Thread (14 messages) 14 messages, 4 authors, 2025-08-07

Re: [RFC 1/4] net/handshake: get negotiated tls record size limit

From: Hannes Reinecke <hare@suse.de>
Date: 2025-07-29 08:12:52
Also in: linux-doc, linux-nfs, linux-nvme, lkml

On 7/29/25 04:41, Wilfred Mallawa wrote:
quoted hunk ↗ jump to hunk
From: Wilfred Mallawa <redacted>

During a handshake, an endpoint may specify a maximum record size limit.
Currently, this limit is not visble to the kernel particularly in the case
where userspace handles the handshake (tlshd/gnutls). This patch adds
support for retrieving the record size limit.

This is the first step in ensuring that the kernel can respect the record
size limit imposed by the endpoint.

Signed-off-by: Wilfred Mallawa <redacted>
---
  Documentation/netlink/specs/handshake.yaml |  3 +++
  Documentation/networking/tls-handshake.rst |  8 +++++++-
  drivers/nvme/host/tcp.c                    |  3 ++-
  drivers/nvme/target/tcp.c                  |  3 ++-
  include/net/handshake.h                    |  4 +++-
  include/uapi/linux/handshake.h             |  1 +
  net/handshake/genl.c                       |  5 +++--
  net/handshake/tlshd.c                      | 15 +++++++++++++--
  net/sunrpc/svcsock.c                       |  4 +++-
  net/sunrpc/xprtsock.c                      |  4 +++-
  10 files changed, 40 insertions(+), 10 deletions(-)
diff --git a/Documentation/netlink/specs/handshake.yaml b/Documentation/netlink/specs/handshake.yaml
index b934cc513e3d..35d5eb91a3f9 100644
--- a/Documentation/netlink/specs/handshake.yaml
+++ b/Documentation/netlink/specs/handshake.yaml
@@ -84,6 +84,9 @@ attribute-sets:
          name: remote-auth
          type: u32
          multi-attr: true
+      -
+        name: record-size-limit
+        type: u32
  
  operations:
    list:
diff --git a/Documentation/networking/tls-handshake.rst b/Documentation/networking/tls-handshake.rst
index 6f5ea1646a47..cd984a137779 100644
--- a/Documentation/networking/tls-handshake.rst
+++ b/Documentation/networking/tls-handshake.rst
@@ -169,7 +169,8 @@ The synopsis of this function is:
  .. code-block:: c
  
    typedef void	(*tls_done_func_t)(void *data, int status,
-                                   key_serial_t peerid);
+                                   key_serial_t peerid,
+                                   size_t tls_record_size_limit);
  
  The consumer provides a cookie in the @ta_data field of the
  tls_handshake_args structure that is returned in the @data parameter of
Why is this exposed to the TLS handshake consumer?
The TLS record size is surely required for handling and processing TLS
streams in net/tls, but the consumer of that (eg NVMe-TCP, NFS)
are blissfully unaware that there _are_ such things like TLS records.
And they really should keep it that way.

So I'd really _not_ expose that to any ULP and keep it internal to
the TLS layer.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                  Kernel Storage Architect
hare@suse.de                                +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help