IPSEC: tunnel fragmentation

Change-Id: I63741a22bc82f5f861e1c0f26a93b5569cc52061
Signed-off-by: Neale Ranns <nranns@cisco.com>
diff --git a/src/vnet/ipsec/esp_encrypt.c b/src/vnet/ipsec/esp_encrypt.c
index c2069e5..8224769 100644
--- a/src/vnet/ipsec/esp_encrypt.c
+++ b/src/vnet/ipsec/esp_encrypt.c
@@ -563,6 +563,11 @@
 
   .n_errors = ARRAY_LEN(esp_encrypt_error_strings),
   .error_strings = esp_encrypt_error_strings,
+
+  .n_next_nodes = 1,
+  .next_nodes = {
+    [ESP_ENCRYPT_NEXT_DROP] = "ip4-drop",
+  },
 };
 
 VNET_FEATURE_INIT (esp4_encrypt_tun_feat_node, static) =
@@ -590,6 +595,11 @@
 
   .n_errors = ARRAY_LEN(esp_encrypt_error_strings),
   .error_strings = esp_encrypt_error_strings,
+
+  .n_next_nodes = 1,
+  .next_nodes = {
+    [ESP_ENCRYPT_NEXT_DROP] = "ip6-drop",
+  },
 };
 
 VNET_FEATURE_INIT (esp6_encrypt_tun_feat_node, static) =
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 7d6c725..17f28a0 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -352,6 +352,9 @@
       t->hw_if_index = hw_if_index;
       t->sw_if_index = hi->sw_if_index;
 
+      /* Standard default jumbo MTU. */
+      vnet_sw_interface_set_mtu (vnm, t->sw_if_index, 9000);
+
       /* Add the new tunnel to the DB of tunnels per sw_if_index ... */
       vec_validate_init_empty (im->ipsec_if_by_sw_if_index, t->sw_if_index,
 			       ~0);