Code Review / vpp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d81ae41) | patch
Drop IPsec packets when interface is down 08/12608/2
authorMatthew Smith <mgsmith@netgate.com>
Wed, 16 May 2018 03:03:05 +0000 (22:03 -0500)
committerDamjan Marion <dmarion.lists@gmail.com>
Wed, 16 May 2018 20:07:37 +0000 (20:07 +0000)
commit831fd64ae62b31149431beb07b9836df13be59f6
tree9b466511c4ad9cad8def4302cdbff18a9ee59acftree | snapshot
parentd81ae41825f6d276ec778caa2e77a28f66f0ad28commit | diff
Drop IPsec packets when interface is down

Packets arriving on an IPsec tunnel interface
are decrypted and forwarded even if the
interface is down.

Check interface flags. If the interface is down,
cause packet to be dropped and increment the
counters for drops.

Change-Id: I94456bda3bd8eade0f3f522ad7cc341251174e6e
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
src/vnet/ipsec/ipsec_if_in.c diff | blob | history
Vector Packet Processing