summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeale Ranns <nranns@cisco.com>2019-05-15 06:59:04 -0700
committerNeale Ranns <nranns@cisco.com>2019-05-15 06:59:04 -0700
commit275a177f71ff944aa2f723b5e5043081a5847718 (patch)
treed38cc17276c15e47c736415333d265bdf6c8e26c
parentf4592fb626e4def1e4bf091688cc786f9859638e (diff)
IPSEC: remove CLI check for unsupported IPv6-AH - it is supported
Change-Id: I72ec95d4a3009a55b0f1fa7e45f9c53f31ef5fc1 Signed-off-by: Neale Ranns <nranns@cisco.com>
-rw-r--r--src/vnet/ipsec/ipsec_cli.c22
1 files changed, 0 insertions, 22 deletions
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 38a2fed4587..694e4018d0d 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -313,28 +313,6 @@ ipsec_policy_add_del_command_fn (vlib_main_t * vm,
}
}
- /* Check if SA is for IPv6/AH which is not supported. Return error if TRUE. */
- if (p.sa_id)
- {
- uword *p1;
- ipsec_main_t *im = &ipsec_main;
- ipsec_sa_t *sa = 0;
- p1 = hash_get (im->sa_index_by_sa_id, p.sa_id);
- if (!p1)
- {
- error =
- clib_error_return (0, "SA with index %u not found", p.sa_id);
- goto done;
- }
- sa = pool_elt_at_index (im->sad, p1[0]);
- if (sa && sa->protocol == IPSEC_PROTOCOL_AH && is_add && p.is_ipv6)
- {
- error = clib_error_return (0, "AH not supported for IPV6: '%U'",
- format_unformat_error, line_input);
- goto done;
- }
- }
-
rv = ipsec_policy_mk_type (is_outbound, p.is_ipv6, p.policy, &p.type);
if (rv)