1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 2--- 3name: psp 4 5doc: 6 PSP Security Protocol Generic Netlink family. 7 8definitions: 9 - 10 type: enum 11 name: version 12 entries: [hdr0-aes-gcm-128, hdr0-aes-gcm-256, 13 hdr0-aes-gmac-128, hdr0-aes-gmac-256] 14 15attribute-sets: 16 - 17 name: assoc-dev-info 18 attributes: 19 - 20 name: ifindex 21 doc: ifindex of an associated network device. 22 type: u32 23 - 24 name: nsid 25 doc: Network namespace ID of the associated device. 26 type: s32 27 - 28 name: dev 29 attributes: 30 - 31 name: id 32 doc: PSP device ID. 33 type: u32 34 checks: 35 min: 1 36 - 37 name: ifindex 38 doc: | 39 ifindex of the main netdevice linked to the PSP device, 40 or the ifindex to associate with the PSP device. 41 type: u32 42 - 43 name: psp-versions-cap 44 doc: Bitmask of PSP versions supported by the device. 45 type: u32 46 enum: version 47 enum-as-flags: true 48 - 49 name: psp-versions-ena 50 doc: Bitmask of currently enabled (accepted on Rx) PSP versions. 51 type: u32 52 enum: version 53 enum-as-flags: true 54 - 55 name: assoc-list 56 doc: List of associated virtual devices. 57 type: nest 58 nested-attributes: assoc-dev-info 59 multi-attr: true 60 - 61 name: nsid 62 doc: | 63 Network namespace ID for the device to associate/disassociate. 64 Optional for dev-assoc and dev-disassoc; if not present, the 65 device is looked up in the caller's network namespace. 66 type: s32 67 - 68 name: by-association 69 doc: | 70 Flag indicating the PSP device is an associated device from a 71 different network namespace. 72 Present when in associated namespace, absent when in primary/host 73 namespace. 74 type: flag 75 76 - 77 name: assoc 78 attributes: 79 - 80 name: dev-id 81 doc: PSP device ID. 82 type: u32 83 checks: 84 min: 1 85 - 86 name: version 87 doc: | 88 PSP versions (AEAD and protocol version) used by this association, 89 dictates the size of the key. 90 type: u32 91 enum: version 92 - 93 name: rx-key 94 type: nest 95 nested-attributes: keys 96 - 97 name: tx-key 98 type: nest 99 nested-attributes: keys 100 - 101 name: sock-fd 102 doc: Sockets which should be bound to the association immediately. 103 type: u32 104 - 105 name: keys 106 attributes: 107 - 108 name: key 109 type: binary 110 - 111 name: spi 112 doc: Security Parameters Index (SPI) of the association. 113 type: u32 114 - 115 name: stats 116 attributes: 117 - 118 name: dev-id 119 doc: PSP device ID. 120 type: u32 121 checks: 122 min: 1 123 - 124 name: key-rotations 125 type: uint 126 doc: | 127 Number of key rotations during the lifetime of the device. 128 Kernel statistic. 129 - 130 name: stale-events 131 type: uint 132 doc: | 133 Number of times a socket's Rx got shut down due to using 134 a key which went stale (fully rotated out). 135 Kernel statistic. 136 - 137 name: rx-packets 138 type: uint 139 doc: | 140 Number of successfully processed and authenticated PSP packets. 141 Device statistic (from the PSP spec). 142 - 143 name: rx-bytes 144 type: uint 145 doc: | 146 Number of successfully authenticated PSP bytes received, counting from 147 the first byte after the IV through the last byte of payload. 148 The fixed initial portion of the PSP header (16 bytes) 149 and the PSP trailer/ICV (16 bytes) are not included in this count. 150 Device statistic (from the PSP spec). 151 - 152 name: rx-auth-fail 153 type: uint 154 doc: | 155 Number of received PSP packets with unsuccessful authentication. 156 Device statistic (from the PSP spec). 157 - 158 name: rx-error 159 type: uint 160 doc: | 161 Number of received PSP packets with length/framing errors. 162 Device statistic (from the PSP spec). 163 - 164 name: rx-bad 165 type: uint 166 doc: | 167 Number of received PSP packets with miscellaneous errors 168 (invalid master key indicated by SPI, unsupported version, etc.) 169 Device statistic (from the PSP spec). 