Renamed LL-Analyzers to Packet Analyzers.

scripts/base/init-bare.zeek

@@ -5342,29 +5342,29 @@ event net_done(t: time)
 @if ( __init_primary_bifs() )
 @endif
 
-module LLAnalyzer;
+module PacketAnalyzer;
 
-# Defines a mapping for the LLAnalyzer's configuration tree. This
+# Defines a mapping for the PacketAnalyzer's configuration tree. This
 # maps from a parent analyzer to a child analyzer through a numeric
 # identifier.
 export {
     type ConfigEntry : record {
         # The parent analyzer. This analyzer will check for the *identifier* in the
         # packet data to know whether to call the next analyzer. This field is optional.
-        # If it is not included, the identifier will attach to the "root" analyzer. This
-        # means that the identifier will be searched for the initial packet header instead
-        # of later headers.
-        parent : LLAnalyzer::Tag &optional;
+        # If it is not included, the identifier will attach to the "root" analyzer. The
+        # root analyzer uses the link layer identifier provided by the packet source to
+        # determine the protocol for the initial packet header.
+        parent : PacketAnalyzer::Tag &optional;
 
-        # A numeric identifier that can be found in the packet data that denotes an
-        # analyzer should be called.
+        # A numeric identifier, which can be found in the packet data, that denotes the
+        # encapsulated protocol.
         identifier : count;
 
         # The analyzer that corresponds to the above identifier.
-        analyzer : LLAnalyzer::Tag;
+        analyzer : PacketAnalyzer::Tag;
     };
 
-    const config_map : vector of LLAnalyzer::ConfigEntry &redef;
+    const config_map : vector of PacketAnalyzer::ConfigEntry &redef;
 }
 
-@load base/llprotocols
+@load base/packet-protocols

scripts/base/llprotocols/__load__.zeek

@@ -1,11 +0,0 @@
-@load base/llprotocols/default
-@load base/llprotocols/ethernet
-@load base/llprotocols/fddi
-@load base/llprotocols/ieee802_11
-@load base/llprotocols/ieee802_11_radio
-@load base/llprotocols/linux_sll
-@load base/llprotocols/nflog
-@load base/llprotocols/null
-@load base/llprotocols/ppp_serial
-@load base/llprotocols/pppoe
-@load base/llprotocols/vlan

scripts/base/llprotocols/default/main.zeek

@@ -1,6 +0,0 @@
-module LL_DEFAULT;
-
-redef LLAnalyzer::config_map += {
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_DEFAULTANALYZER, $identifier=4, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_DEFAULTANALYZER, $identifier=6, $analyzer=LLAnalyzer::LLANALYZER_IPV6)
-};

scripts/base/llprotocols/ethernet/main.zeek

@@ -1,16 +0,0 @@
-module LL_ETHERNET;
-
-const DLT_EN10MB : count = 1;
-
-redef LLAnalyzer::config_map += {
-	LLAnalyzer::ConfigEntry($identifier=DLT_EN10MB, $analyzer=LLAnalyzer::LLANALYZER_ETHERNET),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8847, $analyzer=LLAnalyzer::LLANALYZER_MPLS),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8100, $analyzer=LLAnalyzer::LLANALYZER_VLAN),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=LLAnalyzer::LLANALYZER_VLAN),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x9100, $analyzer=LLAnalyzer::LLANALYZER_VLAN),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_ETHERNET, $identifier=0x8864, $analyzer=LLAnalyzer::LLANALYZER_PPPOE)
-};

scripts/base/llprotocols/fddi/main.zeek

@@ -1,7 +0,0 @@
-module LL_FDDI;
-
-const DLT_FDDI : count = 10;
-
-redef LLAnalyzer::config_map += {
-	LLAnalyzer::ConfigEntry($identifier=DLT_FDDI, $analyzer=LLAnalyzer::LLANALYZER_FDDI)
-};

scripts/base/llprotocols/ieee802_11/main.zeek

@@ -1,11 +0,0 @@
-module LL_IEEE802_11;
-
-const DLT_IEEE802_11 : count = 105;
-
-redef LLAnalyzer::config_map += {
-	LLAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11, $analyzer=LLAnalyzer::LLANALYZER_IEEE802_11),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP)
-};

scripts/base/llprotocols/ieee802_11_radio/main.zeek

@@ -1,9 +0,0 @@
-module LL_IEEE802_11_RADIO;
-
-const DLT_IEEE802_11_RADIO : count = 127;
-const DLT_IEEE802_11 : count = 105;
-
-redef LLAnalyzer::config_map += {
-	LLAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11_RADIO, $analyzer=LLAnalyzer::LLANALYZER_IEEE802_11_RADIO),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_IEEE802_11_RADIO, $identifier=DLT_IEEE802_11, $analyzer=LLAnalyzer::LLANALYZER_IEEE802_11)
-};

scripts/base/llprotocols/linux_sll/main.zeek

@@ -1,12 +0,0 @@
-module LL_LINUX_SLL;
-
-const DLT_LINUX_SLL : count = 113;
-
-redef LLAnalyzer::config_map += {
-	LLAnalyzer::ConfigEntry($identifier=DLT_LINUX_SLL, $analyzer=LLAnalyzer::LLANALYZER_LINUXSLL),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP),
-	# RARP
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_LINUXSLL, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP)
-};

scripts/base/llprotocols/nflog/main.zeek

@@ -1,11 +0,0 @@
-module LL_NFLOG;
-
-const DLT_NFLOG : count = 239;
-const AF_INET : count = 2;
-const AF_INET6 : count = 10;
-
-redef LLAnalyzer::config_map += {
-	LLAnalyzer::ConfigEntry($identifier=DLT_NFLOG, $analyzer=LLAnalyzer::LLANALYZER_NFLOG),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NFLOG, $identifier=AF_INET, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NFLOG, $identifier=AF_INET6, $analyzer=LLAnalyzer::LLANALYZER_IPV6)
-};

scripts/base/llprotocols/null/main.zeek

@@ -1,19 +0,0 @@
-module LL_NULL;
-
-const DLT_NULL : count = 0;
-const AF_INET : count = 2;
-const AF_INET6 : count = 10;
-
-redef LLAnalyzer::config_map += {
-	LLAnalyzer::ConfigEntry($identifier=DLT_NULL, $analyzer=LLAnalyzer::LLANALYZER_NULL),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=AF_INET, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
-	
-	## From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different values in
-	## {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and {Darwin/Mac OS X}, so an IPv6
-	## packet might have a link-layer header with 24, 28, or 30 as the AF_ value. As we
-	## may be reading traces captured on platforms other than what we're running on, we
-	## accept them all here.
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=24, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=28, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_NULL, $identifier=30, $analyzer=LLAnalyzer::LLANALYZER_IPV6)
-};

scripts/base/llprotocols/ppp_serial/main.zeek

@@ -1,10 +0,0 @@
-module LL_PPP_SERIAL;
-
-const DLT_PPP_SERIAL : count = 50;
-
-redef LLAnalyzer::config_map += {
-	LLAnalyzer::ConfigEntry($identifier=DLT_PPP_SERIAL, $analyzer=LLAnalyzer::LLANALYZER_PPPSERIAL),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPSERIAL, $identifier=0x0281, $analyzer=LLAnalyzer::LLANALYZER_MPLS),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPSERIAL, $identifier=0x0021, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPSERIAL, $identifier=0x0057, $analyzer=LLAnalyzer::LLANALYZER_IPV6)
-};

scripts/base/llprotocols/pppoe/main.zeek

@@ -1,6 +0,0 @@
-module LL_PPPOE;
-
-redef LLAnalyzer::config_map += {
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPOE, $identifier=0x0021, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
-	LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_PPPOE, $identifier=0x0057, $analyzer=LLAnalyzer::LLANALYZER_IPV6)
-};

