Skip to content

IPsec (IKEv2) parser written in rust with nom

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Notifications You must be signed in to change notification settings

rusticata/ipsec-parser

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

94 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ipsec-parser

License: MIT Apache License 2.0 Build Status

IPsec parsers

This crate contains several parsers using for IPsec: IKEv2, and reading the envelope of ESP encapsulated messages. This parser provides the base functions to read and analyze messages, but does not handle the interpretation of messages.

ESP is supported, but only to read the envelope of the payload.

Encapsulated ESP is supported, to differentiate between IKE and ESP headers.

IKEv2 parser

An IKEv2 (RFC7296) parser, implemented with the nom parser combinator framework.

The code is available on Github and is part of the Rusticata project.

To parse an IKE packet, first read the header using parse_ikev2_header, then use the type from the header to parse the remaining part:

use ipsec_parser::*;
use nom::IResult;

static IKEV2_INIT_RESP: &'static [u8] = include_bytes!("../assets/ike-sa-init-resp.bin");

fn test_ikev2_init_resp() {
    let bytes = IKEV2_INIT_RESP;
    match parse_ikev2_header(&bytes) {
        Ok( (rem, ref hdr) ) => {
            match parse_ikev2_payload_list(rem,hdr.next_payload) {
                Ok( (_, Ok(ref p)) ) => {
                    // p is a list of payloads
                    // first one is always dummy
                    assert!(p.len() > 0);
                    assert_eq!(p[0].content, IkeV2PayloadContent::Dummy);
                    for payload in p {
                        match payload.content {
                            IkeV2PayloadContent::SA(ref sa) => { /* .. */ },
                            _ => ()
                        }
                    }
                },
                e => { eprintln!("Parsing payload failed: {:?}", e); },
            }
        },
        _ => { eprintln!("Parsing header failed"); },
    }
}

Changelog

0.7.0

  • Upgrade to nom 7
  • Set MSRV to 1.46

0.6.0

  • Upgrade to nom 6
  • Convert all macro-based parsers to functions

0.5.0

  • Upgrade to nom 5

0.4.1

  • o not use glob imports in use groups (compatibility with rust 1.24)

0.4.0

  • Upgrade to nom 4

0.3.0

  • Add function parse_ikev2_message to read header and payload list
  • init_spi and resp_spi fields have been changed from &[u8] to u64

Rusticata

This parser is part of the rusticata project. The goal of this project is to provide safe parsers, that can be used in other projects.

Testing of the parser is done manually, and also using unit tests and cargo-fuzz. Please fill a bugreport if you find any issue.

Feel free to contribute: tests, feedback, doc, suggestions (or code) of new parsers etc. are welcome.

License

Licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

About

IPsec (IKEv2) parser written in rust with nom

Resources

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT

Stars

Watchers

Forks

Packages

No packages published

Languages