Make default packet analyzer definition explicit.

scripts/base/packet-protocols/__load__.zeek

@@ -1,3 +1,4 @@
+@load base/packet-protocols/root
 @load base/packet-protocols/ip
 @load base/packet-protocols/skip
 @load base/packet-protocols/ethernet

scripts/base/packet-protocols/ethernet/main.zeek

@@ -1,6 +1,9 @@
-module PacketAnalyzer::Ethernet;
+module PacketAnalyzer::ETHERNET;
 
 export {
+	## Default analyzer
+	const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
+
 	## IEEE 802.2 SNAP analyzer
 	const snap_analyzer: PacketAnalyzer::Tag &redef;
 	## Novell raw IEEE 802.3 analyzer
@@ -22,5 +25,4 @@ redef PacketAnalyzer::config_map += {
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x88A8, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x9100, $analyzer=PacketAnalyzer::ANALYZER_VLAN),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $identifier=0x8864, $analyzer=PacketAnalyzer::ANALYZER_PPPOE),
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ETHERNET, $analyzer=PacketAnalyzer::ANALYZER_IP)
 };

scripts/base/packet-protocols/fddi/main.zeek

@@ -1,8 +1,12 @@
 module PacketAnalyzer::FDDI;
 
+export {
+	## Default analyzer
+	const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
+}
+
 const DLT_FDDI : count = 10;
 
 redef PacketAnalyzer::config_map += {
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $identifier=DLT_FDDI, $analyzer=PacketAnalyzer::ANALYZER_FDDI),
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_FDDI, $analyzer=PacketAnalyzer::ANALYZER_IP)
 };

scripts/base/packet-protocols/ip/main.zeek

@@ -1,7 +1,6 @@
 module PacketAnalyzer::IP;
 
 redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_ROOT, $analyzer=PacketAnalyzer::ANALYZER_IP),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IP, $identifier=4, $analyzer=PacketAnalyzer::ANALYZER_IPV4),
 	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_IP, $identifier=6, $analyzer=PacketAnalyzer::ANALYZER_IPV6)
 };

scripts/base/packet-protocols/mpls/main.zeek

@@ -1,5 +1,6 @@
 module PacketAnalyzer::MPLS;
 
-redef PacketAnalyzer::config_map += {
-   PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_MPLS, $analyzer=PacketAnalyzer::ANALYZER_IP)
-};
+export {
+	## Default analyzer
+	const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
+}

scripts/base/packet-protocols/root/__load__.zeek

@@ -0,0 +1 @@
+@load ./main

scripts/base/packet-protocols/root/main.zeek

@@ -0,0 +1,6 @@
+module PacketAnalyzer::ROOT;
+
+export {
+	## Default analyzer (if we don't know the link type, we assume raw IP)
+	const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
+}

scripts/base/packet-protocols/skip/main.zeek

@@ -1,10 +1,9 @@
-module PacketAnalyzer::SkipAnalyzer;
+module PacketAnalyzer::SKIP;
 
 export {
+	## Default analyzer
+	const default_analyzer: PacketAnalyzer::Tag = PacketAnalyzer::ANALYZER_IP &redef;
+
 	## Bytes to skip.
 	const skip_bytes: count = 0 &redef;
 }
-
-redef PacketAnalyzer::config_map += {
-	PacketAnalyzer::ConfigEntry($parent=PacketAnalyzer::ANALYZER_SKIP, $analyzer=PacketAnalyzer::ANALYZER_IP)
-};