PPP: Add PPP analyzer to handle LINKTYPE_PPP (0x9)

Using pcaps from https://interop.seemann.io/ as samples for QUIC protocol
data didn't produce a conn.log for the contained data. `tcpdump -r`
and Wireshark do show the contained IP/UDP packets. Teach Zeek how
to handle link type DLT_PPP 0x09 using a new PPP analyzer based on the
PPPSerial analyzer code.

Usual update to files/x509 baseline after adding new analyzer due
to enum values changing.

scripts/base/packet-protocols/__load__.zeek

@@ -11,6 +11,7 @@
 @load base/packet-protocols/linux_sll2
 @load base/packet-protocols/nflog
 @load base/packet-protocols/null
+@load base/packet-protocols/ppp
 @load base/packet-protocols/ppp_serial
 @load base/packet-protocols/pppoe
 @load base/packet-protocols/vlan

scripts/base/packet-protocols/ppp/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/ppp/main.zeek

@@ -0,0 +1,12 @@
+module PacketAnalyzer::PPP;
+
+const DLT_PPP: count = 9;
+
+event zeek_init() &priority=20
+	{
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_PPP, PacketAnalyzer::ANALYZER_PPP);
+
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPP, 0x0281, PacketAnalyzer::ANALYZER_MPLS);
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPP, 0x0021, PacketAnalyzer::ANALYZER_IP);
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPP, 0x0057, PacketAnalyzer::ANALYZER_IP);
+	}

scripts/base/packet-protocols/ppp_serial/main.zeek

@@ -9,4 +9,4 @@ event zeek_init() &priority=20
 	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 0x0281, PacketAnalyzer::ANALYZER_MPLS);
 	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 0x0021, PacketAnalyzer::ANALYZER_IP);
 	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_PPPSERIAL, 0x0057, PacketAnalyzer::ANALYZER_IP);
-	}
+	}