suricata
util-proto-name.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
22  *
23  * File to provide the protocol names based on protocol numbers defined by the
24  * IANA
25  */
26 
27 #include "suricata-common.h"
28 #include "util-hash-string.h"
29 #include "util-proto-name.h"
30 
31 #ifdef UNITTESTS
32 #include "util-unittest.h"
33 #endif
34 
35 /** Lookup array to hold the information related to known protocol
36  * values
37  */
38 
39 const char *known_proto[256] = {
40  "HOPOPT", /* 0x00: 0 - IPv6 Hop-by-Hop Option RFC 8200 */
41  "ICMP", /* 0x01: 1 - Internet Control Message Protocol RFC 792 */
42  "IGMP", /* 0x02: 2 - Internet Group Management Protocol RFC 1112 */
43  "GGP", /* 0x03: 3 - Gateway-to-Gateway Protocol RFC 823 */
44  "IP-in-IP", /* 0x04: 4 - IP in IP (encapsulation) RFC 2003 */
45  "ST", /* 0x05: 5 - Internet Stream Protocol RFC 1190, RFC 1819 */
46  "TCP", /* 0x06: 6 - Transmission Control Protocol RFC 793 */
47  "CBT", /* 0x07: 7 - Core-based trees RFC 2189 */
48  "EGP", /* 0x08: 8 - Exterior Gateway Protocol RFC 888 */
49  "IGP", /* 0x09: 9 - Interior Gateway Protocol (any private interior gateway, for example Cisco's
50  IGRP) */
51  "BBN-RCC-MON", /* 0x0A: 10 - BBN RCC Monitoring */
52  "NVP-II", /* 0x0B: 11 - Network Voice Protocol RFC 741 */
53  "PUP", /* 0x0C: 12 - Xerox PUP */
54  "ARGUS", /* 0x0D: 13 - ARGUS */
55  "EMCON", /* 0x0E: 14 - EMCON */
56  "XNET", /* 0x0F: 15 - Cross Net Debugger IEN 158[2] */
57  "CHAOS", /* 0x10: 16 - Chaos */
58  "UDP", /* 0x11: 17 - User Datagram Protocol RFC 768 */
59  "MUX", /* 0x12: 18 - Multiplexing IEN 90[3] */
60  "DCN-MEAS", /* 0x13: 19 - DCN Measurement Subsystems */
61  "HMP", /* 0x14: 20 - Host Monitoring Protocol RFC 869 */
62  "PRM", /* 0x15: 21 - Packet Radio Measurement */
63  "XNS-IDP", /* 0x16: 22 - XEROX NS IDP */
64  "TRUNK-1", /* 0x17: 23 - Trunk-1 */
65  "TRUNK-2", /* 0x18: 24 - Trunk-2 */
66  "LEAF-1", /* 0x19: 25 - Leaf-1 */
67  "LEAF-2", /* 0x1A: 26 - Leaf-2 */
68  "RDP", /* 0x1B: 27 - Reliable Data Protocol RFC 908 */
69  "IRTP", /* 0x1C: 28 - Internet Reliable Transaction Protocol RFC 938 */
70  "ISO-TP4", /* 0x1D: 29 - ISO Transport Protocol Class 4 RFC 905 */
71  "NETBLT", /* 0x1E: 30 - Bulk Data Transfer Protocol RFC 998 */
72  "MFE-NSP", /* 0x1F: 31 - MFE Network Services Protocol */
73  "MERIT-INP", /* 0x20: 32 - MERIT Internodal Protocol */
74  "DCCP", /* 0x21: 33 - Datagram Congestion Control Protocol RFC 4340 */
75  "3PC", /* 0x22: 34 - Third Party Connect Protocol */
76  "IDPR", /* 0x23: 35 - Inter-Domain Policy Routing Protocol RFC 1479 */
77  "XTP", /* 0x24: 36 - Xpress Transport Protocol */
78  "DDP", /* 0x25: 37 - Datagram Delivery Protocol */
79  "IDPR-CMTP", /* 0x26: 38 - IDPR Control Message Transport Protocol */
80  "TP++", /* 0x27: 39 - TP++ Transport Protocol */
81  "IL", /* 0x28: 40 - IL Transport Protocol */
82  "IPv6", /* 0x29: 41 - IPv6 Encapsulation RFC 2473 */
83  "SDRP", /* 0x2A: 42 - Source Demand Routing Protocol RFC 1940 */
84  "IPv6-Route", /* 0x2B: 43 - Routing Header for IPv6 RFC 8200 */
85  "IPv6-Frag", /* 0x2C: 44 - Fragment Header for IPv6 RFC 8200 */
