suricata
decode-pppoe.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup decode
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author James Riden <jamesr@europe.com>
29  *
30  * PPPOE Decoder
31  */
32 
33 #include "suricata-common.h"
34 
35 #include "packet-queue.h"
36 
37 #include "decode.h"
38 #include "decode-ppp.h"
39 #include "decode-pppoe.h"
40 #include "decode-events.h"
41 #include "flow.h"
42 
43 #include "util-validate.h"
44 #include "util-unittest.h"
45 #include "util-debug.h"
46 
47 /**
48  * \brief Main decoding function for PPPOE Discovery packets
49  */
51  const uint8_t *pkt, uint32_t len)
52 {
53  DEBUG_VALIDATE_BUG_ON(pkt == NULL);
54 
56 
59  return TM_ECODE_FAILED;
60  }
61 
62  p->pppoedh = (PPPOEDiscoveryHdr *)pkt;
63 
64  /* parse the PPPOE code */
65  switch (p->pppoedh->pppoe_code)
66  {
67  case PPPOE_CODE_PADI:
68  break;
69  case PPPOE_CODE_PADO:
70  break;
71  case PPPOE_CODE_PADR:
72  break;
73  case PPPOE_CODE_PADS:
74  break;
75  case PPPOE_CODE_PADT:
76  break;
77  default:
78  SCLogDebug("unknown PPPOE code: 0x%0"PRIX8"", p->pppoedh->pppoe_code);
80  return TM_ECODE_OK;
81  }
82 
83  /* parse any tags we have in the packet */
84 
85  uint32_t tag_length = 0;
86  PPPOEDiscoveryTag* pppoedt = (PPPOEDiscoveryTag*) (p->pppoedh + PPPOE_DISCOVERY_HEADER_MIN_LEN);
87 
88  uint32_t pppoe_length = SCNtohs(p->pppoedh->pppoe_length);
89  uint32_t packet_length = len - PPPOE_DISCOVERY_HEADER_MIN_LEN ;
90 
91  SCLogDebug("pppoe_length %"PRIu32", packet_length %"PRIu32"",
92  pppoe_length, packet_length);
93 
94  if (pppoe_length > packet_length) {
95  SCLogDebug("malformed PPPOE tags");
97  return TM_ECODE_OK;
98  }
99 
100  while (pppoedt < (PPPOEDiscoveryTag*) (pkt + (len - sizeof(PPPOEDiscoveryTag))) && pppoe_length >=4 && packet_length >=4)
101  {
102 #ifdef DEBUG
103  uint16_t tag_type = SCNtohs(pppoedt->pppoe_tag_type);
104 #endif
105  tag_length = SCNtohs(pppoedt->pppoe_tag_length);
106 
107  SCLogDebug ("PPPoE Tag type %x, length %"PRIu32, tag_type, tag_length);
108 
109  if (pppoe_length >= (4 + tag_length)) {
110  pppoe_length -= (4 + tag_length);
111  } else {
112  pppoe_length = 0; // don't want an underflow
113  }
114 
115  if (packet_length >= 4 + tag_length) {
116  packet_length -= (4 + tag_length);
117  } else {
118  packet_length = 0; // don't want an underflow
119  }
120 
121  pppoedt = pppoedt + (4 + tag_length);
122  }
123 
124  return TM_ECODE_OK;
125 }
126 
127 /**
128  * \brief Main decoding function for PPPOE Session packets
129  */
131  const uint8_t *pkt, uint32_t len)
132 {
133  DEBUG_VALIDATE_BUG_ON(pkt == NULL);
134 
136 
139  return TM_ECODE_FAILED;
140  }
141 
142  p->pppoesh = (PPPOESessionHdr *)pkt;
143 
144  SCLogDebug("PPPOE VERSION %" PRIu32 " TYPE %" PRIu32 " CODE %" PRIu32 " SESSIONID %" PRIu32 " LENGTH %" PRIu32 "",
146 
147  /* can't use DecodePPP() here because we only get a single 2-byte word to indicate protocol instead of the full PPP header */
148  if (SCNtohs(p->pppoesh->pppoe_length) > 0) {
149  /* decode contained PPP packet */
150 
