suricata
util-proto-name.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2022 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
22 *
23 * File to provide the protocol names based on protocol numbers defined by the
24 * IANA
25 */
26
27#include "suricata-common.h"
28#include "util-hash-string.h"
29#include "util-proto-name.h"
30#include "util-debug.h"
31
32#ifdef UNITTESTS
33#include "util-unittest.h"
34#endif
35
36/** Lookup array to hold the information related to known protocol
37 * values
38 */
39
40const char *known_proto[256] = {
41 "HOPOPT", /* 0x00: 0 - IPv6 Hop-by-Hop Option RFC 8200 */
42 "ICMP", /* 0x01: 1 - Internet Control Message Protocol RFC 792 */
43 "IGMP", /* 0x02: 2 - Internet Group Management Protocol RFC 1112 */
44 "GGP", /* 0x03: 3 - Gateway-to-Gateway Protocol RFC 823 */
45 "IP-in-IP", /* 0x04: 4 - IP in IP (encapsulation) RFC 2003 */
46 "ST", /* 0x05: 5 - Internet Stream Protocol RFC 1190, RFC 1819 */
47 "TCP", /* 0x06: 6 - Transmission Control Protocol RFC 793 */
48 "CBT", /* 0x07: 7 - Core-based trees RFC 2189 */
49 "EGP", /* 0x08: 8 - Exterior Gateway Protocol RFC 888 */
50 "IGP", /* 0x09: 9 - Interior Gateway Protocol (any private interior gateway, for example Cisco's
51 IGRP) */
52 "BBN-RCC-MON", /* 0x0A: 10 - BBN RCC Monitoring */
53 "NVP-II", /* 0x0B: 11 - Network Voice Protocol RFC 741 */
54 "PUP", /* 0x0C: 12 - Xerox PUP */
55 "ARGUS", /* 0x0D: 13 - ARGUS */
56 "EMCON", /* 0x0E: 14 - EMCON */
57 "XNET", /* 0x0F: 15 - Cross Net Debugger IEN 158[2] */
58 "CHAOS", /* 0x10: 16 - Chaos */
59 "UDP", /* 0x11: 17 - User Datagram Protocol RFC 768 */
60 "MUX", /* 0x12: 18 - Multiplexing IEN 90[3] */
61 "DCN-MEAS", /* 0x13: 19 - DCN Measurement Subsystems */
62 "HMP", /* 0x14: 20 - Host Monitoring Protocol RFC 869 */
63 "PRM", /* 0x15: 21 - Packet Radio Measurement */
64 "XNS-IDP", /* 0x16: 22 - XEROX NS IDP */
65 "TRUNK-1", /* 0x17: 23 - Trunk-1 */
66 "TRUNK-2", /* 0x18: 24 - Trunk-2 */
67 "LEAF-1", /* 0x19: 25 - Leaf-1 */
68 "LEAF-2", /* 0x1A: 26 - Leaf-2 */
69 "RDP", /* 0x1B: 27 - Reliable Data Protocol RFC 908 */
70 "IRTP", /* 0x1C: 28 - Internet Reliable Transaction Protocol RFC 938 */
71 "ISO-TP4", /* 0x1D: 29 - ISO Transport Protocol Class 4 RFC 905 */
72 "NETBLT", /* 0x1E: 30 - Bulk Data Transfer Protocol RFC 998 */
73 "MFE-NSP", /* 0x1F: 31 - MFE Network Services Protocol */
74 "MERIT-INP", /* 0x20: 32 - MERIT Internodal Protocol */
75 "DCCP", /* 0x21: 33 - Datagram Congestion Control Protocol RFC 4340 */
76 "3PC", /* 0x22: 34 - Third Party Connect Protocol */
77 "IDPR", /* 0x23: 35 - Inter-Domain Policy Routing Protocol RFC 1479 */
78 "XTP", /* 0x24: 36 - Xpress Transport Protocol */
79 "DDP", /* 0x25: 37 - Datagram Delivery Protocol */
80 "IDPR-CMTP", /* 0x26: 38 - IDPR Control Message Transport Protocol */
81 "TP++", /* 0x27: 39 - TP++ Transport Protocol */
82 "IL", /* 0x28: 40 - IL Transport Protocol */
83 "IPv6", /* 0x29: 41 - IPv6 Encapsulation RFC 2473 */
84 "SDRP", /* 0x2A: 42 - Source Demand Routing Protocol RFC 1940 */
85 "IPv6-Route", /* 0x2B: 43 - Routing Header for IPv6 RFC 8200 */
