Date: Fri, 15 Jul 2022 17:10:14 -0400 From: Jason Mader <jasonmader@gmail.com> To: freebsd-net@freebsd.org Subject: IPv6 ESP payload size is smaller than expected Message-ID: <CACguuiD0yS%2BpyKiZjmS%2Be04aQ4MpHfSBuXWz1LrBj_dWnXUv=w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
--000000000000791ceb05e3de720e Content-Type: text/plain; charset="UTF-8" On a FreeBSD 12.0 NFSv4.1 server with Linux 5.14 NFS clients communicating over IPsec ESP transport, spdadd -6 Network::/64[any] FreeBSD::12[2049] tcp -P in ipsec esp/transport//require; spdadd -6 FreeBSD::12[any] Network::/64[any] tcp -P out ipsec esp/transport//require; I've found that the Linux NFS client will perform NFS writes with an ESP payload size of 1428 (TCP Seg Len: 1394), but the FreeBSD NFS server response to read has an ESP payload size of 1368 (1363 data + 3 bytes padding) (TCP Seg Len: 1331). Linux writes will have an ESP Payload of 1460 bytes, but the reads from the FreeBSD NFS server have an ESP Payload of only 1400 bytes. The encryption algorithm for ESP is aes-gcm-16. socket information from Linux NFS client, mss:1394 pmtu:1466 rcvmss:1331 advmss:1428 I am trying to find out why FreeBSD NFS is not sending the same amount of data in each packet as Linux. --000000000000791ceb05e3de720e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>On a FreeBSD 12.0 NFSv4.1 server with Linux 5.14 NFS = clients communicating over IPsec ESP transport,</div><div><br></div>spdadd = -6 Network::/64[any] FreeBSD::12[2049] tcp -P in =C2=A0ipsec esp/transport/= /require;<br><div>spdadd -6 FreeBSD::12[any]=C2=A0Network::/64[any] tcp -P = out ipsec esp/transport//require;</div><div><br></div><div>I've found t= hat the Linux NFS client will perform NFS writes with an ESP payload size o= f 1428 (TCP Seg Len: 1394), but the FreeBSD NFS server response to read has= an ESP payload size of 1368 (1363 data=C2=A0+ 3 bytes padding)=C2=A0(TCP S= eg Len: 1331).</div><div><br></div><div>Linux writes will have an ESP Paylo= ad of 1460 bytes, but the reads from the FreeBSD NFS server have an ESP Pay= load of only 1400 bytes.</div><div><br></div><div>The encryption algorithm = for ESP is=C2=A0aes-gcm-16.</div><div><br></div><div>socket information fro= m Linux NFS client,</div><div>mss:1394 pmtu:1466 rcvmss:1331 advmss:1428</d= iv><div><br></div><div>I am trying to find out why FreeBSD NFS is not sendi= ng the same amount of data in each packet as Linux.</div></div> --000000000000791ceb05e3de720e--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACguuiD0yS%2BpyKiZjmS%2Be04aQ4MpHfSBuXWz1LrBj_dWnXUv=w>