commit abc5660c61698fa29252dc202358002a97f2608c
author Neale Ranns <nranns@cisco.com> Wed Apr 01 09:45:23 2020 +0000
committer Paul Vinciguerra <pvinci@vinciconsulting.com> Tue May 05 18:36:33 2020 +0000
tree 969edc7dc2145e40e3fb96c470df917f2053abfe
parent 6fdd7a5f77301a3398c4445bfef202b123ce90d8

ipsec: User can choose the UDP source port

Type: feature

thus allowing NAT traversal,

Signed-off-by: Neale Ranns <nranns@cisco.com>
Change-Id: Ie8650ceeb5074f98c68d2d90f6adc2f18afeba08
Signed-off-by: Paul Vinciguerra <pvinci@vinciconsulting.com>

test/patches/scapy-2.4.3/ipsec.patch

diff --git a/test/patches/scapy-2.4.3/ipsec.patch b/test/patches/scapy-2.4.3/ipsec.patch
index 9936047..7ee8316 100644
--- a/test/patches/scapy-2.4.3/ipsec.patch
+++ b/test/patches/scapy-2.4.3/ipsec.patch
@@ -2,6 +2,14 @@
 index f8c601fa..f566d288 100644
 --- a/scapy/layers/ipsec.py
 +++ b/scapy/layers/ipsec.py
+@@ -138,6 +138,7 @@ bind_layers(IP, ESP, proto=socket.IPPROTO_ESP)
+ bind_layers(IPv6, ESP, nh=socket.IPPROTO_ESP)
+ bind_layers(UDP, ESP, dport=4500)  # NAT-Traversal encapsulation
+ bind_layers(UDP, ESP, sport=4500)  # NAT-Traversal encapsulation
++bind_layers(UDP, ESP, dport=4545)  # NAT-Traversal encapsulation - random port
+ 
+ ###############################################################################
+
 @@ -359,11 +359,8 @@ class CryptAlgo(object):
              encryptor = cipher.encryptor()
  
@@ -147,7 +155,7 @@
  
          esp = self.crypt_algo.decrypt(self, encrypted, self.crypt_key,
                                        self.crypt_algo.icv_size or
-@@ -1050,9 +1069,10 @@ class SecurityAssociation(object):
+@@ -1050,11 +1069,12 @@ class SecurityAssociation(object):
  
      def _decrypt_ah(self, pkt, verify=True):
  
@@ -160,3 +168,4 @@
          ah = pkt[AH]
          payload = ah.payload
 
+