On Wed, 22 Oct 2025 10:19:36 +1000 Wilfred Mallawa wrote: > +TLS_TX_MAX_PAYLOAD_LEN > +~~~~~~~~~~~~~~~~~~~~~~ > + > +Specifies the maximum size of the plaintext payload for transmitted TLS > records. > + > +When this option is set, the kernel enforces the specified limit on all > outgoing > +TLS records. No plaintext fragment will exceed this size. This option can be > used > +to implement the TLS Record Size Limit extension [1]. > + > +* For TLS 1.2, the value corresponds directly to the record size limit. > +* For TLS 1.3, the value should be set to record_size_limit - 1, since > + the record size limit includes one additional byte for the ContentType > + field. > + > +The valid range for this option is 64 to 16384 bytes for TLS 1.2, and 63 to > +16384 bytes for TLS 1.3. The lower minimum for TLS 1.3 accounts for the > +extra byte used by the ContentType field. > + > +[1] https://datatracker.ietf.org/doc/html/rfc8449
Sorry for not paying attention to the last few revisions. So we decided to go with the non-RFC definition of the sockopt parameter? Is there a reason for that? I like how the "per RFC" behavior shifts any blame away from us :) > + err = nla_put_u16(skb, TLS_INFO_TX_MAX_PAYLOAD_LEN, > + ctx->tx_max_payload_len); > + nit: unnecessary empty line > + if (err) > + goto nla_failure;
