diff options
-rw-r--r-- | Documentation/networking/xfrm_proc.txt | 71 | ||||
-rw-r--r-- | include/linux/snmp.h | 31 | ||||
-rw-r--r-- | include/net/snmp.h | 5 | ||||
-rw-r--r-- | include/net/xfrm.h | 18 | ||||
-rw-r--r-- | net/xfrm/Makefile | 1 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 24 | ||||
-rw-r--r-- | net/xfrm/xfrm_proc.c | 96 |
7 files changed, 246 insertions, 0 deletions
diff --git a/Documentation/networking/xfrm_proc.txt b/Documentation/networking/xfrm_proc.txt new file mode 100644 index 000000000000..ec9045b5c34a --- /dev/null +++ b/Documentation/networking/xfrm_proc.txt | |||
@@ -0,0 +1,71 @@ | |||
1 | XFRM proc - /proc/net/xfrm_* files | ||
2 | ================================== | ||
3 | Masahide NAKAMURA <nakam@linux-ipv6.org> | ||
4 | |||
5 | |||
6 | Transformation Statistics | ||
7 | ------------------------- | ||
8 | xfrm_proc is a statistics shown factor dropped by transformation | ||
9 | for developer. | ||
10 | It is a counter designed from current transformation source code | ||
11 | and defined like linux private MIB. | ||
12 | |||
13 | Inbound statistics | ||
14 | ~~~~~~~~~~~~~~~~~~ | ||
15 | XfrmInError: | ||
16 | All errors which is not matched others | ||
17 | XfrmInBufferError: | ||
18 | No buffer is left | ||
19 | XfrmInHdrError: | ||
20 | Header error | ||
21 | XfrmInNoStates: | ||
22 | No state is found | ||
23 | i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong | ||
24 | XfrmInStateProtoError: | ||
25 | Transformation protocol specific error | ||
26 | e.g. SA key is wrong | ||
27 | XfrmInStateModeError: | ||
28 | Transformation mode specific error | ||
29 | XfrmInSeqOutOfWindow: | ||
30 | Sequence out of window | ||
31 | XfrmInStateExpired: | ||
32 | State is expired | ||
33 | XfrmInStateMismatch: | ||
34 | State has mismatch option | ||
35 | e.g. UDP encapsulation type is mismatch | ||
36 | XfrmInStateInvalid: | ||
37 | State is invalid | ||
38 | XfrmInTmplMismatch: | ||
39 | No matching template for states | ||
40 | e.g. Inbound SAs are correct but SP rule is wrong | ||
41 | XfrmInNoPols: | ||
42 | No policy is found for states | ||
43 | e.g. Inbound SAs are correct but no SP is found | ||
44 | XfrmInPolBlock: | ||
45 | Policy discards | ||
46 | XfrmInPolError: | ||
47 | Policy error | ||
48 | |||
49 | Outbound errors | ||
50 | ~~~~~~~~~~~~~~~ | ||
51 | XfrmOutError: | ||
52 | All errors which is not matched others | ||
53 | XfrmOutBundleGenError: | ||
54 | Bundle generation error | ||
55 | XfrmOutBundleCheckError: | ||
56 | Bundle check error | ||
57 | XfrmOutNoStates: | ||
58 | No state is found | ||
59 | XfrmOutStateProtoError: | ||
60 | Transformation protocol specific error | ||
61 | XfrmOutStateModeError: | ||
62 | Transformation mode specific error | ||
63 | e.g. Outer header space is not enough | ||
64 | XfrmOutStateExpired: | ||
65 | State is expired | ||
66 | XfrmOutPolBlock: | ||
67 | Policy discards | ||
68 | XfrmOutPolDead: | ||
69 | Policy is dead | ||
70 | XfrmOutPolError: | ||
71 | Policy error | ||
