From: Jakub Kicinski <kuba@kernel.org>
To: Wilfred Mallawa <wilfred.opensource@gmail.com>,
Sabrina Dubroca <sd@queasysnail.net>
Cc: netdev@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
"David S . Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Jonathan Corbet <corbet@lwn.net>,
Simon Horman <horms@kernel.org>,
John Fastabend <john.fastabend@gmail.com>,
Shuah Khan <shuah@kernel.org>,
Wilfred Mallawa <wilfred.mallawa@wdc.com>
Subject: Re: [PATCH net-next v8 1/2] net/tls: support setting the maximum payload size
Date: Thu, 23 Oct 2025 18:44:04 -0700 [thread overview]
Message-ID: <20251023184404.4dd617f0@kernel.org> (raw)
In-Reply-To: <20251022001937.20155-1-wilfred.opensource@gmail.com>
On Wed, 22 Oct 2025 10:19:36 +1000 Wilfred Mallawa wrote:
> +TLS_TX_MAX_PAYLOAD_LEN
> +~~~~~~~~~~~~~~~~~~~~~~
> +
> +Specifies the maximum size of the plaintext payload for transmitted TLS records.
> +
> +When this option is set, the kernel enforces the specified limit on all outgoing
> +TLS records. No plaintext fragment will exceed this size. This option can be used
> +to implement the TLS Record Size Limit extension [1].
> +
> +* For TLS 1.2, the value corresponds directly to the record size limit.
> +* For TLS 1.3, the value should be set to record_size_limit - 1, since
> + the record size limit includes one additional byte for the ContentType
> + field.
> +
> +The valid range for this option is 64 to 16384 bytes for TLS 1.2, and 63 to
> +16384 bytes for TLS 1.3. The lower minimum for TLS 1.3 accounts for the
> +extra byte used by the ContentType field.
> +
> +[1] https://datatracker.ietf.org/doc/html/rfc8449
Sorry for not paying attention to the last few revisions.
So we decided to go with the non-RFC definition of the sockopt
parameter? Is there a reason for that? I like how the "per RFC"
behavior shifts any blame away from us :)
> + err = nla_put_u16(skb, TLS_INFO_TX_MAX_PAYLOAD_LEN,
> + ctx->tx_max_payload_len);
> +
nit: unnecessary empty line
> + if (err)
> + goto nla_failure;
next prev parent reply other threads:[~2025-10-24 1:44 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-22 0:19 [PATCH net-next v8 1/2] net/tls: support setting the maximum payload size Wilfred Mallawa
2025-10-22 0:19 ` [PATCH net-next v8 2/2] selftests: tls: add tls record_size_limit test Wilfred Mallawa
2025-10-22 21:51 ` Sabrina Dubroca
2025-10-22 21:51 ` [PATCH net-next v8 1/2] net/tls: support setting the maximum payload size Sabrina Dubroca
2025-10-24 1:44 ` Jakub Kicinski [this message]
2025-10-24 2:11 ` Wilfred Mallawa
2025-10-24 23:33 ` Jakub Kicinski
2025-10-26 8:50 ` Wilfred Mallawa
2025-10-27 11:32 ` Sabrina Dubroca
2025-10-27 23:13 ` Jakub Kicinski
2025-10-27 23:30 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251023184404.4dd617f0@kernel.org \
--to=kuba@kernel.org \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sd@queasysnail.net \
--cc=shuah@kernel.org \
--cc=wilfred.mallawa@wdc.com \
--cc=wilfred.opensource@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.