diff --git a/scripts/base/packet-protocols/__load__.zeek b/scripts/base/packet-protocols/__load__.zeek
index 38e9caf788..0edfce8a76 100644
--- a/scripts/base/packet-protocols/__load__.zeek
+++ b/scripts/base/packet-protocols/__load__.zeek
@@ -10,3 +10,4 @@
@load base/packet-protocols/ppp_serial
@load base/packet-protocols/pppoe
@load base/packet-protocols/vlan
+@load base/packet-protocols/mpls
diff --git a/scripts/base/packet-protocols/mpls/__load__.zeek b/scripts/base/packet-protocols/mpls/__load__.zeek
new file mode 100644
index 0000000000..d551be57d3
--- /dev/null
+++ b/scripts/base/packet-protocols/mpls/__load__.zeek
@@ -0,0 +1 @@
+@load ./main
\ No newline at end of file
diff --git a/scripts/base/packet-protocols/mpls/main.zeek b/scripts/base/packet-protocols/mpls/main.zeek
new file mode 100644
index 0000000000..6fcf4b5777
--- /dev/null
+++ b/scripts/base/packet-protocols/mpls/main.zeek
@@ -0,0 +1,5 @@
+module PacketAnalyzer::MPLS;
+
+redef PacketAnalyzer::config_map += {
+ PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_MPLS, $analyzer=PacketAnalyzer::ANALYZER_IP)
+};
diff --git a/src/packet_analysis/protocol/mpls/MPLS.cc b/src/packet_analysis/protocol/mpls/MPLS.cc
index 945b026ea4..4ec72ad4b6 100644
--- a/src/packet_analysis/protocol/mpls/MPLS.cc
+++ b/src/packet_analysis/protocol/mpls/MPLS.cc
@@ -28,28 +28,6 @@ bool MPLSAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet
}
// According to RFC3032 the encapsulated protocol is not encoded.
- // We assume that what remains is IP.
- //TODO: Make that configurable
- if ( sizeof(struct ip) >= len )
- {
- packet->Weird("no_ip_in_mpls_payload");
- return false;
- }
-
- auto ip = (const struct ip*)data;
-
- if ( ip->ip_v == 4 )
- packet->l3_proto = L3_IPV4;
- else if ( ip->ip_v == 6 )
- packet->l3_proto = L3_IPV6;
- else
- {
- // Neither IPv4 nor IPv6.
- packet->Weird("no_ip_in_mpls_payload");
- return false;
- }
-
- packet->hdr_size = (data - packet->data);
- packet->session_analysis = true;
- return true;
+ // We use the configured default analyzer.
+ return ForwardPacket(len, data, packet);
}
diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index c95f448c08..23a92ba95e 100644
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
-#open 2020-08-28-15-37-31
+#open 2020-09-01-11-19-11
#fields name
#types string
scripts/base/init-bare.zeek
@@ -44,6 +44,8 @@ scripts/base/init-bare.zeek
scripts/base/packet-protocols/pppoe/main.zeek
scripts/base/packet-protocols/vlan/__load__.zeek
scripts/base/packet-protocols/vlan/main.zeek
+ scripts/base/packet-protocols/mpls/__load__.zeek
+ scripts/base/packet-protocols/mpls/main.zeek
scripts/base/init-frameworks-and-bifs.zeek
scripts/base/frameworks/logging/__load__.zeek
scripts/base/frameworks/logging/main.zeek
@@ -212,4 +214,4 @@ scripts/base/init-frameworks-and-bifs.zeek
build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
scripts/policy/misc/loaded-scripts.zeek
scripts/base/utils/paths.zeek
-#close 2020-08-28-15-37-31
+#close 2020-09-01-11-19-11
diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index 2c4f3c2331..f45aefe579 100644
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -3,7 +3,7 @@
#empty_field (empty)
#unset_field -
#path loaded_scripts
-#open 2020-09-22-17-07-43
+#open 2020-09-22-17-11-19
#fields name
#types string
scripts/base/init-bare.zeek
@@ -44,6 +44,8 @@ scripts/base/init-bare.zeek
scripts/base/packet-protocols/pppoe/main.zeek
scripts/base/packet-protocols/vlan/__load__.zeek
scripts/base/packet-protocols/vlan/main.zeek
+ scripts/base/packet-protocols/mpls/__load__.zeek
+ scripts/base/packet-protocols/mpls/main.zeek
scripts/base/init-frameworks-and-bifs.zeek
scripts/base/frameworks/logging/__load__.zeek
scripts/base/frameworks/logging/main.zeek
@@ -408,4 +410,4 @@ scripts/base/init-default.zeek
scripts/base/misc/find-filtered-trace.zeek
scripts/base/misc/version.zeek
scripts/policy/misc/loaded-scripts.zeek
-#close 2020-09-22-17-07-43
+#close 2020-09-22-17-11-19