86  "IDRP", /* 0x2D: 45 - Inter-Domain Routing Protocol */
87  "RSVP", /* 0x2E: 46 - Resource Reservation Protocol RFC 2205 */
88  "GRE", /* 0x2F: 47 - Generic Routing Encapsulation RFC 2784, RFC 2890 */
89  "DSR", /* 0x30: 48 - Dynamic Source Routing Protocol RFC 4728 */
90  "BNA", /* 0x31: 49 - Burroughs Network Architecture */
91  "ESP", /* 0x32: 50 - Encapsulating Security Payload RFC 4303 */
92  "AH", /* 0x33: 51 - Authentication Header RFC 4302 */
93  "I-NLSP", /* 0x34: 52 - Integrated Net Layer Security Protocol TUBA */
94  "SwIPe", /* 0x35: 53 - SwIPe RFC 5237 */
95  "NARP", /* 0x36: 54 - NBMA Address Resolution Protocol RFC 1735 */
96  "MOBILE", /* 0x37: 55 - IP Mobility (Min Encap) RFC 2004 */
97  "TLSP", /* 0x38: 56 - Transport Layer Security Protocol (using Kryptonet key management) */
98  "SKIP", /* 0x39: 57 - Simple Key-Management for Internet Protocol RFC 2356 */
99  "IPv6-ICMP", /* 0x3A: 58 - ICMP for IPv6 RFC 4443, RFC 4884 */
100  "IPv6-NoNxt", /* 0x3B: 59 - No Next Header for IPv6 RFC 8200 */
101  "IPv6-Opts", /* 0x3C: 60 - Destination Options for IPv6 RFC 8200 */
102  "Any", /* 0x3D: 61 - host internal protocol */
103  "CFTP", /* 0x3E: 62 - CFTP */
104  "Any", /* 0x3F: 63 - local network */
105  "SAT-EXPAK", /* 0x40: 64 - SATNET and Backroom EXPAK */
106  "KRYPTOLAN", /* 0x41: 65 - Kryptolan */
107  "RVD", /* 0x42: 66 - MIT Remote Virtual Disk Protocol */
108  "IPPC", /* 0x43: 67 - Internet Pluribus Packet Core */
109  "Any", /* 0x44: 68 - distributed file system */
110  "SAT-MON", /* 0x45: 69 - SATNET Monitoring */
111  "VISA", /* 0x46: 70 - VISA Protocol */
112  "IPCU", /* 0x47: 71 - Internet Packet Core Utility */
113  "CPNX", /* 0x48: 72 - Computer Protocol Network Executive */
114  "CPHB", /* 0x49: 73 - Computer Protocol Heart Beat */
115  "WSN", /* 0x4A: 74 - Wang Span Network */
116  "PVP", /* 0x4B: 75 - Packet Video Protocol */
117  "BR-SAT-MON", /* 0x4C: 76 - Backroom SATNET Monitoring */
118  "SUN-ND", /* 0x4D: 77 - SUN ND PROTOCOL-Temporary */
119  "WB-MON", /* 0x4E: 78 - WIDEBAND Monitoring */
120  "WB-EXPAK", /* 0x4F: 79 - WIDEBAND EXPAK */
121  "ISO-IP", /* 0x50: 80 - International Organization for Standardization Internet Protocol */
122  "VMTP", /* 0x51: 81 - Versatile Message Transaction Protocol RFC 1045 */
123  "SECURE-VMTP", /* 0x52: 82 - Secure Versatile Message Transaction Protocol RFC 1045 */
124  "VINES", /* 0x53: 83 - VINES */
125  "TTP", /* 0x54: 84 - TTP */
126  "NSFNET-IGP", /* 0x55: 85 - NSFNET-IGP */
127  "DGP", /* 0x56: 86 - Dissimilar Gateway Protocol */
128  "TCF", /* 0x57: 87 - TCF */
129  "EIGRP", /* 0x58: 88 - EIGRP Informational RFC 7868 */
130  "OSPF", /* 0x59: 89 - Open Shortest Path First RFC 2328 */
131  "Sprite-RPC", /* 0x5A: 90 - Sprite RPC Protocol */
132  "LARP", /* 0x5B: 91 - Locus Address Resolution Protocol */
133  "MTP", /* 0x5C: 92 - Multicast Transport Protocol */
134  "AX.25", /* 0x5D: 93 - AX.25 */
135  "OS", /* 0x5E: 94 - KA9Q NOS compatible IP over IP tunneling */
136  "MICP", /* 0x5F: 95 - Mobile Internetworking Control Protocol */
137  "SCC-SP", /* 0x60: 96 - Semaphore Communications Sec. Pro */
