From 2d60c60344301c53291fa442b13aaf17dd92e18a Mon Sep 17 00:00:00 2001
From: Masahide NAKAMURA <nakam@linux-ipv6.org>
Date: Mon, 28 May 2007 12:25:48 +0900
Subject: [PATCH] [PATCH] [XFRM]: Error statistics support.

This statistics is shown as /proc/net/xfrm/stats about transformation
error (or almost error) factor at packet processing for developer.
It is not a SNMP/MIB specification but a counter designed from
current transformation source code.

- Inbound errors
XfrmInError               - all errors which is not matched others
XfrmInBufferError         - no buffer is left
XfrmInHdrError            - header error
XfrmInNoStates            - no state is found
XfrmInStateProtoError     - error at transformation protocol
XfrmInStateModeError      - error at transformation mode
XfrmInSeqOutOfWindow      - sequence out of window
XfrmInStateExpired        - state is expired
XfrmInStateMismatch       - state has mismatch option
XfrmInStateInvalid        - state is invalid
XfrmInTmplMismatch        - no matching template for states
XfrmInNoPols              - no policy is found for states
XfrmInPolBlock            - policy discards
XfrmInPolError            - policy error

- Outbound errors
XfrmOutError              - all errors which is not matched others
XfrmOutLengthError        - length error
XfrmOutBundleError        - error at bundle
XfrmOutNoStates           - no state is found
XfrmOutStateProtoError    - error at transformation protocol
XfrmOutStateModeError     - error at transformation mode
XfrmOutStateExpired       - state expired
XfrmOutPolBlock           - policy discards
XfrmOutPolError           - policy error

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
---
 include/linux/snmp.h   |   30 +++++++++++++++++
 include/net/snmp.h     |    8 ++++-
 include/net/xfrm.h     |   11 ++++++
 net/xfrm/xfrm_policy.c |   40 +++++++++++++++++++++++
 net/xfrm/xfrm_proc.c   |   84 ++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 172 insertions(+), 1 deletions(-)

diff --git a/include/linux/snmp.h b/include/linux/snmp.h
index 802b3a3..5cc1e84 100644
--- a/include/linux/snmp.h
+++ b/include/linux/snmp.h
@@ -234,4 +234,34 @@ enum
 	__LINUX_MIB_MAX
 };
 
+/* xfrm mib definitions */
+enum
+{
+	XFRM_MIB_NUM = 0,
+	XFRM_MIB_INERROR,		/* XfrmInError */
+	XFRM_MIB_INBUFFERERROR,		/* XfrmInBufferError */
+	XFRM_MIB_INHDRERROR,		/* XfrmInHdrError */
+	XFRM_MIB_INNOSTATES,		/* XfrmInNoStates */
+	XFRM_MIB_INSTATEPROTOERROR,	/* XfrmInStateProtoError */
+	XFRM_MIB_INSTATEMODEERROR,	/* XfrmInStateModeError */
+	XFRM_MIB_INSEQOUTOFWINDOW,	/* XfrmInSeqOutOfWindow */
+	XFRM_MIB_INSTATEEXPIRED,	/* XfrmInStateExpired */
+	XFRM_MIB_INSTATEMISMATCH,	/* XfrmInStateMismatch */
+	XFRM_MIB_INSTATEINVALID,	/* XfrmInStateInvalid */
+	XFRM_MIB_INTMPLMISMATCH,	/* XfrmInTmplMismatch */
+	XFRM_MIB_INNOPOLS,		/* XfrmInNoPols */
+	XFRM_MIB_INPOLBLOCK,		/* XfrmInPolBlock */
+	XFRM_MIB_INPOLERROR,		/* XfrmInPolError */
+	XFRM_MIB_OUTERROR,		/* XfrmOutError */
+	XFRM_MIB_OUTLENGTHERROR,	/* XfrmOutLengthError */
+	XFRM_MIB_OUTBUNDLEERROR,	/* XfrmOutBundleError */
+	XFRM_MIB_OUTNOSTATES,		/* XfrmOutNoStates */
+	XFRM_MIB_OUTSTATEPROTOERROR,	/* XfrmOutStateProtoError */
+	XFRM_MIB_OUTSTATEMODEERROR,	/* XfrmOutStateModeError */
+	XFRM_MIB_OUTSTATEEXPIRED,	/* XfrmOutStateExpired */
+	XFRM_MIB_OUTPOLBLOCK,		/* XfrmOutPolBlock */
+	XFRM_MIB_OUTPOLERROR,		/* XfrmOutPolError */
+	__XFRM_MIB_MAX
+};
+
 #endif	/* _LINUX_SNMP_H */
diff --git a/include/net/snmp.h b/include/net/snmp.h
index 464970e..a4519e9 100644
--- a/include/net/snmp.h
+++ b/include/net/snmp.h
@@ -106,8 +106,14 @@ struct linux_mib {
 	unsigned long	mibs[LINUX_MIB_MAX];
 };
 
