Set RX sw_if_index on decrypted routed IPsec buffers

For routed IPsec, set the RX sw_if_index on inbound packets
to the index of the IPsec interface. When a packet is
decrypted into a new buffer, bring along the RX sw_if_index
of the encrypted packet to the new buffer.

Change-Id: I093e9d37def2082c8d2f1deb96b1c5b97126e023
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

2 files changed, 3 insertions, 0 deletions

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 925d2b4544a..de4cc6dd4dd 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -370,6 +370,8 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 		next0 = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT;
 
 	      vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
+	      vnet_buffer (o_b0)->sw_if_index[VLIB_RX] =
+		vnet_buffer (i_b0)->sw_if_index[VLIB_RX];
 	    }
 
 	trace:
diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c
index 861d27c1233..b0761224fbb 100644
--- a/src/vnet/ipsec/ipsec_if_in.c
+++ b/src/vnet/ipsec/ipsec_if_in.c
@@ -120,6 +120,7 @@ ipsec_if_input_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
 		  vnet_buffer (b0)->ipsec.flags = 0;
 		  hi = vnet_get_hw_interface (vnm, t->hw_if_index);
 		  sw_if_index0 = hi->sw_if_index;
+		  vnet_buffer (b0)->sw_if_index[VLIB_RX] = sw_if_index0;
 
 		  if (PREDICT_TRUE (sw_if_index0 == last_sw_if_index))
 		    {