Expand description
§IPsec parsers
This crate contains several parsers using for IPsec: IKEv2, and reading the envelope of ESP encapsulated messages. This parser provides the base functions to read and analyze messages, but does not handle the interpretation of messages.
ESP is supported, but only to read the envelope of the payload.
Encapsulated ESP is supported, to differentiate between IKE and ESP headers.
§IKEv2 parser
An IKEv2 (RFC7296) parser, implemented with the nom parser combinator framework.
The code is available on Github and is part of the Rusticata project.
To parse an IKE packet, first read the header using parse_ikev2_header, then use the type
from the header to parse the remaining part:
use ipsec_parser::*;
use nom::IResult;
static IKEV2_INIT_RESP: &'static [u8] = include_bytes!("../assets/ike-sa-init-resp.bin");
fn test_ikev2_init_resp() {
let bytes = IKEV2_INIT_RESP;
match parse_ikev2_header(&bytes) {
Ok( (rem, ref hdr) ) => {
match parse_ikev2_payload_list(rem,hdr.next_payload) {
Ok( (_, Ok(ref p)) ) => {
// p is a list of payloads
// first one is always dummy
assert!(p.len() > 0);
assert_eq!(p[0].content, IkeV2PayloadContent::Dummy);
for payload in p {
match payload.content {
IkeV2PayloadContent::SA(ref sa) => { /* .. */ },
_ => ()
}
}
},
e => { eprintln!("Parsing payload failed: {:?}", e); },
}
},
_ => { eprintln!("Parsing header failed"); },
}
}Re-exports§
pub use nom;
Structs§
- Authentication
Method - Method of authentication used.
- Authentication
Payload - Authentication Payload
- Certificate
Encoding - Certificate Encoding
- Certificate
Payload - Certificate Payload
- Certificate
Request Payload - Certificate Request Payload
- Delete
Payload - Delete Payload
- ESPHeader
- Encapsulating Security Payload Packet Format
- Encrypted
Payload - Encrypted Payload
- Identification
Payload - Identification Payloads
- Identification
Type - Type of Identification
- IkeExchange
Type - Payload exchange type: SA, Auth, CreateChildSA, etc.
- IkePayload
Type - Payload type
- IkeTransform
Auth Type - Authentication / Integrity values
- IkeTransformDH
Type - Diffie-Hellman values
- IkeTransformESN
Type - Extended Sequence Number values
- IkeTransform
EncType - Encryption values
- IkeTransformPRF
Type - Pseudo-Random Function values
- IkeTransform
Type - Transform (cryptographic algorithm) type
- IkeV2
Generic Payload - Generic (unparsed payload)
- IkeV2
Header - The IKE Header
- IkeV2
Payload - IKE Message Payload
- IkeV2
Payload Header - Generic Payload Header
- IkeV2
Proposal - Ciphersuite Proposal
- IkeV2
RawTransform - Raw representation of a transform (cryptographic algorithm) and parameters
- KeyExchange
Payload - Key Exchange Payload
- Nonce
Payload - Nonce Payload
- Notify
Payload - Notify Payload
- Notify
Type - Notify Message Type
- ProtocolID
- Protocol type: IKE, AH or ESP
- TSType
- Type of Traffic Selector
- Traffic
Selector - Traffic Selector
- Traffic
Selector Payload - Traffic Selector Payload
- VendorID
Payload - Vendor ID Payload
Enums§
- ESPData
- UDP-encapsulated Packet Formats
- IPsec
Error - IkeV2
Payload Content - IKE Message Payload Content
- IkeV2
Transform - IKEv2 Transform (cryptographic algorithm)
Constants§
Functions§
- parse_
esp_ encapsulated - Parse an encapsulated ESP packet
- parse_
esp_ header - Parse an ESP packet
- parse_
ikev2_ header - parse_
ikev2_ message - Parse an IKEv2 message
- parse_
ikev2_ payload_ authentication - parse_
ikev2_ payload_ certificate - parse_
ikev2_ payload_ certificate_ request - parse_
ikev2_ payload_ delete - parse_
ikev2_ payload_ encrypted - parse_
ikev2_ payload_ generic - parse_
ikev2_ payload_ ident_ init - parse_
ikev2_ payload_ ident_ resp - parse_
ikev2_ payload_ kex - parse_
ikev2_ payload_ list - parse_
ikev2_ payload_ nonce - parse_
ikev2_ payload_ notify - parse_
ikev2_ payload_ sa - parse_
ikev2_ payload_ ts - parse_
ikev2_ payload_ ts_ init - parse_
ikev2_ payload_ ts_ resp - parse_
ikev2_ payload_ unknown - parse_
ikev2_ payload_ vendor_ id - parse_
ikev2_ payload_ with_ type - parse_
ikev2_ proposal - parse_
ikev2_ transform