suricata
decode-pppoe.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2021 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \ingroup decode
20  *
21  * @{
22  */
23 
24 
25 /**
26  * \file
27  *
28  * \author James Riden <jamesr@europe.com>
29  *
30  * PPPOE Decoder
31  */
32 
33 #include "suricata-common.h"
34 
35 #include "packet-queue.h"
36 
37 #include "decode.h"
38 #include "decode-ppp.h"
39 #include "decode-pppoe.h"
40 #include "decode-events.h"
41 #include "flow.h"
42 
43 #include "util-validate.h"
44 #include "util-unittest.h"
45 #include "util-debug.h"
46 
47 /**
48  * \brief Main decoding function for PPPOE Discovery packets
49  */
51  const uint8_t *pkt, uint32_t len)
52 {
53  DEBUG_VALIDATE_BUG_ON(pkt == NULL);
54 
56 
59  return TM_ECODE_FAILED;
60  }
61 
62  PPPOEDiscoveryHdr *pppoedh = (PPPOEDiscoveryHdr *)pkt;
63 
64  /* parse the PPPOE code */
65  switch (pppoedh->pppoe_code) {
66  case PPPOE_CODE_PADI:
67  break;
68  case PPPOE_CODE_PADO:
69  break;
70  case PPPOE_CODE_PADR:
71  break;
72  case PPPOE_CODE_PADS:
73  break;
74  case PPPOE_CODE_PADT:
75  break;
76  default:
77  SCLogDebug("unknown PPPOE code: 0x%0" PRIX8 "", pppoedh->pppoe_code);
79  return TM_ECODE_OK;
80  }
81 
82  uint32_t pppoe_length = SCNtohs(pppoedh->pppoe_length);
83  uint32_t packet_length = len - PPPOE_DISCOVERY_HEADER_MIN_LEN ;
84 
85  SCLogDebug("pppoe_length %"PRIu32", packet_length %"PRIu32"",
86  pppoe_length, packet_length);
87 
88  if (pppoe_length > packet_length) {
89  SCLogDebug("malformed PPPOE tags");
91  return TM_ECODE_OK;
92  }
93 
94 #ifdef DEBUG
95  /* parse any tags we have in the packet */
96 
97  uint32_t tag_length = 0;
98  const uint8_t *pkt_pppoedt = pkt + PPPOE_DISCOVERY_HEADER_MIN_LEN;
99 
100  // packet_length >= pppoe_length so we have enough data
101  while (pppoe_length >= sizeof(PPPOEDiscoveryTag)) {
102  PPPOEDiscoveryTag *pppoedt = (PPPOEDiscoveryTag *)pkt_pppoedt;
103  uint16_t tag_type = SCNtohs(pppoedt->pppoe_tag_type);
104  // upgrade to u32 to avoid u16 overflow
105  tag_length = SCNtohs(pppoedt->pppoe_tag_length);
106 
107  SCLogDebug ("PPPoE Tag type %x, length %"PRIu32, tag_type, tag_length);
108 
109  if (pppoe_length >= (4 + tag_length)) {
110  pppoe_length -= (4 + tag_length);
111  pkt_pppoedt = pkt_pppoedt + (4 + tag_length);
112  } else {
113  pppoe_length = 0; // don't want an underflow
114  }
115  }
116 #endif
117 
118  return TM_ECODE_OK;
119 }
120 
121 /**
122  * \brief Main decoding function for PPPOE Session packets
123  */
125  const uint8_t *pkt, uint32_t len)
126 {
127  DEBUG_VALIDATE_BUG_ON(pkt == NULL);
128 
130 
133  return TM_ECODE_FAILED;
134  }
135 
136  PPPOESessionHdr *pppoesh = (PPPOESessionHdr *)pkt;