138  "ETHERIP", /* 0x61: 97 - Ethernet-within-IP Encapsulation RFC 3378 */
139  "ENCAP", /* 0x62: 98 - Encapsulation Header RFC 1241 */
140  "Any", /* 0x63: 99 - private encryption scheme */
141  "GMTP", /* 0x64: 100 - GMTP */
142  "IFMP", /* 0x65: 101 - Ipsilon Flow Management Protocol */
143  "PNNI", /* 0x66: 102 - PNNI over IP */
144  "PIM", /* 0x67: 103 - Protocol Independent Multicast */
145  "ARIS", /* 0x68: 104 - IBM's ARIS (Aggregate Route IP Switching) Protocol */
146  "SCPS", /* 0x69: 105 - SCPS (Space Communications Protocol Standards) SCPS-TP[4] */
147  "QNX", /* 0x6A: 106 - QNX */
148  "A/N", /* 0x6B: 107 - Active Networks */
149  "IPComp", /* 0x6C: 108 - IP Payload Compression Protocol RFC 3173 */
150  "SNP", /* 0x6D: 109 - Sitara Networks Protocol */
151  "Compaq-Peer", /* 0x6E: 110 - Compaq Peer Protocol */
152  "IPX-in-IP", /* 0x6F: 111 - IPX in IP */
153  "VRRP", /* 0x70: 112 - Virtual Router Redundancy Protocol, Common Address Redundancy Protocol
154  (not IANA assigned) VRRP:RFC 3768 */
155  "PGM", /* 0x71: 113 - PGM Reliable Transport Protocol RFC 3208 */
156  "Any", /* 0x72: 114 - 0-hop protocol */
157  "L2TP", /* 0x73: 115 - Layer Two Tunneling Protocol Version 3 RFC 3931 */
158  "DDX", /* 0x74: 116 - D-II Data Exchange (DDX) */
159  "IATP", /* 0x75: 117 - Interactive Agent Transfer Protocol */
160  "STP", /* 0x76: 118 - Schedule Transfer Protocol */
161  "SRP", /* 0x77: 119 - SpectraLink Radio Protocol */
162  "UTI", /* 0x78: 120 - Universal Transport Interface Protocol */
163  "SMP", /* 0x79: 121 - Simple Message Protocol */
164  "SM", /* 0x7A: 122 - Simple Multicast Protocol draft-perlman-simple-multicast-03 */
165  "PTP", /* 0x7B: 123 - Performance Transparency Protocol */
166  "IS-IS", /* 0x7C: 124 - over IPv4 Intermediate System to Intermediate System (IS-IS) Protocol
167  over IPv4 RFC 1142 and RFC 1195 */
168  "FIRE", /* 0x7D: 125 - Flexible Intra-AS Routing Environment */
169  "CRTP", /* 0x7E: 126 - Combat Radio Transport Protocol */
170  "CRUDP", /* 0x7F: 127 - Combat Radio User Datagram */
171  "SSCOPMCE", /* 0x80: 128 - Service-Specific Connection-Oriented Protocol in a Multilink and
172  Connectionless Environment ITU-T Q.2111 (1999) */
173  "IPLT", /* 0x81: 129 - */
174  "SPS", /* 0x82: 130 - Secure Packet Shield */
175  "PIPE", /* 0x83: 131 - Private IP Encapsulation within IP Expired I-D
176  draft-petri-mobileip-pipe-00.txt */
177  "SCTP", /* 0x84: 132 - Stream Control Transmission Protocol RFC 4960 */
178  "FC", /* 0x85: 133 - Fibre Channel */
179  "RSVP-E2E-IGNORE", /* 0x86: 134 - Reservation Protocol (RSVP) End-to-End Ignore RFC 3175 */
180  "Mobility", /* 0x87: 135 - Header Mobility Extension Header for IPv6 RFC 6275 */
181  "UDPLite", /* 0x88: 136 - Lightweight User Datagram Protocol RFC 3828 */
182  "MPLS-in-IP", /* 0x89: 137 - Multiprotocol Label Switching Encapsulated in IP RFC 4023,
183  RFC 5332 */
184  "manet", /* 0x8A: 138 - MANET Protocols RFC 5498 */
185  "HIP", /* 0x8B: 139 - Host Identity Protocol RFC 5201 */
186  "Shim6", /* 0x8C: 140 - Site Multihoming by IPv6 Intermediation RFC 5533 */
187  "WESP", /* 0x8D: 141 - Wrapped Encapsulating Security Payload RFC 5840 */
