When IPsec tunnel interface has the inbound SA updated,
the key used to find the right interface for inbound
packets was being generated using the destination
address instead of the source.
Change-Id: Id5a6fb1511637c912b329aad65188789646a5889
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
/* unset old inbound hash entry. packets should stop arriving */
key =
/* unset old inbound hash entry. packets should stop arriving */
key =
- (u64) old_sa->tunnel_dst_addr.ip4.as_u32 << 32 | (u64) old_sa->spi;
+ (u64) old_sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) old_sa->spi;
p = hash_get (im->ipsec_if_pool_index_by_key, key);
if (p)
hash_unset (im->ipsec_if_pool_index_by_key, key);
/* set new inbound SA, then set new hash entry */
t->input_sa_index = sa_index;
p = hash_get (im->ipsec_if_pool_index_by_key, key);
if (p)
hash_unset (im->ipsec_if_pool_index_by_key, key);
/* set new inbound SA, then set new hash entry */
t->input_sa_index = sa_index;
- key = (u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 | (u64) sa->spi;
+ key = (u64) sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) sa->spi;
hash_set (im->ipsec_if_pool_index_by_key, key, hi->dev_instance);
}
else
hash_set (im->ipsec_if_pool_index_by_key, key, hi->dev_instance);
}
else