1a57d7795SbluhmSend IPsec traffic to another machine where it gets processed. 2a57d7795SbluhmThere the IPsec implementation has to deliver it to the local stack 3a57d7795Sbluhmor forward it after decryption. By reflecting the packets, the way 4a57d7795Sbluhmback is also tested. When the response is received at the generating 5a57d7795Sbluhmmachine, the test is considered successful. 6a57d7795Sbluhm 7785bf742SbluhmCurrently ICMP ping, UDP and TCP packets are protected with ESP and AH. 847e34d94SbluhmTransport and tunnel mode are tested with all combinations of IPv4 947e34d94Sbluhmand IPv6. 10a57d7795Sbluhm 11*e7650b58SbluhmThe BPF output of the enc0 interface is checked. 12*e7650b58Sbluhm 1347e34d94SbluhmTODO: 14*e7650b58SbluhmBPF output of pflog0 should be checked. 15*e7650b58SbluhmTests for fragments and path MTU discovery are planned. 16*e7650b58SbluhmTest TCP MD5 signatures. 17