188  "ROHC", /* 0x8E: 142 - Robust Header Compression RFC 5856 */
189  "Ethernet" /* 0x8F: 143 - IPv6 Segment Routing (TEMPORARY - registered 2020-01-31, expires
190  2021-01-31) */
191 };
192 
193 /*
194  * Protocol name aliases
195  */
196 const char *proto_aliases[256] = {
197  "ip", /* 0x00: 0 - IPv6 Hop-by-Hop Option RFC 8200 */
198  "icmp", /* 0x01: 1 - Internet Control Message Protocol RFC 792 */
199  "igmp", /* 0x02: 2 - Internet Group Management Protocol RFC 1112 */
200  "ggp", /* 0x03: 3 - Gateway-to-Gateway Protocol RFC 823 */
201  "ipencap", /* 0x04: 4 - IP in IP (encapsulation) RFC 2003 */
202  "st", /* 0x05: 5 - Internet Stream Protocol RFC 1190, RFC 1819 */
203  "tcp", /* 0x06: 6 - Transmission Control Protocol RFC 793 */
204  NULL, /* 0x07: 7 - Core-based trees RFC 2189 */
205  "egp", /* 0x08: 8 - Exterior Gateway Protocol RFC 888 */
206  "igp", /* 0x09: 9 - Interior Gateway Protocol (any private interior gateway, for example Cisco's
207  IGRP) */
208  NULL, /* 0x0A: 10 - BBN RCC Monitoring */
209  NULL, /* 0x0B: 11 - Network Voice Protocol RFC 741 */
210  "pup", /* 0x0C: 12 - Xerox PUP */
211  NULL, /* 0x0D: 13 - ARGUS */
212  NULL, /* 0x0E: 14 - EMCON */
213  NULL, /* 0x0F: 15 - Cross Net Debugger IEN 158[2] */
214  NULL, /* 0x10: 16 - Chaos */
215  "udp", /* 0x11: 17 - User Datagram Protocol RFC 768 */
216  NULL, /* 0x12: 18 - Multiplexing IEN 90[3] */
217  NULL, /* 0x13: 19 - DCN Measurement Subsystems */
218  "hmp", /* 0x14: 20 - Host Monitoring Protocol RFC 869 */
219  NULL, /* 0x15: 21 - Packet Radio Measurement */
220  "xns-idp", /* 0x16: 22 - XEROX NS IDP */
221  NULL, /* 0x17: 23 - Trunk-1 */
222  NULL, /* 0x18: 24 - Trunk-2 */
223  NULL, /* 0x19: 25 - Leaf-1 */
224  NULL, /* 0x1A: 26 - Leaf-2 */
225  "rdp", /* 0x1B: 27 - Reliable Data Protocol RFC 908 */
226  NULL, /* 0x1C: 28 - Internet Reliable Transaction Protocol RFC 938 */
227  "iso-tp4", /* 0x1D: 29 - ISO Transport Protocol Class 4 RFC 905 */
228  NULL, /* 0x1E: 30 - Bulk Data Transfer Protocol RFC 998 */
229  NULL, /* 0x1F: 31 - MFE Network Services Protocol */
230  NULL, /* 0x20: 32 - MERIT Internodal Protocol */
231  "dccp", /* 0x21: 33 - Datagram Congestion Control Protocol RFC 4340 */
232  NULL, /* 0x22: 34 - Third Party Connect Protocol */
233  NULL, /* 0x23: 35 - Inter-Domain Policy Routing Protocol RFC 1479 */
234  "xtp", /* 0x24: 36 - Xpress Transport Protocol */
235  "ddp", /* 0x25: 37 - Datagram Delivery Protocol */
236  "idpr-cmtp", /* 0x26: 38 - IDPR Control Message Transport Protocol */
237  NULL, /* 0x27: 39 - TP++ Transport Protocol */
238  NULL, /* 0x28: 40 - IL Transport Protocol */
239  "ipV6", /* 0x29: 41 - IPv6 Encapsulation RFC 2473 */
240  NULL, /* 0x2A: 42 - Source Demand Routing Protocol RFC 1940 */
241  "ipv6-route", /* 0x2B: 43 - Routing Header for IPv6 RFC 8200 */
242  "ipv6-frag", /* 0x2C: 44 - Fragment Header for IPv6 RFC 8200 */
243  "idrp", /* 0x2D: 45 - Inter-Domain Routing Protocol */
244  "rsvp", /* 0x2E: 46 - Resource Reservation Protocol RFC 2205 */
245  "gre", /* 0x2F: 47 - Generic Routing Encapsulation RFC 2784, RFC 2890 */
