if (PREDICT_FALSE (res_idx == (u16) ~ 0))
{
- clib_warning ("unsupported SA by thread index %u",
- thread_idx);
if (is_ip6)
vlib_node_increment_counter (vm,
dpdk_esp6_decrypt_node.index,
error = crypto_get_session (&session, sa_index0, res, cwm, 0);
if (PREDICT_FALSE (error || !session))
{
- clib_warning ("failed to get crypto session");
if (is_ip6)
vlib_node_increment_counter (vm,
dpdk_esp6_decrypt_node.index,
if (ipsec_sa_anti_replay_check
(sa0, clib_host_to_net_u32 (esp0->seq)))
{
- clib_warning ("failed anti-replay check");
if (is_ip6)
vlib_node_increment_counter (vm,
dpdk_esp6_decrypt_node.index,
if (payload_len & (cipher_alg->boundary - 1))
{
- clib_warning ("payload %u not multiple of %d\n",
- payload_len, cipher_alg->boundary);
if (is_ip6)
vlib_node_increment_counter (vm, dpdk_esp6_decrypt_node.index,
ESP_DECRYPT_ERROR_BAD_LEN, 1);
if ((ih4->ip_version_and_header_length & 0xF0) == 0x40)
{
u16 ih4_len = ip4_header_bytes (ih4);
- vlib_buffer_advance (b0, -ih4_len - udp_encap_adv);
+ vlib_buffer_advance (b0, -ih4_len);
next0 = ESP_DECRYPT_NEXT_IP4_INPUT;
- if (!ipsec_sa_is_set_UDP_ENCAP (sa0))
- {
- oh4 = vlib_buffer_get_current (b0);
- memmove (oh4, ih4, ih4_len);
- oh4->protocol = f0->next_header;
- oh4->length = clib_host_to_net_u16 (b0->current_length);
- oh4->checksum = ip4_header_checksum (oh4);
- }
+
+ oh4 = vlib_buffer_get_current (b0);
+ memmove (oh4, ih4, ih4_len);
+ oh4->protocol = f0->next_header;
+ oh4->length = clib_host_to_net_u16 (b0->current_length);
+ oh4->checksum = ip4_header_checksum (oh4);
}
else if ((ih4->ip_version_and_header_length & 0xF0) == 0x60)
{