1 /* Copyright (C) 2007-2013 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18 /**
19 * \file
20 *
21 * \author Victor Julien <victor@inliniac.net>
22 * \author Anoop Saldanha <anoopsaldanha@gmail.com>
23 */
24
25 #ifndef __APP_LAYER_PROTOS_H__
26 #define __APP_LAYER_PROTOS_H__
27
28 enum AppProtoEnum {
29 ALPROTO_UNKNOWN = 0,
30 ALPROTO_HTTP,
31 ALPROTO_FTP,
32 ALPROTO_SMTP,
33 ALPROTO_TLS, /* SSLv2, SSLv3 & TLSv1 */
34 ALPROTO_SSH,
35 ALPROTO_IMAP,
36 ALPROTO_JABBER,
37 ALPROTO_SMB,
38 ALPROTO_DCERPC,
39 ALPROTO_IRC,
40
41 ALPROTO_DNS,
42 ALPROTO_MODBUS,
43 ALPROTO_ENIP,
44 ALPROTO_DNP3,
45 ALPROTO_NFS,
46 ALPROTO_NTP,
47 ALPROTO_FTPDATA,
48 ALPROTO_TFTP,
49 ALPROTO_IKEV2,
50 ALPROTO_KRB5,
51 ALPROTO_DHCP,
52 ALPROTO_SNMP,
53 ALPROTO_SIP,
54 ALPROTO_RFB,
55 ALPROTO_MQTT,
56 ALPROTO_TEMPLATE,
57 ALPROTO_TEMPLATE_RUST,
58 ALPROTO_RDP,
59 ALPROTO_HTTP2,
60
61 /* used by the probing parser when alproto detection fails
62 * permanently for that particular stream */
63 ALPROTO_FAILED,
64 #ifdef UNITTESTS
65 ALPROTO_TEST,
66 #endif /* UNITESTS */
67 /* keep last */
68 ALPROTO_MAX,
69 };
70 // NOTE: if ALPROTO's get >= 256, update SignatureNonPrefilterStore
71
72 /* not using the enum as that is a unsigned int, so 4 bytes */
73 typedef uint16_t AppProto;
74
AppProtoIsValid(AppProto a)75 static inline bool AppProtoIsValid(AppProto a)
76 {
77 return ((a > ALPROTO_UNKNOWN && a < ALPROTO_FAILED));
78 }
79
80 extern bool g_config_http1keywords_http2traffic;
81
82 // wether a signature AppProto matches a flow (or signature) AppProto
AppProtoEquals(AppProto sigproto,AppProto alproto)83 static inline bool AppProtoEquals(AppProto sigproto, AppProto alproto)
84 {
85 if (alproto == ALPROTO_HTTP2 && g_config_http1keywords_http2traffic &&
86 sigproto == ALPROTO_HTTP) {
87 return true;
88 }
89 return (sigproto == alproto);
90 }
91
92 /**
93 * \brief Maps the ALPROTO_*, to its string equivalent.
94 *
95 * \param alproto App layer protocol id.
96 *
97 * \retval String equivalent for the alproto.
98 */
99 const char *AppProtoToString(AppProto alproto);
100
101 /**
102 * \brief Maps a string to its ALPROTO_* equivalent.
103 *
104 * \param String equivalent for the alproto.
105 *
106 * \retval alproto App layer protocol id, or ALPROTO_UNKNOWN.
107 */
108 AppProto StringToAppProto(const char *proto_name);
109
110 #endif /* __APP_LAYER_PROTOS_H__ */
111