Hi Andrew, The tests updated as part of this patch[1] are related to the IPSec outbound side "flow cache" i.e. test/test_ipsec_spd_flow_cache.py (see commit[2]). This is really testing the behaviour of the flow cache, rather than this drop by default behaviour described here. These tests just happened to highlight this specific behaviour, rather than be designed specifically to test that.
If we wanted to add some tests for packets getting dropped by default, which is probably a good idea, I'd propose to add something in one of the test/test_ipsec_xyz.py files or create a new test suite to test both ways (inbound/outbound). I'm not working on VPP at the moment but I will find the time to add these to the patch hopefully soon. Best, Zach 1: https://gerrit.fd.io/r/c/vpp/+/34252 2: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=commit;h=6d7dfcbfa4bc05f1308fc677f19ade44ea699da1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20798): https://lists.fd.io/g/vpp-dev/message/20798 Mute This Topic: https://lists.fd.io/mt/84943480/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
