Fix IPsec intf tx node setup at intf creation

When using a DPDK cryptodev with IPsec, sending outbound
packets results in a crash on division by zero if using an
algorithm not supported by the OpenSSL ESP nodes. This
includes AES-GCM and MD5.

At IPsec intf creation time, the next node at slot
IPSEC_OUTPUT_NEXT_ESP_ENCRYPT for ipsec_if_tx_node_fn is
set to the node named esp-encrypt. This is the OpenSSL
ESP encrypt function. If DPDK cryptodevs are configured,
dpdk-esp-encrypt is the correct next node.

Change to setting the next node according to the value in
ipsec_main.esp_encrypt_node_index. That value is set to
esp-encrypt by default. If DPDK cryptodevs are configured
it gets set to dpdk-esp-encrypt.

Change-Id: I83896c76b975d74aead247a162c85eccca9575a8
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

src/vnet/ipsec/ipsec_if.c

@@ -366,8 +366,8 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
 
       hi = vnet_get_hw_interface (vnm, hw_if_index);
 
-      slot = vlib_node_add_named_next_with_slot
-	(vnm->vlib_main, hi->tx_node_index, "esp-encrypt",
+      slot = vlib_node_add_next_with_slot
+	(vnm->vlib_main, hi->tx_node_index, im->esp_encrypt_node_index,
 	 IPSEC_OUTPUT_NEXT_ESP_ENCRYPT);
 
       ASSERT (slot == IPSEC_OUTPUT_NEXT_ESP_ENCRYPT);