scripts/base/llprotocols/vlan/main.zeek

@@ -1,11 +0,0 @@
-module LL_VLAN;
-
-redef LLAnalyzer::config_map += {
-   LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8847, $analyzer=LLAnalyzer::LLANALYZER_MPLS),
-   LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x0800, $analyzer=LLAnalyzer::LLANALYZER_IPV4),
-   LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x86DD, $analyzer=LLAnalyzer::LLANALYZER_IPV6),
-   LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x0806, $analyzer=LLAnalyzer::LLANALYZER_ARP),
-   LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8035, $analyzer=LLAnalyzer::LLANALYZER_ARP),
-   LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8100, $analyzer=LLAnalyzer::LLANALYZER_VLAN),
-   LLAnalyzer::ConfigEntry($parent=LLAnalyzer::LLANALYZER_VLAN, $identifier=0x8864, $analyzer=LLAnalyzer::LLANALYZER_PPPOE)
-};

scripts/base/packet-protocols/__load__.zeek

@@ -0,0 +1,11 @@
+@load base/packet-protocols/default
+@load base/packet-protocols/ethernet
+@load base/packet-protocols/fddi
+@load base/packet-protocols/ieee802_11
+@load base/packet-protocols/ieee802_11_radio
+@load base/packet-protocols/linux_sll
+@load base/packet-protocols/nflog
+@load base/packet-protocols/null
+@load base/packet-protocols/ppp_serial
+@load base/packet-protocols/pppoe
+@load base/packet-protocols/vlan

scripts/base/packet-protocols/default/main.zeek

@@ -0,0 +1,6 @@
+module LL_DEFAULT;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=4, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_DEFAULTANALYZER, $identifier=6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
+};

scripts/base/packet-protocols/ethernet/main.zeek

@@ -0,0 +1,16 @@
+module LL_ETHERNET;
+
+const DLT_EN10MB : count = 1;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_EN10MB, $analyzer=PacketAnalyzer::ANALYZER_ETHERNET),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8847, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x9100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE)
+};

scripts/base/packet-protocols/fddi/main.zeek

@@ -0,0 +1,7 @@
+module LL_FDDI;
+
+const DLT_FDDI : count = 10;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_FDDI, $analyzer=PacketAnalyzer::ANALYZER_FDDI)
+};

scripts/base/packet-protocols/ieee802_11/main.zeek

@@ -0,0 +1,11 @@
+module LL_IEEE802_11;
+
+const DLT_IEEE802_11 : count = 105;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP)
+};

scripts/base/packet-protocols/ieee802_11_radio/main.zeek

@@ -0,0 +1,9 @@
+module LL_IEEE802_11_RADIO;
+
+const DLT_IEEE802_11_RADIO : count = 127;
+const DLT_IEEE802_11 : count = 105;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_IEEE802_11_RADIO, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IEEE802_11_RADIO, $identifier=DLT_IEEE802_11, $analyzer=PacketAnalyzer::ANALYZER_IEEE802_11)
+};

scripts/base/packet-protocols/linux_sll/main.zeek

@@ -0,0 +1,12 @@
+module LL_LINUX_SLL;
+
+const DLT_LINUX_SLL : count = 113;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_LINUX_SLL, $analyzer=PacketAnalyzer::ANALYZER_LINUXSLL),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+	# RARP
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_LINUXSLL, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP)
+};

scripts/base/packet-protocols/nflog/main.zeek

@@ -0,0 +1,11 @@
+module LL_NFLOG;
+
+const DLT_NFLOG : count = 239;
+const AF_INET : count = 2;
+const AF_INET6 : count = 10;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_NFLOG, $analyzer=PacketAnalyzer::ANALYZER_NFLOG),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NFLOG, $identifier=AF_INET, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NFLOG, $identifier=AF_INET6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
+};

scripts/base/packet-protocols/null/main.zeek

@@ -0,0 +1,19 @@
+module LL_NULL;
+
+const DLT_NULL : count = 0;
+const AF_INET : count = 2;
+const AF_INET6 : count = 10;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_NULL, $analyzer=PacketAnalyzer::ANALYZER_NULL),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=AF_INET, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	
+	## From the Wireshark Wiki: AF_INET6ANALYZER, unfortunately, has different values in
+	## {NetBSD,OpenBSD,BSD/OS}, {FreeBSD,DragonFlyBSD}, and {Darwin/Mac OS X}, so an IPv6
+	## packet might have a link-layer header with 24, 28, or 30 as the AF_ value. As we
+	## may be reading traces captured on platforms other than what we're running on, we
+	## accept them all here.
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=24, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=28, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_NULL, $identifier=30, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
+};

scripts/base/packet-protocols/ppp_serial/main.zeek

@@ -0,0 +1,10 @@
+module LL_PPP_SERIAL;
+
+const DLT_PPP_SERIAL : count = 50;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($identifier=DLT_PPP_SERIAL, $analyzer=PacketAnalyzer::ANALYZER_PPPSERIAL),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0281, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0021, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPSERIAL, $identifier=0x0057, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
+};

scripts/base/packet-protocols/pppoe/main.zeek

@@ -0,0 +1,6 @@
+module LL_PPPOE;
+
+redef PacketAnalyzer::config_map += {
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPOE, $identifier=0x0021, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_PPPOE, $identifier=0x0057, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
+};

scripts/base/packet-protocols/vlan/main.zeek

@@ -0,0 +1,11 @@
+module LL_VLAN;
+
+redef PacketAnalyzer::config_map += {
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8847, $analyzer=PacketAnalyzer::ANALYZER_MPLS),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x0800, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x86DD, $analyzer=PacketAnalyzer::ANALYZER_IPV6),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x0806, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8035, $analyzer=PacketAnalyzer::ANALYZER_ARP),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
+   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_VLAN, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE)
+};

src/CMakeLists.txt

@@ -146,7 +146,7 @@ set(bro_PLUGIN_LIBS CACHE INTERNAL "plugin libraries" FORCE)
 set(bro_PLUGIN_DEPS CACHE INTERNAL "plugin dependencies" FORCE)
 
 add_subdirectory(analyzer)
-add_subdirectory(llanalyzer)
+add_subdirectory(packet_analysis)
 add_subdirectory(broker)
 add_subdirectory(zeekygen)
 add_subdirectory(file_analysis)

src/DebugLogger.cc

@@ -19,7 +19,7 @@ DebugLogger::Stream DebugLogger::streams[NUM_DBGS] = {
 	{ "string", 0, false },
 	{ "notifiers", 0, false },
 	{ "main-loop", 0, false },
-	{ "llanalyzer", 0, false },
+	{ "packet_analysis", 0, false },
 	{ "dpd", 0, false },
 	{ "tm", 0, false },
 	{ "logging", 0, false },

src/DebugLogger.h

@@ -30,24 +30,24 @@ namespace zeek {
 // an entry to DebugLogger::streams in DebugLogger.cc.
 
 enum DebugStream {
-	DBG_SERIAL, 	// Serialization
-	DBG_RULES,		// Signature matching
-	DBG_STRING,		// String code
-	DBG_NOTIFIERS,	// Notifiers
-	DBG_MAINLOOP,	// Main IOSource loop
-	DBG_LLANALYZER, // Low-Layer Analyzer Proof of Concept
-	DBG_ANALYZER,	// Analyzer framework
-	DBG_TM,			// Time-machine packet input via Brocolli
-	DBG_LOGGING,	// Logging streams
-	DBG_INPUT,		// Input streams
-	DBG_THREADING,	// Threading system
-	DBG_FILE_ANALYSIS,	// File analysis
-	DBG_PLUGINS,	// Plugin system
-	DBG_ZEEKYGEN,	// Zeekygen
-	DBG_PKTIO,		// Packet sources and dumpers.
-	DBG_BROKER,		// Broker communication
-	DBG_SCRIPTS,	// Script initialization
-	DBG_SUPERVISOR,	// Process supervisor
+	DBG_SERIAL,     // Serialization
+	DBG_RULES,      // Signature matching
+	DBG_STRING,     // String code
+	DBG_NOTIFIERS,  // Notifiers
+	DBG_MAINLOOP,   // Main IOSource loop
+	DBG_ANALYZER,   // Analyzer framework
+	DBG_PACKET_ANALYSIS,  // Packet analysis
+	DBG_FILE_ANALYSIS,    // File analysis
+	DBG_TM,         // Time-machine packet input via Brocolli
+	DBG_LOGGING,    // Logging streams
+	DBG_INPUT,      // Input streams
+	DBG_THREADING,  // Threading system
+	DBG_PLUGINS,    // Plugin system
+	DBG_ZEEKYGEN,   // Zeekygen
+	DBG_PKTIO,      // Packet sources and dumpers.
+	DBG_BROKER,     // Broker communication
+	DBG_SCRIPTS,    // Script initialization
+	DBG_SUPERVISOR, // Process supervisor
 
