Paul Wouters writes: > On Fri, Aug 16, 2024 at 10:09 AM Tero Kivinen <kivi...@iki.fi> wrote: > > The difference in implementations is minimal, but sending lower > 32-bits first keeps the ESP backward compatible with different > firewall, deep packet inspection etc middleboxes, which might check > sequence number and filter stuff if it sees duplicate sequence > numbers. > > Supporting this would be pretty much at the bottom of my priorties. > > I am far more interested in what is best for hardware optimalization.
Having lower 32-bits first will allow checking those bits even before the upper bits are even received.. On the other hand I do not think there is any difference in hardware as you most likely want to check ICV first anyways before checking replay window, and that requires receiving full packet anyways. For hardware I do not think order of 32-bit words makes any difference. I do not think there is any difference in software either, so this is should not affect performance, except you can perhaps use the old hardware to check lower 32-bits of the sequence number if it is in same location than before. -- kivi...@iki.fi _______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
