstevel@tonic-gate #include <sys/kstat.h>
310Sstevel@tonic-gate #include <sys/kmem.h>
3211042SErik.Nordmark@Sun.COM #include <sys/sdt.h>
330Sstevel@tonic-gate #include <net/pfkeyv2.h>
340Sstevel@tonic-gate #include <inet/common.h>
350Sstevel@tonic-gate #include <inet/ip.h>
360Sstevel@tonic-gate #include <inet/ip6.h>
373448Sdh155122 #include <inet/ipsec_impl.h>
380Sstevel@tonic-gate #include <inet/ipdrop.h>
390Sstevel@tonic-gate
400Sstevel@tonic-gate /*
410Sstevel@tonic-gate * Packet drop facility.
420Sstevel@tonic-gate */
430Sstevel@tonic-gate
440Sstevel@tonic-gate /*
450Sstevel@tonic-gate * Initialize drop facility kstats.
460Sstevel@tonic-gate */
470Sstevel@tonic-gate void
ip_drop_init(ipsec_stack_t * ipss)483448Sdh155122 ip_drop_init(ipsec_stack_t *ipss)
490Sstevel@tonic-gate {
503448Sdh155122 ipss->ipsec_ip_drop_kstat = kstat_create_netstack("ip", 0, "ipdrop",
513448Sdh155122 "net", KSTAT_TYPE_NAMED,
523448Sdh155122 sizeof (struct ip_dropstats) / sizeof (kstat_named_t),
533448Sdh155122 KSTAT_FLAG_PERSISTENT, ipss->ipsec_netstack->netstack_stackid);
540Sstevel@tonic-gate
553448Sdh155122 if (ipss->ipsec_ip_drop_kstat == NULL ||
563448Sdh155122 ipss->ipsec_ip_drop_kstat->ks_data == NULL)
570Sstevel@tonic-gate return;
580Sstevel@tonic-gate
593448Sdh155122 /*
603448Sdh155122 * Note: here ipss->ipsec_ip_drop_types is initialized, however,
613448Sdh155122 * if the previous kstat_create_netstack failed, it will remain
623448Sdh155122 * NULL. Note this is done for all stack instances, so it *could*
633448Sdh155122 * be NULL. Hence a non-NULL checking is added where
643448Sdh155122 * ipss->ipsec_ip_drop_types is used. This checking is hidden in
653448Sdh155122 * the DROPPER macro.
663448Sdh155122 */
673448Sdh155122 ipss->ipsec_ip_drop_types = ipss->ipsec_ip_drop_kstat->ks_data;
680Sstevel@tonic-gate
690Sstevel@tonic-gate /* TCP IPsec drop statistics. */
703448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_tcp_clear,
713448Sdh155122 "tcp_clear", KSTAT_DATA_UINT64);
723448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_tcp_secure,
733448Sdh155122 "tcp_secure", KSTAT_DATA_UINT64);
743448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_tcp_mismatch,
753448Sdh155122 "tcp_mismatch", KSTAT_DATA_UINT64);
763448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_tcp_ipsec_alloc,
773448Sdh155122 "tcp_ipsec_alloc", KSTAT_DATA_UINT64);
780Sstevel@tonic-gate
790Sstevel@tonic-gate /* SADB-specific drop statistics. */
803448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_sadb_inlarval_timeout,
810Sstevel@tonic-gate "sadb_inlarval_timeout", KSTAT_DATA_UINT64);
823448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_sadb_inlarval_replace,
830Sstevel@tonic-gate "sadb_inlarval_replace", KSTAT_DATA_UINT64);
847749SThejaswini.Singarajipura@Sun.COM kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_sadb_inidle_overflow,
857749SThejaswini.Singarajipura@Sun.COM "sadb_inidle_overflow", KSTAT_DATA_UINT64);
867749SThejaswini.Singarajipura@Sun.COM kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_sadb_inidle_timeout,
877749SThejaswini.Singarajipura@Sun.COM "sadb_inidle_timeout", KSTAT_DATA_UINT64);
883448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_sadb_acquire_nomem,
890Sstevel@tonic-gate "sadb_acquire_nomem", KSTAT_DATA_UINT64);
903448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_sadb_acquire_toofull,
910Sstevel@tonic-gate "sadb_acquire_toofull", KSTAT_DATA_UINT64);
923448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_sadb_acquire_timeout,
930Sstevel@tonic-gate "sadb_acquire_timeout", KSTAT_DATA_UINT64);
940Sstevel@tonic-gate
950Sstevel@tonic-gate /* SPD drop statistics. */
963448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_ahesp_diffid,
973448Sdh155122 "spd_ahesp_diffid", KSTAT_DATA_UINT64);
983448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_loopback_mismatch,
