ContentLine: Add GetDeliverStreamRemainingLength() accessor

Helper to get information from the ContentLine analyzer about
bytes still pending to be delivered. In certain cases this can
be a signal for weirdness.

src/analyzer/protocol/tcp/ContentLine.cc

@@ -30,6 +30,7 @@ void ContentLine_Analyzer::InitState() {
     delivery_length = -1;
     is_plain = false;
     suppress_weirds = false;
+    deliver_stream_remaining_length = 0;
 
     InitBuffer(0);
 }
@@ -149,6 +150,7 @@ void ContentLine_Analyzer::DoDeliver(int len, const u_char* data) {
             plain_delivery_length -= deliver_plain;
             is_plain = true;
 
+            deliver_stream_remaining_length = len - deliver_plain;
             ForwardStream(deliver_plain, data, IsOrig());
 
             is_plain = false;
@@ -207,6 +209,7 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data) {
         int seq_len = data + 1 - data_start;                                                                           \
         seq_delivered_in_lines = seq + seq_len;                                                                        \
         last_char = c;                                                                                                 \
+        deliver_stream_remaining_length = len - 1;                                                                     \
         ForwardStream(offset, buf, IsOrig());                                                                          \
         offset = 0;                                                                                                    \
         return seq_len;                                                                                                \

src/analyzer/protocol/tcp/ContentLine.h

@@ -47,6 +47,11 @@ public:
     int64_t GetPlainDeliveryLength() const { return plain_delivery_length; }
     bool IsPlainDelivery() { return is_plain; }
 
+    // Helper to check how many bytes are still in-flight for the
+    // current DeliverStream() invocation. This can be called
+    // by the parent during its DeliverStream() invocation.
+    int GetDeliverStreamRemainingLength() const { return deliver_stream_remaining_length; }
+
     // Skip <length> bytes after this line.
     // Can be used to skip HTTP data for performance considerations.
     void SkipBytesAfterThisLine(int64_t length);
@@ -107,6 +112,8 @@ protected:
 
     // Whether to skip partial conns.
     bool skip_partial;
+
+    int deliver_stream_remaining_length;
 };
 
 } // namespace zeek::analyzer::tcp