1
/*	$OpenBSD: ip_ah.h,v 1.29 2002/06/09 16:26:10 itojun Exp $	*/
2
/*-
3
 * The authors of this code are John Ioannidis ([email protected]),
4
 * Angelos D. Keromytis ([email protected]) and
5
 * Niels Provos ([email protected]).
6
 *
7
 * The original version of this code was written by John Ioannidis
8
 * for BSD/OS in Athens, Greece, in November 1995.
9
 *
10
 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
11
 * by Angelos D. Keromytis.
12
 *
13
 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
14
 * and Niels Provos.
15
 *
16
 * Additional features in 1999 by Angelos D. Keromytis.
17
 *
18
 * Copyright (C) 1995, 1996, 1997, 1998, 1999 John Ioannidis,
19
 * Angelos D. Keromytis and Niels Provos.
20
 * Copyright (c) 2001 Angelos D. Keromytis.
21
 *
22
 * Permission to use, copy, and modify this software with or without fee
23
 * is hereby granted, provided that this entire notice is included in
24
 * all copies of any software which is or includes a copy or
25
 * modification of this software.
26
 * You may use this code under the GNU public license if you so wish. Please
27
 * contribute changes back to the authors under this freer than GPL license
28
 * so that we may further the use of strong encryption without limitations to
29
 * all.
30
 *
31
 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
32
 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
33
 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
34
 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
35
 * PURPOSE.
36
 */
37

38
#ifndef _NETIPSEC_AH_VAR_H_
39
#define _NETIPSEC_AH_VAR_H_
40

41
/*
42
 * These define the algorithm indices into the histogram.  They're
43
 * presently based on the PF_KEY v2 protocol values which is bogus;
44
 * they should be decoupled from the protocol at which time we can
45
 * pack them and reduce the size of the array to a minimum.
46
 */
47
#define	AH_ALG_MAX	16
48

49
struct ahstat {
50
	uint64_t	ahs_hdrops;	/* Packet shorter than header shows */
51
	uint64_t	ahs_nopf;	/* Protocol family not supported */
52
	uint64_t	ahs_notdb;
53
	uint64_t	ahs_badkcr;
54
	uint64_t	ahs_badauth;
55
	uint64_t	ahs_noxform;
56
	uint64_t	ahs_qfull;
57
	uint64_t	ahs_wrap;
58
	uint64_t	ahs_replay;
59
	uint64_t	ahs_badauthl;	/* Bad authenticator length */
60
	uint64_t	ahs_input;	/* Input AH packets */
61
	uint64_t	ahs_output;	/* Output AH packets */
62
	uint64_t	ahs_invalid;	/* Trying to use an invalid TDB */
63
	uint64_t	ahs_ibytes;	/* Input bytes */
64
	uint64_t	ahs_obytes;	/* Output bytes */
65
	uint64_t	ahs_toobig;	/* Packet got larger than IP_MAXPACKET */
66
	uint64_t	ahs_pdrops;	/* Packet blocked due to policy */
67
	uint64_t	ahs_crypto;	/* Crypto processing failure */
68
	uint64_t	ahs_tunnel;	/* Tunnel sanity check failure */
69
	uint64_t	ahs_hist[AH_ALG_MAX];	/* Per-algorithm op count */
70
};
71

72
#ifdef _KERNEL
73
#include <sys/counter.h>
74
#include <netinet/in_kdtrace.h>
75

76
VNET_DECLARE(int, ah_enable);
77
VNET_DECLARE(int, ah_cleartos);
78
VNET_PCPUSTAT_DECLARE(struct ahstat, ahstat);
79

80
#define AHSTAT_ADD(name, val)                                          \
81
	do {                                                           \
82
		MIB_SDT_PROBE1(ah, count, name, (val));                \
83
		VNET_PCPUSTAT_ADD(struct ahstat, ahstat, name, (val)); \
84
	} while (0)
85
#define AHSTAT_INC2(name, type)                                          \
86
	do {                                                             \
87
		MIB_SDT_PROBE2(ah, count, name, 1, (type));              \
88
		VNET_PCPUSTAT_ADD(struct ahstat, ahstat, name[type], 1); \
89
	} while (0)
90
#define	AHSTAT_INC(name)	AHSTAT_ADD(name, 1)
91
#define	V_ah_enable		VNET(ah_enable)
92
#define	V_ah_cleartos		VNET(ah_cleartos)
93
#endif /* _KERNEL */
94
#endif /*_NETIPSEC_AH_VAR_H_*/
95

96