firewall_objects/service/
registry.rs

1//! Well-known service registry providing friendly alias lookups.
2
3use super::transport::TransportService;
4use data::WELL_KNOWN;
5
6mod data {
7    use crate::service::icmp::IcmpVersion;
8    use crate::service::transport::TransportService;
9
10    pub const WELL_KNOWN: &[(&str, TransportService)] = &[
11        ("any", TransportService::Any),
12        ("http", TransportService::tcp(80)),
13        ("http-alt", TransportService::tcp(8080)),
14        ("https", TransportService::tcp(443)),
15        ("ssh", TransportService::tcp(22)),
16        ("sftp", TransportService::tcp(22)),
17        ("telnet", TransportService::tcp(23)),
18        ("smtp", TransportService::tcp(25)),
19        ("ftp", TransportService::tcp(21)),
20        ("ftp-data", TransportService::tcp(20)),
21        ("pop3", TransportService::tcp(110)),
22        ("imap", TransportService::tcp(143)),
23        ("imap-ssl", TransportService::tcp(993)),
24        ("imap4-ssl", TransportService::tcp(993)),
25        ("pop3s", TransportService::tcp(995)),
26        ("ldaps", TransportService::tcp(636)),
27        ("ldap", TransportService::tcp(389)),
28        ("rdp", TransportService::tcp(3389)),
29        ("bgp", TransportService::tcp(179)),
30        ("mysql", TransportService::tcp(3306)),
31        ("postgres", TransportService::tcp(5432)),
32        ("postgresql", TransportService::tcp(5432)),
33        ("mssql", TransportService::tcp(1433)),
34        ("mongodb", TransportService::tcp(27017)),
35        ("redis", TransportService::tcp(6379)),
36        ("nfs", TransportService::tcp(2049)),
37        ("winrm", TransportService::tcp(5985)),
38        ("winrm-https", TransportService::tcp(5986)),
39        ("kerberos-tcp", TransportService::tcp(88)),
40        ("kerberos", TransportService::udp(88)),
41        ("kerberos-sec", TransportService::tcp(750)),
42        ("dns", TransportService::udp(53)),
43        ("dns-tcp", TransportService::tcp(53)),
44        ("syslog", TransportService::udp(514)),
45        ("syslog-tcp", TransportService::tcp(601)),
46        ("ntp", TransportService::udp(123)),
47        ("snmp", TransportService::udp(161)),
48        ("snmp-trap", TransportService::udp(162)),
49        ("tftp", TransportService::udp(69)),
50        ("radius", TransportService::udp(1812)),
51        ("radius-acct", TransportService::udp(1813)),
52        ("dhcp-server", TransportService::udp(67)),
53        ("dhcp-client", TransportService::udp(68)),
54        ("ike", TransportService::udp(500)),
55        ("ikev2", TransportService::udp(500)),
56        ("isakmp", TransportService::udp(500)),
57        ("ipsec-natt", TransportService::udp(4500)),
58        ("rip", TransportService::udp(520)),
59        ("sip", TransportService::udp(5060)),
60        ("sip-tcp", TransportService::tcp(5060)),
61        ("sips", TransportService::tcp(5061)),
62        ("tacacs", TransportService::tcp(49)),
63        ("tacacs+", TransportService::tcp(49)),
64        ("traceroute", TransportService::udp(33434)),
65        ("ping", TransportService::icmp(IcmpVersion::V4, 8, Some(0))),
66        (
67            "ping6",
68            TransportService::icmp(IcmpVersion::V6, 128, Some(0)),
69        ),
70        (
71            "icmp-echo",
72            TransportService::icmp(IcmpVersion::V4, 8, None),
73        ),
74        (
75            "icmp-echo-reply",
76            TransportService::icmp(IcmpVersion::V4, 0, None),
77        ),
78        (
79            "icmpv6-echo",
80            TransportService::icmp(IcmpVersion::V6, 128, None),
81        ),
82        (
83            "icmpv6-echo-reply",
84            TransportService::icmp(IcmpVersion::V6, 129, None),
85        ),
86        ("gre", TransportService::ip_protocol(47)),
87        ("esp", TransportService::ip_protocol(50)),
88        ("ah", TransportService::ip_protocol(51)),
89        ("eigrp", TransportService::ip_protocol(88)),
90        ("ospf", TransportService::ip_protocol(89)),
91    ];
92}
93
94/// Lookup well-known services and protocol aliases by name.
95///
96/// Strings are matched case-insensitively and may refer to TCP/UDP ports
97/// (`"https"`, `"dns"`), IP protocols (`"gre"`), or ICMP shortcuts (`"ping"`).
98pub fn lookup(name: &str) -> Option<TransportService> {
99    let key = name.trim().to_ascii_lowercase();
100    if key.is_empty() {
101        return None;
102    }
103
104    WELL_KNOWN
105        .iter()
106        .find(|(alias, _)| alias == &key)
107        .map(|(_, svc)| svc.clone())
108}
109
110#[cfg(test)]
111mod tests {
112    use super::*;
113    use crate::service::icmp::IcmpVersion;
114
115    #[test]
116    fn finds_case_insensitive_aliases() {
117        let svc = lookup("HTTPS").unwrap();
118        assert_eq!(svc, TransportService::tcp(443));
119
120        let ping = lookup("Ping").unwrap();
121        assert_eq!(ping, TransportService::icmp(IcmpVersion::V4, 8, Some(0)));
122    }
123
124    #[test]
125    fn returns_none_for_unknown() {
126        assert!(lookup("not-a-service").is_none());
127    }
128
129    #[test]
130    fn resolves_tcp_and_udp_service_aliases() {
131        assert_eq!(lookup("ftp-data").unwrap(), TransportService::tcp(20));
132        assert_eq!(lookup("sip").unwrap(), TransportService::udp(5060));
133        assert_eq!(lookup("sip-tcp").unwrap(), TransportService::tcp(5060));
134    }
135
136    #[test]
137    fn resolves_icmp_aliases() {
138        assert_eq!(
139            lookup("icmp-echo-reply").unwrap(),
140            TransportService::icmp(IcmpVersion::V4, 0, None)
141        );
142        assert_eq!(
143            lookup("icmpv6-echo").unwrap(),
144            TransportService::icmp(IcmpVersion::V6, 128, None)
145        );
146    }
147}
firewall_objects/service/registry.rs

firewall_objects/service/
registry.rs
