# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) --- name: psp doc: PSP Security Protocol Generic Netlink family. definitions: - type: enum name: version entries: [hdr0-aes-gcm-128, hdr0-aes-gcm-256, hdr0-aes-gmac-128, hdr0-aes-gmac-256] attribute-sets: - name: dev attributes: - name: id doc: PSP device ID. type: u32 checks: min: 1 - name: ifindex doc: ifindex of the main netdevice linked to the PSP device. type: u32 - name: psp-versions-cap doc: Bitmask of PSP versions supported by the device. type: u32 enum: version enum-as-flags: true - name: psp-versions-ena doc: Bitmask of currently enabled (accepted on Rx) PSP versions. type: u32 enum: version enum-as-flags: true - name: assoc attributes: - name: dev-id doc: PSP device ID. type: u32 checks: min: 1 - name: version doc: | PSP versions (AEAD and protocol version) used by this association, dictates the size of the key. type: u32 enum: version - name: rx-key type: nest nested-attributes: keys - name: tx-key type: nest nested-attributes: keys - name: sock-fd doc: Sockets which should be bound to the association immediately. type: u32 - name: keys attributes: - name: key type: binary - name: spi doc: Security Parameters Index (SPI) of the association. type: u32 - name: stats attributes: - name: dev-id doc: PSP device ID. type: u32 checks: min: 1 - name: key-rotations type: uint doc: | Number of key rotations during the lifetime of the device. Kernel statistic. - name: stale-events type: uint doc: | Number of times a socket's Rx got shut down due to using a key which went stale (fully rotated out). Kernel statistic. - name: rx-packets type: uint doc: | Number of successfully processed and authenticated PSP packets. Device statistic (from the PSP spec). - name: rx-bytes type: uint doc: | Number of successfully authenticated PSP bytes received, counting from the first byte after the IV through the last byte of payload. The fixed initial portion of the PSP header (16 bytes) and the PSP trailer/ICV (16 bytes) are not included in this count. Device statistic (from the PSP spec). - name: rx-auth-fail type: uint doc: | Number of received PSP packets with unsuccessful authentication. Device statistic (from the PSP spec). - name: rx-error type: uint doc: | Number of received PSP packets with length/framing errors. Device statistic (from the PSP spec). - name: rx-bad type: uint doc: | Number of received PSP packets with miscellaneous errors (invalid master key indicated by SPI, unsupported version, etc.) Device statistic (from the PSP spec). - name: tx-packets type: uint doc: | Number of successfully processed PSP packets for transmission. Device statistic (from the PSP spec). - name: tx-bytes type: uint doc: | Number of successfully processed PSP bytes for transmit, counting from the first byte after the IV through the last byte of payload. The fixed initial portion of the PSP header (16 bytes) and the PSP trailer/ICV (16 bytes) are not included in this count. Device statistic (from the PSP spec). - name: tx-error type: uint doc: | Number of PSP packets for transmission with errors. Device statistic (from the PSP spec). operations: list: - name: dev-get doc: Get / dump information about PSP capable devices on the system. attribute-set: dev do: request: attributes: - id reply: &dev-all attributes: - id - ifindex - psp-versions-cap - psp-versions-ena pre: psp-device-get-locked post: psp-device-unlock dump: reply: *dev-all - name: dev-add-ntf doc: Notification about device appearing. notify: dev-get mcgrp: mgmt - name: dev-del-ntf doc: Notification about device disappearing. notify: dev-get mcgrp: mgmt - name: dev-set doc: Set the configuration of a PSP device. attribute-set: dev do: request: attributes: - id - psp-versions-ena reply: attributes: [] pre: psp-device-get-locked post: psp-device-unlock - name: dev-change-ntf doc: Notification about device configuration being changed. notify: dev-get mcgrp: mgmt - name: key-rotate doc: Rotate the device key. attribute-set: dev do: request: attributes: - id reply: attributes: - id pre: psp-device-get-locked post: psp-device-unlock - name: key-rotate-ntf doc: Notification about device key getting rotated. notify: key-rotate mcgrp: use - name: rx-assoc doc: Allocate a new Rx key + SPI pair, associate it with a socket. attribute-set: assoc do: request: attributes: - dev-id - version - sock-fd reply: attributes: - dev-id - rx-key pre: psp-assoc-device-get-locked post: psp-device-unlock - name: tx-assoc doc: Add a PSP Tx association. attribute-set: assoc do: request: attributes: - dev-id - version - tx-key - sock-fd reply: attributes: [] pre: psp-assoc-device-get-locked post: psp-device-unlock - name: get-stats doc: Get device statistics. attribute-set: stats do: request: attributes: - dev-id reply: &stats-all attributes: - dev-id - key-rotations - stale-events pre: psp-device-get-locked post: psp-device-unlock dump: reply: *stats-all mcast-groups: list: - name: mgmt - name: use ...