Logo of The Linux Kernel

The Linux Kernel

next-20251121

Quick search

Contents

  • Development process
  • Submitting patches
  • Code of conduct
  • Maintainer handbook
  • All development-process docs
  • Core API
  • Driver APIs
  • Subsystems
    • Core subsystems
    • Human interfaces
    • Networking interfaces
      • Networking
      • NetLabel
      • InfiniBand
      • ISDN
      • MHI
    • Storage interfaces
    • Other subsystems
  • Locking
  • Licensing rules
  • Writing documentation
  • Development tools
  • Testing guide
  • Hacking guide
  • Tracing
  • Fault injection
  • Livepatching
  • Rust
  • Administration
  • Build system
  • Reporting issues
  • Userspace tools
  • Userspace API
  • Firmware
  • Firmware and Devicetree
  • CPU architectures
  • Unsorted documentation
  • Translations

This Page

  • Show Source

Family psp netlink specification¶

Contents

  • Family psp netlink specification

    • Summary

    • Operations

      • dev-get

      • dev-add-ntf

      • dev-del-ntf

      • dev-set

      • dev-change-ntf

      • key-rotate

      • key-rotate-ntf

      • rx-assoc

      • tx-assoc

      • get-stats

    • Multicast groups

    • Definitions

      • version

    • Attribute sets

      • dev

      • assoc

      • keys

      • stats

Summary¶

PSP Security Protocol Generic Netlink family.

Operations¶

dev-get¶

Get / dump information about PSP capable devices on the system.

attribute-set:

dev

do:
request
attributes:

[id]

reply
attributes:

[id, ifindex, psp-versions-cap, psp-versions-ena]

pre

psp-device-get-locked

post

psp-device-unlock

dump:
reply
attributes:

[id, ifindex, psp-versions-cap, psp-versions-ena]

dev-add-ntf¶

Notification about device appearing.

notify:

dev-get

mcgrp:

mgmt

dev-del-ntf¶

Notification about device disappearing.

notify:

dev-get

mcgrp:

mgmt

dev-set¶

Set the configuration of a PSP device.

attribute-set:

dev

do:
request
attributes:

[id, psp-versions-ena]

reply
attributes:

[]

pre

psp-device-get-locked

post

psp-device-unlock

dev-change-ntf¶

Notification about device configuration being changed.

notify:

dev-get

mcgrp:

mgmt

key-rotate¶

Rotate the device key.

attribute-set:

dev

do:
request
attributes:

[id]

reply
attributes:

[id]

pre

psp-device-get-locked

post

psp-device-unlock

key-rotate-ntf¶

Notification about device key getting rotated.

notify:

key-rotate

mcgrp:

use

rx-assoc¶

Allocate a new Rx key + SPI pair, associate it with a socket.

attribute-set:

assoc

do:
request
attributes:

[dev-id, version, sock-fd]

reply
attributes:

[dev-id, rx-key]

pre

psp-assoc-device-get-locked

post

psp-device-unlock

tx-assoc¶

Add a PSP Tx association.

attribute-set:

assoc

do:
request
attributes:

[dev-id, version, tx-key, sock-fd]

reply
attributes:

[]

pre

psp-assoc-device-get-locked

post

psp-device-unlock

get-stats¶

Get device statistics.

attribute-set:

stats

do:
request
attributes:

[dev-id]

reply
attributes:

[dev-id, key-rotations, stale-events]

pre

psp-device-get-locked

post

psp-device-unlock

dump:
reply
attributes:

[dev-id, key-rotations, stale-events]

Multicast groups¶

  • mgmt

  • use

Definitions¶

version¶

type:

enum

entries:

  • hdr0-aes-gcm-128

  • hdr0-aes-gcm-256

  • hdr0-aes-gmac-128

  • hdr0-aes-gmac-256

Attribute sets¶

dev¶

id (u32)¶

doc:

PSP device ID.

ifindex (u32)¶

doc:

ifindex of the main netdevice linked to the PSP device.

psp-versions-cap (u32)¶

doc:

Bitmask of PSP versions supported by the device.

enum:

version

enum-as-flags:

True

psp-versions-ena (u32)¶

doc:

Bitmask of currently enabled (accepted on Rx) PSP versions.

enum:

version

enum-as-flags:

True

assoc¶

dev-id (u32)¶

doc:

PSP device ID.

version (u32)¶

doc:

PSP versions (AEAD and protocol version) used by this association, dictates the size of the key.

enum:

version

rx-key (nest)¶

nested-attributes:

keys

tx-key (nest)¶

nested-attributes:

keys

sock-fd (u32)¶

doc:

Sockets which should be bound to the association immediately.

keys¶

key (binary)¶

spi (u32)¶

doc:

Security Parameters Index (SPI) of the association.

stats¶

dev-id (u32)¶

doc:

PSP device ID.

key-rotations (uint)¶

doc:

Number of key rotations during the lifetime of the device. Kernel statistic.

stale-events (uint)¶

doc:

Number of times a socket’s Rx got shut down due to using a key which went stale (fully rotated out). Kernel statistic.

rx-packets (uint)¶

doc:

Number of successfully processed and authenticated PSP packets. Device statistic (from the PSP spec).

rx-bytes (uint)¶

doc:

Number of successfully authenticated PSP bytes received, counting from the first byte after the IV through the last byte of payload. The fixed initial portion of the PSP header (16 bytes) and the PSP trailer/ICV (16 bytes) are not included in this count. Device statistic (from the PSP spec).

rx-auth-fail (uint)¶

doc:

Number of received PSP packets with unsuccessful authentication. Device statistic (from the PSP spec).

rx-error (uint)¶

doc:

Number of received PSP packets with length/framing errors. Device statistic (from the PSP spec).

rx-bad (uint)¶

doc:

Number of received PSP packets with miscellaneous errors (invalid master key indicated by SPI, unsupported version, etc.) Device statistic (from the PSP spec).

tx-packets (uint)¶

doc:

Number of successfully processed PSP packets for transmission. Device statistic (from the PSP spec).

tx-bytes (uint)¶

doc:

Number of successfully processed PSP bytes for transmit, counting from the first byte after the IV through the last byte of payload. The fixed initial portion of the PSP header (16 bytes) and the PSP trailer/ICV (16 bytes) are not included in this count. Device statistic (from the PSP spec).

tx-error (uint)¶

doc:

Number of PSP packets for transmission with errors. Device statistic (from the PSP spec).

©The kernel development community. | Powered by Sphinx 7.4.7 & Alabaster 0.7.16 | Page source