suricata
decode-pppoe.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup decode
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author James Riden <jamesr@europe.com>
29  *
30  * PPPOE Decoder
31  */
32 
33 #include "suricata-common.h"
34 
35 #include "packet-queue.h"
36 
37 #include "decode.h"
38 #include "decode-ppp.h"
39 #include "decode-pppoe.h"
40 #include "decode-events.h"
41 
42 #include "flow.h"
43 
44 #include "util-validate.h"
45 #include "util-unittest.h"
46 #include "util-debug.h"
47 
48 /**
49  * \brief Main decoding function for PPPOE Discovery packets
50  */
52  const uint8_t *pkt, uint32_t len)
53 {
54  DEBUG_VALIDATE_BUG_ON(pkt == NULL);
55 
57 
60  return TM_ECODE_FAILED;
61  }
62 
63  p->pppoedh = (PPPOEDiscoveryHdr *)pkt;
64 
65  /* parse the PPPOE code */
66  switch (p->pppoedh->pppoe_code)
67  {
68  case PPPOE_CODE_PADI:
69  break;
70  case PPPOE_CODE_PADO:
71  break;
72  case PPPOE_CODE_PADR:
73  break;
74  case PPPOE_CODE_PADS:
75  break;
76  case PPPOE_CODE_PADT:
77  break;
78  default:
79  SCLogDebug("unknown PPPOE code: 0x%0"PRIX8"", p->pppoedh->pppoe_code);
81  return TM_ECODE_OK;
82  }
83 
84  /* parse any tags we have in the packet */
85 
86  uint32_t tag_length = 0;
87  PPPOEDiscoveryTag* pppoedt = (PPPOEDiscoveryTag*) (p->pppoedh + PPPOE_DISCOVERY_HEADER_MIN_LEN);
88 
89  uint32_t pppoe_length = SCNtohs(p->pppoedh->pppoe_length);
90  uint32_t packet_length = len - PPPOE_DISCOVERY_HEADER_MIN_LEN ;
91 
92  SCLogDebug("pppoe_length %"PRIu32", packet_length %"PRIu32"",
93  pppoe_length, packet_length);
94 
95  if (pppoe_length > packet_length) {
96  SCLogDebug("malformed PPPOE tags");
98  return TM_ECODE_OK;
99  }
100 
101  while (pppoedt < (PPPOEDiscoveryTag*) (pkt + (len - sizeof(PPPOEDiscoveryTag))) && pppoe_length >=4 && packet_length >=4)
102  {
103 #ifdef DEBUG
104  uint16_t tag_type = SCNtohs(pppoedt->pppoe_tag_type);
105 #endif
106  tag_length = SCNtohs(pppoedt->pppoe_tag_length);
107 
108  SCLogDebug ("PPPoE Tag type %x, length %"PRIu32, tag_type, tag_length);
109 
110  if (pppoe_length >= (4 + tag_length)) {
111  pppoe_length -= (4 + tag_length);
112  } else {
113  pppoe_length = 0; // don't want an underflow
114  }
115 
116  if (packet_length >= 4 + tag_length) {
117  packet_length -= (4 + tag_length);
118  } else {
119  packet_length = 0; // don't want an underflow
120  }
121 
122  pppoedt = pppoedt + (4 + tag_length);
123  }
124 
125  return TM_ECODE_OK;
126 }
127 
128 /**
129  * \brief Main decoding function for PPPOE Session packets
130  */
132  const uint8_t *pkt, uint32_t len)
133 {
134  DEBUG_VALIDATE_BUG_ON(pkt == NULL);
135 
137 
140  return TM_ECODE_FAILED;
141  }
142 
143  p->pppoesh = (PPPOESessionHdr *)pkt;
144 
145  SCLogDebug("PPPOE VERSION %" PRIu32 " TYPE %" PRIu32 " CODE %" PRIu32 " SESSIONID %" PRIu32 " LENGTH %" PRIu32 "",
147 
148  /* can't use DecodePPP() here because we only get a single 2-byte word to indicate protocol instead of the full PPP header */
149 
150  if (SCNtohs(p->pppoesh->pppoe_length) > 0) {
151  /* decode contained PPP packet */
152 
153  switch (SCNtohs(p->pppoesh->protocol))
154  {
155  case PPP_VJ_COMP:
156  case PPP_IPX:
157  case PPP_OSI:
158  case PPP_NS:
159  case PPP_DECNET:
160  case PPP_APPLE:
161  case PPP_BRPDU:
162  case PPP_STII:
163  case PPP_VINES:
164  case PPP_HELLO:
165  case PPP_LUXCOM:
166  case PPP_SNS:
167  case PPP_MPLS_UCAST:
168  case PPP_MPLS_MCAST:
169  case PPP_IPCP:
170  case PPP_OSICP:
171  case PPP_NSCP:
172  case PPP_DECNETCP:
173  case PPP_APPLECP:
