Merge remote-tracking branch 'origin/topic/seth/pppoe'

Looks like the code in this function is getting ready for some
refactoring. Leaving that for another time though ...

Closes #909.

* origin/topic/seth/pppoe:
  Adding a test for PPPoE support.
  Adding PPPoE support to Bro.

CHANGES

@@ -1,4 +1,8 @@
 
+2.1-91 | 2012-10-24 16:04:47 -0700
+
+  * Adding PPPoE support to Bro. (Seth Hall)
+
 2.1-87 | 2012-10-24 15:40:06 -0700
 
   * Adding missing &redef for some TCP options. Addresses #905, #906,

VERSION

@@ -1 +1 @@
-2.1-87
+2.1-91

aux/broctl

@@ -1 +1 @@
-Subproject commit fd0e7e0b0cf50131efaf536a5683266cfe169455
+Subproject commit 8c53c57ebf16f5aaf34052eab3b02be75774cd75

src/PktSrc.cc

@@ -219,16 +219,35 @@ void PktSrc::Process()
 		// Get protocol being carried from the ethernet frame.
 		protocol = (data[12] << 8) + data[13];
 
-		// MPLS carried over the ethernet frame.
+		switch ( protocol )
-		if ( protocol == 0x8847 )
-			have_mpls = true;
-
-		// VLAN carried over ethernet frame.
-		else if ( protocol == 0x8100 )
 			{
-			data += get_link_header_size(datalink);
+			// MPLS carried over the ethernet frame.
-			data += 4; // Skip the vlan header
+			case 0x8847:
-			pkt_hdr_size = 0;
+				have_mpls = true;
+				break;
+
+			// VLAN carried over the ethernet frame.
+			case 0x8100:
+				data += get_link_header_size(datalink);
+				data += 4; // Skip the vlan header
+				pkt_hdr_size = 0;
+				break;
+
+			// PPPoE carried over the ethernet frame.
+			case 0x8864:
+				data += get_link_header_size(datalink);
+				protocol = (data[6] << 8) + data[7];
+				data += 8; // Skip the PPPoE session and PPP header
+				pkt_hdr_size = 0;
+
+				if ( protocol != 0x0021 && protocol != 0x0057 )
+					{
+					// Neither IPv4 nor IPv6.
+					sessions->Weird("non_ip_packet_in_pppoe_encapsulation", &hdr, data);
+					data = 0;
+					return;
+					}
+				break;
 			}
 
 		break;

testing/btest/Baseline/core.pppoe/conn.log

@@ -0,0 +1,16 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2012-10-24-05-04-16
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
+1284385418.014560	TEfuqmmG4bh	fe80::c801:eff:fe88:8	547	fe80::ce05:eff:fe88:0	546	udp	-	0.096000	192	0	S0	-	0	D	2	288	0	0	(empty)
+1284385417.962560	j4u32Pc5bif	fe80::ce05:eff:fe88:0	546	ff02::1:2	547	udp	-	0.078000	114	0	S0	-	0	D	2	210	0	0	(empty)
+1284385411.091560	arKYeMETxOg	fe80::c801:eff:fe88:8	136	ff02::1	135	icmp	-	-	-	-	OTH	-	0	-	1	64	0	0	(empty)
+1284385411.035560	UWkUyAuUGXf	fe80::c801:eff:fe88:8	143	ff02::16	0	icmp	-	0.835000	160	0	OTH	-	0	-	8	608	0	0	(empty)
+1284385451.658560	FrJExwHcSal	fc00:0:2:100::1:1	128	fc00::1	129	icmp	-	0.156000	260	260	OTH	-	0	-	5	500	5	500	(empty)
+1284385413.027560	nQcgTWjvg4c	fe80::c801:eff:fe88:8	134	fe80::ce05:eff:fe88:0	133	icmp	-	-	-	-	OTH	-	0	-	1	64	0	0	(empty)
+1284385412.963560	k6kgXLOoSKl	fe80::ce05:eff:fe88:0	133	ff02::2	134	icmp	-	-	-	-	OTH	-	0	-	1	48	0	0	(empty)
+#close	2012-10-24-05-04-16

testing/btest/core/pppoe.test

@@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -r $TRACES/pppoe.trace %INPUT 
+# @TEST-EXEC: btest-diff conn.log