IPSEC-AH: fix packet drop

Change-Id: I45b97cfd0c3785bfbf6d142d362bd3d4d56bae00
Signed-off-by: Neale Ranns <nranns@cisco.com>

src/vnet/ipsec/ah_decrypt.c

@@ -156,7 +156,6 @@ ah_decrypt_inline (vlib_main_t * vm,
 
 	      if (PREDICT_FALSE (rv))
 		{
-		  clib_warning ("anti-replay SPI %u seq %u", sa0->spi, seq);
 		  if (is_ip6)
 		    vlib_node_increment_counter (vm,
 						 ah6_decrypt_node.index,
@@ -165,8 +164,6 @@ ah_decrypt_inline (vlib_main_t * vm,
 		    vlib_node_increment_counter (vm,
 						 ah4_decrypt_node.index,
 						 AH_DECRYPT_ERROR_REPLAY, 1);
-		  to_next[0] = i_bi0;
-		  to_next += 1;
 		  goto trace;
 		}
 	    }
@@ -223,8 +220,6 @@ ah_decrypt_inline (vlib_main_t * vm,
 						 ah4_decrypt_node.index,
 						 AH_DECRYPT_ERROR_INTEG_ERROR,
 						 1);
-		  to_next[0] = i_bi0;
-		  to_next += 1;
 		  goto trace;
 		}
 

src/vnet/ipsec/esp_decrypt.c

@@ -190,7 +190,6 @@ esp_decrypt_inline (vlib_main_t * vm,
 
 	      if (PREDICT_FALSE (rv))
 		{
-		  clib_warning ("anti-replay SPI %u seq %u", sa0->spi, seq);
 		  if (is_ip6)
 		    vlib_node_increment_counter (vm,
 						 esp6_decrypt_node.index,
@@ -330,7 +329,6 @@ esp_decrypt_inline (vlib_main_t * vm,
 		    next0 = ESP_DECRYPT_NEXT_IP6_INPUT;
 		  else
 		    {
-		      clib_warning ("next header: 0x%x", f0->next_header);
 		      if (is_ip6)
 			vlib_node_increment_counter (vm,
 						     esp6_decrypt_node.index,