ipsec: fix missing udp port check

Type: fix This patch fixes the missing UDP port check in IPsec NAT-T case. As of RFC3948 UDP encapped ESP traffic should have destination port ID of 4500, which was missing. The related tests are updated with this port ID, too. Change-Id: I73ecc6a93de8d0f4b642313b0f4d9c2f214a7790 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
2024-05-24 16:46:00 +01:00
parent 8c77c1930a
commit e7901e8830
3 changed files with 17 additions and 18 deletions
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -3022,7 +3022,7 @@ class SpdFlowCacheTemplate(IPSecIPv4Fwd):
            return False

    def create_stream(
-        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=5678, proto="UDP-ESP"
+        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=4500, proto="UDP-ESP"
    ):
        packets = []
        packets = super(SpdFlowCacheTemplate, cls).create_stream(
@@ -3031,7 +3031,7 @@ class SpdFlowCacheTemplate(IPSecIPv4Fwd):
        return packets

    def verify_capture(
-        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=5678
+        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=4500
    ):
        super(SpdFlowCacheTemplate, self).verify_l3_l4_capture(
            src_if, dst_if, capture, tcp_port_in, udp_port_in
@@ -3056,7 +3056,7 @@ class SpdFastPathTemplate(IPSecIPv4Fwd):
        super(SpdFastPathTemplate, self).tearDown()

    def create_stream(
-        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=5678, proto="UDP-ESP"
+        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=4500, proto="UDP-ESP"
    ):
        packets = []
        packets = super(SpdFastPathTemplate, cls).create_stream(
@@ -3065,7 +3065,7 @@ class SpdFastPathTemplate(IPSecIPv4Fwd):
        return packets

    def verify_capture(
-        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=5678
+        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=4500
    ):
        super(SpdFastPathTemplate, self).verify_l3_l4_capture(
            src_if, dst_if, capture, tcp_port_in, udp_port_in
@@ -3084,7 +3084,7 @@ class IpsecDefaultTemplate(IPSecIPv4Fwd):
        super(IpsecDefaultTemplate, self).tearDown()

    def create_stream(
-        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=5678, proto="UDP-ESP"
+        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=4500, proto="UDP-ESP"
    ):
        packets = []
        packets = super(IpsecDefaultTemplate, cls).create_stream(
@@ -3093,7 +3093,7 @@ class IpsecDefaultTemplate(IPSecIPv4Fwd):
        return packets

    def verify_capture(
-        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=5678
+        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=4500
    ):
        super(IpsecDefaultTemplate, self).verify_l3_l4_capture(
            src_if, dst_if, capture, tcp_port_in, udp_port_in
--- a/test/test_ipsec_spd_flow_cache_input.py
+++ b/test/test_ipsec_spd_flow_cache_input.py
@@ -785,9 +785,9 @@ class IPSec4SpdTestCaseCollisionInbound(SpdFlowCacheInbound):
            # create the packet streams
            # packet hashes to:
            # ad727628
-            packets1 = self.create_stream(self.pg2, self.pg1, pkt_count, 1, 1)
+            packets1 = self.create_stream(self.pg2, self.pg1, pkt_count, 1, 4500)
            # b5512898
-            packets2 = self.create_stream(self.pg0, self.pg3, pkt_count, 1, 1)
+            packets2 = self.create_stream(self.pg0, self.pg3, pkt_count, 1, 4500)
            # add the streams to the source interfaces
            self.pg2.add_stream(packets1)
            self.pg0.add_stream(packets2)
@@ -821,9 +821,9 @@ class IPSec4SpdTestCaseCollisionInbound(SpdFlowCacheInbound):

            # create the packet streams
            # 2f8f90f557eef12c
-            packets1 = self.create_stream(self.pg2, self.pg1, pkt_count, 1, 1)
+            packets1 = self.create_stream(self.pg2, self.pg1, pkt_count, 1, 4500)
            # 6b7f9987719ffc1c
-            packets2 = self.create_stream(self.pg3, self.pg2, pkt_count, 1, 1)
+            packets2 = self.create_stream(self.pg3, self.pg2, pkt_count, 1, 4500)
            # add the streams to the source interfaces
            self.pg2.add_stream(packets1)
            self.pg3.add_stream(packets2)