From 48b9c61d207741aa5b6d8f1c5a23312a533d08fc Mon Sep 17 00:00:00 2001
From: Masahide NAKAMURA <nakam@linux-ipv6.org>
Date: Mon, 5 Feb 2007 13:31:24 +0900
Subject: [PATCH] [XFRM]: Error statistics support.

This statistics is shown as /proc/net/xfrm/stats about transformation
error (or almost error) factor for developer.
It is not a SNMP/MIB specification but a counter designed from
current transformation source code.

- Inbound errors
XfrmInError               - all errors which is not matched others
XfrmInHdrError            - header error
XfrmInStateProtoError     - error at transformation protocol
XfrmInStateModeError      - error at transformation mode
XfrmInSeqOutOfWindow      - sequence out of window
XfrmInStateExpired        - state expired
XfrmInStateInvalid        - state is invalid
XfrmInNoStates            - no state is found
XfrmInTmplMismatch        - no matching template for states
XfrmInPolBlock            - policy discards
XfrmInNoPols              - no policy is found for states

- Outbound errors
XfrmOutError              - all errors which is not matched others
XfrmOutLengthError        - length error
XfrmOutStateProtoError    - error at transformation protocol
XfrmOutStateModeError     - error at transformation mode
XfrmOutStateExpired       - state expired
XfrmOutNoStates           - no state is found
XfrmOutPolBlock           - policy discards
XfrmOutBundleError        - error at bundle

Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
---
 include/linux/snmp.h   |   26 ++++++++++++++++
 include/net/snmp.h     |    8 ++++-
 include/net/xfrm.h     |   11 +++++++
 net/xfrm/xfrm_policy.c |   40 ++++++++++++++++++++++++
 net/xfrm/xfrm_proc.c   |   79 ++++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 163 insertions(+), 1 deletions(-)

diff --git a/include/linux/snmp.h b/include/linux/snmp.h
index 854aa6b..14098de 100644
--- a/include/linux/snmp.h
+++ b/include/linux/snmp.h
@@ -232,4 +232,30 @@ enum
 	__LINUX_MIB_MAX
 };
 
+/* xfrm mib definitions */
+enum
+{
+	XFRM_MIB_NUM = 0,
+	XFRM_MIB_INERROR,		/* XfrmInError */
+	XFRM_MIB_INHDRERROR,		/* XfrmInHdrError */
+	XFRM_MIB_INSTATEPROTOERROR,	/* XfrmInStateProtoError */
+	XFRM_MIB_INSTATEMODEERROR,	/* XfrmInStateModeError */
+	XFRM_MIB_INSEQOUTOFWINDOW,	/* XfrmInSeqOutOfWindow */
+	XFRM_MIB_INSTATEEXPIRED,	/* XfrmInStateExpired */
+	XFRM_MIB_INSTATEINVALID,	/* XfrmInStateInvalid */
+	XFRM_MIB_INNOSTATES,		/* XfrmInNoStates */
+	XFRM_MIB_INTMPLMISMATCH,	/* XfrmInTmplMismatch */
+	XFRM_MIB_INPOLBLOCK,		/* XfrmInPolBlock */
+	XFRM_MIB_INNOPOLS,		/* XfrmInNoPols */
+	XFRM_MIB_OUTERROR,		/* XfrmOutError */
+	XFRM_MIB_OUTLENGTHERROR,	/* XfrmOutLengthError */
+	XFRM_MIB_OUTSTATEPROTOERROR,	/* XfrmOutStateProtoError */
+	XFRM_MIB_OUTSTATEMODEERROR,	/* XfrmOutStateModeError */
+	XFRM_MIB_OUTSTATEEXPIRED,	/* XfrmOutStateExpired */
+	XFRM_MIB_OUTNOSTATES,		/* XfrmOutNoStates */
+	XFRM_MIB_OUTBUNDLEERROR,	/* XfrmOutBundleError */
+	XFRM_MIB_OUTPOLBLOCK,		/* XfrmOutPolBlock */
+	__XFRM_MIB_MAX
+};
+
 #endif	/* _LINUX_SNMP_H */
diff --git a/include/net/snmp.h b/include/net/snmp.h
index 464970e..a4519e9 100644
--- a/include/net/snmp.h
+++ b/include/net/snmp.h
@@ -106,8 +106,14 @@ struct linux_mib {
 	unsigned long	mibs[LINUX_MIB_MAX];
 };
 