246  NULL, /* 0x30: 48 - Dynamic Source Routing Protocol RFC 4728 */
247  NULL, /* 0x31: 49 - Burroughs Network Architecture */
248  "esp", /* 0x32: 50 - Encapsulating Security Payload RFC 4303 */
249  "ah", /* 0x33: 51 - Authentication Header RFC 4302 */
250  NULL, /* 0x34: 52 - Integrated Net Layer Security Protocol TUBA */
251  NULL, /* 0x35: 53 - SwIPe RFC 5237 */
252  NULL, /* 0x36: 54 - NBMA Address Resolution Protocol RFC 1735 */
253  NULL, /* 0x37: 55 - IP Mobility (Min Encap) RFC 2004 */
254  NULL, /* 0x38: 56 - Transport Layer Security Protocol (using Kryptonet key management) */
255  "skip", /* 0x39: 57 - Simple Key-Management for Internet Protocol RFC 2356 */
256  "ipv6-icmp", /* 0x3A: 58 - ICMP for IPv6 RFC 4443, RFC 4884 */
257  "ipv6-nonxt", /* 0x3B: 59 - No Next Header for IPv6 RFC 8200 */
258  "ipv6-opts", /* 0x3C: 60 - Destination Options for IPv6 RFC 8200 */
259  NULL, /* 0x3D: 61 - host internal protocol */
260  NULL, /* 0x3E: 62 - CFTP */
261  NULL, /* 0x3F: 63 - local network */
262  NULL, /* 0x40: 64 - SATNET and Backroom EXPAK */
263  NULL, /* 0x41: 65 - Kryptolan */
264  NULL, /* 0x42: 66 - MIT Remote Virtual Disk Protocol */
265  NULL, /* 0x43: 67 - Internet Pluribus Packet Core */
266  NULL, /* 0x44: 68 - distributed file system */
267  NULL, /* 0x45: 69 - SATNET Monitoring */
268  NULL, /* 0x46: 70 - VISA Protocol */
269  NULL, /* 0x47: 71 - Internet Packet Core Utility */
270  NULL, /* 0x48: 72 - Computer Protocol Network Executive */
271  "cphb", /* 0x49: 73 - Computer Protocol Heart Beat */
272  NULL, /* 0x4A: 74 - Wang Span Network */
273  NULL, /* 0x4B: 75 - Packet Video Protocol */
274  NULL, /* 0x4C: 76 - Backroom SATNET Monitoring */
275  NULL, /* 0x4D: 77 - SUN ND PROTOCOL-Temporary */
276  NULL, /* 0x4E: 78 - WIDEBAND Monitoring */
277  NULL, /* 0x4F: 79 - WIDEBAND EXPAK */
278  NULL, /* 0x50: 80 - International Organization for Standardization Internet Protocol */
279  "vmtp", /* 0x51: 81 - Versatile Message Transaction Protocol RFC 1045 */
280  NULL, /* 0x52: 82 - Secure Versatile Message Transaction Protocol RFC 1045 */
281  NULL, /* 0x53: 83 - VINES */
282  NULL, /* 0x54: 84 - TTP */
283  NULL, /* 0x55: 85 - NSFNET-IGP */
284  NULL, /* 0x56: 86 - Dissimilar Gateway Protocol */
285  NULL, /* 0x57: 87 - TCF */
286  "eigrp", /* 0x58: 88 - EIGRP Informational RFC 7868 */
287  "ospf", /* 0x59: 89 - Open Shortest Path First RFC 2328 */
288  NULL, /* 0x5A: 90 - Sprite RPC Protocol */
289  NULL, /* 0x5B: 91 - Locus Address Resolution Protocol */
290  NULL, /* 0x5C: 92 - Multicast Transport Protocol */
291  "ax.25", /* 0x5D: 93 - AX.25 */
292  "ipip", /* 0x5E: 94 - KA9Q NOS compatible IP over IP tunneling */
293  NULL, /* 0x5F: 95 - Mobile Internetworking Control Protocol */
294  NULL, /* 0x60: 96 - Semaphore Communications Sec. Pro */
295  "etherip", /* 0x61: 97 - Ethernet-within-IP Encapsulation RFC 3378 */
296  "encap", /* 0x62: 98 - Encapsulation Header RFC 1241 */
297  NULL, /* 0x63: 99 - private encryption scheme */
298  "GMTP", /* 0x64: 100 - GMTP */
299  NULL, /* 0x65: 101 - Ipsilon Flow Management Protocol */
300  NULL, /* 0x66: 102 - PNNI over IP */
