| Matteo Scandolo | a6a3aee | 2019-11-26 13:30:14 -0700 | [diff] [blame] | 1 | // Copyright 2012 Google, Inc. All rights reserved. |
| 2 | // |
| 3 | // Use of this source code is governed by a BSD-style license |
| 4 | // that can be found in the LICENSE file in the root of the source |
| 5 | // tree. |
| 6 | |
| 7 | package layers |
| 8 | |
| 9 | import ( |
| 10 | "encoding/binary" |
| 11 | "github.com/google/gopacket" |
| 12 | ) |
| 13 | |
| 14 | // IPSecAH is the authentication header for IPv4/6 defined in |
| 15 | // http://tools.ietf.org/html/rfc2402 |
| 16 | type IPSecAH struct { |
| 17 | // While the auth header can be used for both IPv4 and v6, its format is that of |
| 18 | // an IPv6 extension (NextHeader, PayloadLength, etc...), so we use ipv6ExtensionBase |
| 19 | // to build it. |
| 20 | ipv6ExtensionBase |
| 21 | Reserved uint16 |
| 22 | SPI, Seq uint32 |
| 23 | AuthenticationData []byte |
| 24 | } |
| 25 | |
| 26 | // LayerType returns LayerTypeIPSecAH. |
| 27 | func (i *IPSecAH) LayerType() gopacket.LayerType { return LayerTypeIPSecAH } |
| 28 | |
| 29 | func decodeIPSecAH(data []byte, p gopacket.PacketBuilder) error { |
| 30 | i := &IPSecAH{ |
| 31 | ipv6ExtensionBase: ipv6ExtensionBase{ |
| 32 | NextHeader: IPProtocol(data[0]), |
| 33 | HeaderLength: data[1], |
| 34 | }, |
| 35 | Reserved: binary.BigEndian.Uint16(data[2:4]), |
| 36 | SPI: binary.BigEndian.Uint32(data[4:8]), |
| 37 | Seq: binary.BigEndian.Uint32(data[8:12]), |
| 38 | } |
| 39 | i.ActualLength = (int(i.HeaderLength) + 2) * 4 |
| 40 | i.AuthenticationData = data[12:i.ActualLength] |
| 41 | i.Contents = data[:i.ActualLength] |
| 42 | i.Payload = data[i.ActualLength:] |
| 43 | p.AddLayer(i) |
| 44 | return p.NextDecoder(i.NextHeader) |
| 45 | } |
| 46 | |
| 47 | // IPSecESP is the encapsulating security payload defined in |
| 48 | // http://tools.ietf.org/html/rfc2406 |
| 49 | type IPSecESP struct { |
| 50 | BaseLayer |
| 51 | SPI, Seq uint32 |
| 52 | // Encrypted contains the encrypted set of bytes sent in an ESP |
| 53 | Encrypted []byte |
| 54 | } |
| 55 | |
| 56 | // LayerType returns LayerTypeIPSecESP. |
| 57 | func (i *IPSecESP) LayerType() gopacket.LayerType { return LayerTypeIPSecESP } |
| 58 | |
| 59 | func decodeIPSecESP(data []byte, p gopacket.PacketBuilder) error { |
| 60 | i := &IPSecESP{ |
| 61 | BaseLayer: BaseLayer{data, nil}, |
| 62 | SPI: binary.BigEndian.Uint32(data[:4]), |
| 63 | Seq: binary.BigEndian.Uint32(data[4:8]), |
| 64 | Encrypted: data[8:], |
| 65 | } |
| 66 | p.AddLayer(i) |
| 67 | return nil |
| 68 | } |