+/* Xfrm */
+#define XFRM_MIB_MAX	__XFRM_MIB_MAX
+struct xfrm_mib {
+	unsigned long	mibs[XFRM_MIB_MAX];
+};
 
-/* 
+
+/*
  * FIXME: On x86 and some other CPUs the split into user and softirq parts
  * is not needed because addl $1,memory is atomic against interrupts (but 
  * atomic_inc would be overkill because of the lock cycles). Wants new 
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index f7dc2df..3f09a44 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -33,6 +33,17 @@ #define MODULE_ALIAS_XFRM_MODE(family, e
 #define MODULE_ALIAS_XFRM_TYPE(family, proto) \
 	MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))
 
+#ifdef CONFIG_XFRM_STATISTICS
+DECLARE_SNMP_STAT(struct xfrm_mib, xfrm_statistics);
+#define XFRM_INC_STATS(field)		SNMP_INC_STATS(xfrm_statistics, field)
+#define XFRM_INC_STATS_BH(field)	SNMP_INC_STATS_BH(xfrm_statistics, field)
+#define XFRM_INC_STATS_USER(field) 	SNMP_INC_STATS_USER(xfrm_statistics, field)
+#else
+#define XFRM_INC_STATS(field)
+#define XFRM_INC_STATS_BH(field)
+#define XFRM_INC_STATS_USER(field)
+#endif
+
 extern struct sock *xfrm_nl;
 extern u32 sysctl_xfrm_aevent_etime;
 extern u32 sysctl_xfrm_aevent_rseqth;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 727622d..ff95782 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2268,6 +2268,43 @@ void xfrm_audit_log(uid_t auid, u32 sid,
 EXPORT_SYMBOL(xfrm_audit_log);
 #endif /* CONFIG_AUDITSYSCALL */
 
+#ifdef CONFIG_XFRM_STATISTICS
+#include <net/snmp.h>
+
+DEFINE_SNMP_STAT(struct xfrm_mib, xfrm_statistics) __read_mostly;
+EXPORT_SYMBOL(xfrm_statistics);
+
+static int xfrm_statistics_init(void)
+{
+	xfrm_statistics[0] = alloc_percpu(struct xfrm_mib);
+	if (!xfrm_statistics[0])
+		goto err0;
+
+	xfrm_statistics[1] = alloc_percpu(struct xfrm_mib);
+	if (!xfrm_statistics[1])
+		goto err1;
+
+	return 0;
+
+err1:
+	free_percpu(xfrm_statistics[0]);
+	xfrm_statistics[0] = NULL;
+err0:
+	return -ENOMEM;
+}
+
+#if 0
+static void xfrm_statistics_cleanup(void)
+{
+	if (xfrm_statistics[0])
+		free_percpu(xfrm_statistics[0]);
+	if (xfrm_statistics[1])
+		free_percpu(xfrm_statistics[1]);
+	xfrm_statistics[0] = xfrm_statistics[1] = NULL;
+}
+#endif
+#endif
+
 int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
 {
 	int err = 0;
@@ -2408,6 +2445,9 @@ static void __init xfrm_policy_init(void
 
 void __init xfrm_init(void)
 {
+#ifdef CONFIG_XFRM_STATISTICS
+	xfrm_statistics_init();
+#endif
 	xfrm_state_init();
 	xfrm_policy_init();
 	xfrm_input_init();
diff --git a/net/xfrm/xfrm_proc.c b/net/xfrm/xfrm_proc.c
index 598f433..a5d170d 100644
--- a/net/xfrm/xfrm_proc.c
+++ b/net/xfrm/xfrm_proc.c
@@ -33,6 +33,76 @@ #endif
 
