From def2cd8be2ef8b980c6d7a67f175385b3f74b0f4 Mon Sep 17 00:00:00 2001
From: Robin Jarry <robin.jarry@6wind.com>
Date: Tue, 17 Jun 2014 18:37:05 +0200
Subject: [PATCH] ipsec: fixes for NAT-T and unit tests

--HG--
branch : ipsec
---
 scapy/layers/ipsec.py | 3 ++-
 test/ipsec.uts        | 8 ++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/scapy/layers/ipsec.py b/scapy/layers/ipsec.py
index 4ae3f070..692a6e18 100644
--- a/scapy/layers/ipsec.py
+++ b/scapy/layers/ipsec.py
@@ -111,6 +111,7 @@ class ESP(Packet):
 bind_layers(IP, ESP, proto=socket.IPPROTO_ESP)
 bind_layers(IPv6, ESP, nh=socket.IPPROTO_ESP)
 bind_layers(UDP, ESP, dport=4500)  # NAT-Traversal encapsulation
+bind_layers(UDP, ESP, sport=4500)  # NAT-Traversal encapsulation
 
 #------------------------------------------------------------------------------
 class _ESPPlain(Packet):
@@ -977,4 +978,4 @@ class SecurityAssociation(object):
         elif self.proto is AH and pkt.haslayer(AH):
             return self._decrypt_ah(pkt, verify=verify)
         else:
-            return pkt
+            raise TypeError('%s has no %s layer' % (pkt, self.proto.name))
diff --git a/test/ipsec.uts b/test/ipsec.uts
index 8b38695f..01f13571 100644
--- a/test/ipsec.uts
+++ b/test/ipsec.uts
@@ -419,7 +419,7 @@ except IPSecIntegrityError, err:
 + IPv4 / AH
 
 #######################################
-= IPv4 / AH - Transport - AES-XCBC-96
+= IPv4 / AH - Transport - HMAC-SHA1-96
 
 p = IP(src='1.1.1.1', dst='2.2.2.2')
 p /= TCP(sport=45012, dport=80)
@@ -428,7 +428,7 @@ p = IP(str(p))
 p
 
 sa = SecurityAssociation(AH, spi=0x222,
-                         auth_algo='AES-XCBC-96', auth_key='sixteenbytes key')
+                         auth_algo='HMAC-SHA1-96', auth_key='sixteenbytes key')
 
 e = sa.encrypt(p)
 e
@@ -453,7 +453,7 @@ d
 assert(d[TCP] == p[TCP])
 
 #######################################
-= IPv4 / AH - Transport - AES-XCBC-96 - altered packet
+= IPv4 / AH - Transport - HMAC-SHA1-96 - altered packet
 
 p = IP(src='1.1.1.1', dst='2.2.2.2')
 p /= TCP(sport=45012, dport=80)
@@ -462,7 +462,7 @@ p = IP(str(p))
 p
 
 sa = SecurityAssociation(AH, spi=0x222,
-                         auth_algo='AES-XCBC-96', auth_key='sixteenbytes key')
+                         auth_algo='HMAC-SHA1-96', auth_key='sixteenbytes key')
 
 e = sa.encrypt(p)
 e
-- 
GitLab