ipsec_parser/
ikev2_notify.rs

1use rusticata_macros::newtype_enum;
2
3/// Notify Message Type
4///
5/// Notification information can be error messages specifying why an SA
6/// could not be established.  It can also be status data that a process
7/// managing an SA database wishes to communicate with a peer process.
8///
9/// The table below lists the notification messages and their
10/// corresponding values.  The number of different error statuses was
11/// greatly reduced from IKEv1 both for simplification and to avoid
12/// giving configuration information to probers.
13///
14/// Types in the range 0 - 16383 are intended for reporting errors.  An
15/// implementation receiving a Notify payload with one of these types
16/// that it does not recognize in a response MUST assume that the
17/// corresponding request has failed entirely.  Unrecognized error types
18/// in a request and status types in a request or response MUST be
19/// ignored, and they should be logged.
20///
21/// Notify payloads with status types MAY be added to any message and
22/// MUST be ignored if not recognized.  They are intended to indicate
23/// capabilities, and as part of SA negotiation, are used to negotiate
24/// non-cryptographic parameters.
25///
26/// Defined in [RFC7296](https://tools.ietf.org/html/rfc7296) section 3.10.1
27///
28/// Extensions:
29///
30/// - [RFC4555](https://tools.ietf.org/html/rfc4555) IKEv2 Mobility and Multihoming Protocol (MOBIKE)
31/// - [RFC4739](https://tools.ietf.org/html/rfc4739) Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol
32/// - [RFC5685](https://tools.ietf.org/html/rfc5685) Redirect Mechanism for the Internet Key Exchange Protocol Version 2 (IKEv2)
33/// - [RFC5723](https://tools.ietf.org/html/rfc5723) Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
34/// - [RFC7427](https://tools.ietf.org/html/rfc7427) Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
35///
36/// See also [IKEV2IANA](https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml) for the latest values.
37#[derive(Clone, Copy, PartialEq, Eq)]
38pub struct NotifyType(pub u16);
39
40newtype_enum! {
41impl debug NotifyType {
42    // error types
43    UNSUPPORTED_CRITICAL_PAYLOAD  = 1,
44    INVALID_IKE_SPI               = 4,
45    INVALID_MAJOR_VERSION         = 5,
46    INVALID_SYNTAX                = 7,
47    INVALID_MESSAGE_ID            = 9,
48    INVALID_SPI                   = 11,
49    NO_PROPOSAL_CHOSEN            = 14,
50    INVALID_KE_PAYLOAD            = 17,
51    AUTHENTICATION_FAILED         = 24,
52    SINGLE_PAIR_REQUIRED          = 34,
53    NO_ADDITIONAL_SAS             = 35,
54    INTERNAL_ADDRESS_FAILURE      = 36,
55    FAILED_CP_REQUIRED            = 37,
56    TS_UNACCEPTABLE               = 38,
57    INVALID_SELECTORS             = 39,
58    TEMPORARY_FAILURE             = 43,
59    CHILD_SA_NOT_FOUND            = 44,
60    // status types
61    INITIAL_CONTACT               = 16384,
62    SET_WINDOW_SIZE               = 16385,
63    ADDITIONAL_TS_POSSIBLE        = 16386,
64    IPCOMP_SUPPORTED              = 16387,
65    NAT_DETECTION_SOURCE_IP       = 16388,
66    NAT_DETECTION_DESTINATION_IP  = 16389,
67    COOKIE                        = 16390,
68    USE_TRANSPORT_MODE            = 16391,
69    HTTP_CERT_LOOKUP_SUPPORTED    = 16392,
70    REKEY_SA                      = 16393,
71    ESP_TFC_PADDING_NOT_SUPPORTED = 16394,
72    NON_FIRST_FRAGMENTS_ALSO      = 16395,
73    //
74    MULTIPLE_AUTH_SUPPORTED       = 16404,
75    ANOTHER_AUTH_FOLLOWS          = 16405,
76    REDIRECT_SUPPORTED            = 16406,
77    //
78    IKEV2_FRAGMENTATION_SUPPORTED = 16430,
79    SIGNATURE_HASH_ALGORITHMS     = 16431,
80}
81}
82
83impl NotifyType {
84    pub fn is_error(self) -> bool {
85        self.0 < 16384
86    }
87    pub fn is_status(self) -> bool {
88        self.0 > 16384
89    }
90}