aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Documentation/networking/xfrm_proc.txt71
-rw-r--r--include/linux/snmp.h31
-rw-r--r--include/net/snmp.h5
-rw-r--r--include/net/xfrm.h18
-rw-r--r--net/xfrm/Makefile1
-rw-r--r--net/xfrm/xfrm_policy.c24
-rw-r--r--net/xfrm/xfrm_proc.c96
7 files changed, 246 insertions, 0 deletions
diff --git a/Documentation/networking/xfrm_proc.txt b/Documentation/networking/xfrm_proc.txt
new file mode 100644
index 000000000000..ec9045b5c34a
--- /dev/null
+++ b/Documentation/networking/xfrm_proc.txt
@@ -0,0 +1,71 @@
1XFRM proc - /proc/net/xfrm_* files
2==================================
3Masahide NAKAMURA <nakam@linux-ipv6.org>
4
5
6Transformation Statistics
7-------------------------
8xfrm_proc is a statistics shown factor dropped by transformation
9for developer.
10It is a counter designed from current transformation source code
11and defined like linux private MIB.
12
13Inbound statistics
14~~~~~~~~~~~~~~~~~~
15XfrmInError:
16 All errors which is not matched others
17XfrmInBufferError:
18 No buffer is left
19XfrmInHdrError:
20 Header error
21XfrmInNoStates:
22 No state is found
23 i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong
24XfrmInStateProtoError:
25 Transformation protocol specific error
26 e.g. SA key is wrong
27XfrmInStateModeError:
28 Transformation mode specific error
29XfrmInSeqOutOfWindow:
30 Sequence out of window
31XfrmInStateExpired:
32 State is expired
33XfrmInStateMismatch:
34 State has mismatch option
35 e.g. UDP encapsulation type is mismatch
36XfrmInStateInvalid:
37 State is invalid
38XfrmInTmplMismatch:
39 No matching template for states
40 e.g. Inbound SAs are correct but SP rule is wrong
41XfrmInNoPols:
42 No policy is found for states
43 e.g. Inbound SAs are correct but no SP is found
44XfrmInPolBlock:
45 Policy discards
46XfrmInPolError:
47 Policy error
48
49Outbound errors
50~~~~~~~~~~~~~~~
51XfrmOutError:
52 All errors which is not matched others
53XfrmOutBundleGenError:
54 Bundle generation error
55XfrmOutBundleCheckError:
56 Bundle check error
57XfrmOutNoStates:
58 No state is found
59XfrmOutStateProtoError:
60 Transformation protocol specific error
61XfrmOutStateModeError:
62 Transformation mode specific error
63 e.g. Outer header space is not enough
64XfrmOutStateExpired:
65 State is expired
66XfrmOutPolBlock:
67 Policy discards
68XfrmOutPolDead:
69 Policy is dead
70XfrmOutPolError:
71 Policy error
diff --git a/include/linux/snmp.h b/include/linux/snmp.h
index 89f0c2b5f405..86d3effb2836 100644
--- a/include/linux/snmp.h
+++ b/include/linux/snmp.h
@@ -217,4 +217,35 @@ enum
217 __LINUX_MIB_MAX 217 __LINUX_MIB_MAX
218}; 218};
219 219
220/* linux Xfrm mib definitions */
221enum
222{
223 LINUX_MIB_XFRMNUM = 0,
224 LINUX_MIB_XFRMINERROR, /* XfrmInError */
225 LINUX_MIB_XFRMINBUFFERERROR, /* XfrmInBufferError */
226 LINUX_MIB_XFRMINHDRERROR, /* XfrmInHdrError */
227 LINUX_MIB_XFRMINNOSTATES, /* XfrmInNoStates */
228 LINUX_MIB_XFRMINSTATEPROTOERROR, /* XfrmInStateProtoError */
229 LINUX_MIB_XFRMINSTATEMODEERROR, /* XfrmInStateModeError */
230 LINUX_MIB_XFRMINSEQOUTOFWINDOW, /* XfrmInSeqOutOfWindow */
231 LINUX_MIB_XFRMINSTATEEXPIRED, /* XfrmInStateExpired */