174  case PPP_IPXCP:
175  case PPP_STIICP:
176  case PPP_VINESCP:
177  case PPP_IPV6CP:
178  case PPP_MPLSCP:
179  case PPP_LCP:
180  case PPP_PAP:
181  case PPP_LQM:
182  case PPP_CHAP:
184  break;
185 
186  case PPP_VJ_UCOMP:
187 
190  return TM_ECODE_OK;
191  }
192  if (unlikely(len > PPPOE_SESSION_HEADER_LEN + USHRT_MAX)) {
193  return TM_ECODE_FAILED;
194  }
195 
196  if(IPV4_GET_RAW_VER((IPV4Hdr *)(pkt + PPPOE_SESSION_HEADER_LEN)) == 4) {
198  }
199  break;
200 
201  case PPP_IP:
204  return TM_ECODE_OK;
205  }
206  if (unlikely(len > PPPOE_SESSION_HEADER_LEN + USHRT_MAX)) {
207  return TM_ECODE_FAILED;
208  }
209 
211  break;
212 
213  /* PPP IPv6 was not tested */
214  case PPP_IPV6:
217  return TM_ECODE_OK;
218  }
219  if (unlikely(len > PPPOE_SESSION_HEADER_LEN + USHRT_MAX)) {
220  return TM_ECODE_FAILED;
221  }
222 
224  break;
225 
226  default:
227  SCLogDebug("unknown PPP protocol: %" PRIx32 "",SCNtohs(p->pppoesh->protocol));
229  return TM_ECODE_OK;
230  }
231  }
232  return TM_ECODE_OK;
233 }
234 
235 #ifdef UNITTESTS
236 /** DecodePPPOEtest01
237  * \brief Decode malformed PPPOE packet (too short)
238  * \retval 1 Expected test value
239  */
240 static int DecodePPPOEtest01 (void)
241 {
242 
243  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x00, 0x00 };
244  Packet *p = PacketGetFromAlloc();
245  if (unlikely(p == NULL))
246  return 0;
247  ThreadVars tv;
249 
250  memset(&tv, 0, sizeof(ThreadVars));
251  memset(&dtv, 0, sizeof(DecodeThreadVars));
252 
253  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
254 
256  SCFree(p);
257  return 1;
258  }
259 
260  SCFree(p);
261  return 0;
262 }
263 
264 /** DecodePPPOEtest02
265  * \brief Valid PPPOE packet - check the invalid ICMP type encapsulated is flagged
266  * \retval 0 Expected test value
267  */
268 static int DecodePPPOEtest02 (void)
269 {
270 
271  uint8_t raw_pppoe[] = {
272  0x11, 0x00, 0x00, 0x01, 0x00, 0x40, 0x00, 0x21,
273  0x45, 0x00, 0x00, 0x3c, 0x05, 0x5c, 0x00, 0x00,
274  0x20, 0x01, 0xff, 0x30, 0xc0, 0xa8, 0x0a, 0x7f,
275  0xc0, 0xa8, 0x0a, 0x65, 0xab, 0xcd, 0x16, 0x5e,
276  0x02, 0x00, 0x37, 0x00, 0x41, 0x42, 0x43, 0x44,
277  0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c,
278  0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54,
279  0x55, 0x56, 0x57, 0x41, 0x42, 0x43, 0x44, 0x45,
280  0x46, 0x47, 0x48, 0x49 };
281 
282  Packet *p = PacketGetFromAlloc();
283  if (unlikely(p == NULL))
284  return 0;
285  ThreadVars tv;
287  int ret = 0;
288 
289  memset(&tv, 0, sizeof(ThreadVars));
290  memset(&dtv, 0, sizeof(DecodeThreadVars));
291 
293 
294  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
295 
297  goto end;
298  }
299 
300  // and we insist that the invalid ICMP encapsulated (type 0xab, code 0xcd) is flagged
301 
303  goto end;
304  }
305 
306  ret = 1;
307 end:
308  FlowShutdown();
309  SCFree(p);
310  return ret;
311 }
312 
313 
314 /** DecodePPPOEtest03
315  * \brief Valid example PADO packet PPPOE packet taken from RFC2516
316  * \retval 0 Expected test value
317  */
318 static int DecodePPPOEtest03 (void)
319 {
320 
321  /* example PADO packet taken from RFC2516 */
322  uint8_t raw_pppoe[] = {
323  0x11, 0x07, 0x00, 0x00, 0x00, 0x20, 0x01, 0x01,
324  0x00, 0x00, 0x01, 0x02, 0x00, 0x18, 0x47, 0x6f,
325  0x20, 0x52, 0x65, 0x64, 0x42, 0x61, 0x63, 0x6b,
326  0x20, 0x2d, 0x20, 0x65, 0x73, 0x68, 0x73, 0x68,
327  0x65, 0x73, 0x68, 0x6f, 0x6f, 0x74
328  };
329 
330  Packet *p = PacketGetFromAlloc();
331  if (unlikely(p == NULL))
332  return 0;
333  ThreadVars tv;
335 
336  memset(&tv, 0, sizeof(ThreadVars));
337  memset(&dtv, 0, sizeof(DecodeThreadVars));
338 
339  DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
340  if (p->pppoedh == NULL) {
341  SCFree(p);
342  return 0;
343  }
344 
345  SCFree(p);
346  return 1;
347 }
348 
349 /** DecodePPPOEtest04
350  * \brief Valid example PPPOE packet taken from RFC2516 - but with wrong PPPOE code
351  * \retval 1 Expected test value
352  */
353 static int DecodePPPOEtest04 (void)
354 {
355 
356  /* example PADI packet taken from RFC2516, but with wrong code */
357  uint8_t raw_pppoe[] = {
358  0x11, 0xbb, 0x00, 0x00, 0x00, 0x04, 0x01, 0x01,
359  0x00, 0x00
360  };
361 
362  Packet *p = PacketGetFromAlloc();
363  if (unlikely(p == NULL))
364  return 0;
365  ThreadVars tv;
367 
368  memset(&tv, 0, sizeof(ThreadVars));
369  memset(&dtv, 0, sizeof(DecodeThreadVars));
370 
371  DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
372 
374  SCFree(p);
375  return 1;
376  }
377 
378  SCFree(p);
379  return 0;
380 }
381 
382 /** DecodePPPOEtest05
383  * \brief Valid exaple PADO PPPOE packet taken from RFC2516, but too short for given length
384  * \retval 0 Expected test value
385  */
386 static int DecodePPPOEtest05 (void)
387 {
388 
389  /* example PADI packet taken from RFC2516 */
390  uint8_t raw_pppoe[] = {
391  0x11, 0x07, 0x00, 0x00, 0x00, 0x20, 0x01, 0x01,
392  0x00, 0x00, 0x01, 0x02, 0x00, 0x18, 0x47, 0x6f,
393  0x20, 0x52, 0x65, 0x64, 0x42, 0x61, 0x63, 0x6b,
394  0x20, 0x2d, 0x20, 0x65, 0x73, 0x68, 0x73, 0x68
395  };
396 
397  Packet *p = PacketGetFromAlloc();
398  if (unlikely(p == NULL))
399  return 0;
400  ThreadVars tv;
402 
403  memset(&tv, 0, sizeof(ThreadVars));
404  memset(&dtv, 0, sizeof(DecodeThreadVars));
405 
406  DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
407 
409  SCFree(p);
410  return 1;
411  }
412 
413  SCFree(p);
414  return 0;
415 }
416 
417 /** DecodePPPOEtest06
418  * \brief Check that the macros work as expected. Type and version are
419  * fields of 4 bits length. So they are sharing the same var and the macros
420  * should extract the first 4 bits for version and the second 4 bits for type
421  * \retval 1 Expected test value
422  */
423 static int DecodePPPOEtest06 (void)
424 {
425 
426  PPPOESessionHdr pppoesh;
427  PPPOEDiscoveryHdr pppoedh;
428  pppoesh.pppoe_version_type = 0xAB;
429  pppoedh.pppoe_version_type = 0xCD;
430 
431  if (PPPOE_SESSION_GET_VERSION(&pppoesh) != 0x0A) {
432  printf("Error, PPPOE macro pppoe_session_get_version failed: ");
433  return 0;
434  }
435  if (PPPOE_SESSION_GET_TYPE(&pppoesh) != 0x0B) {
436  printf("Error, PPPOE macro pppoe_session_get_type failed: ");
437  return 0;
438  }
439  if (PPPOE_DISCOVERY_GET_VERSION(&pppoedh) != 0x0C) {
440  printf("Error, PPPOE macro pppoe_discovery_get_version failed: ");
441  return 0;
442  }
443  if (PPPOE_DISCOVERY_GET_TYPE(&pppoedh) != 0x0D) {
444  printf("Error, PPPOE macro pppoe_discovery_get_type failed: ");
445  return 0;
446  }
447 
448  return 1;
449 }
450 #endif /* UNITTESTS */
451 
452 
453 
454 /**
455  * \brief Registers PPPOE unit tests
456  * \todo More PPPOE tests
457  */
459 {
460 #ifdef UNITTESTS
461  UtRegisterTest("DecodePPPOEtest01", DecodePPPOEtest01);
462  UtRegisterTest("DecodePPPOEtest02", DecodePPPOEtest02);
463  UtRegisterTest("DecodePPPOEtest03", DecodePPPOEtest03);
464  UtRegisterTest("DecodePPPOEtest04", DecodePPPOEtest04);
465  UtRegisterTest("DecodePPPOEtest05", DecodePPPOEtest05);
466  UtRegisterTest("DecodePPPOEtest06", DecodePPPOEtest06);
467 #endif /* UNITTESTS */
468 }
469 
470 /**
471  * @}
472  */
ENGINE_SET_EVENT
#define ENGINE_SET_EVENT(p, e)
Definition: decode.h:1023
PPP_MPLS_MCAST
#define PPP_MPLS_MCAST
Definition: decode-ppp.h:47
PPP_UNSUP_PROTO
@ PPP_UNSUP_PROTO
Definition: decode-events.h:119
len
uint8_t len
Definition: app-layer-dnp3.h:2
PPP_PAP
#define PPP_PAP
Definition: decode-ppp.h:59
PPP_HELLO
#define PPP_HELLO
Definition: decode-ppp.h:43
PPPOE_WRONG_CODE
@ PPPOE_WRONG_CODE
Definition: decode-events.h:123
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:169
PPPOE_CODE_PADS
#define PPPOE_CODE_PADS
Definition: decode-pppoe.h:64
PPP_LQM
#define PPP_LQM
Definition: decode-ppp.h:60
decode-pppoe.h
PPPVJU_PKT_TOO_SMALL
@ PPPVJU_PKT_TOO_SMALL
Definition: decode-events.h:115
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
PPP_SNS
#define PPP_SNS
Definition: decode-ppp.h:45
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
PPPOESessionHdr_
Definition: decode-pppoe.h:38
ENGINE_ISSET_EVENT
#define ENGINE_ISSET_EVENT(p, e)
Definition: decode.h:1038
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:298
PPP_WRONG_TYPE
@ PPP_WRONG_TYPE
Definition: decode-events.h:118
PPPOESessionHdr_::protocol
uint16_t protocol
Definition: decode-pppoe.h:43
PPP_NSCP
#define PPP_NSCP
Definition: decode-ppp.h:50
PPP_VINES
#define PPP_VINES
Definition: decode-ppp.h:42
PPPOESessionHdr_::session_id
uint16_t session_id
Definition: decode-pppoe.h:41
PPPOE_MALFORMED_TAGS
@ PPPOE_MALFORMED_TAGS
Definition: decode-events.h:124
packet-queue.h
Packet_::pppoesh
PPPOESessionHdr * pppoesh
Definition: decode.h:546
PPP_IP
#define PPP_IP
Definition: decode-ppp.h:28
PPPOE_SESSION_GET_TYPE
#define PPPOE_SESSION_GET_TYPE(hdr)
Definition: decode-pppoe.h:33
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:81
ICMPV4_UNKNOWN_TYPE
@ ICMPV4_UNKNOWN_TYPE
Definition: decode-events.h:49
PPP_BRPDU
#define PPP_BRPDU
Definition: decode-ppp.h:40
util-unittest.h
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:80
PPP_LUXCOM
#define PPP_LUXCOM
Definition: decode-ppp.h:44
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:516
PPPIPV4_PKT_TOO_SMALL
@ PPPIPV4_PKT_TOO_SMALL
Definition: decode-events.h:116
decode.h
util-debug.h
PPP_STIICP
#define PPP_STIICP
Definition: decode-ppp.h:54
PPPIPV6_PKT_TOO_SMALL
@ PPPIPV6_PKT_TOO_SMALL
Definition: decode-events.h:117
PPP_IPX
#define PPP_IPX
Definition: decode-ppp.h:35
decode-ppp.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:58
PPP_IPCP
#define PPP_IPCP
Definition: decode-ppp.h:48
PPPOE_SESSION_GET_VERSION
#define PPPOE_SESSION_GET_VERSION(hdr)
Definition: decode-pppoe.h:32
PPP_VJ_COMP
#define PPP_VJ_COMP
Definition: decode-ppp.h:34
PPP_VINESCP
#define PPP_VINESCP
Definition: decode-ppp.h:55
PPP_MPLSCP
#define PPP_MPLSCP
Definition: decode-ppp.h:57
pppoe_length
uint16_t pppoe_length
Definition: decode-pppoe.h:3
PPPOE_CODE_PADI
#define PPPOE_CODE_PADI
Definition: decode-pppoe.h:61
Packet_
Definition: decode.h:416
DecodeIPV6
int DecodeIPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-ipv6.c:564
PPPOE_CODE_PADT
#define PPPOE_CODE_PADT
Definition: decode-pppoe.h:65
IPV4_GET_RAW_VER
#define IPV4_GET_RAW_VER(ip4h)
Definition: decode-ipv4.h:94
PPP_DECNETCP
#define PPP_DECNETCP
Definition: decode-ppp.h:51
decode-events.h
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:30
IPV4Hdr_
Definition: decode-ipv4.h:71
DecodePPPOEDiscovery
int DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Main decoding function for PPPOE Discovery packets.
