In Scapy, when I generate UDP encapsulated packet using SA association, I could see UDP length as 8. Even though I have esp packet after UDP nat header.
ETHER > IP > UDP(srcport=4500, dstport=4500) > ESP
In above header structure, my expectation is nat header UDP should calculate packet length and add as part of its len field. But I could see just 8, which is UDP headers length.
>>> p = IP(src='1.1.1.1', dst='2.2.2.2')
>>> p /= UDP(sport=2512, dport=2512)
>>> p /= Raw('testdata')
>>> p
<IP frag=0 proto=udp src=1.1.1.1 dst=2.2.2.2 |<UDP sport=2512 dport=2512 |<Raw load='testdata' |>>>
>>> sa = SecurityAssociation(ESP, spi=0x222,
... crypt_algo='NULL', crypt_key=None,
... auth_algo='NULL', auth_key=None, tunnel_header=IP(proto=1, src="3.3.3.3",dst="4.4.4.4"),
... nat_t_header=UDP(sport=4500, dport=4500))
>>> e = sa.encrypt(p)
>>> e
<IP version=4 ihl=5 tos=0x0 len=76 id=1 flags= frag=0 ttl=64 proto=udp chksum=0x6c93 src=3.3.3.3 dst=4.4.4.4 |<UDP sport=ipsec_nat_t dport=ipsec_nat_t len=8 chksum=0x0 |<ESP spi=0x222 seq=1 data=4500002400010000401174c3010101010202020209d009d00010258c746573746461746101020204 |>>>
>>> sa.decrypt(e)
<IP version=4 ihl=5 tos=0x0 len=36 id=1 flags= frag=0 ttl=64 proto=udp chksum=0x74c3 src=1.1.1.1 dst=2.2.2.2 |<UDP sport=2512 dport=2512 len=16 chksum=0x258c |<Raw load='testdata' |>>>
In above snapshot, please find dump of e. It shows udp len as 8. And you can find ESP header just after that. Please let me know, if I am missing some action. Or is this expected.
Thanks.
