From bfa466f2eb50411bcf181d7f3aeafb610463aec9 Mon Sep 17 00:00:00 2001
From: Jan Grashoefer <jan.grashoefer@corelight.com>
Date: Thu, 30 Mar 2023 16:19:39 +0200
Subject: [PATCH] Reintroduce info when overriding packet analyzer mappings.

In #2464 the warning when overriding a packet analyzer mapping was
removed. While a warning seems indeed excessive, some info would still
be nice to have.
---
 src/packet_analysis/Dispatcher.cc                     |  4 ++++
 .../core.packet-analyzer-override/reporter.log        | 11 +++++++++++
 testing/btest/core/packet-analyzer-override.zeek      |  9 +++++++++
 3 files changed, 24 insertions(+)
 create mode 100644 testing/btest/Baseline/core.packet-analyzer-override/reporter.log
 create mode 100644 testing/btest/core/packet-analyzer-override.zeek

diff --git a/src/packet_analysis/Dispatcher.cc b/src/packet_analysis/Dispatcher.cc
index 8c21254bb9..3374d1ae76 100644
--- a/src/packet_analysis/Dispatcher.cc
+++ b/src/packet_analysis/Dispatcher.cc
@@ -52,6 +52,10 @@ void Dispatcher::Register(uint32_t identifier, AnalyzerPtr analyzer)
 		}
 
 	int64_t index = identifier - lowest_identifier;
+	if ( table[index] != nullptr )
+		reporter->Info("Overwriting packet analyzer mapping %#8" PRIx64 " => %s with %s",
+		               index + lowest_identifier, table[index]->GetAnalyzerName(),
+		               analyzer->GetAnalyzerName());
 	table[index] = std::move(analyzer);
 	}
 
diff --git a/testing/btest/Baseline/core.packet-analyzer-override/reporter.log b/testing/btest/Baseline/core.packet-analyzer-override/reporter.log
new file mode 100644
index 0000000000..23cd375789
--- /dev/null
+++ b/testing/btest/Baseline/core.packet-analyzer-override/reporter.log
@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	reporter
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	level	message	location
+#types	time	enum	string	string
+XXXXXXXXXX.XXXXXX	Reporter::INFO	Overwriting packet analyzer mapping    0x800 => IP with SKIP	(empty)
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/core/packet-analyzer-override.zeek b/testing/btest/core/packet-analyzer-override.zeek
new file mode 100644
index 0000000000..4f3083ceef
--- /dev/null
+++ b/testing/btest/core/packet-analyzer-override.zeek
@@ -0,0 +1,9 @@
+# @TEST-EXEC: zeek -b %INPUT
+# @TEST-EXEC: btest-diff reporter.log
+
+redef PacketAnalyzer::SKIP::skip_bytes: count = 0;
+
+event zeek_init()
+	{
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ETHERNET, 0x0800, PacketAnalyzer::ANALYZER_SKIP);
+	}