counters Plugin
Purpose
The counters plugin for libcharon collects and provides several IKE
statistics counters. The counter values can be queried or reset (globally or per
connection name) via the swanctl --counters
subcommand.
The plugin is disabled by default and can be enabled with the
./configure option
--enable-counters
Available Counters
Counters are collected globally and per connection name. However, the latter
category has some limitations e.g. if the initially selected connection is
switched due to the authentication method or the exchanged identities. In which
case e.g. no IKE_SA_INIT messages will be recorded for the name of the second
connection. Also some counters will never record connection specific numbers
(e.g. the number of messages with invalid IKE SPI).
| Identifier | Description |
|---|---|
ike-rekey-init |
Initiated IKE_SA rekeyings |
ike-rekey-resp |
Responded IKE_SA rekeyings |
child-rekey |
Completed CHILD_SA rekeyings |
invalid |
Messages with invalid types, length or an out-of-range value |
invalid-spi |
Messages with invalid IKE SPI |
ike-init-in-req |
Received IKE_SA_INIT requests |
ike-init-in-resp |
Received IKE_SA_INIT responses |
ike-init-out-req |
Sent IKE_SA_INIT requests |
ike-init-out-resp |
Sent IKE_SA_INIT responses |
ike-auth-in-req |
Received IKE_AUTH requests |
ike-auth-in-resp |
Received IKE_AUTH responses |
ike-auth-out-req |
Sent IKE_AUTH requests |
ike-auth-out-resp |
Sent IKE_AUTH responses |
create-child-in-req |
Received CREATE_CHILD_SA requests |
create-child-in-resp |
Received CREATE_CHILD_SA responses |
create-child-out-req |
Sent CREATE_CHILD_SA requests |
create-child-out-resp |
Sent CREATE_CHILD_SA responses |
info-in-req |
Received INFORMATIONAL requests |
info-in-resp |
Received INFORMATIONAL responses |
info-out-req |
Sent INFORMATIONAL requests |
info-out-resp |
Sent INFORMATIONAL responses |