On 04-01-2019 14:04, Steffen Klassert wrote: > On Thu, Jan 03, 2019 at 04:16:56PM +0530, Harsh Jain wrote: >> On 02-01-2019 18:21, Herbert Xu wrote: >>> Does this occur if you use software crypto on the receiving end >>> while keeping the sending end unchanged? >> I tried with "authencesn(hmac(sha1-ssse3),cbc(aes-asm))" on both sides. >> >> Server : iperf -s -w 512k -p 20002 >> >> Client : iperf -t 60 -w 512k -l 2048 -c 1.0.0.96 -P 32 -p 20002 >> >>> If not then I would start debugging this within your driver. >> ESP Packet whose's sequence No. is out of window gets dropped with EBADMSG. It seems that "xfrm_replay_seqhi" intentionally increments the "seq_hi" to fail verification for Out of seq packet. > Yes, this is defined in RFC 4303 Appendix A2.2. Thanks, It means we cannot avoid verification part for packets with low seql.