/* $OpenBSD: ip_esp.h,v 1.37 2002/06/09 16:26:10 itojun Exp $ */1/*-2* The authors of this code are John Ioannidis ([email protected]),3* Angelos D. Keromytis ([email protected]) and4* Niels Provos ([email protected]).5*6* The original version of this code was written by John Ioannidis7* for BSD/OS in Athens, Greece, in November 1995.8*9* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,10* by Angelos D. Keromytis.11*12* Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis13* and Niels Provos.14*15* Additional features in 1999 by Angelos D. Keromytis.16*17* Copyright (C) 1995, 1996, 1997, 1998, 1999 by John Ioannidis,18* Angelos D. Keromytis and Niels Provos.19* Copyright (c) 2001 Angelos D. Keromytis.20*21* Permission to use, copy, and modify this software with or without fee22* is hereby granted, provided that this entire notice is included in23* all copies of any software which is or includes a copy or24* modification of this software.25* You may use this code under the GNU public license if you so wish. Please26* contribute changes back to the authors under this freer than GPL license27* so that we may further the use of strong encryption without limitations to28* all.29*30* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR31* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY32* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE33* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR34* PURPOSE.35*/3637#ifndef _NETIPSEC_ESP_VAR_H_38#define _NETIPSEC_ESP_VAR_H_3940/*41* These define the algorithm indices into the histogram. They're42* presently based on the PF_KEY v2 protocol values which is bogus;43* they should be decoupled from the protocol at which time we can44* pack them and reduce the size of the array to a reasonable value.45*/46#define ESP_ALG_MAX 256 /* NB: could be < but skipjack is 249 */4748struct espstat {49uint64_t esps_hdrops; /* Packet shorter than header shows */50uint64_t esps_nopf; /* Protocol family not supported */51uint64_t esps_notdb;52uint64_t esps_badkcr;53uint64_t esps_qfull;54uint64_t esps_noxform;55uint64_t esps_badilen;56uint64_t esps_wrap; /* Replay counter wrapped around */57uint64_t esps_badenc; /* Bad encryption detected */58uint64_t esps_badauth; /* Only valid for transforms with auth */59uint64_t esps_replay; /* Possible packet replay detected */60uint64_t esps_input; /* Input ESP packets */61uint64_t esps_output; /* Output ESP packets */62uint64_t esps_invalid; /* Trying to use an invalid TDB */63uint64_t esps_ibytes; /* Input bytes */64uint64_t esps_obytes; /* Output bytes */65uint64_t esps_toobig; /* Packet got larger than IP_MAXPACKET */66uint64_t esps_pdrops; /* Packet blocked due to policy */67uint64_t esps_crypto; /* Crypto processing failure */68uint64_t esps_tunnel; /* Tunnel sanity check failure */69uint64_t esps_hist[ESP_ALG_MAX]; /* Per-algorithm op count */70};7172#ifdef _KERNEL73#include <sys/counter.h>74#include <netinet/in_kdtrace.h>7576VNET_DECLARE(int, esp_enable);77VNET_DECLARE(int, esp_ctr_compatibility);78#define V_esp_ctr_compatibility VNET(esp_ctr_compatibility)79VNET_PCPUSTAT_DECLARE(struct espstat, espstat);8081#define ESPSTAT_ADD(name, val) \82do { \83MIB_SDT_PROBE1(esp, count, name, (val)); \84VNET_PCPUSTAT_ADD(struct espstat, espstat, name, (val)); \85} while (0)86#define ESPSTAT_INC(name) ESPSTAT_ADD(name, 1)87#define ESPSTAT_INC2(name, type) \88do { \89MIB_SDT_PROBE2(esp, count, name, 1, (type)); \90VNET_PCPUSTAT_ADD(struct espstat, espstat, name[type], 1); \91} while (0)9293#define V_esp_enable VNET(esp_enable)94#endif /* _KERNEL */95#endif /*_NETIPSEC_ESP_VAR_H_*/969798