+/* Xfrm */
+#define XFRM_MIB_MAX	__XFRM_MIB_MAX
+struct xfrm_mib {
+	unsigned long	mibs[XFRM_MIB_MAX];
+};
 
-/* 
+
+/*
  * FIXME: On x86 and some other CPUs the split into user and softirq parts
  * is not needed because addl $1,memory is atomic against interrupts (but 
  * atomic_inc would be overkill because of the lock cycles). Wants new 
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index b0d39e9..1f85641 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -23,6 +23,17 @@
 #define MODULE_ALIAS_XFRM_MODE(family, encap) \
 	MODULE_ALIAS("xfrm-mode-" __stringify(family) "-" __stringify(encap))
 
+#ifdef CONFIG_XFRM_STATISTICS
+DECLARE_SNMP_STAT(struct xfrm_mib, xfrm_statistics);
+#define XFRM_INC_STATS(field)		SNMP_INC_STATS(xfrm_statistics, field)
+#define XFRM_INC_STATS_BH(field)	SNMP_INC_STATS_BH(xfrm_statistics, field)
+#define XFRM_INC_STATS_USER(field) 	SNMP_INC_STATS_USER(xfrm_statistics, field)
+#else
+#define XFRM_INC_STATS(field)
+#define XFRM_INC_STATS_BH(field)
+#define XFRM_INC_STATS_USER(field)
+#endif
+
 extern struct sock *xfrm_nl;
 extern u32 sysctl_xfrm_aevent_etime;
 extern u32 sysctl_xfrm_aevent_rseqth;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index f5da7f4..ad34b8b 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2136,6 +2136,43 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
 EXPORT_SYMBOL(xfrm_audit_log);
 #endif /* CONFIG_AUDITSYSCALL */
 
+#ifdef CONFIG_XFRM_STATISTICS
+#include <net/snmp.h>
+
+DEFINE_SNMP_STAT(struct xfrm_mib, xfrm_statistics) __read_mostly;
+EXPORT_SYMBOL(xfrm_statistics);
+
+static int xfrm_statistics_init(void)
+{
+	xfrm_statistics[0] = alloc_percpu(struct xfrm_mib);
+	if (!xfrm_statistics[0])
+		goto err0;
+
+	xfrm_statistics[1] = alloc_percpu(struct xfrm_mib);
+	if (!xfrm_statistics[1])
+		goto err1;
+
+	return 0;
+
+err1:
+	free_percpu(xfrm_statistics[0]);
+	xfrm_statistics[0] = NULL;
+err0:
+	return -ENOMEM;
+}
+
+#if 0
+static void xfrm_statistics_cleanup(void)
+{
+	if (xfrm_statistics[0])
+		free_percpu(xfrm_statistics[0]);
+	if (xfrm_statistics[1])
+		free_percpu(xfrm_statistics[1]);
+	xfrm_statistics[0] = xfrm_statistics[1] = NULL;
+}
+#endif
+#endif
+
 int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
 {
 	int err = 0;
@@ -2276,6 +2313,9 @@ static void __init xfrm_policy_init(void)
 
 void __init xfrm_init(void)
 {
+#ifdef CONFIG_XFRM_STATISTICS
+	xfrm_statistics_init();
+#endif
 	xfrm_state_init();
 	xfrm_policy_init();
 	xfrm_input_init();
diff --git a/net/xfrm/xfrm_proc.c b/net/xfrm/xfrm_proc.c
index 63a0b75..1453aa9 100644
--- a/net/xfrm/xfrm_proc.c
+++ b/net/xfrm/xfrm_proc.c
@@ -19,6 +19,72 @@
 #define XFRM_SEQ_NUM_BUF 32
 #define XFRM_PROC_DEBUG
 