 	NUM_DBGS // Has to be last
 };

src/iosource/Packet.cc

@@ -3,7 +3,7 @@
 #include "Desc.h"
 #include "IP.h"
 #include "iosource/Manager.h"
-#include "llanalyzer/Manager.h"
+#include "packet_analysis/Manager.h"
 #include "Var.h"
 
 extern "C" {
@@ -59,15 +59,15 @@ void Packet::Init(int arg_link_type, pkt_timeval *arg_ts, uint32_t arg_caplen,
 	l3_proto = L3_UNKNOWN;
 	l3_checksummed = false;
 
-	// For ll-analyzer: cur_pos points to the next payload.
+	// For packet analyzer: cur_pos points to the next payload.
 	cur_pos = data;
 
 	if ( data )
 		{
-		// From here we assume that layer 2 is valid. If an ll-analyzer encounters
+		// From here we assume that layer 2 is valid. If a packet analyzer encounters
 		// an issue, it will call Packet::Weird(), which sets l2_valid to false.
 		l2_valid = true;
-		llanalyzer_mgr->ProcessPacket(this);
+		packet_mgr->ProcessPacket(this);
 		// Calculate header size after processing lower layers.
 		hdr_size = cur_pos - data;
 		}

src/llanalyzer/protocol/default/Plugin.cc

@@ -1,24 +0,0 @@
-// See the file "COPYING" in the main distribution directory for copyright.
-
-#include "Default.h"
-#include "plugin/Plugin.h"
-#include "llanalyzer/Component.h"
-
-namespace zeek::plugin::LLAnalyzer_Default {
-
-class Plugin : public zeek::plugin::Plugin {
-public:
-	zeek::plugin::Configuration Configure()
-		{
-		AddComponent(new zeek::llanalyzer::Component("DefaultAnalyzer",
-		                 zeek::llanalyzer::Default::DefaultAnalyzer::Instantiate));
-
-		zeek::plugin::Configuration config;
-		config.name = "LLAnalyzer::DefaultAnalyzer";
-		config.description = "Default LL-Analyzer for IP fallback";
-		return config;
-		}
-
-} plugin;
-
-}

src/llanalyzer/protocol/ethernet/Plugin.cc

@@ -1,24 +0,0 @@
-// See the file "COPYING" in the main distribution directory for copyright.
-
-#include "Ethernet.h"
-#include "plugin/Plugin.h"
-#include "llanalyzer/Component.h"
-
-namespace zeek::plugin::LLAnalyzer_Ethernet {
-
-class Plugin : public zeek::plugin::Plugin {
-public:
-	zeek::plugin::Configuration Configure()
-		{
-		AddComponent(new zeek::llanalyzer::Component("Ethernet",
-		                 zeek::llanalyzer::Ethernet::EthernetAnalyzer::Instantiate));
-
-		zeek::plugin::Configuration config;
-		config.name = "LLAnalyzer::Ethernet";
-		config.description = "Ethernet LL-Analyzer";
-		return config;
-		}
-
-} plugin;
-
-}

src/llanalyzer/protocol/ieee802_11/Plugin.cc

@@ -1,24 +0,0 @@
-// See the file "COPYING" in the main distribution directory for copyright.
-
-#include "IEEE802_11.h"
-#include "plugin/Plugin.h"
-#include "llanalyzer/Component.h"
-
-namespace zeek::plugin::LLAnalyzer_IEEE802_11 {
-
-class Plugin : public zeek::plugin::Plugin {
-public:
-	zeek::plugin::Configuration Configure()
-		{
-		AddComponent(new zeek::llanalyzer::Component("IEEE802_11",
-		                 zeek::llanalyzer::IEEE802_11::IEEE802_11Analyzer::Instantiate));
-
-		zeek::plugin::Configuration config;
-		config.name = "LLAnalyzer::IEEE802_11";
-		config.description = "IEEE 802.11 LL-Analyzer";
-		return config;
-		}
-
-} plugin;
-
-}

src/llanalyzer/protocol/ieee802_11_radio/Plugin.cc

@@ -1,23 +0,0 @@
-// See the file "COPYING" in the main distribution directory for copyright.
-
-#include "IEEE802_11_Radio.h"
-#include "plugin/Plugin.h"
-#include "llanalyzer/Component.h"
-
-namespace zeek::plugin::LLAnalyzer_IEEE802_11_Radio {
-
-class Plugin : public zeek::plugin::Plugin {
-public:
-	zeek::plugin::Configuration Configure()
-		{
-		AddComponent(new zeek::llanalyzer::Component("IEEE802_11_Radio",
-		                 zeek::llanalyzer::IEEE802_11_Radio::IEEE802_11_RadioAnalyzer::Instantiate));
-
-		zeek::plugin::Configuration config;
-		config.name = "LLAnalyzer::IEEE802_11_Radio";
-		config.description = "IEEE 802.11 Radiotap LL-Analyzer";
-		return config;
-		}
-
-} plugin;
-}

src/llanalyzer/protocol/linux_sll/Plugin.cc

@@ -1,24 +0,0 @@
-// See the file "COPYING" in the main distribution directory for copyright.
-
-#include "plugin/Plugin.h"
-#include "LinuxSLL.h"
-#include "llanalyzer/Component.h"
-
-namespace zeek::plugin::LLAnalyzer_LinuxSLL {
-
-class Plugin : public zeek::plugin::Plugin {
-public:
-	zeek::plugin::Configuration Configure()
-		{
-		AddComponent(new zeek::llanalyzer::Component("LinuxSLL",
-		                 zeek::llanalyzer::LinuxSLL::LinuxSLLAnalyzer::Instantiate));
-
-		zeek::plugin::Configuration config;
-		config.name = "LLAnalyzer::LinuxSLL";
-		config.description = "Linux cooked capture (SLL) LL-Analyzer";
-		return config;
-		}
-
-} plugin;
-
-}

src/llanalyzer/protocol/ppp_serial/Plugin.cc

@@ -1,24 +0,0 @@
-// See the file "COPYING" in the main distribution directory for copyright.
-
-#include "PPPSerial.h"
-#include "plugin/Plugin.h"
-#include "llanalyzer/Component.h"
-
-namespace zeek::plugin::LLAnalyzer_PPPSerial {
-
-class Plugin : public zeek::plugin::Plugin {
-public:
-	zeek::plugin::Configuration Configure()
-		{
-		AddComponent(new zeek::llanalyzer::Component("PPPSerial",
-		                 zeek::llanalyzer::PPPSerial::PPPSerialAnalyzer::Instantiate));
-
-		zeek::plugin::Configuration config;
-		config.name = "LLAnalyzer::PPPSerial";
-		config.description = "PPPSerial LL-Analyzer";
-		return config;
-		}
-
-} plugin;
-
-}

src/packet_analysis/Analyzer.cc

@@ -3,14 +3,14 @@
 #include <algorithm>
 #include "Analyzer.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 Analyzer::Analyzer(std::string name)
 	{
-	Tag t = llanalyzer_mgr->GetComponentTag(name);
+	Tag t = packet_mgr->GetComponentTag(name);
 
 	if ( ! t )
-		reporter->InternalError("unknown llanalyzer name %s", name.c_str());
+		reporter->InternalError("unknown packet_analysis name %s", name.c_str());
 
