From 4117b24acb4241d7f2ef38248bc254f6a4a7b422 Mon Sep 17 00:00:00 2001
From: Arthur de Kerhor <arthurdekerhor@gmail.com>
Date: Wed, 31 Aug 2022 19:13:03 +0200
Subject: ipsec: new api for sa ips and ports updates

Useful to update the tunnel paramaters and udp ports (NAT-T) of an SA
without having to rekey. Could be done by deleting and re-adding the
SA but it would not preserve the anti-replay window if there is one.
Use case: a nat update/reboot between the 2 endpoints of the tunnel.

Type: feature
Change-Id: Icf5c0aac218603e8aa9a008ed6f614e4a6db59a0
Signed-off-by: Arthur de Kerhor <arthurdekerhor@gmail.com>
---
 test/template_ipsec.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'test/template_ipsec.py')

diff --git a/test/template_ipsec.py b/test/template_ipsec.py
index 9d9ea3a86d3..d00216c7308 100644
--- a/test/template_ipsec.py
+++ b/test/template_ipsec.py
@@ -1291,7 +1291,7 @@ class IpsecTun4(object):
         decrypt_pkts = []
         for rx in rxs:
             if p.nat_header:
-                self.assertEqual(rx[UDP].dport, 4500)
+                self.assertEqual(rx[UDP].dport, p.nat_header.dport)
             self.assert_packet_checksums_valid(rx)
             self.assertEqual(len(rx) - len(Ether()), rx[IP].len)
             try:
-- 
cgit 1.2.3-korg