suricata
util-proto-name.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
22  *
23  * File to provide the protocol names based on protocol numbers defined by the
24  * IANA
25  */
26 
27 #include "suricata-common.h"
28 #include "util-hash-string.h"
29 #include "util-proto-name.h"
30 #include "util-debug.h"
31 
32 #ifdef UNITTESTS
33 #include "util-unittest.h"
34 #endif
35 
36 /** Lookup array to hold the information related to known protocol
37  * values
38  */
39 
40 const char *known_proto[256] = {
41  "HOPOPT", /* 0x00: 0 - IPv6 Hop-by-Hop Option RFC 8200 */
42  "ICMP", /* 0x01: 1 - Internet Control Message Protocol RFC 792 */
43  "IGMP", /* 0x02: 2 - Internet Group Management Protocol RFC 1112 */
44  "GGP", /* 0x03: 3 - Gateway-to-Gateway Protocol RFC 823 */
45  "IP-in-IP", /* 0x04: 4 - IP in IP (encapsulation) RFC 2003 */
46  "ST", /* 0x05: 5 - Internet Stream Protocol RFC 1190, RFC 1819 */
47  "TCP", /* 0x06: 6 - Transmission Control Protocol RFC 793 */
48  "CBT", /* 0x07: 7 - Core-based trees RFC 2189 */
49  "EGP", /* 0x08: 8 - Exterior Gateway Protocol RFC 888 */
50  "IGP", /* 0x09: 9 - Interior Gateway Protocol (any private interior gateway, for example Cisco's
51  IGRP) */
52  "BBN-RCC-MON", /* 0x0A: 10 - BBN RCC Monitoring */
53  "NVP-II", /* 0x0B: 11 - Network Voice Protocol RFC 741 */
54  "PUP", /* 0x0C: 12 - Xerox PUP */
55  "ARGUS", /* 0x0D: 13 - ARGUS */
56  "EMCON", /* 0x0E: 14 - EMCON */
57  "XNET", /* 0x0F: 15 - Cross Net Debugger IEN 158[2] */
58  "CHAOS", /* 0x10: 16 - Chaos */
59  "UDP", /* 0x11: 17 - User Datagram Protocol RFC 768 */
60  "MUX", /* 0x12: 18 - Multiplexing IEN 90[3] */
61  "DCN-MEAS", /* 0x13: 19 - DCN Measurement Subsystems */
62  "HMP", /* 0x14: 20 - Host Monitoring Protocol RFC 869 */
63  "PRM", /* 0x15: 21 - Packet Radio Measurement */
64  "XNS-IDP", /* 0x16: 22 - XEROX NS IDP */
65  "TRUNK-1", /* 0x17: 23 - Trunk-1 */
66  "TRUNK-2", /* 0x18: 24 - Trunk-2 */
67  "LEAF-1", /* 0x19: 25 - Leaf-1 */
68  "LEAF-2", /* 0x1A: 26 - Leaf-2 */
69  "RDP", /* 0x1B: 27 - Reliable Data Protocol RFC 908 */
70  "IRTP", /* 0x1C: 28 - Internet Reliable Transaction Protocol RFC 938 */
71  "ISO-TP4", /* 0x1D: 29 - ISO Transport Protocol Class 4 RFC 905 */
72  "NETBLT", /* 0x1E: 30 - Bulk Data Transfer Protocol RFC 998 */
73  "MFE-NSP", /* 0x1F: 31 - MFE Network Services Protocol */
74  "MERIT-INP", /* 0x20: 32 - MERIT Internodal Protocol */
75  "DCCP", /* 0x21: 33 - Datagram Congestion Control Protocol RFC 4340 */
76  "3PC", /* 0x22: 34 - Third Party Connect Protocol */
77  "IDPR", /* 0x23: 35 - Inter-Domain Policy Routing Protocol RFC 1479 */
78  "XTP", /* 0x24: 36 - Xpress Transport Protocol */
79  "DDP", /* 0x25: 37 - Datagram Delivery Protocol */
80  "IDPR-CMTP", /* 0x26: 38 - IDPR Control Message Transport Protocol */
81  "TP++", /* 0x27: 39 - TP++ Transport Protocol */
82  "IL", /* 0x28: 40 - IL Transport Protocol */
83  "IPv6", /* 0x29: 41 - IPv6 Encapsulation RFC 2473 */
84  "SDRP", /* 0x2A: 42 - Source Demand Routing Protocol RFC 1940 */
85  "IPv6-Route", /* 0x2B: 43 - Routing Header for IPv6 RFC 8200 */
86  "IPv6-Frag", /* 0x2C: 44 - Fragment Header for IPv6 RFC 8200 */
