ipsec: fixes for NAT-T and unit tests

--HG--
branch : ipsec

scapy/layers/ipsec.py

@@ -111,6 +111,7 @@ class ESP(Packet):
 bind_layers(IP, ESP, proto=socket.IPPROTO_ESP)
 bind_layers(IPv6, ESP, nh=socket.IPPROTO_ESP)
 bind_layers(UDP, ESP, dport=4500)  # NAT-Traversal encapsulation
+bind_layers(UDP, ESP, sport=4500)  # NAT-Traversal encapsulation
 
 #------------------------------------------------------------------------------
 class _ESPPlain(Packet):
@@ -977,4 +978,4 @@ class SecurityAssociation(object):
         elif self.proto is AH and pkt.haslayer(AH):
             return self._decrypt_ah(pkt, verify=verify)
         else:
-            return pkt
+            raise TypeError('%s has no %s layer' % (pkt, self.proto.name))

test/ipsec.uts

@@ -419,7 +419,7 @@ except IPSecIntegrityError, err:
 + IPv4 / AH
 
 #######################################
-= IPv4 / AH - Transport - AES-XCBC-96
+= IPv4 / AH - Transport - HMAC-SHA1-96
 
 p = IP(src='1.1.1.1', dst='2.2.2.2')
 p /= TCP(sport=45012, dport=80)
@@ -428,7 +428,7 @@ p = IP(str(p))
 p
 
 sa = SecurityAssociation(AH, spi=0x222,
-                         auth_algo='AES-XCBC-96', auth_key='sixteenbytes key')
+                         auth_algo='HMAC-SHA1-96', auth_key='sixteenbytes key')
 
 e = sa.encrypt(p)
 e
@@ -453,7 +453,7 @@ d
 assert(d[TCP] == p[TCP])
 
 #######################################
-= IPv4 / AH - Transport - AES-XCBC-96 - altered packet
+= IPv4 / AH - Transport - HMAC-SHA1-96 - altered packet
 
 p = IP(src='1.1.1.1', dst='2.2.2.2')
 p /= TCP(sport=45012, dport=80)
@@ -462,7 +462,7 @@ p = IP(str(p))
 p
 
 sa = SecurityAssociation(AH, spi=0x222,
-                         auth_algo='AES-XCBC-96', auth_key='sixteenbytes key')
+                         auth_algo='HMAC-SHA1-96', auth_key='sixteenbytes key')
 
 e = sa.encrypt(p)
 e