Simplify packet analyzer config.

2025-10-06 16:48:19 +00:00 · 2020-09-07 20:46:14 +02:00 · 2020-09-07 20:46:14 +02:00 · 7ede4f48bd
commit 7ede4f48bd
parent efa262a229
28 changed files with 233 additions and 213 deletions
--- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2020-09-01-11-19-11
+#open	2020-09-08-08-14-03
 #fields	name
 #types	string
 scripts/base/init-bare.zeek
@ -20,6 +20,8 @@ scripts/base/init-bare.zeek
  build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek
  build/scripts/base/bif/event.bif.zeek
  scripts/base/packet-protocols/__load__.zeek
+    scripts/base/packet-protocols/root/__load__.zeek
+      scripts/base/packet-protocols/root/main.zeek
    scripts/base/packet-protocols/ip/__load__.zeek
      scripts/base/packet-protocols/ip/main.zeek
    scripts/base/packet-protocols/skip/__load__.zeek
@ -214,4 +216,4 @@ scripts/base/init-frameworks-and-bifs.zeek
    build/scripts/base/bif/plugins/Zeek_SQLiteWriter.sqlite.bif.zeek
 scripts/policy/misc/loaded-scripts.zeek
  scripts/base/utils/paths.zeek
-#close	2020-09-01-11-19-11
+#close	2020-09-08-08-14-03
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2020-09-22-17-11-19
+#open	2020-09-22-17-14-48
 #fields	name
 #types	string
 scripts/base/init-bare.zeek
@ -20,6 +20,8 @@ scripts/base/init-bare.zeek
  build/scripts/base/bif/plugins/Zeek_KRB.types.bif.zeek
  build/scripts/base/bif/event.bif.zeek
  scripts/base/packet-protocols/__load__.zeek
+    scripts/base/packet-protocols/root/__load__.zeek
+      scripts/base/packet-protocols/root/main.zeek
    scripts/base/packet-protocols/ip/__load__.zeek
      scripts/base/packet-protocols/ip/main.zeek
    scripts/base/packet-protocols/skip/__load__.zeek
@ -410,4 +412,4 @@ scripts/base/init-default.zeek
  scripts/base/misc/find-filtered-trace.zeek
  scripts/base/misc/version.zeek
 scripts/policy/misc/loaded-scripts.zeek
-#close	2020-09-22-17-11-19
+#close	2020-09-22-17-14-48
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@ -283,7 +283,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1600794881.771065, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@ -464,7 +464,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1600794881.771065, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@ -894,6 +894,7 @@
 0.000000   MetaHookPost  LoadFile(0, base<...>/reporter) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/reporter.bif.zeek) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/rfb) -> -1
+0.000000   MetaHookPost  LoadFile(0, base<...>/root) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/signatures) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/sip) -> -1
 0.000000   MetaHookPost  LoadFile(0, base<...>/site.zeek) -> -1
@ -1227,7 +1228,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1600794881.771065, node=zeek, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@ -1408,7 +1409,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1600794881.771065, node=zeek, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@ -1838,6 +1839,7 @@
 0.000000   MetaHookPre   LoadFile(0, base<...>/reporter)
 0.000000   MetaHookPre   LoadFile(0, base<...>/reporter.bif.zeek)
 0.000000   MetaHookPre   LoadFile(0, base<...>/rfb)
+0.000000   MetaHookPre   LoadFile(0, base<...>/root)
 0.000000   MetaHookPre   LoadFile(0, base<...>/signatures)
 0.000000   MetaHookPre   LoadFile(0, base<...>/sip)
 0.000000   MetaHookPre   LoadFile(0, base<...>/site.zeek)
@ -2170,7 +2172,7 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1600794881.771065, node=zeek, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@ -2351,7 +2353,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1600794881.771065, node=zeek, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
@ -2793,6 +2795,7 @@
 0.000000 | HookLoadFile  base<...>/reporter
 0.000000 | HookLoadFile  base<...>/reporter.bif.zeek
 0.000000 | HookLoadFile  base<...>/rfb
+0.000000 | HookLoadFile  base<...>/root
 0.000000 | HookLoadFile  base<...>/signatures
 0.000000 | HookLoadFile  base<...>/sip
 0.000000 | HookLoadFile  base<...>/site.zeek
@ -2825,7 +2828,7 @@
 0.000000 | HookLoadFile  base<...>/xmpp
 0.000000 | HookLoadFile  base<...>/zeek.bif.zeek
 0.000000 | HookLogInit   packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite  packet_filter [ts=1600794672.656797, node=zeek, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite  packet_filter [ts=1600794881.771065, node=zeek, filter=ip or not ip, init=T, success=T]
 0.000000 | HookQueueEvent NetControl::init()
 0.000000 | HookQueueEvent filter_change_tracking()
 0.000000 | HookQueueEvent zeek_init()
--- a/testing/btest/Baseline/plugins.packet-protocol/output_build
+++ b/testing/btest/Baseline/plugins.packet-protocol/output_build
@ -1,6 +1,6 @@
 PacketDemo::Bar - Demo packet analyzers (RawLayer, LLC). (dynamic, version 1.0.0)
-    [Packet Analyzer] LLCDemo (ANALYZER_LLCDEMO)
-    [Packet Analyzer] RawLayer (ANALYZER_RAWLAYER)
+    [Packet Analyzer] LLC_Demo (ANALYZER_LLC_DEMO)
+    [Packet Analyzer] Raw_Layer (ANALYZER_RAW_LAYER)
    [Event] raw_layer_message
    [Event] llc_demo_message