151  uint8_t pppoesh_len;
152  uint16_t ppp_protocol = SCNtohs(p->pppoesh->protocol);
153 
154  /* According to RFC1661-2, if the least significant bit of the most significant octet is
155  * set, we're dealing with a single-octet protocol field */
156  if (ppp_protocol & 0x0100) {
157  /* Single-octet variant */
158  ppp_protocol >>= 8;
159  pppoesh_len = PPPOE_SESSION_HEADER_MIN_LEN;
160  } else {
161  /* Double-octet variant; increase the length of the session header accordingly */
162  pppoesh_len = PPPOE_SESSION_HEADER_MIN_LEN + 1;
163 
164  if (len < pppoesh_len) {
166  return TM_ECODE_FAILED;
167  }
168  }
169 
170  SCLogDebug("Protocol %" PRIu16 " len %" PRIu8 "", ppp_protocol, pppoesh_len);
171 
172  switch (ppp_protocol) {
173  case PPP_VJ_COMP:
174  case PPP_IPX:
175  case PPP_OSI:
176  case PPP_NS:
177  case PPP_DECNET:
178  case PPP_APPLE:
179  case PPP_BRPDU:
180  case PPP_STII:
181  case PPP_VINES:
182  case PPP_HELLO:
183  case PPP_LUXCOM:
184  case PPP_SNS:
185  case PPP_MPLS_UCAST:
186  case PPP_MPLS_MCAST:
187  case PPP_IPCP:
188  case PPP_OSICP:
189  case PPP_NSCP:
190  case PPP_DECNETCP:
191  case PPP_APPLECP:
192  case PPP_IPXCP:
193  case PPP_STIICP:
194  case PPP_VINESCP:
195  case PPP_IPV6CP:
196  case PPP_MPLSCP:
197  case PPP_LCP:
198  case PPP_PAP:
199  case PPP_LQM:
200  case PPP_CHAP:
202  break;
203 
204  case PPP_VJ_UCOMP:
205 
206  if (len - pppoesh_len < IPV4_HEADER_LEN) {
208  return TM_ECODE_OK;
209  }
210  if (unlikely(len - pppoesh_len > USHRT_MAX)) {
211  return TM_ECODE_FAILED;
212  }
213 
214  if (IPV4_GET_RAW_VER((IPV4Hdr *)(pkt + pppoesh_len)) == 4) {
215  DecodeIPV4(tv, dtv, p, pkt + pppoesh_len, (uint16_t)(len - pppoesh_len));
216  }
217  break;
218 
219  case PPP_IP:
220  if (len - pppoesh_len < IPV4_HEADER_LEN) {
222  return TM_ECODE_OK;
223  }
224  if (unlikely(len - pppoesh_len > USHRT_MAX)) {
225  return TM_ECODE_FAILED;
226  }
227  DecodeIPV4(tv, dtv, p, pkt + pppoesh_len, (uint16_t)(len - pppoesh_len));
228  break;
229 
230  /* PPP IPv6 was not tested */
231  case PPP_IPV6:
232  if (len - pppoesh_len < IPV6_HEADER_LEN) {
234  return TM_ECODE_OK;
235  }
236  if (unlikely(len - pppoesh_len > USHRT_MAX)) {
237  return TM_ECODE_FAILED;
238  }
239 
240  DecodeIPV6(tv, dtv, p, pkt + pppoesh_len, (uint16_t)(len - pppoesh_len));
241  break;
242 
243  default:
244  SCLogDebug("unknown PPP protocol: %" PRIx32 "", ppp_protocol);
246  return TM_ECODE_OK;
247  }
248  }
249  return TM_ECODE_OK;
250 }
251 
252 #ifdef UNITTESTS
253 /** DecodePPPOEtest01
254  * \brief Decode malformed PPPOE packet (too short)
255  * \retval 1 Expected test value
256  */
257 static int DecodePPPOEtest01 (void)
258 {
259 
260  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x00, 0x00 };
261  Packet *p = PacketGetFromAlloc();
262  FAIL_IF_NULL(p);
263  ThreadVars tv;
265 
266  memset(&tv, 0, sizeof(ThreadVars));
267  memset(&dtv, 0, sizeof(DecodeThreadVars));
268 
269  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
270 
272 
273  SCFree(p);
274  PASS;
275 }
276 
277 /** DecodePPPOEtest02
