2 * sysctl interface to net IPSEC subsystem.
3 * Copyright (C) 1998, 1999, 2000, 2001 Richard Guy Briggs.
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * RCSID $Id: sysctl_net_ipsec.c,v 1.13 2002/01/12 02:58:32 mcr Exp $
20 * Initiated April 3, 1998, Richard Guy Briggs <rgb@conscoop.ottawa.on.ca>
24 #include <linux/sysctl.h>
26 #include "ipsec_param.h"
30 #define NET_IPSEC 2112 /* Random number */
31 #ifdef CONFIG_IPSEC_DEBUG
34 extern int debug_tunnel;
35 extern int debug_eroute;
37 extern int debug_radij;
38 extern int debug_netlink;
39 extern int debug_xform;
41 extern int debug_pfkey;
42 extern int sysctl_ipsec_debug_verbose;
43 #ifdef CONFIG_IPSEC_IPCOMP
44 extern int sysctl_ipsec_debug_ipcomp;
45 #endif /* CONFIG_IPSEC_IPCOMP */
46 #endif /* CONFIG_IPSEC_DEBUG */
48 extern int sysctl_ipsec_icmp;
49 extern int sysctl_ipsec_inbound_policy_check;
50 extern int sysctl_ipsec_tos;
51 int sysctl_ipsec_regress_pfkey_lossage;
54 #ifdef CONFIG_IPSEC_DEBUG
56 NET_IPSEC_DEBUG_ESP=2,
57 NET_IPSEC_DEBUG_TUNNEL=3,
58 NET_IPSEC_DEBUG_EROUTE=4,
59 NET_IPSEC_DEBUG_SPI=5,
60 NET_IPSEC_DEBUG_RADIJ=6,
61 NET_IPSEC_DEBUG_NETLINK=7,
62 NET_IPSEC_DEBUG_XFORM=8,
63 NET_IPSEC_DEBUG_RCV=9,
64 NET_IPSEC_DEBUG_PFKEY=10,
65 NET_IPSEC_DEBUG_VERBOSE=11,
66 NET_IPSEC_DEBUG_IPCOMP=12,
67 #endif /* CONFIG_IPSEC_DEBUG */
69 NET_IPSEC_INBOUND_POLICY_CHECK=14,
71 NET_IPSEC_REGRESS_PFKEY_LOSSAGE=16,
74 static ctl_table ipsec_table[] = {
75 #ifdef CONFIG_IPSEC_DEBUG
76 { NET_IPSEC_DEBUG_AH, "debug_ah", &debug_ah,
77 sizeof(int), 0644, NULL, &proc_dointvec},
78 { NET_IPSEC_DEBUG_ESP, "debug_esp", &debug_esp,
79 sizeof(int), 0644, NULL, &proc_dointvec},
80 { NET_IPSEC_DEBUG_TUNNEL, "debug_tunnel", &debug_tunnel,
81 sizeof(int), 0644, NULL, &proc_dointvec},
82 { NET_IPSEC_DEBUG_EROUTE, "debug_eroute", &debug_eroute,
83 sizeof(int), 0644, NULL, &proc_dointvec},
84 { NET_IPSEC_DEBUG_SPI, "debug_spi", &debug_spi,
85 sizeof(int), 0644, NULL, &proc_dointvec},
86 { NET_IPSEC_DEBUG_RADIJ, "debug_radij", &debug_radij,
87 sizeof(int), 0644, NULL, &proc_dointvec},
88 { NET_IPSEC_DEBUG_NETLINK, "debug_netlink", &debug_netlink,
89 sizeof(int), 0644, NULL, &proc_dointvec},
90 { NET_IPSEC_DEBUG_XFORM, "debug_xform", &debug_xform,
91 sizeof(int), 0644, NULL, &proc_dointvec},
92 { NET_IPSEC_DEBUG_RCV, "debug_rcv", &debug_rcv,
93 sizeof(int), 0644, NULL, &proc_dointvec},
94 { NET_IPSEC_DEBUG_PFKEY, "debug_pfkey", &debug_pfkey,
95 sizeof(int), 0644, NULL, &proc_dointvec},
96 { NET_IPSEC_DEBUG_VERBOSE, "debug_verbose",&sysctl_ipsec_debug_verbose,
97 sizeof(int), 0644, NULL, &proc_dointvec},