990Sstevel@tonic-gate "spd_loopback_mismatch", KSTAT_DATA_UINT64);
1003448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_explicit,
1013448Sdh155122 "spd_explicit", KSTAT_DATA_UINT64);
1023448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_got_secure,
1033448Sdh155122 "spd_got_secure", KSTAT_DATA_UINT64);
1043448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_got_clear,
1053448Sdh155122 "spd_got_clear", KSTAT_DATA_UINT64);
1063448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_bad_ahalg,
1073448Sdh155122 "spd_bad_ahalg", KSTAT_DATA_UINT64);
1083448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_got_ah,
1093448Sdh155122 "spd_got_ah", KSTAT_DATA_UINT64);
1103448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_bad_espealg,
1113448Sdh155122 "spd_bad_espealg", KSTAT_DATA_UINT64);
1123448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_bad_espaalg,
1133448Sdh155122 "spd_bad_espaalg", KSTAT_DATA_UINT64);
1143448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_got_esp,
1153448Sdh155122 "spd_got_esp", KSTAT_DATA_UINT64);
1163448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_got_selfencap,
1173448Sdh155122 "spd_got_selfencap", KSTAT_DATA_UINT64);
1183448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_bad_selfencap,
1193448Sdh155122 "spd_bad_selfencap", KSTAT_DATA_UINT64);
1203448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_nomem,
1213448Sdh155122 "spd_nomem", KSTAT_DATA_UINT64);
1223448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_ah_badid,
1233448Sdh155122 "spd_ah_badid", KSTAT_DATA_UINT64);
1243448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_ah_innermismatch,
125691Ssommerfe "spd_ah_innermismatch", KSTAT_DATA_UINT64);
1263448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_esp_innermismatch,
127691Ssommerfe "spd_esp_innermismatch", KSTAT_DATA_UINT64);
1283448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_esp_badid,
1293448Sdh155122 "spd_esp_badid", KSTAT_DATA_UINT64);
1303448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_no_policy,
1313448Sdh155122 "spd_no_policy", KSTAT_DATA_UINT64);
1323448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_malformed_packet,
1333448Sdh155122 "spd_malformed_packet", KSTAT_DATA_UINT64);
1343448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_malformed_frag,
1353448Sdh155122 "spd_malformed_frag", KSTAT_DATA_UINT64);
1363448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_overlap_frag,
1373448Sdh155122 "spd_overlap_frag", KSTAT_DATA_UINT64);
1383448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_evil_frag,
1393448Sdh155122 "spd_evil_frag", KSTAT_DATA_UINT64);
1403448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_max_frags,
1413448Sdh155122 "spd_max_frags", KSTAT_DATA_UINT64);
142*11305SPaul.Wernau@Sun.COM kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_spd_expired_frags,
143*11305SPaul.Wernau@Sun.COM "spd_expired_frags", KSTAT_DATA_UINT64);
1440Sstevel@tonic-gate
1450Sstevel@tonic-gate /* ESP-specific drop statistics. */
1460Sstevel@tonic-gate
1473448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_nomem,
1483448Sdh155122 "esp_nomem", KSTAT_DATA_UINT64);
1493448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_no_sa,
1503448Sdh155122 "esp_no_sa", KSTAT_DATA_UINT64);
1513448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_early_replay,
1523448Sdh155122 "esp_early_replay", KSTAT_DATA_UINT64);
1533448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_replay,
1543448Sdh155122 "esp_replay", KSTAT_DATA_UINT64);
1553448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_bytes_expire,
1563448Sdh155122 "esp_bytes_expire", KSTAT_DATA_UINT64);
1573448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_bad_padlen,
1583448Sdh155122 "esp_bad_padlen", KSTAT_DATA_UINT64);
1593448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_bad_padding,
1603448Sdh155122 "esp_bad_padding", KSTAT_DATA_UINT64);
