IPSEC: remove CLI check for unsupported IPv6-AH - it is supported

Change-Id: I72ec95d4a3009a55b0f1fa7e45f9c53f31ef5fc1 Signed-off-by: Neale Ranns <nranns@cisco.com>
author: Neale Ranns <nranns@cisco.com> 2019-05-15 06:59:04 -0700
committer: Neale Ranns <nranns@cisco.com> 2019-05-15 06:59:04 -0700
commit: 275a177f71ff944aa2f723b5e5043081a5847718 (patch)
tree: d38cc17276c15e47c736415333d265bdf6c8e26c
parent: f4592fb626e4def1e4bf091688cc786f9859638e (diff)
1 files changed, 0 insertions, 22 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 38a2fed4587..694e4018d0d 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -313,28 +313,6 @@ ipsec_policy_add_del_command_fn (vlib_main_t * vm,
 	}
     }
 
-  /* Check if SA is for IPv6/AH which is not supported. Return error if TRUE. */
-  if (p.sa_id)
-    {
-      uword *p1;
-      ipsec_main_t *im = &ipsec_main;
-      ipsec_sa_t *sa = 0;
-      p1 = hash_get (im->sa_index_by_sa_id, p.sa_id);
-      if (!p1)
-	{
-	  error =
-	    clib_error_return (0, "SA with index %u not found", p.sa_id);
-	  goto done;
-	}
-      sa = pool_elt_at_index (im->sad, p1[0]);
-      if (sa && sa->protocol == IPSEC_PROTOCOL_AH && is_add && p.is_ipv6)
-	{
-	  error = clib_error_return (0, "AH not supported for IPV6: '%U'",
-				     format_unformat_error, line_input);
-	  goto done;
-	}
-    }
-
   rv = ipsec_policy_mk_type (is_outbound, p.is_ipv6, p.policy, &p.type);
 
   if (rv)
author	Neale Ranns <nranns@cisco.com>	2019-05-15 06:59:04 -0700
committer	Neale Ranns <nranns@cisco.com>	2019-05-15 06:59:04 -0700
commit	275a177f71ff944aa2f723b5e5043081a5847718 (patch)
tree	d38cc17276c15e47c736415333d265bdf6c8e26c
parent	f4592fb626e4def1e4bf091688cc786f9859638e (diff)