XFRM proc - /proc/net/xfrm_* files¶
Masahide NAKAMURA <nakam@linux-ipv6.org>
Transformation Statistics¶
The xfrm_proc code is a set of statistics showing numbers of packetsdropped by the transformation code and why. These counters are definedas part of the linux private MIB. These counters can be viewed in/proc/net/xfrm_stat.
Inbound errors¶
- XfrmInError:
- All errors which is not matched others
- XfrmInBufferError:
- No buffer is left
- XfrmInHdrError:
- Header error
- XfrmInNoStates:
- No state is foundi.e. Either inbound SPI, address, or IPsec protocol at SA is wrong
- XfrmInStateProtoError:
- Transformation protocol specific errore.g. SA key is wrong
- XfrmInStateModeError:
- Transformation mode specific error
- XfrmInStateSeqError:
- Sequence errori.e. Sequence number is out of window
- XfrmInStateExpired:
- State is expired
- XfrmInStateMismatch:
- State has mismatch optione.g. UDP encapsulation type is mismatch
- XfrmInStateInvalid:
- State is invalid
- XfrmInTmplMismatch:
- No matching template for statese.g. Inbound SAs are correct but SP rule is wrong
- XfrmInNoPols:
- No policy is found for statese.g. Inbound SAs are correct but no SP is found
- XfrmInPolBlock:
- Policy discards
- XfrmInPolError:
- Policy error
- XfrmAcquireError:
- State hasn’t been fully acquired before use
- XfrmFwdHdrError:
- Forward routing of a packet is not allowed
Outbound errors¶
- XfrmOutError:
- All errors which is not matched others
- XfrmOutBundleGenError:
- Bundle generation error
- XfrmOutBundleCheckError:
- Bundle check error
- XfrmOutNoStates:
- No state is found
- XfrmOutStateProtoError:
- Transformation protocol specific error
- XfrmOutStateModeError:
- Transformation mode specific error
- XfrmOutStateSeqError:
- Sequence errori.e. Sequence number overflow
- XfrmOutStateExpired:
- State is expired
- XfrmOutPolBlock:
- Policy discards
- XfrmOutPolDead:
- Policy is dead
- XfrmOutPolError:
- Policy error
- XfrmOutStateInvalid:
- State is invalid, perhaps expired