86 "IPv6-Frag", /* 0x2C: 44 - Fragment Header for IPv6 RFC 8200 */
87 "IDRP", /* 0x2D: 45 - Inter-Domain Routing Protocol */
88 "RSVP", /* 0x2E: 46 - Resource Reservation Protocol RFC 2205 */
89 "GRE", /* 0x2F: 47 - Generic Routing Encapsulation RFC 2784, RFC 2890 */
90 "DSR", /* 0x30: 48 - Dynamic Source Routing Protocol RFC 4728 */
91 "BNA", /* 0x31: 49 - Burroughs Network Architecture */
92 "ESP", /* 0x32: 50 - Encapsulating Security Payload RFC 4303 */
93 "AH", /* 0x33: 51 - Authentication Header RFC 4302 */
94 "I-NLSP", /* 0x34: 52 - Integrated Net Layer Security Protocol TUBA */
95 "SwIPe", /* 0x35: 53 - SwIPe RFC 5237 */
96 "NARP", /* 0x36: 54 - NBMA Address Resolution Protocol RFC 1735 */
97 "MOBILE", /* 0x37: 55 - IP Mobility (Min Encap) RFC 2004 */
98 "TLSP", /* 0x38: 56 - Transport Layer Security Protocol (using Kryptonet key management) */
99 "SKIP", /* 0x39: 57 - Simple Key-Management for Internet Protocol RFC 2356 */
100 "IPv6-ICMP", /* 0x3A: 58 - ICMP for IPv6 RFC 4443, RFC 4884 */
101 "IPv6-NoNxt", /* 0x3B: 59 - No Next Header for IPv6 RFC 8200 */
102 "IPv6-Opts", /* 0x3C: 60 - Destination Options for IPv6 RFC 8200 */
103 "Any", /* 0x3D: 61 - host internal protocol */
104 "CFTP", /* 0x3E: 62 - CFTP */
105 "Any", /* 0x3F: 63 - local network */
106 "SAT-EXPAK", /* 0x40: 64 - SATNET and Backroom EXPAK */
107 "KRYPTOLAN", /* 0x41: 65 - Kryptolan */
108 "RVD", /* 0x42: 66 - MIT Remote Virtual Disk Protocol */
109 "IPPC", /* 0x43: 67 - Internet Pluribus Packet Core */
110 "Any", /* 0x44: 68 - distributed file system */
111 "SAT-MON", /* 0x45: 69 - SATNET Monitoring */
112 "VISA", /* 0x46: 70 - VISA Protocol */
113 "IPCU", /* 0x47: 71 - Internet Packet Core Utility */
114 "CPNX", /* 0x48: 72 - Computer Protocol Network Executive */
115 "CPHB", /* 0x49: 73 - Computer Protocol Heart Beat */
116 "WSN", /* 0x4A: 74 - Wang Span Network */
117 "PVP", /* 0x4B: 75 - Packet Video Protocol */
118 "BR-SAT-MON", /* 0x4C: 76 - Backroom SATNET Monitoring */
119 "SUN-ND", /* 0x4D: 77 - SUN ND PROTOCOL-Temporary */
120 "WB-MON", /* 0x4E: 78 - WIDEBAND Monitoring */
121 "WB-EXPAK", /* 0x4F: 79 - WIDEBAND EXPAK */
122 "ISO-IP", /* 0x50: 80 - International Organization for Standardization Internet Protocol */
123 "VMTP", /* 0x51: 81 - Versatile Message Transaction Protocol RFC 1045 */
124 "SECURE-VMTP", /* 0x52: 82 - Secure Versatile Message Transaction Protocol RFC 1045 */
125 "VINES", /* 0x53: 83 - VINES */
126 "TTP", /* 0x54: 84 - TTP */
127 "NSFNET-IGP", /* 0x55: 85 - NSFNET-IGP */
128 "DGP", /* 0x56: 86 - Dissimilar Gateway Protocol */
129 "TCF", /* 0x57: 87 - TCF */
130 "EIGRP", /* 0x58: 88 - EIGRP Informational RFC 7868 */
131 "OSPF", /* 0x59: 89 - Open Shortest Path First RFC 2328 */
132 "Sprite-RPC", /* 0x5A: 90 - Sprite RPC Protocol */
133 "LARP", /* 0x5B: 91 - Locus Address Resolution Protocol */
134 "MTP", /* 0x5C: 92 - Multicast Transport Protocol */
135 "AX.25", /* 0x5D: 93 - AX.25 */
136 "OS", /* 0x5E: 94 - KA9Q NOS compatible IP over IP tunneling */
137 "MICP", /* 0x5F: 95 - Mobile Internetworking Control Protocol */