+#ifdef CONFIG_XFRM_STATISTICS
+#include <net/snmp.h>
+
+static struct snmp_mib xfrm_mib_list[] = {
+	SNMP_MIB_ITEM("XfrmInError", XFRM_MIB_INERROR),
+	SNMP_MIB_ITEM("XfrmInHdrError", XFRM_MIB_INHDRERROR),
+	SNMP_MIB_ITEM("XfrmInStateProtoError", XFRM_MIB_INSTATEPROTOERROR),
+	SNMP_MIB_ITEM("XfrmInStateModeError", XFRM_MIB_INSTATEMODEERROR),
+	SNMP_MIB_ITEM("XfrmInSeqOutOfWindow", XFRM_MIB_INSEQOUTOFWINDOW),
+	SNMP_MIB_ITEM("XfrmInStateExpired", XFRM_MIB_INSTATEEXPIRED),
+	SNMP_MIB_ITEM("XfrmInStateInvalid", XFRM_MIB_INSTATEINVALID),
+	SNMP_MIB_ITEM("XfrmInNoStates", XFRM_MIB_INNOSTATES),
+	SNMP_MIB_ITEM("XfrmInTmplMismatch", XFRM_MIB_INTMPLMISMATCH),
+	SNMP_MIB_ITEM("XfrmInPolBlock", XFRM_MIB_INPOLBLOCK),
+	SNMP_MIB_ITEM("XfrmInNoPols", XFRM_MIB_INNOPOLS),
+	SNMP_MIB_ITEM("XfrmOutError", XFRM_MIB_OUTERROR),
+	SNMP_MIB_ITEM("XfrmOutLengthError", XFRM_MIB_OUTLENGTHERROR),
+	SNMP_MIB_ITEM("XfrmOutStateProtoError", XFRM_MIB_OUTSTATEPROTOERROR),
+	SNMP_MIB_ITEM("XfrmOutStateModeError", XFRM_MIB_OUTSTATEMODEERROR),
+	SNMP_MIB_ITEM("XfrmOutStateExpired", XFRM_MIB_OUTSTATEEXPIRED),
+	SNMP_MIB_ITEM("XfrmOutNoStates", XFRM_MIB_OUTNOSTATES),
+	SNMP_MIB_ITEM("XfrmOutPolBlock", XFRM_MIB_OUTPOLBLOCK),
+	SNMP_MIB_ITEM("XfrmOutBundleError", XFRM_MIB_OUTBUNDLEERROR),
+	SNMP_MIB_SENTINEL
+};
+
+static unsigned long
+fold_field(void *mib[], int offt)
+{
+        unsigned long res = 0;
+        int i;
+
+        for_each_possible_cpu(i) {
+                res += *(((unsigned long *)per_cpu_ptr(mib[0], i)) + offt);
+                res += *(((unsigned long *)per_cpu_ptr(mib[1], i)) + offt);
+        }
+        return res;
+}
+
+static int xfrm_statistics_seq_show(struct seq_file *seq, void *v)
+{
+	int i;
+	for (i=0; xfrm_mib_list[i].name; i++)
+		seq_printf(seq, "%-24s\t%lu\n", xfrm_mib_list[i].name,
+			   fold_field((void **)xfrm_statistics,
+				      xfrm_mib_list[i].entry));
+	return 0;
+}
+
+static int xfrm_statistics_seq_open(struct inode *inode, struct file *file)
+{
+	return single_open(file, xfrm_statistics_seq_show, NULL);
+}
+
+static struct file_operations proc_net_xfrm_stats_seq_fops = {
+	.owner	 = THIS_MODULE,
+	.open	 = xfrm_statistics_seq_open,
+	.read	 = seq_read,
+	.llseek	 = seq_lseek,
+	.release = single_release,
+};
+
+static struct proc_dir_entry *proc_net_xfrm_stats;
+
+#endif /* CONFIG_XFRM_STATISTICS */
+
 #ifdef XFRM_PROC_DEBUG
 #include <net/neighbour.h>
 #include <linux/if_arp.h>
@@ -297,9 +363,22 @@ int __init xfrm_proc_init(void)
 
 	proc_net_xfrm_bundle->proc_fops = &proc_net_xfrm_bundle_seq_fops;
 
+#ifdef CONFIG_XFRM_STATISTICS
+	proc_net_xfrm_stats = create_proc_entry("stats", S_IRUGO,
+						proc_net_xfrm);
+	if (!proc_net_xfrm_stats)
+		goto proc_net_xfrm_stats_fail;
+
+	proc_net_xfrm_stats->proc_fops = &proc_net_xfrm_stats_seq_fops;
+#endif
+
  out:
 	return rc;
 
+#ifdef CONFIG_XFRM_STATISTICS
+ proc_net_xfrm_stats_fail:
+	remove_proc_entry("bundle", proc_net_xfrm);
+#endif
  proc_net_xfrm_bundle_fail:
 	remove_proc_entry("xfrm", proc_net);
  proc_net_xfrm_fail:
-- 
1.5.0.3