/* Copyright (C) 2007-2022 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free * Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * version 2 along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA * 02110-1301, USA. */ /** * \file * * \author Gurvinder Singh * * File to provide the protocol names based on protocol numbers defined by the * IANA */ #include "suricata-common.h" #include "util-hash-string.h" #include "util-proto-name.h" #include "util-debug.h" #ifdef UNITTESTS #include "util-unittest.h" #endif /** Lookup array to hold the information related to known protocol * values */ const char *known_proto[256] = { "HOPOPT", /* 0x00: 0 - IPv6 Hop-by-Hop Option RFC 8200 */ "ICMP", /* 0x01: 1 - Internet Control Message Protocol RFC 792 */ "IGMP", /* 0x02: 2 - Internet Group Management Protocol RFC 1112 */ "GGP", /* 0x03: 3 - Gateway-to-Gateway Protocol RFC 823 */ "IP-in-IP", /* 0x04: 4 - IP in IP (encapsulation) RFC 2003 */ "ST", /* 0x05: 5 - Internet Stream Protocol RFC 1190, RFC 1819 */ "TCP", /* 0x06: 6 - Transmission Control Protocol RFC 793 */ "CBT", /* 0x07: 7 - Core-based trees RFC 2189 */ "EGP", /* 0x08: 8 - Exterior Gateway Protocol RFC 888 */ "IGP", /* 0x09: 9 - Interior Gateway Protocol (any private interior gateway, for example Cisco's IGRP) */ "BBN-RCC-MON", /* 0x0A: 10 - BBN RCC Monitoring */ "NVP-II", /* 0x0B: 11 - Network Voice Protocol RFC 741 */ "PUP", /* 0x0C: 12 - Xerox PUP */ "ARGUS", /* 0x0D: 13 - ARGUS */ "EMCON", /* 0x0E: 14 - EMCON */ "XNET", /* 0x0F: 15 - Cross Net Debugger IEN 158[2] */ "CHAOS", /* 0x10: 16 - Chaos */ "UDP", /* 0x11: 17 - User Datagram Protocol RFC 768 */ "MUX", /* 0x12: 18 - Multiplexing IEN 90[3] */ "DCN-MEAS", /* 0x13: 19 - DCN Measurement Subsystems */ "HMP", /* 0x14: 20 - Host Monitoring Protocol RFC 869 */ "PRM", /* 0x15: 21 - Packet Radio Measurement */ "XNS-IDP", /* 0x16: 22 - XEROX NS IDP */ "TRUNK-1", /* 0x17: 23 - Trunk-1 */ "TRUNK-2", /* 0x18: 24 - Trunk-2 */ "LEAF-1", /* 0x19: 25 - Leaf-1 */ "LEAF-2", /* 0x1A: 26 - Leaf-2 */ "RDP", /* 0x1B: 27 - Reliable Data Protocol RFC 908 */ "IRTP", /* 0x1C: 28 - Internet Reliable Transaction Protocol RFC 938 */ "ISO-TP4", /* 0x1D: 29 - ISO Transport Protocol Class 4 RFC 905 */ "NETBLT", /* 0x1E: 30 - Bulk Data Transfer Protocol RFC 998 */ "MFE-NSP", /* 0x1F: 31 - MFE Network Services Protocol */ "MERIT-INP", /* 0x20: 32 - MERIT Internodal Protocol */ "DCCP", /* 0x21: 33 - Datagram Congestion Control Protocol RFC 4340 */ "3PC", /* 0x22: 34 - Third Party Connect Protocol */ "IDPR", /* 0x23: 35 - Inter-Domain Policy Routing Protocol RFC 1479 */ "XTP", /* 0x24: 36 - Xpress Transport Protocol */ "DDP", /* 0x25: 37 - Datagram Delivery Protocol */ "IDPR-CMTP", /* 0x26: 38 - IDPR Control Message Transport Protocol */ "TP++", /* 0x27: 39 - TP++ Transport Protocol */ "IL", /* 0x28: 40 - IL Transport Protocol */ "IPv6", /* 0x29: 41 - IPv6 Encapsulation RFC 2473 */ "SDRP", /* 0x2A: 42 - Source Demand Routing Protocol RFC 1940 */ "IPv6-Route", /* 0x2B: 43 - Routing Header