278  * \brief Valid PPPOE packet - check the invalid ICMP type encapsulated is flagged
279  * \retval 0 Expected test value
280  */
281 static int DecodePPPOEtest02 (void)
282 {
283 
284  uint8_t raw_pppoe[] = {
285  0x11, 0x00, 0x00, 0x01, 0x00, 0x40, 0x00, 0x21,
286  0x45, 0x00, 0x00, 0x3c, 0x05, 0x5c, 0x00, 0x00,
287  0x20, 0x01, 0xff, 0x30, 0xc0, 0xa8, 0x0a, 0x7f,
288  0xc0, 0xa8, 0x0a, 0x65, 0xab, 0xcd, 0x16, 0x5e,
289  0x02, 0x00, 0x37, 0x00, 0x41, 0x42, 0x43, 0x44,
290  0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c,
291  0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54,
292  0x55, 0x56, 0x57, 0x41, 0x42, 0x43, 0x44, 0x45,
293  0x46, 0x47, 0x48, 0x49 };
294 
295  Packet *p = PacketGetFromAlloc();
296  FAIL_IF_NULL(p);
297  ThreadVars tv;
299 
300  memset(&tv, 0, sizeof(ThreadVars));
301  memset(&dtv, 0, sizeof(DecodeThreadVars));
302 
304 
305  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
306 
308 
309  // and we insist that the invalid ICMP encapsulated (type 0xab, code 0xcd) is flagged
311 
312  FlowShutdown();
313  SCFree(p);
314  PASS;
315 }
316 
317 
318 /** DecodePPPOEtest03
319  * \brief Valid example PADO packet PPPOE packet taken from RFC2516
320  * \retval 0 Expected test value
321  */
322 static int DecodePPPOEtest03 (void)
323 {
324 
325  /* example PADO packet taken from RFC2516 */
326  uint8_t raw_pppoe[] = {
327  0x11, 0x07, 0x00, 0x00, 0x00, 0x20, 0x01, 0x01,
328  0x00, 0x00, 0x01, 0x02, 0x00, 0x18, 0x47, 0x6f,
329  0x20, 0x52, 0x65, 0x64, 0x42, 0x61, 0x63, 0x6b,
330  0x20, 0x2d, 0x20, 0x65, 0x73, 0x68, 0x73, 0x68,
331  0x65, 0x73, 0x68, 0x6f, 0x6f, 0x74
332  };
333 
334  Packet *p = PacketGetFromAlloc();
335  FAIL_IF_NULL(p);
336  ThreadVars tv;
338 
339  memset(&tv, 0, sizeof(ThreadVars));
340  memset(&dtv, 0, sizeof(DecodeThreadVars));
341 
342  DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
343  FAIL_IF_NULL(p->pppoedh);
344 
345  SCFree(p);
346  PASS;
347 }
348 
349 /** DecodePPPOEtest04
350  * \brief Valid example PPPOE packet taken from RFC2516 - but with wrong PPPOE code
351  * \retval 1 Expected test value
352  */
353 static int DecodePPPOEtest04 (void)
354 {
355 
356  /* example PADI packet taken from RFC2516, but with wrong code */
357  uint8_t raw_pppoe[] = {
358  0x11, 0xbb, 0x00, 0x00, 0x00, 0x04, 0x01, 0x01,
359  0x00, 0x00
360  };
361 
362  Packet *p = PacketGetFromAlloc();
363  FAIL_IF_NULL(p);
364  ThreadVars tv;
366 
367  memset(&tv, 0, sizeof(ThreadVars));
368  memset(&dtv, 0, sizeof(DecodeThreadVars));
369 
370  DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
371 
373 
374  SCFree(p);
375  PASS;
376 }
377 
378 /** DecodePPPOEtest05
379  * \brief Valid exaple PADO PPPOE packet taken from RFC2516, but too short for given length
380  * \retval 0 Expected test value
381  */
382 static int DecodePPPOEtest05 (void)
383 {
384 
385  /* example PADI packet taken from RFC2516 */
386  uint8_t raw_pppoe[] = {
387  0x11, 0x07, 0x00, 0x00, 0x00, 0x20, 0x01, 0x01,
388  0x00, 0x00, 0x01, 0x02, 0x00, 0x18, 0x47, 0x6f,
389  0x20, 0x52, 0x65, 0x64, 0x42, 0x61, 0x63, 0x6b,
