Merge remote-tracking branch 'ekoyle/add-protocol-pbb'

* ekoyle/add-protocol-pbb:
  Update seemingly-unrelated btests
  Use a default analyzer
  Simplify PBB analyzer by using Ethernet analyzer
  Add btest for PBB and update baselines
  Use constexpr instead of #define
  Cleanup and add customer MAC addresses
  Add PBB (802.1ah) support

src/packet_analysis/protocol/CMakeLists.txt

@@ -11,6 +11,7 @@ add_subdirectory(ieee802_11_radio)
 add_subdirectory(fddi)
 add_subdirectory(nflog)
 add_subdirectory(mpls)
+add_subdirectory(pbb)
 add_subdirectory(linux_sll)
 add_subdirectory(linux_sll2)
 

src/packet_analysis/protocol/pbb/CMakeLists.txt

@@ -0,0 +1,8 @@
+
+include(ZeekPlugin)
+
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
+
+zeek_plugin_begin(PacketAnalyzer PBB)
+zeek_plugin_cc(PBB.cc Plugin.cc)
+zeek_plugin_end()

src/packet_analysis/protocol/pbb/PBB.cc

@@ -0,0 +1,22 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "zeek/packet_analysis/protocol/pbb/PBB.h"
+
+using namespace zeek::packet_analysis::PBB;
+
+constexpr int PBB_LEN = 18;
+constexpr int PBB_C_DST_OFF = 4;
+
+PBBAnalyzer::PBBAnalyzer() : zeek::packet_analysis::Analyzer("PBB") { }
+
+bool PBBAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
+	{
+	if ( PBB_LEN >= len )
+		{
+		Weird("truncated_PBB_header", packet);
+		return false;
+		}
+
+	// pass this on to the ethernet analyzer
+	return ForwardPacket(len - PBB_C_DST_OFF, data + PBB_C_DST_OFF, packet);
+	}

src/packet_analysis/protocol/pbb/PBB.h

@@ -0,0 +1,25 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#pragma once
+
+#include "zeek/packet_analysis/Analyzer.h"
+#include "zeek/packet_analysis/Component.h"
+
+namespace zeek::packet_analysis::PBB
+	{
+
+class PBBAnalyzer : public Analyzer
+	{
+public:
+	PBBAnalyzer();
+	~PBBAnalyzer() override = default;
+
+	bool AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) override;
+
+	static zeek::packet_analysis::AnalyzerPtr Instantiate()
+		{
+		return std::make_shared<PBBAnalyzer>();
+		}
+	};
+
+	}

src/packet_analysis/protocol/pbb/Plugin.cc

@@ -0,0 +1,27 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "zeek/plugin/Plugin.h"
+
+#include "zeek/packet_analysis/Component.h"
+#include "zeek/packet_analysis/protocol/pbb/PBB.h"
+
+namespace zeek::plugin::Zeek_PBB
+	{
+
+class Plugin : public zeek::plugin::Plugin
+	{
+public:
+	zeek::plugin::Configuration Configure()
+		{
+		AddComponent(new zeek::packet_analysis::Component(
+			"PBB", zeek::packet_analysis::PBB::PBBAnalyzer::Instantiate));
+
+		zeek::plugin::Configuration config;
+		config.name = "Zeek::PBB";
+		config.description = "PBB packet analyzer";
+		return config;
+		}
+
+	} plugin;
+
+	}