Add explicit root analyzer for packet analysis.

2025-10-02 06:38:20 +00:00 · 2020-09-07 16:17:26 +02:00 · 2020-09-07 16:17:26 +02:00 · 8f951574d7
commit 8f951574d7
parent d51252bb3f
21 changed files with 106 additions and 35 deletions
--- a/scripts/base/packet-protocols/ethernet/main.zeek
+++ b/scripts/base/packet-protocols/ethernet/main.zeek
@ -12,7 +12,7 @@ export {
 const DLT_EN10MB : count = 1;

 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($identifier=DLT_EN10MB, $analyzer=PacketAnalyzer::ANALYZER_ETHERNET),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=DLT_EN10MB, $analyzer=PacketAnalyzer::ANALYZER_ETHERNET),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8847, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
--- a/scripts/base/packet-protocols/fddi/main.zeek
+++ b/scripts/base/packet-protocols/fddi/main.zeek
@ -3,6 +3,6 @@ module PacketAnalyzer::FDDI;
 const DLT_FDDI : count = 10;

 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($identifier=DLT_FDDI, $analyzer=PacketAnalyzer::ANALYZER_FDDI),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=DLT_FDDI, $analyzer=PacketAnalyzer::ANALYZER_FDDI),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_FDDI, $analyzer=PacketAnalyzer::ANALYZER_IP)
 };
--- a/scripts/base/packet-protocols/ieee802_11/main.zeek
+++ b/scripts/base/packet-protocols/ieee802_11/main.zeek
@ -3,7 +3,7 @@ module PacketAnalyzer::IEEE802_11;
 const DLT_IEEE802_11 : count = 105;

 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
--- a/scripts/base/packet-protocols/ieee802_11_radio/main.zeek
+++ b/scripts/base/packet-protocols/ieee802_11_radio/main.zeek
@ -4,6 +4,6 @@ const DLT_IEEE802_11_RADIO : count = 127;
 const DLT_IEEE802_11 : count = 105;

 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11_RADIO, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=DLT_IEEE802_11_RADIO, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, $identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11)
 };
--- a/scripts/base/packet-protocols/ip/main.zeek
+++ b/scripts/base/packet-protocols/ip/main.zeek
@ -1,7 +1,7 @@
 module PacketAnalyzer::IP;

 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($analyzer=PacketAnalyzer::ANALYZER_IP),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $analyzer=PacketAnalyzer::ANALYZER_IP),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IP, $identifier=4, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IP, $identifier=6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
 };
--- a/scripts/base/packet-protocols/linux_sll/main.zeek
+++ b/scripts/base/packet-protocols/linux_sll/main.zeek
@ -3,7 +3,7 @@ module PacketAnalyzer::LINUX_SLL;
 const DLT_LINUX_SLL : count = 113;

 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($identifier=DLT_LINUX_SLL, $analyzer=PacketAnalyzer::ANALYZER_LINUXSLL),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=DLT_LINUX_SLL, $analyzer=PacketAnalyzer::ANALYZER_LINUXSLL),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
--- a/scripts/base/packet-protocols/nflog/main.zeek
+++ b/scripts/base/packet-protocols/nflog/main.zeek
@ -5,7 +5,7 @@ const AF_INET : count = 2;
 const AF_INET6 : count = 10;

 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($identifier=DLT_NFLOG, $analyzer=PacketAnalyzer::ANALYZER_NFLOG),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=DLT_NFLOG, $analyzer=PacketAnalyzer::ANALYZER_NFLOG),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NFLOG, $identifier=AF_INET, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NFLOG, $identifier=AF_INET6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
 };
--- a/scripts/base/packet-protocols/null/main.zeek
+++ b/scripts/base/packet-protocols/null/main.zeek
@ -5,7 +5,7 @@ const AF_INET : count = 2;
 const AF_INET6 : count = 10;

 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($identifier=DLT_NULL, $analyzer=PacketAnalyzer::ANALYZER_NULL),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=DLT_NULL, $analyzer=PacketAnalyzer::ANALYZER_NULL),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=AF_INET, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
 	
 	## From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different values in
--- a/scripts/base/packet-protocols/ppp_serial/main.zeek
+++ b/scripts/base/packet-protocols/ppp_serial/main.zeek
@ -3,7 +3,7 @@ module PacketAnalyzer::PPP_SERIAL;
 const DLT_PPP_SERIAL : count = 50;

 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($identifier=DLT_PPP_SERIAL, $analyzer=PacketAnalyzer::ANALYZER_PPPSERIAL),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=DLT_PPP_SERIAL, $analyzer=PacketAnalyzer::ANALYZER_PPPSERIAL),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0281, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0021, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0057, $analyzer=PacketAnalyzer::ANALYZER_IPV6)