NetBSD/sys/netipsec/ah_var.h
jonathan 740290313e Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4.
Fast-IPsec is a rework of the OpenBSD and KAME IPsec code, using the
OpenCryptoFramework (and thus hardware crypto accelerators) and
numerous detailed performance improvements.

This import is (aside from SPL-level names) the FreeBSD source,
imported ``as-is'' as a historical snapshot, for future maintenance
and comparison against the FreeBSD source.  For now, several minor
kernel-API differences are hidden by macros a shim file, ipsec_osdep.h,
which (aside from SPL names) can be targeted at either NetBSD or FreeBSD.
2003-08-13 20:06:49 +00:00

80 lines
3.0 KiB
C

/* $NetBSD: ah_var.h,v 1.1 2003/08/13 20:06:49 jonathan Exp $ */
/* $FreeBSD: src/sys/netipsec/ah_var.h,v 1.1.4.1 2003/01/24 05:11:35 sam Exp $ */
/* $OpenBSD: ip_ah.h,v 1.29 2002/06/09 16:26:10 itojun Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
* Niels Provos (provos@physnet.uni-hamburg.de).
*
* The original version of this code was written by John Ioannidis
* for BSD/OS in Athens, Greece, in November 1995.
*
* Ported to OpenBSD and NetBSD, with additional transforms, in December 1996,
* by Angelos D. Keromytis.
*
* Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis
* and Niels Provos.
*
* Additional features in 1999 by Angelos D. Keromytis.
*
* Copyright (C) 1995, 1996, 1997, 1998, 1999 John Ioannidis,
* Angelos D. Keromytis and Niels Provos.
* Copyright (c) 2001 Angelos D. Keromytis.
*
* Permission to use, copy, and modify this software with or without fee
* is hereby granted, provided that this entire notice is included in
* all copies of any software which is or includes a copy or
* modification of this software.
* You may use this code under the GNU public license if you so wish. Please
* contribute changes back to the authors under this freer than GPL license
* so that we may further the use of strong encryption without limitations to
* all.
*
* THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
* REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
* MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
* PURPOSE.
*/
#ifndef _NETIPSEC_AH_VAR_H_
#define _NETIPSEC_AH_VAR_H_
/*
* These define the algorithm indices into the histogram. They're
* presently based on the PF_KEY v2 protocol values which is bogus;
* they should be decoupled from the protocol at which time we can
* pack them and reduce the size of the array to a minimum.
*/
#define AH_ALG_MAX 16
struct ahstat {
u_int32_t ahs_hdrops; /* Packet shorter than header shows */
u_int32_t ahs_nopf; /* Protocol family not supported */
u_int32_t ahs_notdb;
u_int32_t ahs_badkcr;
u_int32_t ahs_badauth;
u_int32_t ahs_noxform;
u_int32_t ahs_qfull;
u_int32_t ahs_wrap;
u_int32_t ahs_replay;
u_int32_t ahs_badauthl; /* Bad authenticator length */
u_int32_t ahs_input; /* Input AH packets */
u_int32_t ahs_output; /* Output AH packets */
u_int32_t ahs_invalid; /* Trying to use an invalid TDB */
u_int64_t ahs_ibytes; /* Input bytes */
u_int64_t ahs_obytes; /* Output bytes */
u_int32_t ahs_toobig; /* Packet got larger than IP_MAXPACKET */
u_int32_t ahs_pdrops; /* Packet blocked due to policy */
u_int32_t ahs_crypto; /* Crypto processing failure */
u_int32_t ahs_tunnel; /* Tunnel sanity check failure */
u_int32_t ahs_hist[AH_ALG_MAX]; /* Per-algorithm op count */
};
#ifdef _KERNEL
extern int ah_enable;
extern int ah_cleartos;
extern struct ahstat ahstat;
#endif /* _KERNEL */
#endif /*_NETIPSEC_AH_VAR_H_*/