232 LINUX_MIB_XFRMINSTATEMISMATCH, /* XfrmInStateMismatch */
233 LINUX_MIB_XFRMINSTATEINVALID, /* XfrmInStateInvalid */
234 LINUX_MIB_XFRMINTMPLMISMATCH, /* XfrmInTmplMismatch */
235 LINUX_MIB_XFRMINNOPOLS, /* XfrmInNoPols */
236 LINUX_MIB_XFRMINPOLBLOCK, /* XfrmInPolBlock */
237 LINUX_MIB_XFRMINPOLERROR, /* XfrmInPolError */
238 LINUX_MIB_XFRMOUTERROR, /* XfrmOutError */
239 LINUX_MIB_XFRMOUTBUNDLEGENERROR, /* XfrmOutBundleGenError */
240 LINUX_MIB_XFRMOUTBUNDLECHECKERROR, /* XfrmOutBundleCheckError */
241 LINUX_MIB_XFRMOUTNOSTATES, /* XfrmOutNoStates */
242 LINUX_MIB_XFRMOUTSTATEPROTOERROR, /* XfrmOutStateProtoError */
243 LINUX_MIB_XFRMOUTSTATEMODEERROR, /* XfrmOutStateModeError */
244 LINUX_MIB_XFRMOUTSTATEEXPIRED, /* XfrmOutStateExpired */
245 LINUX_MIB_XFRMOUTPOLBLOCK, /* XfrmOutPolBlock */
246 LINUX_MIB_XFRMOUTPOLDEAD, /* XfrmOutPolDead */
247 LINUX_MIB_XFRMOUTPOLERROR, /* XfrmOutPolError */
248 __LINUX_MIB_XFRMMAX
249};
250
220#endif /* _LINUX_SNMP_H */ 251#endif /* _LINUX_SNMP_H */
diff --git a/include/net/snmp.h b/include/net/snmp.h
index fbb66663a42c..ce2f48507510 100644
--- a/include/net/snmp.h
+++ b/include/net/snmp.h
@@ -118,6 +118,11 @@ struct linux_mib {
118 unsigned long mibs[LINUX_MIB_MAX]; 118 unsigned long mibs[LINUX_MIB_MAX];
119}; 119};
120 120
121/* Linux Xfrm */
122#define LINUX_MIB_XFRMMAX __LINUX_MIB_XFRMMAX
123struct linux_xfrm_mib {
124 unsigned long mibs[LINUX_MIB_XFRMMAX];
125};
121 126
122/* 127/*
123 * FIXME: On x86 and some other CPUs the split into user and softirq parts 128 * FIXME: On x86 and some other CPUs the split into user and softirq parts
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index eea1c327c93e..a79702bcdcd0 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -19,6 +19,9 @@
19#include <net/route.h> 19#include <net/route.h>
20#include <net/ipv6.h> 20#include <net/ipv6.h>
21#include <net/ip6_fib.h> 21#include <net/ip6_fib.h>
22#ifdef CONFIG_XFRM_STATISTICS
23#include <net/snmp.h>
24#endif
22 25
23#define XFRM_PROTO_ESP 50 26#define XFRM_PROTO_ESP 50
24#define XFRM_PROTO_AH 51 27#define XFRM_PROTO_AH 51
@@ -34,6 +37,17 @@
34#define MODULE_ALIAS_XFRM_TYPE(family, proto) \ 37#define MODULE_ALIAS_XFRM_TYPE(family, proto) \
35 MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto)) 38 MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))
36 39
40#ifdef CONFIG_XFRM_STATISTICS
41DECLARE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics);
42#define XFRM_INC_STATS(field) SNMP_INC_STATS(xfrm_statistics, field)
43#define XFRM_INC_STATS_BH(field) SNMP_INC_STATS_BH(xfrm_statistics, field)
44#define XFRM_INC_STATS_USER(field) SNMP_INC_STATS_USER(xfrm_statistics, field)
45#else
46#define XFRM_INC_STATS(field)
47#define XFRM_INC_STATS_BH(field)
48#define XFRM_INC_STATS_USER(field)
49#endif
50
37extern struct sock *xfrm_nl; 51extern struct sock *xfrm_nl;
38extern u32 sysctl_xfrm_aevent_etime; 52extern u32 sysctl_xfrm_aevent_etime;
39extern u32 sysctl_xfrm_aevent_rseqth; 53extern u32 sysctl_xfrm_aevent_rseqth;
@@ -1139,6 +1153,10 @@ static inline void xfrm6_fini(void)
1139} 1153}
1140#endif 1154#endif
1141 1155
1156#ifdef CONFIG_XFRM_STATISTICS
1157extern int xfrm_proc_init(void);
