should discard packet when received AUTH header length < 20 ?