ci-ipsec-e2e: plain-text TCP syn, ack, fin (Conformance E2E IPSec: Assert that no unencrypted packets are leaked)

## CI failure

https://github.com/cilium/cilium/actions/runs/12547004754/job/34983756434
https://github.com/cilium/cilium/actions/runs/12847416424/job/35823707107 (sysmdump attached below)

```
 Error: bpftrace output is not empty
[21:25:07:447246] fd00:10:244:2::4490:8080 -> fd00:10:244:3::4748:40606 (proto: 6, TCP flags: SA.., encap: 1, ifindex: 9, netns: f0000000, override: 1)
[21:25:07:449171] fd00:10:244:2::4490:8080 -> fd00:10:244:3::4748:40606 (proto: 6, TCP flags: .A.., encap: 1, ifindex: 9, netns: f0000000, override: 1)
[21:25:07:453488] fd00:10:244:2::4490:8080 -> fd00:10:244:3::4748:40606 (proto: 6, TCP flags: .A.., encap: 1, ifindex: 9, netns: f0000000, override: 1)
[21:25:07:453540] fd00:10:244:2::4490:8080 -> fd00:10:244:3::4748:40606 (proto: 6, TCP flags: .A.., encap: 1, ifindex: 9, netns: f0000000, override: 1)
[21:25:07:455399] fd00:10:244:2::4490:8080 -> fd00:10:244:3::4748:40606 (proto: 6, TCP flags: .AF., encap: 1, ifindex: 9, netns: f0000000, override: 1)
```

The leakage had the same pattern: TCP flags "SA, A, A, A, AF", from proxy, tunnel.

## Sysdump

[cilium-sysdumps(1).zip](https://github.com/user-attachments/files/18489597/cilium-sysdumps.1.zip)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci-ipsec-e2e: plain-text TCP syn, ack, fin (Conformance E2E IPSec: Assert that no unencrypted packets are leaked) #37120

CI failure

Sysdump

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development