Bring back default packet analysis.

Default analyzers can be configured per packet analyzer by omitting the identifier in the ConfigEntry.
2025-10-14 20:48:21 +00:00 · 2020-08-21 18:11:05 +02:00 · 2020-08-21 18:11:05 +02:00 · 462b1fe3a2
commit 462b1fe3a2
parent d4ff5a236c
9 changed files with 81 additions and 21 deletions
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@ -5357,8 +5357,9 @@ export {
        parent : PacketAnalyzer::Tag &optional;

        # A numeric identifier, which can be found in the packet data, that denotes the
-        # encapsulated protocol.
-        identifier : count;
+        # encapsulated protocol. This field is optional. If it is not included, the
+        # configured child analyzer will be used as default analyzer.
+        identifier : count &optional;

        # The analyzer that corresponds to the above identifier.
        analyzer : PacketAnalyzer::Tag;
--- a/scripts/base/packet-protocols/load.zeek
+++ b/scripts/base/packet-protocols/load.zeek
@ -1,4 +1,4 @@
-#@load base/packet-protocols/default
+@load base/packet-protocols/default
@load base/packet-protocols/ethernet
 #@load base/packet-protocols/fddi
 #@load base/packet-protocols/ieee802_11
--- a/scripts/base/packet-protocols/default/main.zeek
+++ b/scripts/base/packet-protocols/default/main.zeek
@ -1,6 +1,7 @@
 module LL_DEFAULT;

 redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($analyzer=PacketAnalyzer::ANALYZER_DEFAULTANALYZER),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=4, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
 };
--- a/scripts/base/packet-protocols/ethernet/main.zeek
+++ b/scripts/base/packet-protocols/ethernet/main.zeek
@ -12,5 +12,6 @@ redef PacketAnalyzer::config_map += {
 	#PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
 	#PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
 	#PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x9100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
-	#PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE)
+	#PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $analyzer=PacketAnalyzer::ANALYZER_DEFAULTANALYZER)
 };