Family handshake netlink specification

Summary

Netlink protocol to request a transport layer security handshake.

Operations

ready

Notify handlers that a new handshake request is waiting

notify:

accept

accept

Handler retrieves next queued handshake request

attribute-set:

accept

flags:

[admin-perm]

do:

request

attributes:

[handler-class]

reply

attributes:

[sockfd, message-type, timeout, auth-mode, peer-identity, certificate, peername]

done

Handler reports handshake completion

attribute-set:

done

do:

request

attributes:

[status, sockfd, remote-auth]

Multicast groups

• none

• tlshd

Definitions

handler-class

type:

enum

value-start:

0

entries:

• none

• tlshd

• max

msg-type

type:

enum

value-start:

0

entries:

• unspec

• clienthello

• serverhello

auth

type:

enum

value-start:

0

entries:

• unspec

• unauth

• psk

• x509

Attribute sets

x509

cert (s32)

privkey (s32)

accept

sockfd (s32)

handler-class (u32)

enum:

handler-class

message-type (u32)

enum:

msg-type

timeout (u32)

auth-mode (u32)

enum:

auth

peer-identity (u32)

multi-attr:

True

certificate (nest)

nested-attributes:

x509

multi-attr:

True

peername (string)

done

status (u32)

sockfd (s32)

remote-auth (u32)

multi-attr:

True