1 XFRM proc - /proc/net/xfrm_* files
2 ==================================
3 Masahide NAKAMURA <nakam@linux-ipv6.org>
6 Transformation Statistics
7 -------------------------
9 The xfrm_proc code is a set of statistics showing numbers of packets
10 dropped by the transformation code and why. These counters are defined
11 as part of the linux private MIB. These counters can be viewed in
18 All errors which is not matched others
25 i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong
26 XfrmInStateProtoError:
27 Transformation protocol specific error
30 Transformation mode specific error
33 i.e. Sequence number is out of window
37 State has mismatch option
38 e.g. UDP encapsulation type is mismatch
42 No matching template for states
43 e.g. Inbound SAs are correct but SP rule is wrong
45 No policy is found for states
46 e.g. Inbound SAs are correct but no SP is found
52 State hasn't been fully acquired before use
54 Forward routing of a packet is not allowed
59 All errors which is not matched others
60 XfrmOutBundleGenError:
61 Bundle generation error
62 XfrmOutBundleCheckError:
66 XfrmOutStateProtoError:
67 Transformation protocol specific error
68 XfrmOutStateModeError:
69 Transformation mode specific error
72 i.e. Sequence number overflow
82 State is invalid, perhaps expired