1158#endif
1159
1142extern int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*), void *); 1160extern int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*), void *);
1143extern struct xfrm_state *xfrm_state_alloc(void); 1161extern struct xfrm_state *xfrm_state_alloc(void);
1144extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, 1162extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
diff --git a/net/xfrm/Makefile b/net/xfrm/Makefile
index 45744a3d3a51..332cfb0ff566 100644
--- a/net/xfrm/Makefile
+++ b/net/xfrm/Makefile
@@ -4,5 +4,6 @@
4 4
5obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \ 5obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
6 xfrm_input.o xfrm_output.o xfrm_algo.o 6 xfrm_input.o xfrm_output.o xfrm_algo.o
7obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o
7obj-$(CONFIG_XFRM_USER) += xfrm_user.o 8obj-$(CONFIG_XFRM_USER) += xfrm_user.o
8 9
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 521cb6e12561..32ddb7b12e7f 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -27,11 +27,19 @@
27#include <net/dst.h> 27#include <net/dst.h>
28#include <net/xfrm.h> 28#include <net/xfrm.h>
29#include <net/ip.h> 29#include <net/ip.h>
30#ifdef CONFIG_XFRM_STATISTICS
31#include <net/snmp.h>
32#endif
30 33
31#include "xfrm_hash.h" 34#include "xfrm_hash.h"
32 35
33int sysctl_xfrm_larval_drop __read_mostly; 36int sysctl_xfrm_larval_drop __read_mostly;
34 37
38#ifdef CONFIG_XFRM_STATISTICS
39DEFINE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics) __read_mostly;
40EXPORT_SYMBOL(xfrm_statistics);
41#endif
42
35DEFINE_MUTEX(xfrm_cfg_mutex); 43DEFINE_MUTEX(xfrm_cfg_mutex);
36EXPORT_SYMBOL(xfrm_cfg_mutex); 44EXPORT_SYMBOL(xfrm_cfg_mutex);
37 45
@@ -2258,6 +2266,16 @@ static struct notifier_block xfrm_dev_notifier = {
2258 0 2266 0
2259}; 2267};
2260 2268
2269#ifdef CONFIG_XFRM_STATISTICS
2270static int __init xfrm_statistics_init(void)
2271{
2272 if (snmp_mib_init((void **)xfrm_statistics,
2273 sizeof(struct linux_xfrm_mib)) < 0)
2274 return -ENOMEM;
2275 return 0;
2276}
2277#endif
2278
2261static void __init xfrm_policy_init(void) 2279static void __init xfrm_policy_init(void)
2262{ 2280{
2263 unsigned int hmask, sz; 2281 unsigned int hmask, sz;
@@ -2294,9 +2312,15 @@ static void __init xfrm_policy_init(void)
2294 2312
2295void __init xfrm_init(void) 2313void __init xfrm_init(void)
2296{ 2314{
2315#ifdef CONFIG_XFRM_STATISTICS
2316 xfrm_statistics_init();
2317#endif
2297 xfrm_state_init(); 2318 xfrm_state_init();
2298 xfrm_policy_init(); 2319 xfrm_policy_init();
2299 xfrm_input_init(); 2320 xfrm_input_init();
2321#ifdef CONFIG_XFRM_STATISTICS
2322 xfrm_proc_init();
2323#endif
2300} 2324}
2301 2325
2302#ifdef CONFIG_AUDITSYSCALL 2326#ifdef CONFIG_AUDITSYSCALL
diff --git a/net/xfrm/xfrm_proc.c b/net/xfrm/xfrm_proc.c
new file mode 100644
index 000000000000..31d035415ecd
--- /dev/null
+++ b/net/xfrm/xfrm_proc.c
@@ -0,0 +1,96 @@
1/*
2 * xfrm_proc.c
3 *
4 * Copyright (C)2006-2007 USAGI/WIDE Project
5 *
6 * Authors: Masahide NAKAMURA <nakam@linux-ipv6.org>
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version
11 * 2 of the License, or (at your option) any later version.
