Cleanup and add customer MAC addresses

* Put c-dst/c-src in l2_dst/l2_src * use #define instead of const int and move to PBB.h
2025-10-02 06:38:20 +00:00 · 2023-02-10 17:42:25 -07:00 · 2023-02-10 17:42:25 -07:00 · 269cc15888
commit 269cc15888
parent 28d540483e
3 changed files with 14 additions and 5 deletions
--- a/scripts/base/packet-protocols/pbb/main.zeek
+++ b/scripts/base/packet-protocols/pbb/main.zeek
@ -7,5 +7,8 @@ event zeek_init() &priority=20
 	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x0806, PacketAnalyzer::ANALYZER_ARP);
 	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8035, PacketAnalyzer::ANALYZER_ARP);
 	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8100, PacketAnalyzer::ANALYZER_VLAN);
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8100, PacketAnalyzer::ANALYZER_VLAN);
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x88A8, PacketAnalyzer::ANALYZER_VLAN);
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x9100, PacketAnalyzer::ANALYZER_VLAN);
 	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PBB, 0x8864, PacketAnalyzer::ANALYZER_PPPOE);
 	}
--- a/src/packet_analysis/protocol/pbb/PBB.cc
+++ b/src/packet_analysis/protocol/pbb/PBB.cc
@ -8,16 +8,16 @@ PBBAnalyzer::PBBAnalyzer() : zeek::packet_analysis::Analyzer("PBB") { }

 bool PBBAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	{
-	const uint8_t pbb_header_len = 18;
-	const uint8_t etype_offset = pbb_header_len - 2;
-	if ( pbb_header_len >= len )
+	if ( PBB_LEN >= len )
 		{
 		Weird("truncated_PBB_header", packet);
 		return false;
 		}

-	uint32_t protocol = ((data[etype_offset] << 8u) + data[etype_offset+1]);
+	uint32_t protocol = ((data[PBB_ETYPE_OFF] << 8u) + data[PBB_ETYPE_OFF + 1u]);
 	packet->eth_type = protocol;
+	packet->l2_dst = data + PBB_C_DST_OFF;
+	packet->l2_src = data + PBB_C_SRC_OFF;
 	// Skip the PBB header
-	return ForwardPacket(len - pbb_header_len, data + pbb_header_len, packet, protocol);
+	return ForwardPacket(len - PBB_LEN, data + PBB_LEN, packet, protocol);
 	}
--- a/src/packet_analysis/protocol/pbb/PBB.h
+++ b/src/packet_analysis/protocol/pbb/PBB.h
@ -5,6 +5,12 @@
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Component.h"

+#define PBB_LEN 18u
+#define PBB_C_DST_OFF 4u
+#define PBB_C_SRC_OFF 10u
+#define PBB_ETYPE_OFF 16u
+
+
 namespace zeek::packet_analysis::PBB
 	{