summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec/ah_decrypt.c
diff options
context:
space:
mode:
authorDamjan Marion <damarion@cisco.com>2019-03-28 19:19:31 +0100
committerFlorin Coras <florin.coras@gmail.com>2019-03-28 19:59:04 +0000
commit1f4e1cbf576fc6ab4e871ba0603028112074b43b (patch)
treec433fb1f14c57dfa134ee6d436bb1c389b16b716 /src/vnet/ipsec/ah_decrypt.c
parentb38ee6642553cd38da195af1fcb2b2cd124aa307 (diff)
ipsec: anti-replay code cleanup
Change-Id: Ib73352d6be26d639a7f9d47ca0570a1248bff04a Signed-off-by: Damjan Marion <damarion@cisco.com>
Diffstat (limited to 'src/vnet/ipsec/ah_decrypt.c')
-rw-r--r--src/vnet/ipsec/ah_decrypt.c26
1 files changed, 4 insertions, 22 deletions
diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c
index 87e1de1b3ce..cf955889420 100644
--- a/src/vnet/ipsec/ah_decrypt.c
+++ b/src/vnet/ipsec/ah_decrypt.c
@@ -151,20 +151,10 @@ ah_decrypt_inline (vlib_main_t * vm,
seq = clib_host_to_net_u32 (ah0->seq_no);
/* anti-replay check */
- if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa0))
+ if (ipsec_sa_anti_replay_check (sa0, &ah0->seq_no))
{
- int rv = 0;
-
- if (PREDICT_TRUE (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0)))
- rv = esp_replay_check_esn (sa0, seq);
- else
- rv = esp_replay_check (sa0, seq);
-
- if (PREDICT_FALSE (rv))
- {
- i_b0->error = node->errors[AH_DECRYPT_ERROR_REPLAY];
- goto trace;
- }
+ i_b0->error = node->errors[AH_DECRYPT_ERROR_REPLAY];
+ goto trace;
}
vlib_increment_combined_counter
@@ -210,15 +200,7 @@ ah_decrypt_inline (vlib_main_t * vm,
goto trace;
}
- if (PREDICT_TRUE (ipsec_sa_is_set_USE_ANTI_REPLAY (sa0)))
- {
- if (PREDICT_TRUE
- (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0)))
- esp_replay_advance_esn (sa0, seq);
- else
- esp_replay_advance (sa0, seq);
- }
-
+ ipsec_sa_anti_replay_advance (sa0, &ah0->seq_no);
}
vlib_buffer_advance (i_b0,