98 #ifdef CONFIG_IPSEC_IPCOMP
99 { NET_IPSEC_DEBUG_IPCOMP, "debug_ipcomp", &sysctl_ipsec_debug_ipcomp,
100 sizeof(int), 0644, NULL, &proc_dointvec},
101 #endif /* CONFIG_IPSEC_IPCOMP */
103 #ifdef CONFIG_IPSEC_REGRESS
104 { NET_IPSEC_REGRESS_PFKEY_LOSSAGE, "pfkey_lossage",
105 &sysctl_ipsec_regress_pfkey_lossage,
106 sizeof(int), 0644, NULL, &proc_dointvec},
107 #endif /* CONFIG_IPSEC_REGRESS */
109 #endif /* CONFIG_IPSEC_DEBUG */
110 { NET_IPSEC_ICMP, "icmp", &sysctl_ipsec_icmp,
111 sizeof(int), 0644, NULL, &proc_dointvec},
112 { NET_IPSEC_INBOUND_POLICY_CHECK, "inbound_policy_check", &sysctl_ipsec_inbound_policy_check,
113 sizeof(int), 0644, NULL, &proc_dointvec},
114 { NET_IPSEC_TOS, "tos", &sysctl_ipsec_tos,
115 sizeof(int), 0644, NULL, &proc_dointvec},
119 static ctl_table ipsec_net_table[] = {
120 { NET_IPSEC, "ipsec", NULL, 0, 0555, ipsec_table },
124 static ctl_table ipsec_root_table[] = {
125 { CTL_NET, "net", NULL, 0, 0555, ipsec_net_table },
129 static struct ctl_table_header *ipsec_table_header;
131 int ipsec_sysctl_register(void)
133 ipsec_table_header = register_sysctl_table(ipsec_root_table, 0);
134 if (!ipsec_table_header) {
140 void ipsec_sysctl_unregister(void)
142 unregister_sysctl_table(ipsec_table_header);
145 #endif /* CONFIG_SYSCTL */
148 * $Log: sysctl_net_ipsec.c,v $
149 * Revision 1.13 2002/01/12 02:58:32 mcr
150 * first regression test causes acquire messages to be lost
151 * 100% of the time. This is to help testing of pluto.
153 * Revision 1.12 2001/06/14 19:35:13 rgb
154 * Update copyright date.
156 * Revision 1.11 2001/02/26 19:58:13 rgb
157 * Drop sysctl_ipsec_{no_eroute_pass,opportunistic}, replaced by magic SAs.
159 * Revision 1.10 2000/09/16 01:50:15 rgb
160 * Protect sysctl_ipsec_debug_ipcomp with compiler defines too so that the
161 * linker won't blame rj_delete() for missing symbols. ;-> Damn statics...
163 * Revision 1.9 2000/09/15 23:17:51 rgb
164 * Moved stuff around to compile with debug off.
166 * Revision 1.8 2000/09/15 11:37:02 rgb
167 * Merge in heavily modified Svenning Soerensen's <svenning@post5.tele.dk>
168 * IPCOMP zlib deflate code.
170 * Revision 1.7 2000/09/15 07:37:15 rgb
171 * Munged silly log comment that was causing a warning.
173 * Revision 1.6 2000/09/15 04:58:23 rgb
174 * Added tos runtime switch.
175 * Removed 'sysctl_ipsec_' prefix from /proc/sys/net/ipsec/ filenames.
177 * Revision 1.5 2000/09/12 03:25:28 rgb
178 * Filled in and implemented sysctl.
180 * Revision 1.4 1999/04/11 00:29:03 henry
183 * Revision 1.3 1999/04/06 04:54:29 rgb
184 * Fix/Add RCSID Id: and Log: bits to make PHMDs happy. This includes