for IPv6 RFC 8200 */ "IPv6-Frag", /* 0x2C: 44 - Fragment Header for IPv6 RFC 8200 */ "IDRP", /* 0x2D: 45 - Inter-Domain Routing Protocol */ "RSVP", /* 0x2E: 46 - Resource Reservation Protocol RFC 2205 */ "GRE", /* 0x2F: 47 - Generic Routing Encapsulation RFC 2784, RFC 2890 */ "DSR", /* 0x30: 48 - Dynamic Source Routing Protocol RFC 4728 */ "BNA", /* 0x31: 49 - Burroughs Network Architecture */ "ESP", /* 0x32: 50 - Encapsulating Security Payload RFC 4303 */ "AH", /* 0x33: 51 - Authentication Header RFC 4302 */ "I-NLSP", /* 0x34: 52 - Integrated Net Layer Security Protocol TUBA */ "SwIPe", /* 0x35: 53 - SwIPe RFC 5237 */ "NARP", /* 0x36: 54 - NBMA Address Resolution Protocol RFC 1735 */ "MOBILE", /* 0x37: 55 - IP Mobility (Min Encap) RFC 2004 */ "TLSP", /* 0x38: 56 - Transport Layer Security Protocol (using Kryptonet key management) */ "SKIP", /* 0x39: 57 - Simple Key-Management for Internet Protocol RFC 2356 */ "IPv6-ICMP", /* 0x3A: 58 - ICMP for IPv6 RFC 4443, RFC 4884 */ "IPv6-NoNxt", /* 0x3B: 59 - No Next Header for IPv6 RFC 8200 */ "IPv6-Opts", /* 0x3C: 60 - Destination Options for IPv6 RFC 8200 */ "Any", /* 0x3D: 61 - host internal protocol */ "CFTP", /* 0x3E: 62 - CFTP */ "Any", /* 0x3F: 63 - local network */ "SAT-EXPAK", /* 0x40: 64 - SATNET and Backroom EXPAK */ "KRYPTOLAN", /* 0x41: 65 - Kryptolan */ "RVD", /* 0x42: 66 - MIT Remote Virtual Disk Protocol */ "IPPC", /* 0x43: 67 - Internet Pluribus Packet Core */ "Any", /* 0x44: 68 - distributed file system */ "SAT-MON", /* 0x45: 69 - SATNET Monitoring */ "VISA", /* 0x46: 70 - VISA Protocol */ "IPCU", /* 0x47: 71 - Internet Packet Core Utility */ "CPNX", /* 0x48: 72 - Computer Protocol Network Executive */ "CPHB", /* 0x49: 73 - Computer Protocol Heart Beat */ "WSN", /* 0x4A: 74 - Wang Span Network */ "PVP", /* 0x4B: 75 - Packet Video Protocol */ "BR-SAT-MON", /* 0x4C: 76 - Backroom SATNET Monitoring */ "SUN-ND", /* 0x4D: 77 - SUN ND PROTOCOL-Temporary */ "WB-MON", /* 0x4E: 78 - WIDEBAND Monitoring */ "WB-EXPAK", /* 0x4F: 79 - WIDEBAND EXPAK */ "ISO-IP", /* 0x50: 80 - International Organization for Standardization Internet Protocol */ "VMTP", /* 0x51: 81 - Versatile Message Transaction Protocol RFC 1045 */ "SECURE-VMTP", /* 0x52: 82 - Secure Versatile Message Transaction Protocol RFC 1045 */ "VINES", /* 0x53: 83 - VINES */ "TTP", /* 0x54: 84 - TTP */ "NSFNET-IGP", /* 0x55: 85 - NSFNET-IGP */ "DGP", /* 0x56: 86 - Dissimilar Gateway Protocol */ "TCF", /* 0x57: 87 - TCF */ "EIGRP", /* 0x58: 88 - EIGRP Informational RFC 7868 */ "OSPF", /* 0x59: 89 - Open Shortest Path First RFC 2328 */ "Sprite-RPC", /* 0x5A: 90 - Sprite RPC Protocol */ "LARP", /* 0x5B: 91 - Locus Address Resolution Protocol */ "MTP", /* 0x5C: 92 - Multicast Transport Protocol */ "AX.25", /* 0x5D: 93 - AX.25 */ "OS", /* 0x5E: 94 - KA9Q NOS compatible IP over IP tunneling */ "MICP", /* 0x5F: 95 - Mobile Internetworking Control Protocol */ "SCC-SP", /* 0x60: 96 - Semaphore Communications Sec. Pro */ "ETHERIP", /* 0x61: 97 - Ethernet-within-IP Encapsulation