nrfconnect · carlescufi · Jan 9, 2026 · Jan 9, 2026
@@ -352,7 +352,8 @@ static int sock_set_tls_options(
 	bool session_cache,
 	int peer_verify,
 	char *peer_hostname,
-	int dtls_cid)
+	int dtls_cid,
+	int dtls_frag_ext)
 {
 	int err;
 	uint32_t sec_tag_list[] = { sec_tag };
@@ -409,14 +410,25 @@ static int sock_set_tls_options(
 	}
 
 	/* DTLS CID */
-	if (dtls_cid != NRF_SO_SEC_DTLS_CID_DISABLED) {
+	if (dtls_cid != TLS_DTLS_CID_STATUS_DISABLED) {
 		err = setsockopt(fd, SOL_TLS, TLS_DTLS_CID, &dtls_cid, sizeof(dtls_cid));
 		if (err) {
 			mosh_error("Unable to set DTLS CID option, errno %d", errno);
 			return errno;
 		}
 	}
 
+	/* DTLS fragmentation extension */
+	if (dtls_frag_ext != DTLS_FRAG_EXT_DISABLED) {
+		err = setsockopt(fd, SOL_TLS, TLS_DTLS_FRAG_EXT, &dtls_frag_ext,
+				 sizeof(dtls_frag_ext));
+		if (err) {
+			mosh_error("Unable to set DTLS fragmentation extension option, errno %d",
+				   errno);
+			return errno;
+		}
+	}
+
 	return 0;
 }
 
@@ -538,7 +550,8 @@ int sock_open_and_connect(
 	bool keep_open,
 	int peer_verify,
 	char *peer_hostname,
-	int dtls_cid)
+	int dtls_cid,
+	int dtls_frag_ext)
 {
 	int err = -EINVAL;
 	int proto = 0;
@@ -549,8 +562,9 @@ int sock_open_and_connect(
 		   family, type, port, bind_port, pdn_cid, address);
 	if (secure) {
 		mosh_print("                        secure=%d, sec_tag=%u, session_cache=%d, "
-			   "peer_verify=%d, peer_hostname=%s, dtls_cid=%d",
-			   secure, sec_tag, session_cache, peer_verify, peer_hostname, dtls_cid);
+			   "peer_verify=%d, peer_hostname=%s, dtls_cid=%d, dtls_frag_ext=%d",
+			   secure, sec_tag, session_cache, peer_verify, peer_hostname, dtls_cid,
+			   dtls_frag_ext);
 	}
 
 	/* Reserve socket ID and structure for a new connection */
@@ -642,7 +656,7 @@ int sock_open_and_connect(
 	/* Set (D)TLS options */
 	if (secure) {
 		err = sock_set_tls_options(fd, sec_tag, session_cache, peer_verify,
-					   peer_hostname, dtls_cid);
+					   peer_hostname, dtls_cid, dtls_frag_ext);
 		if (err) {
 			goto connect_error;
 		}

@@ -27,7 +27,7 @@ int sock_open_and_connect(
 	int family, int type, char *address, int port,
 	int bind_port, int pdn_cid, bool secure, uint32_t sec_tag,
 	bool session_cache, bool keep_open, int peer_verify,
-	char *peer_hostname, int dtls_cid);
+	char *peer_hostname, int dtls_cid, int dtls_frag_ext);
 
 int sock_send_data(
 	int socket_id, char *data, int data_length, int interval, bool packet_number_prefix,

