output/datalink: Use Rust-based linktype hashmap

Use the hasmap to gather linktype display names. Issue: 6954
OISF · Oct 19, 2024 · 3718fc9 · 3718fc9
1 parent 27e3fcd
commit 3718fc9
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 39 deletions.
diff --git a/src/decode.h b/src/decode.h
@@ -33,6 +33,7 @@
 #include "util-debug.h"
 #include "decode-events.h"
 #include "util-exception-policy-types.h"
+#include "util-datalink.h"
 #ifdef PROFILING
 #include "flow-worker.h"
 #include "app-layer-protos.h"
@@ -1205,45 +1206,6 @@ void DecodeUnregisterCounters(void);
 #define IPPROTO_SHIM6 140
 #endif
 
-/* pcap provides this, but we don't want to depend on libpcap */
-#ifndef DLT_EN10MB
-#define DLT_EN10MB 1
-#endif
-
-#ifndef DLT_C_HDLC
-#define DLT_C_HDLC 104
-#endif
-
-/* taken from pcap's bpf.h */
-#ifndef DLT_RAW
-#ifdef __OpenBSD__
-#define DLT_RAW     14  /* raw IP */
-#else
-#define DLT_RAW     12  /* raw IP */
-#endif
-#endif
-
-#ifndef DLT_NULL
-#define DLT_NULL 0
-#endif
-
-/** libpcap shows us the way to linktype codes
- * \todo we need more & maybe put them in a separate file? */
-#define LINKTYPE_NULL        DLT_NULL
-#define LINKTYPE_ETHERNET    DLT_EN10MB
-#define LINKTYPE_LINUX_SLL   113
-#define LINKTYPE_PPP         9
-#define LINKTYPE_RAW         DLT_RAW
-/* http://www.tcpdump.org/linktypes.html defines DLT_RAW as 101, yet others don't.
- * Libpcap on at least OpenBSD returns 101 as datalink type for RAW pcaps though. */
-#define LINKTYPE_RAW2        101
-#define LINKTYPE_IPV4        228
-#define LINKTYPE_IPV6        229
-#define LINKTYPE_GRE_OVER_IP 778
-#define LINKTYPE_CISCO_HDLC  DLT_C_HDLC
-#define PPP_OVER_GRE         11
-#define VLAN_OVER_GRE        13
-
 /* Packet Flags */
 
 /** Flag to indicate that packet header or contents should not be inspected */

diff --git a/src/suricata.c b/src/suricata.c
@@ -397,6 +397,7 @@ void GlobalsDestroy(void)
     TmqhCleanup();
     TmModuleRunDeInit();
     ParseSizeDeinit();
+    DatalinkTableDeinit();
 
 #ifdef HAVE_DPDK
     DPDKCleanupEAL();
@@ -2876,6 +2877,7 @@ int InitGlobal(void)
 
     /* Initialize the configuration module. */
     ConfInit();
+    DatalinkTableInit();
 
     VarNameStoreInit();
 

diff --git a/src/util-datalink.c b/src/util-datalink.c
@@ -17,6 +17,7 @@
 
 #include "suricata-common.h"
 #include "util-datalink.h"
+#include "rust.h"
 #include "decode.h"
 
 int g_datalink_value = LINKTYPE_NULL;
@@ -42,3 +43,31 @@ bool DatalinkHasMultipleValues(void)
 {
     return g_datalink_is_multiple == 1;
 }
+
+static void *datalink_value_map;
+
+void DatalinkTableInit(void)
+{
+    datalink_value_map = SCDatalinkInit();
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_NULL, "NULL");
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_ETHERNET, "EN10MB");
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_LINUX_SLL, "LINUX_SLL");
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_PPP, "PPP");
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_RAW, "RAW");
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_RAW2, "RAW2");
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_GRE_OVER_IP, "GRE_RAW");
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_NULL, "NULL");
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_CISCO_HDLC, "C_HDLC");
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_IPV4, "IPv4");
+    SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_IPV6, "IPv6");
+}
+
+void DatalinkTableDeinit(void)
+{
+    SCDatalinkDeInit(datalink_value_map);
+}
+
+const char *DatalinkValueToName(int datalink_value)
+{
+    return SCDatalinkValueToName(datalink_value_map, datalink_value);
+}
diff --git a/src/util-datalink.h b/src/util-datalink.h
@@ -18,8 +18,50 @@
 #ifndef SURICATA_UTIL_DATALINK_H
 #define SURICATA_UTIL_DATALINK_H
 
+#include "util-debug.h"
+
+/* pcap provides this, but we don't want to depend on libpcap */
+#ifndef DLT_EN10MB
+#define DLT_EN10MB 1
+#endif
+
+#ifndef DLT_C_HDLC
+#define DLT_C_HDLC 104
+#endif
+
+/* taken from pcap's bpf.h */
+#ifndef DLT_RAW
+#ifdef __OpenBSD__
+#define DLT_RAW 14 /* raw IP */
+#else
+#define DLT_RAW 12 /* raw IP */
+#endif
+#endif
+
+#ifndef DLT_NULL
+#define DLT_NULL 0
+#endif
+
+/** libpcap shows us the way to linktype codes
+ * \todo we need more & maybe put them in a separate file? */
+#define LINKTYPE_NULL      DLT_NULL
+#define LINKTYPE_ETHERNET  DLT_EN10MB
+#define LINKTYPE_LINUX_SLL 113
+#define LINKTYPE_PPP       9
+#define LINKTYPE_RAW       DLT_RAW
+/* http://www.tcpdump.org/linktypes.html defines DLT_RAW as 101, yet others don't.
+ * Libpcap on at least OpenBSD returns 101 as datalink type for RAW pcaps though. */
+#define LINKTYPE_RAW2        101
+#define LINKTYPE_IPV4        228
+#define LINKTYPE_IPV6        229
+#define LINKTYPE_GRE_OVER_IP 778
+#define LINKTYPE_CISCO_HDLC  DLT_C_HDLC
+
 void DatalinkSetGlobalType(int datalink);
 int DatalinkGetGlobalType(void);
 bool DatalinkHasMultipleValues(void);
+void DatalinkTableInit(void);
+void DatalinkTableDeinit(void);
+const char *DatalinkValueToName(int datalink_value);
 
 #endif /* SURICATA_UTIL_DATALINK_H */