| Naveen Sampath | 04696f7 | 2022-06-13 15:19:14 +0530 | [diff] [blame] | 1 | // Copyright 2012 Google, Inc. All rights reserved. |
| 2 | // |
| 3 | // Use of this source code is governed by a BSD-style license |
| 4 | // that can be found in the LICENSE file in the root of the source |
| 5 | // tree. |
| 6 | |
| 7 | package layers |
| 8 | |
| 9 | import ( |
| 10 | "encoding/binary" |
| 11 | "errors" |
| 12 | "github.com/google/gopacket" |
| 13 | ) |
| 14 | |
| 15 | // IPSecAH is the authentication header for IPv4/6 defined in |
| 16 | // http://tools.ietf.org/html/rfc2402 |
| 17 | type IPSecAH struct { |
| 18 | // While the auth header can be used for both IPv4 and v6, its format is that of |
| 19 | // an IPv6 extension (NextHeader, PayloadLength, etc...), so we use ipv6ExtensionBase |
| 20 | // to build it. |
| 21 | ipv6ExtensionBase |
| 22 | Reserved uint16 |
| 23 | SPI, Seq uint32 |
| 24 | AuthenticationData []byte |
| 25 | } |
| 26 | |
| 27 | // LayerType returns LayerTypeIPSecAH. |
| 28 | func (i *IPSecAH) LayerType() gopacket.LayerType { return LayerTypeIPSecAH } |
| 29 | |
| 30 | func decodeIPSecAH(data []byte, p gopacket.PacketBuilder) error { |
| 31 | if len(data) < 12 { |
| 32 | p.SetTruncated() |
| 33 | return errors.New("IPSec AH packet less than 12 bytes") |
| 34 | } |
| 35 | i := &IPSecAH{ |
| 36 | ipv6ExtensionBase: ipv6ExtensionBase{ |
| 37 | NextHeader: IPProtocol(data[0]), |
| 38 | HeaderLength: data[1], |
| 39 | }, |
| 40 | Reserved: binary.BigEndian.Uint16(data[2:4]), |
| 41 | SPI: binary.BigEndian.Uint32(data[4:8]), |
| 42 | Seq: binary.BigEndian.Uint32(data[8:12]), |
| 43 | } |
| 44 | i.ActualLength = (int(i.HeaderLength) + 2) * 4 |
| 45 | if len(data) < i.ActualLength { |
| 46 | p.SetTruncated() |
| 47 | return errors.New("Truncated AH packet < ActualLength") |
| 48 | } |
| 49 | i.AuthenticationData = data[12:i.ActualLength] |
| 50 | i.Contents = data[:i.ActualLength] |
| 51 | i.Payload = data[i.ActualLength:] |
| 52 | p.AddLayer(i) |
| 53 | return p.NextDecoder(i.NextHeader) |
| 54 | } |
| 55 | |
| 56 | // IPSecESP is the encapsulating security payload defined in |
| 57 | // http://tools.ietf.org/html/rfc2406 |
| 58 | type IPSecESP struct { |
| 59 | BaseLayer |
| 60 | SPI, Seq uint32 |
| 61 | // Encrypted contains the encrypted set of bytes sent in an ESP |
| 62 | Encrypted []byte |
| 63 | } |
| 64 | |
| 65 | // LayerType returns LayerTypeIPSecESP. |
| 66 | func (i *IPSecESP) LayerType() gopacket.LayerType { return LayerTypeIPSecESP } |
| 67 | |
| 68 | func decodeIPSecESP(data []byte, p gopacket.PacketBuilder) error { |
| 69 | i := &IPSecESP{ |
| 70 | BaseLayer: BaseLayer{data, nil}, |
| 71 | SPI: binary.BigEndian.Uint32(data[:4]), |
| 72 | Seq: binary.BigEndian.Uint32(data[4:8]), |
| 73 | Encrypted: data[8:], |
| 74 | } |
| 75 | p.AddLayer(i) |
| 76 | return nil |
| 77 | } |