1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
23  */
24 
25 #ifndef __APP_LAYER_PROTOS_H__
26 #define __APP_LAYER_PROTOS_H__
27 
28 enum AppProtoEnum {
29     ALPROTO_UNKNOWN = 0,
30     ALPROTO_HTTP,
31     ALPROTO_FTP,
32     ALPROTO_SMTP,
33     ALPROTO_TLS, /* SSLv2, SSLv3 & TLSv1 */
34     ALPROTO_SSH,
35     ALPROTO_IMAP,
36     ALPROTO_JABBER,
37     ALPROTO_SMB,
38     ALPROTO_DCERPC,
39     ALPROTO_IRC,
40 
41     ALPROTO_DNS,
42     ALPROTO_MODBUS,
43     ALPROTO_ENIP,
44     ALPROTO_DNP3,
45     ALPROTO_NFS,
46     ALPROTO_NTP,
47     ALPROTO_FTPDATA,
48     ALPROTO_TFTP,
49     ALPROTO_IKEV2,
50     ALPROTO_KRB5,
51     ALPROTO_DHCP,
52     ALPROTO_SNMP,
53     ALPROTO_SIP,
54     ALPROTO_RFB,
55     ALPROTO_MQTT,
56     ALPROTO_TEMPLATE,
57     ALPROTO_TEMPLATE_RUST,
58     ALPROTO_RDP,
59     ALPROTO_HTTP2,
60 
61     /* used by the probing parser when alproto detection fails
62      * permanently for that particular stream */
63     ALPROTO_FAILED,
64 #ifdef UNITTESTS
65     ALPROTO_TEST,
66 #endif /* UNITESTS */
67     /* keep last */
68     ALPROTO_MAX,
69 };
70 // NOTE: if ALPROTO's get >= 256, update SignatureNonPrefilterStore
71 
72 /* not using the enum as that is a unsigned int, so 4 bytes */
73 typedef uint16_t AppProto;
74 
AppProtoIsValid(AppProto a)75 static inline bool AppProtoIsValid(AppProto a)
76 {
77     return ((a > ALPROTO_UNKNOWN && a < ALPROTO_FAILED));
78 }
79 
80 extern bool g_config_http1keywords_http2traffic;
81 
82 // wether a signature AppProto matches a flow (or signature) AppProto
AppProtoEquals(AppProto sigproto,AppProto alproto)83 static inline bool AppProtoEquals(AppProto sigproto, AppProto alproto)
84 {
85     if (alproto == ALPROTO_HTTP2 && g_config_http1keywords_http2traffic &&
86             sigproto == ALPROTO_HTTP) {
87         return true;
88     }
89     return (sigproto == alproto);
90 }
91 
92 /**
93  * \brief Maps the ALPROTO_*, to its string equivalent.
94  *
95  * \param alproto App layer protocol id.
96  *
97  * \retval String equivalent for the alproto.
98  */
99 const char *AppProtoToString(AppProto alproto);
100 
101 /**
102  * \brief Maps a string to its ALPROTO_* equivalent.
103  *
104  * \param String equivalent for the alproto.
105  *
106  * \retval alproto App layer protocol id, or ALPROTO_UNKNOWN.
107  */
108 AppProto StringToAppProto(const char *proto_name);
109 
110 #endif /* __APP_LAYER_PROTOS_H__ */
111