301  "pim", /* 0x67: 103 - Protocol Independent Multicast */
302  NULL, /* 0x68: 104 - IBM's ARIS (Aggregate Route IP Switching) Protocol */
303  NULL, /* 0x69: 105 - SCPS (Space Communications Protocol Standards) SCPS-TP[4] */
304  NULL, /* 0x6A: 106 - QNX */
305  NULL, /* 0x6B: 107 - Active Networks */
306  "ipcomp", /* 0x6C: 108 - IP Payload Compression Protocol RFC 3173 */
307  NULL, /* 0x6D: 109 - Sitara Networks Protocol */
308  NULL, /* 0x6E: 110 - Compaq Peer Protocol */
309  NULL, /* 0x6F: 111 - IPX in IP */
310  "vrrp", /* 0x70: 112 - Virtual Router Redundancy Protocol, Common Address Redundancy Protocol
311  (not IANA assigned) VRRP:RFC 3768 */
312  NULL, /* 0x71: 113 - PGM Reliable Transport Protocol RFC 3208 */
313  NULL, /* 0x72: 114 - 0-hop protocol */
314  "l2tp", /* 0x73: 115 - Layer Two Tunneling Protocol Version 3 RFC 3931 */
315  NULL, /* 0x74: 116 - D-II Data Exchange (DDX) */
316  NULL, /* 0x75: 117 - Interactive Agent Transfer Protocol */
317  NULL, /* 0x76: 118 - Schedule Transfer Protocol */
318  NULL, /* 0x77: 119 - SpectraLink Radio Protocol */
319  NULL, /* 0x78: 120 - Universal Transport Interface Protocol */
320  NULL, /* 0x79: 121 - Simple Message Protocol */
321  NULL, /* 0x7A: 122 - Simple Multicast Protocol draft-perlman-simple-multicast-03 */
322  NULL, /* 0x7B: 123 - Performance Transparency Protocol */
323  "isis", /* 0x7C: 124 - over IPv4 Intermediate System to Intermediate System (IS-IS) Protocol
324  over IPv4 RFC 1142 and RFC 1195 */
325  NULL, /* 0x7D: 125 - Flexible Intra-AS Routing Environment */
326  NULL, /* 0x7E: 126 - Combat Radio Transport Protocol */
327  NULL, /* 0x7F: 127 - Combat Radio User Datagram */
328  NULL, /* 0x80: 128 - Service-Specific Connection-Oriented Protocol in a Multilink and
329  Connectionless Environment ITU-T Q.2111 (1999) */
330  NULL, /* 0x81: 129 - */
331  NULL, /* 0x82: 130 - Secure Packet Shield */
332  NULL, /* 0x83: 131 - Private IP Encapsulation within IP Expired I-D
333  draft-petri-mobileip-pipe-00.txt */
334  "sctp", /* 0x84: 132 - Stream Control Transmission Protocol RFC 4960 */
335  "fc", /* 0x85: 133 - Fibre Channel */
336  NULL, /* 0x86: 134 - Reservation Protocol (RSVP) End-to-End Ignore RFC 3175 */
337  "mobility-header", /* 0x87: 135 - Header Mobility Extension Header for IPv6 RFC 6275 */
338  "udplite", /* 0x88: 136 - Lightweight User Datagram Protocol RFC 3828 */
339  "mpls-in-ip", /* 0x89: 137 - Multiprotocol Label Switching Encapsulated in IP RFC 4023,
340  RFC 5332 */
341  NULL, /* 0x8A: 138 - MANET Protocols RFC 5498 */
342  "hip", /* 0x8B: 139 - Host Identity Protocol RFC 5201 */
343  "shim6", /* 0x8C: 140 - Site Multihoming by IPv6 Intermediation RFC 5533 */
344  "wesp", /* 0x8D: 141 - Wrapped Encapsulating Security Payload RFC 5840 */
345  "rohc", /* 0x8E: 142 - Robust Header Compression RFC 5856 */
346  /* no aliases for 142-255 */
347 };
348 
349 typedef struct ProtoNameHashEntry_ {
350  const char *name;
351  uint8_t number;
353 
354 static HashTable *proto_ht = NULL;
355 
356 static uint32_t ProtoNameHashFunc(HashTable *ht, void *data, uint16_t datalen)
357 {
358  /*