RFC 3378 */ "ENCAP", /* 0x62: 98 - Encapsulation Header RFC 1241 */ "Any", /* 0x63: 99 - private encryption scheme */ "GMTP", /* 0x64: 100 - GMTP */ "IFMP", /* 0x65: 101 - Ipsilon Flow Management Protocol */ "PNNI", /* 0x66: 102 - PNNI over IP */ "PIM", /* 0x67: 103 - Protocol Independent Multicast */ "ARIS", /* 0x68: 104 - IBM's ARIS (Aggregate Route IP Switching) Protocol */ "SCPS", /* 0x69: 105 - SCPS (Space Communications Protocol Standards) SCPS-TP[4] */ "QNX", /* 0x6A: 106 - QNX */ "A/N", /* 0x6B: 107 - Active Networks */ "IPComp", /* 0x6C: 108 - IP Payload Compression Protocol RFC 3173 */ "SNP", /* 0x6D: 109 - Sitara Networks Protocol */ "Compaq-Peer", /* 0x6E: 110 - Compaq Peer Protocol */ "IPX-in-IP", /* 0x6F: 111 - IPX in IP */ "VRRP", /* 0x70: 112 - Virtual Router Redundancy Protocol, Common Address Redundancy Protocol (not IANA assigned) VRRP:RFC 3768 */ "PGM", /* 0x71: 113 - PGM Reliable Transport Protocol RFC 3208 */ "Any", /* 0x72: 114 - 0-hop protocol */ "L2TP", /* 0x73: 115 - Layer Two Tunneling Protocol Version 3 RFC 3931 */ "DDX", /* 0x74: 116 - D-II Data Exchange (DDX) */ "IATP", /* 0x75: 117 - Interactive Agent Transfer Protocol */ "STP", /* 0x76: 118 - Schedule Transfer Protocol */ "SRP", /* 0x77: 119 - SpectraLink Radio Protocol */ "UTI", /* 0x78: 120 - Universal Transport Interface Protocol */ "SMP", /* 0x79: 121 - Simple Message Protocol */ "SM", /* 0x7A: 122 - Simple Multicast Protocol draft-perlman-simple-multicast-03 */ "PTP", /* 0x7B: 123 - Performance Transparency Protocol */ "IS-IS", /* 0x7C: 124 - over IPv4 Intermediate System to Intermediate System (IS-IS) Protocol over IPv4 RFC 1142 and RFC 1195 */ "FIRE", /* 0x7D: 125 - Flexible Intra-AS Routing Environment */ "CRTP", /* 0x7E: 126 - Combat Radio Transport Protocol */ "CRUDP", /* 0x7F: 127 - Combat Radio User Datagram */ "SSCOPMCE", /* 0x80: 128 - Service-Specific Connection-Oriented Protocol in a Multilink and Connectionless Environment ITU-T Q.2111 (1999) */ "IPLT", /* 0x81: 129 - */ "SPS", /* 0x82: 130 - Secure Packet Shield */ "PIPE", /* 0x83: 131 - Private IP Encapsulation within IP Expired I-D draft-petri-mobileip-pipe-00.txt */ "SCTP", /* 0x84: 132 - Stream Control Transmission Protocol RFC 4960 */ "FC", /* 0x85: 133 - Fibre Channel */ "RSVP-E2E-IGNORE", /* 0x86: 134 - Reservation Protocol (RSVP) End-to-End Ignore RFC 3175 */ "Mobility", /* 0x87: 135 - Header Mobility Extension Header for IPv6 RFC 6275 */ "UDPLite", /* 0x88: 136 - Lightweight User Datagram Protocol RFC 3828 */ "MPLS-in-IP", /* 0x89: 137 - Multiprotocol Label Switching Encapsulated in IP RFC 4023, RFC 5332 */ "manet", /* 0x8A: 138 - MANET Protocols RFC 5498 */ "HIP", /* 0x8B: 139 - Host Identity Protocol RFC 5201 */ "Shim6", /* 0x8C: 140 - Site Multihoming by IPv6 Intermediation RFC 5533 */ "WESP", /* 0x8D: 141 - Wrapped Encapsulating Security Payload RFC 5840 */ "ROHC", /* 0x8E: 142 - Robust Header Compression RFC 5856 */ "Ethernet" /* 0x8F: 143 - IPv6 Segment Routing (TEMPORARY - registered 2020-01-31, expires 