1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 2--- 3name: psp 4 5doc: 6 PSP Security Protocol Generic Netlink family. 7 8definitions: 9 - 10 type: enum 11 name: version 12 entries: [hdr0-aes-gcm-128, hdr0-aes-gcm-256, 13 hdr0-aes-gmac-128, hdr0-aes-gmac-256] 14 15attribute-sets: 16 - 17 name: dev 18 attributes: 19 - 20 name: id 21 doc: PSP device ID. 22 type: u32 23 checks: 24 min: 1 25 - 26 name: ifindex 27 doc: ifindex of the main netdevice linked to the PSP device. 28 type: u32 29 - 30 name: psp-versions-cap 31 doc: Bitmask of PSP versions supported by the device. 32 type: u32 33 enum: version 34 enum-as-flags: true 35 - 36 name: psp-versions-ena 37 doc: Bitmask of currently enabled (accepted on Rx) PSP versions. 38 type: u32 39 enum: version 40 enum-as-flags: true 41 - 42 name: assoc 43 attributes: 44 - 45 name: dev-id 46 doc: PSP device ID. 47 type: u32 48 checks: 49 min: 1 50 - 51 name: version 52 doc: | 53 PSP versions (AEAD and protocol version) used by this association, 54 dictates the size of the key. 55 type: u32 56 enum: version 57 - 58 name: rx-key 59 type: nest 60 nested-attributes: keys 61 - 62 name: tx-key 63 type: nest 64 nested-attributes: keys 65 - 66 name: sock-fd 67 doc: Sockets which should be bound to the association immediately. 68 type: u32 69 - 70 name: keys 71 attributes: 72 - 73 name: key 74 type: binary 75 - 76 name: spi 77 doc: Security Parameters Index (SPI) of the association. 78 type: u32 79 - 80 name: stats 81 attributes: 82 - 83 name: dev-id 84 doc: PSP device ID. 85 type: u32 86 checks: 87 min: 1 88 - 89 name: key-rotations 90 type: uint 91 doc: | 92 Number of key rotations during the lifetime of the device. 93 Kernel statistic. 94 - 95 name: stale-events 96 type: uint 97 doc: | 98 Number of times a socket's Rx got shut down due to using 99 a key which went stale (fully rotated out). 100 Kernel statistic. 101 - 102 name: rx-packets 103 type: uint 104 doc: | 105 Number of successfully processed and authenticated PSP packets. 106 Device statistic (from the PSP spec). 107 - 108 name: rx-bytes 109 type: uint 110 doc: | 111 Number of successfully authenticated PSP bytes received, counting from 112 the first byte after the IV through the last byte of payload. 113 The fixed initial portion of the PSP header (16 bytes) 114 and the PSP trailer/ICV (16 bytes) are not included in this count. 115 Device statistic (from the PSP spec). 116 - 117 name: rx-auth-fail 118 type: uint 119 doc: | 120 Number of received PSP packets with unsuccessful authentication. 121 Device statistic (from the PSP spec). 122 - 123 name: rx-error 124 type: uint 125 doc: | 126 Number of received PSP packets with length/framing errors. 127 Device statistic (from the PSP spec). 128 - 129 name: rx-bad 130 type: uint 131 doc: | 132 Number of received PSP packets with miscellaneous errors 133 (invalid master key indicated by SPI, unsupported version, etc.) 134 Device statistic (from the PSP spec). 135 - 136 name: tx-packets 137 type: uint 138 doc: | 139 Number of successfully processed PSP packets for transmission. 140 Device statistic (from the PSP spec). 141 - 142 name: tx-bytes 143 type: uint 144 doc: | 145 Number of successfully processed PSP bytes for transmit, counting from 146 the first byte after the IV through the last byte of payload. 147 The fixed initial portion of the PSP header (16 bytes) 148 and the PSP trailer/ICV (16 bytes) are not included in this count. 149 Device statistic (from the PSP spec). 150 - 151 name: tx-error 152 type: uint 153 doc: | 154 Number of PSP packets for transmission with errors. 155 Device statistic (from the PSP spec). 156 157operations: 158 list: 159 - 160 name: dev-get 161 doc: Get / dump information about PSP capable devices on the system. 162 attribute-set: dev 163 do: 164 request: 165 attributes: 166 - id 167 reply: &dev-all 168 attributes: 169 - id 170 - ifindex 171 - psp-versions-cap 172 - psp-versions-ena 173 pre: psp-device-get-locked 174 post: psp-device-unlock 175 dump: 176 reply: *dev-all 177 - 178 name: dev-add-ntf 179 doc: Notification about device appearing. 180 notify: dev-get 181 mcgrp: mgmt 182 - 183 name: dev-del-ntf 184 doc: Notification about device disappearing. 185 notify: dev-get 186 mcgrp: mgmt 187 - 188 name: dev-set 189 doc: Set the configuration of a PSP device. 190 attribute-set: dev 191 do: 192 request: 193 attributes: 194 - id 195 - psp-versions-ena 196 reply: 197 attributes: [] 198 pre: psp-device-get-locked 199 post: psp-device-unlock 200 - 201 name: dev-change-ntf 202 doc: Notification about device configuration being changed. 203 notify: dev-get 204 mcgrp: mgmt 205 206 - 207 name: key-rotate 208 doc: Rotate the device key. 209 attribute-set: dev 210 do: 211 request: 212 attributes: 213 - id 214 reply: 215 attributes: 216 - id 217 pre: psp-device-get-locked 218 post: psp-device-unlock 219 - 220 name: key-rotate-ntf 221 doc: Notification about device key getting rotated. 222 notify: key-rotate 223 mcgrp: use 224 225 - 226 name: rx-assoc 227 doc: Allocate a new Rx key + SPI pair, associate it with a socket. 228 attribute-set: assoc 229 do: 230 request: 231 attributes: 232 - dev-id 233 - version 234 - sock-fd 235 reply: 236 attributes: 237 - dev-id 238 - rx-key 239 pre: psp-assoc-device-get-locked 240 post: psp-device-unlock 241 - 242 name: tx-assoc 243 doc: Add a PSP Tx association. 244 attribute-set: assoc 245 do: 246 request: 247 attributes: 248 - dev-id 249 - version 250 - tx-key 251 - sock-fd 252 reply: 253 attributes: [] 254 pre: psp-assoc-device-get-locked 255 post: psp-device-unlock 256 257 - 258 name: get-stats 259 doc: Get device statistics. 260 attribute-set: stats 261 do: 262 request: 263 attributes: 264 - dev-id 265 reply: &stats-all 266 attributes: 267 - dev-id 268 - key-rotations 269 - stale-events 270 pre: psp-device-get-locked 271 post: psp-device-unlock 272 dump: 273 reply: *stats-all 274 275mcast-groups: 276 list: 277 - 278 name: mgmt 279 - 280 name: use 281 282... 283