359  * datalen covers the entire struct -- only the proto name is hashed
360  * as the proto number is not used for lookups
361  */
363  return StringHashDjb2((uint8_t *)p->name, strlen(p->name)) % ht->array_size;
364 }
365 
366 static char ProtoNameHashCompareFunc(void *data1, uint16_t datalen1, void *data2, uint16_t datalen2)
367 {
368  ProtoNameHashEntry *p1 = (ProtoNameHashEntry *)data1;
369  ProtoNameHashEntry *p2 = (ProtoNameHashEntry *)data2;
370 
371  if (p1 == NULL || p2 == NULL)
372  return 0;
373 
374  if (p1->name == NULL || p2->name == NULL)
375  return 0;
376 
377  int len1 = strlen(p1->name);
378  int len2 = strlen(p2->name);
379 
380  return len1 == len2 && memcmp(p1->name, p2->name, len1) == 0;
381 }
382 
383 static void ProtoNameAddEntry(const char *proto_name, const uint8_t proto_number)
384 {
385  ProtoNameHashEntry *proto_ent = SCCalloc(1, sizeof(ProtoNameHashEntry));
386  if (!proto_ent) {
387  FatalError(SC_ERR_HASH_TABLE_INIT, "Unable to allocate protocol hash entry");
388  }
389 
390  proto_ent->name = SCStrdup(proto_name);
391  if (!proto_ent->name)
392  FatalError(SC_ERR_MEM_ALLOC, "Unable to allocate memory for protocol name entries");
393 
394  proto_ent->number = proto_number;
395 
396  SCLogDebug("new protocol entry: name: \"%s\"; protocol number: %d", proto_ent->name,
397  proto_ent->number);
398  if (0 != HashTableAdd(proto_ht, proto_ent, 0)) {
400  "Unable to add entry to proto hash table for "
401  "name: \"%s\"; number: %d",
402  proto_ent->name, proto_ent->number);
403  }
404  return;
405 }
406 
407 static void ProtoNameHashFreeFunc(void *data)
408 {
409  ProtoNameHashEntry *proto_ent = (ProtoNameHashEntry *)data;
410 
411  if (proto_ent) {
412  if (proto_ent->name)
413  SCFree((void *)proto_ent->name);
414  SCFree(proto_ent);
415  }
416 }
417 
418 void SCProtoNameInit(void)
419 {
420  proto_ht =
421  HashTableInit(256, ProtoNameHashFunc, ProtoNameHashCompareFunc, ProtoNameHashFreeFunc);
422  if (proto_ht == NULL) {
423  FatalError(SC_ERR_HASH_TABLE_INIT, "Unable to initialize protocol name/number table");
424  }
425 
426  for (uint16_t i = 0; i < ARRAY_SIZE(known_proto); i++) {
427  if (known_proto[i]) {
428  ProtoNameAddEntry(known_proto[i], (uint8_t)i);
429  }
430  }
431 
432  for (uint16_t i = 0; i < ARRAY_SIZE(proto_aliases); i++) {
433  if (proto_aliases[i]) {
434  ProtoNameAddEntry(proto_aliases[i], (uint8_t)i);
435  }
436  }
437 }
438 
440 {
441  if (proto_ht != NULL) {
442  HashTableFree(proto_ht);
443  proto_ht = NULL;
444  }
445 }
446 
447 /**
448  * \brief Function to check if the received protocol number is valid and do
449  * we have corresponding name entry for this number or not.
450  *
451  * \param proto Protocol number to be validated
452  * \retval ret On success returns true otherwise false
453  */
454 bool SCProtoNameValid(uint16_t proto)
455 {
456  return (proto <= 255 && known_proto[proto] != NULL);
457 }
458 
459 /**
460  * \brief Function to return the protocol number for a named protocol. Note
461  * that protocol name aliases are honored.
462  *
463  * \param protoname Protocol name (or alias for a protocol name).
