diff options
-rw-r--r-- | Documentation/networking/xfrm_proc.txt | 8 | ||||
-rw-r--r-- | include/linux/snmp.h | 3 | ||||
-rw-r--r-- | net/xfrm/xfrm_input.c | 4 | ||||
-rw-r--r-- | net/xfrm/xfrm_output.c | 1 | ||||
-rw-r--r-- | net/xfrm/xfrm_proc.c | 3 |
5 files changed, 13 insertions, 6 deletions
diff --git a/Documentation/networking/xfrm_proc.txt b/Documentation/networking/xfrm_proc.txt index 53c1a58b02f..d0d8bafa901 100644 --- a/Documentation/networking/xfrm_proc.txt +++ b/Documentation/networking/xfrm_proc.txt | |||
@@ -26,8 +26,9 @@ XfrmInStateProtoError: | |||
26 | e.g. SA key is wrong | 26 | e.g. SA key is wrong |
27 | XfrmInStateModeError: | 27 | XfrmInStateModeError: |
28 | Transformation mode specific error | 28 | Transformation mode specific error |
29 | XfrmInSeqOutOfWindow: | 29 | XfrmInStateSeqError: |
30 | Sequence out of window | 30 | Sequence error |
31 | i.e. Sequence number is out of window | ||
31 | XfrmInStateExpired: | 32 | XfrmInStateExpired: |
32 | State is expired | 33 | State is expired |
33 | XfrmInStateMismatch: | 34 | XfrmInStateMismatch: |
@@ -60,6 +61,9 @@ XfrmOutStateProtoError: | |||
60 | Transformation protocol specific error | 61 | Transformation protocol specific error |
61 | XfrmOutStateModeError: | 62 | XfrmOutStateModeError: |
62 | Transformation mode specific error | 63 | Transformation mode specific error |
64 | XfrmOutStateSeqError: | ||
65 | Sequence error | ||
66 | i.e. Sequence number overflow | ||
63 | XfrmOutStateExpired: | 67 | XfrmOutStateExpired: |
64 | State is expired | 68 | State is expired |
65 | XfrmOutPolBlock: | 69 | XfrmOutPolBlock: |
diff --git a/include/linux/snmp.h b/include/linux/snmp.h index 86d3effb283..5df62ef1280 100644 --- a/include/linux/snmp.h +++ b/include/linux/snmp.h | |||
@@ -227,7 +227,7 @@ enum | |||
227 | LINUX_MIB_XFRMINNOSTATES, /* XfrmInNoStates */ | 227 | LINUX_MIB_XFRMINNOSTATES, /* XfrmInNoStates */ |
228 | LINUX_MIB_XFRMINSTATEPROTOERROR, /* XfrmInStateProtoError */ | 228 | LINUX_MIB_XFRMINSTATEPROTOERROR, /* XfrmInStateProtoError */ |
229 | LINUX_MIB_XFRMINSTATEMODEERROR, /* XfrmInStateModeError */ | 229 | LINUX_MIB_XFRMINSTATEMODEERROR, /* XfrmInStateModeError */ |
230 | LINUX_MIB_XFRMINSEQOUTOFWINDOW, /* XfrmInSeqOutOfWindow */ | 230 | LINUX_MIB_XFRMINSTATESEQERROR, /* XfrmInStateSeqError */ |
231 | LINUX_MIB_XFRMINSTATEEXPIRED, /* XfrmInStateExpired */ | 231 | LINUX_MIB_XFRMINSTATEEXPIRED, /* XfrmInStateExpired */ |
232 | LINUX_MIB_XFRMINSTATEMISMATCH, /* XfrmInStateMismatch */ | 232 | LINUX_MIB_XFRMINSTATEMISMATCH, /* XfrmInStateMismatch */ |
