ipsec: fix missing udp port check

Type: fix This patch fixes the missing UDP port check in IPsec NAT-T case. As of RFC3948 UDP encapped ESP traffic should have destination port ID of 4500, which was missing. The related tests are updated with this port ID, too. Change-Id: I73ecc6a93de8d0f4b642313b0f4d9c2f214a7790 Signed-off-by: Fan Zhang <fanzhang.oss@gmail.com>
author: Fan Zhang <fanzhang.oss@gmail.com> 2024-05-24 16:46:00 +0100
committer: Beno�t Ganne <bganne@cisco.com> 2024-06-04 12:44:53 +0000
commit: e7901e88302e8db99a6d02eff19daff785207691 (patch)
tree: 6ce2b6f1325f6c1cfb6e4302e02350a6ff64f34a /test/template_ipsec.py
parent: 8c77c1930abd36150edadcf523eceef7810e6487 (diff)
1 files changed, 6 insertions, 6 deletions
diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index b5cd922f127..7953f603287 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -3022,7 +3022,7 @@ class SpdFlowCacheTemplate(IPSecIPv4Fwd):
             return False
 
     def create_stream(
-        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=5678, proto="UDP-ESP"
+        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=4500, proto="UDP-ESP"
     ):
         packets = []
         packets = super(SpdFlowCacheTemplate, cls).create_stream(
@@ -3031,7 +3031,7 @@ class SpdFlowCacheTemplate(IPSecIPv4Fwd):
         return packets
 
     def verify_capture(
-        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=5678
+        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=4500
     ):
         super(SpdFlowCacheTemplate, self).verify_l3_l4_capture(
             src_if, dst_if, capture, tcp_port_in, udp_port_in
@@ -3056,7 +3056,7 @@ class SpdFastPathTemplate(IPSecIPv4Fwd):
         super(SpdFastPathTemplate, self).tearDown()
 
     def create_stream(
-        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=5678, proto="UDP-ESP"
+        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=4500, proto="UDP-ESP"
     ):
         packets = []
         packets = super(SpdFastPathTemplate, cls).create_stream(
@@ -3065,7 +3065,7 @@ class SpdFastPathTemplate(IPSecIPv4Fwd):
         return packets
 
     def verify_capture(
-        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=5678
+        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=4500
     ):
         super(SpdFastPathTemplate, self).verify_l3_l4_capture(
             src_if, dst_if, capture, tcp_port_in, udp_port_in
@@ -3084,7 +3084,7 @@ class IpsecDefaultTemplate(IPSecIPv4Fwd):
         super(IpsecDefaultTemplate, self).tearDown()
 
     def create_stream(
-        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=5678, proto="UDP-ESP"
+        cls, src_if, dst_if, pkt_count, src_prt=1234, dst_prt=4500, proto="UDP-ESP"
     ):
         packets = []
         packets = super(IpsecDefaultTemplate, cls).create_stream(
@@ -3093,7 +3093,7 @@ class IpsecDefaultTemplate(IPSecIPv4Fwd):
         return packets
 
     def verify_capture(
-        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=5678
+        self, src_if, dst_if, capture, tcp_port_in=1234, udp_port_in=4500
     ):
         super(IpsecDefaultTemplate, self).verify_l3_l4_capture(
             src_if, dst_if, capture, tcp_port_in, udp_port_in
author	Fan Zhang <fanzhang.oss@gmail.com>	2024-05-24 16:46:00 +0100
committer	Beno�t Ganne <bganne@cisco.com>	2024-06-04 12:44:53 +0000
commit	e7901e88302e8db99a6d02eff19daff785207691 (patch)
tree	6ce2b6f1325f6c1cfb6e4302e02350a6ff64f34a /test/template_ipsec.py
parent	8c77c1930abd36150edadcf523eceef7810e6487 (diff)