Linux Kernel Documentation / netlink / specs / handshake.yaml

Documentation / netlink / specs / handshake.yaml

Based on kernel version 6.15. Page generated on 2025-05-29 09:09 EST.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128

# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
#
# Author: Chuck Lever <chuck.lever@oracle.com>
#
# Copyright (c) 2023, Oracle and/or its affiliates.
#

name: handshake

protocol: genetlink

doc: Netlink protocol to request a transport layer security handshake.

definitions:
  -
    type: enum
    name: handler-class
    value-start: 0
    entries: [ none, tlshd, max ]
  -
    type: enum
    name: msg-type
    value-start: 0
    entries: [ unspec, clienthello, serverhello ]
  -
    type: enum
    name: auth
    value-start: 0
    entries: [ unspec, unauth, psk, x509 ]

attribute-sets:
  -
    name: x509
    attributes:
      -
        name: cert
        type: s32
      -
        name: privkey
        type: s32
  -
    name: accept
    attributes:
      -
        name: sockfd
        type: s32
      -
        name: handler-class
        type: u32
        enum: handler-class
      -
        name: message-type
        type: u32
        enum: msg-type
      -
        name: timeout
        type: u32
      -
        name: auth-mode
        type: u32
        enum: auth
      -
        name: peer-identity
        type: u32
        multi-attr: true
      -
        name: certificate
        type: nest
        nested-attributes: x509
        multi-attr: true
      -
        name: peername
        type: string
  -
    name: done
    attributes:
      -
        name: status
        type: u32
      -
        name: sockfd
        type: s32
      -
        name: remote-auth
        type: u32
        multi-attr: true

operations:
  list:
    -
      name: ready
      doc: Notify handlers that a new handshake request is waiting
      notify: accept
    -
      name: accept
      doc: Handler retrieves next queued handshake request
      attribute-set: accept
      flags: [ admin-perm ]
      do:
        request:
          attributes:
            - handler-class
        reply:
          attributes:
            - sockfd
            - message-type
            - timeout
            - auth-mode
            - peer-identity
            - certificate
            - peername
    -
      name: done
      doc: Handler reports handshake completion
      attribute-set: done
      do:
        request:
          attributes:
            - status
            - sockfd
            - remote-auth

mcast-groups:
  list:
    -
      name: none
    -
      name: tlshd