From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from fhigh-b2-smtp.messagingengine.com (fhigh-b2-smtp.messagingengine.com [202.12.124.153]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C2F027B354; Wed, 22 Oct 2025 21:51:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=202.12.124.153 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761169876; cv=none; b=KWYTGHZ0QYoct30WUEpPCW/1HjxTkGsERv9Z7DVms99RiMlLag93HYyHvlEncXUmnYPaKsYO50IGwREVmVPxcJT6J8sVwO9nzqrrNwKmlg0ToYTt0YphYknygyALWtmddwLGqK+ofuQr5F86Lzw7+TQpDCDvxuY+AF9xpeiWR04= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1761169876; c=relaxed/simple; bh=dn0HwXYQmRQZXxo4hkZFxuJSWZQyybh4xR+3qIH7kd8=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=TcUmnkAXEbMppukQTSoXADUbA08id8MiUVGt4kVtq6XWXRMt8BOk+TOE/PW1rXaepRqaJDqrB4+rltyBZx+EtqaCiSJ3pTnu9IFdiyGhU1+2FJltFPeb+/7kPZ9ppTwClVKelqxO7MYSyDtOVYUXNRta+t7yf9gk55LhDC+a1Eo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=queasysnail.net; spf=pass smtp.mailfrom=queasysnail.net; dkim=pass (2048-bit key) header.d=queasysnail.net header.i=@queasysnail.net header.b=KuwbYWp2; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b=mALDxU6u; arc=none smtp.client-ip=202.12.124.153 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=queasysnail.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=queasysnail.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=queasysnail.net header.i=@queasysnail.net header.b="KuwbYWp2"; dkim=pass (2048-bit key) header.d=messagingengine.com header.i=@messagingengine.com header.b="mALDxU6u" Received: from phl-compute-12.internal (phl-compute-12.internal [10.202.2.52]) by mailfhigh.stl.internal (Postfix) with ESMTP id 01E337A0125; Wed, 22 Oct 2025 17:51:11 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-12.internal (MEProxy); Wed, 22 Oct 2025 17:51:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=queasysnail.net; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to; s=fm3; t=1761169871; x= 1761256271; bh=hbG6RsnJYSgulUi4OAThtCw5VfjfNUbCoBtc+xp3w7g=; b=K uwbYWp2BQH2k1UF4Gcwg2z3z1f3vZnDqoU/DhGEc+TCIB8gmohgm+Yib5XtNl2wE 1GiCIyPcg6UTha6jt0e1g4sSP5+FncC5fFLt4pBHrXvbFaDI4zfWPiiJX52ZTVYW bKX64BcY3OYzI0Sau4mkTmx1weZI8elFj1JfaewCNzC5gm3NCXLkcqUZq7HqUbf4 kZj4wR6rEftZ9iQc93TNVjr2zpN+8szXdCgrpVE5Qd78qJTQ3EKW+tjCHJ8qSod8 dl6TFbGyuqkbyS0GVGoGsEpLC6pPLTkBcyHuRa6+xLpEhyQQn9ob8Nn2AEACM4qw 83fpZlpZ2Jq2HFIrHLirg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1761169871; x=1761256271; bh=hbG6RsnJYSgulUi4OAThtCw5VfjfNUbCoBt c+xp3w7g=; b=mALDxU6u4ug2q5nX7gWT/vJIh6d0vG9Uvc5JMYJA3uJTNvCsLib Ve/F5d1pjFGtgsJEWbt7BYGmJSZeZQU21MTYI69+uvQZzKM5JkZYUFhmqTZkycKw rf3oDXBD36CjqV0bbYq8HqeBZiIirFG52+9oT82iPh3eegMNFHiPirjLnj+JhcDx bGS15bHLe9UFFXHnH8sSGsHrz4S6fRlQ4YhRT6TRQDhT/xVhsYBpolw9FfMB6qh9 4btr4QsR/5i4rRjbVnTAujM7u3vXcmN2uaSWuiI20Qk+LGTGZVQ5G4UKJEEu3t0N XqdRZTIjbDCo78gxjLa+LRVCYZpIrChQ76Q== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddugeegjeduucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf gurhepfffhvfevuffkfhggtggujgesthdtrodttddtjeenucfhrhhomhepufgrsghrihhn rgcuffhusghrohgtrgcuoehsugesqhhuvggrshihshhnrghilhdrnhgvtheqnecuggftrf