 	Init(t);
 	}
@@ -35,13 +35,13 @@ const Tag Analyzer::GetAnalyzerTag() const
 const char* Analyzer::GetAnalyzerName() const
 	{
 	assert(tag);
-	return llanalyzer_mgr->GetComponentName(tag).c_str();
+	return packet_mgr->GetComponentName(tag).c_str();
 	}
 
 bool Analyzer::IsAnalyzer(const char* name)
 	{
 	assert(tag);
-	return llanalyzer_mgr->GetComponentName(tag).compare(name) == 0;
+	return packet_mgr->GetComponentName(tag).compare(name) == 0;
 	}
 
 }

src/packet_analysis/Analyzer.h

@@ -6,15 +6,15 @@
 #include "Tag.h"
 #include <iosource/Packet.h>
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 /**
- * Result of low layer analysis.
+ * Result of packet analysis.
  */
 enum class AnalyzerResult {
 	Failed,   // Analysis failed
-	Continue, // Analysis succeded and an encapuslated protocol was determined
-	Terminate // Analysis succeded and there is no further analysis to do
+	Continue, // Analysis succeeded and an encapsulated protocol was determined
+	Terminate // Analysis succeeded and there is no further analysis to do
 };
 
 using AnalysisResultTuple = std::tuple<AnalyzerResult, identifier_t>;
@@ -49,7 +49,7 @@ public:
 
 	/**
 	 * Returns a textual description of the analyzer's type. This is
-	 * what's passed to the constructor and usally corresponds to the
+	 * what's passed to the constructor and usually corresponds to the
 	 * protocol name, e.g., "ARP".
 	 */
 	const char* GetAnalyzerName() const;
@@ -86,4 +86,4 @@ private:
 	void Init(const Tag& tag);
 };
 
-} // llanalyzer namespace end
+}

src/packet_analysis/AnalyzerSet.h

@@ -5,7 +5,7 @@
 #include "Analyzer.h"
 #include "Defines.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 class Analyzer;
 

src/packet_analysis/Component.cc

@@ -4,11 +4,11 @@
 #include "Desc.h"
 #include "Manager.h"
 
-using namespace zeek::llanalyzer;
+using namespace zeek::packet_analysis;
 
 Component::Component(const std::string& name, factory_callback arg_factory, Tag::subtype_t arg_subtype, bool arg_enabled)
-	: plugin::Component(plugin::component::LLANALYZER, name),
-	  plugin::TaggedComponent<llanalyzer::Tag>(arg_subtype)
+	: plugin::Component(plugin::component::PACKET_ANALYZER, name),
+	  plugin::TaggedComponent<packet_analysis::Tag>(arg_subtype)
 	{
 	factory = arg_factory;
 	enabled = arg_enabled;
@@ -17,14 +17,14 @@ Component::Component(const std::string& name, factory_callback arg_factory, Tag:
 void Component::Initialize()
 	{
 	InitializeTag();
-	llanalyzer_mgr->RegisterComponent(this, "LLANALYZER_");
+	packet_mgr->RegisterComponent(this, "ANALYZER_");
 	}
 
 void Component::DoDescribe(ODesc* d) const
 	{
 	if ( factory )
 		{
-		d->Add("LLANALYZER_");
+		d->Add("ANALYZER_");
 		d->Add(CanonicalName());
 		d->Add(", ");
 		}

src/packet_analysis/Component.h

@@ -9,12 +9,12 @@
 #include "plugin/Component.h"
 #include "plugin/TaggedComponent.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 class Analyzer;
 
 class Component : public plugin::Component,
-                  public plugin::TaggedComponent<llanalyzer::Tag> {
+                  public plugin::TaggedComponent<packet_analysis::Tag> {
 public:
 	typedef Analyzer* (*factory_callback)();
 

src/packet_analysis/Config.cc

@@ -4,7 +4,7 @@
 #include "Reporter.h"
 #include "DebugLogger.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 // ##############################
 // ####### DispatcherConfig #####
@@ -22,7 +22,7 @@ const std::map<identifier_t, std::string>& DispatcherConfig::GetMappings() const
 void DispatcherConfig::AddMapping(identifier_t identifier,
 								  const std::string& analyzer_name)
 	{
-	DBG_LOG(DBG_LLANALYZER, "Adding configuration mapping: %s -> %#x -> %s",
+	DBG_LOG(DBG_PACKET_ANALYSIS, "Adding configuration mapping: %s -> %#x -> %s",
 	        name.c_str(), identifier, analyzer_name.c_str());
 
 	if ( mappings.count(identifier) )
@@ -84,4 +84,4 @@ void Config::AddMapping(const std::string& name, identifier_t identifier,
 		dispatch_config->get().AddMapping(identifier, analyzer_name);
 	}
 
-} // namespace llanalyzer
+} // namespace packet_analysis

src/packet_analysis/Config.h

@@ -10,7 +10,7 @@
 
 #include "Defines.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 class DispatcherConfig {
 public:

src/packet_analysis/Defines.h

@@ -4,7 +4,7 @@
 
 #include <cstdint>
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 	using identifier_t = uint32_t;
 

src/packet_analysis/Manager.cc

@@ -9,10 +9,10 @@
 #include "ProtocolAnalyzerSet.h"
 #include "plugin/Manager.h"
 
-using namespace zeek::llanalyzer;
+using namespace zeek::packet_analysis;
 
 Manager::Manager()
-	: plugin::ComponentManager<llanalyzer::Tag, llanalyzer::Component>("LLAnalyzer", "Tag")
+	: plugin::ComponentManager<packet_analysis::Tag, packet_analysis::Component>("PacketAnalyzer", "Tag")
 	{
 	}
 
@@ -23,11 +23,11 @@ Manager::~Manager()
 
 void Manager::InitPostScript()
 	{
-	auto llanalyzer_mapping = zeek::id::find("LLAnalyzer::config_map");
-	if ( ! llanalyzer_mapping )
+	auto analyzer_mapping = zeek::id::find("PacketAnalyzer::config_map");
+	if ( ! analyzer_mapping )
 		return;
 
-	auto mapping_val = llanalyzer_mapping->GetVal()->AsVectorVal();
+	auto mapping_val = analyzer_mapping->GetVal()->AsVectorVal();
 	if ( mapping_val->Size() == 0 )
 		return;
 
@@ -53,10 +53,10 @@ void Manager::Done()
 void Manager::DumpDebug()
 	{
 #ifdef DEBUG
-	DBG_LOG(DBG_LLANALYZER, "Available llanalyzers after zeek_init():");
+	DBG_LOG(DBG_PACKET_ANALYSIS, "Available packet analyzers after zeek_init():");
 	for ( auto& current : GetComponents() )
 		{
-		DBG_LOG(DBG_LLANALYZER, "    %s (%s)", current->Name().c_str(), IsEnabled(current->Tag()) ? "enabled" : "disabled");
+		DBG_LOG(DBG_PACKET_ANALYSIS, "    %s (%s)", current->Name().c_str(), IsEnabled(current->Tag()) ? "enabled" : "disabled");
 		}
 
 	// Dump Analyzer Set
@@ -72,7 +72,7 @@ bool Manager::EnableAnalyzer(const Tag& tag)
 	if ( ! p )
 		return false;
 
-	DBG_LOG(DBG_LLANALYZER, "Enabling analyzer %s", p->Name().c_str());
+	DBG_LOG(DBG_PACKET_ANALYSIS, "Enabling analyzer %s", p->Name().c_str());
 	p->SetEnabled(true);
 
 	return true;
@@ -85,7 +85,7 @@ bool Manager::EnableAnalyzer(EnumVal* val)
 	if ( ! p )
 		return false;
 
-	DBG_LOG(DBG_LLANALYZER, "Enabling analyzer %s", p->Name().c_str());
+	DBG_LOG(DBG_PACKET_ANALYSIS, "Enabling analyzer %s", p->Name().c_str());
 	p->SetEnabled(true);
 
 	return true;
@@ -98,7 +98,7 @@ bool Manager::DisableAnalyzer(const Tag& tag)
 	if ( ! p )
 		return false;
 