diff --git a/include/linux/snmp.h b/include/linux/snmp.h index 89f0c2b5f405..86d3effb2836 100644 --- a/include/linux/snmp.h +++ b/include/linux/snmp.h | |||
@@ -217,4 +217,35 @@ enum | |||
217 | __LINUX_MIB_MAX | 217 | __LINUX_MIB_MAX |
218 | }; | 218 | }; |
219 | 219 | ||
220 | /* linux Xfrm mib definitions */ | ||
221 | enum | ||
222 | { | ||
223 | LINUX_MIB_XFRMNUM = 0, | ||
224 | LINUX_MIB_XFRMINERROR, /* XfrmInError */ | ||
225 | LINUX_MIB_XFRMINBUFFERERROR, /* XfrmInBufferError */ | ||
226 | LINUX_MIB_XFRMINHDRERROR, /* XfrmInHdrError */ | ||
227 | LINUX_MIB_XFRMINNOSTATES, /* XfrmInNoStates */ | ||
228 | LINUX_MIB_XFRMINSTATEPROTOERROR, /* XfrmInStateProtoError */ | ||
229 | LINUX_MIB_XFRMINSTATEMODEERROR, /* XfrmInStateModeError */ | ||
230 | LINUX_MIB_XFRMINSEQOUTOFWINDOW, /* XfrmInSeqOutOfWindow */ | ||
231 | LINUX_MIB_XFRMINSTATEEXPIRED, /* XfrmInStateExpired */ | ||
232 | LINUX_MIB_XFRMINSTATEMISMATCH, /* XfrmInStateMismatch */ | ||
233 | LINUX_MIB_XFRMINSTATEINVALID, /* XfrmInStateInvalid */ | ||
234 | LINUX_MIB_XFRMINTMPLMISMATCH, /* XfrmInTmplMismatch */ | ||
235 | LINUX_MIB_XFRMINNOPOLS, /* XfrmInNoPols */ | ||
236 | LINUX_MIB_XFRMINPOLBLOCK, /* XfrmInPolBlock */ | ||
237 | LINUX_MIB_XFRMINPOLERROR, /* XfrmInPolError */ | ||
238 | LINUX_MIB_XFRMOUTERROR, /* XfrmOutError */ | ||
239 | LINUX_MIB_XFRMOUTBUNDLEGENERROR, /* XfrmOutBundleGenError */ | ||
240 | LINUX_MIB_XFRMOUTBUNDLECHECKERROR, /* XfrmOutBundleCheckError */ | ||
241 | LINUX_MIB_XFRMOUTNOSTATES, /* XfrmOutNoStates */ | ||
242 | LINUX_MIB_XFRMOUTSTATEPROTOERROR, /* XfrmOutStateProtoError */ | ||
243 | LINUX_MIB_XFRMOUTSTATEMODEERROR, /* XfrmOutStateModeError */ | ||
244 | LINUX_MIB_XFRMOUTSTATEEXPIRED, /* XfrmOutStateExpired */ | ||
245 | LINUX_MIB_XFRMOUTPOLBLOCK, /* XfrmOutPolBlock */ | ||
246 | LINUX_MIB_XFRMOUTPOLDEAD, /* XfrmOutPolDead */ | ||
247 | LINUX_MIB_XFRMOUTPOLERROR, /* XfrmOutPolError */ | ||
248 | __LINUX_MIB_XFRMMAX | ||
249 | }; | ||
250 | |||
220 | #endif /* _LINUX_SNMP_H */ | 251 | #endif /* _LINUX_SNMP_H */ |
diff --git a/include/net/snmp.h b/include/net/snmp.h index fbb66663a42c..ce2f48507510 100644 --- a/include/net/snmp.h +++ b/include/net/snmp.h | |||
@@ -118,6 +118,11 @@ struct linux_mib { | |||
118 | unsigned long mibs[LINUX_MIB_MAX]; | 118 | unsigned long mibs[LINUX_MIB_MAX]; |
119 | }; | 119 | }; |
120 | 120 | ||
121 | /* Linux Xfrm */ | ||
122 | #define LINUX_MIB_XFRMMAX __LINUX_MIB_XFRMMAX | ||
123 | struct linux_xfrm_mib { | ||
124 | unsigned long mibs[LINUX_MIB_XFRMMAX]; | ||
125 | }; | ||
121 | 126 | ||
122 | /* | 127 | /* |
123 | * FIXME: On x86 and some other CPUs the split into user and softirq parts | 128 | * FIXME: On x86 and some other CPUs the split into user and softirq parts |
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index eea1c327c93e..a79702bcdcd0 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -19,6 +19,9 @@ | |||
19 | #include <net/route.h> | 19 | #include <net/route.h> |
20 | #include <net/ipv6.h> | 20 | #include <net/ipv6.h> |
