1.. SPDX-License-Identifier: GPL-2.0 2 3================================== 4XFRM proc - /proc/net/xfrm_* files 5================================== 6 7Masahide NAKAMURA <nakam@linux-ipv6.org> 8 9 10Transformation Statistics 11------------------------- 12 13The xfrm_proc code is a set of statistics showing numbers of packets 14dropped by the transformation code and why. These counters are defined 15as part of the linux private MIB. These counters can be viewed in 16/proc/net/xfrm_stat. 17 18 19Inbound errors 20~~~~~~~~~~~~~~ 21 22XfrmInError: 23 All errors which is not matched others 24 25XfrmInBufferError: 26 No buffer is left 27 28XfrmInHdrError: 29 Header error 30 31XfrmInNoStates: 32 No state is found 33 i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong 34 35XfrmInStateProtoError: 36 Transformation protocol specific error 37 e.g. SA key is wrong 38 39XfrmInStateModeError: 40 Transformation mode specific error 41 42XfrmInStateSeqError: 43 Sequence error 44 i.e. Sequence number is out of window 45 46XfrmInStateExpired: 47 State is expired 48 49XfrmInStateMismatch: 50 State has mismatch option 51 e.g. UDP encapsulation type is mismatch 52 53XfrmInStateInvalid: 54 State is invalid 55 56XfrmInTmplMismatch: 57 No matching template for states 58 e.g. Inbound SAs are correct but SP rule is wrong 59 60XfrmInNoPols: 61 No policy is found for states 62 e.g. Inbound SAs are correct but no SP is found 63 64XfrmInPolBlock: 65 Policy discards 66 67XfrmInPolError: 68 Policy error 69 70XfrmAcquireError: 71 State hasn't been fully acquired before use 72 73XfrmFwdHdrError: 74 Forward routing of a packet is not allowed 75 76Outbound errors 77~~~~~~~~~~~~~~~ 78XfrmOutError: 79 All errors which is not matched others 80 81XfrmOutBundleGenError: 82 Bundle generation error 83 84XfrmOutBundleCheckError: 85 Bundle check error 86 87XfrmOutNoStates: 88 No state is found 89 90XfrmOutStateProtoError: 91 Transformation protocol specific error 92 93XfrmOutStateModeError: 94 Transformation mode specific error 95 96XfrmOutStateSeqError: 97 Sequence error 98 i.e. Sequence number overflow 99 100XfrmOutStateExpired: 101 State is expired 102 103XfrmOutPolBlock: 104 Policy discards 105 106XfrmOutPolDead: 107 Policy is dead 108 109XfrmOutPolError: 110 Policy error 111 112XfrmOutStateInvalid: 113 State is invalid, perhaps expired 114