--- a/testing/btest/core/skip_analyzer.zeek
+++ b/testing/btest/core/skip_analyzer.zeek
@ -7,8 +7,8 @@
@load base/protocols/conn
@load base/frameworks/tunnels

-redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=1, $analyzer=PacketAnalyzer::ANALYZER_SKIP)
+redef PacketAnalyzer::ROOT::dispatch_map += {
+	[1] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_SKIP)
 };

 redef PacketAnalyzer::SKIP::skip_bytes: count = 38;
--- a/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/LLCDemo/base/main.zeek
+++ b/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/LLCDemo/base/main.zeek
@ -1,3 +1,3 @@
-module Packet_LLC_Demo;
+module PacketAnalyzer::LLC_DEMO;

-redef PacketAnalyzer::Ethernet::llc_analyzer = PacketAnalyzer::ANALYZER_LLCDEMO;
+redef PacketAnalyzer::ETHERNET::llc_analyzer = PacketAnalyzer::ANALYZER_LLC_DEMO;
--- a/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/RawLayer/base/main.zeek
+++ b/testing/btest/plugins/packet-protocol-plugin/scripts/PacketDemo/RawLayer/base/main.zeek
@ -1,6 +1,14 @@
-module Packet_Raw_Layer;
+module PacketAnalyzer::RAW_LAYER;

-redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x88B5, $analyzer=PacketAnalyzer::ANALYZER_RAWLAYER),
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_RAWLAYER, $identifier=0x4950, $analyzer=PacketAnalyzer::ANALYZER_IP)
+export {
+	## Identifier mapping
+	const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef;
+}
+
+redef PacketAnalyzer::ETHERNET::dispatch_map += {
+	[0x88B5] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_RAW_LAYER)
+};
+
+redef dispatch_map += {
+	[0x4950] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP)
 };
--- a/testing/btest/plugins/packet-protocol-plugin/src/LLCDemo.cc
+++ b/testing/btest/plugins/packet-protocol-plugin/src/LLCDemo.cc
@ -6,7 +6,7 @@
 using namespace zeek::packet_analysis::PacketDemo;

 LLCDemo::LLCDemo()
-	: zeek::packet_analysis::Analyzer("LLCDemo")
+	: zeek::packet_analysis::Analyzer("LLC_Demo")
 	{
 	}

--- a/testing/btest/plugins/packet-protocol-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/packet-protocol-plugin/src/Plugin.cc
@ -10,9 +10,9 @@ class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure()
 		{
-		AddComponent(new zeek::packet_analysis::Component("RawLayer",
+		AddComponent(new zeek::packet_analysis::Component("Raw_Layer",
 		                 zeek::packet_analysis::PacketDemo::RawLayer::Instantiate));
-		AddComponent(new zeek::packet_analysis::Component("LLCDemo",
+		AddComponent(new zeek::packet_analysis::Component("LLC_Demo",
 		                 zeek::packet_analysis::PacketDemo::LLCDemo::Instantiate));

 		zeek::plugin::Configuration config;
--- a/testing/btest/plugins/packet-protocol-plugin/src/RawLayer.cc
+++ b/testing/btest/plugins/packet-protocol-plugin/src/RawLayer.cc
@ -6,7 +6,7 @@
 using namespace zeek::packet_analysis::PacketDemo;

 RawLayer::RawLayer()
-	: zeek::packet_analysis::Analyzer("RawLayer")
+	: zeek::packet_analysis::Analyzer("Raw_Layer")
 	{
 	}