Merge remote-tracking branch 'origin/topic/seth/pppoe'

Looks like the code in this function is getting ready for some refactoring. Leaving that for another time though ... Closes #909. * origin/topic/seth/pppoe: Adding a test for PPPoE support. Adding PPPoE support to Bro.
2025-10-11 19:18:19 +00:00 · 2012-10-24 16:04:47 -07:00 · 2012-10-24 16:04:47 -07:00 · 9ec2bfe59f
commit 9ec2bfe59f
parent ae38aad2bb 54084d0744
7 changed files with 52 additions and 11 deletions
--- a/4
+++ b/4
@ -1,4 +1,8 @@

+2.1-91 | 2012-10-24 16:04:47 -0700
+
+  * Adding PPPoE support to Bro. (Seth Hall)
+
 2.1-87 | 2012-10-24 15:40:06 -0700

  * Adding missing &redef for some TCP options. Addresses #905, #906,
--- a/2
+++ b/2
@ -1 +1 @@
-2.1-87
+2.1-91
--- a/aux/broctl
+++ b/aux/broctl
@ -1 +1 @@
-Subproject commit fd0e7e0b0cf50131efaf536a5683266cfe169455
+Subproject commit 8c53c57ebf16f5aaf34052eab3b02be75774cd75
--- a/src/PktSrc.cc
+++ b/src/PktSrc.cc
@ -219,16 +219,35 @@ void PktSrc::Process()
 		// Get protocol being carried from the ethernet frame.
 		protocol = (data[12] << 8) + data[13];

-		// MPLS carried over the ethernet frame.
-		if ( protocol == 0x8847 )
-			have_mpls = true;
-
-		// VLAN carried over ethernet frame.
-		else if ( protocol == 0x8100 )
+		switch ( protocol )
 			{
+			// MPLS carried over the ethernet frame.
+			case 0x8847:
+				have_mpls = true;
+				break;
+
+			// VLAN carried over the ethernet frame.
+			case 0x8100:
 				data += get_link_header_size(datalink);
 				data += 4; // Skip the vlan header
 				pkt_hdr_size = 0;
+				break;
+
+			// PPPoE carried over the ethernet frame.
+			case 0x8864:
+				data += get_link_header_size(datalink);
+				protocol = (data[6] << 8) + data[7];
+				data += 8; // Skip the PPPoE session and PPP header
+				pkt_hdr_size = 0;
+
+				if ( protocol != 0x0021 && protocol != 0x0057 )
+					{
+					// Neither IPv4 nor IPv6.
+					sessions->Weird("non_ip_packet_in_pppoe_encapsulation", &hdr, data);
+					data = 0;
+					return;
+					}
+				break;
 			}

 		break;
--- a/testing/btest/Baseline/core.pppoe/conn.log
+++ b/testing/btest/Baseline/core.pppoe/conn.log
@ -0,0 +1,16 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2012-10-24-05-04-16
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
+1284385418.014560	TEfuqmmG4bh	fe80::c801:eff:fe88:8	547	fe80::ce05:eff:fe88:0	546	udp	-	0.096000	192	0	S0	-	0	D	2	288	0	0	(empty)
+1284385417.962560	j4u32Pc5bif	fe80::ce05:eff:fe88:0	546	ff02::1:2	547	udp	-	0.078000	114	0	S0	-	0	D	2	210	0	0	(empty)
+1284385411.091560	arKYeMETxOg	fe80::c801:eff:fe88:8	136	ff02::1	135	icmp	-	-	-	-	OTH	-	0	-	1	64	0	0	(empty)
+1284385411.035560	UWkUyAuUGXf	fe80::c801:eff:fe88:8	143	ff02::16	0	icmp	-	0.835000	160	0	OTH	-	0	-	8	608	0	0	(empty)
+1284385451.658560	FrJExwHcSal	fc00:0:2:100::1:1	128	fc00::1	129	icmp	-	0.156000	260	260	OTH	-	0	-	5	500	5	500	(empty)
+1284385413.027560	nQcgTWjvg4c	fe80::c801:eff:fe88:8	134	fe80::ce05:eff:fe88:0	133	icmp	-	-	-	-	OTH	-	0	-	1	64	0	0	(empty)
+1284385412.963560	k6kgXLOoSKl	fe80::ce05:eff:fe88:0	133	ff02::2	134	icmp	-	-	-	-	OTH	-	0	-	1	48	0	0	(empty)
+#close	2012-10-24-05-04-16
--- a/testing/btest/Traces/pppoe.trace
+++ b/testing/btest/Traces/pppoe.trace
--- a/testing/btest/core/pppoe.test
+++ b/testing/btest/core/pppoe.test
@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -r $TRACES/pppoe.trace %INPUT 
+# @TEST-EXEC: btest-diff conn.log
 @ -1 +1 @@
 .1-87
 .1-91