Testing two connections with one being a passthrough for a specific port,
in this case we pick ports symmetrically using 7 <-> 7

currently east (192.1.2.23) shows:

src 192.1.2.23/32 dst 192.1.2.45/32 proto tcp sport 7 dport 7
	dir fwd priority 1440 ptype main
src 192.1.2.23/32 dst 192.1.2.45/32 proto tcp sport 7 dport 7
	dir in priority 1440 ptype main
src 192.1.2.23/32 dst 192.1.2.45/32 proto tcp sport 7 dport 7
	dir out priority 1440 ptype main

both in and fwd policy have src/dst swapped wrong

issuing a fix manually solves the packet flow:

ip xfrm policy add src 192.1.2.45/32 dst 192.1.2.23/32 proto tcp sport 7 dport 7 priority 1440 dir in
ip xfrm policy add src 192.1.2.45/32 dst 192.1.2.23/32 proto tcp sport 7 dport 7 priority 1440 dir fwd

When changing the passthrough to a regular tunnel, the policy shows up correct:

src 192.1.2.23/32 dst 192.1.2.45/32 proto tcp sport 7 dport 7
	dir out priority 1952 ptype main
	tmpl src 192.1.2.23 dst 192.1.2.45
		proto esp reqid 16397 mode tunnel
src 192.1.2.45/32 dst 192.1.2.23/32 proto tcp sport 7 dport 7
	dir fwd priority 1952 ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid 16397 mode tunnel
src 192.1.2.45/32 dst 192.1.2.23/32 proto tcp sport 7 dport 7
	dir in priority 1952 ptype main
	tmpl src 192.1.2.45 dst 192.1.2.23
		proto esp reqid 16397 mode tunnel

and the 7 packets go properly over its own IPsec SA different
from all other traffic picking the other conn's IPsec SA.
