Documentation / netlink / specs / handshake.yaml


Based on kernel version 6.17. Page generated on 2025-10-03 10:04 EST.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 
# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
#
# Author: Chuck Lever <chuck.lever@oracle.com>
#
# Copyright (c) 2023, Oracle and/or its affiliates.
#
---
name: handshake

protocol: genetlink

doc: Netlink protocol to request a transport layer security handshake.

definitions:
  -
    type: enum
    name: handler-class
    value-start: 0
    entries: [none, tlshd, max]
  -
    type: enum
    name: msg-type
    value-start: 0
    entries: [unspec, clienthello, serverhello]
  -
    type: enum
    name: auth
    value-start: 0
    entries: [unspec, unauth, psk, x509]

attribute-sets:
  -
    name: x509
    attributes:
      -
        name: cert
        type: s32
      -
        name: privkey
        type: s32
  -
    name: accept
    attributes:
      -
        name: sockfd
        type: s32
      -
        name: handler-class
        type: u32
        enum: handler-class
      -
        name: message-type
        type: u32
        enum: msg-type
      -
        name: timeout
        type: u32
      -
        name: auth-mode
        type: u32
        enum: auth
      -
        name: peer-identity
        type: u32
        multi-attr: true
      -
        name: certificate
        type: nest
        nested-attributes: x509
        multi-attr: true
      -
        name: peername
        type: string
      -
        name: keyring
        type: u32
  -
    name: done
    attributes:
      -
        name: status
        type: u32
      -
        name: sockfd
        type: s32
      -
        name: remote-auth
        type: u32
        multi-attr: true

operations:
  list:
    -
      name: ready
      doc: Notify handlers that a new handshake request is waiting
      notify: accept
    -
      name: accept
      doc: Handler retrieves next queued handshake request
      attribute-set: accept
      flags: [admin-perm]
      do:
        request:
          attributes:
            - handler-class
        reply:
          attributes:
            - sockfd
            - message-type
            - timeout
            - auth-mode
            - peer-identity
            - certificate
            - peername
            - keyring
    -
      name: done
      doc: Handler reports handshake completion
      attribute-set: done
      do:
        request:
          attributes:
            - status
            - sockfd
            - remote-auth

mcast-groups:
  list:
    -
      name: none
    -
      name: tlshd