138 "SCC-SP", /* 0x60: 96 - Semaphore Communications Sec. Pro */
139 "ETHERIP", /* 0x61: 97 - Ethernet-within-IP Encapsulation RFC 3378 */
140 "ENCAP", /* 0x62: 98 - Encapsulation Header RFC 1241 */
141 "Any", /* 0x63: 99 - private encryption scheme */
142 "GMTP", /* 0x64: 100 - GMTP */
143 "IFMP", /* 0x65: 101 - Ipsilon Flow Management Protocol */
144 "PNNI", /* 0x66: 102 - PNNI over IP */
145 "PIM", /* 0x67: 103 - Protocol Independent Multicast */
146 "ARIS", /* 0x68: 104 - IBM's ARIS (Aggregate Route IP Switching) Protocol */
147 "SCPS", /* 0x69: 105 - SCPS (Space Communications Protocol Standards) SCPS-TP[4] */
148 "QNX", /* 0x6A: 106 - QNX */
149 "A/N", /* 0x6B: 107 - Active Networks */
150 "IPComp", /* 0x6C: 108 - IP Payload Compression Protocol RFC 3173 */
151 "SNP", /* 0x6D: 109 - Sitara Networks Protocol */
152 "Compaq-Peer", /* 0x6E: 110 - Compaq Peer Protocol */
153 "IPX-in-IP", /* 0x6F: 111 - IPX in IP */
154 "VRRP", /* 0x70: 112 - Virtual Router Redundancy Protocol, Common Address Redundancy Protocol
155 (not IANA assigned) VRRP:RFC 3768 */
156 "PGM", /* 0x71: 113 - PGM Reliable Transport Protocol RFC 3208 */
157 "Any", /* 0x72: 114 - 0-hop protocol */
158 "L2TP", /* 0x73: 115 - Layer Two Tunneling Protocol Version 3 RFC 3931 */
159 "DDX", /* 0x74: 116 - D-II Data Exchange (DDX) */
160 "IATP", /* 0x75: 117 - Interactive Agent Transfer Protocol */
161 "STP", /* 0x76: 118 - Schedule Transfer Protocol */
162 "SRP", /* 0x77: 119 - SpectraLink Radio Protocol */
163 "UTI", /* 0x78: 120 - Universal Transport Interface Protocol */
164 "SMP", /* 0x79: 121 - Simple Message Protocol */
165 "SM", /* 0x7A: 122 - Simple Multicast Protocol draft-perlman-simple-multicast-03 */
166 "PTP", /* 0x7B: 123 - Performance Transparency Protocol */
167 "IS-IS", /* 0x7C: 124 - over IPv4 Intermediate System to Intermediate System (IS-IS) Protocol
168 over IPv4 RFC 1142 and RFC 1195 */
169 "FIRE", /* 0x7D: 125 - Flexible Intra-AS Routing Environment */
170 "CRTP", /* 0x7E: 126 - Combat Radio Transport Protocol */
171 "CRUDP", /* 0x7F: 127 - Combat Radio User Datagram */
172 "SSCOPMCE", /* 0x80: 128 - Service-Specific Connection-Oriented Protocol in a Multilink and
173 Connectionless Environment ITU-T Q.2111 (1999) */
174 "IPLT", /* 0x81: 129 - */
175 "SPS", /* 0x82: 130 - Secure Packet Shield */
176 "PIPE", /* 0x83: 131 - Private IP Encapsulation within IP Expired I-D
177 draft-petri-mobileip-pipe-00.txt */
178 "SCTP", /* 0x84: 132 - Stream Control Transmission Protocol RFC 4960 */
179 "FC", /* 0x85: 133 - Fibre Channel */
180 "RSVP-E2E-IGNORE", /* 0x86: 134 - Reservation Protocol (RSVP) End-to-End Ignore RFC 3175 */
181 "Mobility", /* 0x87: 135 - Header Mobility Extension Header for IPv6 RFC 6275 */
182 "UDPLite", /* 0x88: 136 - Lightweight User Datagram Protocol RFC 3828 */
183 "MPLS-in-IP", /* 0x89: 137 - Multiprotocol Label Switching Encapsulated in IP RFC 4023,
184 RFC 5332 */
185 "manet", /* 0x8A: 138 - MANET Protocols RFC 5498 */
186 "HIP", /* 0x8B: 139 - Host Identity Protocol RFC 5201 */
187 "Shim6", /* 0x8C: 140 - Site Multihoming by IPv6 Intermediation RFC 5533 */