-	DBG_LOG(DBG_LLANALYZER, "Disabling analyzer %s", p->Name().c_str());
+	DBG_LOG(DBG_PACKET_ANALYSIS, "Disabling analyzer %s", p->Name().c_str());
 	p->SetEnabled(false);
 
 	return true;
@@ -111,7 +111,7 @@ bool Manager::DisableAnalyzer(EnumVal* val)
 	if ( ! p )
 		return false;
 
-	DBG_LOG(DBG_LLANALYZER, "Disabling analyzer %s", p->Name().c_str());
+	DBG_LOG(DBG_PACKET_ANALYSIS, "Disabling analyzer %s", p->Name().c_str());
 	p->SetEnabled(false);
 
 	return true;
@@ -119,14 +119,14 @@ bool Manager::DisableAnalyzer(EnumVal* val)
 
 void Manager::DisableAllAnalyzers()
 	{
-	DBG_LOG(DBG_LLANALYZER, "Disabling all analyzers");
+	DBG_LOG(DBG_PACKET_ANALYSIS, "Disabling all analyzers");
 
 	std::list<Component*> all_analyzers = GetComponents();
 	for ( const auto& analyzer : all_analyzers )
 		analyzer->SetEnabled(false);
 	}
 
-zeek::llanalyzer::Tag Manager::GetAnalyzerTag(const char* name)
+zeek::packet_analysis::Tag Manager::GetAnalyzerTag(const char* name)
 	{
 	return GetComponentTag(name);
 	}
@@ -160,7 +160,7 @@ Analyzer* Manager::InstantiateAnalyzer(const Tag& tag)
 
 	if ( ! c )
 		{
-		reporter->InternalWarning("request to instantiate unknown llanalyzer");
+		reporter->InternalWarning("request to instantiate unknown packet_analysis");
 		return nullptr;
 		}
 
@@ -201,7 +201,7 @@ void Manager::ProcessPacket(Packet* packet)
 	{
 #ifdef DEBUG
 	static size_t counter = 0;
-	DBG_LOG(DBG_LLANALYZER, "Analyzing packet %ld, ts=%.3f...", ++counter, packet->time);
+	DBG_LOG(DBG_PACKET_ANALYSIS, "Analyzing packet %ld, ts=%.3f...", ++counter, packet->time);
 #endif
 
 	if ( ! analyzer_set )
@@ -217,7 +217,7 @@ void Manager::ProcessPacket(Packet* packet)
 		// Analyzer not found
 		if ( current_analyzer == nullptr )
 			{
-			DBG_LOG(DBG_LLANALYZER, "Could not find analyzer for identifier %#x", next_layer_id);
+			DBG_LOG(DBG_PACKET_ANALYSIS, "Could not find analyzer for identifier %#x", next_layer_id);
 			packet->Weird("no_suitable_analyzer_found");
 			break;
 			}
@@ -229,14 +229,14 @@ void Manager::ProcessPacket(Packet* packet)
 		switch ( result )
 			{
 			case AnalyzerResult::Continue:
-				DBG_LOG(DBG_LLANALYZER, "Analysis in %s succeeded, next layer identifier is %#x.",
+				DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.",
 				        current_analyzer->GetAnalyzerName(), next_layer_id);
 				break;
 			case AnalyzerResult::Terminate:
-				DBG_LOG(DBG_LLANALYZER, "Done, last found layer identifier was %#x.", next_layer_id);
+				DBG_LOG(DBG_PACKET_ANALYSIS, "Done, last found layer identifier was %#x.", next_layer_id);
 				break;
 			case AnalyzerResult::Failed:
-				DBG_LOG(DBG_LLANALYZER, "Analysis failed in %s", current_analyzer->GetAnalyzerName());
+				DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis failed in %s", current_analyzer->GetAnalyzerName());
 			}
 #endif
 

src/packet_analysis/Manager.h

@@ -15,7 +15,7 @@
 #include "../Dict.h"
 #include "../net_util.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 class AnalyzerSet;
 
@@ -33,7 +33,7 @@ public:
 
 	/**
 	 * Second-stage initialization of the manager. This is called late
-	 * during Bro's initialization after any scripts are processed.
+	 * during Zeek's initialization after any scripts are processed.
 	 */
 	void InitPostScript();
 
@@ -164,4 +164,4 @@ private:
 
 }
 
-extern zeek::llanalyzer::Manager* llanalyzer_mgr;
+extern zeek::packet_analysis::Manager* packet_mgr;

src/packet_analysis/ProtocolAnalyzerSet.cc

@@ -2,7 +2,7 @@
 
 #include "ProtocolAnalyzerSet.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 ProtocolAnalyzerSet::ProtocolAnalyzerSet(Config& configuration, const std::string& default_analyzer_name)
 	{
@@ -16,7 +16,7 @@ ProtocolAnalyzerSet::ProtocolAnalyzerSet(Config& configuration, const std::strin
 				continue;
 
 			// Check if analyzer exists
-			if ( Analyzer* newAnalyzer = llanalyzer_mgr->InstantiateAnalyzer(current_mapping.second) )
+			if ( Analyzer* newAnalyzer = packet_mgr->InstantiateAnalyzer(current_mapping.second) )
 				analyzers.emplace(current_mapping.second, newAnalyzer);
 			}
 		}
@@ -24,14 +24,14 @@ ProtocolAnalyzerSet::ProtocolAnalyzerSet(Config& configuration, const std::strin
 	// Generate Dispatchers, starting at root
 	root_dispatcher = GetDispatcher(configuration, "ROOT");
 	if ( root_dispatcher == nullptr )
-		reporter->InternalError("No dispatching configuration for ROOT of llanalyzer set.");
+		reporter->InternalError("No dispatching configuration for ROOT of packet_analysis set.");
 
 	// Set up default analysis
 	auto it = analyzers.find(default_analyzer_name);
 	if ( it != analyzers.end() )
 		default_analyzer = it->second;
 	else
-		default_analyzer = llanalyzer_mgr->InstantiateAnalyzer(default_analyzer_name);
+		default_analyzer = packet_mgr->InstantiateAnalyzer(default_analyzer_name);
 
 	default_dispatcher = nullptr;
 	if ( default_analyzer != nullptr )
@@ -89,10 +89,10 @@ void ProtocolAnalyzerSet::Reset()
 void ProtocolAnalyzerSet::DumpDebug() const
 	{
 #ifdef DEBUG
-	DBG_LOG(DBG_LLANALYZER, "ProtocolAnalyzerSet FSM:");
+	DBG_LOG(DBG_PACKET_ANALYSIS, "ProtocolAnalyzerSet FSM:");
 	for ( const auto& current : dispatchers )
 		{
-		DBG_LOG(DBG_LLANALYZER, "  Dispatcher (%p): %s", current.second, current.first.c_str());
+		DBG_LOG(DBG_PACKET_ANALYSIS, "  Dispatcher (%p): %s", current.second, current.first.c_str());
 		current.second->DumpDebug();
 		}
 #endif

src/packet_analysis/ProtocolAnalyzerSet.h

@@ -8,7 +8,7 @@
 #include "dispatchers/UniversalDispatcher.h"
 #include "dispatchers/VectorDispatcher.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 class ProtocolAnalyzerSet : public AnalyzerSet {
 

src/packet_analysis/Tag.cc

@@ -3,12 +3,12 @@
 #include "Tag.h"
 #include "Manager.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 Tag Tag::Error;
 
 Tag::Tag(type_t type, subtype_t subtype)
-	: zeek::Tag(llanalyzer_mgr->GetTagType(), type, subtype)
+	: zeek::Tag(packet_mgr->GetTagType(), type, subtype)
 	{
 	}
 
@@ -20,7 +20,7 @@ Tag& Tag::operator=(const Tag& other)
 
 const IntrusivePtr<EnumVal>& Tag::AsVal() const
 	{
-	return zeek::Tag::AsVal(llanalyzer_mgr->GetTagType());
+	return zeek::Tag::AsVal(packet_mgr->GetTagType());
 	}
 