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 24d3425197..d6524ea28e 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -283,7 +283,7 @@
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) ->
0.000000 MetaHookPost CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) ->
-0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T])) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Broker::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Cluster::LOG)) ->
0.000000 MetaHookPost CallFunction(Log::add_default_filter, , (Config::LOG)) ->
@@ -464,7 +464,7 @@
0.000000 MetaHookPost CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) ->
0.000000 MetaHookPost CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) ->
-0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T])) ->
+0.000000 MetaHookPost CallFunction(Log::write, , (PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T])) ->
0.000000 MetaHookPost CallFunction(NetControl::check_plugins, , ()) ->
0.000000 MetaHookPost CallFunction(NetControl::init, , ()) ->
0.000000 MetaHookPost CallFunction(Notice::want_pp, , ()) ->
@@ -866,6 +866,7 @@
0.000000 MetaHookPost LoadFile(0, base<...>/main.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/messaging.bif.zeek) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/modbus) -> -1
+0.000000 MetaHookPost LoadFile(0, base<...>/mpls) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/mqtt) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/mysql) -> -1
0.000000 MetaHookPost LoadFile(0, base<...>/netcontrol) -> -1
@@ -1226,7 +1227,7 @@
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::__create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000 MetaHookPre CallFunction(Log::__write, , (PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Broker::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Cluster::LOG))
0.000000 MetaHookPre CallFunction(Log::add_default_filter, , (Config::LOG))
@@ -1407,7 +1408,7 @@
0.000000 MetaHookPre CallFunction(Log::create_stream, , (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
0.000000 MetaHookPre CallFunction(Log::create_stream, , (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
0.000000 MetaHookPre CallFunction(Log::create_stream, , (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000 MetaHookPre CallFunction(Log::write, , (PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T]))
0.000000 MetaHookPre CallFunction(NetControl::check_plugins, , ())
0.000000 MetaHookPre CallFunction(NetControl::init, , ())
0.000000 MetaHookPre CallFunction(Notice::want_pp, , ())
@@ -1809,6 +1810,7 @@
0.000000 MetaHookPre LoadFile(0, base<...>/main.zeek)
0.000000 MetaHookPre LoadFile(0, base<...>/messaging.bif.zeek)
0.000000 MetaHookPre LoadFile(0, base<...>/modbus)
+0.000000 MetaHookPre LoadFile(0, base<...>/mpls)
0.000000 MetaHookPre LoadFile(0, base<...>/mqtt)
0.000000 MetaHookPre LoadFile(0, base<...>/mysql)
0.000000 MetaHookPre LoadFile(0, base<...>/netcontrol)
@@ -2168,7 +2170,7 @@
0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@@ -2349,7 +2351,7 @@
0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T])
0.000000 | HookCallFunction NetControl::check_plugins()
0.000000 | HookCallFunction NetControl::init()
0.000000 | HookCallFunction Notice::want_pp()
@@ -2763,6 +2765,7 @@
0.000000 | HookLoadFile base<...>/main.zeek
0.000000 | HookLoadFile base<...>/messaging.bif.zeek
0.000000 | HookLoadFile base<...>/modbus
+0.000000 | HookLoadFile base<...>/mpls
0.000000 | HookLoadFile base<...>/mqtt
0.000000 | HookLoadFile base<...>/mysql
0.000000 | HookLoadFile base<...>/netcontrol
@@ -2822,7 +2825,7 @@
0.000000 | HookLoadFile base<...>/xmpp
0.000000 | HookLoadFile base<...>/zeek.bif.zeek
0.000000 | HookLogInit packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite packet_filter [ts=1600794430.221915, node=zeek, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite packet_filter [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T]
0.000000 | HookQueueEvent NetControl::init()
0.000000 | HookQueueEvent filter_change_tracking()
0.000000 | HookQueueEvent zeek_init()