21 | #include <net/ip6_fib.h> | 21 | #include <net/ip6_fib.h> |
22 | #ifdef CONFIG_XFRM_STATISTICS | ||
23 | #include <net/snmp.h> | ||
24 | #endif | ||
22 | 25 | ||
23 | #define XFRM_PROTO_ESP 50 | 26 | #define XFRM_PROTO_ESP 50 |
24 | #define XFRM_PROTO_AH 51 | 27 | #define XFRM_PROTO_AH 51 |
@@ -34,6 +37,17 @@ | |||
34 | #define MODULE_ALIAS_XFRM_TYPE(family, proto) \ | 37 | #define MODULE_ALIAS_XFRM_TYPE(family, proto) \ |
35 | MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto)) | 38 | MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto)) |
36 | 39 | ||
40 | #ifdef CONFIG_XFRM_STATISTICS | ||
41 | DECLARE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics); | ||
42 | #define XFRM_INC_STATS(field) SNMP_INC_STATS(xfrm_statistics, field) | ||
43 | #define XFRM_INC_STATS_BH(field) SNMP_INC_STATS_BH(xfrm_statistics, field) | ||
44 | #define XFRM_INC_STATS_USER(field) SNMP_INC_STATS_USER(xfrm_statistics, field) | ||
45 | #else | ||
46 | #define XFRM_INC_STATS(field) | ||
47 | #define XFRM_INC_STATS_BH(field) | ||
48 | #define XFRM_INC_STATS_USER(field) | ||
49 | #endif | ||
50 | |||
37 | extern struct sock *xfrm_nl; | 51 | extern struct sock *xfrm_nl; |
38 | extern u32 sysctl_xfrm_aevent_etime; | 52 | extern u32 sysctl_xfrm_aevent_etime; |
39 | extern u32 sysctl_xfrm_aevent_rseqth; | 53 | extern u32 sysctl_xfrm_aevent_rseqth; |
@@ -1139,6 +1153,10 @@ static inline void xfrm6_fini(void) | |||
1139 | } | 1153 | } |
1140 | #endif | 1154 | #endif |
1141 | 1155 | ||
1156 | #ifdef CONFIG_XFRM_STATISTICS | ||
1157 | extern int xfrm_proc_init(void); | ||
1158 | #endif | ||
1159 | |||
1142 | extern int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*), void *); | 1160 | extern int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*), void *); |
1143 | extern struct xfrm_state *xfrm_state_alloc(void); | 1161 | extern struct xfrm_state *xfrm_state_alloc(void); |
1144 | extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, | 1162 | extern struct xfrm_state *xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, |
diff --git a/net/xfrm/Makefile b/net/xfrm/Makefile index 45744a3d3a51..332cfb0ff566 100644 --- a/net/xfrm/Makefile +++ b/net/xfrm/Makefile | |||
@@ -4,5 +4,6 @@ | |||
4 | 4 | ||
5 | obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \ | 5 | obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \ |
6 | xfrm_input.o xfrm_output.o xfrm_algo.o | 6 | xfrm_input.o xfrm_output.o xfrm_algo.o |
7 | obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o | ||
7 | obj-$(CONFIG_XFRM_USER) += xfrm_user.o | 8 | obj-$(CONFIG_XFRM_USER) += xfrm_user.o |
8 | 9 | ||
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 521cb6e12561..32ddb7b12e7f 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
@@ -27,11 +27,19 @@ | |||
27 | #include <net/dst.h> | 27 | #include <net/dst.h> |
28 | #include <net/xfrm.h> | 28 | #include <net/xfrm.h> |
29 | #include <net/ip.h> | 29 | #include <net/ip.h> |
30 | #ifdef CONFIG_XFRM_STATISTICS | ||
31 | #include <net/snmp.h> | ||
32 | #endif | ||