137 
138  SCLogDebug("PPPOE VERSION %" PRIu32 " TYPE %" PRIu32 " CODE %" PRIu32 " SESSIONID %" PRIu32
139  " LENGTH %" PRIu32 "",
141  pppoesh->pppoe_code, SCNtohs(pppoesh->session_id), SCNtohs(pppoesh->pppoe_length));
142 
143  /* can't use DecodePPP() here because we only get a single 2-byte word to indicate protocol instead of the full PPP header */
144  if (SCNtohs(pppoesh->pppoe_length) > 0) {
145  /* decode contained PPP packet */
146 
147  uint8_t pppoesh_len;
148  uint16_t ppp_protocol = SCNtohs(pppoesh->protocol);
149 
150  /* According to RFC1661-2, if the least significant bit of the most significant octet is
151  * set, we're dealing with a single-octet protocol field */
152  if (ppp_protocol & 0x0100) {
153  /* Single-octet variant */
154  ppp_protocol >>= 8;
155  pppoesh_len = PPPOE_SESSION_HEADER_MIN_LEN;
156  } else {
157  /* Double-octet variant; increase the length of the session header accordingly */
158  pppoesh_len = PPPOE_SESSION_HEADER_MIN_LEN + 1;
159 
160  if (len < pppoesh_len) {
162  return TM_ECODE_FAILED;
163  }
164  }
165 
166  SCLogDebug("Protocol %" PRIu16 " len %" PRIu8 "", ppp_protocol, pppoesh_len);
167 
168  switch (ppp_protocol) {
169  case PPP_VJ_COMP:
170  case PPP_IPX:
171  case PPP_OSI:
172  case PPP_NS:
173  case PPP_DECNET:
174  case PPP_APPLE:
175  case PPP_BRPDU:
176  case PPP_STII:
177  case PPP_VINES:
178  case PPP_HELLO:
179  case PPP_LUXCOM:
180  case PPP_SNS:
181  case PPP_MPLS_UCAST:
182  case PPP_MPLS_MCAST:
183  case PPP_IPCP:
184  case PPP_OSICP:
185  case PPP_NSCP:
186  case PPP_DECNETCP:
187  case PPP_APPLECP:
188  case PPP_IPXCP:
189  case PPP_STIICP:
190  case PPP_VINESCP:
191  case PPP_IPV6CP:
192  case PPP_MPLSCP:
193  case PPP_LCP:
194  case PPP_PAP:
195  case PPP_LQM:
196  case PPP_CHAP:
198  break;
199 
200  case PPP_VJ_UCOMP:
201 
202  if (len - pppoesh_len < IPV4_HEADER_LEN) {
204  return TM_ECODE_OK;
205  }
206  if (unlikely(len - pppoesh_len > USHRT_MAX)) {
207  return TM_ECODE_FAILED;
208  }
209 
210  if (IPV4_GET_RAW_VER((IPV4Hdr *)(pkt + pppoesh_len)) == 4) {
211  DecodeIPV4(tv, dtv, p, pkt + pppoesh_len, (uint16_t)(len - pppoesh_len));
212  }
213  break;
214 
215  case PPP_IP:
216  if (len - pppoesh_len < IPV4_HEADER_LEN) {
218  return TM_ECODE_OK;
219  }
220  if (unlikely(len - pppoesh_len > USHRT_MAX)) {
221  return TM_ECODE_FAILED;
222  }
223  DecodeIPV4(tv, dtv, p, pkt + pppoesh_len, (uint16_t)(len - pppoesh_len));
224  break;
225 
226  /* PPP IPv6 was not tested */
227  case PPP_IPV6:
228  if (len - pppoesh_len < IPV6_HEADER_LEN) {
230  return TM_ECODE_OK;
231  }
232  if (unlikely(len - pppoesh_len > USHRT_MAX)) {
233  return TM_ECODE_FAILED;
234  }