233 | LINUX_MIB_XFRMINSTATEINVALID, /* XfrmInStateInvalid */ | 233 | LINUX_MIB_XFRMINSTATEINVALID, /* XfrmInStateInvalid */ |
@@ -241,6 +241,7 @@ enum | |||
241 | LINUX_MIB_XFRMOUTNOSTATES, /* XfrmOutNoStates */ | 241 | LINUX_MIB_XFRMOUTNOSTATES, /* XfrmOutNoStates */ |
242 | LINUX_MIB_XFRMOUTSTATEPROTOERROR, /* XfrmOutStateProtoError */ | 242 | LINUX_MIB_XFRMOUTSTATEPROTOERROR, /* XfrmOutStateProtoError */ |
243 | LINUX_MIB_XFRMOUTSTATEMODEERROR, /* XfrmOutStateModeError */ | 243 | LINUX_MIB_XFRMOUTSTATEMODEERROR, /* XfrmOutStateModeError */ |
244 | LINUX_MIB_XFRMOUTSTATESEQERROR, /* XfrmOutStateSeqError */ | ||
244 | LINUX_MIB_XFRMOUTSTATEEXPIRED, /* XfrmOutStateExpired */ | 245 | LINUX_MIB_XFRMOUTSTATEEXPIRED, /* XfrmOutStateExpired */ |
245 | LINUX_MIB_XFRMOUTPOLBLOCK, /* XfrmOutPolBlock */ | 246 | LINUX_MIB_XFRMOUTPOLBLOCK, /* XfrmOutPolBlock */ |
246 | LINUX_MIB_XFRMOUTPOLDEAD, /* XfrmOutPolDead */ | 247 | LINUX_MIB_XFRMOUTPOLDEAD, /* XfrmOutPolDead */ |
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index d32b67a4e0f..4d6ebc633a9 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c | |||
@@ -159,12 +159,12 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) | |||
159 | } | 159 | } |
160 | 160 | ||
161 | if ((x->encap ? x->encap->encap_type : 0) != encap_type) { | 161 | if ((x->encap ? x->encap->encap_type : 0) != encap_type) { |
162 | XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEINVALID); | 162 | XFRM_INC_STATS(LINUX_MIB_XFRMINSTATEMISMATCH); |
163 | goto drop_unlock; | 163 | goto drop_unlock; |
164 | } | 164 | } |
165 | 165 | ||
166 | if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) { | 166 | if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) { |
167 | XFRM_INC_STATS(LINUX_MIB_XFRMINSEQOUTOFWINDOW); | 167 | XFRM_INC_STATS(LINUX_MIB_XFRMINSTATESEQERROR); |
168 | goto drop_unlock; | 168 | goto drop_unlock; |
169 | } | 169 | } |
170 | 170 | ||
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c index f4a1047a557..fc690368325 100644 --- a/net/xfrm/xfrm_output.c +++ b/net/xfrm/xfrm_output.c | |||
@@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err) | |||
64 | if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { | 64 | if (x->type->flags & XFRM_TYPE_REPLAY_PROT) { |
65 | XFRM_SKB_CB(skb)->seq = ++x->replay.oseq; | 65 | XFRM_SKB_CB(skb)->seq = ++x->replay.oseq; |
66 | if (unlikely(x->replay.oseq == 0)) { | 66 | if (unlikely(x->replay.oseq == 0)) { |
67 | XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATESEQERROR); | ||
