[ovs-dev] [PATCH v2 4/5] ipsec: Introduce IPsec system tests for Libreswan

Eelco Chaudron echaudro at redhat.com
Wed Mar 31 08:38:16 UTC 2021



On 31 Mar 2021, at 10:05, Mark Gray wrote:

> This patch adds system tests for OVS IPsec using Libreswan.
> If Libreswan is not present on the system, the tests will
> be skipped.
>
> These tests set up an underlay switch with bridge 'br0'
> to carry encrypted traffic between two emulated "nodes".
> Each "node" is a seperate network namespace ('left' and
> 'right') and runs an instance of the Libreswan "pluto"
> daemon, ovs-monitor-ipsec, ovs-vswitch and ovsdb-server.
>
> Each test sets up IPsec between the two emulated "nodes"
> using various configurations (currently tunnel
> type, IPv6/IPv6, authentication method, local_ip). After
> configuration, connectivity between the two nodes is
> tested and the underlay traffic is also inspected to
> ensure the traffic is encrypted.
>
> All IPsec system tests can be run by using the ipsec
> keyword:
>
> sudo make check-kernel TESTSUITEFLAGS='-k ipsec'
>
> Signed-off-by: Mark Gray <mark.d.gray at redhat.com>
> ---
> v2: removed sleep, addressed libreswan path length bug, move
>     geneve comment

Reviewed v2 changes, and tested the patch, LGTM.

Acked-by: Eelco Chaudron <echaudro at redhat.com>



More information about the dev mailing list