235 
236  DecodeIPV6(tv, dtv, p, pkt + pppoesh_len, (uint16_t)(len - pppoesh_len));
237  break;
238 
239  default:
240  SCLogDebug("unknown PPP protocol: %" PRIx32 "", ppp_protocol);
242  return TM_ECODE_OK;
243  }
244  }
245  return TM_ECODE_OK;
246 }
247 
248 #ifdef UNITTESTS
249 /** DecodePPPOEtest01
250  * \brief Decode malformed PPPOE packet (too short)
251  * \retval 1 Expected test value
252  */
253 static int DecodePPPOEtest01 (void)
254 {
255 
256  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x00, 0x00 };
257  Packet *p = PacketGetFromAlloc();
258  FAIL_IF_NULL(p);
259  ThreadVars tv;
261 
262  memset(&tv, 0, sizeof(ThreadVars));
263  memset(&dtv, 0, sizeof(DecodeThreadVars));
264 
265  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
266 
268 
269  SCFree(p);
270  PASS;
271 }
272 
273 /** DecodePPPOEtest02
274  * \brief Valid PPPOE packet - check the invalid ICMP type encapsulated is flagged
275  * \retval 0 Expected test value
276  */
277 static int DecodePPPOEtest02 (void)
278 {
279 
280  uint8_t raw_pppoe[] = {
281  0x11, 0x00, 0x00, 0x01, 0x00, 0x40, 0x00, 0x21,
282  0x45, 0x00, 0x00, 0x3c, 0x05, 0x5c, 0x00, 0x00,
283  0x20, 0x01, 0xff, 0x30, 0xc0, 0xa8, 0x0a, 0x7f,
284  0xc0, 0xa8, 0x0a, 0x65, 0xab, 0xcd, 0x16, 0x5e,
285  0x02, 0x00, 0x37, 0x00, 0x41, 0x42, 0x43, 0x44,
286  0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c,
287  0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, 0x54,
288  0x55, 0x56, 0x57, 0x41, 0x42, 0x43, 0x44, 0x45,
289  0x46, 0x47, 0x48, 0x49 };
290 
291  Packet *p = PacketGetFromAlloc();
292  FAIL_IF_NULL(p);
293  ThreadVars tv;
295 
296  memset(&tv, 0, sizeof(ThreadVars));
297  memset(&dtv, 0, sizeof(DecodeThreadVars));
298 
300 
301  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
302 
304 
305  // and we insist that the invalid ICMP encapsulated (type 0xab, code 0xcd) is flagged
307 
308  FlowShutdown();
309  SCFree(p);
310  PASS;
311 }
312 
313 
314 /** DecodePPPOEtest03
315  * \brief Valid example PADO packet PPPOE packet taken from RFC2516
316  * \retval 0 Expected test value
317  */
318 static int DecodePPPOEtest03 (void)
319 {
320  /* example PADO packet taken from RFC2516 */
321  uint8_t raw_pppoe[] = {
322  0x11, 0x07, 0x00, 0x00, 0x00, 0x20, 0x01, 0x01,
323  0x00, 0x00, 0x01, 0x02, 0x00, 0x18, 0x47, 0x6f,
324  0x20, 0x52, 0x65, 0x64, 0x42, 0x61, 0x63, 0x6b,
325  0x20, 0x2d, 0x20, 0x65, 0x73, 0x68, 0x73, 0x68,
326  0x65, 0x73, 0x68, 0x6f, 0x6f, 0x74
327  };
328 
329  Packet *p = PacketGetFromAlloc();
330  FAIL_IF_NULL(p);
331  ThreadVars tv;
333 
334  memset(&tv, 0, sizeof(ThreadVars));
335  memset(&dtv, 0, sizeof(DecodeThreadVars));
336 
