-
Notifications
You must be signed in to change notification settings - Fork 208
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
connectivity: extend encryption tests to validate both directions
Currently, the encryption tests validate that no unencrypted packets are leaked by capturing them on the source only. Since we can capture only egressing packets (as the XFRM stack recirculates the ingressing ones during decryption), this means that we are checking only one direction. Let's extend this check to validate both directions, starting a tcpdump capture both on the source and destination hosts. We leverage the bidirectional validation for the pod-to-pod encryption case though, as with the node-to-node one it is particularly tricky to construct the correct filter without additional information (as packets might be masquerated at the source, and in that case they should be sniffed on a different interface). Signed-off-by: Marco Iorio <[email protected]>
- Loading branch information
Showing
1 changed file
with
133 additions
and
75 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters