Add PacketAnalyzer::register_for_port(s) functions

These allow packet analyzers to register ports as identifiers to forward from parent analyzers, while also adding those ports to the now-global Analyzer::ports table at the same time.
2025-10-11 11:08:20 +00:00 · 2021-11-08 16:13:47 -07:00 · 2021-11-08 16:13:47 -07:00 · 44e0760e96
commit 44e0760e96
parent 612212568a
6 changed files with 85 additions and 10 deletions
--- a/scripts/base/packet-protocols/load.zeek
+++ b/scripts/base/packet-protocols/load.zeek
@ -1,3 +1,5 @@
+@load ./main.zeek
+
@load base/packet-protocols/root
@load base/packet-protocols/ip
@load base/packet-protocols/skip
--- a/scripts/base/packet-protocols/main.zeek
+++ b/scripts/base/packet-protocols/main.zeek
@ -0,0 +1,61 @@
+module PacketAnalyzer;
+
+@load base/frameworks/analyzer/main.zeek
+
+export {
+	## Registers a set of well-known ports for an analyzer. If a future
+	## connection on one of these ports is seen, the analyzer will be
+	## automatically assigned to parsing it. The function *adds* to all ports
+	## already registered, it doesn't replace them.
+	##
+	## tag: The tag of the analyzer.
+	##
+	## ports: The set of well-known ports to associate with the analyzer.
+	##
+	## Returns: True if the ports were successfully registered.
+	global register_for_ports: function(parent: PacketAnalyzer::Tag,
+	                                    child: PacketAnalyzer::Tag,
+	                                    ports: set[port]) : bool;
+
+	## Registers an individual well-known port for an analyzer. If a future
+	## connection on this port is seen, the analyzer will be automatically
+	## assigned to parsing it. The function *adds* to all ports already
+	## registered, it doesn't replace them.
+	##
+	## tag: The tag of the analyzer.
+	##
+	## p: The well-known port to associate with the analyzer.
+	##
+	## Returns: True if the port was successfully registered.
+	global register_for_port: function(parent: PacketAnalyzer::Tag,
+	                                   child: PacketAnalyzer::Tag,
+	                                   p: port) : bool;
+}
+
+function register_for_ports(parent: PacketAnalyzer::Tag,
+                            child: PacketAnalyzer::Tag,
+                            ports: set[port]) : bool
+	{
+	local rc = T;
+
+	for ( p in ports )
+		{
+		if ( ! register_for_port(parent, child, p) )
+			rc = F;
+		}
+
+	return rc;
+	}
+
+function register_for_port(parent: PacketAnalyzer::Tag,
+                           child: PacketAnalyzer::Tag,
+                           p: port) : bool
+	{
+	register_packet_analyzer(parent, port_to_count(p), child);
+
+	if ( child !in Analyzer::ports )
+		Analyzer::ports[child] = set();
+
+	add Analyzer::ports[child][p];
+	return T;
+	}