Tero Kivinen <kivi...@iki.fi> wrote:
> Having lower 32-bits first will allow checking those bits even before
> the upper bits are even received.. On the other hand I do not think
> there is any difference in hardware as you most likely want to check
> ICV first anyways before checking replay window, and that requires
> receiving full packet anyways.
Yes, and you can validate ICV, 32-bits against replay window, and confirm the
upper 32-bits at the same time. For dataflow hardware, it matters little.
But for CPUs with caches, the order can certainly matter.
> For hardware I do not think order of 32-bit words makes any
> difference. I do not think there is any difference in software either,
> so this is should not affect performance, except you can perhaps use
> the old hardware to check lower 32-bits of the sequence number if it
> is in same location than before.
Yes, that's true, and that's probably a win.
You have to take hit on SPI# to find the SA, and until you load that, you
don't even know if the upper 32-bits are present. But, the lower 32bits are
in the same place.
--
Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =- *I*LIKE*TRAINS*
signature.asc
Description: PGP signature
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