 EnumVal* Tag::AsEnumVal() const

src/packet_analysis/Tag.h

@@ -18,7 +18,7 @@ namespace plugin {
 		zeek::plugin::ComponentManager<T, C>;
 }
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 class Manager;
 class Component;
@@ -100,7 +100,7 @@ public:
 
 protected:
 
-	friend class llanalyzer::Manager;
+	friend class packet_analysis::Manager;
 	friend class plugin::ComponentManager<Tag, Component>;
 	friend class plugin::TaggedComponent<Tag>;
 

src/packet_analysis/dispatchers/Dispatcher.h

@@ -8,7 +8,7 @@
 #include "Analyzer.h"
 #include "Defines.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 class Dispatcher; // Forward decl for Value
 using register_pair = std::pair<identifier_t, std::pair<Analyzer*, Dispatcher*>>;

src/packet_analysis/dispatchers/UniversalDispatcher.cc

@@ -2,7 +2,7 @@
 
 #include "UniversalDispatcher.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 UniversalDispatcher::UniversalDispatcher() : generator(rd())
 	{
@@ -121,11 +121,11 @@ void UniversalDispatcher::Rehash()
 void UniversalDispatcher::DumpDebug() const
 	{
 #ifdef DEBUG
-	DBG_LOG(DBG_LLANALYZER, "  Dispatcher elements (used/total): %lu/%lu", Size(), table.size());
+	DBG_LOG(DBG_PACKET_ANALYSIS, "  Dispatcher elements (used/total): %lu/%lu", Size(), table.size());
 	for ( size_t i = 0; i < table.size(); i++ )
 		{
 		if ( table[i].second != nullptr )
-			DBG_LOG(DBG_LLANALYZER, "    %#8x => %s, %p", table[i].first, table[i].second->analyzer->GetAnalyzerName(), table[i].second->dispatcher);
+			DBG_LOG(DBG_PACKET_ANALYSIS, "    %#8x => %s, %p", table[i].first, table[i].second->analyzer->GetAnalyzerName(), table[i].second->dispatcher);
 		}
 #endif
 	}
@@ -147,7 +147,7 @@ void UniversalDispatcher::Rehash(const std::vector<pair_t>& intermediate)
 	{
 	while ( ! FindCollisionFreeHashFunction(intermediate) )
 		{
-		DBG_LOG(DBG_LLANALYZER, "Rehashing did not work. Increasing #bins to %" PRIu64 " (%" PRIu64 " bit).", (uint64_t)std::pow(2, m + 1), m + 1);
+		DBG_LOG(DBG_PACKET_ANALYSIS, "Rehashing did not work. Increasing #bins to %" PRIu64 " (%" PRIu64 " bit).", (uint64_t)std::pow(2, m + 1), m + 1);
 		SetBins(m + 1);
 		}
 	}
@@ -195,7 +195,7 @@ bool UniversalDispatcher::FindCollisionFreeHashFunction(const std::vector<pair_t
 		// Step 4: If the inserting finished without collisions, overwrite the previous table and exit
 		if ( finished )
 			{
-			DBG_LOG(DBG_LLANALYZER, "Took %lu rehash(es) to resolve.", i);
+			DBG_LOG(DBG_PACKET_ANALYSIS, "Took %lu rehash(es) to resolve.", i);
 			table = new_table;
 			return true;
 			}

src/packet_analysis/dispatchers/UniversalDispatcher.h

@@ -5,7 +5,7 @@
 #include <random>
 #include "Dispatcher.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 class UniversalDispatcher : public Dispatcher {
 public:

src/packet_analysis/dispatchers/VectorDispatcher.cc

@@ -4,7 +4,7 @@
 
 #include "VectorDispatcher.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 VectorDispatcher::~VectorDispatcher()
 	{
@@ -109,12 +109,12 @@ void VectorDispatcher::FreeValues()
 void VectorDispatcher::DumpDebug() const
 	{
 #ifdef DEBUG
-	DBG_LOG(DBG_LLANALYZER, "  Dispatcher elements (used/total): %lu/%lu", Size(), table.size());
-	DBG_LOG(DBG_LLANALYZER, "TABLE SIZE %lu", table.size());
+	DBG_LOG(DBG_PACKET_ANALYSIS, "  Dispatcher elements (used/total): %lu/%lu", Size(), table.size());
+	DBG_LOG(DBG_PACKET_ANALYSIS, "TABLE SIZE %lu", table.size());
 	for ( size_t i = 0; i < table.size(); i++ )
 		{
 		if ( table[i] != nullptr )
-			DBG_LOG(DBG_LLANALYZER, "    %#8lx => %s, %p", i+lowest_identifier, table[i]->analyzer->GetAnalyzerName(), table[i]->dispatcher);
+			DBG_LOG(DBG_PACKET_ANALYSIS, "    %#8lx => %s, %p", i+lowest_identifier, table[i]->analyzer->GetAnalyzerName(), table[i]->dispatcher);
 		}
 #endif
 	}

src/packet_analysis/dispatchers/VectorDispatcher.h

@@ -5,7 +5,7 @@
 #include <utility>
 #include "Dispatcher.h"
 
-namespace zeek::llanalyzer {
+namespace zeek::packet_analysis {
 
 class VectorDispatcher : public Dispatcher {
 public:

src/packet_analysis/protocol/arp/ARP.cc

@@ -2,14 +2,14 @@
 
 #include "ARP.h"
 
-using namespace zeek::llanalyzer::ARP;
+using namespace zeek::packet_analysis::ARP;
 
 ARPAnalyzer::ARPAnalyzer()
-	: zeek::llanalyzer::Analyzer("ARP")
+	: zeek::packet_analysis::Analyzer("ARP")
 	{
 	}
 
-std::tuple<zeek::llanalyzer::AnalyzerResult, zeek::llanalyzer::identifier_t> ARPAnalyzer::Analyze(Packet* packet)
+std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> ARPAnalyzer::Analyze(Packet* packet)
 	{
 	// TODO: Make ARP analyzer a native LL analyzer
 	packet->l3_proto = L3_ARP;

src/packet_analysis/protocol/arp/ARP.h

@@ -2,10 +2,10 @@
 
 #pragma once
 
-#include <llanalyzer/Analyzer.h>
-#include <llanalyzer/Component.h>
+#include <packet_analysis/Analyzer.h>
+#include <packet_analysis/Component.h>
 
-namespace zeek::llanalyzer::ARP {
+namespace zeek::packet_analysis::ARP {
 
 class ARPAnalyzer : public Analyzer {
 public:

src/packet_analysis/protocol/arp/Plugin.cc

@@ -2,20 +2,20 @@
 
 #include "plugin/Plugin.h"
 #include "ARP.h"
-#include "llanalyzer/Component.h"
+#include "packet_analysis/Component.h"
 
-namespace zeek::plugin::LLAnalyzer_ARP {
+namespace zeek::plugin::Zeek_ARP {
 
 class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure()
 		{
-		AddComponent(new zeek::llanalyzer::Component("ARP",
-		                 zeek::llanalyzer::ARP::ARPAnalyzer::Instantiate));
+		AddComponent(new zeek::packet_analysis::Component("ARP",
+		                 zeek::packet_analysis::ARP::ARPAnalyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
-		config.name = "LLAnalyzer::ARP";
-		config.description = "ARP LL-Analyzer";
+		config.name = "Zeek::ARP";
+		config.description = "ARP packet analyzer";
 		return config;
 		}
 

src/packet_analysis/protocol/default/Default.cc

@@ -3,14 +3,14 @@
 #include "Default.h"
 #include "NetVar.h"
 
-using namespace zeek::llanalyzer::Default;
+using namespace zeek::packet_analysis::Default;
 
 DefaultAnalyzer::DefaultAnalyzer()
-	: zeek::llanalyzer::Analyzer("DefaultAnalyzer")
+	: zeek::packet_analysis::Analyzer("DefaultAnalyzer")
 	{
 	}
 