337  int r = DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
338  FAIL_IF_NOT(r == TM_ECODE_OK);
339 
340  SCFree(p);
341  PASS;
342 }
343 
344 /** DecodePPPOEtest04
345  * \brief Valid example PPPOE packet taken from RFC2516 - but with wrong PPPOE code
346  * \retval 1 Expected test value
347  */
348 static int DecodePPPOEtest04 (void)
349 {
350 
351  /* example PADI packet taken from RFC2516, but with wrong code */
352  uint8_t raw_pppoe[] = {
353  0x11, 0xbb, 0x00, 0x00, 0x00, 0x04, 0x01, 0x01,
354  0x00, 0x00
355  };
356 
357  Packet *p = PacketGetFromAlloc();
358  FAIL_IF_NULL(p);
359  ThreadVars tv;
361 
362  memset(&tv, 0, sizeof(ThreadVars));
363  memset(&dtv, 0, sizeof(DecodeThreadVars));
364 
365  DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
366 
368 
369  SCFree(p);
370  PASS;
371 }
372 
373 /** DecodePPPOEtest05
374  * \brief Valid example PADO PPPOE packet taken from RFC2516, but too short for given length
375  * \retval 0 Expected test value
376  */
377 static int DecodePPPOEtest05 (void)
378 {
379 
380  /* example PADI packet taken from RFC2516 */
381  uint8_t raw_pppoe[] = {
382  0x11, 0x07, 0x00, 0x00, 0x00, 0x20, 0x01, 0x01,
383  0x00, 0x00, 0x01, 0x02, 0x00, 0x18, 0x47, 0x6f,
384  0x20, 0x52, 0x65, 0x64, 0x42, 0x61, 0x63, 0x6b,
385  0x20, 0x2d, 0x20, 0x65, 0x73, 0x68, 0x73, 0x68
386  };
387 
388  Packet *p = PacketGetFromAlloc();
389  FAIL_IF_NULL(p);
390  ThreadVars tv;
392 
393  memset(&tv, 0, sizeof(ThreadVars));
394  memset(&dtv, 0, sizeof(DecodeThreadVars));
395 
396  DecodePPPOEDiscovery(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
397 
399 
400  SCFree(p);
401  PASS;
402 }
403 
404 /** DecodePPPOEtest06
405  * \brief Check that the macros work as expected. Type and version are
406  * fields of 4 bits length. So they are sharing the same var and the macros
407  * should extract the first 4 bits for version and the second 4 bits for type
408  * \retval 1 Expected test value
409  */
410 static int DecodePPPOEtest06 (void)
411 {
412 
413  PPPOESessionHdr pppoesh;
414  PPPOEDiscoveryHdr pppoedh;
415  pppoesh.pppoe_version_type = 0xAB;
416  pppoedh.pppoe_version_type = 0xCD;
417 
418  FAIL_IF(PPPOE_SESSION_GET_VERSION(&pppoesh) != 0x0A);
419  FAIL_IF(PPPOE_SESSION_GET_TYPE(&pppoesh) != 0x0B);
420  FAIL_IF(PPPOE_DISCOVERY_GET_VERSION(&pppoedh) != 0x0C);
421  FAIL_IF(PPPOE_DISCOVERY_GET_TYPE(&pppoedh) != 0x0D);
422  PASS;
423 }
424 
425 /** DecodePPPOEtest07
426  * \brief Valid PPPOE packet with 8 bit protocol field - check the valid ICMP type is accepted
427  * \retval 1 Expected test value
428  */
429 static int DecodePPPOEtest07(void)
430 {
431 
432  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x2d, 0x00, 0x1c, 0x21, 0x45, 0x00, 0x00, 0x1d, 0x97,
