On Tue, 2025-10-21 at 12:35 +0100, Simon Horman wrote: > On Tue, Oct 21, 2025 at 07:29:17PM +1000, Wilfred Mallawa wrote: > > ... > > > diff --git a/Documentation/networking/tls.rst > > b/Documentation/networking/tls.rst > > index 36cc7afc2527..ecaa7631ec46 100644 > > --- a/Documentation/networking/tls.rst > > +++ b/Documentation/networking/tls.rst > > @@ -280,6 +280,28 @@ If the record decrypted turns out to had been > > padded or is not a data > > record it will be decrypted again into a kernel buffer without > > zero copy. > > Such events are counted in the ``TlsDecryptRetry`` statistic. > > > > +TLS_TX_MAX_PAYLOAD_LEN > > +~~~~~~~~~~~~~~~~~~~~~~ > > + > > +Specifies the maximum size of the plaintext payload for > > transmitted TLS records. > > + > > +When this option is set, the kernel enforces the specified limit > > on all outgoing > > +TLS records. No plaintext fragment will exceed this size. This > > option can be used > > +to implement the TLS Record Size Limit extension [1]. > > + - For TLS 1.2, the value corresponds directly to the > > record size limit. > > Hi Wilfred, > > Unfortunately make htmldocs seems unhappy with the line above. > > .../tls.rst:291: ERROR: Unexpected indentation. [docutils] > > This was with Sphinx 8.1.3. Hey Simon,
Ah I didn't realise this wasn't allowed, will fixup and test with make htmldocs. Thanks! Wilfred > > > + - For TLS 1.3, the value should be set to > > record_size_limit - 1, since > > + the record size limit includes one additional byte for > > the ContentType > > + field. > > + > > +The valid range for this option is 64 to 16384 bytes for TLS 1.2, > > and 63 to > > +16384 bytes for TLS 1.3. The lower minimum for TLS 1.3 accounts > > for the > > +extra byte used by the ContentType field. > > + > > +For TLS 1.3, getsockopt() will return the total plaintext fragment > > length, > > +inclusive of the ContentType field. > > + > > +[1] https://datatracker.ietf.org/doc/html/rfc8449 > > + > > Statistics > > ========== > > ...
