IPBasedAnalyzer: Call TapPacket() when skipping

When skip_further_processing() is called, a TapAnalyzer should still see
the packets as skipped with SkipReason "skipping".

src/packet_analysis/protocol/ip/IPBasedAnalyzer.cc

@@ -8,6 +8,7 @@
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/pia/PIA.h"
 #include "zeek/conn_key/Manager.h"
+#include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
 #include "zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h"
 #include "zeek/plugin/Manager.h"
 #include "zeek/session/Manager.h"
@@ -105,9 +106,11 @@ bool IPBasedAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pkt
     run_state::current_timestamp = run_state::processing_start_time;
     run_state::current_pkt = pkt;
 
-    // TODO: Does this actually mean anything?
-    if ( conn->GetSessionAdapter()->Skipping() )
+    const auto* adapter = conn->GetSessionAdapter();
+    if ( adapter->Skipping() ) {
+        adapter->TapPacket(pkt, PacketAction::Skip, SkipReason::SkipProcessing);
         return true;
+    }
 
     DeliverPacket(conn, run_state::processing_start_time, is_orig, len, pkt);
 

src/packet_analysis/protocol/ip/SessionAdapter.h

@@ -29,6 +29,7 @@ enum class SkipReason : uint8_t {
     Unknown,        ///< Placeholder if no other value fits.
     BadChecksum,    ///< The packet's checksum is invalid and ignore_checksums is false.
     BadProtoHeader, ///< Something was off with the lengths or offsets in the protocol header.
+    SkipProcessing, ///< The session adapter's connection had skip_further_processing called on it.
 };
 
 /**

testing/btest/Baseline/plugins.tap-analyzer/output

@@ -66,3 +66,22 @@ Packet(len=66 orig=0, verdict=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, verdict=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
 Done() uid=HhAvVGS1DHFjwGM9
 ===
+<...>/get.trace
+Init() uid=HhAvVGS1DHFjwGM9
+Analyzer added to HhAvVGS1DHFjwGM9
+Packet(len=78 orig=1, verdict=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=74 orig=0, verdict=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, verdict=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=202 orig=1, verdict=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=0, verdict=1 skip_reason=3) uid=HhAvVGS1DHFjwGM9
+Packet(len=1514 orig=0, verdict=1 skip_reason=3) uid=HhAvVGS1DHFjwGM9
+Packet(len=1514 orig=0, verdict=1 skip_reason=3) uid=HhAvVGS1DHFjwGM9
+Packet(len=1514 orig=0, verdict=1 skip_reason=3) uid=HhAvVGS1DHFjwGM9
+Packet(len=729 orig=0, verdict=1 skip_reason=3) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, verdict=1 skip_reason=3) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, verdict=1 skip_reason=3) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, verdict=1 skip_reason=3) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=0, verdict=1 skip_reason=3) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, verdict=1 skip_reason=3) uid=HhAvVGS1DHFjwGM9
+Done() uid=HhAvVGS1DHFjwGM9
+===

testing/btest/plugins/tap-analyzer.zeek

@@ -14,9 +14,13 @@
 # @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >>output
 #
 # @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT >>output
+# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT http_skip_further_processing=T >>output
 #
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output
 
+@load base/protocols/http
+
+
 event zeek_init()
 	{
 	print packet_source()$path;
@@ -26,3 +30,12 @@ event zeek_done()
 	{
 	print "===";
 	}
+
+
+global http_skip_further_processing = F &redef;
+
+event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string)
+	{
+	if ( http_skip_further_processing )
+		skip_further_processing(c$id);
+	}