1613448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_bad_auth,
1623448Sdh155122 "esp_bad_auth", KSTAT_DATA_UINT64);
1633448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_crypto_failed,
1643448Sdh155122 "esp_crypto_failed", KSTAT_DATA_UINT64);
1653448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_icmp,
1663448Sdh155122 "esp_icmp", KSTAT_DATA_UINT64);
1674987Sdanmcd kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_nat_t_ipsec,
1684987Sdanmcd "esp_nat_t_ipsec", KSTAT_DATA_UINT64);
1694987Sdanmcd kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_nat_t_ka,
1704987Sdanmcd "esp_nat_t_ka", KSTAT_DATA_UINT64);
17110824SMark.Fenwick@Sun.COM kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_esp_iv_wrap,
17210824SMark.Fenwick@Sun.COM "esp_iv_wrap", KSTAT_DATA_UINT64);
1730Sstevel@tonic-gate
1740Sstevel@tonic-gate /* AH-specific drop statistics. */
1753448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ah_nomem,
1763448Sdh155122 "ah_nomem", KSTAT_DATA_UINT64);
1773448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ah_bad_v6_hdrs,
1783448Sdh155122 "ah_bad_v6_hdrs", KSTAT_DATA_UINT64);
1793448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ah_bad_v4_opts,
1803448Sdh155122 "ah_bad_v4_opts", KSTAT_DATA_UINT64);
1813448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ah_no_sa,
1823448Sdh155122 "ah_no_sa", KSTAT_DATA_UINT64);
1833448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ah_bad_length,
1843448Sdh155122 "ah_bad_length", KSTAT_DATA_UINT64);
1853448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ah_bad_auth,
1863448Sdh155122 "ah_bad_auth", KSTAT_DATA_UINT64);
1873448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ah_crypto_failed,
1883448Sdh155122 "ah_crypto_failed", KSTAT_DATA_UINT64);
1893448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ah_early_replay,
1903448Sdh155122 "ah_early_replay", KSTAT_DATA_UINT64);
1913448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ah_replay,
1923448Sdh155122 "ah_replay", KSTAT_DATA_UINT64);
1933448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ah_bytes_expire,
1943448Sdh155122 "ah_bytes_expire", KSTAT_DATA_UINT64);
1950Sstevel@tonic-gate
1960Sstevel@tonic-gate /* IP-specific drop statistics. */
1973448Sdh155122 kstat_named_init(&ipss->ipsec_ip_drop_types->ipds_ip_ipsec_not_loaded,
1983448Sdh155122 "ip_ipsec_not_loaded", KSTAT_DATA_UINT64);
1990Sstevel@tonic-gate
2003448Sdh155122 kstat_install(ipss->ipsec_ip_drop_kstat);
2010Sstevel@tonic-gate }
2020Sstevel@tonic-gate
2030Sstevel@tonic-gate void
ip_drop_destroy(ipsec_stack_t * ipss)2043448Sdh155122 ip_drop_destroy(ipsec_stack_t *ipss)
2050Sstevel@tonic-gate {
2063448Sdh155122 kstat_delete_netstack(ipss->ipsec_ip_drop_kstat,
2073448Sdh155122 ipss->ipsec_netstack->netstack_stackid);
2083448Sdh155122 ipss->ipsec_ip_drop_kstat = NULL;
2093448Sdh155122 ipss->ipsec_ip_drop_types = NULL;
2100Sstevel@tonic-gate }
2110Sstevel@tonic-gate
2120Sstevel@tonic-gate /*
2130Sstevel@tonic-gate * Register a packet dropper.
2140Sstevel@tonic-gate */
2150Sstevel@tonic-gate void
ip_drop_register(ipdropper_t * ipd,char * name)2160Sstevel@tonic-gate ip_drop_register(ipdropper_t *ipd, char *name)
2170Sstevel@tonic-gate {
2180Sstevel@tonic-gate if (ipd->ipd_name != NULL) {
2190Sstevel@tonic-gate cmn_err(CE_WARN,
2200Sstevel@tonic-gate "ip_drop_register: ipdropper %s already registered with %s",
2210Sstevel@tonic-gate name, ipd->ipd_name);
2220Sstevel@tonic-gate return;
2230Sstevel@tonic-gate }
2240Sstevel@tonic-gate
2250Sstevel@tonic-gate /* Assume that name is reasonable in length. This isn't user-land. */
2260Sstevel@tonic-gate ipd->ipd_name = kmem_alloc(strlen(name) + 1, KM_SLEEP);
2270Sstevel@tonic-gate (void) strcpy(ipd->ipd_name, name);
2280Sstevel@tonic-gate }
2290Sstevel@tonic-gate
2300Sstevel@tonic-gate /*
2310Sstevel@tonic-gate * Un-register a packet dropper.