-std::tuple<zeek::llanalyzer::AnalyzerResult, zeek::llanalyzer::identifier_t> DefaultAnalyzer::Analyze(Packet* packet)
+std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> DefaultAnalyzer::Analyze(Packet* packet)
 	{
 	auto& pdata = packet->cur_pos;
 

src/packet_analysis/protocol/default/Default.h

@@ -2,10 +2,10 @@
 
 #pragma once
 
-#include <llanalyzer/Analyzer.h>
-#include <llanalyzer/Component.h>
+#include <packet_analysis/Analyzer.h>
+#include <packet_analysis/Component.h>
 
-namespace zeek::llanalyzer::Default {
+namespace zeek::packet_analysis::Default {
 
 class DefaultAnalyzer : public Analyzer {
 public:

src/packet_analysis/protocol/default/Plugin.cc

@@ -0,0 +1,24 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "Default.h"
+#include "plugin/Plugin.h"
+#include "packet_analysis/Component.h"
+
+namespace zeek::plugin::Zeek_Default {
+
+class Plugin : public zeek::plugin::Plugin {
+public:
+	zeek::plugin::Configuration Configure()
+		{
+		AddComponent(new zeek::packet_analysis::Component("DefaultAnalyzer",
+		                 zeek::packet_analysis::Default::DefaultAnalyzer::Instantiate));
+
+		zeek::plugin::Configuration config;
+		config.name = "Zeek::DefaultAnalyzer";
+		config.description = "Default packet analyzer for IP fallback";
+		return config;
+		}
+
+} plugin;
+
+}

src/packet_analysis/protocol/ethernet/Ethernet.cc

@@ -3,14 +3,14 @@
 #include "Ethernet.h"
 #include "NetVar.h"
 
-using namespace zeek::llanalyzer::Ethernet;
+using namespace zeek::packet_analysis::Ethernet;
 
 EthernetAnalyzer::EthernetAnalyzer()
-	: zeek::llanalyzer::Analyzer("Ethernet")
+	: zeek::packet_analysis::Analyzer("Ethernet")
 	{
 	}
 
-std::tuple<zeek::llanalyzer::AnalyzerResult, zeek::llanalyzer::identifier_t> EthernetAnalyzer::Analyze(Packet* packet)
+std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> EthernetAnalyzer::Analyze(Packet* packet)
 	{
 	auto& pdata = packet->cur_pos;
 	auto end_of_data = packet->GetEndOfData();

src/packet_analysis/protocol/ethernet/Ethernet.h

@@ -2,10 +2,10 @@
 
 #pragma once
 
-#include <llanalyzer/Analyzer.h>
-#include <llanalyzer/Component.h>
+#include <packet_analysis/Analyzer.h>
+#include <packet_analysis/Component.h>
 
-namespace zeek::llanalyzer::Ethernet {
+namespace zeek::packet_analysis::Ethernet {
 
 class EthernetAnalyzer : public Analyzer {
 public:

src/packet_analysis/protocol/ethernet/Plugin.cc

@@ -0,0 +1,24 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "Ethernet.h"
+#include "plugin/Plugin.h"
+#include "packet_analysis/Component.h"
+
+namespace zeek::plugin::Zeek_Ethernet {
+
+class Plugin : public zeek::plugin::Plugin {
+public:
+	zeek::plugin::Configuration Configure()
+		{
+		AddComponent(new zeek::packet_analysis::Component("Ethernet",
+		                 zeek::packet_analysis::Ethernet::EthernetAnalyzer::Instantiate));
+
+		zeek::plugin::Configuration config;
+		config.name = "Zeek::Ethernet";
+		config.description = "Ethernet packet analyzer";
+		return config;
+		}
+
+} plugin;
+
+}

src/packet_analysis/protocol/fddi/FDDI.cc

@@ -3,14 +3,14 @@
 #include "FDDI.h"
 #include "NetVar.h"
 
-using namespace zeek::llanalyzer::FDDI;
+using namespace zeek::packet_analysis::FDDI;
 
 FDDIAnalyzer::FDDIAnalyzer()
-	: zeek::llanalyzer::Analyzer("FDDI")
+	: zeek::packet_analysis::Analyzer("FDDI")
 	{
 	}
 
-std::tuple<zeek::llanalyzer::AnalyzerResult, zeek::llanalyzer::identifier_t> FDDIAnalyzer::Analyze(Packet* packet)
+std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> FDDIAnalyzer::Analyze(Packet* packet)
 	{
 	auto& pdata = packet->cur_pos;
 	auto hdr_size = 13 + 8; // FDDI header + LLC

src/packet_analysis/protocol/fddi/FDDI.h

@@ -2,19 +2,19 @@
 
 #pragma once
 
-#include <llanalyzer/Analyzer.h>
-#include <llanalyzer/Component.h>
+#include <packet_analysis/Analyzer.h>
+#include <packet_analysis/Component.h>
 
-namespace zeek::llanalyzer::FDDI {
+namespace zeek::packet_analysis::FDDI {
 
-class FDDIAnalyzer : public zeek::llanalyzer::Analyzer {
+class FDDIAnalyzer : public zeek::packet_analysis::Analyzer {
 public:
 	FDDIAnalyzer();
 	~FDDIAnalyzer() override = default;
 
 	std::tuple<AnalyzerResult, identifier_t> Analyze(Packet* packet) override;
 
-	static zeek::llanalyzer::Analyzer* Instantiate()
+	static zeek::packet_analysis::Analyzer* Instantiate()
 		{
 		return new FDDIAnalyzer();
 		}

src/packet_analysis/protocol/fddi/Plugin.cc

@@ -2,20 +2,20 @@
 
 #include "FDDI.h"
 #include "plugin/Plugin.h"
-#include "llanalyzer/Component.h"
+#include "packet_analysis/Component.h"
 
-namespace zeek::plugin::LLAnalyzer_FDDI {
+namespace zeek::plugin::Zeek_FDDI {
 
 class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure()
 		{
-		AddComponent(new zeek::llanalyzer::Component("FDDI",
-		                 zeek::llanalyzer::FDDI::FDDIAnalyzer::Instantiate));
+		AddComponent(new zeek::packet_analysis::Component("FDDI",
+		                 zeek::packet_analysis::FDDI::FDDIAnalyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
-		config.name = "LLAnalyzer::FDDI";
-		config.description = "FDDI LL-Analyzer";
+		config.name = "Zeek::FDDI";
+		config.description = "FDDI packet analyzer";
 		return config;
 		}
 

src/packet_analysis/protocol/ieee802_11/IEEE802_11.cc

@@ -3,14 +3,14 @@
 #include "IEEE802_11.h"
 #include "NetVar.h"
 
-using namespace zeek::llanalyzer::IEEE802_11;
+using namespace zeek::packet_analysis::IEEE802_11;
 
 IEEE802_11Analyzer::IEEE802_11Analyzer()
-	: zeek::llanalyzer::Analyzer("IEEE802_11")
+	: zeek::packet_analysis::Analyzer("IEEE802_11")
 	{
 	}
 
-std::tuple<zeek::llanalyzer::AnalyzerResult, zeek::llanalyzer::identifier_t> IEEE802_11Analyzer::Analyze(Packet* packet)
+std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> IEEE802_11Analyzer::Analyze(Packet* packet)
 	{
 	auto& pdata = packet->cur_pos;
 	auto end_of_data = packet->GetEndOfData();

src/packet_analysis/protocol/ieee802_11/IEEE802_11.h

@@ -2,10 +2,10 @@
 
 #pragma once
 
-#include <llanalyzer/Analyzer.h>
-#include <llanalyzer/Component.h>
+#include <packet_analysis/Analyzer.h>
+#include <packet_analysis/Component.h>
 
