scripts/analyzer: Introduce Analyzer::requested_analyzers

In certain deployment scenarios, all analyzers are disabled by default. However, conditionally/optionally loaded scripts may rely on analyzers functioning and declare a request for them. Add a global set set to the Analyzer module where external scripts can record their requirement/request for a certain analyzer. Analyzers found in this set are enabled at zeek_init() time.
2025-10-02 06:38:20 +00:00 · 2022-10-26 18:48:01 +02:00 · 2022-10-26 18:48:01 +02:00 · 4e75d54d49
commit 4e75d54d49
parent 061c066a51
5 changed files with 95 additions and 0 deletions
--- a/scripts/base/frameworks/analyzer/main.zeek
+++ b/scripts/base/frameworks/analyzer/main.zeek
@ -149,6 +149,16 @@ export {
 	## Analyzer::register_for_port(s) and packet analyzers can add to this
 	## using PacketAnalyzer::register_for_port(s).
 	global ports: table[AllAnalyzers::Tag] of set[port];
+
+	## A set of protocol, packet or file analyzer tags requested to
+	## be enabled during startup.
+	##
+	## By default, all analyzers in Zeek are enabled. When all analyzers
+	## are disabled through :zeek:see:`Analyzer::disable_all`, this set
+	## set allows to record analyzers to be enabled during Zeek startup.
+	##
+	## This set can be added to via :zeek:see:`redef`.
+	global requested_analyzers: set[AllAnalyzers::Tag] = {} &redef;
 }

@load base/bif/analyzer.bif
@ -164,6 +174,12 @@ event zeek_init() &priority=5
 		disable_analyzer(a);
 	}

+event zeek_init() &priority=-5
+	{
+	for ( a in requested_analyzers )
+		Analyzer::enable_analyzer(a);
+	}
+
 function enable_analyzer(tag: AllAnalyzers::Tag) : bool
 	{
 	if ( is_packet_analyzer(tag) )