390  0x20, 0x2d, 0x20, 0x65, 0x73, 0x68, 0x73, 0x68
391  };
392 
393  Packet *p = PacketGetFromAlloc();
394  FAIL_IF_NULL(p);
395  ThreadVars tv;
397 
398  memset(&tv, 0, sizeof(ThreadVars));
399  memset(&dtv, 0, sizeof(DecodeThreadVars));
400 
401  DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
402 
404 
405  SCFree(p);
406  PASS;
407 }
408 
409 /** DecodePPPOEtest06
410  * \brief Check that the macros work as expected. Type and version are
411  * fields of 4 bits length. So they are sharing the same var and the macros
412  * should extract the first 4 bits for version and the second 4 bits for type
413  * \retval 1 Expected test value
414  */
415 static int DecodePPPOEtest06 (void)
416 {
417 
418  PPPOESessionHdr pppoesh;
419  PPPOEDiscoveryHdr pppoedh;
420  pppoesh.pppoe_version_type = 0xAB;
421  pppoedh.pppoe_version_type = 0xCD;
422 
423  FAIL_IF(PPPOE_SESSION_GET_VERSION(&pppoesh) != 0x0A);
424  FAIL_IF(PPPOE_SESSION_GET_TYPE(&pppoesh) != 0x0B);
425  FAIL_IF(PPPOE_DISCOVERY_GET_VERSION(&pppoedh) != 0x0C);
426  FAIL_IF(PPPOE_DISCOVERY_GET_TYPE(&pppoedh) != 0x0D);
427  PASS;
428 }
429 
430 /** DecodePPPOEtest07
431  * \brief Valid PPPOE packet with 8 bit protocol field - check the valid ICMP type is accepted
432  * \retval 1 Expected test value
433  */
434 static int DecodePPPOEtest07(void)
435 {
436 
437  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x2d, 0x00, 0x1c, 0x21, 0x45, 0x00, 0x00, 0x1d, 0x97,
438  0xc3, 0x00, 0x00, 0x40, 0x01, 0x47, 0x0f, 0x0a, 0x64, 0x00, 0x00, 0xc0, 0xa8, 0xd1, 0x01,
439  0x08, 0x00, 0xd4, 0x4c, 0x1f, 0x32, 0x04, 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
440  0x00, 0x00, 0x00, 0x00 };
441 
442  Packet *p = PacketGetFromAlloc();
443  FAIL_IF_NULL(p);
444  ThreadVars tv;
446 
447  memset(&tv, 0, sizeof(ThreadVars));
448  memset(&dtv, 0, sizeof(DecodeThreadVars));
449 
450  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
451 
453  SCFree(p);
454  PASS;
455 }
456 
457 /** DecodePPPOEtest08
458  * \brief Valid PPPOE packet with 8 bit protocol field - check the valid HTTP type is accepted
459  * \retval 1 Expected test value
460  */
461 static int DecodePPPOEtest08(void)
462 {
463 
464  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x2d, 0x00, 0x3d, 0x21, 0x45, 0x00, 0x00, 0x3c, 0x00,
465  0x00, 0x40, 0x00, 0x40, 0x06, 0xed, 0xda, 0x0a, 0x64, 0x00, 0x00, 0x8e, 0xfa, 0xb3, 0x83,
466  0xde, 0xb5, 0x00, 0x50, 0xd4, 0xbd, 0x76, 0x54, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0xfe,
467  0xcc, 0x74, 0x2f, 0x00, 0x00, 0x02, 0x04, 0x05, 0xac, 0x01, 0x03, 0x03, 0x07, 0x04, 0x02,
468  0x08, 0x0a, 0xcb, 0xae, 0x92, 0x63, 0x00, 0x00, 0x00, 0x00 };
469 
470  Packet *p = PacketGetFromAlloc();
471  FAIL_IF_NULL(p);
472  ThreadVars tv;
474 
475  memset(&tv, 0, sizeof(ThreadVars));
476  memset(&dtv, 0, sizeof(DecodeThreadVars));
477 
478  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
479 
481  SCFree(p);
482  PASS;
483 }
484 
485 /** DecodePPPOEtest09
486  * \brief Valid PPPOE packet with 16 bit protocol field - check the valid ICMP type is accepted
