|  | .. SPDX-License-Identifier: GPL-2.0 | 
|  |  | 
|  | ================================== | 
|  | XFRM proc - /proc/net/xfrm_* files | 
|  | ================================== | 
|  |  | 
|  | Masahide NAKAMURA <nakam@linux-ipv6.org> | 
|  |  | 
|  |  | 
|  | Transformation Statistics | 
|  | ------------------------- | 
|  |  | 
|  | The xfrm_proc code is a set of statistics showing numbers of packets | 
|  | dropped by the transformation code and why.  These counters are defined | 
|  | as part of the linux private MIB.  These counters can be viewed in | 
|  | /proc/net/xfrm_stat. | 
|  |  | 
|  |  | 
|  | Inbound errors | 
|  | ~~~~~~~~~~~~~~ | 
|  |  | 
|  | XfrmInError: | 
|  | All errors which is not matched others | 
|  |  | 
|  | XfrmInBufferError: | 
|  | No buffer is left | 
|  |  | 
|  | XfrmInHdrError: | 
|  | Header error | 
|  |  | 
|  | XfrmInNoStates: | 
|  | No state is found | 
|  | i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong | 
|  |  | 
|  | XfrmInStateProtoError: | 
|  | Transformation protocol specific error | 
|  | e.g. SA key is wrong | 
|  |  | 
|  | XfrmInStateModeError: | 
|  | Transformation mode specific error | 
|  |  | 
|  | XfrmInStateSeqError: | 
|  | Sequence error | 
|  | i.e. Sequence number is out of window | 
|  |  | 
|  | XfrmInStateExpired: | 
|  | State is expired | 
|  |  | 
|  | XfrmInStateMismatch: | 
|  | State has mismatch option | 
|  | e.g. UDP encapsulation type is mismatch | 
|  |  | 
|  | XfrmInStateInvalid: | 
|  | State is invalid | 
|  |  | 
|  | XfrmInTmplMismatch: | 
|  | No matching template for states | 
|  | e.g. Inbound SAs are correct but SP rule is wrong | 
|  |  | 
|  | XfrmInNoPols: | 
|  | No policy is found for states | 
|  | e.g. Inbound SAs are correct but no SP is found | 
|  |  | 
|  | XfrmInPolBlock: | 
|  | Policy discards | 
|  |  | 
|  | XfrmInPolError: | 
|  | Policy error | 
|  |  | 
|  | XfrmAcquireError: | 
|  | State hasn't been fully acquired before use | 
|  |  | 
|  | XfrmFwdHdrError: | 
|  | Forward routing of a packet is not allowed | 
|  |  | 
|  | XfrmInStateDirError: | 
|  | State direction mismatch (lookup found an output state on the input path, expected input or no direction) | 
|  |  | 
|  | Outbound errors | 
|  | ~~~~~~~~~~~~~~~ | 
|  | XfrmOutError: | 
|  | All errors which is not matched others | 
|  |  | 
|  | XfrmOutBundleGenError: | 
|  | Bundle generation error | 
|  |  | 
|  | XfrmOutBundleCheckError: | 
|  | Bundle check error | 
|  |  | 
|  | XfrmOutNoStates: | 
|  | No state is found | 
|  |  | 
|  | XfrmOutStateProtoError: | 
|  | Transformation protocol specific error | 
|  |  | 
|  | XfrmOutStateModeError: | 
|  | Transformation mode specific error | 
|  |  | 
|  | XfrmOutStateSeqError: | 
|  | Sequence error | 
|  | i.e. Sequence number overflow | 
|  |  | 
|  | XfrmOutStateExpired: | 
|  | State is expired | 
|  |  | 
|  | XfrmOutPolBlock: | 
|  | Policy discards | 
|  |  | 
|  | XfrmOutPolDead: | 
|  | Policy is dead | 
|  |  | 
|  | XfrmOutPolError: | 
|  | Policy error | 
|  |  | 
|  | XfrmOutStateInvalid: | 
|  | State is invalid, perhaps expired | 
|  |  | 
|  | XfrmOutStateDirError: | 
|  | State direction mismatch (lookup found an input state on the output path, expected output or no direction) |