X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fipsec%2Fipsec_if.c;h=3c1f84576d4a0049e22d15fb3ef843bd88e3d0f6;hb=1091c4aa9bd96055e7a94d368bd6abf0c9f1b73d;hp=7d6c725e5397a8f94a349bf6e84dafbef3868811;hpb=1e3aa5e213c23588981ee17d1413a0441a40527a;p=vpp.git

diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 7d6c725e539..3c1f84576d4 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -306,7 +306,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
 			 &crypto_key,
 			 args->integ_alg,
 			 &integ_key,
-			 flags,
+			 (flags | IPSEC_SA_FLAG_IS_INBOUND),
 			 args->tx_table_id,
 			 &args->remote_ip,
 			 &args->local_ip, &t->input_sa_index);
@@ -352,6 +352,9 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
       t->hw_if_index = hw_if_index;
       t->sw_if_index = hi->sw_if_index;
 
+      /* Standard default jumbo MTU. */
+      vnet_sw_interface_set_mtu (vnm, t->sw_if_index, 9000);
+
       /* Add the new tunnel to the DB of tunnels per sw_if_index ... */
       vec_validate_init_empty (im->ipsec_if_by_sw_if_index, t->sw_if_index,
 			       ~0);
@@ -426,7 +429,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
 
 int
 ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
-				ipsec_add_del_ipsec_gre_tunnel_args_t * args)
+				const ipsec_gre_tunnel_add_del_args_t * args)
 {
   ipsec_tunnel_if_t *t = 0;
   ipsec_main_t *im = &ipsec_main;
@@ -438,22 +441,27 @@ ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
   p = hash_get (im->sa_index_by_sa_id, args->local_sa_id);
   if (!p)
     return VNET_API_ERROR_INVALID_VALUE;
-  isa = p[0];
+  osa = p[0];
+  sa = pool_elt_at_index (im->sad, p[0]);
+  ipsec_sa_set_IS_GRE (sa);
 
   p = hash_get (im->sa_index_by_sa_id, args->remote_sa_id);
   if (!p)
     return VNET_API_ERROR_INVALID_VALUE;
-  osa = p[0];
+  isa = p[0];
   sa = pool_elt_at_index (im->sad, p[0]);
+  ipsec_sa_set_IS_GRE (sa);
 
+  /* we form the key from the input/remote SA whose tunnel is srouce
+   * at the remote end */
   if (ipsec_sa_is_set_IS_TUNNEL (sa))
     {
-      key.remote_ip = sa->tunnel_dst_addr.ip4.as_u32;
+      key.remote_ip = sa->tunnel_src_addr.ip4.as_u32;
       key.spi = clib_host_to_net_u32 (sa->spi);
     }
   else
     {
-      key.remote_ip = args->remote_ip.as_u32;
+      key.remote_ip = args->src.as_u32;
       key.spi = clib_host_to_net_u32 (sa->spi);
     }