487  * \retval 1 Expected test value
488  */
489 static int DecodePPPOEtest09(void)
490 {
491 
492  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x2d, 0x00, 0x1c, 0x00, 0x21, 0x45, 0x00, 0x00, 0x1d,
493  0x97, 0xc3, 0x00, 0x00, 0x40, 0x01, 0x47, 0x0f, 0x0a, 0x64, 0x00, 0x00, 0xc0, 0xa8, 0xd1,
494  0x01, 0x08, 0x00, 0xd4, 0x4c, 0x1f, 0x32, 0x04, 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
495  0x00, 0x00, 0x00, 0x00, 0x00 };
496 
497  Packet *p = PacketGetFromAlloc();
498  FAIL_IF_NULL(p);
499  ThreadVars tv;
501 
502  memset(&tv, 0, sizeof(ThreadVars));
503  memset(&dtv, 0, sizeof(DecodeThreadVars));
504 
505  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
506 
508  SCFree(p);
509  PASS;
510 }
511 
512 /** DecodePPPOEtest10
513  * \brief Valid PPPOE packet with 16 bit protocol field - check the valid HTTP type is accepted
514  * \retval 1 Expected test value
515  */
516 static int DecodePPPOEtest10(void)
517 {
518 
519  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x2d, 0x00, 0x3d, 0x00, 0x21, 0x45, 0x00, 0x00, 0x3c,
520  0x00, 0x00, 0x40, 0x00, 0x40, 0x06, 0xed, 0xda, 0x0a, 0x64, 0x00, 0x00, 0x8e, 0xfa, 0xb3,
521  0x83, 0xde, 0xb5, 0x00, 0x50, 0xd4, 0xbd, 0x76, 0x54, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02,
522  0xfe, 0xcc, 0x74, 0x2f, 0x00, 0x00, 0x02, 0x04, 0x05, 0xac, 0x01, 0x03, 0x03, 0x07, 0x04,
523  0x02, 0x08, 0x0a, 0xcb, 0xae, 0x92, 0x63, 0x00, 0x00, 0x00, 0x00 };
524 
525  Packet *p = PacketGetFromAlloc();
526  FAIL_IF_NULL(p);
527  ThreadVars tv;
529 
530  memset(&tv, 0, sizeof(ThreadVars));
531  memset(&dtv, 0, sizeof(DecodeThreadVars));
532 
533  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
534 
536  SCFree(p);
537  PASS;
538 }
539 #endif /* UNITTESTS */
540 
541 /**
542  * \brief Registers PPPOE unit tests
543  * \todo More PPPOE tests
544  */
546 {
547 #ifdef UNITTESTS
548  UtRegisterTest("DecodePPPOEtest01", DecodePPPOEtest01);
549  UtRegisterTest("DecodePPPOEtest02", DecodePPPOEtest02);
550  UtRegisterTest("DecodePPPOEtest03", DecodePPPOEtest03);
551  UtRegisterTest("DecodePPPOEtest04", DecodePPPOEtest04);
552  UtRegisterTest("DecodePPPOEtest05", DecodePPPOEtest05);
553  UtRegisterTest("DecodePPPOEtest06", DecodePPPOEtest06);
554  UtRegisterTest("DecodePPPOEtest07", DecodePPPOEtest07);
555  UtRegisterTest("DecodePPPOEtest08", DecodePPPOEtest08);
556  UtRegisterTest("DecodePPPOEtest09", DecodePPPOEtest09);
557  UtRegisterTest("DecodePPPOEtest10", DecodePPPOEtest10);
558 #endif /* UNITTESTS */
559 }
560 
561 /**
562  * @}
563  */
ENGINE_SET_EVENT
#define ENGINE_SET_EVENT(p, e)
Definition: decode.h:880
PPP_MPLS_MCAST
#define PPP_MPLS_MCAST
Definition: decode-ppp.h:47
len
uint8_t len
Definition: app-layer-dnp3.h:2
PPP_PAP
#define PPP_PAP
Definition: decode-ppp.h:59
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
PPPOE_SESSION_HEADER_MIN_LEN
#define PPPOE_SESSION_HEADER_MIN_LEN
Definition: decode-pppoe.h:29
PPP_HELLO
#define PPP_HELLO
Definition: decode-ppp.h:43
PPPOE_MALFORMED_TAGS
@ PPPOE_MALFORMED_TAGS