2021-01-31) */ }; /* * Protocol name aliases */ const char *proto_aliases[256] = { "ip", /* 0x00: 0 - IPv6 Hop-by-Hop Option RFC 8200 */ "icmp", /* 0x01: 1 - Internet Control Message Protocol RFC 792 */ "igmp", /* 0x02: 2 - Internet Group Management Protocol RFC 1112 */ "ggp", /* 0x03: 3 - Gateway-to-Gateway Protocol RFC 823 */ "ipencap", /* 0x04: 4 - IP in IP (encapsulation) RFC 2003 */ "st", /* 0x05: 5 - Internet Stream Protocol RFC 1190, RFC 1819 */ "tcp", /* 0x06: 6 - Transmission Control Protocol RFC 793 */ NULL, /* 0x07: 7 - Core-based trees RFC 2189 */ "egp", /* 0x08: 8 - Exterior Gateway Protocol RFC 888 */ "igp", /* 0x09: 9 - Interior Gateway Protocol (any private interior gateway, for example Cisco's IGRP) */ NULL, /* 0x0A: 10 - BBN RCC Monitoring */ NULL, /* 0x0B: 11 - Network Voice Protocol RFC 741 */ "pup", /* 0x0C: 12 - Xerox PUP */ NULL, /* 0x0D: 13 - ARGUS */ NULL, /* 0x0E: 14 - EMCON */ NULL, /* 0x0F: 15 - Cross Net Debugger IEN 158[2] */ NULL, /* 0x10: 16 - Chaos */ "udp", /* 0x11: 17 - User Datagram Protocol RFC 768 */ NULL, /* 0x12: 18 - Multiplexing IEN 90[3] */ NULL, /* 0x13: 19 - DCN Measurement Subsystems */ "hmp", /* 0x14: 20 - Host Monitoring Protocol RFC 869 */ NULL, /* 0x15: 21 - Packet Radio Measurement */ "xns-idp", /* 0x16: 22 - XEROX NS IDP */ NULL, /* 0x17: 23 - Trunk-1 */ NULL, /* 0x18: 24 - Trunk-2 */ NULL, /* 0x19: 25 - Leaf-1 */ NULL, /* 0x1A: 26 - Leaf-2 */ "rdp", /* 0x1B: 27 - Reliable Data Protocol RFC 908 */ NULL, /* 0x1C: 28 - Internet Reliable Transaction Protocol RFC 938 */ "iso-tp4", /* 0x1D: 29 - ISO Transport Protocol Class 4 RFC 905 */ NULL, /* 0x1E: 30 - Bulk Data Transfer Protocol RFC 998 */ NULL, /* 0x1F: 31 - MFE Network Services Protocol */ NULL, /* 0x20: 32 - MERIT Internodal Protocol */ "dccp", /* 0x21: 33 - Datagram Congestion Control Protocol RFC 4340 */ NULL, /* 0x22: 34 - Third Party Connect Protocol */ NULL, /* 0x23: 35 - Inter-Domain Policy Routing Protocol RFC 1479 */ "xtp", /* 0x24: 36 - Xpress Transport Protocol */ "ddp", /* 0x25: 37 - Datagram Delivery Protocol */ "idpr-cmtp", /* 0x26: 38 - IDPR Control Message Transport Protocol */ NULL, /* 0x27: 39 - TP++ Transport Protocol */ NULL, /* 0x28: 40 - IL Transport Protocol */ "ipV6", /* 0x29: 41 - IPv6 Encapsulation RFC 2473 */ NULL, /* 0x2A: 42 - Source Demand Routing Protocol RFC 1940 */ "ipv6-route", /* 0x2B: 43 - Routing Header for IPv6 RFC 8200 */ "ipv6-frag", /* 0x2C: 44 - Fragment Header for IPv6 RFC 8200 */ "idrp", /* 0x2D: 45 - Inter-Domain Routing Protocol */ "rsvp", /* 0x2E: 46 - Resource Reservation Protocol RFC 2205 */ "gre", /* 0x2F: 47 - Generic Routing Encapsulation RFC 2784, RFC 2890 */ NULL, /* 0x30: 48 - Dynamic Source Routing Protocol RFC 4728 */ NULL, /* 0x31: 49 - Burroughs Network Architecture */ "esp", /* 0x32: 50 - Encapsulating Security Payload RFC 4303 */ "ah", /* 0x33: 51 - Authentication Header RFC 4302 */ NULL, /* 0x34: 52 - Integrated Net Layer Security Protocol TUBA */ NULL, /* 0x35: 53 - SwIPe RFC 5237 */ NULL, /* 0x36: 54 - NBMA Address Resolution Protocol RFC 1735 */ NULL, /* 0x37: 55 - IP Mobility (Min Encap) RFC 2004 */ NULL, /* 0x38: 56 - Transport Layer Security Protocol (using Kryptonet key management) */ "skip", /* 0x39: 57 - Simple Key-Management for Internet Protocol RFC 2356 */ "ipv6-icmp", /* 0x3A: 58 - ICMP for IPv6 RFC 4443, RFC 4884 */ "ipv6-nonxt", /* 0x3B: 59 - No Next Header for IPv6 RFC 8200 */ "ipv6-opts", /* 0x3C: 60 - Destination Options for IPv6 RFC 8200 */ NULL, /* 0x3D: 61 - host internal protocol */ NULL, /* 0x3E: 62 - CFTP */ NULL, /* 0x3F: 63 - local network */ NULL, /* 0x40: 64 - SATNET and Backroom EXPAK */ NULL, /* 0x41: 65 - Kryptolan */ NULL, /* 0x42: 66 - MIT Remote Virtual Disk Protocol */ NULL, /* 0x43: 67 - Internet Pluribus Packet Core */ NULL, /* 0x44: 68 - distributed file system */ NULL, /* 0x45: 69 - SATNET Monitoring */ NULL, /* 0x46: 70 - VISA Protocol */ NULL, /* 0x47: 71 - Internet Packet Core Utility */ NULL, /* 0x48: 72 - Computer Protocol Network Executive */ "cphb", /* 0x49: 73 - Computer Protocol Heart Beat */ NULL, /* 0x4A: 74 - Wang Span Network */ NULL, /* 0x4B: 75 - Packet Video Protocol */ NULL, /* 0x4C: 76 - Backroom SATNET Monitoring */ NULL, /* 0x4D: 77 - SUN ND PROTOCOL-Temporary */ NULL, /* 0x4E: 78 - WIDEBAND Monitoring */ NULL, /* 0x4F: 79 - WIDEBAND EXPAK */ NULL, /* 0x50: 80 - International Organization for Standardization Internet Protocol */ "vmtp", /* 0x51: 81 - Versatile Message Transaction Protocol RFC 1045 */ NULL, /* 0x52: 82 - Secure Versatile Message Transaction Protocol RFC 1045 */ NULL, /* 0x53: 83 - VINES */ NULL, /* 0x54: 84 - TTP */ NULL, /* 0x55: 85 - NSFNET-IGP */ NULL, /* 0x56: 86 - Dissimilar Gateway Protocol */ NULL, /* 0x57: 87 - TCF */ "eigrp", /* 0x58: 88 - EIGRP Informational RFC 7868 */ "ospf", /* 0x59: 89 - Open Shortest Path First RFC 2328 */ NULL, /* 0x5A: 90 - Sprite RPC Protocol */ NULL, /* 0x5B: 91 - Locus Address Resolution Protocol */ NULL, /* 0x5C: 92 - Multicast Transport Protocol */ "ax.25", /* 0x5D: 93 - AX.25 */ "ipip", /* 0x5E: 94 - KA9Q NOS compatible IP over IP tunneling */ NULL, /* 0x5F: 95 - Mobile Internetworking Control Protocol */ NULL, /* 0x60: 96 - Semaphore Communications Sec. Pro */ "etherip", /* 0x61: 97 - Ethernet-within-IP Encapsulation RFC 3378 */ "encap", /* 0x62: 98 - Encapsulation Header RFC 1241 */ NULL, /* 0x63: 99 - private encryption scheme */ "GMTP", /* 0x64: 100 - GMTP */ NULL, /* 0x65: 101 - Ipsilon Flow Management Protocol */ NULL, /* 0x66: 102 - PNNI over IP */ "pim", /* 0x67: 103 - Protocol Independent Multicast */ NULL, /* 0x68: 104 - IBM's ARIS (Aggregate Route IP Switching) Protocol */ NULL, /* 0x69: 105 - SCPS (Space Communications Protocol Standards) SCPS-TP[4] */ NULL, /* 0x6A: 106 - QNX */ NULL, /* 0x6B: 107 - Active Networks */ "ipcomp", /* 0x6C: 108 - IP Payload Compression Protocol RFC 3173 */ NULL, /* 0x6D: 109 - Sitara Networks Protocol */ NULL, /* 0x6E: 110 - Compaq Peer Protocol */ NULL, /* 0x6F: 111 - IPX in IP */ "vrrp", /* 0x70: 112 - Virtual