188 "WESP", /* 0x8D: 141 - Wrapped Encapsulating Security Payload RFC 5840 */
189 "ROHC", /* 0x8E: 142 - Robust Header Compression RFC 5856 */
190 "Ethernet" /* 0x8F: 143 - IPv6 Segment Routing (TEMPORARY - registered 2020-01-31, expires
191 2021-01-31) */
192};
193
194/*
195 * Protocol name aliases
196 */
197const char *proto_aliases[256] = {
198 "ip", /* 0x00: 0 - IPv6 Hop-by-Hop Option RFC 8200 */
199 "icmp", /* 0x01: 1 - Internet Control Message Protocol RFC 792 */
200 "igmp", /* 0x02: 2 - Internet Group Management Protocol RFC 1112 */
201 "ggp", /* 0x03: 3 - Gateway-to-Gateway Protocol RFC 823 */
202 "ipencap", /* 0x04: 4 - IP in IP (encapsulation) RFC 2003 */
203 "st", /* 0x05: 5 - Internet Stream Protocol RFC 1190, RFC 1819 */
204 "tcp", /* 0x06: 6 - Transmission Control Protocol RFC 793 */
205 NULL, /* 0x07: 7 - Core-based trees RFC 2189 */
206 "egp", /* 0x08: 8 - Exterior Gateway Protocol RFC 888 */
207 "igp", /* 0x09: 9 - Interior Gateway Protocol (any private interior gateway, for example Cisco's
208 IGRP) */
209 NULL, /* 0x0A: 10 - BBN RCC Monitoring */
210 NULL, /* 0x0B: 11 - Network Voice Protocol RFC 741 */
211 "pup", /* 0x0C: 12 - Xerox PUP */
212 NULL, /* 0x0D: 13 - ARGUS */
213 NULL, /* 0x0E: 14 - EMCON */
214 NULL, /* 0x0F: 15 - Cross Net Debugger IEN 158[2] */
215 NULL, /* 0x10: 16 - Chaos */
216 "udp", /* 0x11: 17 - User Datagram Protocol RFC 768 */
217 NULL, /* 0x12: 18 - Multiplexing IEN 90[3] */
218 NULL, /* 0x13: 19 - DCN Measurement Subsystems */
219 "hmp", /* 0x14: 20 - Host Monitoring Protocol RFC 869 */
220 NULL, /* 0x15: 21 - Packet Radio Measurement */
221 "xns-idp", /* 0x16: 22 - XEROX NS IDP */
222 NULL, /* 0x17: 23 - Trunk-1 */
223 NULL, /* 0x18: 24 - Trunk-2 */
224 NULL, /* 0x19: 25 - Leaf-1 */
225 NULL, /* 0x1A: 26 - Leaf-2 */
226 "rdp", /* 0x1B: 27 - Reliable Data Protocol RFC 908 */
227 NULL, /* 0x1C: 28 - Internet Reliable Transaction Protocol RFC 938 */
228 "iso-tp4", /* 0x1D: 29 - ISO Transport Protocol Class 4 RFC 905 */
229 NULL, /* 0x1E: 30 - Bulk Data Transfer Protocol RFC 998 */
230 NULL, /* 0x1F: 31 - MFE Network Services Protocol */
231 NULL, /* 0x20: 32 - MERIT Internodal Protocol */
232 "dccp", /* 0x21: 33 - Datagram Congestion Control Protocol RFC 4340 */
233 NULL, /* 0x22: 34 - Third Party Connect Protocol */
234 NULL, /* 0x23: 35 - Inter-Domain Policy Routing Protocol RFC 1479 */
235 "xtp", /* 0x24: 36 - Xpress Transport Protocol */
236 "ddp", /* 0x25: 37 - Datagram Delivery Protocol */
237 "idpr-cmtp", /* 0x26: 38 - IDPR Control Message Transport Protocol */
238 NULL, /* 0x27: 39 - TP++ Transport Protocol */
239 NULL, /* 0x28: 40 - IL Transport Protocol */
240 "ipV6", /* 0x29: 41 - IPv6 Encapsulation RFC 2473 */
241 NULL, /* 0x2A: 42 - Source Demand Routing Protocol RFC 1940 */
242 "ipv6-route", /* 0x2B: 43 - Routing Header for IPv6 RFC 8200 */
243 "ipv6-frag", /* 0x2C: 44 - Fragment Header for IPv6 RFC 8200 */
244 "idrp", /* 0x2D: 45 - Inter-Domain Routing Protocol */
245 "rsvp", /* 0x2E: 46 - Resource Reservation Protocol RFC 2205 */
246 "gre", /* 0x2F: 47 - Generic Routing Encapsulation RFC 2784, RFC 2890 */
247 NULL, /* 0x30: 48 - Dynamic Source Routing Protocol RFC 4728 */
248 NULL, /* 0x31: 49 - Burroughs Network Architecture */
249 "esp", /* 0x32: 50 - Encapsulating Security Payload RFC 4303 */
250 "ah", /* 0x33: 51 - Authentication Header RFC 4302 */
251 NULL, /* 0x34: 52 - Integrated Net Layer Security Protocol TUBA */
252 NULL, /* 0x35: 53 - SwIPe RFC 5237 */
253 NULL, /* 0x36: 54 - NBMA Address Resolution Protocol RFC 1735 */
254 NULL, /* 0x37: 55 - IP Mobility (Min Encap) RFC 2004 */
255 NULL, /* 0x38: 56 - Transport Layer Security Protocol (using Kryptonet key management) */
256 "skip", /* 0x39: 57 - Simple Key-Management for Internet Protocol RFC 2356 */
257 "ipv6-icmp", /* 0x3A: 58 - ICMP for IPv6 RFC 4443, RFC 4884 */
258 "ipv6-nonxt", /* 0x3B: 59 - No Next Header for IPv6 RFC 8200 */
259 "ipv6-opts", /* 0x3C: 60 - Destination Options for IPv6 RFC 8200 */
260 NULL, /* 0x3D: 61 - host internal protocol */
261 NULL, /* 0x3E: 62 - CFTP */
262 NULL, /* 0x3F: 63 - local network */
263 NULL, /* 0x40: 64 - SATNET and Backroom EXPAK */
264 NULL, /* 0x41: 65 - Kryptolan */
265 NULL, /* 0x42: 66 - MIT Remote Virtual Disk Protocol */
266 NULL, /* 0x43: 67 - Internet Pluribus Packet Core */
267 NULL, /* 0x44: 68 - distributed file system */
268 NULL, /* 0x45: 69 - SATNET Monitoring */
269 NULL, /* 0x46: 70 - VISA Protocol */
270 NULL, /* 0x47: 71 - Internet Packet Core Utility */
271 NULL, /* 0x48: 72 - Computer Protocol Network Executive */
272 "cphb", /* 0x49: 73 - Computer Protocol Heart Beat */
273 NULL, /* 0x4A: 74 - Wang Span Network */
274 NULL, /* 0x4B: 75 - Packet Video Protocol */
275 NULL, /* 0x4C: 76 - Backroom SATNET Monitoring */
276 NULL, /* 0x4D: 77 - SUN ND PROTOCOL-Temporary */
277 NULL, /* 0x4E: 78 - WIDEBAND Monitoring */
278 NULL, /* 0x4F: 79 - WIDEBAND EXPAK */
279 NULL, /* 0x50: 80 - International Organization for Standardization Internet Protocol */
280 "vmtp", /* 0x51: 81 - Versatile Message Transaction Protocol RFC 1045 */
281 NULL, /* 0x52: 82 - Secure Versatile Message Transaction Protocol RFC 1045 */
282 NULL, /* 0x53: 83 - VINES */
283 NULL, /* 0x54: 84 - TTP */
284 NULL, /* 0x55: 85 - NSFNET-IGP */
285 NULL, /* 0x56: 86 - Dissimilar Gateway Protocol */
286 NULL, /* 0x57: 87 - TCF */
287 "eigrp", /* 0x58: 88 - EIGRP Informational RFC 7868 */
288 "ospf", /* 0x59: 89 - Open Shortest Path First RFC 2328 */
289 NULL, /* 0x5A: 90 - Sprite RPC Protocol */
290 NULL, /* 0x5B: 91 - Locus Address Resolution Protocol */
291 NULL, /* 0x5C: 92 - Multicast Transport Protocol */
292 "ax.25", /* 0x5D: 93 - AX.25 */
293 "ipip", /* 0x5E: 94 - KA9Q NOS compatible IP over IP tunneling */
294 NULL, /* 0x5F: 95 - Mobile Internetworking Control Protocol */
295 NULL, /* 0x60: 96 - Semaphore Communications Sec. Pro */
296 "etherip", /* 0x61: 97 - Ethernet-within-IP Encapsulation RFC 3378 */
297 "encap", /* 0x62: 98 - Encapsulation Header RFC 1241 */
298 NULL, /* 0x63: 99 - private encryption scheme */
299 "GMTP", /* 0x64: 100 - GMTP */
300 NULL, /* 0x65: 101 - Ipsilon Flow Management Protocol */
301 NULL, /* 0x66: 102 - PNNI over IP */
302 "pim", /* 0x67: 103 - Protocol Independent Multicast */
303 NULL, /* 0x68: 104 - IBM's ARIS (Aggregate Route IP Switching) Protocol */
304 NULL, /* 0x69: 105 - SCPS (Space Communications Protocol Standards) SCPS-TP[4] */
305 NULL, /* 0x6A: 106 - QNX */
306 NULL, /* 0x6B: 107 - Active Networks */
307 "ipcomp", /* 0x6C: 108 - IP Payload Compression Protocol RFC 3173 */
308 NULL, /* 0x6D: 109 - Sitara Networks Protocol */
309 NULL, /* 0x6E: 110 - Compaq Peer Protocol */
310 NULL, /* 0x6F: 111 - IPX in IP */
311 "vrrp", /* 0x70: 112 - Virtual Router Redundancy Protocol, Common Address Redundancy Protocol
312 (not IANA assigned) VRRP:RFC 3768 */
313 NULL, /* 0x71: 113 - PGM Reliable Transport Protocol RFC 3208 */
314 NULL, /* 0x72: 114 - 0-hop protocol */
315 "l2tp", /* 0x73: 115 - Layer Two Tunneling Protocol Version 3 RFC 3931 */
316 NULL, /* 0x74: 116 - D-II Data Exchange (DDX) */
317 NULL, /* 0x75: 117 - Interactive Agent Transfer Protocol */
318 NULL, /* 0x76: 118 - Schedule Transfer Protocol */
319 NULL, /* 0x77: 119 - SpectraLink Radio Protocol */
320 NULL, /* 0x78: 120 - Universal Transport Interface Protocol */
321 NULL, /* 0x79: 121 - Simple Message Protocol */
322 NULL, /* 0x7A: 122 - Simple Multicast Protocol draft-perlman-simple-multicast-03 */
323 NULL, /* 0x7B: 123 - Performance Transparency Protocol */
324 "isis", /* 0x7C: 124 - over IPv4 Intermediate System to Intermediate System (IS-IS) Protocol
325 over IPv4 RFC 1142 and RFC 1195 */
326 NULL, /* 0x7D: 125 - Flexible Intra-AS Routing Environment */
327 NULL, /* 0x7E: 126 - Combat Radio Transport Protocol */
328 NULL, /* 0x7F: 127 - Combat Radio User Datagram */
329 NULL, /* 0x80: 128 - Service-Specific Connection-Oriented Protocol in a Multilink and
330 Connectionless Environment ITU-T Q.2111 (1999) */
331 NULL, /* 0x81: 129 - */
332 NULL, /* 0x82: 130 - Secure Packet Shield */
333 NULL, /* 0x83: 131 - Private IP Encapsulation within IP Expired I-D
334 draft-petri-mobileip-pipe-00.txt */
335 "sctp", /* 0x84: 132 - Stream Control Transmission Protocol RFC 4960 */
336 "fc", /* 0x85: 133 - Fibre Channel */
337 NULL, /* 0x86: 134 - Reservation Protocol (RSVP) End-to-End Ignore RFC 3175 */
338 "mobility-header", /* 0x87: 135 - Header Mobility Extension Header for IPv6 RFC 6275 */
339 "udplite", /* 0x88: 136 - Lightweight User Datagram Protocol RFC 3828 */
340 "mpls-in-ip", /* 0x89: 137 - Multiprotocol Label Switching Encapsulated in IP RFC 4023,
341 RFC 5332 */
342 NULL, /* 0x8A: 138 - MANET Protocols RFC 5498 */
343 "hip", /* 0x8B: 139 - Host Identity Protocol RFC 5201 */
344 "shim6", /* 0x8C: 140 - Site Multihoming by IPv6 Intermediation RFC 5533 */
345 "wesp", /* 0x8D: 141 - Wrapped Encapsulating Security Payload RFC 5840 */
346 "rohc", /* 0x8E: 142 - Robust Header Compression RFC 5856 */
347 /* no aliases for 142-255 */
348};
349
350typedef struct ProtoNameHashEntry_ {
351 const char *name;
352 uint8_t number;
353} ProtoNameHashEntry;
354
355static HashTable *proto_ht = NULL;
356
357static uint32_t ProtoNameHashFunc(HashTable *ht, void *data, uint16_t datalen)
358{
359 /*
360 * datalen covers the entire struct -- only the proto name is hashed
361 * as the proto number is not used for lookups
362 */
363 ProtoNameHashEntry *p = (ProtoNameHashEntry *)data;
364 return StringHashDjb2((uint8_t *)p->name, (uint32_t)strlen(p->name)) % ht->array_size;
365}
366
367static char ProtoNameHashCompareFunc(void *data1, uint16_t datalen1, void *data2, uint16_t datalen2)
368{
369 ProtoNameHashEntry *p1 = (ProtoNameHashEntry *)data1;
370 ProtoNameHashEntry *p2 = (ProtoNameHashEntry *)data2;
371
372 if (p1 == NULL || p2 == NULL)
373 return 0;
374
375 if (p1->name == NULL || p2->name == NULL)
376 return 0;
377
378 size_t len1 = strlen(p1->name);
379 size_t len2 = strlen(p2->name);
380
381 return len1 == len2 && memcmp(p1->name, p2->name, len1) == 0;
382}
383
384static void ProtoNameAddEntry(const char *proto_name, const uint8_t proto_number)
385{
386 ProtoNameHashEntry *proto_ent = SCCalloc(1, sizeof(ProtoNameHashEntry));
387 if (!proto_ent) {
388 FatalError("Unable to allocate protocol hash entry");
389 }
390
391 proto_ent->name = SCStrdup(proto_name);
392 if (!proto_ent->name)
393 FatalError("Unable to allocate memory for protocol name entries");
394
395 proto_ent->number = proto_number;
396
397 SCLogDebug("new protocol entry: name: \"%s\"; protocol number: %d", proto_ent->name,
398 proto_ent->number);
399 if (0 != HashTableAdd(proto_ht, proto_ent, 0)) {
400 FatalError("Unable to add entry to proto hash table for "
401 "name: \"%s\"; number: %d",
402 proto_ent->name, proto_ent->number);
403 }
404}
405
406static void ProtoNameHashFreeFunc(void *data)
407{
408 ProtoNameHashEntry *proto_ent = (ProtoNameHashEntry *)data;
409
410 if (proto_ent) {
411 if (proto_ent->name)
412 SCFree((void *)proto_ent->name);
413 SCFree(proto_ent);
414 }
415}
416
417void SCProtoNameInit(void)
418{
419 proto_ht =
420 HashTableInit(256, ProtoNameHashFunc, ProtoNameHashCompareFunc, ProtoNameHashFreeFunc);
421 if (proto_ht == NULL) {
422 FatalError("Unable to initialize protocol name/number table");
423 }
424
425 for (uint16_t i = 0; i < ARRAY_SIZE(known_proto); i++) {
426 if (known_proto[i]) {
427 ProtoNameAddEntry(known_proto[i], (uint8_t)i);
428 }
429 }
430
431 for (uint16_t i = 0; i < ARRAY_SIZE(proto_aliases); i++) {
432 if (proto_aliases[i]) {
433 ProtoNameAddEntry(proto_aliases[i], (uint8_t)i);
434 }
435 }
436}
437
438void SCProtoNameRelease(void)
439{
440 if (proto_ht != NULL) {
441 HashTableFree(proto_ht);
442 proto_ht = NULL;
443 }
444}
445
446/**
447 * \brief Function to check if the received protocol number is valid and do
448 * we have corresponding name entry for this number or not.
449 *
450 * \param proto Protocol number to be validated
451 * \retval ret On success returns true otherwise false
452 */
453bool SCProtoNameValid(uint16_t proto)
454{
455 return (proto <= 255 && known_proto[proto] != NULL);
456}
457
458/**
459 * \brief Function to return the protocol number for a named protocol. Note
460 * that protocol name aliases are honored.
