Set RX sw_if_index on decrypted routed IPsec buffers

For routed IPsec, set the RX sw_if_index on inbound packets
to the index of the IPsec interface. When a packet is
decrypted into a new buffer, bring along the RX sw_if_index
of the encrypted packet to the new buffer.

Change-Id: I093e9d37def2082c8d2f1deb96b1c5b97126e023
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 925d2b4..de4cc6d 100644 (file)
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -370,6 +370,8 @@ esp_decrypt_node_fn (vlib_main_t * vm,
                next0 = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT;
 
              vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
+             vnet_buffer (o_b0)->sw_if_index[VLIB_RX] =
+               vnet_buffer (i_b0)->sw_if_index[VLIB_RX];
            }
 
        trace:

diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c
index 861d27c..b076122 100644 (file)
--- a/src/vnet/ipsec/ipsec_if_in.c
+++ b/src/vnet/ipsec/ipsec_if_in.c
@@ -120,6 +120,7 @@ ipsec_if_input_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
                  vnet_buffer (b0)->ipsec.flags = 0;
                  hi = vnet_get_hw_interface (vnm, t->hw_if_index);
                  sw_if_index0 = hi->sw_if_index;
+                 vnet_buffer (b0)->sw_if_index[VLIB_RX] = sw_if_index0;
 
                  if (PREDICT_TRUE (sw_if_index0 == last_sw_if_index))
                    {