aboutsummaryrefslogtreecommitdiffstats
path: root/test/test_ipsec_spd_flow_cache.py
diff options
context:
space:
mode:
Diffstat (limited to 'test/test_ipsec_spd_flow_cache.py')
-rw-r--r--test/test_ipsec_spd_flow_cache.py21
1 files changed, 21 insertions, 0 deletions
diff --git a/test/test_ipsec_spd_flow_cache.py b/test/test_ipsec_spd_flow_cache.py
index 0c26e7b9e6a..54571c6741a 100644
--- a/test/test_ipsec_spd_flow_cache.py
+++ b/test/test_ipsec_spd_flow_cache.py
@@ -306,6 +306,13 @@ class IPSec4SpdTestCaseMultiple(SpdFlowCacheOutbound):
1, self.pg2, self.pg0, socket.IPPROTO_UDP,
is_out=1, priority=10, policy_type="discard")
+ # interfaces bound to an SPD, will by default drop inbound
+ # traffic with no matching policies. add catch-all inbound
+ # bypass rule to SPD:
+ self.spd_add_rem_policy( # inbound, all interfaces
+ 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10,
+ policy_type="bypass", all_ips=True)
+
# check flow cache is empty (0 active elements) before sending traffic
self.verify_num_outbound_flow_cache_entries(0)
@@ -390,6 +397,13 @@ class IPSec4SpdTestCaseOverwriteStale(SpdFlowCacheOutbound):
1, self.pg2, self.pg0, socket.IPPROTO_UDP,
is_out=1, priority=10, policy_type="discard")
+ # interfaces bound to an SPD, will by default drop inbound
+ # traffic with no matching policies. add catch-all inbound
+ # bypass rule to SPD:
+ self.spd_add_rem_policy( # inbound, all interfaces
+ 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10,
+ policy_type="bypass", all_ips=True)
+
# check flow cache is empty (0 active elements) before sending traffic
self.verify_num_outbound_flow_cache_entries(0)
@@ -527,6 +541,13 @@ class IPSec4SpdTestCaseCollision(SpdFlowCacheOutbound):
1, self.pg2, self.pg0, socket.IPPROTO_UDP,
is_out=1, priority=10, policy_type="bypass")
+ # interfaces bound to an SPD, will by default drop inbound
+ # traffic with no matching policies. add catch-all inbound
+ # bypass rule to SPD:
+ self.spd_add_rem_policy( # inbound, all interfaces
+ 1, None, None, socket.IPPROTO_UDP, is_out=0, priority=10,
+ policy_type="bypass", all_ips=True)
+
# check flow cache is empty (0 active elements) before sending traffic
self.verify_num_outbound_flow_cache_entries(0)