-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(discussion) Build AH without SecurityAssociation #4227
base: master
Are you sure you want to change the base?
Conversation
Fix UDP packet unable to calculate validity when carrying AH extension header
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #4227 +/- ##
===========================================
- Coverage 81.77% 49.29% -32.48%
===========================================
Files 331 343 +12
Lines 76721 77435 +714
===========================================
- Hits 62736 38175 -24561
- Misses 13985 39260 +25275
|
@Shu-xueyuan thanks for your PR. Could you share an example that triggers the issue that you are fixing? |
@guedou I'm very glad that you can reply to me. When I use the official scapy library to construct a UDP message carrying Authentication Header, the Checksum of the message is illegal. Using my modified scapy library to construct the same message will not have this problem. The following is my process of calling scapy: originalPacket = Ether(**ETH2_dicts) / IPv6(**IPV6_dicts) / AH(**Ah_dicts) / UDP(**UDP_dicts). |
@guedou This is the encapsulation format of AH in transport mode: |
Hi. This looks good, but you need to add tests in https://github.com/secdev/scapy/blob/master/test/scapy/layers/inet.uts to make sure that this does not regress. Thanks |
@gpotter2 Hello, the test case has been submitted |
@gpotter2 Hello, when will my changes be reviewed? |
LGTM |
Please fix the flake8 issues. |
I noted I still need to check when this PR really applies, and compare to what's already implemented in |
Thanks for your reply, I totally understand. I'll be happy to wait until you have time to review my edits. If there is anything you need further explanation or assistance from me, please feel free to let me know. I fully understand the high-priority issues encountered in version 2.6.0 and hope that the issues can be resolved smoothly. Thanks! |
@polybassa Thank you for your review, the issue has been resolved. |
Hi, sorry for the delay. So I think that generally you should consider that This currently works fine for your case, and builds valid packets with the proper checksum: >>> sa = SecurityAssociation(AH, spi=1)
>>> sa.encrypt(IP()/UDP()/b"aaa") Crafting AH or ESP packets without using |
@Shu-xueyuan could you describe the use case that you have in mind for these changes ? |
Fix UDP packet unable to calculate validity when carrying AH extension header
Checklist:
cd test && ./run_tests
ortox
)fixes #xxx