87  "IDRP", /* 0x2D: 45 - Inter-Domain Routing Protocol */
88  "RSVP", /* 0x2E: 46 - Resource Reservation Protocol RFC 2205 */
89  "GRE", /* 0x2F: 47 - Generic Routing Encapsulation RFC 2784, RFC 2890 */
90  "DSR", /* 0x30: 48 - Dynamic Source Routing Protocol RFC 4728 */
91  "BNA", /* 0x31: 49 - Burroughs Network Architecture */
92  "ESP", /* 0x32: 50 - Encapsulating Security Payload RFC 4303 */
93  "AH", /* 0x33: 51 - Authentication Header RFC 4302 */
94  "I-NLSP", /* 0x34: 52 - Integrated Net Layer Security Protocol TUBA */
95  "SwIPe", /* 0x35: 53 - SwIPe RFC 5237 */
96  "NARP", /* 0x36: 54 - NBMA Address Resolution Protocol RFC 1735 */
97  "MOBILE", /* 0x37: 55 - IP Mobility (Min Encap) RFC 2004 */
98  "TLSP", /* 0x38: 56 - Transport Layer Security Protocol (using Kryptonet key management) */
99  "SKIP", /* 0x39: 57 - Simple Key-Management for Internet Protocol RFC 2356 */
100  "IPv6-ICMP", /* 0x3A: 58 - ICMP for IPv6 RFC 4443, RFC 4884 */
101  "IPv6-NoNxt", /* 0x3B: 59 - No Next Header for IPv6 RFC 8200 */
102  "IPv6-Opts", /* 0x3C: 60 - Destination Options for IPv6 RFC 8200 */
103  "Any", /* 0x3D: 61 - host internal protocol */
104  "CFTP", /* 0x3E: 62 - CFTP */
105  "Any", /* 0x3F: 63 - local network */
106  "SAT-EXPAK", /* 0x40: 64 - SATNET and Backroom EXPAK */
107  "KRYPTOLAN", /* 0x41: 65 - Kryptolan */
108  "RVD", /* 0x42: 66 - MIT Remote Virtual Disk Protocol */
109  "IPPC", /* 0x43: 67 - Internet Pluribus Packet Core */
110  "Any", /* 0x44: 68 - distributed file system */
111  "SAT-MON", /* 0x45: 69 - SATNET Monitoring */
112  "VISA", /* 0x46: 70 - VISA Protocol */
113  "IPCU", /* 0x47: 71 - Internet Packet Core Utility */
114  "CPNX", /* 0x48: 72 - Computer Protocol Network Executive */
115  "CPHB", /* 0x49: 73 - Computer Protocol Heart Beat */
116  "WSN", /* 0x4A: 74 - Wang Span Network */
117  "PVP", /* 0x4B: 75 - Packet Video Protocol */
118  "BR-SAT-MON", /* 0x4C: 76 - Backroom SATNET Monitoring */
119  "SUN-ND", /* 0x4D: 77 - SUN ND PROTOCOL-Temporary */
120  "WB-MON", /* 0x4E: 78 - WIDEBAND Monitoring */
121  "WB-EXPAK", /* 0x4F: 79 - WIDEBAND EXPAK */
122  "ISO-IP", /* 0x50: 80 - International Organization for Standardization Internet Protocol */
123  "VMTP", /* 0x51: 81 - Versatile Message Transaction Protocol RFC 1045 */
124  "SECURE-VMTP", /* 0x52: 82 - Secure Versatile Message Transaction Protocol RFC 1045 */
125  "VINES", /* 0x53: 83 - VINES */
126  "TTP", /* 0x54: 84 - TTP */
127  "NSFNET-IGP", /* 0x55: 85 - NSFNET-IGP */
128  "DGP", /* 0x56: 86 - Dissimilar Gateway Protocol */
129  "TCF", /* 0x57: 87 - TCF */
130  "EIGRP", /* 0x58: 88 - EIGRP Informational RFC 7868 */
131  "OSPF", /* 0x59: 89 - Open Shortest Path First RFC 2328 */
132  "Sprite-RPC", /* 0x5A: 90 - Sprite RPC Protocol */
133  "LARP", /* 0x5B: 91 - Locus Address Resolution Protocol */
134  "MTP", /* 0x5C: 92 - Multicast Transport Protocol */
135  "AX.25", /* 0x5D: 93 - AX.25 */
136  "OS", /* 0x5E: 94 - KA9Q NOS compatible IP over IP tunneling */
137  "MICP", /* 0x5F: 95 - Mobile Internetworking Control Protocol */
138  "SCC-SP", /* 0x60: 96 - Semaphore Communications Sec. Pro */
139  "ETHERIP", /* 0x61: 97 - Ethernet-within-IP Encapsulation RFC 3378 */
140  "ENCAP", /* 0x62: 98 - Encapsulation Header RFC 1241 */
141  "Any", /* 0x63: 99 - private encryption scheme */
142  "GMTP", /* 0x64: 100 - GMTP */
143  "IFMP", /* 0x65: 101 - Ipsilon Flow Management Protocol */
144  "PNNI", /* 0x66: 102 - PNNI over IP */
145  "PIM", /* 0x67: 103 - Protocol Independent Multicast */
146  "ARIS", /* 0x68: 104 - IBM's ARIS (Aggregate Route IP Switching) Protocol */
147  "SCPS", /* 0x69: 105 - SCPS (Space Communications Protocol Standards) SCPS-TP[4] */
148  "QNX", /* 0x6A: 106 - QNX */
149  "A/N", /* 0x6B: 107 - Active Networks */
150  "IPComp", /* 0x6C: 108 - IP Payload Compression Protocol RFC 3173 */
151  "SNP", /* 0x6D: 109 - Sitara Networks Protocol */
152  "Compaq-Peer", /* 0x6E: 110 - Compaq Peer Protocol */
153  "IPX-in-IP", /* 0x6F: 111 - IPX in IP */
154  "VRRP", /* 0x70: 112 - Virtual Router Redundancy Protocol, Common Address Redundancy Protocol
155  (not IANA assigned) VRRP:RFC 3768 */
156  "PGM", /* 0x71: 113 - PGM Reliable Transport Protocol RFC 3208 */
157  "Any", /* 0x72: 114 - 0-hop protocol */
158  "L2TP", /* 0x73: 115 - Layer Two Tunneling Protocol Version 3 RFC 3931 */
159  "DDX", /* 0x74: 116 - D-II Data Exchange (DDX) */
160  "IATP", /* 0x75: 117 - Interactive Agent Transfer Protocol */
161  "STP", /* 0x76: 118 - Schedule Transfer Protocol */
162  "SRP", /* 0x77: 119 - SpectraLink Radio Protocol */
163  "UTI", /* 0x78: 120 - Universal Transport Interface Protocol */
164  "SMP", /* 0x79: 121 - Simple Message Protocol */
165  "SM", /* 0x7A: 122 - Simple Multicast Protocol draft-perlman-simple-multicast-03 */
166  "PTP", /* 0x7B: 123 - Performance Transparency Protocol */
167  "IS-IS", /* 0x7C: 124 - over IPv4 Intermediate System to Intermediate System (IS-IS) Protocol
168  over IPv4 RFC 1142 and RFC 1195 */
169  "FIRE", /* 0x7D: 125 - Flexible Intra-AS Routing Environment */
170  "CRTP", /* 0x7E: 126 - Combat Radio Transport Protocol */
171  "CRUDP", /* 0x7F: 127 - Combat Radio User Datagram */
172  "SSCOPMCE", /* 0x80: 128 - Service-Specific Connection-Oriented Protocol in a Multilink and
173  Connectionless Environment ITU-T Q.2111 (1999) */
174  "IPLT", /* 0x81: 129 - */
175  "SPS", /* 0x82: 130 - Secure Packet Shield */
176  "PIPE", /* 0x83: 131 - Private IP Encapsulation within IP Expired I-D
177  draft-petri-mobileip-pipe-00.txt */
178  "SCTP", /* 0x84: 132 - Stream Control Transmission Protocol RFC 4960 */
179  "FC", /* 0x85: 133 - Fibre Channel */
180  "RSVP-E2E-IGNORE", /* 0x86: 134 - Reservation Protocol (RSVP) End-to-End Ignore RFC 3175 */
181  "Mobility", /* 0x87: 135 - Header Mobility Extension Header for IPv6 RFC 6275 */
182  "UDPLite", /* 0x88: 136 - Lightweight User Datagram Protocol RFC 3828 */
183  "MPLS-in-IP", /* 0x89: 137 - Multiprotocol Label Switching Encapsulated in IP RFC 4023,
184  RFC 5332 */
185  "manet", /* 0x8A: 138 - MANET Protocols RFC 5498 */
186  "HIP", /* 0x8B: 139 - Host Identity Protocol RFC 5201 */
187  "Shim6", /* 0x8C: 140 - Site Multihoming by IPv6 Intermediation RFC 5533 */
188  "WESP", /* 0x8D: 141 - Wrapped Encapsulating Security Payload RFC 5840 */
189  "ROHC", /* 0x8E: 142 - Robust Header Compression RFC 5856 */
190  "Ethernet" /* 0x8F: 143 - IPv6 Segment Routing (TEMPORARY - registered 2020-01-31, expires
191  2021-01-31) */
192 };
193 
194 /*
195  * Protocol name aliases
196  */
197 const char *proto_aliases[256] = {
198  "ip", /* 0x00: 0 - IPv6 Hop-by-Hop Option RFC 8200 */
199  "icmp", /* 0x01: 1 - Internet Control Message Protocol RFC 792 */
200  "igmp", /* 0x02: 2 - Internet Group Management Protocol RFC 1112 */
201  "ggp", /* 0x03: 3 - Gateway-to-Gateway Protocol RFC 823 */
202  "ipencap", /* 0x04: 4 - IP in IP (encapsulation) RFC 2003 */
203  "st", /* 0x05: 5 - Internet Stream Protocol RFC 1190, RFC 1819 */
204  "tcp", /* 0x06: 6 - Transmission Control Protocol RFC 793 */
205  NULL, /* 0x07: 7 - Core-based trees RFC 2189 */
206  "egp", /* 0x08: 8 - Exterior Gateway Protocol RFC 888 */
207  "igp", /* 0x09: 9 - Interior Gateway Protocol (any private interior gateway, for example Cisco's
208  IGRP) */
209  NULL, /* 0x0A: 10 - BBN RCC Monitoring */
210  NULL, /* 0x0B: 11 - Network Voice Protocol RFC 741 */
211  "pup", /* 0x0C: 12 - Xerox PUP */
212  NULL, /* 0x0D: 13 - ARGUS */
213  NULL, /* 0x0E: 14 - EMCON */
214  NULL, /* 0x0F: 15 - Cross Net Debugger IEN 158[2] */
215  NULL, /* 0x10: 16 - Chaos */
216  "udp", /* 0x11: 17 - User Datagram Protocol RFC 768 */
217  NULL, /* 0x12: 18 - Multiplexing IEN 90[3] */
218  NULL, /* 0x13: 19 - DCN Measurement Subsystems */
219  "hmp", /* 0x14: 20 - Host Monitoring Protocol RFC 869 */
220  NULL, /* 0x15: 21 - Packet Radio Measurement */
221  "xns-idp", /* 0x16: 22 - XEROX NS IDP */
222  NULL, /* 0x17: 23 - Trunk-1 */
223  NULL, /* 0x18: 24 - Trunk-2 */
224  NULL, /* 0x19: 25 - Leaf-1 */
225  NULL, /* 0x1A: 26 - Leaf-2 */
226  "rdp", /* 0x1B: 27 - Reliable Data Protocol RFC 908 */
227  NULL, /* 0x1C: 28 - Internet Reliable Transaction Protocol RFC 938 */
228  "iso-tp4", /* 0x1D: 29 - ISO Transport Protocol Class 4 RFC 905 */
229  NULL, /* 0x1E: 30 - Bulk Data Transfer Protocol RFC 998 */
230  NULL, /* 0x1F: 31 - MFE Network Services Protocol */
231  NULL, /* 0x20: 32 - MERIT Internodal Protocol */
232  "dccp", /* 0x21: 33 - Datagram Congestion Control Protocol RFC 4340 */
233  NULL, /* 0x22: 34 - Third Party Connect Protocol */
234  NULL, /* 0x23: 35 - Inter-Domain Policy Routing Protocol RFC 1479 */
235  "xtp", /* 0x24: 36 - Xpress Transport Protocol */
236  "ddp", /* 0x25: 37 - Datagram Delivery Protocol */
237  "idpr-cmtp", /* 0x26: 38 - IDPR Control Message Transport Protocol */
238  NULL, /* 0x27: 39 - TP++ Transport Protocol */
239  NULL, /* 0x28: 40 - IL Transport Protocol */
240  "ipV6", /* 0x29: 41 - IPv6 Encapsulation RFC 2473 */
241  NULL, /* 0x2A: 42 - Source Demand Routing Protocol RFC 1940 */
242  "ipv6-route", /* 0x2B: 43 - Routing Header for IPv6 RFC 8200 */
243  "ipv6-frag", /* 0x2C: 44 - Fragment Header for IPv6 RFC 8200 */
244  "idrp", /* 0x2D: 45 - Inter-Domain Routing Protocol */
245  "rsvp", /* 0x2E: 46 - Resource Reservation Protocol RFC 2205 */
246  "gre", /* 0x2F: 47 - Generic Routing Encapsulation RFC 2784, RFC 2890 */
247  NULL, /* 0x30: 48 - Dynamic Source Routing Protocol RFC 4728 */
248  NULL, /* 0x31: 49 - Burroughs Network Architecture */
249  "esp", /* 0x32: 50 - Encapsulating Security Payload RFC 4303 */
250  "ah", /* 0x33: 51 - Authentication Header RFC 4302 */
251  NULL, /* 0x34: 52 - Integrated Net Layer Security Protocol TUBA */
252  NULL, /* 0x35: 53 - SwIPe RFC 5237 */
253  NULL, /* 0x36: 54 - NBMA Address Resolution Protocol RFC 1735 */
254  NULL, /* 0x37: 55 - IP Mobility (Min Encap) RFC 2004 */
255  NULL, /* 0x38: 56 - Transport Layer Security Protocol (using Kryptonet key management) */
256  "skip", /* 0x39: 57 - Simple Key-Management for Internet Protocol RFC 2356 */
257  "ipv6-icmp", /* 0x3A: 58 - ICMP for IPv6 RFC 4443, RFC 4884 */
258  "ipv6-nonxt", /* 0x3B: 59 - No Next Header for IPv6 RFC 8200 */
259  "ipv6-opts", /* 0x3C: 60 - Destination Options for IPv6 RFC 8200 */
260  NULL, /* 0x3D: 61 - host internal protocol */
261  NULL, /* 0x3E: 62 - CFTP */
262  NULL, /* 0x3F: 63 - local network */
263  NULL, /* 0x40: 64 - SATNET and Backroom EXPAK */
264  NULL, /* 0x41: 65 - Kryptolan */
265  NULL, /* 0x42: 66 - MIT Remote Virtual Disk Protocol */
266  NULL, /* 0x43: 67 - Internet Pluribus Packet Core */
267  NULL, /* 0x44: 68 - distributed file system */
268  NULL, /* 0x45: 69 - SATNET Monitoring */
269  NULL, /* 0x46: 70 - VISA Protocol */
270  NULL, /* 0x47: 71 - Internet Packet Core Utility */
271  NULL, /* 0x48: 72 - Computer Protocol Network Executive */
272  "cphb", /* 0x49: 73 - Computer Protocol Heart Beat */
273  NULL, /* 0x4A: 74 - Wang Span Network */
274  NULL, /* 0x4B: 75 - Packet Video Protocol */
275  NULL, /* 0x4C: 76 - Backroom SATNET Monitoring */
276  NULL, /* 0x4D: 77 - SUN ND PROTOCOL-Temporary */
277  NULL, /* 0x4E: 78 - WIDEBAND Monitoring */
278  NULL, /* 0x4F: 79 - WIDEBAND EXPAK */
279  NULL, /* 0x50: 80 - International Organization for Standardization Internet Protocol */
280  "vmtp", /* 0x51: 81 - Versatile Message Transaction Protocol RFC 1045 */
281  NULL, /* 0x52: 82 - Secure Versatile Message Transaction Protocol RFC 1045 */
282  NULL, /* 0x53: 83 - VINES */
283  NULL, /* 0x54: 84 - TTP */
284  NULL, /* 0x55: 85 - NSFNET-IGP */
285  NULL, /* 0x56: 86 - Dissimilar Gateway Protocol */
286  NULL, /* 0x57: 87 - TCF */
287  "eigrp", /* 0x58: 88 - EIGRP Informational RFC 7868 */
288  "ospf", /* 0x59: 89 - Open Shortest Path First RFC 2328 */
289  NULL, /* 0x5A: 90 - Sprite RPC Protocol */
290  NULL, /* 0x5B: 91 - Locus Address Resolution Protocol */
291  NULL, /* 0x5C: 92 - Multicast Transport Protocol */
292  "ax.25", /* 0x5D: 93 - AX.25 */
293  "ipip", /* 0x5E: 94 - KA9Q NOS compatible IP over IP tunneling */
294  NULL, /* 0x5F: 95 - Mobile Internetworking Control Protocol */
295  NULL, /* 0x60: 96 - Semaphore Communications Sec. Pro */
296  "etherip", /* 0x61: 97 - Ethernet-within-IP Encapsulation RFC 3378 */
297  "encap", /* 0x62: 98 - Encapsulation Header RFC 1241 */
298  NULL, /* 0x63: 99 - private encryption scheme */
299  "GMTP", /* 0x64: 100 - GMTP */
300  NULL, /* 0x65: 101 - Ipsilon Flow Management Protocol */
301  NULL, /* 0x66: 102 - PNNI over IP */
302  "pim", /* 0x67: 103 - Protocol Independent Multicast */
303  NULL, /* 0x68: 104 - IBM's ARIS (Aggregate Route IP Switching) Protocol */
304  NULL, /* 0x69: 105 - SCPS (Space Communications Protocol Standards) SCPS-TP[4] */
305  NULL, /* 0x6A: 106 - QNX */
306  NULL, /* 0x6B: 107 - Active Networks */
307  "ipcomp", /* 0x6C: 108 - IP Payload Compression Protocol RFC 3173 */
308  NULL, /* 0x6D: 109 - Sitara Networks Protocol */
309  NULL, /* 0x6E: 110 - Compaq Peer Protocol */
310  NULL, /* 0x6F: 111 - IPX in IP */
311  "vrrp", /* 0x70: 112 - Virtual Router Redundancy Protocol, Common Address Redundancy Protocol
312  (not IANA assigned) VRRP:RFC 3768 */
313  NULL, /* 0x71: 113 - PGM Reliable Transport Protocol RFC 3208 */
314  NULL, /* 0x72: 114 - 0-hop protocol */
315  "l2tp", /* 0x73: 115 - Layer Two Tunneling Protocol Version 3 RFC 3931 */
316  NULL, /* 0x74: 116 - D-II Data Exchange (DDX) */
317  NULL, /* 0x75: 117 - Interactive Agent Transfer Protocol */
318  NULL, /* 0x76: 118 - Schedule Transfer Protocol */
319  NULL, /* 0x77: 119 - SpectraLink Radio Protocol */
320  NULL, /* 0x78: 120 - Universal Transport Interface Protocol */
321  NULL, /* 0x79: 121 - Simple Message Protocol */
322  NULL, /* 0x7A: 122 - Simple Multicast Protocol draft-perlman-simple-multicast-03 */
323  NULL, /* 0x7B: 123 - Performance Transparency Protocol */
324  "isis", /* 0x7C: 124 - over IPv4 Intermediate System to Intermediate System (IS-IS) Protocol
325  over IPv4 RFC 1142 and RFC 1195 */
326  NULL, /* 0x7D: 125 - Flexible Intra-AS Routing Environment */
327  NULL, /* 0x7E: 126 - Combat Radio Transport Protocol */
328  NULL, /* 0x7F: 127 - Combat Radio User Datagram */
329  NULL, /* 0x80: 128 - Service-Specific Connection-Oriented Protocol in a Multilink and
330  Connectionless Environment ITU-T Q.2111 (1999) */
331  NULL, /* 0x81: 129 - */
332  NULL, /* 0x82: 130 - Secure Packet Shield */
333  NULL, /* 0x83: 131 - Private IP Encapsulation within IP Expired I-D
334  draft-petri-mobileip-pipe-00.txt */
335  "sctp", /* 0x84: 132 - Stream Control Transmission Protocol RFC 4960 */
336  "fc", /* 0x85: 133 - Fibre Channel */
337  NULL, /* 0x86: 134 - Reservation Protocol (RSVP) End-to-End Ignore RFC 3175 */
338  "mobility-header", /* 0x87: 135 - Header Mobility Extension Header for IPv6 RFC 6275 */
339  "udplite", /* 0x88: 136 - Lightweight User Datagram Protocol RFC 3828 */
340  "mpls-in-ip", /* 0x89: 137 - Multiprotocol Label Switching Encapsulated in IP RFC 4023,
341  RFC 5332 */
342  NULL, /* 0x8A: 138 - MANET Protocols RFC 5498 */
343  "hip", /* 0x8B: 139 - Host Identity Protocol RFC 5201 */
344  "shim6", /* 0x8C: 140 - Site Multihoming by IPv6 Intermediation RFC 5533 */
345  "wesp", /* 0x8D: 141 - Wrapped Encapsulating Security Payload RFC 5840 */
346  "rohc", /* 0x8E: 142 - Robust Header Compression RFC 5856 */
347  /* no aliases for 142-255 */
348 };
349 
350 typedef struct ProtoNameHashEntry_ {
351  const char *name;
352  uint8_t number;
354 
355 static HashTable *proto_ht = NULL;
356 
357 static uint32_t ProtoNameHashFunc(HashTable *ht, void *data, uint16_t datalen)
358 {
359  /*
360  * datalen covers the entire struct -- only the proto name is hashed
361  * as the proto number is not used for lookups
362  */
364  return StringHashDjb2((uint8_t *)p->name, strlen(p->name)) % ht->array_size;
365 }
366 
367 static char ProtoNameHashCompareFunc(void *data1, uint16_t datalen1, void *data2, uint16_t datalen2)
368 {
369  ProtoNameHashEntry *p1 = (ProtoNameHashEntry *)data1;
370  ProtoNameHashEntry *p2 = (ProtoNameHashEntry *)data2;
371 
372  if (p1 == NULL || p2 == NULL)
373  return 0;
374 
375  if (p1->name == NULL || p2->name == NULL)
376  return 0;
377 
378  int len1 = strlen(p1->name);
379  int len2 = strlen(p2->name);
380 
381  return len1 == len2 && memcmp(p1->name, p2->name, len1) == 0;
382 }
383 
384 static void ProtoNameAddEntry(const char *proto_name, const uint8_t proto_number)
385 {
386  ProtoNameHashEntry *proto_ent = SCCalloc(1, sizeof(ProtoNameHashEntry));
387  if (!proto_ent) {
388  FatalError(SC_ERR_HASH_TABLE_INIT, "Unable to allocate protocol hash entry");
389  }
390 
391  proto_ent->name = SCStrdup(proto_name);
392  if (!proto_ent->name)
393  FatalError(SC_ERR_MEM_ALLOC, "Unable to allocate memory for protocol name entries");
394 
395  proto_ent->number = proto_number;
396 
397  SCLogDebug("new protocol entry: name: \"%s\"; protocol number: %d", proto_ent->name,
398  proto_ent->number);
399  if (0 != HashTableAdd(proto_ht, proto_ent, 0)) {
401  "Unable to add entry to proto hash table for "
402  "name: \"%s\"; number: %d",
403  proto_ent->name, proto_ent->number);
404  }
405  return;
406 }
407 
408 static void ProtoNameHashFreeFunc(void *data)
409 {
410  ProtoNameHashEntry *proto_ent = (ProtoNameHashEntry *)data;
411 
412  if (proto_ent) {
413  if (proto_ent->name)
414  SCFree((void *)proto_ent->name);
415  SCFree(proto_ent);
416  }
417 }
418 
419 void SCProtoNameInit(void)
420 {
421  proto_ht =
422  HashTableInit(256, ProtoNameHashFunc, ProtoNameHashCompareFunc, ProtoNameHashFreeFunc);
423  if (proto_ht == NULL) {
424  FatalError(SC_ERR_HASH_TABLE_INIT, "Unable to initialize protocol name/number table");
425  }
426 
427  for (uint16_t i = 0; i < ARRAY_SIZE(known_proto); i++) {
428  if (known_proto[i]) {
429  ProtoNameAddEntry(known_proto[i], (uint8_t)i);
430  }
431  }
432 
433  for (uint16_t i = 0; i < ARRAY_SIZE(proto_aliases); i++) {
434  if (proto_aliases[i]) {
435  ProtoNameAddEntry(proto_aliases[i], (uint8_t)i);
436  }
437  }
438 }
439 
441 {
442  if (proto_ht != NULL) {
443  HashTableFree(proto_ht);
444  proto_ht = NULL;
445  }
446 }
447 
448 /**
449  * \brief Function to check if the received protocol number is valid and do
450  * we have corresponding name entry for this number or not.
451  *
452  * \param proto Protocol number to be validated
453  * \retval ret On success returns true otherwise false
454  */
455 bool SCProtoNameValid(uint16_t proto)
456 {
457  return (proto <= 255 && known_proto[proto] != NULL);
458 }
459 
460 /**
461  * \brief Function to return the protocol number for a named protocol. Note
462  * that protocol name aliases are honored.
