# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) --- name: psp doc: PSP Security Protocol Generic Netlink family. definitions: - type: enum name: version entries: [hdr0-aes-gcm-128, hdr0-aes-gcm-256, hdr0-aes-gmac-128, hdr0-aes-gmac-256] attribute-sets: - name: assoc-dev-info attributes: - name: ifindex doc: ifindex of an associated network device. type: u32 - name: nsid doc: Network namespace ID of the associated device. type: s32 - name: dev attributes: - name: id doc: PSP device ID. type: u32 checks: min: 1 - name: ifindex doc: | ifindex of the main netdevice linked to the PSP device, or the ifindex to associate with the PSP device. type: u32 - name: psp-versions-cap doc: Bitmask of PSP versions supported by the device. type: u32 enum: version enum-as-flags: true - name: psp-versions-ena doc: Bitmask of currently enabled (accepted on Rx) PSP versions. type: u32 enum: version enum-as-flags: true - name: assoc-list doc: List of associated virtual devices. type: nest nested-attributes: assoc-dev-info multi-attr: true - name: nsid doc: | Network namespace ID for the device to associate/disassociate. Optional for dev-assoc and dev-disassoc; if not present, the device is looked up in the caller's network namespace. type: s32 - name: by-association doc: | Flag indicating the PSP device is an associated device from a different network namespace. Present when in associated namespace, absent when in primary/host namespace. type: flag - name: assoc attributes: - name: dev-id doc: PSP device ID. type: u32 checks: min: 1 - name: version doc: | PSP versions (AEAD and protocol version) used by this association, dictates the size of the key. type: u32 enum: version - name: rx-key type: nest nested-attributes: keys - name: tx-key type: nest nested-attributes: keys - name: sock-fd doc: Sockets which should be bound to the association immediately. type: u32 - name: keys attributes: - name: key type: binary - name: spi doc: Security Parameters Index (SPI) of the association. type: u32 - name: stats attributes: - name: dev-id doc: PSP device ID. type: u32 checks: min: 1 - name: key-rotations type: uint doc: | Number of key rotations during the lifetime of the device. Kernel statistic. - name: stale-events type: uint doc: | Number of times a socket's Rx got shut down due to using a key which went stale (fully rotated out). Kernel statistic. - name: rx-packets type: uint doc: | Number of successfully processed and authenticated PSP packets. Device statistic (from the PSP spec). - name: rx-bytes type: uint doc: | Number of successfully authenticated PSP bytes received, counting from the first byte after the IV through the last byte of payload. The fixed initial portion of the PSP header (16 bytes) and the PSP trailer/ICV (16 bytes) are not included in this count. Device statistic (from the PSP spec). - name: rx-auth-fail type: uint doc: | Number of received PSP packets with unsuccessful authentication. Device statistic (from the PSP spec). - name: rx-error type: uint doc: | Number of received PSP packets with length/framing errors. Device statistic (from the PSP spec). - name: rx-bad type: uint doc: | Number of received PSP packets with miscellaneous errors (invalid master key indicated by SPI, unsupported version, etc.) Device statistic (from the PSP spec). - name: tx-packets type: uint doc: | Number of successfully processed PSP packets for transmission. Device statistic (from the PSP spec). - name: tx-bytes type: uint doc: | Number of successfully processed PSP bytes for transmit, counting from the first byte after the IV through the last byte of payload. The fixed initial portion of the PSP header (16 bytes) and the PSP trailer/ICV (16 bytes) are not included in this count. Device statistic (from the PSP spec). - name: tx-error type: uint doc: | Number of PSP packets for transmission with errors. Device statistic (from the PSP spec). operations: list: - name: dev-get doc: Get / dump information about PSP capable devices on the system. attribute-set: dev do: request: attributes: - id reply: &dev-all attributes: - id - ifindex - psp-versions-cap - psp-versions-ena - assoc-list - by-association pre: psp-device-get-locked post: psp-device-unlock dump: reply: *dev-all - name: dev-add-ntf doc: Notification about device appearing. notify: dev-get mcgrp: mgmt - name: dev-del-ntf doc: Notification about device disappearing. notify: dev-get mcgrp: mgmt - name: dev-set doc: Set the configuration of a PSP device. attribute-set: dev flags: [admin-perm] do: request: attributes: - id - psp-versions-ena reply: attributes: [] pre: psp-device-get-locked-admin post: psp-device-unlock - name: dev-change-ntf doc: Notification about device configuration being changed. notify: dev-get mcgrp: mgmt - name: key-rotate doc: Rotate the device key. attribute-set: dev flags: [admin-perm] do: request: attributes: - id reply: attributes: - id pre: psp-device-get-locked-admin post: psp-device-unlock - name: key-rotate-ntf doc: Notification about device key getting rotated. notify: key-rotate mcgrp: use - name: rx-assoc doc: Allocate a new Rx key + SPI pair, associate it with a socket. attribute-set: assoc do: request: attributes: - dev-id - version - sock-fd reply: attributes: - dev-id - rx-key pre: psp-assoc-device-get-locked post: psp-device-unlock - name: tx-assoc doc: Add a PSP Tx association. attribute-set: assoc do: request: attributes: - dev-id - version - tx-key - sock-fd reply: attributes: [] pre: psp-assoc-device-get-locked post: psp-device-unlock - name: get-stats doc: Get device statistics. attribute-set: stats do: request: attributes: - dev-id reply: &stats-all attributes: - dev-id - key-rotations - stale-events - rx-packets - rx-bytes - rx-auth-fail - rx-error - rx-bad - tx-packets - tx-bytes - tx-error pre: psp-device-get-locked post: psp-device-unlock dump: reply: *stats-all - name: dev-assoc doc: Associate a network device with a PSP device. attribute-set: dev flags: [admin-perm] do: request: attributes: - id - ifindex - nsid reply: attributes: [] pre: psp-device-get-locked-dev-assoc post: psp-device-unlock - name: dev-disassoc doc: Disassociate a network device from a PSP device. attribute-set: dev flags: [admin-perm] do: request: attributes: - id - ifindex - nsid reply: attributes: [] pre: psp-device-get-locked post: psp-device-unlock mcast-groups: list: - name: mgmt - name: use ...