secdev
ipsec: Fix IPsec decrypt_esp for NAT-Traversal
When having nat_header, encrypted.underlayer will return UDP/ESP, so when decrypting IPv6 packet, the decrypt packet will be return with nat_header (UDP), which will return a corrupted packet.
Example:
original packet: IPv6/TCP/Raw encrypted packet: IPv6/UDP/ESP Decrypted packet: IPv6/UDP/TCP/Raw
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 81.56%. Comparing base (
8461c2e) to head (39218a1). Report is 69 commits behind head on master.
Additional details and impacted files
@@ Coverage Diff @@
## master #4370 +/- ##
==========================================
- Coverage 81.56% 81.56% -0.01%
==========================================
Files 352 352
Lines 83897 83900 +3
==========================================
- Hits 68431 68430 -1
- Misses 15466 15470 +4
| Files with missing lines | Coverage Δ | |
|---|---|---|
| scapy/layers/ipsec.py | 90.92% <100.00%> (+0.25%) |
:arrow_up: |
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for the PR ! it looks good, but could you please add a unit test ? Thanks
Thanks. This test doesn't work though.
You should test it locally using
./run_tests -t scapy/layers/ipsec.uts -F
Really, terribly sorry for the delay, thanks a lot for the PR ! I finally took the time to test it and looks good.