Re: [PATCH net-next v7 1/2] net/tls: support setting the maximum payload size

[Simon Horman <horms@kernel.org>]

On Tue, Oct 21, 2025 at 07:29:17PM +1000, Wilfred Mallawa wrote:

...

> diff --git a/Documentation/networking/tls.rst b/Documentation/networking/tls.rst
> index 36cc7afc2527..ecaa7631ec46 100644
> --- a/Documentation/networking/tls.rst
> +++ b/Documentation/networking/tls.rst
> @@ -280,6 +280,28 @@ If the record decrypted turns out to had been padded or is not a data
>  record it will be decrypted again into a kernel buffer without zero copy.
>  Such events are counted in the ``TlsDecryptRetry`` statistic.
>  
> +TLS_TX_MAX_PAYLOAD_LEN
> +~~~~~~~~~~~~~~~~~~~~~~
> +
> +Specifies the maximum size of the plaintext payload for transmitted TLS records.
> +
> +When this option is set, the kernel enforces the specified limit on all outgoing
> +TLS records. No plaintext fragment will exceed this size. This option can be used
> +to implement the TLS Record Size Limit extension [1].
> +	- For TLS 1.2, the value corresponds directly to the record size limit.

Hi Wilfred,

Unfortunately make htmldocs seems unhappy with the line above.

.../tls.rst:291: ERROR: Unexpected indentation. [docutils]

This was with Sphinx 8.1.3.

> +	- For TLS 1.3, the value should be set to record_size_limit - 1, since
> +	  the record size limit includes one additional byte for the ContentType
> +	  field.
> +
> +The valid range for this option is 64 to 16384 bytes for TLS 1.2, and 63 to
> +16384 bytes for TLS 1.3. The lower minimum for TLS 1.3 accounts for the
> +extra byte used by the ContentType field.
> +
> +For TLS 1.3, getsockopt() will return the total plaintext fragment length,
> +inclusive of the ContentType field.
> +
> +[1] https://datatracker.ietf.org/doc/html/rfc8449
> +
>  Statistics
>  ==========

...