GH-1215: Remove dispatch_map from packet analysis, replace with BIF methods for registering dispatches

2025-10-04 15:48:19 +00:00 · 2020-10-27 12:43:36 -07:00 · 2020-10-27 12:43:36 -07:00 · cd06bf34c7
commit cd06bf34c7
parent 43821a8957
34 changed files with 3770 additions and 3623 deletions
--- a/scripts/base/packet-protocols/linux_sll/main.zeek
+++ b/scripts/base/packet-protocols/linux_sll/main.zeek
@ -1,14 +1,11 @@
 module PacketAnalyzer::LINUXSLL;

-export {
-	## Identifier mappings based on EtherType
-	const dispatch_map: PacketAnalyzer::DispatchMap = {} &redef;
-}
+event zeek_init() &priority=20
+	{
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 0x0800, PacketAnalyzer::ANALYZER_IP);
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 0x86DD, PacketAnalyzer::ANALYZER_IP);
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 0x0806, PacketAnalyzer::ANALYZER_ARP);

-redef dispatch_map += {
-	[0x0800] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP),
-	[0x86DD] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_IP),
-	[0x0806] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ARP),
 	# RARP
-	[0x8035] = PacketAnalyzer::DispatchEntry($analyzer=PacketAnalyzer::ANALYZER_ARP)
-};
+	PacketAnalyzer::register_packet_analyzer(PacketAnalyzer::ANALYZER_LINUXSLL, 0x8035, PacketAnalyzer::ANALYZER_ARP);
+	}