Re: [RFC 1/4] net/handshake: get negotiated tls record size limit
From: Hannes Reinecke <hare@suse.de>
Date: 2025-07-29 08:12:52
Also in:
linux-doc, linux-nfs, linux-nvme, lkml
On 7/29/25 04:41, Wilfred Mallawa wrote:
quoted hunk ↗ jump to hunk
From: Wilfred Mallawa <redacted> During a handshake, an endpoint may specify a maximum record size limit. Currently, this limit is not visble to the kernel particularly in the case where userspace handles the handshake (tlshd/gnutls). This patch adds support for retrieving the record size limit. This is the first step in ensuring that the kernel can respect the record size limit imposed by the endpoint. Signed-off-by: Wilfred Mallawa <redacted> --- Documentation/netlink/specs/handshake.yaml | 3 +++ Documentation/networking/tls-handshake.rst | 8 +++++++- drivers/nvme/host/tcp.c | 3 ++- drivers/nvme/target/tcp.c | 3 ++- include/net/handshake.h | 4 +++- include/uapi/linux/handshake.h | 1 + net/handshake/genl.c | 5 +++-- net/handshake/tlshd.c | 15 +++++++++++++-- net/sunrpc/svcsock.c | 4 +++- net/sunrpc/xprtsock.c | 4 +++- 10 files changed, 40 insertions(+), 10 deletions(-)diff --git a/Documentation/netlink/specs/handshake.yaml b/Documentation/netlink/specs/handshake.yaml index b934cc513e3d..35d5eb91a3f9 100644 --- a/Documentation/netlink/specs/handshake.yaml +++ b/Documentation/netlink/specs/handshake.yaml@@ -84,6 +84,9 @@ attribute-sets: name: remote-auth type: u32 multi-attr: true + - + name: record-size-limit + type: u32 operations: list:diff --git a/Documentation/networking/tls-handshake.rst b/Documentation/networking/tls-handshake.rst index 6f5ea1646a47..cd984a137779 100644 --- a/Documentation/networking/tls-handshake.rst +++ b/Documentation/networking/tls-handshake.rst@@ -169,7 +169,8 @@ The synopsis of this function is: .. code-block:: c typedef void (*tls_done_func_t)(void *data, int status, - key_serial_t peerid); + key_serial_t peerid, + size_t tls_record_size_limit); The consumer provides a cookie in the @ta_data field of the tls_handshake_args structure that is returned in the @data parameter of
Why is this exposed to the TLS handshake consumer? The TLS record size is surely required for handling and processing TLS streams in net/tls, but the consumer of that (eg NVMe-TCP, NFS) are blissfully unaware that there _are_ such things like TLS records. And they really should keep it that way. So I'd really _not_ expose that to any ULP and keep it internal to the TLS layer. Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@suse.de +49 911 74053 688 SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich