Fix packet analyzer replacement.

Also reworking the existing test, which was pretty odd/broken.
2025-10-04 07:38:19 +00:00 · 2024-04-30 11:30:35 +02:00 · 2024-04-30 11:30:35 +02:00 · ccfeffaf2b
commit ccfeffaf2b
parent 3a469b3619
5 changed files with 26 additions and 26 deletions
--- a/src/packet_analysis/Component.cc
+++ b/src/packet_analysis/Component.cc
@ -18,13 +18,25 @@ void Component::Initialize() {
 }

 void Component::SetEnabled(bool arg_enabled) {
-    plugin::Component::SetEnabled(arg_enabled);
+    auto analyzer = packet_mgr->GetAnalyzer(Tag().AsVal().get());
+    if ( analyzer ) {
+        // We can only toggle the analyzer if it's not replacing another one,
+        // otherwise our dispatching tables would be wrong.
+        if ( packet_mgr->ProvidesComponentMapping(Tag()) ) {
+            reporter->Warning(
+                "attempt to toggle packet analyzer %s, which replaces another one; toggling replacement analyzers is "
+                "not supported",
+                analyzer->GetAnalyzerName());
+            return;
+        }

-    // If we already have instantiated an analyzer, update its state.
-    if ( auto analyzer = packet_mgr->Lookup(Tag().AsVal().get(), false) )
+        // Update the existing analyzer's state.
        analyzer->SetEnabled(arg_enabled);
    }

+    plugin::Component::SetEnabled(arg_enabled);
+}
+
 void Component::DoDescribe(ODesc* d) const {
    if ( factory ) {
        d->Add("ANALYZER_");
--- a/src/packet_analysis/Dispatcher.cc
+++ b/src/packet_analysis/Dispatcher.cc
@ -42,7 +42,7 @@ void Dispatcher::Register(uint32_t identifier, AnalyzerPtr analyzer) {
    }

    int64_t index = identifier - lowest_identifier;
-    if ( table[index] != nullptr )
+    if ( table[index] != nullptr && table[index] != analyzer )
        reporter->Info("Overwriting packet analyzer mapping %#8" PRIx64 " => %s with %s", index + lowest_identifier,
                       table[index]->GetAnalyzerName(), analyzer->GetAnalyzerName());
    table[index] = std::move(analyzer);
--- a/src/packet_analysis/Manager.cc
+++ b/src/packet_analysis/Manager.cc
@ -159,7 +159,7 @@ AnalyzerPtr Manager::InstantiateAnalyzer(const Tag& tag) {
        return nullptr;
    }

-    if ( tag != a->GetAnalyzerTag() ) {
+    if ( tag != a->GetAnalyzerTag() && ! HasComponentMapping(tag) ) {
        reporter->InternalError(
            "Mismatch of requested analyzer %s and instantiated analyzer %s. "
            "This usually means that the plugin author made a mistake.",
--- a/testing/btest/Baseline/spicy.packet-analyzer-replaces/output-on
+++ b/testing/btest/Baseline/spicy.packet-analyzer-replaces/output-on
@ -1,2 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 My Ethernet:, \x00\x10\xdcrL_\x00\xd0\xb7\x1e\xbe \x08\x00
+UDP:, 10.20.1.31, 53/udp, 207.158.192.40, 53/udp
--- a/testing/btest/spicy/packet-analyzer-replaces.zeek
+++ b/testing/btest/spicy/packet-analyzer-replaces.zeek
@ -1,35 +1,17 @@
 # @TEST-REQUIRES: have-spicy
 #
 # @TEST-EXEC: spicyz -d -o my-ethernet.hlto my-ethernet.spicy my-ethernet.evt
-# @TEST-EXEC: zeek -r ${TRACES}/dns53.pcap my-ethernet.hlto %INPUT ENABLE=T >output-on
-# @TEST-EXEC: zeek -r ${TRACES}/dns53.pcap my-ethernet.hlto %INPUT ENABLE=F >output-off
-# @TEST-EXEC: btest-diff output-on
-
+# @TEST-EXEC: zeek -r ${TRACES}/dns53.pcap my-ethernet.hlto %INPUT >output
+# @TEST-EXEC: btest-diff output
 #
 # @TEST-DOC: Check that we can replace Zeek's Ethernet analyzer.
-#
-# Zeek logs look the same in both cases but we get some additional output
-# when our analyzer is running by raising a custom event.
-
-const ENABLE = T &redef;

 module MyEthernet;

 const DLT_EN10MB : count = 1;

-event zeek_init() &priority=-200
+event zeek_init()
 	{
-	if ( ENABLE )
-		Spicy::enable_file_analyzer(PacketAnalyzer::ANALYZER_SPICY_MYETHERNET);
-	else
-		Spicy::disable_file_analyzer(PacketAnalyzer::ANALYZER_SPICY_MYETHERNET);
-}
-
-# The priority here needs to be higher than the standard script registering the
-# built-in Ethernet analyzer.
-event zeek_init() &priority=-100
-	{
-	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_ROOT, DLT_EN10MB, PacketAnalyzer::ANALYZER_SPICY_MYETHERNET);
 	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_SPICY_MYETHERNET, 0x0800, PacketAnalyzer::ANALYZER_IP);
 	}

@ -38,6 +20,11 @@ event MyEthernet::data(p: raw_pkt_hdr, data: string)
 	print "My Ethernet:", data;
 	}

+event udp_request(u: connection)
+	{
+	print "UDP:", u$id$orig_h, u$id$orig_p, u$id$resp_h, u$id$resp_p;
+	}
+
 # @TEST-START-FILE my-ethernet.spicy
 module MyEthernet;