ipsec: fixes for NAT-T and unit tests

--HG-- branch : ipsec
2014-06-17 18:37:05 +02:00 · 2014-06-17 18:37:05 +02:00 · def2cd8be2
parent 898b09c479
commit def2cd8be2
2 changed files with 6 additions and 5 deletions
--- a/scapy/layers/ipsec.py
+++ b/scapy/layers/ipsec.py
@ -111,6 +111,7 @@ class ESP(Packet):
 bind_layers(IP, ESP, proto=socket.IPPROTO_ESP)
 bind_layers(IPv6, ESP, nh=socket.IPPROTO_ESP)
 bind_layers(UDP, ESP, dport=4500)  # NAT-Traversal encapsulation
+bind_layers(UDP, ESP, sport=4500)  # NAT-Traversal encapsulation

 #------------------------------------------------------------------------------
 class _ESPPlain(Packet):
@ -977,4 +978,4 @@ class SecurityAssociation(object):
        elif self.proto is AH and pkt.haslayer(AH):
            return self._decrypt_ah(pkt, verify=verify)
        else:
-            return pkt
+            raise TypeError('%s has no %s layer' % (pkt, self.proto.name))
--- a/test/ipsec.uts
+++ b/test/ipsec.uts
@ -419,7 +419,7 @@ except IPSecIntegrityError, err:
 + IPv4 / AH

 #######################################
-= IPv4 / AH - Transport - AES-XCBC-96
+= IPv4 / AH - Transport - HMAC-SHA1-96

 p = IP(src='1.1.1.1', dst='2.2.2.2')
 p /= TCP(sport=45012, dport=80)
@ -428,7 +428,7 @@ p = IP(str(p))
 p

 sa = SecurityAssociation(AH, spi=0x222,
-                         auth_algo='AES-XCBC-96', auth_key='sixteenbytes key')
+                         auth_algo='HMAC-SHA1-96', auth_key='sixteenbytes key')

 e = sa.encrypt(p)
 e
@ -453,7 +453,7 @@ d
 assert(d[TCP] == p[TCP])

 #######################################
-= IPv4 / AH - Transport - AES-XCBC-96 - altered packet
+= IPv4 / AH - Transport - HMAC-SHA1-96 - altered packet

 p = IP(src='1.1.1.1', dst='2.2.2.2')
 p /= TCP(sport=45012, dport=80)
@ -462,7 +462,7 @@ p = IP(str(p))
 p

 sa = SecurityAssociation(AH, spi=0x222,
-                         auth_algo='AES-XCBC-96', auth_key='sixteenbytes key')
+                         auth_algo='HMAC-SHA1-96', auth_key='sixteenbytes key')

 e = sa.encrypt(p)
 e