12 */
13#include <linux/proc_fs.h>
14#include <linux/seq_file.h>
15#include <net/snmp.h>
16#include <net/xfrm.h>
17
18static struct snmp_mib xfrm_mib_list[] = {
19 SNMP_MIB_ITEM("XfrmInError", LINUX_MIB_XFRMINERROR),
20 SNMP_MIB_ITEM("XfrmInBufferError", LINUX_MIB_XFRMINBUFFERERROR),
21 SNMP_MIB_ITEM("XfrmInHdrError", LINUX_MIB_XFRMINHDRERROR),
22 SNMP_MIB_ITEM("XfrmInNoStates", LINUX_MIB_XFRMINNOSTATES),
23 SNMP_MIB_ITEM("XfrmInStateProtoError", LINUX_MIB_XFRMINSTATEPROTOERROR),
24 SNMP_MIB_ITEM("XfrmInStateModeError", LINUX_MIB_XFRMINSTATEMODEERROR),
25 SNMP_MIB_ITEM("XfrmInSeqOutOfWindow", LINUX_MIB_XFRMINSEQOUTOFWINDOW),
26 SNMP_MIB_ITEM("XfrmInStateExpired", LINUX_MIB_XFRMINSTATEEXPIRED),
27 SNMP_MIB_ITEM("XfrmInStateMismatch", LINUX_MIB_XFRMINSTATEMISMATCH),
28 SNMP_MIB_ITEM("XfrmInStateInvalid", LINUX_MIB_XFRMINSTATEINVALID),
29 SNMP_MIB_ITEM("XfrmInTmplMismatch", LINUX_MIB_XFRMINTMPLMISMATCH),
30 SNMP_MIB_ITEM("XfrmInNoPols", LINUX_MIB_XFRMINNOPOLS),
31 SNMP_MIB_ITEM("XfrmInPolBlock", LINUX_MIB_XFRMINPOLBLOCK),
32 SNMP_MIB_ITEM("XfrmInPolError", LINUX_MIB_XFRMINPOLERROR),
33 SNMP_MIB_ITEM("XfrmOutError", LINUX_MIB_XFRMOUTERROR),
34 SNMP_MIB_ITEM("XfrmOutBundleGenError", LINUX_MIB_XFRMOUTBUNDLEGENERROR),
35 SNMP_MIB_ITEM("XfrmOutBundleCheckError", LINUX_MIB_XFRMOUTBUNDLECHECKERROR),
36 SNMP_MIB_ITEM("XfrmOutNoStates", LINUX_MIB_XFRMOUTNOSTATES),
37 SNMP_MIB_ITEM("XfrmOutStateProtoError", LINUX_MIB_XFRMOUTSTATEPROTOERROR),
38 SNMP_MIB_ITEM("XfrmOutStateModeError", LINUX_MIB_XFRMOUTSTATEMODEERROR),
39 SNMP_MIB_ITEM("XfrmOutStateExpired", LINUX_MIB_XFRMOUTSTATEEXPIRED),
40 SNMP_MIB_ITEM("XfrmOutPolBlock", LINUX_MIB_XFRMOUTPOLBLOCK),
41 SNMP_MIB_ITEM("XfrmOutPolDead", LINUX_MIB_XFRMOUTPOLDEAD),
42 SNMP_MIB_ITEM("XfrmOutPolError", LINUX_MIB_XFRMOUTPOLERROR),
43 SNMP_MIB_SENTINEL
44};
45
46static unsigned long
47fold_field(void *mib[], int offt)
48{
49 unsigned long res = 0;
50 int i;
51
52 for_each_possible_cpu(i) {
53 res += *(((unsigned long *)per_cpu_ptr(mib[0], i)) + offt);
54 res += *(((unsigned long *)per_cpu_ptr(mib[1], i)) + offt);
55 }
56 return res;
57}
58
59static int xfrm_statistics_seq_show(struct seq_file *seq, void *v)
60{
61 int i;
62 for (i=0; xfrm_mib_list[i].name; i++)
63 seq_printf(seq, "%-24s\t%lu\n", xfrm_mib_list[i].name,
64 fold_field((void **)xfrm_statistics,
65 xfrm_mib_list[i].entry));
66 return 0;
67}
68
69static int xfrm_statistics_seq_open(struct inode *inode, struct file *file)
70{
71 return single_open(file, xfrm_statistics_seq_show, NULL);
72}
73
74static struct file_operations xfrm_statistics_seq_fops = {
75 .owner = THIS_MODULE,
76 .open = xfrm_statistics_seq_open,
77 .read = seq_read,
78 .llseek = seq_lseek,
79 .release = single_release,
80};
81
82int __init xfrm_proc_init(void)
83{
84 int rc = 0;
85
86 if (!proc_net_fops_create(&init_net, "xfrm_stat", S_IRUGO,
87 &xfrm_statistics_seq_fops))
88 goto stat_fail;
89
90 out:
91 return rc;
92
93 stat_fail:
94 rc = -ENOMEM;
95 goto out;
96}