Rename DefaultAnalyzer to IP.

src/packet_analysis/protocol/ip/CMakeLists.txt

@@ -0,0 +1,8 @@
+
+include(ZeekPlugin)
+
+include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DIR})
+
+zeek_plugin_begin(PacketAnalyzer IP)
+zeek_plugin_cc(IP.cc Plugin.cc)
+zeek_plugin_end()

src/packet_analysis/protocol/ip/IP.cc

@@ -0,0 +1,38 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "IP.h"
+#include "NetVar.h"
+
+using namespace zeek::packet_analysis::IP;
+
+IPAnalyzer::IPAnalyzer()
+	: zeek::packet_analysis::Analyzer("IP")
+	{
+	}
+
+zeek::packet_analysis::AnalyzerResult IPAnalyzer::Analyze(Packet* packet, const uint8_t*& data)
+	{
+	// Assume we're pointing at IP. Just figure out which version.
+	if ( data + sizeof(struct ip) >= packet->GetEndOfData() )
+		{
+		packet->Weird("packet_analyzer_truncated_header");
+		return AnalyzerResult::Failed;
+		}
+
+	auto ip = (const struct ip *)data;
+	uint32_t protocol = ip->ip_v;
+
+	auto inner_analyzer = Lookup(protocol);
+
+	if ( inner_analyzer == nullptr )
+		{
+		DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s failed, could not find analyzer for identifier %#x.",
+				GetAnalyzerName(), protocol);
+		packet->Weird("no_suitable_analyzer_found");
+		return AnalyzerResult::Failed;
+		}
+
+	DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.",
+			GetAnalyzerName(), protocol);
+	return inner_analyzer->Analyze(packet, data);
+	}

src/packet_analysis/protocol/ip/IP.h

@@ -0,0 +1,23 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#pragma once
+
+#include <packet_analysis/Analyzer.h>
+#include <packet_analysis/Component.h>
+
+namespace zeek::packet_analysis::IP {
+
+class IPAnalyzer : public Analyzer {
+public:
+	IPAnalyzer();
+	~IPAnalyzer() override = default;
+
+	AnalyzerResult Analyze(Packet* packet, const uint8_t*& data) override;
+
+	static zeek::packet_analysis::AnalyzerPtr Instantiate()
+		{
+		return std::make_shared<IPAnalyzer>();
+		}
+};
+
+}

src/packet_analysis/protocol/ip/Plugin.cc

@@ -0,0 +1,24 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "IP.h"
+#include "plugin/Plugin.h"
+#include "packet_analysis/Component.h"
+
+namespace zeek::plugin::Zeek_Default {
+
+class Plugin : public zeek::plugin::Plugin {
+public:
+	zeek::plugin::Configuration Configure()
+		{
+		AddComponent(new zeek::packet_analysis::Component("IP",
+		                 zeek::packet_analysis::IP::IPAnalyzer::Instantiate));
+
+		zeek::plugin::Configuration config;
+		config.name = "Zeek::IP";
+		config.description = "Packet analyzer for IP fallback (v4 or v6)";
+		return config;
+		}
+
+} plugin;
+
+}