[Swan] ipsec barf output question

David M da3bobots at gmail.com
Sun Mar 1 22:09:10 EET 2015


Hi

libreswan-3.8-6.el7_0.x86_64 on CentOS 7 kernel
version 3.10.0-123.20.1.el7.x86_64

In 'ipsec barf' output in
cat /proc/net/xfrm_stat section

I've noticed XfrmOutStateModeError increment in small bursts every few
minutes or so (all other counters in this section are zero).

Is this something to be concerned with and if so where would I begin to
troubleshoot?

I can see how it is being incremented but don't fully understand why and if
it is even important.

Running dropwatch I see this:

6 drops at xfrm_output_resume+c8 (0xffffffff8156ae68)

With the leading value equal to the bump up in XfrmOutStateModeError.

xfrm_output_resume in net/xfrm/xfrm_output.c calls xfrm_output_one and is
in this block.

                err = x->outer_mode->output(x, skb);
                if (err) {
                        XFRM_INC_STATS(net,
LINUX_MIB_XFRMOUTSTATEMODEERROR);
                        goto error_nolock;
                }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150301/0fabafb3/attachment.html>


More information about the Swan mailing list