VPP-202: L2-GRE over IPSecv16.12-rc0

GRE encapsulate layer 2 traffic and IPSec encrypt what is encapsulated by GRE.
The whole point of L2-GRE over IPSec is to tunnel layer 2 over GRE and IPSec by
bridging the physical interface with IPSec-GRE tunnel interface.

Change-Id: Ia4cf9ed407bf663770e0d8905c0ad44ce73bd23b
Signed-off-by: Matus Fabian <matfabia@cisco.com>

1 files changed, 6 insertions, 4 deletions

diff --git a/vnet/vnet/ipsec/ipsec_input.c b/vnet/vnet/ipsec/ipsec_input.c
index 2bc4e2b4999..8364e226ae1 100644
--- a/vnet/vnet/ipsec/ipsec_input.c
+++ b/vnet/vnet/ipsec/ipsec_input.c
@@ -239,11 +239,11 @@ ipsec_input_ip4_node_fn (vlib_main_t * vm,
 	      ipsec_policy_t *p0;
 	      p0 = ipsec_input_protect_policy_match (spd0,
 						     clib_net_to_host_u32
-						     (ip0->src_address.
-						      as_u32),
+						     (ip0->
+						      src_address.as_u32),
 						     clib_net_to_host_u32
-						     (ip0->dst_address.
-						      as_u32),
+						     (ip0->
+						      dst_address.as_u32),
 						     clib_net_to_host_u32
 						     (esp0->spi));
 
@@ -253,6 +253,7 @@ ipsec_input_ip4_node_fn (vlib_main_t * vm,
 		  p0->counter.bytes += clib_net_to_host_u16 (ip0->length);
 		  vnet_buffer (b0)->output_features.ipsec_sad_index =
 		    p0->sa_index;
+		  vnet_buffer (b0)->output_features.ipsec_flags = 0;
 		  next0 = IPSEC_INPUT_NEXT_ESP_DECRYPT;
 		  vlib_buffer_advance (b0, ip4_header_bytes (ip0));
 		  goto trace0;
@@ -382,6 +383,7 @@ VLIB_NODE_FUNCTION_MULTIARCH (ipsec_input_ip4_node, ipsec_input_ip4_node_fn)
 		  p0->counter.bytes += header_size;
 		  vnet_buffer (b0)->output_features.ipsec_sad_index =
 		    p0->sa_index;
+		  vnet_buffer (b0)->output_features.ipsec_flags = 0;
 		  next0 = IPSEC_INPUT_NEXT_ESP_DECRYPT;
 		  vlib_buffer_advance (b0, header_size);
 		  goto trace0;