From 9a62781174bc9cfed26bb77d8aa8e04d4225266c Mon Sep 17 00:00:00 2001
From: Kent Kvarfordt <kent.kvarfordt@gmail.com>
Date: Thu, 9 May 2024 19:12:37 -0600
Subject: [PATCH] Added type TagAndValue.  Updated type Message to parse an
 array of TagAndValue units until end-of-data is reached.  This *should* allow
 for a sequence of zero or more tag and value pairs.

---
 analyzer/protobuf.spicy | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/analyzer/protobuf.spicy b/analyzer/protobuf.spicy
index 68723cc..fef3933 100644
--- a/analyzer/protobuf.spicy
+++ b/analyzer/protobuf.spicy
@@ -7,14 +7,21 @@ public type Packet = unit {
 
     on %done {
         # Feed into Zeek's next-layer packet analysis.
-        zeek::forward_packet(self.payload);
+
+        # KBK - Comment out so we can build
+        #zeek::forward_packet(self.payload);
     }
 };
 
 # message := (tag value)*
 #     A message is encoded as a sequence of zero or more pairs of tags and values.
 type Message = unit {
-    # TODO
+    message: TagAndValue[] &eod;
+};
+
+type TagAndValue = unit {
+    tag:   Tag;
+    value: Value;
 };
 
 # tag := (field << 3) | wire_type