1Send IPsec traffic to another machine where it gets processed. 2There the IPsec implementation has to deliver it to the local stack 3or forward it after decryption. By reflecting the packets, the way 4back is also tested. When the response is received at the generating 5machine, the test is considered successful. 6 7Currently ICMP ping, UDP, TCP packets are protected with ESP and 8AH. Also IPIP encapsulation and IP compression flows are tested. 9Transport and tunnel mode are tested with all combinations of IPv4 10and IPv6. SA bundles that do IPComp, ESP, AH with a single flow 11are tested with all combinations of encapsulation mode, and both 12ip versions, and the ip protocols ping, UDP, TCP. Small and big 13ping packets are used, as IPComp skips small packets. 14 15The netstat -s counters are checked to ensure that encrypted packets 16are processed in both ways. 17 18The BPF output of the enc0 and pflog0 interface is checked. This 19ensures that all IPsec packets are passed to bpf and pf. 20 21TODO: 22Tests for fragments and path MTU discovery are planned. 23Test TCP MD5 signatures. 24Test NAT-Traversal over UDP. 25