461 *
462 * \param protoname Protocol name (or alias for a protocol name).
463 * \param proto_number Where to return protocol number
464 * \retval ret On success returns the protocol number; else -1
465 */
466bool SCGetProtoByName(const char *protoname, uint8_t *proto_number)
467{
468 if (!protoname || !proto_number) {
469 return false;
470 }
471
472 ProtoNameHashEntry proto;
473 proto.name = protoname;
474
475 ProtoNameHashEntry *proto_ent = HashTableLookup(proto_ht, &proto, sizeof(proto));
476 if (proto_ent) {
477 *proto_number = proto_ent->number;
478 return true;
479 }
480 return false;
481}
482
483#ifdef UNITTESTS
484static int ProtoNameTest01(void)
485{
486 uint8_t proto;
487 FAIL_IF(!SCGetProtoByName("tcp", &proto));
488 FAIL_IF(SCGetProtoByName("TcP", &proto));
489 FAIL_IF(!SCGetProtoByName("TCP", &proto));
490 FAIL_IF(SCGetProtoByName("Invalid", &proto));
491 FAIL_IF(!SCGetProtoByName("Ethernet", &proto));
492
493 /* 'ip' is an alias for 'HOPOPT' */
494 FAIL_IF(!SCGetProtoByName("ip", &proto));
495 FAIL_IF(!SCGetProtoByName("HOPOPT", &proto));
496
497 FAIL_IF(SCGetProtoByName("IP", &proto));
498
499 PASS;
500}
501
502void SCProtoNameRegisterTests(void)
503{
504 UtRegisterTest("ProtoNameTest01", ProtoNameTest01);
505}
506#endif
proto
uint8_t proto
Definition decode-template.h:0
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition util-unittest.c:103
PASS
#define PASS
Pass the test.
Definition util-unittest.h:105
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition util-unittest.h:71
HashTable_
Definition util-hash.h:35
HashTable_::array_size
uint32_t array_size
Definition util-hash.h:37
ProtoNameHashEntry_
Definition util-proto-name.c:350
ProtoNameHashEntry_::number
uint8_t number
Definition util-proto-name.c:352
ProtoNameHashEntry_::name
const char * name
Definition util-proto-name.c:351
ARRAY_SIZE
#define ARRAY_SIZE(arr)
Definition suricata-common.h:562
FatalError
#define FatalError(...)
Definition util-debug.h:510
SCLogDebug
#define SCLogDebug(...)
Definition util-debug.h:275
StringHashDjb2
uint32_t StringHashDjb2(const uint8_t *data, uint32_t datalen)
Definition util-hash-string.c:22
HashTableAdd
int HashTableAdd(HashTable *ht, void *data, uint16_t datalen)
Definition util-hash.c:104
HashTableInit
HashTable * HashTableInit(uint32_t size, uint32_t(*Hash)(struct HashTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition util-hash.c:35
HashTableFree
void HashTableFree(HashTable *ht)
Definition util-hash.c:78
HashTableLookup
void * HashTableLookup(HashTable *ht, void *data, uint16_t datalen)
Definition util-hash.c:183
SCFree
#define SCFree(p)
Definition util-mem.h:61
SCCalloc
#define SCCalloc(nm, sz)
Definition util-mem.h:53
SCStrdup
#define SCStrdup(s)
Definition util-mem.h:56
ProtoNameHashEntry
struct ProtoNameHashEntry_ ProtoNameHashEntry
SCProtoNameInit
void SCProtoNameInit(void)
Definition util-proto-name.c:417
SCProtoNameRelease
void SCProtoNameRelease(void)
Definition util-proto-name.c:438
SCGetProtoByName
bool SCGetProtoByName(const char *protoname, uint8_t *proto_number)
Function to return the protocol number for a named protocol. Note that protocol name aliases are hono...
Definition util-proto-name.c:466
SCProtoNameValid
bool SCProtoNameValid(uint16_t proto)
Function to check if the received protocol number is valid and do we have corresponding name entry fo...
Definition util-proto-name.c:453
SCProtoNameRegisterTests
void SCProtoNameRegisterTests(void)
Definition util-proto-name.c:502
proto_aliases
const char * proto_aliases[256]
Definition util-proto-name.c:197
known_proto
const char * known_proto[256]
Definition util-proto-name.c:40