IPSEC-tun: The tunnel DB uses the network order SPI to save the byte swap in the DP
Change-Id: I78a1c39682d5afd356a3cfe70097fc682e8cb938
Signed-off-by: Neale Ranns <nranns@cisco.com>
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 519b613..3ec4b0b 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -280,7 +280,8 @@
ipsec_sa_flags_t flags;
int rv;
- u64 key = (u64) args->remote_ip.ip4.as_u32 << 32 | (u64) args->remote_spi;
+ u64 key = ((u64) args->remote_ip.ip4.as_u32 << 32 |
+ (u64) clib_host_to_net_u32 (args->remote_spi));
p = hash_get (im->ipsec_if_pool_index_by_key, key);
if (args->is_add)
@@ -436,9 +437,11 @@
sa = pool_elt_at_index (im->sad, p[0]);
if (sa->is_tunnel)
- key = (u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 | (u64) sa->spi;
+ key = ((u64) sa->tunnel_dst_addr.ip4.as_u32 << 32 |
+ (u64) clib_host_to_net_u32 (sa->spi));
else
- key = (u64) args->remote_ip.as_u32 << 32 | (u64) sa->spi;
+ key = ((u64) args->remote_ip.as_u32 << 32 |
+ (u64) clib_host_to_net_u32 (sa->spi));
p = hash_get (im->ipsec_if_pool_index_by_key, key);
@@ -563,15 +566,16 @@
old_sa = pool_elt_at_index (im->sad, old_sa_index);
/* unset old inbound hash entry. packets should stop arriving */
- key =
- (u64) old_sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) old_sa->spi;
+ key = ((u64) old_sa->tunnel_src_addr.ip4.as_u32 << 32 |
+ (u64) clib_host_to_net_u32 (old_sa->spi));
p = hash_get (im->ipsec_if_pool_index_by_key, key);
if (p)
hash_unset (im->ipsec_if_pool_index_by_key, key);
/* set new inbound SA, then set new hash entry */
t->input_sa_index = sa_index;
- key = (u64) sa->tunnel_src_addr.ip4.as_u32 << 32 | (u64) sa->spi;
+ key = ((u64) sa->tunnel_src_addr.ip4.as_u32 << 32 |
+ (u64) clib_host_to_net_u32 (sa->spi));
hash_set (im->ipsec_if_pool_index_by_key, key, hi->dev_instance);
}
else