NameDateSize

..07-Dec-202316

ipsec.confH A D21-Jan-202115.1 KiB

LICENSEH A D21-Jan-2021755

MakefileH A D01-Nov-202138.8 KiB

nonxt-reflect.cH A D20-May-20182.7 KiB

nonxt-sendrecv.cH A D20-May-20183.2 KiB

nonxt_reflect.shH A D20-May-2018595

pf.confH A D11-May-201780

READMEH A D11-May-20171.1 KiB

README

1Send IPsec traffic to another machine where it gets processed.
2There the IPsec implementation has to deliver it to the local stack
3or forward it after decryption.  By reflecting the packets, the way
4back is also tested.  When the response is received at the generating
5machine, the test is considered successful.
6
7Currently ICMP ping, UDP, TCP packets are protected with ESP and
8AH.  Also IPIP encapsulation and IP compression flows are tested.
9Transport and tunnel mode are tested with all combinations of IPv4
10and IPv6.  SA bundles that do IPComp, ESP, AH with a single flow
11are tested with all combinations of encapsulation mode, and both
12ip versions, and the ip protocols ping, UDP, TCP.  Small and big
13ping packets are used, as IPComp skips small packets.
14
15The netstat -s counters are checked to ensure that encrypted packets
16are processed in both ways.
17
18The BPF output of the enc0 and pflog0 interface is checked.  This
19ensures that all IPsec packets are passed to bpf and pf.
20
21TODO:
22Tests for fragments and path MTU discovery are planned.
23Test TCP MD5 signatures.
24Test NAT-Traversal over UDP.
25