https://github.com/rusticata/ipsec-parser
IPsec (IKEv2) parser written in rust with nom
https://github.com/rusticata/ipsec-parser
Last synced: about 2 months ago
JSON representation
IPsec (IKEv2) parser written in rust with nom
- Host: GitHub
- URL: https://github.com/rusticata/ipsec-parser
- Owner: rusticata
- License: apache-2.0
- Created: 2016-11-14T15:56:07.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2025-03-18T07:40:03.000Z (2 months ago)
- Last Synced: 2025-03-28T01:52:28.884Z (about 2 months ago)
- Language: Rust
- Homepage:
- Size: 143 KB
- Stars: 22
- Watchers: 1
- Forks: 9
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE-APACHE
Awesome Lists containing this project
README
# ipsec-parser
[](./LICENSE-MIT)
[](./LICENSE-APACHE)
[](https://travis-ci.org/rusticata/ipsec-parser)
# IPsec parsers
This crate contains several parsers using for IPsec: IKEv2, and reading the envelope of ESP
encapsulated messages.
This parser provides the base functions to read and analyze messages, but does not handle the
interpretation of messages.
ESP is supported, but only to read the envelope of the payload.
Encapsulated ESP is supported, to differentiate between IKE and ESP headers.
# IKEv2 parser
An IKEv2 (RFC7296) parser, implemented with the [nom](https://github.com/Geal/nom)
parser combinator framework.
The code is available on [Github](https://github.com/rusticata/ipsec-parser)
and is part of the [Rusticata](https://github.com/rusticata) project.
To parse an IKE packet, first read the header using `parse_ikev2_header`, then use the type
from the header to parse the remaining part:
```rust
use ipsec_parser::*;
use nom::IResult;
static IKEV2_INIT_RESP: &'static [u8] = include_bytes!("../assets/ike-sa-init-resp.bin");
fn test_ikev2_init_resp() {
let bytes = IKEV2_INIT_RESP;
match parse_ikev2_header(&bytes) {
Ok( (rem, ref hdr) ) => {
match parse_ikev2_payload_list(rem,hdr.next_payload) {
Ok( (_, Ok(ref p)) ) => {
// p is a list of payloads
// first one is always dummy
assert!(p.len() > 0);
assert_eq!(p[0].content, IkeV2PayloadContent::Dummy);
for payload in p {
match payload.content {
IkeV2PayloadContent::SA(ref sa) => { /* .. */ },
_ => ()
}
}
},
e => { eprintln!("Parsing payload failed: {:?}", e); },
}
},
_ => { eprintln!("Parsing header failed"); },
}
}
```
## Changelog
### 0.7.0
- Upgrade to nom 7
- Set MSRV to 1.46
### 0.6.0
- Upgrade to nom 6
- Convert all macro-based parsers to functions
### 0.5.0
- Upgrade to nom 5
### 0.4.1
- o not use glob imports in `use` groups (compatibility with rust 1.24)
### 0.4.0
- Upgrade to nom 4
### 0.3.0
* Add function `parse_ikev2_message` to read header and payload list
* `init_spi` and `resp_spi` fields have been changed from `&[u8]` to `u64`
## Rusticata
This parser is part of the [rusticata](https://github.com/rusticata) project.
The goal of this project is to provide **safe** parsers, that can be used in other projects.
Testing of the parser is done manually, and also using unit tests and
[cargo-fuzz](https://github.com/rust-fuzz/cargo-fuzz). Please fill a bugreport if you find any issue.
Feel free to contribute: tests, feedback, doc, suggestions (or code) of new parsers etc. are welcome.
## License
Licensed under either of
* Apache License, Version 2.0
([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
* MIT license
([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)
at your option.
## Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted
for inclusion in the work by you, as defined in the Apache-2.0 license, shall be
dual licensed as above, without any additional terms or conditions.