Definition: decode-pppoe.c:51
PPP_APPLE
#define PPP_APPLE
Definition: decode-ppp.h:39
PPPOE_DISCOVERY_GET_TYPE
#define PPPOE_DISCOVERY_GET_TYPE(hdr)
Definition: decode-pppoe.h:35
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:395
suricata-common.h
PPPOE_DISCOVERY_GET_VERSION
#define PPPOE_DISCOVERY_GET_VERSION(hdr)
Definition: decode-pppoe.h:34
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:644
PPP_MPLS_UCAST
#define PPP_MPLS_UCAST
Definition: decode-ppp.h:46
IPV4_HEADER_LEN
#define IPV4_HEADER_LEN
Definition: decode-ipv4.h:28
DecodePPPOERegisterTests
void DecodePPPOERegisterTests(void)
Registers PPPOE unit tests.
Definition: decode-pppoe.c:458
PPP_NS
#define PPP_NS
Definition: decode-ppp.h:37
PPPOE_SESSION_HEADER_LEN
#define PPPOE_SESSION_HEADER_LEN
Definition: decode-pppoe.h:30
PPP_DECNET
#define PPP_DECNET
Definition: decode-ppp.h:38
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:29
PPPOESessionHdr_::pppoe_code
uint8_t pppoe_code
Definition: decode-pppoe.h:40
util-validate.h
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:150
PPP_IPV6
#define PPP_IPV6
Definition: decode-ppp.h:29
PPPOE_PKT_TOO_SMALL
@ PPPOE_PKT_TOO_SMALL
Definition: decode-events.h:122
DecodeThreadVars_::counter_pppoe
uint16_t counter_pppoe
Definition: decode.h:676
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:640
PPPOE_CODE_PADO
#define PPPOE_CODE_PADO
Definition: decode-pppoe.h:62
DecodePPPOESession
int DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Main decoding function for PPPOE Session packets.
Definition: decode-pppoe.c:131
Packet_::pppoedh
PPPOEDiscoveryHdr * pppoedh
Definition: decode.h:547
PPPOE_DISCOVERY_HEADER_MIN_LEN
#define PPPOE_DISCOVERY_HEADER_MIN_LEN
Definition: decode-pppoe.h:31
PPP_STII
#define PPP_STII
Definition: decode-ppp.h:41
PPP_CHAP
#define PPP_CHAP
Definition: decode-ppp.h:61
PPP_APPLECP
#define PPP_APPLECP
Definition: decode-ppp.h:52
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition: decode.h:1031
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:42
PPP_IPXCP
#define PPP_IPXCP
Definition: decode-ppp.h:53
PPPOESessionHdr_::pppoe_length
uint16_t pppoe_length
Definition: decode-pppoe.h:42
IPV6_HEADER_LEN
#define IPV6_HEADER_LEN
Definition: decode-ipv6.h:27
PPP_VJ_UCOMP
#define PPP_VJ_UCOMP
Definition: decode-ppp.h:30
PPPOE_CODE_PADR
#define PPPOE_CODE_PADR
Definition: decode-pppoe.h:63
flow.h
DecodeIPV4
int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-ipv4.c:517
PPP_IPV6CP
#define PPP_IPV6CP
Definition: decode-ppp.h:56
PPPOESessionHdr_::pppoe_version_type
uint8_t pppoe_version_type
Definition: decode-pppoe.h:39
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:111
PPP_OSI
#define PPP_OSI
Definition: decode-ppp.h:36
PPP_OSICP
#define PPP_OSICP
Definition: decode-ppp.h:49
PPP_LCP
#define PPP_LCP
Definition: decode-ppp.h:58