Definition: decode-events.h:124
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:167
PPPOE_CODE_PADS
#define PPPOE_CODE_PADS
Definition: decode-pppoe.h:63
PPPOE_PKT_TOO_SMALL
@ PPPOE_PKT_TOO_SMALL
Definition: decode-events.h:122
PPP_LQM
#define PPP_LQM
Definition: decode-ppp.h:60
decode-pppoe.h
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
PPP_SNS
#define PPP_SNS
Definition: decode-ppp.h:45
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
PPPOESessionHdr_
Definition: decode-pppoe.h:37
ENGINE_ISSET_EVENT
#define ENGINE_ISSET_EVENT(p, e)
Definition: decode.h:895
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:296
PPPOESessionHdr_::protocol
uint16_t protocol
Definition: decode-pppoe.h:42
PPP_NSCP
#define PPP_NSCP
Definition: decode-ppp.h:50
PPP_VINES
#define PPP_VINES
Definition: decode-ppp.h:42
PPP_WRONG_TYPE
@ PPP_WRONG_TYPE
Definition: decode-events.h:118
PPPOESessionHdr_::session_id
uint16_t session_id
Definition: decode-pppoe.h:40
packet-queue.h
Packet_::pppoesh
PPPOESessionHdr * pppoesh
Definition: decode.h:560
PPP_IP
#define PPP_IP
Definition: decode-ppp.h:28
PPPOE_SESSION_GET_TYPE
#define PPPOE_SESSION_GET_TYPE(hdr)
Definition: decode-pppoe.h:32
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:83
PPP_BRPDU
#define PPP_BRPDU
Definition: decode-ppp.h:40
util-unittest.h
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:82
PPP_LUXCOM
#define PPP_LUXCOM
Definition: decode-ppp.h:44
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:543
decode.h
util-debug.h
PPPIPV4_PKT_TOO_SMALL
@ PPPIPV4_PKT_TOO_SMALL
Definition: decode-events.h:116
PPP_STIICP
#define PPP_STIICP
Definition: decode-ppp.h:54
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
PPP_IPX
#define PPP_IPX
Definition: decode-ppp.h:35
decode-ppp.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
PPP_IPCP
#define PPP_IPCP
Definition: decode-ppp.h:48
PPPOE_SESSION_GET_VERSION
#define PPPOE_SESSION_GET_VERSION(hdr)
Definition: decode-pppoe.h:31
PPP_VJ_COMP
#define PPP_VJ_COMP
Definition: decode-ppp.h:34
PPP_VINESCP
#define PPP_VINESCP
Definition: decode-ppp.h:55
PPPVJU_PKT_TOO_SMALL
@ PPPVJU_PKT_TOO_SMALL
Definition: decode-events.h:115
PPP_UNSUP_PROTO
@ PPP_UNSUP_PROTO
Definition: decode-events.h:119
PPP_MPLSCP
#define PPP_MPLSCP
Definition: decode-ppp.h:57
pppoe_length
uint16_t pppoe_length
Definition: decode-pppoe.h:3
PPPOE_CODE_PADI
#define PPPOE_CODE_PADI
Definition: decode-pppoe.h:60
Packet_
Definition: decode.h:425
DecodeIPV6
int DecodeIPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-ipv6.c:564
PPPOE_CODE_PADT
#define PPPOE_CODE_PADT
Definition: decode-pppoe.h:64
IPV4_GET_RAW_VER
#define IPV4_GET_RAW_VER(ip4h)
Definition: decode-ipv4.h:95
PPP_DECNETCP
#define PPP_DECNETCP
Definition: decode-ppp.h:51
PPPIPV6_PKT_TOO_SMALL
@ PPPIPV6_PKT_TOO_SMALL
Definition: decode-events.h:117
decode-events.h
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
IPV4Hdr_
Definition: decode-ipv4.h:72
DecodePPPOEDiscovery
int DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Main decoding function for PPPOE Discovery packets.
