summaryrefslogtreecommitdiffstats
path: root/Documentation/networking/xfrm_proc.rst
blob: 0a771c5a7399b558be69a7e1ae3c95e7547864f4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
.. SPDX-License-Identifier: GPL-2.0

==================================
XFRM proc - /proc/net/xfrm_* files
==================================

Masahide NAKAMURA <nakam@linux-ipv6.org>


Transformation Statistics
-------------------------

The xfrm_proc code is a set of statistics showing numbers of packets
dropped by the transformation code and why.  These counters are defined
as part of the linux private MIB.  These counters can be viewed in
/proc/net/xfrm_stat.


Inbound errors
~~~~~~~~~~~~~~

XfrmInError:
	All errors which is not matched others

XfrmInBufferError:
	No buffer is left

XfrmInHdrError:
	Header error

XfrmInNoStates:
	No state is found
	i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong

XfrmInStateProtoError:
	Transformation protocol specific error
	e.g. SA key is wrong

XfrmInStateModeError:
	Transformation mode specific error

XfrmInStateSeqError:
	Sequence error
	i.e. Sequence number is out of window

XfrmInStateExpired:
	State is expired

XfrmInStateMismatch:
	State has mismatch option
	e.g. UDP encapsulation type is mismatch

XfrmInStateInvalid:
	State is invalid

XfrmInTmplMismatch:
	No matching template for states
	e.g. Inbound SAs are correct but SP rule is wrong

XfrmInNoPols:
	No policy is found for states
	e.g. Inbound SAs are correct but no SP is found

XfrmInPolBlock:
	Policy discards

XfrmInPolError:
	Policy error

XfrmAcquireError:
	State hasn't been fully acquired before use

XfrmFwdHdrError:
	Forward routing of a packet is not allowed

Outbound errors
~~~~~~~~~~~~~~~
XfrmOutError:
	All errors which is not matched others

XfrmOutBundleGenError:
	Bundle generation error

XfrmOutBundleCheckError:
	Bundle check error

XfrmOutNoStates:
	No state is found

XfrmOutStateProtoError:
	Transformation protocol specific error

XfrmOutStateModeError:
	Transformation mode specific error

XfrmOutStateSeqError:
	Sequence error
	i.e. Sequence number overflow

XfrmOutStateExpired:
	State is expired

XfrmOutPolBlock:
	Policy discards

XfrmOutPolDead:
	Policy is dead

XfrmOutPolError:
	Policy error

XfrmOutStateInvalid:
	State is invalid, perhaps expired