/src/suricata7/src/app-layer-protos.c
Line | Count | Source |
1 | | /* Copyright (C) 2007-2022 Open Information Security Foundation |
2 | | * |
3 | | * You can copy, redistribute or modify this Program under the terms of |
4 | | * the GNU General Public License version 2 as published by the Free |
5 | | * Software Foundation. |
6 | | * |
7 | | * This program is distributed in the hope that it will be useful, |
8 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
9 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
10 | | * GNU General Public License for more details. |
11 | | * |
12 | | * You should have received a copy of the GNU General Public License |
13 | | * version 2 along with this program; if not, write to the Free Software |
14 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
15 | | * 02110-1301, USA. |
16 | | */ |
17 | | |
18 | | /** |
19 | | * \file |
20 | | * |
21 | | * \author Victor Julien <victor@inliniac.net> |
22 | | * \author Anoop Saldanha <anoopsaldanha@gmail.com> |
23 | | */ |
24 | | |
25 | | #include "suricata-common.h" |
26 | | #include "app-layer-protos.h" |
27 | | |
28 | | typedef struct AppProtoStringTuple { |
29 | | AppProto alproto; |
30 | | const char *str; |
31 | | } AppProtoStringTuple; |
32 | | |
33 | | const AppProtoStringTuple AppProtoStrings[ALPROTO_MAX] = { |
34 | | { ALPROTO_UNKNOWN, "unknown" }, |
35 | | { ALPROTO_HTTP1, "http1" }, |
36 | | { ALPROTO_FTP, "ftp" }, |
37 | | { ALPROTO_SMTP, "smtp" }, |
38 | | { ALPROTO_TLS, "tls" }, |
39 | | { ALPROTO_SSH, "ssh" }, |
40 | | { ALPROTO_IMAP, "imap" }, |
41 | | { ALPROTO_JABBER, "jabber" }, |
42 | | { ALPROTO_SMB, "smb" }, |
43 | | { ALPROTO_DCERPC, "dcerpc" }, |
44 | | { ALPROTO_IRC, "irc" }, |
45 | | { ALPROTO_DNS, "dns" }, |
46 | | { ALPROTO_MODBUS, "modbus" }, |
47 | | { ALPROTO_ENIP, "enip" }, |
48 | | { ALPROTO_DNP3, "dnp3" }, |
49 | | { ALPROTO_NFS, "nfs" }, |
50 | | { ALPROTO_NTP, "ntp" }, |
51 | | { ALPROTO_FTPDATA, "ftp-data" }, |
52 | | { ALPROTO_TFTP, "tftp" }, |
53 | | { ALPROTO_IKE, "ike" }, |
54 | | { ALPROTO_KRB5, "krb5" }, |
55 | | { ALPROTO_QUIC, "quic" }, |
56 | | { ALPROTO_DHCP, "dhcp" }, |
57 | | { ALPROTO_SNMP, "snmp" }, |
58 | | { ALPROTO_SIP, "sip" }, |
59 | | { ALPROTO_RFB, "rfb" }, |
60 | | { ALPROTO_MQTT, "mqtt" }, |
61 | | { ALPROTO_PGSQL, "pgsql" }, |
62 | | { ALPROTO_TELNET, "telnet" }, |
63 | | { ALPROTO_TEMPLATE, "template" }, |
64 | | { ALPROTO_RDP, "rdp" }, |
65 | | { ALPROTO_HTTP2, "http2" }, |
66 | | { ALPROTO_BITTORRENT_DHT, "bittorrent-dht" }, |
67 | | { ALPROTO_HTTP, "http" }, |
68 | | { ALPROTO_FAILED, "failed" }, |
69 | | #ifdef UNITTESTS |
70 | | { ALPROTO_TEST, "test" }, |
71 | | #endif |
72 | | }; |
73 | | |
74 | | const char *AppProtoToString(AppProto alproto) |
75 | 2.15M | { |
76 | 2.15M | const char *proto_name = NULL; |
77 | 2.15M | switch (alproto) { |
78 | | // special cases |
79 | 445k | case ALPROTO_HTTP1: |
80 | 445k | proto_name = "http"; |
81 | 445k | break; |
82 | 12.5k | case ALPROTO_HTTP: |
83 | 12.5k | proto_name = "http_any"; |
84 | 12.5k | break; |
85 | 1.69M | default: |
86 | 1.69M | if (alproto < ARRAY_SIZE(AppProtoStrings)) { |
87 | 1.69M | BUG_ON(AppProtoStrings[alproto].alproto != alproto); |
88 | 1.69M | proto_name = AppProtoStrings[alproto].str; |
89 | 1.69M | } |
90 | 2.15M | } |
91 | 2.15M | return proto_name; |
92 | 2.15M | } |
93 | | |
94 | | AppProto StringToAppProto(const char *proto_name) |
95 | 1.62M | { |
96 | 1.62M | if (proto_name == NULL) |
97 | 0 | return ALPROTO_UNKNOWN; |
98 | | |
99 | | // We could use a Multi Pattern Matcher |
100 | 36.7M | for (size_t i = 0; i < ARRAY_SIZE(AppProtoStrings); i++) { |
101 | 36.6M | if (strcmp(proto_name, AppProtoStrings[i].str) == 0) |
102 | 1.51M | return AppProtoStrings[i].alproto; |
103 | 36.6M | } |
104 | | |
105 | 112k | return ALPROTO_UNKNOWN; |
106 | 1.62M | } |