| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282 |
- # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
- ---
- name: psp
- doc:
- PSP Security Protocol Generic Netlink family.
- definitions:
- -
- type: enum
- name: version
- entries: [hdr0-aes-gcm-128, hdr0-aes-gcm-256,
- hdr0-aes-gmac-128, hdr0-aes-gmac-256]
- attribute-sets:
- -
- name: dev
- attributes:
- -
- name: id
- doc: PSP device ID.
- type: u32
- checks:
- min: 1
- -
- name: ifindex
- doc: ifindex of the main netdevice linked to the PSP device.
- type: u32
- -
- name: psp-versions-cap
- doc: Bitmask of PSP versions supported by the device.
- type: u32
- enum: version
- enum-as-flags: true
- -
- name: psp-versions-ena
- doc: Bitmask of currently enabled (accepted on Rx) PSP versions.
- type: u32
- enum: version
- enum-as-flags: true
- -
- name: assoc
- attributes:
- -
- name: dev-id
- doc: PSP device ID.
- type: u32
- checks:
- min: 1
- -
- name: version
- doc: |
- PSP versions (AEAD and protocol version) used by this association,
- dictates the size of the key.
- type: u32
- enum: version
- -
- name: rx-key
- type: nest
- nested-attributes: keys
- -
- name: tx-key
- type: nest
- nested-attributes: keys
- -
- name: sock-fd
- doc: Sockets which should be bound to the association immediately.
- type: u32
- -
- name: keys
- attributes:
- -
- name: key
- type: binary
- -
- name: spi
- doc: Security Parameters Index (SPI) of the association.
- type: u32
- -
- name: stats
- attributes:
- -
- name: dev-id
- doc: PSP device ID.
- type: u32
- checks:
- min: 1
- -
- name: key-rotations
- type: uint
- doc: |
- Number of key rotations during the lifetime of the device.
- Kernel statistic.
- -
- name: stale-events
- type: uint
- doc: |
- Number of times a socket's Rx got shut down due to using
- a key which went stale (fully rotated out).
- Kernel statistic.
- -
- name: rx-packets
- type: uint
- doc: |
- Number of successfully processed and authenticated PSP packets.
- Device statistic (from the PSP spec).
- -
- name: rx-bytes
- type: uint
- doc: |
- Number of successfully authenticated PSP bytes received, counting from
- the first byte after the IV through the last byte of payload.
- The fixed initial portion of the PSP header (16 bytes)
- and the PSP trailer/ICV (16 bytes) are not included in this count.
- Device statistic (from the PSP spec).
- -
- name: rx-auth-fail
- type: uint
- doc: |
- Number of received PSP packets with unsuccessful authentication.
- Device statistic (from the PSP spec).
- -
- name: rx-error
- type: uint
- doc: |
- Number of received PSP packets with length/framing errors.
- Device statistic (from the PSP spec).
- -
- name: rx-bad
- type: uint
- doc: |
- Number of received PSP packets with miscellaneous errors
- (invalid master key indicated by SPI, unsupported version, etc.)
- Device statistic (from the PSP spec).
- -
- name: tx-packets
- type: uint
- doc: |
- Number of successfully processed PSP packets for transmission.
- Device statistic (from the PSP spec).
- -
- name: tx-bytes
- type: uint
- doc: |
- Number of successfully processed PSP bytes for transmit, counting from
- the first byte after the IV through the last byte of payload.
- The fixed initial portion of the PSP header (16 bytes)
- and the PSP trailer/ICV (16 bytes) are not included in this count.
- Device statistic (from the PSP spec).
- -
- name: tx-error
- type: uint
- doc: |
- Number of PSP packets for transmission with errors.
- Device statistic (from the PSP spec).
- operations:
- list:
- -
- name: dev-get
- doc: Get / dump information about PSP capable devices on the system.
- attribute-set: dev
- do:
- request:
- attributes:
- - id
- reply: &dev-all
- attributes:
- - id
- - ifindex
- - psp-versions-cap
- - psp-versions-ena
- pre: psp-device-get-locked
- post: psp-device-unlock
- dump:
- reply: *dev-all
- -
- name: dev-add-ntf
- doc: Notification about device appearing.
- notify: dev-get
- mcgrp: mgmt
- -
- name: dev-del-ntf
- doc: Notification about device disappearing.
- notify: dev-get
- mcgrp: mgmt
- -
- name: dev-set
- doc: Set the configuration of a PSP device.
- attribute-set: dev
- do:
- request:
- attributes:
- - id
- - psp-versions-ena
- reply:
- attributes: []
- pre: psp-device-get-locked
- post: psp-device-unlock
- -
- name: dev-change-ntf
- doc: Notification about device configuration being changed.
- notify: dev-get
- mcgrp: mgmt
- -
- name: key-rotate
- doc: Rotate the device key.
- attribute-set: dev
- do:
- request:
- attributes:
- - id
- reply:
- attributes:
- - id
- pre: psp-device-get-locked
- post: psp-device-unlock
- -
- name: key-rotate-ntf
- doc: Notification about device key getting rotated.
- notify: key-rotate
- mcgrp: use
- -
- name: rx-assoc
- doc: Allocate a new Rx key + SPI pair, associate it with a socket.
- attribute-set: assoc
- do:
- request:
- attributes:
- - dev-id
- - version
- - sock-fd
- reply:
- attributes:
- - dev-id
- - rx-key
- pre: psp-assoc-device-get-locked
- post: psp-device-unlock
- -
- name: tx-assoc
- doc: Add a PSP Tx association.
- attribute-set: assoc
- do:
- request:
- attributes:
- - dev-id
- - version
- - tx-key
- - sock-fd
- reply:
- attributes: []
- pre: psp-assoc-device-get-locked
- post: psp-device-unlock
- -
- name: get-stats
- doc: Get device statistics.
- attribute-set: stats
- do:
- request:
- attributes:
- - dev-id
- reply: &stats-all
- attributes:
- - dev-id
- - key-rotations
- - stale-events
- pre: psp-device-get-locked
- post: psp-device-unlock
- dump:
- reply: *stats-all
- mcast-groups:
- list:
- -
- name: mgmt
- -
- name: use
- ...
|