170 - 171 name: tx-packets 172 type: uint 173 doc: | 174 Number of successfully processed PSP packets for transmission. 175 Device statistic (from the PSP spec). 176 - 177 name: tx-bytes 178 type: uint 179 doc: | 180 Number of successfully processed PSP bytes for transmit, counting from 181 the first byte after the IV through the last byte of payload. 182 The fixed initial portion of the PSP header (16 bytes) 183 and the PSP trailer/ICV (16 bytes) are not included in this count. 184 Device statistic (from the PSP spec). 185 - 186 name: tx-error 187 type: uint 188 doc: | 189 Number of PSP packets for transmission with errors. 190 Device statistic (from the PSP spec). 191 192operations: 193 list: 194 - 195 name: dev-get 196 doc: Get / dump information about PSP capable devices on the system. 197 attribute-set: dev 198 do: 199 request: 200 attributes: 201 - id 202 reply: &dev-all 203 attributes: 204 - id 205 - ifindex 206 - psp-versions-cap 207 - psp-versions-ena 208 - assoc-list 209 - by-association 210 pre: psp-device-get-locked 211 post: psp-device-unlock 212 dump: 213 reply: *dev-all 214 - 215 name: dev-add-ntf 216 doc: Notification about device appearing. 217 notify: dev-get 218 mcgrp: mgmt 219 - 220 name: dev-del-ntf 221 doc: Notification about device disappearing. 222 notify: dev-get 223 mcgrp: mgmt 224 - 225 name: dev-set 226 doc: Set the configuration of a PSP device. 227 attribute-set: dev 228 flags: [admin-perm] 229 do: 230 request: 231 attributes: 232 - id 233 - psp-versions-ena 234 reply: 235 attributes: [] 236 pre: psp-device-get-locked-admin 237 post: psp-device-unlock 238 - 239 name: dev-change-ntf 240 doc: Notification about device configuration being changed. 241 notify: dev-get 242 mcgrp: mgmt 243 244 - 245 name: key-rotate 246 doc: Rotate the device key. 247 attribute-set: dev 248 flags: [admin-perm] 249 do: 250 request: 251 attributes: 252 - id 253 reply: 254 attributes: 255 - id 256 pre: psp-device-get-locked-admin 257 post: psp-device-unlock 258 - 259 name: key-rotate-ntf 260 doc: Notification about device key getting rotated. 261 notify: key-rotate 262 mcgrp: use 263 264 - 265 name: rx-assoc 266 doc: Allocate a new Rx key + SPI pair, associate it with a socket. 267 attribute-set: assoc 268 do: 269 request: 270 attributes: 271 - dev-id 272 - version 273 - sock-fd 274 reply: 275 attributes: 276 - dev-id 277 - rx-key 278 pre: psp-assoc-device-get-locked 279 post: psp-device-unlock 280 - 281 name: tx-assoc 282 doc: Add a PSP Tx association. 283 attribute-set: assoc 284 do: 285 request: 286 attributes: 287 - dev-id 288 - version 289 - tx-key 290 - sock-fd 291 reply: 292 attributes: [] 293 pre: psp-assoc-device-get-locked 294 post: psp-device-unlock 295 296 - 297 name: get-stats 298 doc: Get device statistics. 299 attribute-set: stats 300 do: 301 request: 302 attributes: 303 - dev-id 304 reply: &stats-all 305 attributes: 306 - dev-id 307 - key-rotations 308 - stale-events 309 - rx-packets 310 - rx-bytes 311 - rx-auth-fail 312 - rx-error 313 - rx-bad 314 - tx-packets 315 - tx-bytes 316 - tx-error 317 pre: psp-device-get-locked 318 post: psp-device-unlock 319 dump: 320 reply: *stats-all 321 - 322 name: dev-assoc 323 doc: Associate a network device with a PSP device. 324 attribute-set: dev 325 flags: [admin-perm] 326 do: 327 request: 328 attributes: 329 - id 330 - ifindex 331 - nsid 332 reply: 333 attributes: [] 334 pre: psp-device-get-locked-dev-assoc 335 post: psp-device-unlock 336 - 337 name: dev-disassoc 338 doc: Disassociate a network device from a PSP device. 339 attribute-set: dev 340 flags: [admin-perm] 341 do: 342 request: 343 attributes: 344 - id 345 - ifindex 346 - nsid 347 reply: 348 attributes: [] 349 pre: psp-device-get-locked 350 post: psp-device-unlock 351 352mcast-groups: 353 list: 354 - 355 name: mgmt 356 - 357 name: use 358 359... 360