Set RX sw_if_index on decrypted routed IPsec buffers

For routed IPsec, set the RX sw_if_index on inbound packets to the index of the IPsec interface. When a packet is decrypted into a new buffer, bring along the RX sw_if_index of the encrypted packet to the new buffer. Change-Id: I093e9d37def2082c8d2f1deb96b1c5b97126e023 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
author: Matthew Smith <mgsmith@netgate.com> 2017-09-14 09:05:35 -0500
committer: Chris Luke <chris_luke@comcast.com> 2017-09-19 15:31:08 +0000
commit: 02e14b526dc6f30c534e483c8e4a77678e27352e (patch)
tree: c1d8f4d982cda44f165507305dd098ff0b4f0c42
parent: 44f81310813f8f4a69e96b811b648dc4f49e3b03 (diff)
2 files changed, 3 insertions, 0 deletions
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 925d2b45..de4cc6dd 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -370,6 +370,8 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 		next0 = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT;
 
 	      vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
+	      vnet_buffer (o_b0)->sw_if_index[VLIB_RX] =
+		vnet_buffer (i_b0)->sw_if_index[VLIB_RX];
 	    }
 
 	trace:
diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c
index 861d27c1..b0761224 100644
--- a/src/vnet/ipsec/ipsec_if_in.c
+++ b/src/vnet/ipsec/ipsec_if_in.c
@@ -120,6 +120,7 @@ ipsec_if_input_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
 		  vnet_buffer (b0)->ipsec.flags = 0;
 		  hi = vnet_get_hw_interface (vnm, t->hw_if_index);
 		  sw_if_index0 = hi->sw_if_index;
+		  vnet_buffer (b0)->sw_if_index[VLIB_RX] = sw_if_index0;
 
 		  if (PREDICT_TRUE (sw_if_index0 == last_sw_if_index))
 		    {
author	Matthew Smith <mgsmith@netgate.com>	2017-09-14 09:05:35 -0500
committer	Chris Luke <chris_luke@comcast.com>	2017-09-19 15:31:08 +0000
commit	02e14b526dc6f30c534e483c8e4a77678e27352e (patch)
tree	c1d8f4d982cda44f165507305dd098ff0b4f0c42
parent	44f81310813f8f4a69e96b811b648dc4f49e3b03 (diff)