| Masahide NAKAMURA | 558f82e | 2007-12-20 20:42:57 -0800 | [diff] [blame] | 1 | XFRM proc - /proc/net/xfrm_* files |
| 2 | ================================== |
| 3 | Masahide NAKAMURA <nakam@linux-ipv6.org> |
| 4 | |
| 5 | |
| 6 | Transformation Statistics |
| 7 | ------------------------- |
| Masahide NAKAMURA | 558f82e | 2007-12-20 20:42:57 -0800 | [diff] [blame] | 8 | |
| Shannon Nelson | 1a4bb1d | 2017-12-21 14:26:18 -0800 | [diff] [blame] | 9 | The xfrm_proc code is a set of statistics showing numbers of packets |
| 10 | dropped by the transformation code and why. These counters are defined |
| 11 | as part of the linux private MIB. These counters can be viewed in |
| 12 | /proc/net/xfrm_stat. |
| 13 | |
| 14 | |
| 15 | Inbound errors |
| 16 | ~~~~~~~~~~~~~~ |
| Masahide NAKAMURA | 558f82e | 2007-12-20 20:42:57 -0800 | [diff] [blame] | 17 | XfrmInError: |
| 18 | All errors which is not matched others |
| 19 | XfrmInBufferError: |
| 20 | No buffer is left |
| 21 | XfrmInHdrError: |
| 22 | Header error |
| 23 | XfrmInNoStates: |
| 24 | No state is found |
| 25 | i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong |
| 26 | XfrmInStateProtoError: |
| 27 | Transformation protocol specific error |
| 28 | e.g. SA key is wrong |
| 29 | XfrmInStateModeError: |
| 30 | Transformation mode specific error |
| Masahide NAKAMURA | 9472c9e | 2008-01-31 17:14:58 -0800 | [diff] [blame] | 31 | XfrmInStateSeqError: |
| 32 | Sequence error |
| 33 | i.e. Sequence number is out of window |
| Masahide NAKAMURA | 558f82e | 2007-12-20 20:42:57 -0800 | [diff] [blame] | 34 | XfrmInStateExpired: |
| 35 | State is expired |
| 36 | XfrmInStateMismatch: |
| 37 | State has mismatch option |
| 38 | e.g. UDP encapsulation type is mismatch |
| 39 | XfrmInStateInvalid: |
| 40 | State is invalid |
| 41 | XfrmInTmplMismatch: |
| 42 | No matching template for states |
| 43 | e.g. Inbound SAs are correct but SP rule is wrong |
| 44 | XfrmInNoPols: |
| 45 | No policy is found for states |
| 46 | e.g. Inbound SAs are correct but no SP is found |
| 47 | XfrmInPolBlock: |
| 48 | Policy discards |
| 49 | XfrmInPolError: |
| 50 | Policy error |
| Shannon Nelson | 1a4bb1d | 2017-12-21 14:26:18 -0800 | [diff] [blame] | 51 | XfrmAcquireError: |
| 52 | State hasn't been fully acquired before use |
| 53 | XfrmFwdHdrError: |
| 54 | Forward routing of a packet is not allowed |
| Masahide NAKAMURA | 558f82e | 2007-12-20 20:42:57 -0800 | [diff] [blame] | 55 | |
| 56 | Outbound errors |
| 57 | ~~~~~~~~~~~~~~~ |
| 58 | XfrmOutError: |
| 59 | All errors which is not matched others |
| 60 | XfrmOutBundleGenError: |
| 61 | Bundle generation error |
| 62 | XfrmOutBundleCheckError: |
| 63 | Bundle check error |
| 64 | XfrmOutNoStates: |
| 65 | No state is found |
| 66 | XfrmOutStateProtoError: |
| 67 | Transformation protocol specific error |
| 68 | XfrmOutStateModeError: |
| 69 | Transformation mode specific error |
| Masahide NAKAMURA | 9472c9e | 2008-01-31 17:14:58 -0800 | [diff] [blame] | 70 | XfrmOutStateSeqError: |
| 71 | Sequence error |
| 72 | i.e. Sequence number overflow |
| Masahide NAKAMURA | 558f82e | 2007-12-20 20:42:57 -0800 | [diff] [blame] | 73 | XfrmOutStateExpired: |
| 74 | State is expired |
| 75 | XfrmOutPolBlock: |
| 76 | Policy discards |
| 77 | XfrmOutPolDead: |
| 78 | Policy is dead |
| 79 | XfrmOutPolError: |
| 80 | Policy error |
| Shannon Nelson | 1a4bb1d | 2017-12-21 14:26:18 -0800 | [diff] [blame] | 81 | XfrmOutStateInvalid: |
| 82 | State is invalid, perhaps expired |