IPSEC-AH: fix packet drop

Change-Id: I45b97cfd0c3785bfbf6d142d362bd3d4d56bae00
Signed-off-by: Neale Ranns <nranns@cisco.com>
(cherry picked from commit ad5f2de9041070c007cedb87f94b72193125db17)

2 files changed, 0 insertions, 7 deletions

diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c
index c487d82e34a..bec63750d2f 100644
--- a/src/vnet/ipsec/ah_decrypt.c
+++ b/src/vnet/ipsec/ah_decrypt.c
@@ -145,11 +145,8 @@ ah_decrypt_node_fn (vlib_main_t * vm,
 
 	      if (PREDICT_FALSE (rv))
 		{
-		  clib_warning ("anti-replay SPI %u seq %u", sa0->spi, seq);
 		  vlib_node_increment_counter (vm, ah_decrypt_node.index,
 					       AH_DECRYPT_ERROR_REPLAY, 1);
-		  to_next[0] = i_bi0;
-		  to_next += 1;
 		  goto trace;
 		}
 	    }
@@ -188,8 +185,6 @@ ah_decrypt_node_fn (vlib_main_t * vm,
 		  vlib_node_increment_counter (vm, ah_decrypt_node.index,
 					       AH_DECRYPT_ERROR_INTEG_ERROR,
 					       1);
-		  to_next[0] = i_bi0;
-		  to_next += 1;
 		  goto trace;
 		}
 
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index a0eeed464da..7f9be89ee4c 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -185,7 +185,6 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 
 	      if (PREDICT_FALSE (rv))
 		{
-		  clib_warning ("anti-replay SPI %u seq %u", sa0->spi, seq);
 		  vlib_node_increment_counter (vm, esp_decrypt_node.index,
 					       ESP_DECRYPT_ERROR_REPLAY, 1);
 		  o_bi0 = i_bi0;
@@ -330,7 +329,6 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 		    next0 = ESP_DECRYPT_NEXT_IP6_INPUT;
 		  else
 		    {
-		      clib_warning ("next header: 0x%x", f0->next_header);
 		      vlib_node_increment_counter (vm, esp_decrypt_node.index,
 						   ESP_DECRYPT_ERROR_DECRYPTION_FAILED,
 						   1);