From 3351801ce33874cec26d62df2542c2d59885d1ec Mon Sep 17 00:00:00 2001 From: Neale Ranns Date: Fri, 30 Nov 2018 09:15:11 +0000 Subject: IPSEC-AH: fix packet drop Change-Id: I45b97cfd0c3785bfbf6d142d362bd3d4d56bae00 Signed-off-by: Neale Ranns (cherry picked from commit ad5f2de9041070c007cedb87f94b72193125db17) --- src/vnet/ipsec/ah_decrypt.c | 5 ----- src/vnet/ipsec/esp_decrypt.c | 2 -- 2 files changed, 7 deletions(-) diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c index c487d82e34a..bec63750d2f 100644 --- a/src/vnet/ipsec/ah_decrypt.c +++ b/src/vnet/ipsec/ah_decrypt.c @@ -145,11 +145,8 @@ ah_decrypt_node_fn (vlib_main_t * vm, if (PREDICT_FALSE (rv)) { - clib_warning ("anti-replay SPI %u seq %u", sa0->spi, seq); vlib_node_increment_counter (vm, ah_decrypt_node.index, AH_DECRYPT_ERROR_REPLAY, 1); - to_next[0] = i_bi0; - to_next += 1; goto trace; } } @@ -188,8 +185,6 @@ ah_decrypt_node_fn (vlib_main_t * vm, vlib_node_increment_counter (vm, ah_decrypt_node.index, AH_DECRYPT_ERROR_INTEG_ERROR, 1); - to_next[0] = i_bi0; - to_next += 1; goto trace; } diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index a0eeed464da..7f9be89ee4c 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -185,7 +185,6 @@ esp_decrypt_node_fn (vlib_main_t * vm, if (PREDICT_FALSE (rv)) { - clib_warning ("anti-replay SPI %u seq %u", sa0->spi, seq); vlib_node_increment_counter (vm, esp_decrypt_node.index, ESP_DECRYPT_ERROR_REPLAY, 1); o_bi0 = i_bi0; @@ -330,7 +329,6 @@ esp_decrypt_node_fn (vlib_main_t * vm, next0 = ESP_DECRYPT_NEXT_IP6_INPUT; else { - clib_warning ("next header: 0x%x", f0->next_header); vlib_node_increment_counter (vm, esp_decrypt_node.index, ESP_DECRYPT_ERROR_DECRYPTION_FAILED, 1); -- cgit 1.2.3-korg