During antireplay test packets are forwarded despite errors in poll mode instead of dropping.This patch fixes the same.
Signed-off-by: Rakesh Kudurumalla <[email protected]> --- examples/ipsec-secgw/ipsec_worker.c | 4 ++-- examples/ipsec-secgw/ipsec_worker.h | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c index 04609964cd..61b4126759 100644 --- a/examples/ipsec-secgw/ipsec_worker.c +++ b/examples/ipsec-secgw/ipsec_worker.c @@ -428,7 +428,7 @@ process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table *rt, if (pkt->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) { if (unlikely(pkt->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) { - RTE_LOG(ERR, IPSEC, + RTE_LOG(DEBUG, IPSEC, "Inbound security offload failed\n"); goto drop_pkt_and_exit; } @@ -446,7 +446,7 @@ process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table *rt, if (pkt->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) { if (unlikely(pkt->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) { - RTE_LOG(ERR, IPSEC, + RTE_LOG(DEBUG, IPSEC, "Inbound security offload failed\n"); goto drop_pkt_and_exit; } diff --git a/examples/ipsec-secgw/ipsec_worker.h b/examples/ipsec-secgw/ipsec_worker.h index 8f96161293..d5b8618fc8 100644 --- a/examples/ipsec-secgw/ipsec_worker.h +++ b/examples/ipsec-secgw/ipsec_worker.h @@ -421,7 +421,9 @@ inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip, } /* Only check SPI match for processed IPSec packets */ - if (i < lim && ((m->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) == 0)) { + if (i < lim && ((m->ol_flags & (RTE_MBUF_F_RX_SEC_OFFLOAD | + RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED))) != + RTE_MBUF_F_RX_SEC_OFFLOAD) { stats->discard++; free_pkts(&m, 1); continue; -- 2.25.1
