
NETKEY test for passthrough of a single port

A standard westnet-eastnet IPsec SA is established. A passthrough IPsec SA is
setup for port 22 with. Packets for port 22 SHOULD NOT be encrypted with IPsec.
Packets for port 222 SHOULD be encrypted with IPsec

This test case fails the policy checks within NETKEY. The passthrough connection
on west yields:

src 192.0.1.0/24 dst 192.0.2.0/24 proto tcp dport 22
	dir fwd priority 1768 ptype main
src 192.0.1.0/24 dst 192.0.2.0/24 proto tcp dport 22
	dir in priority 1768 ptype main
src 192.0.1.0/24 dst 192.0.2.0/24 proto tcp dport 22
	dir out priority 1768 ptype main

West should yield:

src 192.0.2.0/24 dst 192.0.1.0/24 proto tcp sport 22
	dir fwd priority 1704 ptype main
src 192.0.2.0/24 dst 192.0.1.0/24 proto tcp sport 22
	dir in priority 1704 ptype main
src 192.0.1.0/24 dst 192.0.2.0/24 proto tcp dport 22
	dir out priority 1704 ptype main

which was confirmed using no passthrough route and running the below on west:

ip xfrm policy add src 192.0.2.0/24 dst 192.0.1.0/24 proto tcp sport 22 dir fwd priority 1704 ptype main
ip xfrm policy add src 192.0.2.0/24 dst 192.0.1.0/24 proto tcp sport 22 dir  in priority 1704 ptype main
ip xfrm policy add src 192.0.1.0/24 dst 192.0.2.0/24 proto tcp dport 22 dir out priority 1704 ptype main
