ipsec: fix missing udp port check
Type: fix
This patch fixes the missing UDP port check in IPsec NAT-T
case. As of RFC3948 UDP encapped ESP traffic should have
destination port ID of 4500, which was missing.
The related tests are updated with this port ID, too.
Change-Id: I73ecc6a93de8d0f4b642313b0f4d9c2f214a7790
Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
diff --git a/test/test_ipsec_spd_flow_cache_input.py b/test/test_ipsec_spd_flow_cache_input.py
index 283f345..b913a98 100644
--- a/test/test_ipsec_spd_flow_cache_input.py
+++ b/test/test_ipsec_spd_flow_cache_input.py
@@ -785,9 +785,9 @@
# create the packet streams
# packet hashes to:
# ad727628
- packets1 = self.create_stream(self.pg2, self.pg1, pkt_count, 1, 1)
+ packets1 = self.create_stream(self.pg2, self.pg1, pkt_count, 1, 4500)
# b5512898
- packets2 = self.create_stream(self.pg0, self.pg3, pkt_count, 1, 1)
+ packets2 = self.create_stream(self.pg0, self.pg3, pkt_count, 1, 4500)
# add the streams to the source interfaces
self.pg2.add_stream(packets1)
self.pg0.add_stream(packets2)
@@ -821,9 +821,9 @@
# create the packet streams
# 2f8f90f557eef12c
- packets1 = self.create_stream(self.pg2, self.pg1, pkt_count, 1, 1)
+ packets1 = self.create_stream(self.pg2, self.pg1, pkt_count, 1, 4500)
# 6b7f9987719ffc1c
- packets2 = self.create_stream(self.pg3, self.pg2, pkt_count, 1, 1)
+ packets2 = self.create_stream(self.pg3, self.pg2, pkt_count, 1, 4500)
# add the streams to the source interfaces
self.pg2.add_stream(packets1)
self.pg3.add_stream(packets2)