464  * \param proto_number Where to return protocol number
465  * \retval ret On success returns the protocol number; else -1
466  */
467 bool SCGetProtoByName(const char *protoname, uint8_t *proto_number)
468 {
469  if (!protoname || !proto_number) {
470  return false;
471  }
472 
474  proto.name = protoname;
475 
476  ProtoNameHashEntry *proto_ent = HashTableLookup(proto_ht, &proto, sizeof(proto));
477  if (proto_ent) {
478  *proto_number = proto_ent->number;
479  return true;
480  }
481  return false;
482 }
483 
484 #ifdef UNITTESTS
485 static int ProtoNameTest01(void)
486 {
487  uint8_t proto;
488  FAIL_IF(!SCGetProtoByName("tcp", &proto));
489  FAIL_IF(SCGetProtoByName("TcP", &proto));
490  FAIL_IF(!SCGetProtoByName("TCP", &proto));
491  FAIL_IF(SCGetProtoByName("Invalid", &proto));
492  FAIL_IF(!SCGetProtoByName("Ethernet", &proto));
493 
494  /* 'ip' is an alias for 'HOPOPT' */
495  FAIL_IF(!SCGetProtoByName("ip", &proto));
496  FAIL_IF(!SCGetProtoByName("HOPOPT", &proto));
497 
498  FAIL_IF(SCGetProtoByName("IP", &proto));
499 
500  PASS;
501 }
502 
504 {
505  UtRegisterTest("ProtoNameTest01", ProtoNameTest01);
506 }
507 #endif
util-hash-string.h
SCProtoNameRegisterTests
void SCProtoNameRegisterTests(void)
Definition: util-proto-name.c:503
SC_ERR_HASH_TABLE_INIT
@ SC_ERR_HASH_TABLE_INIT
Definition: util-error.h:144
ProtoNameHashEntry
struct ProtoNameHashEntry_ ProtoNameHashEntry
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:296
SCProtoNameInit
void SCProtoNameInit(void)
Definition: util-proto-name.c:418
SCProtoNameValid
bool SCProtoNameValid(uint16_t proto)
Function to check if the received protocol number is valid and do we have corresponding name entry fo...
Definition: util-proto-name.c:454
SC_ERR_HASH_ADD
@ SC_ERR_HASH_ADD
Definition: util-error.h:380
HashTable_
Definition: util-hash.h:35
known_proto
const char * known_proto[256]
Definition: util-proto-name.c:39
proto
uint8_t proto
Definition: decode-template.h:0
util-unittest.h
ProtoNameHashEntry_
Definition: util-proto-name.c:349
HashTableFree
void HashTableFree(HashTable *ht)
Definition: util-hash.c:79
HashTable_::array_size
uint32_t array_size
Definition: util-hash.h:37
proto_aliases
const char * proto_aliases[256]
Definition: util-proto-name.c:196
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
HashTableLookup
void * HashTableLookup(HashTable *ht, void *data, uint16_t datalen)
Definition: util-hash.c:193
HashTableAdd
int HashTableAdd(HashTable *ht, void *data, uint16_t datalen)
Definition: util-hash.c:113
util-proto-name.h
SCProtoNameRelease
void SCProtoNameRelease(void)
Definition: util-proto-name.c:439
ARRAY_SIZE
#define ARRAY_SIZE(arr)
Definition: suricata-common.h:535
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
ProtoNameHashEntry_::number
uint8_t number
Definition: util-proto-name.c:351
SCStrdup
#define SCStrdup(s)
Definition: util-mem.h:56
FatalError
#define FatalError(x,...)
Definition: util-debug.h:530
SCFree
#define SCFree(p)
Definition: util-mem.h:61
HashTableInit
HashTable * HashTableInit(uint32_t size, uint32_t(*Hash)(struct HashTable_ *, void *, uint16_t), char(*Compare)(void *, uint16_t, void *, uint16_t), void(*Free)(void *))
Definition: util-hash.c:34
SC_ERR_MEM_ALLOC
@ SC_ERR_MEM_ALLOC
Definition: util-error.h:31
SCGetProtoByName
bool SCGetProtoByName(const char *protoname, uint8_t *proto_number)
Function to return the protocol number for a named protocol. Note that protocol name aliases are hono...
Definition: util-proto-name.c:467
ProtoNameHashEntry_::name
const char * name
Definition: util-proto-name.c:350
SCCalloc
#define SCCalloc(nm, sz)
Definition: util-mem.h:53
StringHashDjb2
uint32_t StringHashDjb2(const uint8_t *data, uint32_t datalen)
Definition: util-hash-string.c:22