grthhtvghrnhepveeileffffegueduleffgeeghefgkeffuedvhfehtdfgtdekhfetteef gfejueefnecuffhomhgrihhnpehrfhgtqdgvughithhorhdrohhrghenucevlhhushhtvg hrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehsugesqhhuvggrshihshhn rghilhdrnhgvthdpnhgspghrtghpthhtohepudegpdhmohguvgepshhmthhpohhuthdprh gtphhtthhopeifihhlfhhrvggurdhophgvnhhsohhurhgtvgesghhmrghilhdrtghomhdp rhgtphhtthhopehnvghtuggvvhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtth hopehlihhnuhigqdguohgtsehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtohep lhhinhhugidqkhgvrhhnvghlsehvghgvrhdrkhgvrhhnvghlrdhorhhgpdhrtghpthhtoh eplhhinhhugidqkhhsvghlfhhtvghsthesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgt phhtthhopegurghvvghmsegurghvvghmlhhofhhtrdhnvghtpdhrtghpthhtohepvgguuh hmrgiivghtsehgohhoghhlvgdrtghomhdprhgtphhtthhopehkuhgsrgeskhgvrhhnvghl rdhorhhgpdhrtghpthhtohepphgrsggvnhhisehrvgguhhgrthdrtghomh X-ME-Proxy: Feedback-ID: i934648bf:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 22 Oct 2025 17:51:10 -0400 (EDT) Date: Wed, 22 Oct 2025 23:51:09 +0200 From: Sabrina Dubroca To: Wilfred Mallawa Cc: netdev@vger.kernel.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Jonathan Corbet , Simon Horman , John Fastabend , Shuah Khan , Wilfred Mallawa Subject: Re: [PATCH net-next v8 1/2] net/tls: support setting the maximum payload size Message-ID: References: <20251022001937.20155-1-wilfred.opensource@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20251022001937.20155-1-wilfred.opensource@gmail.com> 2025-10-22, 10:19:36 +1000, Wilfred Mallawa wrote: > From: Wilfred Mallawa > > During a handshake, an endpoint may specify a maximum record size limit. > Currently, the kernel defaults to TLS_MAX_PAYLOAD_SIZE (16KB) for the > maximum record size. Meaning that, the outgoing records from the kernel > can exceed a lower size negotiated during the handshake. In such a case, > the TLS endpoint must send a fatal "record_overflow" alert [1], and > thus the record is discarded. > > Upcoming Western Digital NVMe-TCP hardware controllers implement TLS > support. For these devices, supporting TLS record size negotiation is > necessary because the maximum TLS record size supported by the controller > is less than the default 16KB currently used by the kernel. > > Currently, there is no way to inform the kernel of such a limit. This patch > adds support to a new setsockopt() option `TLS_TX_MAX_PAYLOAD_LEN` that > allows for setting the maximum plaintext fragment size. Once set, outgoing > records are no larger than the size specified. This option can be used to > specify the record size limit. > > [1] https://www.rfc-editor.org/rfc/rfc8449 > > Signed-off-by: Wilfred Mallawa > --- > V7 -> V8: > - Fixup HTML doc indentation > - Drop the getsockopt() change in V7 where ContentType was included in the > max payload length > --- > Documentation/networking/tls.rst | 20 ++++++++++ > include/net/tls.h | 3 ++ > include/uapi/linux/tls.h | 2 + > net/tls/tls_device.c | 2 +- > net/tls/tls_main.c | 64 ++++++++++++++++++++++++++++++++ > net/tls/tls_sw.c | 2 +- > 6 files changed, 91 insertions(+), 2 deletions(-) Reviewed-by: Sabrina Dubroca Thanks Wilfred. -- Sabrina