30 | 33 | ||
31 | #include "xfrm_hash.h" | 34 | #include "xfrm_hash.h" |
32 | 35 | ||
33 | int sysctl_xfrm_larval_drop __read_mostly; | 36 | int sysctl_xfrm_larval_drop __read_mostly; |
34 | 37 | ||
38 | #ifdef CONFIG_XFRM_STATISTICS | ||
39 | DEFINE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics) __read_mostly; | ||
40 | EXPORT_SYMBOL(xfrm_statistics); | ||
41 | #endif | ||
42 | |||
35 | DEFINE_MUTEX(xfrm_cfg_mutex); | 43 | DEFINE_MUTEX(xfrm_cfg_mutex); |
36 | EXPORT_SYMBOL(xfrm_cfg_mutex); | 44 | EXPORT_SYMBOL(xfrm_cfg_mutex); |
37 | 45 | ||
@@ -2258,6 +2266,16 @@ static struct notifier_block xfrm_dev_notifier = { | |||
2258 | 0 | 2266 | 0 |
2259 | }; | 2267 | }; |
2260 | 2268 | ||
2269 | #ifdef CONFIG_XFRM_STATISTICS | ||
2270 | static int __init xfrm_statistics_init(void) | ||
2271 | { | ||
2272 | if (snmp_mib_init((void **)xfrm_statistics, | ||
2273 | sizeof(struct linux_xfrm_mib)) < 0) | ||
2274 | return -ENOMEM; | ||
2275 | return 0; | ||
2276 | } | ||
2277 | #endif | ||
2278 | |||
2261 | static void __init xfrm_policy_init(void) | 2279 | static void __init xfrm_policy_init(void) |
2262 | { | 2280 | { |
2263 | unsigned int hmask, sz; | 2281 | unsigned int hmask, sz; |
@@ -2294,9 +2312,15 @@ static void __init xfrm_policy_init(void) | |||
2294 | 2312 | ||
2295 | void __init xfrm_init(void) | 2313 | void __init xfrm_init(void) |
2296 | { | 2314 | { |
2315 | #ifdef CONFIG_XFRM_STATISTICS | ||
2316 | xfrm_statistics_init(); | ||
2317 | #endif | ||
2297 | xfrm_state_init(); | 2318 | xfrm_state_init(); |
2298 | xfrm_policy_init(); | 2319 | xfrm_policy_init(); |
2299 | xfrm_input_init(); | 2320 | xfrm_input_init(); |
2321 | #ifdef CONFIG_XFRM_STATISTICS | ||
2322 | xfrm_proc_init(); | ||
2323 | #endif | ||
2300 | } | 2324 | } |
2301 | 2325 | ||
2302 | #ifdef CONFIG_AUDITSYSCALL | 2326 | #ifdef CONFIG_AUDITSYSCALL |
diff --git a/net/xfrm/xfrm_proc.c b/net/xfrm/xfrm_proc.c new file mode 100644 index 000000000000..31d035415ecd --- /dev/null +++ b/net/xfrm/xfrm_proc.c | |||
@@ -0,0 +1,96 @@ | |||
1 | /* | ||
2 | * xfrm_proc.c | ||
3 | * | ||
4 | * Copyright (C)2006-2007 USAGI/WIDE Project | ||
5 | * | ||
6 | * Authors: Masahide NAKAMURA <nakam@linux-ipv6.org> | ||
7 | * | ||
8 | * This program is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU General Public License | ||
10 | * as published by the Free Software Foundation; either version | ||
11 | * 2 of the License, or (at your option) any later version. | ||
12 | */ | ||
13 | #include <linux/proc_fs.h> | ||
14 | #include <linux/seq_file.h> | ||
15 | #include <net/snmp.h> | ||
16 | #include <net/xfrm.h> | ||
17 | |||
18 | static struct snmp_mib xfrm_mib_list[] = { | ||
19 | SNMP_MIB_ITEM("XfrmInError", LINUX_MIB_XFRMINERROR), | ||
20 | SNMP_MIB_ITEM("XfrmInBufferError", LINUX_MIB_XFRMINBUFFERERROR), | ||
21 | SNMP_MIB_ITEM("XfrmInHdrError", LINUX_MIB_XFRMINHDRERROR), | ||
22 | SNMP_MIB_ITEM("XfrmInNoStates", LINUX_MIB_XFRMINNOSTATES), | ||
23 | SNMP_MIB_ITEM("XfrmInStateProtoError", LINUX_MIB_XFRMINSTATEPROTOERROR), | ||
