commit 02e14b526dc6f30c534e483c8e4a77678e27352e
author Matthew Smith <mgsmith@netgate.com> Thu Sep 14 09:05:35 2017 -0500
committer Chris Luke <chris_luke@comcast.com> Tue Sep 19 15:31:08 2017 +0000
tree c1d8f4d982cda44f165507305dd098ff0b4f0c42
parent 44f81310813f8f4a69e96b811b648dc4f49e3b03

Set RX sw_if_index on decrypted routed IPsec buffers

For routed IPsec, set the RX sw_if_index on inbound packets
to the index of the IPsec interface. When a packet is
decrypted into a new buffer, bring along the RX sw_if_index
of the encrypted packet to the new buffer.

Change-Id: I093e9d37def2082c8d2f1deb96b1c5b97126e023
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

src/vnet/ipsec/esp_decrypt.c

diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index 925d2b4..de4cc6d 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -370,6 +370,8 @@
 		next0 = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT;
 
 	      vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
+	      vnet_buffer (o_b0)->sw_if_index[VLIB_RX] =
+		vnet_buffer (i_b0)->sw_if_index[VLIB_RX];
 	    }
 
 	trace:

src/vnet/ipsec/ipsec_if_in.c

diff --git a/src/vnet/ipsec/ipsec_if_in.c b/src/vnet/ipsec/ipsec_if_in.c
index 861d27c..b076122 100644
--- a/src/vnet/ipsec/ipsec_if_in.c
+++ b/src/vnet/ipsec/ipsec_if_in.c
@@ -120,6 +120,7 @@
 		  vnet_buffer (b0)->ipsec.flags = 0;
 		  hi = vnet_get_hw_interface (vnm, t->hw_if_index);
 		  sw_if_index0 = hi->sw_if_index;
+		  vnet_buffer (b0)->sw_if_index[VLIB_RX] = sw_if_index0;
 
 		  if (PREDICT_TRUE (sw_if_index0 == last_sw_if_index))
 		    {