I am using XDP to process network packages. I want to redirect packages to a dedicated network interface using bpf_redirect(target_interface, 0). This works fine, unless the target interface is a VTI interface (part of an IPsec tunnel established by strongswan). In this case, no package is transmitted over the tunnel.
I assumed the package was dropped by the kernel for some reason and used dropwatch to check for discarded network traffic - but there was not a single discarded package.
If I just changed the target IP from XDP, return XDP_PASS and let the Linux routing do its work, the package processing works fine. Unfortunately I am required to forcefully select the the interface here.
Do you have any idea why this happens and the redirection is not working?
I ensured bpf_redirect was returning XDP_REDIRECT and ensured the same code was working with different kinds of network interface (physical NICs and VXLAN interfaces).