@@ -43,6 +43,7 @@ static const char sock_connect_usage_str[] =
 	"Usage: sock connect -a <address> -p <port>\n"
 	"       [-f <family>] [-t <type>] [-b <port>] [-I <cid>] [-K]\n"
 	"       [-S] [-T <sec_tag>] [-c] [-V <level>] [-H <hostname>]\n"
+	"       [-C <dtls_cid>] [-F <dtls_frag_ext>]\n"
 	"Options:\n"
 	"  -a, --address, [str]      Address as ip address or hostname\n"
 	"  -p, --port,  [int]        Port\n"
@@ -57,10 +58,14 @@ static const char sock_connect_usage_str[] =
 	"  -S, --secure,             Enable secure connection (TLS 1.2/DTLS 1.2).\n"
 	"  -T, --sec_tag, [int]      Security tag for TLS certificate(s).\n"
 	"  -c, --cache,              Enable TLS session cache.\n"
-	"  -V, --peer_verify, [int]  TLS peer verification level. None (0),\n"
-	"                            optional (1) or required (2). Default value is 2.\n"
+	"  -V, --peer_verify, [int]  TLS peer verification level: 0 (none), 1 (optional) or\n"
+	"                            2 (required, default).\n"
 	"  -H, --hostname, [str]     Hostname for TLS peer verification.\n"
-	"  -C, --dtls_cid, [int]     DTLS CID setting: 0 (disabled), 1 (supported), 2 (enabled).\n"
+	"  -C, --dtls_cid, [int]     DTLS CID setting: 0 (disabled, default), 1 (supported) or\n"
+	"                            2 (enabled).\n"
+	"  -F, --dtls_frag_ext, [int]\n"
+	"                            DTLS fragmentation extension setting:\n"
+	"                            0 (disabled, default), 1 (512 bytes) or 2 (1024 bytes).\n"
 	"  -h, --help,               Shows this help information";
 
 static const char sock_close_usage_str[] =
@@ -259,6 +264,7 @@ static struct option long_options[] = {
 	{ "peer_verify",    required_argument, 0, 'V' },
 	{ "hostname",       required_argument, 0, 'H' },
 	{ "dtls_cid",       required_argument, 0, 'C' },
+	{ "dtls_frag_ext",  required_argument, 0, 'F' },
 	{ "data",           required_argument, 0, 'd' },
 	{ "length",         required_argument, 0, 'l' },
 	{ "period",         required_argument, 0, 'e' },
@@ -282,7 +288,7 @@ static struct option long_options[] = {
 	{ 0,                0,                 0, 0   }
 };
 
-static const char short_options[] = "i:I:a:p:f:t:b:ST:cV:H:C:d:l:e:s:xrB:WKP:o:v:h";
+static const char short_options[] = "i:I:a:p:f:t:b:ST:cV:H:C:F:d:l:e:s:xrB:WKP:o:v:h";
 
 static void sock_print_usage(enum sock_shell_command command)
 {
@@ -438,6 +444,7 @@ static int cmd_sock_connect(const struct shell *shell, size_t argc, char **argv)
 	int arg_peer_verify = 2;
 	char arg_peer_hostname[SOCK_MAX_ADDR_LEN + 1];
 	int arg_dtls_cid = 0;
+	int arg_dtls_frag_ext = 0;
 
 	memset(arg_address, 0, SOCK_MAX_ADDR_LEN + 1);
 	memset(arg_peer_hostname, 0, SOCK_MAX_ADDR_LEN + 1);
@@ -565,7 +572,15 @@ static int cmd_sock_connect(const struct shell *shell, size_t argc, char **argv)
 				return -EINVAL;
 			}
 			break;
-
+		case 'F': /* DTLS fragmentation extension */
+			arg_dtls_frag_ext = atoi(optarg);
+			if (arg_dtls_frag_ext < 0 || arg_dtls_frag_ext > 2) {
+				mosh_error(
+					"Valid values for DTLS fragmentation extension (%d) are "
+					"0, 1 and 2.", arg_dtls_frag_ext);
+				return -EINVAL;
+			}
+			break;
 		case 'h':
 			goto show_usage;
 		case '?':
@@ -593,7 +608,8 @@ static int cmd_sock_connect(const struct shell *shell, size_t argc, char **argv)
 		arg_keep_open,
 		arg_peer_verify,
 		arg_peer_hostname,
-		arg_dtls_cid);
+		arg_dtls_cid,
+		arg_dtls_frag_ext);
 
 	return err;