On Thu, Jan 03, 2019 at 04:16:56PM +0530, Harsh Jain wrote: > > On 02-01-2019 18:21, Herbert Xu wrote: > > Does this occur if you use software crypto on the receiving end > > while keeping the sending end unchanged? > > I tried with "authencesn(hmac(sha1-ssse3),cbc(aes-asm))" on both sides. > > Server : iperf -s -w 512k -p 20002 > > Client : iperf -t 60 -w 512k -l 2048 -c 1.0.0.96 -P 32 -p 20002 > > > > > If not then I would start debugging this within your driver. > > ESP Packet whose's sequence No. is out of window gets dropped with EBADMSG. It seems that "xfrm_replay_seqhi" intentionally increments the "seq_hi" to fail verification for Out of seq packet. Yes, this is defined in RFC 4303 Appendix A2.2.
