On Tue, 9 Oct 2018, [email protected] wrote:
]# cat /proc/net/xfrm_stat XfrmInError 0 XfrmInBufferError 0 XfrmInHdrError 0 XfrmInNoStates 2 XfrmInStateProtoError 0 XfrmInStateModeError 0 XfrmInStateSeqError 0 XfrmInStateExpired 0 XfrmInStateMismatch 0 XfrmInStateInvalid 69 XfrmInTmplMismatch 119 XfrmInNoPols 13 XfrmInPolBlock 0 XfrmInPolError 0 XfrmOutError 0 XfrmOutBundleGenError 0 XfrmOutBundleCheckError 0 XfrmOutNoStates 275
anything non-null points to a problem. But these numbers are not reset after you restart libreswan, only when you restart the kernel. A few of those can happen at times during race conditions, but if you do a ping to something that fails these numbers should not increase per ping. Of that happens, there is a real problem since libreswan thinks there is a policy or state and gave it to the kernel but the kernel disagrees. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
