btest/http: Explain switching-protocols test change as comment

DPD enables HTTP based on the content of the WebSocket frames. However,
it's not HTTP, the protocol is x-kaazing-handshake and the server sends
some form of status/acknowledge to the client first, so the HTTP and the
HTTP analyzer receives that as the first bytes of the response and
bails, oh well.

testing/btest/Baseline/scripts.base.protocols.http.101-switching-protocols/.stdout

@@ -1,2 +1,3 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+WebSocket::configure_analyzer, CHhAvVGS1DHFjwGM9, 7, x-kaazing-handshake
 Connection upgraded to websocket

testing/btest/Baseline/scripts.base.protocols.http.101-switching-protocols/websocket.log

@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	websocket
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	host	uri	user_agent	subprotocol	client_protocols	server_extensions	client_extensions
+#types	time	string	addr	port	addr	port	string	string	string	string	vector[string]	vector[string]	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.0.5	50798	54.148.114.85	80	sandbox.kaazing.net	/echo?.kl=Y	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:54.0) Gecko/20100101 Firefox/54.0	x-kaazing-handshake	x-kaazing-handshake	-	permessage-deflate
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/scripts/base/protocols/http/101-switching-protocols.zeek

@@ -1,13 +1,31 @@
-# This tests that the HTTP analyzer does not generate a dpd error as a
+# This tests that the HTTP analyzer upgrades to the WebSocket analyzer.
-# result of seeing an upgraded connection.
+#
+# Further, we implement a WebSocket::configure_analyzer() hook to prevent
+# DPD on the inner connection.
 #
 # @TEST-EXEC: zeek -r $TRACES/http/websocket.pcap %INPUT
-# @TEST-EXEC: test ! -f dpd.log
 # @TEST-EXEC: test ! -f weird.log
+# @TEST-EXEC: test ! -f dpd.log
 # @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff websocket.log
 # @TEST-EXEC: btest-diff .stdout
 
 event http_connection_upgrade(c: connection, protocol: string)
 	{
 	print fmt("Connection upgraded to %s", protocol);
 	}
+
+hook WebSocket::configure_analyzer(c: connection, aid: count, config: WebSocket::AnalyzerConfig)
+	{
+	if ( ! config?$subprotocol )
+		return;
+
+	print "WebSocket::configure_analyzer", c$uid, aid, config$subprotocol;
+	if ( config$subprotocol == "x-kaazing-handshake" )
+		# The originator's WebSocket frames match HTTP, so DPD would
+		# enable HTTP for the frame's payload, but the responder's frames
+		# contain some ack/status junk just before HTTP response that
+		# trigger a violation. Disable DPD for to prevent a dpd.log
+		# entry.
+		config$use_dpd = F;
+	}