24 | SNMP_MIB_ITEM("XfrmInStateModeError", LINUX_MIB_XFRMINSTATEMODEERROR), | ||
25 | SNMP_MIB_ITEM("XfrmInSeqOutOfWindow", LINUX_MIB_XFRMINSEQOUTOFWINDOW), | ||
26 | SNMP_MIB_ITEM("XfrmInStateExpired", LINUX_MIB_XFRMINSTATEEXPIRED), | ||
27 | SNMP_MIB_ITEM("XfrmInStateMismatch", LINUX_MIB_XFRMINSTATEMISMATCH), | ||
28 | SNMP_MIB_ITEM("XfrmInStateInvalid", LINUX_MIB_XFRMINSTATEINVALID), | ||
29 | SNMP_MIB_ITEM("XfrmInTmplMismatch", LINUX_MIB_XFRMINTMPLMISMATCH), | ||
30 | SNMP_MIB_ITEM("XfrmInNoPols", LINUX_MIB_XFRMINNOPOLS), | ||
31 | SNMP_MIB_ITEM("XfrmInPolBlock", LINUX_MIB_XFRMINPOLBLOCK), | ||
32 | SNMP_MIB_ITEM("XfrmInPolError", LINUX_MIB_XFRMINPOLERROR), | ||
33 | SNMP_MIB_ITEM("XfrmOutError", LINUX_MIB_XFRMOUTERROR), | ||
34 | SNMP_MIB_ITEM("XfrmOutBundleGenError", LINUX_MIB_XFRMOUTBUNDLEGENERROR), | ||
35 | SNMP_MIB_ITEM("XfrmOutBundleCheckError", LINUX_MIB_XFRMOUTBUNDLECHECKERROR), | ||
36 | SNMP_MIB_ITEM("XfrmOutNoStates", LINUX_MIB_XFRMOUTNOSTATES), | ||
37 | SNMP_MIB_ITEM("XfrmOutStateProtoError", LINUX_MIB_XFRMOUTSTATEPROTOERROR), | ||
38 | SNMP_MIB_ITEM("XfrmOutStateModeError", LINUX_MIB_XFRMOUTSTATEMODEERROR), | ||
39 | SNMP_MIB_ITEM("XfrmOutStateExpired", LINUX_MIB_XFRMOUTSTATEEXPIRED), | ||
40 | SNMP_MIB_ITEM("XfrmOutPolBlock", LINUX_MIB_XFRMOUTPOLBLOCK), | ||
41 | SNMP_MIB_ITEM("XfrmOutPolDead", LINUX_MIB_XFRMOUTPOLDEAD), | ||
42 | SNMP_MIB_ITEM("XfrmOutPolError", LINUX_MIB_XFRMOUTPOLERROR), | ||
43 | SNMP_MIB_SENTINEL | ||
44 | }; | ||
45 | |||
46 | static unsigned long | ||
47 | fold_field(void *mib[], int offt) | ||
48 | { | ||
49 | unsigned long res = 0; | ||
50 | int i; | ||
51 | |||
52 | for_each_possible_cpu(i) { | ||
53 | res += *(((unsigned long *)per_cpu_ptr(mib[0], i)) + offt); | ||
54 | res += *(((unsigned long *)per_cpu_ptr(mib[1], i)) + offt); | ||
55 | } | ||
56 | return res; | ||
57 | } | ||
58 | |||
59 | static int xfrm_statistics_seq_show(struct seq_file *seq, void *v) | ||
60 | { | ||
61 | int i; | ||
62 | for (i=0; xfrm_mib_list[i].name; i++) | ||
63 | seq_printf(seq, "%-24s\t%lu\n", xfrm_mib_list[i].name, | ||
64 | fold_field((void **)xfrm_statistics, | ||
65 | xfrm_mib_list[i].entry)); | ||
66 | return 0; | ||
67 | } | ||
68 | |||
69 | static int xfrm_statistics_seq_open(struct inode *inode, struct file *file) | ||
70 | { | ||
71 | return single_open(file, xfrm_statistics_seq_show, NULL); | ||
72 | } | ||
73 | |||
74 | static struct file_operations xfrm_statistics_seq_fops = { | ||
75 | .owner = THIS_MODULE, | ||
76 | .open = xfrm_statistics_seq_open, | ||
77 | .read = seq_read, | ||
78 | .llseek = seq_lseek, | ||
79 | .release = single_release, | ||
80 | }; | ||
81 | |||
82 | int __init xfrm_proc_init(void) | ||
83 | { | ||
84 | int rc = 0; | ||
85 | |||
86 | if (!proc_net_fops_create(&init_net, "xfrm_stat", S_IRUGO, | ||
87 | &xfrm_statistics_seq_fops)) | ||
88 | goto stat_fail; | ||
89 | |||
90 | out: | ||
91 | return rc; | ||
92 | |||
93 | stat_fail: | ||
94 | rc = -ENOMEM; | ||
95 | goto out; | ||
96 | } | ||