-
Notifications
You must be signed in to change notification settings - Fork 3.7k
Cover ipsec key derivation in integration tests #35843
Copy link
Copy link
Closed
Labels
area/CIContinuous Integration testing issue or flakeContinuous Integration testing issue or flakearea/CI-improvementTopic or proposal to improve the Continuous Integration workflowTopic or proposal to improve the Continuous Integration workflowfeature/ipsecRelates to Cilium's IPsec featureRelates to Cilium's IPsec featurepinnedThese issues are not marked stale by our issue bot.These issues are not marked stale by our issue bot.
Description
Metadata
Metadata
Assignees
Labels
area/CIContinuous Integration testing issue or flakeContinuous Integration testing issue or flakearea/CI-improvementTopic or proposal to improve the Continuous Integration workflowTopic or proposal to improve the Continuous Integration workflowfeature/ipsecRelates to Cilium's IPsec featureRelates to Cilium's IPsec featurepinnedThese issues are not marked stale by our issue bot.These issues are not marked stale by our issue bot.
We have several integration tests for XFRM and IPsec. We could probably add some sanity check in there for the derived keys. An easy way to check this would be to ensure that the keys are the same on two nodes for a given tunnel.