diff options
author | Neale Ranns <nranns@cisco.com> | 2018-11-30 09:15:11 +0000 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2018-11-30 17:02:14 +0000 |
commit | bb46324d7ef32b9fe8fb28ece1b92485b6a508de (patch) | |
tree | 8cda21c07e4644e13cf301082fba6aef9e67e4b5 /src/vnet | |
parent | 33177d698ef37dd8924c02220650a0b5d9e7fcd4 (diff) |
IPSEC-AH: fix packet drop
Change-Id: I45b97cfd0c3785bfbf6d142d362bd3d4d56bae00
Signed-off-by: Neale Ranns <nranns@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/ipsec/ah_decrypt.c | 5 | ||||
-rw-r--r-- | src/vnet/ipsec/esp_decrypt.c | 2 |
2 files changed, 0 insertions, 7 deletions
diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c index 34ea000d623..9b0c16e37a5 100644 --- a/src/vnet/ipsec/ah_decrypt.c +++ b/src/vnet/ipsec/ah_decrypt.c @@ -156,7 +156,6 @@ ah_decrypt_inline (vlib_main_t * vm, if (PREDICT_FALSE (rv)) { - clib_warning ("anti-replay SPI %u seq %u", sa0->spi, seq); if (is_ip6) vlib_node_increment_counter (vm, ah6_decrypt_node.index, @@ -165,8 +164,6 @@ ah_decrypt_inline (vlib_main_t * vm, vlib_node_increment_counter (vm, ah4_decrypt_node.index, AH_DECRYPT_ERROR_REPLAY, 1); - to_next[0] = i_bi0; - to_next += 1; goto trace; } } @@ -223,8 +220,6 @@ ah_decrypt_inline (vlib_main_t * vm, ah4_decrypt_node.index, AH_DECRYPT_ERROR_INTEG_ERROR, 1); - to_next[0] = i_bi0; - to_next += 1; goto trace; } diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 1b3e0681ae1..8ef160a4b32 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -190,7 +190,6 @@ esp_decrypt_inline (vlib_main_t * vm, if (PREDICT_FALSE (rv)) { - clib_warning ("anti-replay SPI %u seq %u", sa0->spi, seq); if (is_ip6) vlib_node_increment_counter (vm, esp6_decrypt_node.index, @@ -330,7 +329,6 @@ esp_decrypt_inline (vlib_main_t * vm, next0 = ESP_DECRYPT_NEXT_IP6_INPUT; else { - clib_warning ("next header: 0x%x", f0->next_header); if (is_ip6) vlib_node_increment_counter (vm, esp6_decrypt_node.index, |