diff --git a/src/analyzer/analyzer.bif b/src/analyzer/analyzer.bif index af785de238..76e9d312da 100644 --- a/src/analyzer/analyzer.bif +++ b/src/analyzer/analyzer.bif @@ -42,11 +42,13 @@ function __name%(atype: AllAnalyzers::Tag%) : string %{ auto val = atype->AsEnumVal(); - plugin::Component* component = zeek::analyzer_mgr->Lookup(val); + // Note that we don't want to follow mappings here, we want the name of + // whatever the user passes in. + plugin::Component* component = zeek::analyzer_mgr->Lookup(val, false); if ( ! component ) - component = zeek::packet_mgr->Lookup(val); + component = zeek::packet_mgr->Lookup(val, false); if ( ! component ) - component = zeek::file_mgr->Lookup(val); + component = zeek::file_mgr->Lookup(val, false); if ( ! component ) return zeek::make_intrusive(""); @@ -56,11 +58,13 @@ function __name%(atype: AllAnalyzers::Tag%) : string %%{ static zeek::plugin::Component* component_for_name(const char* name) { + // Note that we don't want to follow mappings here, we want the name of + // whatever the user passes in. zeek::plugin::Component* component = zeek::analyzer_mgr->Lookup(name); if ( ! component ) - component = zeek::packet_mgr->Lookup(name); + component = zeek::packet_mgr->Lookup(name, false); if ( ! component ) - component = zeek::file_mgr->Lookup(name); + component = zeek::file_mgr->Lookup(name, false); return component; } diff --git a/testing/btest/Baseline/spicy.replaces/conn.log b/testing/btest/Baseline/spicy.replaces/conn.log new file mode 100644 index 0000000000..0202574b88 --- /dev/null +++ b/testing/btest/Baseline/spicy.replaces/conn.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path conn +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents +#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string] +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 172.16.238.1 49656 172.16.238.131 80 tcp ssh 9.953807 2405 2887 SF T T 0 ShAdDaFf 40 4497 30 4455 - +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/spicy/replaces.zeek b/testing/btest/spicy/replaces.zeek index 7f1e92d6f9..753ba6ccaf 100644 --- a/testing/btest/spicy/replaces.zeek +++ b/testing/btest/spicy/replaces.zeek @@ -5,6 +5,7 @@ # @TEST-EXEC: ZEEK_SPICY_MODULE_PATH=$(pwd)/modules zeek -r ${TRACES}/ssh/single-conn.trace %INPUT | sort >>output # @TEST-EXEC: ZEEK_SPICY_MODULE_PATH=$(pwd)/modules zeek -r ${TRACES}/ssh/ssh-on-port-80.trace %INPUT | sort >>output # @TEST-EXEC: btest-diff output +# @TEST-EXEC: btest-diff conn.log # # We use the module search path for loading here as a regression test for #137. # Note that this that problem only showed up when the Spicy plugin was built