Print this page
Bayard's initial drop, needs finishing, or at least testing.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/inet/ipsecesp.h
+++ new/usr/src/uts/common/inet/ipsecesp.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
|
↓ open down ↓ |
13 lines elided |
↑ open up ↑ |
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 + * Copyright (c) 2012 Nexenta Systems, Inc. All rights reserved.
24 25 */
25 26
26 27 #ifndef _INET_IPSECESP_H
27 28 #define _INET_IPSECESP_H
28 29
29 30 #include <inet/ip.h>
30 31 #include <inet/ipdrop.h>
31 32
32 33 #ifdef __cplusplus
33 34 extern "C" {
34 35 #endif
35 36
36 37 #ifdef _KERNEL
|
↓ open down ↓ |
3 lines elided |
↑ open up ↑ |
37 38
38 39 /* Named Dispatch Parameter Management Structure */
39 40 typedef struct ipsecespparam_s {
40 41 uint_t ipsecesp_param_min;
41 42 uint_t ipsecesp_param_max;
42 43 uint_t ipsecesp_param_value;
43 44 char *ipsecesp_param_name;
44 45 } ipsecespparam_t;
45 46
46 47 /*
48 + * Stats. This may eventually become a full-blown SNMP MIB once that spec
49 + * stabilizes.
50 + */
51 +
52 +typedef struct esp_kstats_s {
53 + kstat_named_t esp_stat_num_aalgs;
54 + kstat_named_t esp_stat_good_auth;
55 + kstat_named_t esp_stat_bad_auth;
56 + kstat_named_t esp_stat_bad_padding;
57 + kstat_named_t esp_stat_replay_failures;
58 + kstat_named_t esp_stat_replay_early_failures;
59 + kstat_named_t esp_stat_keysock_in;
60 + kstat_named_t esp_stat_out_requests;
61 + kstat_named_t esp_stat_acquire_requests;
62 + kstat_named_t esp_stat_bytes_expired;
63 + kstat_named_t esp_stat_out_discards;
64 + kstat_named_t esp_stat_crypto_sync;
65 + kstat_named_t esp_stat_crypto_async;
66 + kstat_named_t esp_stat_crypto_failures;
67 + kstat_named_t esp_stat_num_ealgs;
68 + kstat_named_t esp_stat_bad_decrypt;
69 + kstat_named_t esp_stat_sa_port_renumbers;
70 +} esp_kstats_t;
71 +
72 +/*
73 + * espstack->esp_kstats is equal to espstack->esp_ksp->ks_data if
74 + * kstat_create_netstack for espstack->esp_ksp succeeds, but when it
75 + * fails, it will be NULL. Note this is done for all stack instances,
76 + * so it *could* fail. hence a non-NULL checking is done for
77 + * ESP_BUMP_STAT and ESP_DEBUMP_STAT
78 + */
79 +#define ESP_BUMP_STAT(espstack, x) \
80 +do { \
81 + if (espstack->esp_kstats != NULL) \
82 + (espstack->esp_kstats->esp_stat_ ## x).value.ui64++; \
83 +_NOTE(CONSTCOND) \
84 +} while (0)
85 +
86 +#define ESP_DEBUMP_STAT(espstack, x) \
87 +do { \
88 + if (espstack->esp_kstats != NULL) \
89 + (espstack->esp_kstats->esp_stat_ ## x).value.ui64--; \
90 +_NOTE(CONSTCOND) \
91 +} while (0)
92 +
93 +/*
47 94 * IPSECESP stack instances
48 95 */
49 96 struct ipsecesp_stack {
50 97 netstack_t *ipsecesp_netstack; /* Common netstack */
51 98
52 99 caddr_t ipsecesp_g_nd;
53 100 struct ipsecespparam_s *ipsecesp_params;
54 101 kmutex_t ipsecesp_param_lock; /* Protects params */
55 102
56 103 /* Packet dropper for ESP drops. */
57 104 ipdropper_t esp_dropper;
58 105
59 106 kstat_t *esp_ksp;
60 107 struct esp_kstats_s *esp_kstats;
61 108
62 109 /*
63 110 * Keysock instance of ESP. There can be only one per stack instance.
64 111 * Use casptr() on this because I don't set it until KEYSOCK_HELLO
|
↓ open down ↓ |
8 lines elided |
↑ open up ↑ |
65 112 * comes down.
66 113 * Paired up with the esp_pfkey_q is the esp_event, which will age SAs.
67 114 */
68 115 queue_t *esp_pfkey_q;
69 116 timeout_id_t esp_event;
70 117
71 118 sadbp_t esp_sadb;
72 119 };
73 120 typedef struct ipsecesp_stack ipsecesp_stack_t;
74 121
75 -/* Define *this* NDD variable here because we use it outside ESP proper. */
122 +#define ipsecesp_debug ipsecesp_params[0].ipsecesp_param_value
123 +#define ipsecesp_age_interval ipsecesp_params[1].ipsecesp_param_value
124 +#define ipsecesp_age_int_max ipsecesp_params[1].ipsecesp_param_max
125 +#define ipsecesp_reap_delay ipsecesp_params[2].ipsecesp_param_value
126 +#define ipsecesp_replay_size ipsecesp_params[3].ipsecesp_param_value
127 +#define ipsecesp_acquire_timeout \
128 + ipsecesp_params[4].ipsecesp_param_value
129 +#define ipsecesp_larval_timeout \
130 + ipsecesp_params[5].ipsecesp_param_value
131 +#define ipsecesp_default_soft_bytes \
132 + ipsecesp_params[6].ipsecesp_param_value
133 +#define ipsecesp_default_hard_bytes \
134 + ipsecesp_params[7].ipsecesp_param_value
135 +#define ipsecesp_default_soft_addtime \
136 + ipsecesp_params[8].ipsecesp_param_value
137 +#define ipsecesp_default_hard_addtime \
138 + ipsecesp_params[9].ipsecesp_param_value
139 +#define ipsecesp_default_soft_usetime \
140 + ipsecesp_params[10].ipsecesp_param_value
141 +#define ipsecesp_default_hard_usetime \
142 + ipsecesp_params[11].ipsecesp_param_value
143 +#define ipsecesp_log_unknown_spi \
144 + ipsecesp_params[12].ipsecesp_param_value
145 +#define ipsecesp_padding_check \
146 + ipsecesp_params[13].ipsecesp_param_value
76 147 #define ipsecesp_nat_keepalive_interval \
77 148 ipsecesp_params[14].ipsecesp_param_value
78 149
79 150 #endif /* _KERNEL */
80 151
81 152 /*
82 153 * For now, only provide "aligned" version of header.
83 154 * If aligned version is needed, we'll go with the naming conventions then.
84 155 */
85 156
86 157 typedef struct esph {
87 158 uint32_t esph_spi;
88 159 uint32_t esph_replay;
89 160 } esph_t;
90 161
91 162 /* No need for "old" ESP, just point a uint32_t *. */
92 163
93 164 #ifdef __cplusplus
94 165 }
95 166 #endif
96 167
97 168 #endif /* _INET_IPSECESP_H */
|
↓ open down ↓ |
12 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX