From nobody Fri Jul 15 21:10:14 2022 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ll3sx4Fflz4Wf5x for ; Fri, 15 Jul 2022 21:10:29 +0000 (UTC) (envelope-from jasonmader@gmail.com) Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ll3sw4gs0z3t8b for ; Fri, 15 Jul 2022 21:10:28 +0000 (UTC) (envelope-from jasonmader@gmail.com) Received: by mail-lj1-x22e.google.com with SMTP id q7so6966711lji.12 for ; Fri, 15 Jul 2022 14:10:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=XHmSEe/J6j/Fxw3Xye1RNiNEsbrBqYmNcTJ0bvjhTdM=; b=MUE3lXG0mliNdDgdPJHgi8RNszBALV611lMZNLEdvQIUkD4mTtYiN//ZiAEAGT/tR4 PFgXsaTWIIZU06rhpGc+qjk5uPgHt7PW1zPUKi7sjE2IUH1E2XZEUWv5b0OMCVDjxScb A/oOJ+o6a1eiVWTwRnwj8+pCCq1aJSv0CZwgOLXvxNkdfETTbUU2uzoaIAm0XNHU/vBU B9ksvoKlMyEXE82Vr063BVVo+cZDV4zTRRAfTt5GBBpqDfVHT9duYhvd7DreH3wjVXaN VP3Lar9lMyUe0wSg5jE0REjuQuLgoC6NdHxZkbt1OpQTeYf9Gfs/qyEI5+j7KpyVL3A7 yOOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=XHmSEe/J6j/Fxw3Xye1RNiNEsbrBqYmNcTJ0bvjhTdM=; b=uLlI0UKf1Jgl4yzj4nVbprFR2goMUoRrRgId+34doK7DYdFIgMW0+RBI0vegLjZ0bG kHQRAx28mP8AzBKSPb4sNUYvq+hJQtcxYIGbBqqN62IchXFpVWRjuqJCzmywyPplkTOs 5dRjpwEOZk44AyLPTJSEEgBDFMDc60bZ9ncg4vOhXEDoI6n33MJfyV0MbhU8dXewsoOB 7A5yCc6xME1Eg4t1fke0nuCMJcojZMCIUfkhLRQyeKsQFVQOR3GNckAIHyyRcYsaAxMJ TCdrEXPGWK/FzJuVE0oIbTM1MB0xkHc9aaGzi5jY4QKBTQ9MTMPxmIUnsFa42qT/C6sA 9FJg== X-Gm-Message-State: AJIora8QwwtpZdLEJ2Dx6YExIbY9dUy+EeQTmShjMXo3n1dQS3BSjt2j xK4gGS3vQ0s8kXDeaNW5HlDLOh3nQyXbBJi+C2+TnJxe6rY= X-Google-Smtp-Source: AGRyM1uN/QFhOsgQie21mH6QhrOMrf++U0NiJLWlgiJspR4EqHwDKLjRooMjkPSkm/63yTKzHy0acaBzWUD38NhNZHY= X-Received: by 2002:a2e:8719:0:b0:25d:6852:f938 with SMTP id m25-20020a2e8719000000b0025d6852f938mr8120506lji.206.1657919426336; Fri, 15 Jul 2022 14:10:26 -0700 (PDT) List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 From: Jason Mader Date: Fri, 15 Jul 2022 17:10:14 -0400 Message-ID: Subject: IPv6 ESP payload size is smaller than expected To: freebsd-net@freebsd.org Content-Type: multipart/alternative; boundary="000000000000791ceb05e3de720e" X-Rspamd-Queue-Id: 4Ll3sw4gs0z3t8b X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=MUE3lXG0; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of jasonmader@gmail.com designates 2a00:1450:4864:20::22e as permitted sender) smtp.mailfrom=jasonmader@gmail.com X-Spamd-Result: default: False [-3.89 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-0.99)[-0.989]; NEURAL_HAM_SHORT(-0.90)[-0.896]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::22e:from]; MLMMJ_DEST(0.00)[freebsd-net]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; FREEMAIL_ENVFROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FREEMAIL_FROM(0.00)[gmail.com]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-ThisMailContainsUnwantedMimeParts: N --000000000000791ceb05e3de720e Content-Type: text/plain; charset="UTF-8" On a FreeBSD 12.0 NFSv4.1 server with Linux 5.14 NFS clients communicating over IPsec ESP transport, spdadd -6 Network::/64[any] FreeBSD::12[2049] tcp -P in ipsec esp/transport//require; spdadd -6 FreeBSD::12[any] Network::/64[any] tcp -P out ipsec esp/transport//require; I've found that the Linux NFS client will perform NFS writes with an ESP payload size of 1428 (TCP Seg Len: 1394), but the FreeBSD NFS server response to read has an ESP payload size of 1368 (1363 data + 3 bytes padding) (TCP Seg Len: 1331). Linux writes will have an ESP Payload of 1460 bytes, but the reads from the FreeBSD NFS server have an ESP Payload of only 1400 bytes. The encryption algorithm for ESP is aes-gcm-16. socket information from Linux NFS client, mss:1394 pmtu:1466 rcvmss:1331 advmss:1428 I am trying to find out why FreeBSD NFS is not sending the same amount of data in each packet as Linux. --000000000000791ceb05e3de720e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On a FreeBSD 12.0 NFSv4.1 server with Linux 5.14 NFS = clients communicating over IPsec ESP transport,

spdadd = -6 Network::/64[any] FreeBSD::12[2049] tcp -P in =C2=A0ipsec esp/transport/= /require;
spdadd -6 FreeBSD::12[any]=C2=A0Network::/64[any] tcp -P = out ipsec esp/transport//require;

I've found t= hat the Linux NFS client will perform NFS writes with an ESP payload size o= f 1428 (TCP Seg Len: 1394), but the FreeBSD NFS server response to read has= an ESP payload size of 1368 (1363 data=C2=A0+ 3 bytes padding)=C2=A0(TCP S= eg Len: 1331).

Linux writes will have an ESP Paylo= ad of 1460 bytes, but the reads from the FreeBSD NFS server have an ESP Pay= load of only 1400 bytes.

The encryption algorithm = for ESP is=C2=A0aes-gcm-16.

socket information fro= m Linux NFS client,
mss:1394 pmtu:1466 rcvmss:1331 advmss:1428

I am trying to find out why FreeBSD NFS is not sendi= ng the same amount of data in each packet as Linux.
--000000000000791ceb05e3de720e--