1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

use nom::{IResult,be_u32,rest};
use ikev2::IkeV2Header;
use ikev2_parser::parse_ikev2_header;

/// Encapsulating Security Payload Packet Format
///
/// Defined in [RFC2406](https://tools.ietf.org/html/rfc2406) section 2
#[derive(Debug)]
pub struct ESPHeader<'a> {
    pub spi_index: &'a [u8],
    pub seq: u32,
    pub data: &'a[u8]
}

/// UDP-encapsulated Packet Formats
///
/// Defined in [RFC3948](https://tools.ietf.org/html/rfc3948) section 2
#[derive(Debug)]
pub enum ESPData<'a> {
    ESP(ESPHeader<'a>),
    IKE(IkeV2Header),
}


/// Parse an encapsulated ESP packet
///
/// The type of encapsulated data depends on the first field (`spi_index`): 0 is a forbidden SPI
/// index, and indicates that the header is an IKE header.
/// Any other value indicates an ESP header.
///
/// *Note: input is entirely consumed*
pub fn parse_esp_encapsulated<'a>(i: &'a[u8]) -> IResult<&'a[u8],ESPData<'a>> {
    if peek!(i, be_u32)?.1 == 0 {
        parse_ikev2_header(i).map(|x| (x.0, ESPData::IKE(x.1)))
    } else {
        parse_esp_header(i).map(|x| (x.0, ESPData::ESP(x.1)))
    }
}

/// Parse an ESP packet
///
/// The ESP header contains:
///
/// - the SPI index
/// - the sequence number
/// - the payload data (which can be encrypted)
///
/// *Note: input is entirely consumed*
pub fn parse_esp_header<'a>(i: &'a[u8]) -> IResult<&'a[u8],ESPHeader<'a>> {
    do_parse!(
        i,
        spi_index:  take!(4) >>
        seq:        be_u32 >>
        data:       rest >>
        (
            ESPHeader{
                spi_index: spi_index,
                seq: seq,
                data: data
            }
        )
    )
}