[PATCH] examples/ipsec-secgw: drop packets in poll mode

[Rakesh Kudurumalla]

During antireplay test packets are forwarded despite
errors in poll mode instead of dropping.This patch
fixes the same.

Signed-off-by: Rakesh Kudurumalla <rkudurumalla at marvell.com>
---
 examples/ipsec-secgw/ipsec_worker.c | 4 ++--
 examples/ipsec-secgw/ipsec_worker.h | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/examples/ipsec-secgw/ipsec_worker.c b/examples/ipsec-secgw/ipsec_worker.c
index 04609964cd..61b4126759 100644
--- a/examples/ipsec-secgw/ipsec_worker.c
+++ b/examples/ipsec-secgw/ipsec_worker.c
@@ -428,7 +428,7 @@ process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table *rt,
 		if (pkt->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) {
 			if (unlikely(pkt->ol_flags &
 				     RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) {
-				RTE_LOG(ERR, IPSEC,
+				RTE_LOG(DEBUG, IPSEC,
 					"Inbound security offload failed\n");
 				goto drop_pkt_and_exit;
 			}
@@ -446,7 +446,7 @@ process_ipsec_ev_inbound(struct ipsec_ctx *ctx, struct route_table *rt,
 		if (pkt->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) {
 			if (unlikely(pkt->ol_flags &
 				     RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) {
-				RTE_LOG(ERR, IPSEC,
+				RTE_LOG(DEBUG, IPSEC,
 					"Inbound security offload failed\n");
 				goto drop_pkt_and_exit;
 			}
diff --git a/examples/ipsec-secgw/ipsec_worker.h b/examples/ipsec-secgw/ipsec_worker.h
index 8f96161293..d5b8618fc8 100644
--- a/examples/ipsec-secgw/ipsec_worker.h
+++ b/examples/ipsec-secgw/ipsec_worker.h
@@ -421,7 +421,9 @@ inbound_sp_sa(struct sp_ctx *sp, struct sa_ctx *sa, struct traffic_type *ip,
 		}
 
 		/* Only check SPI match for processed IPSec packets */
-		if (i < lim && ((m->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD) == 0)) {
+		if (i < lim && ((m->ol_flags & (RTE_MBUF_F_RX_SEC_OFFLOAD |
+				 RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED))) !=
+				 RTE_MBUF_F_RX_SEC_OFFLOAD) {
 			stats->discard++;
 			free_pkts(&m, 1);
 			continue;
-- 
2.25.1