mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-06 05:06:29 +00:00
[XFRM]: Fix statistics.
o Outbound sequence number overflow error status is counted as XfrmOutStateSeqError. o Additionaly, it changes inbound sequence number replay error name from XfrmInSeqOutOfWindow to XfrmInStateSeqError to apply name scheme above. o Inbound IPv4 UDP encapsuling type mismatch error is wrongly mapped to XfrmInStateInvalid then this patch fiex the error to XfrmInStateMismatch. Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
5255dc6e14
commit
9472c9ef64
@ -26,8 +26,9 @@ XfrmInStateProtoError:
|
||||
e.g. SA key is wrong
|
||||
XfrmInStateModeError:
|
||||
Transformation mode specific error
|
||||
XfrmInSeqOutOfWindow:
|
||||
Sequence out of window
|
||||
XfrmInStateSeqError:
|
||||
Sequence error
|
||||
i.e. Sequence number is out of window
|
||||
XfrmInStateExpired:
|
||||
State is expired
|
||||
XfrmInStateMismatch:
|
||||
@ -60,6 +61,9 @@ XfrmOutStateProtoError:
|
||||
Transformation protocol specific error
|
||||
XfrmOutStateModeError:
|
||||
Transformation mode specific error
|
||||
XfrmOutStateSeqError:
|
||||
Sequence error
|
||||
i.e. Sequence number overflow
|
||||
XfrmOutStateExpired:
|
||||
State is expired
|
||||
XfrmOutPolBlock:
|
||||
|
@ -227,7 +227,7 @@ enum
|
||||
LINUX_MIB_XFRMINNOSTATES, /* XfrmInNoStates */
|
||||
LINUX_MIB_XFRMINSTATEPROTOERROR, /* XfrmInStateProtoError */
|
||||
LINUX_MIB_XFRMINSTATEMODEERROR, /* XfrmInStateModeError */
|
||||
LINUX_MIB_XFRMINSEQOUTOFWINDOW, /* XfrmInSeqOutOfWindow */
|
||||
LINUX_MIB_XFRMINSTATESEQERROR, /* XfrmInStateSeqError */
|
||||
LINUX_MIB_XFRMINSTATEEXPIRED, /* XfrmInStateExpired */
|
||||
LINUX_MIB_XFRMINSTATEMISMATCH, /* XfrmInStateMismatch */
|
||||
LINUX_MIB_XFRMINSTATEINVALID, /* XfrmInStateInvalid */
|
||||
@ -241,6 +241,7 @@ enum
|
||||
LINUX_MIB_XFRMOUTNOSTATES, /* XfrmOutNoStates */
|
||||
LINUX_MIB_XFRMOUTSTATEPROTOERROR, /* XfrmOutStateProtoError */
|
||||
LINUX_MIB_XFRMOUTSTATEMODEERROR, /* XfrmOutStateModeError */
|
||||
LINUX_MIB_XFRMOUTSTATESEQERROR, /* XfrmOutStateSeqError */
|
||||
LINUX_MIB_XFRMOUTSTATEEXPIRED, /* XfrmOutStateExpired */
|
||||
LINUX_MIB_XFRMOUTPOLBLOCK, /* XfrmOutPolBlock */
|
||||
LINUX_MIB_XFRMOUTPOLDEAD, /* XfrmOutPolDead */
|
||||
|
@ -159,12 +159,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
|
||||
}
|
||||
|
||||
if ((x->encap ? x->encap->encap_type : 0) != encap_type) {
|
||||
XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEINVALID);
|
||||
XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEMISMATCH);
|
||||
goto drop_unlock;
|
||||
}
|
||||
|
||||
if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) {
|
||||
XFRM_INC_STATS(LINUX_MIB_XFRMINSEQOUTOFWINDOW);
|
||||
XFRM_INC_STATS(LINUX_MIB_XFRMINSTATESEQERROR);
|
||||
goto drop_unlock;
|
||||
}
|
||||
|
||||
|
@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
|
||||
if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
|
||||
XFRM_SKB_CB(skb)->seq = ++x->replay.oseq;
|
||||
if (unlikely(x->replay.oseq == 0)) {
|
||||
XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATESEQERROR);
|
||||
x->replay.oseq--;
|
||||
xfrm_audit_state_replay_overflow(x, skb);
|
||||
err = -EOVERFLOW;
|
||||
|
@ -22,7 +22,7 @@ static struct snmp_mib xfrm_mib_list[] = {
|
||||
SNMP_MIB_ITEM("XfrmInNoStates", LINUX_MIB_XFRMINNOSTATES),
|
||||
SNMP_MIB_ITEM("XfrmInStateProtoError", LINUX_MIB_XFRMINSTATEPROTOERROR),
|
||||
SNMP_MIB_ITEM("XfrmInStateModeError", LINUX_MIB_XFRMINSTATEMODEERROR),
|
||||
SNMP_MIB_ITEM("XfrmInSeqOutOfWindow", LINUX_MIB_XFRMINSEQOUTOFWINDOW),
|
||||
SNMP_MIB_ITEM("XfrmInStateSeqError", LINUX_MIB_XFRMINSTATESEQERROR),
|
||||
SNMP_MIB_ITEM("XfrmInStateExpired", LINUX_MIB_XFRMINSTATEEXPIRED),
|
||||
SNMP_MIB_ITEM("XfrmInStateMismatch", LINUX_MIB_XFRMINSTATEMISMATCH),
|
||||
SNMP_MIB_ITEM("XfrmInStateInvalid", LINUX_MIB_XFRMINSTATEINVALID),
|
||||
@ -36,6 +36,7 @@ static struct snmp_mib xfrm_mib_list[] = {
|
||||
SNMP_MIB_ITEM("XfrmOutNoStates", LINUX_MIB_XFRMOUTNOSTATES),
|
||||
SNMP_MIB_ITEM("XfrmOutStateProtoError", LINUX_MIB_XFRMOUTSTATEPROTOERROR),
|
||||
SNMP_MIB_ITEM("XfrmOutStateModeError", LINUX_MIB_XFRMOUTSTATEMODEERROR),
|
||||
SNMP_MIB_ITEM("XfrmOutStateSeqError", LINUX_MIB_XFRMOUTSTATESEQERROR),
|
||||
SNMP_MIB_ITEM("XfrmOutStateExpired", LINUX_MIB_XFRMOUTSTATEEXPIRED),
|
||||
SNMP_MIB_ITEM("XfrmOutPolBlock", LINUX_MIB_XFRMOUTPOLBLOCK),
|
||||
SNMP_MIB_ITEM("XfrmOutPolDead", LINUX_MIB_XFRMOUTPOLDEAD),
|
||||
|
Loading…
Reference in New Issue
Block a user