linux-hardened/Documentation/networking/xfrm_proc.txt
Masahide NAKAMURA 9472c9ef64 [XFRM]: Fix statistics.
o Outbound sequence number overflow error status
  is counted as XfrmOutStateSeqError.
o Additionaly, it changes inbound sequence number replay
  error name from XfrmInSeqOutOfWindow to XfrmInStateSeqError
  to apply name scheme above.
o Inbound IPv4 UDP encapsuling type mismatch error is wrongly
  mapped to XfrmInStateInvalid then this patch fiex the error
  to XfrmInStateMismatch.

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-01-31 19:28:30 -08:00

74 lines
1.8 KiB
Text

XFRM proc - /proc/net/xfrm_* files
==================================
Masahide NAKAMURA <nakam@linux-ipv6.org>
Transformation Statistics
-------------------------
xfrm_proc is a statistics shown factor dropped by transformation
for developer.
It is a counter designed from current transformation source code
and defined like linux private MIB.
Inbound statistics
~~~~~~~~~~~~~~~~~~
XfrmInError:
All errors which is not matched others
XfrmInBufferError:
No buffer is left
XfrmInHdrError:
Header error
XfrmInNoStates:
No state is found
i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong
XfrmInStateProtoError:
Transformation protocol specific error
e.g. SA key is wrong
XfrmInStateModeError:
Transformation mode specific error
XfrmInStateSeqError:
Sequence error
i.e. Sequence number is out of window
XfrmInStateExpired:
State is expired
XfrmInStateMismatch:
State has mismatch option
e.g. UDP encapsulation type is mismatch
XfrmInStateInvalid:
State is invalid
XfrmInTmplMismatch:
No matching template for states
e.g. Inbound SAs are correct but SP rule is wrong
XfrmInNoPols:
No policy is found for states
e.g. Inbound SAs are correct but no SP is found
XfrmInPolBlock:
Policy discards
XfrmInPolError:
Policy error
Outbound errors
~~~~~~~~~~~~~~~
XfrmOutError:
All errors which is not matched others
XfrmOutBundleGenError:
Bundle generation error
XfrmOutBundleCheckError:
Bundle check error
XfrmOutNoStates:
No state is found
XfrmOutStateProtoError:
Transformation protocol specific error
XfrmOutStateModeError:
Transformation mode specific error
XfrmOutStateSeqError:
Sequence error
i.e. Sequence number overflow
XfrmOutStateExpired:
State is expired
XfrmOutPolBlock:
Policy discards
XfrmOutPolDead:
Policy is dead
XfrmOutPolError:
Policy error