Kernel-3.10.0-957.el7_xfrm_proc

XFRM proc - /proc/net/xfrm_* files

Masahide NAKAMURA nakam@linux-ipv6.org

Transformation Statistics

xfrm_proc is a statistics shown factor dropped by transformation
for developer.
It is a counter designed from current transformation source code
and defined like linux private MIB.

Inbound statistics

XfrmInError:
	All errors which is not matched others
XfrmInBufferError:
	No buffer is left
XfrmInHdrError:
	Header error
XfrmInNoStates:
	No state is found
	i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong
XfrmInStateProtoError:
	Transformation protocol specific error
	e.g. SA key is wrong
XfrmInStateModeError:
	Transformation mode specific error
XfrmInStateSeqError:
	Sequence error
	i.e. Sequence number is out of window
XfrmInStateExpired:
	State is expired
XfrmInStateMismatch:
	State has mismatch option
	e.g. UDP encapsulation type is mismatch
XfrmInStateInvalid:
	State is invalid
XfrmInTmplMismatch:
	No matching template for states
	e.g. Inbound SAs are correct but SP rule is wrong
XfrmInNoPols:
	No policy is found for states
	e.g. Inbound SAs are correct but no SP is found
XfrmInPolBlock:
	Policy discards
XfrmInPolError:
	Policy error

Outbound errors

XfrmOutError:
All errors which is not matched others
XfrmOutBundleGenError:
Bundle generation error
XfrmOutBundleCheckError:
Bundle check error
XfrmOutNoStates:
No state is found
XfrmOutStateProtoError:
Transformation protocol specific error
XfrmOutStateModeError:
Transformation mode specific error
XfrmOutStateSeqError:
Sequence error
i.e. Sequence number overflow
XfrmOutStateExpired:
State is expired
XfrmOutPolBlock:
Policy discards
XfrmOutPolDead:
Policy is dead
XfrmOutPolError:
Policy error