2320Sstevel@tonic-gate */
2330Sstevel@tonic-gate void
ip_drop_unregister(ipdropper_t * ipd)2340Sstevel@tonic-gate ip_drop_unregister(ipdropper_t *ipd)
2350Sstevel@tonic-gate {
2363448Sdh155122 if (ipd->ipd_name == NULL) {
2373448Sdh155122 cmn_err(CE_WARN,
2383448Sdh155122 "ip_drop_unregister: not registered (%p)\n",
2393448Sdh155122 (void *)ipd);
2403448Sdh155122 return;
2413448Sdh155122 }
2420Sstevel@tonic-gate kmem_free(ipd->ipd_name, strlen(ipd->ipd_name) + 1);
2430Sstevel@tonic-gate
2440Sstevel@tonic-gate ipd->ipd_name = NULL;
2450Sstevel@tonic-gate }
2460Sstevel@tonic-gate
2470Sstevel@tonic-gate /*
2480Sstevel@tonic-gate * Actually drop a packet. Many things could happen here, but at the least,
2490Sstevel@tonic-gate * the packet will be freemsg()ed.
2500Sstevel@tonic-gate */
2510Sstevel@tonic-gate void
ip_drop_packet(mblk_t * mp,boolean_t inbound,ill_t * ill,struct kstat_named * counter,ipdropper_t * who_called)25211042SErik.Nordmark@Sun.COM ip_drop_packet(mblk_t *mp, boolean_t inbound, ill_t *ill,
25311042SErik.Nordmark@Sun.COM struct kstat_named *counter, ipdropper_t *who_called)
2540Sstevel@tonic-gate {
25511042SErik.Nordmark@Sun.COM char *str;
2560Sstevel@tonic-gate
2570Sstevel@tonic-gate if (mp == NULL) {
2580Sstevel@tonic-gate /*
2590Sstevel@tonic-gate * Return immediately - NULL packets should not affect any
2600Sstevel@tonic-gate * statistics.
2610Sstevel@tonic-gate */
2620Sstevel@tonic-gate return;
2630Sstevel@tonic-gate }
2640Sstevel@tonic-gate
26511042SErik.Nordmark@Sun.COM ASSERT(mp->b_datap->db_type == M_DATA);
2660Sstevel@tonic-gate
2670Sstevel@tonic-gate /* Increment the bean counter, if available. */
2680Sstevel@tonic-gate if (counter != NULL) {
2690Sstevel@tonic-gate switch (counter->data_type) {
2700Sstevel@tonic-gate case KSTAT_DATA_INT32:
2710Sstevel@tonic-gate counter->value.i32++;
2720Sstevel@tonic-gate break;
2730Sstevel@tonic-gate case KSTAT_DATA_UINT32:
2740Sstevel@tonic-gate counter->value.ui32++;
2750Sstevel@tonic-gate break;
2760Sstevel@tonic-gate case KSTAT_DATA_INT64:
2770Sstevel@tonic-gate counter->value.i64++;
2780Sstevel@tonic-gate break;
2790Sstevel@tonic-gate case KSTAT_DATA_UINT64:
2800Sstevel@tonic-gate counter->value.ui64++;
2810Sstevel@tonic-gate break;
2820Sstevel@tonic-gate /* Other types we can't handle for now. */
2830Sstevel@tonic-gate }
2840Sstevel@tonic-gate }
2850Sstevel@tonic-gate
28611042SErik.Nordmark@Sun.COM if (counter != NULL)
28711042SErik.Nordmark@Sun.COM str = counter->name;
28811042SErik.Nordmark@Sun.COM else if (who_called != NULL)
28911042SErik.Nordmark@Sun.COM str = who_called->ipd_name;
29011042SErik.Nordmark@Sun.COM else
29111042SErik.Nordmark@Sun.COM str = "Unspecified IPsec drop";
29211042SErik.Nordmark@Sun.COM
29311042SErik.Nordmark@Sun.COM if (inbound)
29411042SErik.Nordmark@Sun.COM ip_drop_input(str, mp, ill);
29511042SErik.Nordmark@Sun.COM else
29611042SErik.Nordmark@Sun.COM ip_drop_output(str, mp, ill);
29711042SErik.Nordmark@Sun.COM
2980Sstevel@tonic-gate /* TODO: queue the packet onto a snoop-friendly queue. */
