Add Pcap::file_done event

It signals when a pcap file is done being processed.

src/event.bif

@@ -851,3 +851,8 @@ event new_event%(name: string, params: call_argument_vector%);
 
 ## Shows an IP address anonymization mapping.
 event anonymization_mapping%(orig: addr, mapped: addr%);
+
+## An event that signals a pcap file is done being processed.
+##
+## path: the filesystem path of the pcap file
+event Pcap::file_done%(path: string%);

src/iosource/pcap/Source.cc

@@ -6,6 +6,8 @@
 #include "iosource/Packet.h"
 #include "iosource/BPF_Program.h"
 
+#include "Event.h"
+
 #include "pcap.bif.h"
 
 #ifdef HAVE_PCAP_INT_H
@@ -47,6 +49,9 @@ void PcapSource::Close()
 	last_data = nullptr;
 
 	Closed();
+
+	if ( Pcap::file_done )
+		mgr.QueueEventFast(Pcap::file_done, {new StringVal(props.path)});
 	}
 
 void PcapSource::OpenLive()

testing/btest/Baseline/core.pcap_file_done/out

@@ -0,0 +1 @@
+pcap file done, /home/jon/pro/zeek/zeek/testing/btest/Traces/http/get.trace

testing/btest/core/pcap_file_done.zeek

@@ -0,0 +1,7 @@
+# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT >out
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
+
+event Pcap::file_done(path: string)
+	{
+	print "pcap file done", path;
+	}