Crate ipsec_parser[][src]

Expand description

IPsec parsers

This crate contains several parsers using for IPsec: IKEv2, and reading the envelope of ESP encapsulated messages. This parser provides the base functions to read and analyze messages, but does not handle the interpretation of messages.

ESP is supported, but only to read the envelope of the payload.

Encapsulated ESP is supported, to differentiate between IKE and ESP headers.

IKEv2 parser

An IKEv2 (RFC7296) parser, implemented with the nom parser combinator framework.

The code is available on Github and is part of the Rusticata project.

To parse an IKE packet, first read the header using parse_ikev2_header, then use the type from the header to parse the remaining part:

use ipsec_parser::*;
use nom::IResult;

static IKEV2_INIT_RESP: &'static [u8] = include_bytes!("../assets/ike-sa-init-resp.bin");

fn test_ikev2_init_resp() {
    let bytes = IKEV2_INIT_RESP;
    match parse_ikev2_header(&bytes) {
        Ok( (rem, ref hdr) ) => {
            match parse_ikev2_payload_list(rem,hdr.next_payload) {
                Ok( (_, Ok(ref p)) ) => {
                    // p is a list of payloads
                    // first one is always dummy
                    assert!(p.len() > 0);
                    assert_eq!(p[0].content, IkeV2PayloadContent::Dummy);
                    for payload in p {
                        match payload.content {
                            IkeV2PayloadContent::SA(ref sa) => { /* .. */ },
                            _ => ()
                e => { eprintln!("Parsing payload failed: {:?}", e); },
        _ => { eprintln!("Parsing header failed"); },


pub use nom;


Method of authentication used.

Authentication Payload

Certificate Encoding

Certificate Payload

Certificate Request Payload

Delete Payload

Encapsulating Security Payload Packet Format

Encrypted Payload

Identification Payloads

Type of Identification

Payload exchange type: SA, Auth, CreateChildSA, etc.

Payload type

Authentication / Integrity values

Diffie-Hellman values

Extended Sequence Number values

Encryption values

Pseudo-Random Function values

Transform (cryptographic algorithm) type

Generic (unparsed payload)

The IKE Header

IKE Message Payload

Generic Payload Header

Ciphersuite Proposal

Raw representation of a transform (cryptographic algorithm) and parameters

Key Exchange Payload

Nonce Payload

Notify Payload

Notify Message Type

Protocol type: IKE, AH or ESP

Type of Traffic Selector

Traffic Selector

Traffic Selector Payload

Vendor ID Payload


UDP-encapsulated Packet Formats

IKE Message Payload Content

IKEv2 Transform (cryptographic algorithm)