seq = clib_host_to_net_u32 (ah0->seq_no);
/* anti-replay check */
- if (sa0->use_anti_replay)
+ if (ipsec_sa_is_set_USE_ANTI_REPLAY (sa0))
{
int rv = 0;
- if (PREDICT_TRUE (sa0->use_esn))
+ if (PREDICT_TRUE (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0)))
rv = esp_replay_check_esn (sa0, seq);
else
rv = esp_replay_check (sa0, seq);
if (PREDICT_FALSE (rv))
{
- vlib_node_increment_counter (vm, node->node_index,
- AH_DECRYPT_ERROR_REPLAY, 1);
+ i_b0->error = node->errors[AH_DECRYPT_ERROR_REPLAY];
goto trace;
}
}
if (PREDICT_FALSE (memcmp (digest, sig, icv_size)))
{
- vlib_node_increment_counter (vm, node->node_index,
- AH_DECRYPT_ERROR_INTEG_ERROR,
- 1);
+ i_b0->error = node->errors[AH_DECRYPT_ERROR_INTEG_ERROR];
goto trace;
}
- if (PREDICT_TRUE (sa0->use_anti_replay))
+ if (PREDICT_TRUE (ipsec_sa_is_set_USE_ANTI_REPLAY (sa0)))
{
- if (PREDICT_TRUE (sa0->use_esn))
+ if (PREDICT_TRUE
+ (ipsec_sa_is_set_USE_EXTENDED_SEQ_NUM (sa0)))
esp_replay_advance_esn (sa0, seq);
else
esp_replay_advance (sa0, seq);
icv_padding_len);
i_b0->flags |= VLIB_BUFFER_TOTAL_LENGTH_VALID;
- if (PREDICT_TRUE (sa0->is_tunnel))
+ if (PREDICT_TRUE (ipsec_sa_is_set_IS_TUNNEL (sa0)))
{ /* tunnel mode */
if (PREDICT_TRUE (ah0->nexthdr == IP_PROTOCOL_IP_IN_IP))
next0 = AH_DECRYPT_NEXT_IP4_INPUT;
next0 = AH_DECRYPT_NEXT_IP6_INPUT;
else
{
- vlib_node_increment_counter (vm, node->node_index,
- AH_DECRYPT_ERROR_DECRYPTION_FAILED,
- 1);
+ i_b0->error =
+ node->errors[AH_DECRYPT_ERROR_DECRYPTION_FAILED];
goto trace;
}
}