 #ifdef CONFIG_PROC_FS
 
+#ifdef CONFIG_XFRM_STATISTICS
+#include <net/snmp.h>
+
+static struct snmp_mib xfrm_mib_list[] = {
+	SNMP_MIB_ITEM("XfrmInError", XFRM_MIB_INERROR),
+	SNMP_MIB_ITEM("XfrmInBufferError", XFRM_MIB_INBUFFERERROR),
+	SNMP_MIB_ITEM("XfrmInHdrError", XFRM_MIB_INHDRERROR),
+	SNMP_MIB_ITEM("XfrmInNoStates", XFRM_MIB_INNOSTATES),
+	SNMP_MIB_ITEM("XfrmInStateProtoError", XFRM_MIB_INSTATEPROTOERROR),
+	SNMP_MIB_ITEM("XfrmInStateModeError", XFRM_MIB_INSTATEMODEERROR),
+	SNMP_MIB_ITEM("XfrmInSeqOutOfWindow", XFRM_MIB_INSEQOUTOFWINDOW),
+	SNMP_MIB_ITEM("XfrmInStateExpired", XFRM_MIB_INSTATEEXPIRED),
+	SNMP_MIB_ITEM("XfrmInStateMismatch", XFRM_MIB_INSTATEMISMATCH),
+	SNMP_MIB_ITEM("XfrmInStateInvalid", XFRM_MIB_INSTATEINVALID),
+	SNMP_MIB_ITEM("XfrmInTmplMismatch", XFRM_MIB_INTMPLMISMATCH),
+	SNMP_MIB_ITEM("XfrmInNoPols", XFRM_MIB_INNOPOLS),
+	SNMP_MIB_ITEM("XfrmInPolBlock", XFRM_MIB_INPOLBLOCK),
+	SNMP_MIB_ITEM("XfrmInPolError", XFRM_MIB_INPOLERROR),
+	SNMP_MIB_ITEM("XfrmOutError", XFRM_MIB_OUTERROR),
+	SNMP_MIB_ITEM("XfrmOutLengthError", XFRM_MIB_OUTLENGTHERROR),
+	SNMP_MIB_ITEM("XfrmOutBundleError", XFRM_MIB_OUTBUNDLEERROR),
+	SNMP_MIB_ITEM("XfrmOutNoStates", XFRM_MIB_OUTNOSTATES),
+	SNMP_MIB_ITEM("XfrmOutStateProtoError", XFRM_MIB_OUTSTATEPROTOERROR),
+	SNMP_MIB_ITEM("XfrmOutStateModeError", XFRM_MIB_OUTSTATEMODEERROR),
+	SNMP_MIB_ITEM("XfrmOutStateExpired", XFRM_MIB_OUTSTATEEXPIRED),
+	SNMP_MIB_ITEM("XfrmOutPolBlock", XFRM_MIB_OUTPOLBLOCK),
+	SNMP_MIB_ITEM("XfrmOutPolError", XFRM_MIB_OUTPOLERROR),
+	SNMP_MIB_SENTINEL
+};
+
+static unsigned long
+fold_field(void *mib[], int offt)
+{
+        unsigned long res = 0;
+        int i;
+
+        for_each_possible_cpu(i) {
+                res += *(((unsigned long *)per_cpu_ptr(mib[0], i)) + offt);
+                res += *(((unsigned long *)per_cpu_ptr(mib[1], i)) + offt);
+        }
+        return res;
+}
+
+static int xfrm_statistics_seq_show(struct seq_file *seq, void *v)
+{
+	int i;
+	for (i=0; xfrm_mib_list[i].name; i++)
+		seq_printf(seq, "%-24s\t%lu\n", xfrm_mib_list[i].name,
+			   fold_field((void **)xfrm_statistics,
+				      xfrm_mib_list[i].entry));
+	return 0;
+}
+
+static int xfrm_statistics_seq_open(struct inode *inode, struct file *file)
+{
+	return single_open(file, xfrm_statistics_seq_show, NULL);
+}
+
+static struct file_operations proc_net_xfrm_stats_seq_fops = {
+	.owner	 = THIS_MODULE,
+	.open	 = xfrm_statistics_seq_open,
+	.read	 = seq_read,
+	.llseek	 = seq_lseek,
+	.release = single_release,
+};
+
+static struct proc_dir_entry *proc_net_xfrm_stats;
+
+#endif /* CONFIG_XFRM_STATISTICS */
+
 #ifdef ENABLE_NEIGHBOR
 static int __xfrm_bundle_neigh_show(struct seq_file *seq, struct neighbour *n)
 {
@@ -265,9 +335,22 @@ int __init xfrm_proc_init(void)
 
 	proc_net_xfrm_bundle->proc_fops = &proc_net_xfrm_bundle_seq_fops;
 
+#ifdef CONFIG_XFRM_STATISTICS
+	proc_net_xfrm_stats = create_proc_entry("stats", S_IRUGO,
+						proc_net_xfrm);
+	if (!proc_net_xfrm_stats)
+		goto proc_net_xfrm_stats_fail;
+
+	proc_net_xfrm_stats->proc_fops = &proc_net_xfrm_stats_seq_fops;
+#endif
+
  out:
 	return rc;
 
+#ifdef CONFIG_XFRM_STATISTICS
+ proc_net_xfrm_stats_fail:
+	remove_proc_entry("bundle", proc_net_xfrm);
+#endif
  proc_net_xfrm_bundle_fail:
 	remove_proc_entry("xfrm", proc_net);
  proc_net_xfrm_fail:
@@ -278,6 +361,7 @@ int __init xfrm_proc_init(void)
 #if 0
 void xfrm_proc_exit(void)
 {
+	remove_proc_entry("stats", proc_net_xfrm);
 	remove_proc_entry("bundle", proc_net_xfrm);
 	remove_proc_entry("xfrm", proc_net);
 }
-- 
1.4.3.GIT