From 7ba8fe20970b501f06a6c5a6e3632913e2492acb Mon Sep 17 00:00:00 2001
From: Neale Ranns <nranns@cisco.com>
Date: Mon, 11 Feb 2019 11:24:07 +0000
Subject: [PATCH] IPSEC-tun: The tunnel DB uses the network order SPI to save
 the byte swap in the DP

Change-Id: I78a1c39682d5afd356a3cfe70097fc682e8cb938
Signed-off-by: Neale Ranns <nranns@cisco.com>
---
 src/vnet/ipsec/ipsec_if.c    | 16 ++++++++++------
 src/vnet/ipsec/ipsec_if_in.c |  3 +--
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 519b6135b1b..3ec4b0b460c 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -280,7 +280,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
   ipsec_sa_flags_t flags;
   int rv;
 
-  u64 key = (u64) args->remote_ip.ip4.as_u32 << 32 | (u64) args->remote_spi;
+  u64 key = ((u64) args->remote_ip.ip4.as_u32 << 32 |
+	     (u64) clib_host_to_net_u32 (args->remote_spi));
   p = hash_get (im->ipsec_if_pool_index_by_key, key);
 
   if (args->is_add)
@@ -436,9 +437,11 @@ ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
   sa = pool_elt_at_index (im->sad, p[0]);
 
   if (sa->is_tunnel)
-    key = (u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 | (u64) sa->spi;
+    key = ((u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 |
+	   (u64) clib_host_to_net_u32 (sa->spi));
   else
-    key = (u64) args->remote_ip.as_u32 << 32 | (u64) sa->spi;
+    key = ((u64) args->remote_ip.as_u32 << 32 |
+	   (u64) clib_host_to_net_u32 (sa->spi));
 
   p = hash_get (im->ipsec_if_pool_index_by_key, key);
 
@@ -563,15 +566,16 @@ ipsec_set_interface_sa (vnet_main_t * vnm, u32 hw_if_index, u32 sa_id,
       old_sa = pool_elt_at_index (im->sad, old_sa_index);
 
       /* unset old inbound hash entry. packets should stop arriving */
-      key =
-	(u64) old_sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) old_sa->spi;
+      key = ((u64) old_sa->tunnel_src_addr.ip4.as_u32 << 32 |
+	     (u64) clib_host_to_net_u32 (old_sa->spi));
       p = hash_get (im->ipsec_if_pool_index_by_key, key);
       if (p)
 	hash_unset (im->ipsec_if_pool_index_by_key, key);
 
       /* set new inbound SA, then set new hash entry */
       t->input_sa_index = sa_index;
-      key = (u64) sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) sa->spi;
+      key = ((u64) sa->tunnel_src_addr.ip4.as_u32 << 32 |
+	     (u64) clib_host_to_net_u32 (sa->spi));
       hash_set (im->ipsec_if_pool_index_by_key, key, hi->dev_instance);
     }
   else
diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c
index 5834e3e6ad5..b8610f4864f 100644
--- a/src/vnet/ipsec/ipsec_if_in.c
+++ b/src/vnet/ipsec/ipsec_if_in.c
@@ -112,8 +112,7 @@ VLIB_NODE_FN (ipsec_if_input_node) (vlib_main_t * vm,
 
 	  next0 = IPSEC_INPUT_NEXT_DROP;
 
-	  u64 key = (u64) ip0->src_address.as_u32 << 32 |
-	    (u64) clib_net_to_host_u32 (esp0->spi);
+	  u64 key = (u64) ip0->src_address.as_u32 << 32 | (u64) esp0->spi;
 
 	  p = hash_get (im->ipsec_if_pool_index_by_key, key);
 
-- 
2.16.6