packet_analysis: Introduce PacketAnalyzer::__disable_analyzer()

This adds machinery to the packet_analysis manager for disabling
and enabling packet analyzers and implements two low-level bifs
to use it.

Extend Analyzer::enable_analyzer() and Analyzer::disable_analyzer()
to transparently work with packet analyzers, too. This also allows
to add packet analyzers to Analyzer::disabled_analyzers.

src/packet_analysis/Analyzer.cc

@@ -107,6 +107,14 @@ bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet,
 		return false;
 		}
 
+	if ( ! inner_analyzer->IsEnabled() )
+		{
+		DBG_LOG(DBG_PACKET_ANALYSIS,
+		        "Analysis in %s found disabled next layer analyzer %s for identifier %#x",
+		        GetAnalyzerName(), inner_analyzer->GetAnalyzerName(), identifier);
+		return false;
+		}
+
 	DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.",
 	        GetAnalyzerName(), identifier);
 	return inner_analyzer->AnalyzePacket(len, data, packet);

src/packet_analysis/Analyzer.h

@@ -71,6 +71,20 @@ public:
 	 */
 	bool IsAnalyzer(const char* name);
 
+	/**
+	 * Enable or disable this analyzer.
+	 *
+	 * @param value The new enabled value.
+	 */
+	void SetEnabled(bool value) { enabled = value; }
+
+	/**
+	 * Return whether this analyzer is enabled or not.
+	 *
+	 * @return true if the analyzer is enabled, else false.
+	 */
+	bool IsEnabled() const { return enabled; }
+
 	/**
 	 * Analyzes the given packet. A common case is that the analyzed protocol
 	 * encapsulates another protocol, which can be determined by an identifier
@@ -258,6 +272,7 @@ private:
 	zeek::Tag tag;
 	Dispatcher dispatcher;
 	AnalyzerPtr default_analyzer = nullptr;
+	bool enabled = true;
 
 	/**
 	 * Flag for whether to report unknown protocols in ForwardPacket.

src/packet_analysis/Manager.cc

@@ -88,6 +88,30 @@ AnalyzerPtr Manager::GetAnalyzer(const std::string& name)
 	return analyzer_it->second;
 	}
 
+bool Manager::EnableAnalyzer(EnumVal* tag)
+	{
+	Component* c = Lookup(tag);
+	AnalyzerPtr a = GetAnalyzer(c->Name());
+	if ( ! a )
+		return false;
+
+	a->SetEnabled(true);
+
+	return true;
+	}
+
+bool Manager::DisableAnalyzer(EnumVal* tag)
+	{
+	Component* c = Lookup(tag);
+	AnalyzerPtr a = GetAnalyzer(c->Name());
+	if ( ! a )
+		return false;
+
+	a->SetEnabled(false);
+
+	return true;
+	}
+
 void Manager::ProcessPacket(Packet* packet)
 	{
 #ifdef DEBUG

src/packet_analysis/Manager.h

@@ -82,6 +82,46 @@ public:
 	 */
 	AnalyzerPtr GetAnalyzer(const std::string& name);
 
+	/**
+	 * Enables an analyzer type. Only enabled analyzers will participate
+	 * in packet processing.
+	 *
+	 * @param tag The analyzer's tag.
+	 *
+	 * @return True if successful.
+	 */
+	bool EnableAnalyzer(zeek::EnumVal* tag);
+
+	/**
+	 * Enables an analyzer type. Only enabled analyzers will participate
+	 * in packet processing.
+	 *
+	 * @param tag The analyzer's tag.
+	 *
+	 * @return True if successful.
+	 */
+	bool EnableAnalyzer(const zeek::Tag& tag) { return EnableAnalyzer(tag.AsVal().get()); }
+
+	/**
+	 * Disables an analyzer type. Disabled analyzers will not participate
+	 * in packet processing.
+	 *
+	 * @param tag The packet analyzer's tag.
+	 *
+	 * @return True if successful.
+	 */
+	bool DisableAnalyzer(zeek::EnumVal* tag);
+
+	/**
+	 * Disables an analyzer type. Disabled analyzers will not participate
+	 * in packet processing.
+	 *
+	 * @param tag The packet analyzer's tag.
+	 *
+	 * @return True if successful.
+	 */
+	bool DisableAnalyzer(const zeek::Tag& tag) { return DisableAnalyzer(tag.AsVal().get()); };
+
 	/**
 	 * Processes a packet by applying the configured packet analyzers.
 	 *

src/packet_analysis/packet_analysis.bif

@@ -77,3 +77,17 @@ function register_protocol_detection%(parent: PacketAnalyzer::Tag, child: Packet
 	parent_analyzer->RegisterProtocolDetection(child_analyzer);
 	return zeek::val_mgr->True();
 	%}
+
+## Internal function to disable a packet analyzer.
+function PacketAnalyzer::__disable_analyzer%(id: PacketAnalyzer::Tag%) : bool
+	%{
+	bool result = zeek::packet_mgr->DisableAnalyzer(id->AsEnumVal());
+	return zeek::val_mgr->Bool(result);
+	%}
+
+## Internal function to enable a packet analyzer.
+function PacketAnalyzer::__enable_analyzer%(id: PacketAnalyzer::Tag%) : bool
+	%{
+	bool result = zeek::packet_mgr->EnableAnalyzer(id->AsEnumVal());
+	return zeek::val_mgr->Bool(result);
+	%}