Router Redundancy Protocol, Common Address Redundancy Protocol (not IANA assigned) VRRP:RFC 3768 */ NULL, /* 0x71: 113 - PGM Reliable Transport Protocol RFC 3208 */ NULL, /* 0x72: 114 - 0-hop protocol */ "l2tp", /* 0x73: 115 - Layer Two Tunneling Protocol Version 3 RFC 3931 */ NULL, /* 0x74: 116 - D-II Data Exchange (DDX) */ NULL, /* 0x75: 117 - Interactive Agent Transfer Protocol */ NULL, /* 0x76: 118 - Schedule Transfer Protocol */ NULL, /* 0x77: 119 - SpectraLink Radio Protocol */ NULL, /* 0x78: 120 - Universal Transport Interface Protocol */ NULL, /* 0x79: 121 - Simple Message Protocol */ NULL, /* 0x7A: 122 - Simple Multicast Protocol draft-perlman-simple-multicast-03 */ NULL, /* 0x7B: 123 - Performance Transparency Protocol */ "isis", /* 0x7C: 124 - over IPv4 Intermediate System to Intermediate System (IS-IS) Protocol over IPv4 RFC 1142 and RFC 1195 */ NULL, /* 0x7D: 125 - Flexible Intra-AS Routing Environment */ NULL, /* 0x7E: 126 - Combat Radio Transport Protocol */ NULL, /* 0x7F: 127 - Combat Radio User Datagram */ NULL, /* 0x80: 128 - Service-Specific Connection-Oriented Protocol in a Multilink and Connectionless Environment ITU-T Q.2111 (1999) */ NULL, /* 0x81: 129 - */ NULL, /* 0x82: 130 - Secure Packet Shield */ NULL, /* 0x83: 131 - Private IP Encapsulation within IP Expired I-D draft-petri-mobileip-pipe-00.txt */ "sctp", /* 0x84: 132 - Stream Control Transmission Protocol RFC 4960 */ "fc", /* 0x85: 133 - Fibre Channel */ NULL, /* 0x86: 134 - Reservation Protocol (RSVP) End-to-End Ignore RFC 3175 */ "mobility-header", /* 0x87: 135 - Header Mobility Extension Header for IPv6 RFC 6275 */ "udplite", /* 0x88: 136 - Lightweight User Datagram Protocol RFC 3828 */ "mpls-in-ip", /* 0x89: 137 - Multiprotocol Label Switching Encapsulated in IP RFC 4023, RFC 5332 */ NULL, /* 0x8A: 138 - MANET Protocols RFC 5498 */ "hip", /* 0x8B: 139 - Host Identity Protocol RFC 5201 */ "shim6", /* 0x8C: 140 - Site Multihoming by IPv6 Intermediation RFC 5533 */ "wesp", /* 0x8D: 141 - Wrapped Encapsulating Security Payload RFC 5840 */ "rohc", /* 0x8E: 142 - Robust Header Compression RFC 5856 */ /* no aliases for 142-255 */ }; typedef struct ProtoNameHashEntry_ { const char *name; uint8_t number; } ProtoNameHashEntry; static HashTable *proto_ht = NULL; static uint32_t ProtoNameHashFunc(HashTable *ht, void *data, uint16_t datalen) { /* * datalen covers the entire struct -- only the proto name is hashed * as the proto number is not used for lookups */ ProtoNameHashEntry *p = (ProtoNameHashEntry *)data; return StringHashDjb2((uint8_t *)p->name, strlen(p->name)) % ht->array_size; } static char ProtoNameHashCompareFunc(void *data1, uint16_t datalen1, void *data2, uint16_t datalen2) { ProtoNameHashEntry *p1 = (ProtoNameHashEntry *)data1; ProtoNameHashEntry *p2 = (ProtoNameHashEntry *)data2; if (p1 == NULL || p2 == NULL) return 0; if (p1->name == NULL || p2->name == NULL) return 0; int len1 = strlen(p1->name); int len2 = strlen(p2->name); return len1 == len2 && memcmp(p1->name, p2->name, len1) == 