Add command-line option to write unprocessed packets to a file

This commit also changes the PcapDumper to automatically flush after
every called to Dump(). This is because pcap_dump has an internal buffer
of some sort that only writes to the file after a set amount of bytes.
When using the new option on a low-traffic network, it might be a while
before you see any packets written since it has to overcome that buffer
limit first.

src/packet_analysis/Manager.cc

@@ -4,6 +4,7 @@
 
 #include "zeek/RunState.h"
 #include "zeek/Stats.h"
+#include "zeek/iosource/Manager.h"
 #include "zeek/iosource/PktDumper.h"
 #include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Dispatcher.h"
@@ -24,7 +25,7 @@ Manager::~Manager()
 	delete pkt_filter;
 	}
 
-void Manager::InitPostScript()
+void Manager::InitPostScript(const std::string& unprocessed_output_file)
 	{
 	// Instantiate objects for all available analyzers
 	for ( const auto& analyzerComponent : GetComponents() )
@@ -49,6 +50,10 @@ void Manager::InitPostScript()
 	unknown_sampling_threshold = id::find_val("UnknownProtocol::sampling_threshold")->AsCount();
 	unknown_sampling_duration = id::find_val("UnknownProtocol::sampling_duration")->AsInterval();
 	unknown_first_bytes_count = id::find_val("UnknownProtocol::first_bytes_count")->AsCount();
+
+	if ( ! unprocessed_output_file.empty() )
+		// This gets automatically cleaned up by iosource_mgr. No need to delete it locally.
+		unprocessed_dumper = iosource_mgr->OpenPktDumper(unprocessed_output_file, true);
 	}
 
 void Manager::Done() { }
@@ -114,6 +119,9 @@ void Manager::ProcessPacket(Packet* packet)
 
 		plugin_mgr->HookUnprocessedPacket(packet);
 
+		if ( unprocessed_dumper )
+			unprocessed_dumper->Dump(packet);
+
 		total_not_processed++;
 		}