IPv6 ESP payload size is smaller than expected
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 15 Jul 2022 21:10:14 UTC
On a FreeBSD 12.0 NFSv4.1 server with Linux 5.14 NFS clients communicating over IPsec ESP transport, spdadd -6 Network::/64[any] FreeBSD::12[2049] tcp -P in ipsec esp/transport//require; spdadd -6 FreeBSD::12[any] Network::/64[any] tcp -P out ipsec esp/transport//require; I've found that the Linux NFS client will perform NFS writes with an ESP payload size of 1428 (TCP Seg Len: 1394), but the FreeBSD NFS server response to read has an ESP payload size of 1368 (1363 data + 3 bytes padding) (TCP Seg Len: 1331). Linux writes will have an ESP Payload of 1460 bytes, but the reads from the FreeBSD NFS server have an ESP Payload of only 1400 bytes. The encryption algorithm for ESP is aes-gcm-16. socket information from Linux NFS client, mss:1394 pmtu:1466 rcvmss:1331 advmss:1428 I am trying to find out why FreeBSD NFS is not sending the same amount of data in each packet as Linux.