Definition: decode-pppoe.c:50
PPP_APPLE
#define PPP_APPLE
Definition: decode-ppp.h:39
PPPOE_DISCOVERY_GET_TYPE
#define PPPOE_DISCOVERY_GET_TYPE(hdr)
Definition: decode-pppoe.h:34
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:403
suricata-common.h
PPPOE_DISCOVERY_GET_VERSION
#define PPPOE_DISCOVERY_GET_VERSION(hdr)
Definition: decode-pppoe.h:33
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:690
PPP_MPLS_UCAST
#define PPP_MPLS_UCAST
Definition: decode-ppp.h:46
IPV4_HEADER_LEN
#define IPV4_HEADER_LEN
Definition: decode-ipv4.h:28
DecodePPPOERegisterTests
void DecodePPPOERegisterTests(void)
Registers PPPOE unit tests.
Definition: decode-pppoe.c:545
PPP_NS
#define PPP_NS
Definition: decode-ppp.h:37
PPP_DECNET
#define PPP_DECNET
Definition: decode-ppp.h:38
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
PPPOESessionHdr_::pppoe_code
uint8_t pppoe_code
Definition: decode-pppoe.h:39
util-validate.h
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:173
PPP_IPV6
#define PPP_IPV6
Definition: decode-ppp.h:29
DecodeThreadVars_::counter_pppoe
uint16_t counter_pppoe
Definition: decode.h:695
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:659
PPPOE_CODE_PADO
#define PPPOE_CODE_PADO
Definition: decode-pppoe.h:61
DecodePPPOESession
int DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Main decoding function for PPPOE Session packets.
Definition: decode-pppoe.c:130
Packet_::pppoedh
PPPOEDiscoveryHdr * pppoedh
Definition: decode.h:561
PPPOE_DISCOVERY_HEADER_MIN_LEN
#define PPPOE_DISCOVERY_HEADER_MIN_LEN
Definition: decode-pppoe.h:30
PPP_STII
#define PPP_STII
Definition: decode-ppp.h:41
PPP_CHAP
#define PPP_CHAP
Definition: decode-ppp.h:61
PPP_APPLECP
#define PPP_APPLECP
Definition: decode-ppp.h:52
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition: decode.h:888
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:40
PPP_IPXCP
#define PPP_IPXCP
Definition: decode-ppp.h:53
PPPOESessionHdr_::pppoe_length
uint16_t pppoe_length
Definition: decode-pppoe.h:41
IPV6_HEADER_LEN
#define IPV6_HEADER_LEN
Definition: decode-ipv6.h:27
PPP_VJ_UCOMP
#define PPP_VJ_UCOMP
Definition: decode-ppp.h:30
PPPOE_CODE_PADR
#define PPPOE_CODE_PADR
Definition: decode-pppoe.h:62
ICMPV4_UNKNOWN_TYPE
@ ICMPV4_UNKNOWN_TYPE
Definition: decode-events.h:49
flow.h
DecodeIPV4
int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-ipv4.c:520
PPP_IPV6CP
#define PPP_IPV6CP
Definition: decode-ppp.h:56
PPPOESessionHdr_::pppoe_version_type
uint8_t pppoe_version_type
Definition: decode-pppoe.h:38
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:111
PPP_OSI
#define PPP_OSI
Definition: decode-ppp.h:36
PPP_OSICP
#define PPP_OSICP
Definition: decode-ppp.h:49
PPP_LCP
#define PPP_LCP
Definition: decode-ppp.h:58
PPPOE_WRONG_CODE
@ PPPOE_WRONG_CODE
Definition: decode-events.h:123