The totlen field is meant to track the total data transmitted, but it appears to actually track the size of the unencrypted message. Additionally, totlen includes its own length, which seems unnecessary since it doesn't define the encrypted message boundaries. The field was originally intended for replay protection, but as AES-CTR already provides this, totlen is not needed. This is because there is a dedicated counter in the IV that keeps track of all messages in each direction and prevents decryption if an attacker tries to replay the same message.