67 | x->replay.oseq--; | 68 | x->replay.oseq--; |
68 | xfrm_audit_state_replay_overflow(x, skb); | 69 | xfrm_audit_state_replay_overflow(x, skb); |
69 | err = -EOVERFLOW; | 70 | err = -EOVERFLOW; |
diff --git a/net/xfrm/xfrm_proc.c b/net/xfrm/xfrm_proc.c index 31d035415ec..2b0db13f0cd 100644 --- a/net/xfrm/xfrm_proc.c +++ b/net/xfrm/xfrm_proc.c | |||
@@ -22,7 +22,7 @@ static struct snmp_mib xfrm_mib_list[] = { | |||
22 | SNMP_MIB_ITEM("XfrmInNoStates", LINUX_MIB_XFRMINNOSTATES), | 22 | SNMP_MIB_ITEM("XfrmInNoStates", LINUX_MIB_XFRMINNOSTATES), |
23 | SNMP_MIB_ITEM("XfrmInStateProtoError", LINUX_MIB_XFRMINSTATEPROTOERROR), | 23 | SNMP_MIB_ITEM("XfrmInStateProtoError", LINUX_MIB_XFRMINSTATEPROTOERROR), |
24 | SNMP_MIB_ITEM("XfrmInStateModeError", LINUX_MIB_XFRMINSTATEMODEERROR), | 24 | SNMP_MIB_ITEM("XfrmInStateModeError", LINUX_MIB_XFRMINSTATEMODEERROR), |
25 | SNMP_MIB_ITEM("XfrmInSeqOutOfWindow", LINUX_MIB_XFRMINSEQOUTOFWINDOW), | 25 | SNMP_MIB_ITEM("XfrmInStateSeqError", LINUX_MIB_XFRMINSTATESEQERROR), |
26 | SNMP_MIB_ITEM("XfrmInStateExpired", LINUX_MIB_XFRMINSTATEEXPIRED), | 26 | SNMP_MIB_ITEM("XfrmInStateExpired", LINUX_MIB_XFRMINSTATEEXPIRED), |
27 | SNMP_MIB_ITEM("XfrmInStateMismatch", LINUX_MIB_XFRMINSTATEMISMATCH), | 27 | SNMP_MIB_ITEM("XfrmInStateMismatch", LINUX_MIB_XFRMINSTATEMISMATCH), |
28 | SNMP_MIB_ITEM("XfrmInStateInvalid", LINUX_MIB_XFRMINSTATEINVALID), | 28 | SNMP_MIB_ITEM("XfrmInStateInvalid", LINUX_MIB_XFRMINSTATEINVALID), |
@@ -36,6 +36,7 @@ static struct snmp_mib xfrm_mib_list[] = { | |||
36 | SNMP_MIB_ITEM("XfrmOutNoStates", LINUX_MIB_XFRMOUTNOSTATES), | 36 | SNMP_MIB_ITEM("XfrmOutNoStates", LINUX_MIB_XFRMOUTNOSTATES), |
37 | SNMP_MIB_ITEM("XfrmOutStateProtoError", LINUX_MIB_XFRMOUTSTATEPROTOERROR), | 37 | SNMP_MIB_ITEM("XfrmOutStateProtoError", LINUX_MIB_XFRMOUTSTATEPROTOERROR), |
38 | SNMP_MIB_ITEM("XfrmOutStateModeError", LINUX_MIB_XFRMOUTSTATEMODEERROR), | 38 | SNMP_MIB_ITEM("XfrmOutStateModeError", LINUX_MIB_XFRMOUTSTATEMODEERROR), |
39 | SNMP_MIB_ITEM("XfrmOutStateSeqError", LINUX_MIB_XFRMOUTSTATESEQERROR), | ||
39 | SNMP_MIB_ITEM("XfrmOutStateExpired", LINUX_MIB_XFRMOUTSTATEEXPIRED), | 40 | SNMP_MIB_ITEM("XfrmOutStateExpired", LINUX_MIB_XFRMOUTSTATEEXPIRED), |
40 | SNMP_MIB_ITEM("XfrmOutPolBlock", LINUX_MIB_XFRMOUTPOLBLOCK), | 41 | SNMP_MIB_ITEM("XfrmOutPolBlock", LINUX_MIB_XFRMOUTPOLBLOCK), |
41 | SNMP_MIB_ITEM("XfrmOutPolDead", LINUX_MIB_XFRMOUTPOLDEAD), | 42 | SNMP_MIB_ITEM("XfrmOutPolDead", LINUX_MIB_XFRMOUTPOLDEAD), |