120 lines
2.3 KiB
ReStructuredText
120 lines
2.3 KiB
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
|
|
|
==================================
|
|
XFRM proc - /proc/net/xfrm_* files
|
|
==================================
|
|
|
|
Masahide NAKAMURA <nakam@linux-ipv6.org>
|
|
|
|
|
|
Transformation Statistics
|
|
-------------------------
|
|
|
|
The xfrm_proc code is a set of statistics showing numbers of packets
|
|
dropped by the transformation code and why. These counters are defined
|
|
as part of the linux private MIB. These counters can be viewed in
|
|
/proc/net/xfrm_stat.
|
|
|
|
|
|
Inbound errors
|
|
~~~~~~~~~~~~~~
|
|
|
|
XfrmInError:
|
|
All errors which is not matched others
|
|
|
|
XfrmInBufferError:
|
|
No buffer is left
|
|
|
|
XfrmInHdrError:
|
|
Header error
|
|
|
|
XfrmInNoStates:
|
|
No state is found
|
|
i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong
|
|
|
|
XfrmInStateProtoError:
|
|
Transformation protocol specific error
|
|
e.g. SA key is wrong
|
|
|
|
XfrmInStateModeError:
|
|
Transformation mode specific error
|
|
|
|
XfrmInStateSeqError:
|
|
Sequence error
|
|
i.e. Sequence number is out of window
|
|
|
|
XfrmInStateExpired:
|
|
State is expired
|
|
|
|
XfrmInStateMismatch:
|
|
State has mismatch option
|
|
e.g. UDP encapsulation type is mismatch
|
|
|
|
XfrmInStateInvalid:
|
|
State is invalid
|
|
|
|
XfrmInTmplMismatch:
|
|
No matching template for states
|
|
e.g. Inbound SAs are correct but SP rule is wrong
|
|
|
|
XfrmInNoPols:
|
|
No policy is found for states
|
|
e.g. Inbound SAs are correct but no SP is found
|
|
|
|
XfrmInPolBlock:
|
|
Policy discards
|
|
|
|
XfrmInPolError:
|
|
Policy error
|
|
|
|
XfrmAcquireError:
|
|
State hasn't been fully acquired before use
|
|
|
|
XfrmFwdHdrError:
|
|
Forward routing of a packet is not allowed
|
|
|
|
XfrmInStateDirError:
|
|
State direction mismatch (lookup found an output state on the input path, expected input or no direction)
|
|
|
|
Outbound errors
|
|
~~~~~~~~~~~~~~~
|
|
XfrmOutError:
|
|
All errors which is not matched others
|
|
|
|
XfrmOutBundleGenError:
|
|
Bundle generation error
|
|
|
|
XfrmOutBundleCheckError:
|
|
Bundle check error
|
|
|
|
XfrmOutNoStates:
|
|
No state is found
|
|
|
|
XfrmOutStateProtoError:
|
|
Transformation protocol specific error
|
|
|
|
XfrmOutStateModeError:
|
|
Transformation mode specific error
|
|
|
|
XfrmOutStateSeqError:
|
|
Sequence error
|
|
i.e. Sequence number overflow
|
|
|
|
XfrmOutStateExpired:
|
|
State is expired
|
|
|
|
XfrmOutPolBlock:
|
|
Policy discards
|
|
|
|
XfrmOutPolDead:
|
|
Policy is dead
|
|
|
|
XfrmOutPolError:
|
|
Policy error
|
|
|
|
XfrmOutStateInvalid:
|
|
State is invalid, perhaps expired
|
|
|
|
XfrmOutStateDirError:
|
|
State direction mismatch (lookup found an input state on the output path, expected output or no direction)
|