0; } static void ProtoNameAddEntry(const char *proto_name, const uint8_t proto_number) { ProtoNameHashEntry *proto_ent = SCCalloc(1, sizeof(ProtoNameHashEntry)); if (!proto_ent) { FatalError("Unable to allocate protocol hash entry"); } proto_ent->name = SCStrdup(proto_name); if (!proto_ent->name) FatalError("Unable to allocate memory for protocol name entries"); proto_ent->number = proto_number; SCLogDebug("new protocol entry: name: \"%s\"; protocol number: %d", proto_ent->name, proto_ent->number); if (0 != HashTableAdd(proto_ht, proto_ent, 0)) { FatalError("Unable to add entry to proto hash table for " "name: \"%s\"; number: %d", proto_ent->name, proto_ent->number); } return; } static void ProtoNameHashFreeFunc(void *data) { ProtoNameHashEntry *proto_ent = (ProtoNameHashEntry *)data; if (proto_ent) { if (proto_ent->name) SCFree((void *)proto_ent->name); SCFree(proto_ent); } } void SCProtoNameInit(void) { proto_ht = HashTableInit(256, ProtoNameHashFunc, ProtoNameHashCompareFunc, ProtoNameHashFreeFunc); if (proto_ht == NULL) { FatalError("Unable to initialize protocol name/number table"); } for (uint16_t i = 0; i < ARRAY_SIZE(known_proto); i++) { if (known_proto[i]) { ProtoNameAddEntry(known_proto[i], (uint8_t)i); } } for (uint16_t i = 0; i < ARRAY_SIZE(proto_aliases); i++) { if (proto_aliases[i]) { ProtoNameAddEntry(proto_aliases[i], (uint8_t)i); } } } void SCProtoNameRelease(void) { if (proto_ht != NULL) { HashTableFree(proto_ht); proto_ht = NULL; } } /** * \brief Function to check if the received protocol number is valid and do * we have corresponding name entry for this number or not. * * \param proto Protocol number to be validated * \retval ret On success returns true otherwise false */ bool SCProtoNameValid(uint16_t proto) { return (proto <= 255 && known_proto[proto] != NULL); } /** * \brief Function to return the protocol number for a named protocol. Note * that protocol name aliases are honored. * * \param protoname Protocol name (or alias for a protocol name). * \param proto_number Where to return protocol number * \retval ret On success returns the protocol number; else -1 */ bool SCGetProtoByName(const char *protoname, uint8_t *proto_number) { if (!protoname || !proto_number) { return false; } ProtoNameHashEntry proto; proto.name = protoname; ProtoNameHashEntry *proto_ent = HashTableLookup(proto_ht, &proto, sizeof(proto)); if (proto_ent) { *proto_number = proto_ent->number; return true; } return false; } #ifdef UNITTESTS static int ProtoNameTest01(void) { uint8_t proto; FAIL_IF(!SCGetProtoByName("tcp", &proto)); FAIL_IF(SCGetProtoByName("TcP", &proto)); FAIL_IF(!SCGetProtoByName("TCP", &proto)); FAIL_IF(SCGetProtoByName("Invalid", &proto)); FAIL_IF(!SCGetProtoByName("Ethernet", &proto)); /* 'ip' is an alias for 'HOPOPT' */ FAIL_IF(!SCGetProtoByName("ip", &proto)); FAIL_IF(!SCGetProtoByName("HOPOPT", &proto)); FAIL_IF(SCGetProtoByName("IP", &proto)); PASS; } void SCProtoNameRegisterTests(void) { UtRegisterTest("ProtoNameTest01", ProtoNameTest01); } #endif