From 02e14b526dc6f30c534e483c8e4a77678e27352e Mon Sep 17 00:00:00 2001 From: Matthew Smith Date: Thu, 14 Sep 2017 09:05:35 -0500 Subject: Set RX sw_if_index on decrypted routed IPsec buffers For routed IPsec, set the RX sw_if_index on inbound packets to the index of the IPsec interface. When a packet is decrypted into a new buffer, bring along the RX sw_if_index of the encrypted packet to the new buffer. Change-Id: I093e9d37def2082c8d2f1deb96b1c5b97126e023 Signed-off-by: Matthew Smith --- src/vnet/ipsec/esp_decrypt.c | 2 ++ src/vnet/ipsec/ipsec_if_in.c | 1 + 2 files changed, 3 insertions(+) (limited to 'src/vnet') diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index 925d2b45..de4cc6dd 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -370,6 +370,8 @@ esp_decrypt_node_fn (vlib_main_t * vm, next0 = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT; vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0; + vnet_buffer (o_b0)->sw_if_index[VLIB_RX] = + vnet_buffer (i_b0)->sw_if_index[VLIB_RX]; } trace: diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c index 861d27c1..b0761224 100644 --- a/src/vnet/ipsec/ipsec_if_in.c +++ b/src/vnet/ipsec/ipsec_if_in.c @@ -120,6 +120,7 @@ ipsec_if_input_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node, vnet_buffer (b0)->ipsec.flags = 0; hi = vnet_get_hw_interface (vnm, t->hw_if_index); sw_if_index0 = hi->sw_if_index; + vnet_buffer (b0)->sw_if_index[VLIB_RX] = sw_if_index0; if (PREDICT_TRUE (sw_if_index0 == last_sw_if_index)) { -- cgit 1.2.3-korg