-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipsec: Fix IPsec decrypt_esp for NAT-Traversal #4370
base: master
Are you sure you want to change the base?
ipsec: Fix IPsec decrypt_esp for NAT-Traversal #4370
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #4370 +/- ##
==========================================
- Coverage 81.56% 81.56% -0.01%
==========================================
Files 352 352
Lines 83897 83900 +3
==========================================
- Hits 68431 68430 -1
- Misses 15466 15470 +4
|
Please provide a unit test as an example of what your PR fixes. |
Thanks for the PR ! it looks good, but could you please add a unit test ? |
Thanks, sure will add a unit test |
c032968
to
f67a3eb
Compare
@gpotter2 could you please review |
Thanks. This test doesn't work though. You should test it locally using
|
f67a3eb
to
e24048e
Compare
I tested it locally and the test passed |
When having nat_header, encrypted.underlayer will return UDP/ESP, so when decrypting IPv6 packet, the decrypt packet will be return with nat_header (UDP), which will return a corrupted packet. Example: original packet: IPv6/TCP/Raw encrypted packet: IPv6/UDP/ESP Decrypted packet: IPv6/UDP/TCP/Raw Signed-off-by: Iman Afaneh <iafaneh@nvidia.com>
Signed-off-by: Iman Afaneh <iafaneh@nvidia.com>
e24048e
to
39218a1
Compare
@gpotter2 could you please review |
1 similar comment
@gpotter2 could you please review |
When having nat_header, encrypted.underlayer will return UDP/ESP, so when decrypting IPv6 packet, the decrypt packet will be return with nat_header (UDP), which will return a corrupted packet.
Example:
original packet:
IPv6/TCP/Raw
encrypted packet:
IPv6/UDP/ESP
Decrypted packet:
IPv6/UDP/TCP/Raw