linux/Documentation/networking/xfrm_proc.rst

.. SPDX-License-Identifier: GPL-2.0

==================================
XFRM proc - /proc/net/xfrm_* files
==================================

Masahide NAKAMURA <[email protected]>


Transformation Statistics
-------------------------

The xfrm_proc code is a set of statistics showing numbers of packets
dropped by the transformation code and why.  These counters are defined
as part of the linux private MIB.  These counters can be viewed in
/proc/net/xfrm_stat.


Inbound errors
~~~~~~~~~~~~~~

XfrmInError:
	All errors which is not matched others

XfrmInBufferError:
	No buffer is left

XfrmInHdrError:
	Header error

XfrmInNoStates:
	No state is found
	i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong

XfrmInStateProtoError:
	Transformation protocol specific error
	e.g. SA key is wrong

XfrmInStateModeError:
	Transformation mode specific error

XfrmInStateSeqError:
	Sequence error
	i.e. Sequence number is out of window

XfrmInStateExpired:
	State is expired

XfrmInStateMismatch:
	State has mismatch option
	e.g. UDP encapsulation type is mismatch

XfrmInStateInvalid:
	State is invalid

XfrmInTmplMismatch:
	No matching template for states
	e.g. Inbound SAs are correct but SP rule is wrong

XfrmInNoPols:
	No policy is found for states
	e.g. Inbound SAs are correct but no SP is found

XfrmInPolBlock:
	Policy discards

XfrmInPolError:
	Policy error

XfrmAcquireError:
	State hasn't been fully acquired before use

XfrmFwdHdrError:
	Forward routing of a packet is not allowed

XfrmInStateDirError:
        State direction mismatch (lookup found an output state on the input path, expected input or no direction)

Outbound errors
~~~~~~~~~~~~~~~
XfrmOutError:
	All errors which is not matched others

XfrmOutBundleGenError:
	Bundle generation error

XfrmOutBundleCheckError:
	Bundle check error

XfrmOutNoStates:
	No state is found

XfrmOutStateProtoError:
	Transformation protocol specific error

XfrmOutStateModeError:
	Transformation mode specific error

XfrmOutStateSeqError:
	Sequence error
	i.e. Sequence number overflow

XfrmOutStateExpired:
	State is expired

XfrmOutPolBlock:
	Policy discards

XfrmOutPolDead:
	Policy is dead

XfrmOutPolError:
	Policy error

XfrmOutStateInvalid:
	State is invalid, perhaps expired

XfrmOutStateDirError:
        State direction mismatch (lookup found an input state on the output path, expected output or no direction)