AH encrypt; don't double enqueue nor emit clib_warnings when seq-num max exceeded

author Neale Ranns <nranns@cisco.com>

Tue, 22 Jan 2019 14:42:23 +0000 (06:42 -0800)

committer Damjan Marion <dmarion@me.com>

Wed, 23 Jan 2019 11:03:51 +0000 (11:03 +0000)
author Neale Ranns <nranns@cisco.com>
Tue, 22 Jan 2019 14:42:23 +0000 (06:42 -0800)
committer Damjan Marion <dmarion@me.com>
Wed, 23 Jan 2019 11:03:51 +0000 (11:03 +0000)
diff --git a/src/vnet/ipsec/ah_encrypt.c b/src/vnet/ipsec/ah_encrypt.c

index 0dc1612..8b0c14f 100644 (file)
--- a/src/vnet/ipsec/ah_encrypt.c
+++ b/src/vnet/ipsec/ah_encrypt.c
@@ -125,13 +125,8 @@ ah_encrypt_inline (vlib_main_t * vm,
  
           if (PREDICT_FALSE (esp_seq_advance (sa0)))
             {
-             clib_warning ("sequence number counter has cycled SPI %u",
-                           sa0->spi);
               vlib_node_increment_counter (vm, node->node_index,
                                            AH_ENCRYPT_ERROR_SEQ_CYCLED, 1);
-             //TODO need to confirm if below is needed
-             to_next[0] = i_bi0;
-             to_next += 1;
               goto trace;
             }
author	Neale Ranns <nranns@cisco.com>
	Tue, 22 Jan 2019 14:42:23 +0000 (06:42 -0800)
committer	Damjan Marion <dmarion@me.com>
	Wed, 23 Jan 2019 11:03:51 +0000 (11:03 +0000)