On Wed, 22 Oct 2025 10:19:36 +1000 Wilfred Mallawa wrote:
+TLS_TX_MAX_PAYLOAD_LEN +~~~~~~~~~~~~~~~~~~~~~~
+Specifies the maximum size of the plaintext payload for transmitted TLS records.
+When this option is set, the kernel enforces the specified limit on all outgoing +TLS records. No plaintext fragment will exceed this size. This option can be used +to implement the TLS Record Size Limit extension [1].
+* For TLS 1.2, the value corresponds directly to the record size limit. +* For TLS 1.3, the value should be set to record_size_limit - 1, since
- the record size limit includes one additional byte for the ContentType
- field.
+The valid range for this option is 64 to 16384 bytes for TLS 1.2, and 63 to +16384 bytes for TLS 1.3. The lower minimum for TLS 1.3 accounts for the +extra byte used by the ContentType field.
Sorry for not paying attention to the last few revisions.
So we decided to go with the non-RFC definition of the sockopt parameter? Is there a reason for that? I like how the "per RFC" behavior shifts any blame away from us :)
- err = nla_put_u16(skb, TLS_INFO_TX_MAX_PAYLOAD_LEN,
ctx->tx_max_payload_len);
nit: unnecessary empty line
- if (err)
goto nla_failure;