433  0xc3, 0x00, 0x00, 0x40, 0x01, 0x47, 0x0f, 0x0a, 0x64, 0x00, 0x00, 0xc0, 0xa8, 0xd1, 0x01,
434  0x08, 0x00, 0xd4, 0x4c, 0x1f, 0x32, 0x04, 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
435  0x00, 0x00, 0x00, 0x00 };
436 
437  Packet *p = PacketGetFromAlloc();
438  FAIL_IF_NULL(p);
439  ThreadVars tv;
441 
442  memset(&tv, 0, sizeof(ThreadVars));
443  memset(&dtv, 0, sizeof(DecodeThreadVars));
444 
445  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
446 
448  SCFree(p);
449  PASS;
450 }
451 
452 /** DecodePPPOEtest08
453  * \brief Valid PPPOE packet with 8 bit protocol field - check the valid HTTP type is accepted
454  * \retval 1 Expected test value
455  */
456 static int DecodePPPOEtest08(void)
457 {
458 
459  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x2d, 0x00, 0x3d, 0x21, 0x45, 0x00, 0x00, 0x3c, 0x00,
460  0x00, 0x40, 0x00, 0x40, 0x06, 0xed, 0xda, 0x0a, 0x64, 0x00, 0x00, 0x8e, 0xfa, 0xb3, 0x83,
461  0xde, 0xb5, 0x00, 0x50, 0xd4, 0xbd, 0x76, 0x54, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02, 0xfe,
462  0xcc, 0x74, 0x2f, 0x00, 0x00, 0x02, 0x04, 0x05, 0xac, 0x01, 0x03, 0x03, 0x07, 0x04, 0x02,
463  0x08, 0x0a, 0xcb, 0xae, 0x92, 0x63, 0x00, 0x00, 0x00, 0x00 };
464 
465  Packet *p = PacketGetFromAlloc();
466  FAIL_IF_NULL(p);
467  ThreadVars tv;
469 
470  memset(&tv, 0, sizeof(ThreadVars));
471  memset(&dtv, 0, sizeof(DecodeThreadVars));
472 
473  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
474 
476  SCFree(p);
477  PASS;
478 }
479 
480 /** DecodePPPOEtest09
481  * \brief Valid PPPOE packet with 16 bit protocol field - check the valid ICMP type is accepted
482  * \retval 1 Expected test value
483  */
484 static int DecodePPPOEtest09(void)
485 {
486 
487  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x2d, 0x00, 0x1c, 0x00, 0x21, 0x45, 0x00, 0x00, 0x1d,
488  0x97, 0xc3, 0x00, 0x00, 0x40, 0x01, 0x47, 0x0f, 0x0a, 0x64, 0x00, 0x00, 0xc0, 0xa8, 0xd1,
489  0x01, 0x08, 0x00, 0xd4, 0x4c, 0x1f, 0x32, 0x04, 0x81, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
490  0x00, 0x00, 0x00, 0x00, 0x00 };
491 
492  Packet *p = PacketGetFromAlloc();
493  FAIL_IF_NULL(p);
494  ThreadVars tv;
496 
497  memset(&tv, 0, sizeof(ThreadVars));
498  memset(&dtv, 0, sizeof(DecodeThreadVars));
499 
500  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
501 
503  SCFree(p);
504  PASS;
505 }
506 
507 /** DecodePPPOEtest10
508  * \brief Valid PPPOE packet with 16 bit protocol field - check the valid HTTP type is accepted
509  * \retval 1 Expected test value
510  */
511 static int DecodePPPOEtest10(void)
512 {
513 
514  uint8_t raw_pppoe[] = { 0x11, 0x00, 0x00, 0x2d, 0x00, 0x3d, 0x00, 0x21, 0x45, 0x00, 0x00, 0x3c,
515  0x00, 0x00, 0x40, 0x00, 0x40, 0x06, 0xed, 0xda, 0x0a, 0x64, 0x00, 0x00, 0x8e, 0xfa, 0xb3,
516  0x83, 0xde, 0xb5, 0x00, 0x50, 0xd4, 0xbd, 0x76, 0x54, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x02,
517  0xfe, 0xcc, 0x74, 0x2f, 0x00, 0x00, 0x02, 0x04, 0x05, 0xac, 0x01, 0x03, 0x03, 0x07, 0x04,
518  0x02, 0x08, 0x0a, 0xcb, 0xae, 0x92, 0x63, 0x00, 0x00, 0x00, 0x00 };
519 
520  Packet *p = PacketGetFromAlloc();
521  FAIL_IF_NULL(p);
522  ThreadVars tv;
524 
525  memset(&tv, 0, sizeof(ThreadVars));
526  memset(&dtv, 0, sizeof(DecodeThreadVars));
527 
528  DecodePPPOESession(&tv, &dtv, p, raw_pppoe, sizeof(raw_pppoe));
529 
531  SCFree(p);
532  PASS;
533 }
534 #endif /* UNITTESTS */
535 
536 /**
537  * \brief Registers PPPOE unit tests
538  * \todo More PPPOE tests
539  */
541 {
542 #ifdef UNITTESTS
543  UtRegisterTest("DecodePPPOEtest01", DecodePPPOEtest01);
544  UtRegisterTest("DecodePPPOEtest02", DecodePPPOEtest02);
545  UtRegisterTest("DecodePPPOEtest03", DecodePPPOEtest03);
546  UtRegisterTest("DecodePPPOEtest04", DecodePPPOEtest04);
547  UtRegisterTest("DecodePPPOEtest05", DecodePPPOEtest05);
548  UtRegisterTest("DecodePPPOEtest06", DecodePPPOEtest06);
549  UtRegisterTest("DecodePPPOEtest07", DecodePPPOEtest07);
550  UtRegisterTest("DecodePPPOEtest08", DecodePPPOEtest08);
551  UtRegisterTest("DecodePPPOEtest09", DecodePPPOEtest09);
552  UtRegisterTest("DecodePPPOEtest10", DecodePPPOEtest10);
553 #endif /* UNITTESTS */
554 }
555 
556 /**
557  * @}
558  */
ENGINE_SET_EVENT
#define ENGINE_SET_EVENT(p, e)
Definition: decode.h:1155
PPP_MPLS_MCAST
#define PPP_MPLS_MCAST
Definition: decode-ppp.h:47
len
uint8_t len
Definition: app-layer-dnp3.h:2
PPP_PAP
#define PPP_PAP
Definition: decode-ppp.h:59
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
PPPOE_SESSION_HEADER_MIN_LEN
#define PPPOE_SESSION_HEADER_MIN_LEN
Definition: decode-pppoe.h:28
PPP_HELLO
#define PPP_HELLO
Definition: decode-ppp.h:43
StatsIncr
void StatsIncr(ThreadVars *tv, uint16_t id)
Increments the local counter.
Definition: counters.c:166
PPPOE_CODE_PADS
#define PPPOE_CODE_PADS
Definition: decode-pppoe.h:62
PPP_LQM
#define PPP_LQM
Definition: decode-ppp.h:60
decode-pppoe.h
ICMPV4_UNKNOWN_TYPE
@ ICMPV4_UNKNOWN_TYPE
Definition: decode-events.h:49
unlikely
#define unlikely(expr)
Definition: util-optimize.h:35
PPP_SNS
#define PPP_SNS
Definition: decode-ppp.h:45
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
PPPIPV4_PKT_TOO_SMALL
@ PPPIPV4_PKT_TOO_SMALL
Definition: decode-events.h:117
PPPOESessionHdr_
Definition: decode-pppoe.h:36
ENGINE_ISSET_EVENT
#define ENGINE_ISSET_EVENT(p, e)
Definition: decode.h:1170
SCLogDebug
#define SCLogDebug(...)
Definition: util-debug.h:269
PPPOE_WRONG_CODE
@ PPPOE_WRONG_CODE
Definition: decode-events.h:124
PPPOESessionHdr_::protocol
uint16_t protocol
Definition: decode-pppoe.h:41
PPP_NSCP
#define PPP_NSCP
Definition: decode-ppp.h:50
PPP_VINES
#define PPP_VINES
Definition: decode-ppp.h:42
PPPVJU_PKT_TOO_SMALL
@ PPPVJU_PKT_TOO_SMALL
Definition: decode-events.h:116
PPPOESessionHdr_::session_id
uint16_t session_id
Definition: decode-pppoe.h:39
packet-queue.h
PPP_UNSUP_PROTO
@ PPP_UNSUP_PROTO
Definition: decode-events.h:120
PPP_IP
#define PPP_IP
Definition: decode-ppp.h:28
PPPOE_SESSION_GET_TYPE
#define PPPOE_SESSION_GET_TYPE(hdr)
Definition: decode-pppoe.h:31
TM_ECODE_FAILED
@ TM_ECODE_FAILED
Definition: tm-threads-common.h:83
PPP_BRPDU
#define PPP_BRPDU
Definition: decode-ppp.h:40
util-unittest.h
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
TM_ECODE_OK
@ TM_ECODE_OK
Definition: tm-threads-common.h:82
PPP_LUXCOM
#define PPP_LUXCOM
Definition: decode-ppp.h:44
FlowInitConfig
void FlowInitConfig(bool quiet)
initialize the configuration
Definition: flow.c:530
decode.h
util-debug.h
PPP_STIICP
#define PPP_STIICP
Definition: decode-ppp.h:54
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
PPP_IPX
#define PPP_IPX
Definition: decode-ppp.h:35
decode-ppp.h
ThreadVars_
Per thread variable structure.
Definition: threadvars.h:57
PPP_IPCP
#define PPP_IPCP
Definition: decode-ppp.h:48
PPPOE_SESSION_GET_VERSION
#define PPPOE_SESSION_GET_VERSION(hdr)
Definition: decode-pppoe.h:30
PPP_VJ_COMP
#define PPP_VJ_COMP
Definition: decode-ppp.h:34
PPP_VINESCP
#define PPP_VINESCP
Definition: decode-ppp.h:55
PPP_MPLSCP
#define PPP_MPLSCP
Definition: decode-ppp.h:57
pppoe_length
uint16_t pppoe_length
Definition: decode-pppoe.h:3
PPPOE_CODE_PADI
#define PPPOE_CODE_PADI
Definition: decode-pppoe.h:59
Packet_
Definition: decode.h:479
DecodeIPV6
int DecodeIPV6(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-ipv6.c:560
PPPOE_CODE_PADT
#define PPPOE_CODE_PADT
Definition: decode-pppoe.h:63
IPV4_GET_RAW_VER
#define IPV4_GET_RAW_VER(ip4h)
Definition: decode-ipv4.h:95
PPP_DECNETCP
#define PPP_DECNETCP
Definition: decode-ppp.h:51
decode-events.h
dtv
DecodeThreadVars * dtv
Definition: fuzz_decodepcapfile.c:33
IPV4Hdr_
Definition: decode-ipv4.h:72
DecodePPPOEDiscovery
int DecodePPPOEDiscovery(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Main decoding function for PPPOE Discovery packets.
Definition: decode-pppoe.c:50
PPP_APPLE
#define PPP_APPLE
Definition: decode-ppp.h:39
PPPOE_DISCOVERY_GET_TYPE
#define PPPOE_DISCOVERY_GET_TYPE(hdr)
Definition: decode-pppoe.h:33
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
SCNtohs
#define SCNtohs(x)
Definition: suricata-common.h:414
suricata-common.h
PPPOE_DISCOVERY_GET_VERSION
#define PPPOE_DISCOVERY_GET_VERSION(hdr)
Definition: decode-pppoe.h:32
FlowShutdown
void FlowShutdown(void)
shutdown the flow engine
Definition: flow.c:677
PPP_MPLS_UCAST
#define PPP_MPLS_UCAST
Definition: decode-ppp.h:46
IPV4_HEADER_LEN
#define IPV4_HEADER_LEN
Definition: decode-ipv4.h:28
DecodePPPOERegisterTests
void DecodePPPOERegisterTests(void)
Registers PPPOE unit tests.