463  *
464  * \param protoname Protocol name (or alias for a protocol name).
465  * \param proto_number Where to return protocol number
466  * \retval ret On success returns the protocol number; else -1
467  */
468 bool SCGetProtoByName(const char *protoname, uint8_t *proto_number)
469 {
470  if (!protoname || !proto_number) {
471  return false;
472  }
473 
475  proto.name = protoname;
476 
477  ProtoNameHashEntry *proto_ent = HashTableLookup(proto_ht, &proto, sizeof(proto));
478  if (proto_ent) {
479  *proto_number = proto_ent->number;
480  return true;
481  }
482  return false;
483 }
484 
485 #ifdef UNITTESTS
486 static int ProtoNameTest01(void)
487 {
488  uint8_t proto;
489  FAIL_IF(!SCGetProtoByName("tcp", &proto));
490  FAIL_IF(SCGetProtoByName("TcP", &proto));
491  FAIL_IF(!SCGetProtoByName("TCP", &proto));
492  FAIL_IF(SCGetProtoByName("Invalid", &proto));
493  FAIL_IF(!SCGetProtoByName("Ethernet", &proto));
494 
495  /* 'ip' is an alias for 'HOPOPT' */
496  FAIL_IF(!SCGetProtoByName("ip", &proto));
497  FAIL_IF(!SCGetProtoByName("HOPOPT", &proto));
498 
499  FAIL_IF(SCGetProtoByName("IP", &proto));
500 
501  PASS;
502 }
503 
505 {
506  UtRegisterTest("ProtoNameTest01", ProtoNameTest01);
507 }
508 #endif
util-hash-string.h
SCProtoNameRegisterTests
void SCProtoNameRegisterTests(void)
Definition: util-proto-name.c:504
SC_ERR_HASH_TABLE_INIT
@ SC_ERR_HASH_TABLE_INIT
Definition: util-error.h:144
ProtoNameHashEntry
struct ProtoNameHashEntry_ ProtoNameHashEntry
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:296
SCProtoNameInit
void SCProtoNameInit(void)
Definition: util-proto-name.c:419
SCProtoNameValid
bool SCProtoNameValid(uint16_t proto)
Function to check if the received protocol number is valid and do we have corresponding name entry fo...
Definition: util-proto-name.c:455
SC_ERR_HASH_ADD
@ SC_ERR_HASH_ADD
Definition: util-error.h:380
HashTable_
Definition: util-hash.h:35
known_proto
const char * known_proto[256]
Definition: util-proto-name.c:40
proto
uint8_t proto
Definition: decode-template.h:0
util-unittest.h
ProtoNameHashEntry_
Definition: util-proto-name.c:350
HashTableFree
void HashTableFree(HashTable *ht)
Definition: util-hash.c:80
HashTable_::array_size
uint32_t array_size
Definition: util-hash.h:37
proto_aliases
const char * proto_aliases[256]
Definition: util-proto-name.c:197
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
HashTableLookup
void * HashTableLookup(HashTable *ht, void *data, uint16_t datalen)
Definition: util-hash.c:194
HashTableAdd
int HashTableAdd(HashTable *ht, void *data, uint16_t datalen)
Definition: util-hash.c:114
util-proto-name.h
SCProtoNameRelease
void SCProtoNameRelease(void)
Definition: util-proto-name.c:440
ARRAY_SIZE
#define ARRAY_SIZE(arr)
Definition: suricata-common.h:534
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
ProtoNameHashEntry_::number
uint8_t number
Definition: util-proto-name.c:352
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(x,...)
Definition: util-debug.h:530
SCFree
#define SCFree(p)
Definition: util-mem.h:61
HashTableInit
HashTable * HashTableInit(uint32_t size, uint32_t(*Hash)(struct HashTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hash.c:35
SC_ERR_MEM_ALLOC
@ SC_ERR_MEM_ALLOC
Definition: util-error.h:31
SCGetProtoByName
bool SCGetProtoByName(const char *protoname, uint8_t *proto_number)
Function to return the protocol number for a named protocol. Note that protocol name aliases are hono...
Definition: util-proto-name.c:468
ProtoNameHashEntry_::name
const char * name
Definition: util-proto-name.c:351
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
StringHashDjb2
uint32_t StringHashDjb2(const uint8_t *data, uint32_t datalen)
Definition: util-hash-string.c:22