1.. SPDX-License-Identifier: GPL-2.0 2 3================================== 4XFRM proc - /proc/net/xfrm_* files 5================================== 6 7Masahide NAKAMURA <nakam@linux-ipv6.org> 8 9 10Transformation Statistics 11------------------------- 12 13The xfrm_proc code is a set of statistics showing numbers of packets 14dropped by the transformation code and why. These counters are defined 15as part of the linux private MIB. These counters can be viewed in 16/proc/net/xfrm_stat. 17 18 19Inbound errors 20~~~~~~~~~~~~~~ 21 22XfrmInError: 23 All errors which is not matched others 24 25XfrmInBufferError: 26 No buffer is left 27 28XfrmInHdrError: 29 Header error 30 31XfrmInNoStates: 32 No state is found 33 i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong 34 35XfrmInStateProtoError: 36 Transformation protocol specific error 37 e.g. SA key is wrong 38 39XfrmInStateModeError: 40 Transformation mode specific error 41 42XfrmInStateSeqError: 43 Sequence error 44 i.e. Sequence number is out of window 45 46XfrmInStateExpired: 47 State is expired 48 49XfrmInStateMismatch: 50 State has mismatch option 51 e.g. UDP encapsulation type is mismatch 52 53XfrmInStateInvalid: 54 State is invalid 55 56XfrmInTmplMismatch: 57 No matching template for states 58 e.g. Inbound SAs are correct but SP rule is wrong 59 60XfrmInNoPols: 61 No policy is found for states 62 e.g. Inbound SAs are correct but no SP is found 63 64XfrmInPolBlock: 65 Policy discards 66 67XfrmInPolError: 68 Policy error 69 70XfrmAcquireError: 71 State hasn't been fully acquired before use 72 73XfrmFwdHdrError: 74 Forward routing of a packet is not allowed 75 76XfrmInStateDirError: 77 State direction mismatch (lookup found an output state on the input path, expected input or no direction) 78 79Outbound errors 80~~~~~~~~~~~~~~~ 81XfrmOutError: 82 All errors which is not matched others 83 84XfrmOutBundleGenError: 85 Bundle generation error 86 87XfrmOutBundleCheckError: 88 Bundle check error 89 90XfrmOutNoStates: 91 No state is found 92 93XfrmOutStateProtoError: 94 Transformation protocol specific error 95 96XfrmOutStateModeError: 97 Transformation mode specific error 98 99XfrmOutStateSeqError: 100 Sequence error 101 i.e. Sequence number overflow 102 103XfrmOutStateExpired: 104 State is expired 105 106XfrmOutPolBlock: 107 Policy discards 108 109XfrmOutPolDead: 110 Policy is dead 111 112XfrmOutPolError: 113 Policy error 114 115XfrmOutStateInvalid: 116 State is invalid, perhaps expired 117 118XfrmOutStateDirError: 119 State direction mismatch (lookup found an input state on the output path, expected output or no direction) 120