Hi Wilfred - On 7/28/25 10:41 PM, Wilfred Mallawa wrote: > From: Wilfred Mallawa <wilfred.mallawa@xxxxxxx> > > During a tls handshake, an endpoint may specify a maximum record size limit. As > specified by [1]. which allows peers to negotiate a maximum plaintext record > size during the TLS handshake. If a TLS endpoint receives a record larger > than its advertised limit, it must send a fatal "record_overflow" alert [1]. > Currently, this limit is not visble to the kernel, particularly in the case > where userspace handles the handshake (tlshd/gnutls). This paragraph essentially says "The spec says we can, so I'm implementing it". Generally we don't implement spec features just because they are there. What we reviewers need instead is a problem statement. What is not working for you, and why is this the best way to solve it? > This series in conjunction with the respective userspace changes for tlshd [2] > and gnutls [3], adds support for the kernel the receive the negotiated record > size limit through the existing netlink communication layer, and use this > value to limit outgoing records to the size specified. As Hannes asked elsewhere, why is it up to the TLS consumer to be aware of this limit? Given the description here, it sounds to me like something that should be handled for all consumers by the TLS layer. > [1] https://www.rfc-editor.org/rfc/rfc8449 > [2] https://github.com/oracle/ktls-utils/pull/112 > [3] https://gitlab.com/gnutls/gnutls/-/merge_requests/1989 > > Wilfred Mallawa (4): > net/handshake: get negotiated tls record size limit > net/tls/tls_sw: use the record size limit specified > nvme/host/tcp: set max record size in the tls context > nvme/target/tcp: set max record size in the tls context > > Documentation/netlink/specs/handshake.yaml | 3 +++ > Documentation/networking/tls-handshake.rst | 8 +++++++- > drivers/nvme/host/tcp.c | 18 +++++++++++++++++- > drivers/nvme/target/tcp.c | 16 +++++++++++++++- > include/net/handshake.h | 4 +++- > include/net/tls.h | 1 + > include/uapi/linux/handshake.h | 1 + > net/handshake/genl.c | 5 +++-- > net/handshake/tlshd.c | 15 +++++++++++++-- > net/sunrpc/svcsock.c | 4 +++- > net/sunrpc/xprtsock.c | 4 +++- > net/tls/tls_sw.c | 10 +++++++++- > 12 files changed, 78 insertions(+), 11 deletions(-) > -- Chuck Lever