Definition: decode-pppoe.c:540
PPP_NS
#define PPP_NS
Definition: decode-ppp.h:37
PPP_DECNET
#define PPP_DECNET
Definition: decode-ppp.h:38
tv
ThreadVars * tv
Definition: fuzz_decodepcapfile.c:32
PPPOESessionHdr_::pppoe_code
uint8_t pppoe_code
Definition: decode-pppoe.h:38
util-validate.h
PacketGetFromAlloc
Packet * PacketGetFromAlloc(void)
Get a malloced packet.
Definition: decode.c:232
PPP_IPV6
#define PPP_IPV6
Definition: decode-ppp.h:29
DecodeThreadVars_::counter_pppoe
uint16_t counter_pppoe
Definition: decode.h:980
PPPIPV6_PKT_TOO_SMALL
@ PPPIPV6_PKT_TOO_SMALL
Definition: decode-events.h:118
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DecodeThreadVars_
Structure to hold thread specific data for all decode modules.
Definition: decode.h:938
PPPOE_CODE_PADO
#define PPPOE_CODE_PADO
Definition: decode-pppoe.h:60
DecodePPPOESession
int DecodePPPOESession(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint32_t len)
Main decoding function for PPPOE Session packets.
Definition: decode-pppoe.c:124
PPP_WRONG_TYPE
@ PPP_WRONG_TYPE
Definition: decode-events.h:119
PPPOE_DISCOVERY_HEADER_MIN_LEN
#define PPPOE_DISCOVERY_HEADER_MIN_LEN
Definition: decode-pppoe.h:29
PPP_STII
#define PPP_STII
Definition: decode-ppp.h:41
PPP_CHAP
#define PPP_CHAP
Definition: decode-ppp.h:61
PPP_APPLECP
#define PPP_APPLECP
Definition: decode-ppp.h:52
ENGINE_SET_INVALID_EVENT
#define ENGINE_SET_INVALID_EVENT(p, e)
Definition: decode.h:1163
FLOW_QUIET
#define FLOW_QUIET
Definition: flow.h:43
PPP_IPXCP
#define PPP_IPXCP
Definition: decode-ppp.h:53
PPPOESessionHdr_::pppoe_length
uint16_t pppoe_length
Definition: decode-pppoe.h:40
IPV6_HEADER_LEN
#define IPV6_HEADER_LEN
Definition: decode-ipv6.h:27
PPP_VJ_UCOMP
#define PPP_VJ_UCOMP
Definition: decode-ppp.h:30
PPPOE_CODE_PADR
#define PPPOE_CODE_PADR
Definition: decode-pppoe.h:61
PPPOE_MALFORMED_TAGS
@ PPPOE_MALFORMED_TAGS
Definition: decode-events.h:125
flow.h
DecodeIPV4
int DecodeIPV4(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, const uint8_t *pkt, uint16_t len)
Definition: decode-ipv4.c:520
PPP_IPV6CP
#define PPP_IPV6CP
Definition: decode-ppp.h:56
PPPOESessionHdr_::pppoe_version_type
uint8_t pppoe_version_type
Definition: decode-pppoe.h:37
DEBUG_VALIDATE_BUG_ON
#define DEBUG_VALIDATE_BUG_ON(exp)
Definition: util-validate.h:102
PPP_OSI
#define PPP_OSI
Definition: decode-ppp.h:36
PPP_OSICP
#define PPP_OSICP
Definition: decode-ppp.h:49
PPP_LCP
#define PPP_LCP
Definition: decode-ppp.h:58
PPPOE_PKT_TOO_SMALL
@ PPPOE_PKT_TOO_SMALL
Definition: decode-events.h:123