2990Sstevel@tonic-gate
3003055Sdanmcd /*
3013055Sdanmcd * ASSERT this isn't a b_next linked mblk chain where a
3023055Sdanmcd * chained dropper should be used instead
3033055Sdanmcd */
3043055Sdanmcd ASSERT(mp->b_prev == NULL && mp->b_next == NULL);
3050Sstevel@tonic-gate freemsg(mp);
3060Sstevel@tonic-gate }
30711042SErik.Nordmark@Sun.COM
30811042SErik.Nordmark@Sun.COM /*
30911042SErik.Nordmark@Sun.COM * This is just a convinient place for dtrace to see dropped packets
31011042SErik.Nordmark@Sun.COM */
31111042SErik.Nordmark@Sun.COM /*ARGSUSED*/
31211042SErik.Nordmark@Sun.COM void
ip_drop_input(char * str,mblk_t * mp,ill_t * ill)31311042SErik.Nordmark@Sun.COM ip_drop_input(char *str, mblk_t *mp, ill_t *ill)
31411042SErik.Nordmark@Sun.COM {
31511042SErik.Nordmark@Sun.COM if (mp == NULL)
31611042SErik.Nordmark@Sun.COM return;
31711042SErik.Nordmark@Sun.COM
31811042SErik.Nordmark@Sun.COM if (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION) {
31911042SErik.Nordmark@Sun.COM ipha_t *ipha = (ipha_t *)mp->b_rptr;
32011042SErik.Nordmark@Sun.COM
32111042SErik.Nordmark@Sun.COM DTRACE_IP7(drop__in, mblk_t *, mp, conn_t *, NULL, void_ip_t *,
32211042SErik.Nordmark@Sun.COM ipha, __dtrace_ipsr_ill_t *, ill, ipha_t *, ipha,
32311042SErik.Nordmark@Sun.COM ip6_t *, NULL, int, 0);
32411042SErik.Nordmark@Sun.COM } else {
32511042SErik.Nordmark@Sun.COM ip6_t *ip6h = (ip6_t *)mp->b_rptr;
32611042SErik.Nordmark@Sun.COM
32711042SErik.Nordmark@Sun.COM DTRACE_IP7(drop__in, mblk_t *, mp, conn_t *, NULL, void_ip_t *,
32811042SErik.Nordmark@Sun.COM ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL,
32911042SErik.Nordmark@Sun.COM ip6_t *, ip6h, int, 0);
33011042SErik.Nordmark@Sun.COM }
33111042SErik.Nordmark@Sun.COM }
33211042SErik.Nordmark@Sun.COM
33311042SErik.Nordmark@Sun.COM /*ARGSUSED*/
33411042SErik.Nordmark@Sun.COM void
ip_drop_output(char * str,mblk_t * mp,ill_t * ill)33511042SErik.Nordmark@Sun.COM ip_drop_output(char *str, mblk_t *mp, ill_t *ill)
33611042SErik.Nordmark@Sun.COM {
33711042SErik.Nordmark@Sun.COM if (mp == NULL)
33811042SErik.Nordmark@Sun.COM return;
33911042SErik.Nordmark@Sun.COM
34011042SErik.Nordmark@Sun.COM if (IPH_HDR_VERSION(mp->b_rptr) == IPV4_VERSION) {
34111042SErik.Nordmark@Sun.COM ipha_t *ipha = (ipha_t *)mp->b_rptr;
34211042SErik.Nordmark@Sun.COM
34311042SErik.Nordmark@Sun.COM DTRACE_IP7(drop__out, mblk_t *, mp, conn_t *, NULL, void_ip_t *,
34411042SErik.Nordmark@Sun.COM ipha, __dtrace_ipsr_ill_t *, ill, ipha_t *, ipha,
34511042SErik.Nordmark@Sun.COM ip6_t *, NULL, int, 0);
34611042SErik.Nordmark@Sun.COM } else {
34711042SErik.Nordmark@Sun.COM ip6_t *ip6h = (ip6_t *)mp->b_rptr;
34811042SErik.Nordmark@Sun.COM
34911042SErik.Nordmark@Sun.COM DTRACE_IP7(drop__out, mblk_t *, mp, conn_t *, NULL, void_ip_t *,
35011042SErik.Nordmark@Sun.COM ip6h, __dtrace_ipsr_ill_t *, ill, ipha_t *, NULL,
35111042SErik.Nordmark@Sun.COM ip6_t *, ip6h, int, 0);
35211042SErik.Nordmark@Sun.COM }
35311042SErik.Nordmark@Sun.COM }
354