IPsec speculative enqueue in exception path, fixes VPP-384

Enqueue buffers into next frame before validating them.

Change-Id: I466518bc6f304678136a2c3d37f136ce878eef05
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>

vnet/vnet/ipsec/esp_decrypt.c

@@ -305,6 +305,8 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 		  vlib_node_increment_counter (vm, esp_decrypt_node.index,
 					       ESP_DECRYPT_ERROR_REPLAY, 1);
 		  o_bi0 = i_bi0;
+		  to_next[0] = o_bi0;
+		  to_next += 1;
 		  goto trace;
 		}
 	    }
@@ -329,6 +331,8 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 					       ESP_DECRYPT_ERROR_INTEG_ERROR,
 					       1);
 		  o_bi0 = i_bi0;
+		  to_next[0] = o_bi0;
+		  to_next += 1;
 		  goto trace;
 		}
 	    }
@@ -344,6 +348,8 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 	  /* grab free buffer */
 	  uword last_empty_buffer = vec_len (empty_buffers) - 1;
 	  o_bi0 = empty_buffers[last_empty_buffer];
+	  to_next[0] = o_bi0;
+	  to_next += 1;
 	  o_b0 = vlib_get_buffer (vm, o_bi0);
 	  vlib_prefetch_buffer_with_index (vm,
 					   empty_buffers[last_empty_buffer -
@@ -481,9 +487,6 @@ esp_decrypt_node_fn (vlib_main_t * vm,
 		   IPSEC_FLAG_IPSEC_GRE_TUNNEL))
 		next0 = ESP_DECRYPT_NEXT_IPSEC_GRE_INPUT;
 
-	      to_next[0] = o_bi0;
-	      to_next += 1;
-
 	      vnet_buffer (o_b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
 	    }
 

vnet/vnet/ipsec/esp_encrypt.c

@@ -202,6 +202,8 @@ esp_encrypt_node_fn (vlib_main_t * vm,
 					   ESP_ENCRYPT_ERROR_SEQ_CYCLED, 1);
 	      //TODO: rekey SA
 	      o_bi0 = i_bi0;
+	      to_next[0] = o_bi0;
+	      to_next += 1;
 	      goto trace;
 	    }