1 /*	$NetBSD: ipsec_var.h,v 1.5 2008/04/23 06:09:05 thorpej Exp $ */
2 /*	$FreeBSD: src/sys/netipsec/ipsec.h,v 1.2.4.2 2004/02/14 22:23:23 bms Exp $	*/
3 
4 /*-
5  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * $FreeBSD: src/tools/tools/crypto/ipsecstats.c,v 1.1.4.1 2003/06/03 00:13:13 sam Exp $
30  */
31 
32 #ifndef _NETIPSEC_IPSEC_VAR_H_
33 #define _NETIPSEC_IPSEC_VAR_H_
34 
35 /*
36  * statistics for ipsec processing
37  * Each counter is an unsigned 64-bit value.
38  */
39 #define	IPSEC_STAT_IN_POLVIO	0	/* input: sec policy violation */
40 #define	IPSEC_STAT_OUT_POLVIO	1	/* output: sec policy violation */
41 #define	IPSEC_STAT_OUT_NOSA	2	/* output: SA unavailable */
42 #define	IPSEC_STAT_OUT_NOMEM	3	/* output: no memory available */
43 #define	IPSEC_STAT_OUT_NOROUTE	4	/* output: no route available */
44 #define	IPSEC_STAT_OUT_INVAL	5	/* output: generic error */
45 #define	IPSEC_STAT_OUT_BUNDLESA	6	/* output: bundled SA processed */
46 #define	IPSEC_STAT_MBCOALESCED	7	/* mbufs coalesced during clone */
47 #define	IPSEC_STAT_CLCOALESCED	8	/* clusters coalesced during clone */
48 #define	IPSEC_STAT_CLCOPIED	9	/* clusters copied during clone */
49 #define	IPSEC_STAT_MBINSERTED	10	/* mbufs inserted during makespace */
50 #define	IPSEC_STAT_SPDCACHELOOKUP 11
51 #define	IPSEC_STAT_SPDCACHEMISS	12
52 #define	IPSEC_STAT_INPUT_FRONT	13
53 #define	IPSEC_STAT_INPUT_MIDDLE	14
54 #define	IPSEC_STAT_INPUT_END	15
55 
56 #define	IPSEC_NSTATS		16
57 
58 /*
59  * Definitions for IPsec & Key sysctl operations.
60  */
61 /*
62  * Names for IPsec & Key sysctl objects
63  */
64 #define IPSECCTL_STATS			1	/* KAME compat stats */
65 #define IPSECCTL_DEF_POLICY		2
66 #define IPSECCTL_DEF_ESP_TRANSLEV	3	/* int; ESP transport mode */
67 #define IPSECCTL_DEF_ESP_NETLEV		4	/* int; ESP tunnel mode */
68 #define IPSECCTL_DEF_AH_TRANSLEV	5	/* int; AH transport mode */
69 #define IPSECCTL_DEF_AH_NETLEV		6	/* int; AH tunnel mode */
70 #if 0	/* obsolete, do not reuse */
71 #define IPSECCTL_INBOUND_CALL_IKE	7
72 #endif
73 #define	IPSECCTL_AH_CLEARTOS		8
74 #define	IPSECCTL_AH_OFFSETMASK		9
75 #define	IPSECCTL_DFBIT			10
76 #define	IPSECCTL_ECN			11
77 #define	IPSECCTL_DEBUG			12
78 #define	IPSECCTL_ESP_RANDPAD		13
79 #define IPSECCTL_MAXID			14
80 
81 #define IPSECCTL_NAMES { \
82 	{ 0, 0 }, \
83 	{ 0, 0 }, \
84 	{ "def_policy", CTLTYPE_INT }, \
85 	{ "esp_trans_deflev", CTLTYPE_INT }, \
86 	{ "esp_net_deflev", CTLTYPE_INT }, \
87 	{ "ah_trans_deflev", CTLTYPE_INT }, \
88 	{ "ah_net_deflev", CTLTYPE_INT }, \
89 	{ 0, 0 }, \
90 	{ "ah_cleartos", CTLTYPE_INT }, \
91 	{ "ah_offsetmask", CTLTYPE_INT }, \
92 	{ "dfbit", CTLTYPE_INT }, \
93 	{ "ecn", CTLTYPE_INT }, \
94 	{ "debug", CTLTYPE_INT }, \
95 	{ "esp_randpad", CTLTYPE_INT }, \
96 }
97 
98 #define IPSEC6CTL_NAMES { \
99 	{ 0, 0 }, \
100 	{ 0, 0 }, \
101 	{ "def_policy", CTLTYPE_INT }, \
102 	{ "esp_trans_deflev", CTLTYPE_INT }, \
103 	{ "esp_net_deflev", CTLTYPE_INT }, \
104 	{ "ah_trans_deflev", CTLTYPE_INT }, \
105 	{ "ah_net_deflev", CTLTYPE_INT }, \
106 	{ 0, 0 }, \
107 	{ 0, 0 }, \
108 	{ 0, 0 }, \
109 	{ 0, 0 }, \
110 	{ "ecn", CTLTYPE_INT }, \
111 	{ "debug", CTLTYPE_INT }, \
112 	{ "esp_randpad", CTLTYPE_INT }, \
113 }
114 
115 #endif /* !_NETIPSEC_IPSEC_VAR_H_ */
116