Make default packet analyzer definition explicit.

src/packet_analysis/Analyzer.cc

@@ -2,6 +2,7 @@
 
 #include "Analyzer.h"
 
+#include "Dict.h"
 #include "DebugLogger.h"
 
 namespace zeek::packet_analysis {
@@ -26,6 +27,26 @@ void Analyzer::Init(const Tag& _tag)
 	tag = _tag;
 	}
 
+void Analyzer::Initialize()
+	{
+	std::string ns = util::fmt("PacketAnalyzer::%s::", GetAnalyzerName());
+
+	default_analyzer = LoadAnalyzer(ns +"default_analyzer");
+	}
+
+zeek::packet_analysis::AnalyzerPtr Analyzer::LoadAnalyzer(const std::string &name)
+	{
+	auto& analyzer = zeek::id::find(name);
+	if ( ! analyzer )
+		return nullptr;
+
+	auto& analyzer_val = analyzer->GetVal();
+	if ( ! analyzer_val )
+		return nullptr;
+
+	return packet_mgr->GetAnalyzer(analyzer_val->AsEnumVal());
+	}
+
 const Tag Analyzer::GetAnalyzerTag() const
 	{
 	assert(tag);

src/packet_analysis/Analyzer.h

@@ -37,8 +37,10 @@ public:
 	 * Initialize the analyzer. This method is called after the configuration
 	 * was read. Derived classes can override this method to implement custom
 	 * initialization.
+	 * When overriding this methods, always make sure to call the base-class
+	 * version to ensure proper initialization.
 	 */
-	virtual void Initialize() { };
+	virtual void Initialize();
 
 	/**
 	 * Returns the tag associated with the analyzer's type.
@@ -109,6 +111,14 @@ protected:
 	 */
 	AnalyzerPtr Lookup(uint32_t identifier) const;
 
+	/**
+	 * Returns an analyzer based on a script-land definition.
+	 *
+	 * @param name The script-land identifier for a PacketAnalyzer::Tag value.
+	 * @return The defined analyzer if available, else nullptr.
+	 */
+	AnalyzerPtr LoadAnalyzer(const std::string& name);
+
 	/**
 	 * Triggers analysis of the encapsulated packet. The encapsulated protocol
 	 * is determined using the given identifier.

src/packet_analysis/protocol/ethernet/Ethernet.cc

@@ -13,24 +13,13 @@ EthernetAnalyzer::EthernetAnalyzer()
 
 void EthernetAnalyzer::Initialize()
 	{
+	Analyzer::Initialize();
+
 	SNAPAnalyzer = LoadAnalyzer("PacketAnalyzer::Ethernet::snap_analyzer");
 	NovellRawAnalyzer = LoadAnalyzer("PacketAnalyzer::Ethernet::novell_raw_analyzer");
 	LLCAnalyzer = LoadAnalyzer("PacketAnalyzer::Ethernet::llc_analyzer");
 	}
 
-zeek::packet_analysis::AnalyzerPtr EthernetAnalyzer::LoadAnalyzer(const std::string &name)
-	{
-	auto& analyzer = zeek::id::find(name);
-	if ( ! analyzer )
-		return nullptr;
-
-	auto& analyzer_val = analyzer->GetVal();
-	if ( ! analyzer_val )
-		return nullptr;
-
-	return packet_mgr->GetAnalyzer(analyzer_val->AsEnumVal());
-	}
-
 bool EthernetAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	{
 	// Make sure that we actually got an entire ethernet header before trying

src/packet_analysis/protocol/ethernet/Ethernet.h

@@ -24,8 +24,6 @@ private:
 	AnalyzerPtr SNAPAnalyzer = nullptr;
 	AnalyzerPtr NovellRawAnalyzer = nullptr;
 	AnalyzerPtr LLCAnalyzer = nullptr;
-
-	AnalyzerPtr LoadAnalyzer(const std::string& name);
 };
 
 }

src/packet_analysis/protocol/skip/Skip.cc

@@ -12,7 +12,9 @@ SkipAnalyzer::SkipAnalyzer()
 
 void SkipAnalyzer::Initialize()
 	{
-	auto& skip_val = zeek::id::find_val("PacketAnalyzer::SkipAnalyzer::skip_bytes");
+	Analyzer::Initialize();
+
+	auto& skip_val = zeek::id::find_val("PacketAnalyzer::SKIP::skip_bytes");
 	if ( ! skip_val )
 		return;