-namespace zeek::llanalyzer::IEEE802_11 {
+namespace zeek::packet_analysis::IEEE802_11 {
 
 class IEEE802_11Analyzer : public Analyzer {
 public:

src/packet_analysis/protocol/ieee802_11/Plugin.cc

@@ -0,0 +1,24 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "IEEE802_11.h"
+#include "plugin/Plugin.h"
+#include "packet_analysis/Component.h"
+
+namespace zeek::plugin::Zeek_IEEE802_11 {
+
+class Plugin : public zeek::plugin::Plugin {
+public:
+	zeek::plugin::Configuration Configure()
+		{
+		AddComponent(new zeek::packet_analysis::Component("IEEE802_11",
+		                 zeek::packet_analysis::IEEE802_11::IEEE802_11Analyzer::Instantiate));
+
+		zeek::plugin::Configuration config;
+		config.name = "Zeek::IEEE802_11";
+		config.description = "IEEE 802.11 packet analyzer";
+		return config;
+		}
+
+} plugin;
+
+}

src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.cc

@@ -5,14 +5,14 @@
 #include "IEEE802_11_Radio.h"
 #include "NetVar.h"
 
-using namespace zeek::llanalyzer::IEEE802_11_Radio;
+using namespace zeek::packet_analysis::IEEE802_11_Radio;
 
 IEEE802_11_RadioAnalyzer::IEEE802_11_RadioAnalyzer()
-	: zeek::llanalyzer::Analyzer("IEEE802_11_Radio")
+	: zeek::packet_analysis::Analyzer("IEEE802_11_Radio")
 	{
 	}
 
-std::tuple<zeek::llanalyzer::AnalyzerResult, zeek::llanalyzer::identifier_t> IEEE802_11_RadioAnalyzer::Analyze(Packet* packet)
+std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> IEEE802_11_RadioAnalyzer::Analyze(Packet* packet)
 	{
 	auto pdata = packet->cur_pos;
 	auto end_of_data = packet->GetEndOfData();

src/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.h

@@ -2,10 +2,10 @@
 
 #pragma once
 
-#include <llanalyzer/Analyzer.h>
-#include <llanalyzer/Component.h>
+#include <packet_analysis/Analyzer.h>
+#include <packet_analysis/Component.h>
 
-namespace zeek::llanalyzer::IEEE802_11_Radio {
+namespace zeek::packet_analysis::IEEE802_11_Radio {
 
 class IEEE802_11_RadioAnalyzer : public Analyzer {
 public:

src/packet_analysis/protocol/ieee802_11_radio/Plugin.cc

@@ -0,0 +1,23 @@
+// See the file "COPYING" in the main distribution directory for copyright.
+
+#include "IEEE802_11_Radio.h"
+#include "plugin/Plugin.h"
+#include "packet_analysis/Component.h"
+
+namespace zeek::plugin::Zeek_IEEE802_11_Radio {
+
+class Plugin : public zeek::plugin::Plugin {
+public:
+	zeek::plugin::Configuration Configure()
+		{
+		AddComponent(new zeek::packet_analysis::Component("IEEE802_11_Radio",
+		                 zeek::packet_analysis::IEEE802_11_Radio::IEEE802_11_RadioAnalyzer::Instantiate));
+
+		zeek::plugin::Configuration config;
+		config.name = "Zeek::IEEE802_11_Radio";
+		config.description = "IEEE 802.11 Radiotap packet analyzer";
+		return config;
+		}
+
+} plugin;
+}

src/packet_analysis/protocol/ipv4/IPv4.cc

@@ -2,14 +2,14 @@
 
 #include "IPv4.h"
 
-using namespace zeek::llanalyzer::IPv4;
+using namespace zeek::packet_analysis::IPv4;
 
 IPv4Analyzer::IPv4Analyzer()
-	: zeek::llanalyzer::Analyzer("IPv4")
+	: zeek::packet_analysis::Analyzer("IPv4")
 	{
 	}
 
-std::tuple<zeek::llanalyzer::AnalyzerResult, zeek::llanalyzer::identifier_t> IPv4Analyzer::Analyze(Packet* packet)
+std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> IPv4Analyzer::Analyze(Packet* packet)
 	{
 	packet->l3_proto = L3_IPV4;
 

src/packet_analysis/protocol/ipv4/IPv4.h

@@ -2,10 +2,10 @@
 
 #pragma once
 
-#include <llanalyzer/Analyzer.h>
-#include <llanalyzer/Component.h>
+#include <packet_analysis/Analyzer.h>
+#include <packet_analysis/Component.h>
 
-namespace zeek::llanalyzer::IPv4 {
+namespace zeek::packet_analysis::IPv4 {
 
 class IPv4Analyzer : public Analyzer {
 public:

src/packet_analysis/protocol/ipv4/Plugin.cc

@@ -2,20 +2,20 @@
 
 #include "IPv4.h"
 #include "plugin/Plugin.h"
-#include "llanalyzer/Component.h"
+#include "packet_analysis/Component.h"
 
-namespace zeek::plugin::LLAnalyzer_IPv4 {
+namespace zeek::plugin::Zeek_IPv4 {
 
 class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure()
 		{
-		AddComponent(new zeek::llanalyzer::Component("IPv4",
-		                 zeek::llanalyzer::IPv4::IPv4Analyzer::Instantiate));
+		AddComponent(new zeek::packet_analysis::Component("IPv4",
+		                 zeek::packet_analysis::IPv4::IPv4Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
-		config.name = "LLAnalyzer::IPv4";
-		config.description = "IPv4 LL-Analyzer";
+		config.name = "Zeek::IPv4";
+		config.description = "IPv4 packet analyzer";
 		return config;
 		}
 

src/packet_analysis/protocol/ipv6/IPv6.cc

@@ -2,14 +2,14 @@
 
 #include "IPv6.h"
 
-using namespace zeek::llanalyzer::IPv6;
+using namespace zeek::packet_analysis::IPv6;
 
 IPv6Analyzer::IPv6Analyzer()
-	: zeek::llanalyzer::Analyzer("IPv6")
+	: zeek::packet_analysis::Analyzer("IPv6")
 	{
 	}
 
-std::tuple<zeek::llanalyzer::AnalyzerResult, zeek::llanalyzer::identifier_t> IPv6Analyzer::Analyze(Packet* packet)
+std::tuple<zeek::packet_analysis::AnalyzerResult, zeek::packet_analysis::identifier_t> IPv6Analyzer::Analyze(Packet* packet)
 	{
 	packet->l3_proto = L3_IPV6;
 

src/packet_analysis/protocol/ipv6/IPv6.h

@@ -2,10 +2,10 @@
 
 #pragma once
 
-#include <llanalyzer/Analyzer.h>
-#include <llanalyzer/Component.h>
+#include <packet_analysis/Analyzer.h>
+#include <packet_analysis/Component.h>
 
-namespace zeek::llanalyzer::IPv6 {
+namespace zeek::packet_analysis::IPv6 {
 
 class IPv6Analyzer : public Analyzer {
 public:

src/packet_analysis/protocol/ipv6/Plugin.cc

@@ -2,20 +2,20 @@
 
 #include "plugin/Plugin.h"
 #include "IPv6.h"
-#include "llanalyzer/Component.h"
+#include "packet_analysis/Component.h"
 
-namespace zeek::plugin::LLAnalyzer_IPv6 {
+namespace zeek::plugin::Zeek_IPv6 {
 
 class Plugin : public zeek::plugin::Plugin {
 public:
 	zeek::plugin::Configuration Configure()
 		{
-		AddComponent(new zeek::llanalyzer::Component("IPv6",
-		             zeek::llanalyzer::IPv6::IPv6Analyzer::Instantiate));
+		AddComponent(new zeek::packet_analysis::Component("IPv6",
+		             zeek::packet_analysis::IPv6::IPv6Analyzer::Instantiate));
 
 		zeek::plugin::Configuration config;
-		config.name = "LLAnalyzer::IPv6";
-		config.description = "IPv6 LL-Analyzer";
+		config.name = "Zeek::IPv6";
+		config.description = "IPv6 packet analyzer";
 		return config;
 		}
 } plugin;