diff --git a/CHANGES b/CHANGES index d00ddde43c..2e88d251b7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,30 @@ +8.1.0-dev.19 | 2025-08-07 10:48:40 +0200 + + * btest/tap-analyzer: Update existing test and add new one for UpdateConnVal() (Arne Welzel, Corelight) + + This also changes the output of connection UIDs from the tap analyzer to be + prefixed with C for easier correlation with other logs. + + * SessionAdapter: Keep tap_analyzers until destruction (Arne Welzel, Corelight) + + connection_state_remove() is invoked after Done(), so it's not a good + idea to remove the tap analyzers before in case they have up-to-date + information for the connection val. + + * tcp,udp,icmp adapters: Move TapPacket() to earlier (Arne Welzel, Corelight) + + Writing a test, the packet was tapped after protocol analysis at least + for TCP. Ensure tapping happens before. The adapter->Process() moving + after pkt->session made me a bit wondering if things are underspecified + here, but seems reasonable to set the session on pkt before adapter->Process(). + + * tcp,udp,icmp adapters: Fix UpdateConnVal() superclass call (Arne Welzel, Corelight) + + Now that SessionAdapter implements UpdateConnVal(), the individual + adapters need to call that instead of Analyzer::UpdateConnVal() + + Thanks clang-tidy. + 8.1.0-dev.14 | 2025-08-06 14:37:50 +0100 * Add proto to analyzer.log (Johanna Amann, Corelight) diff --git a/VERSION b/VERSION index 2086ac9f95..69e235eaaa 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.1.0-dev.14 +8.1.0-dev.19 diff --git a/src/packet_analysis/protocol/icmp/ICMP.cc b/src/packet_analysis/protocol/icmp/ICMP.cc index 80878c8400..a99fbb2d03 100644 --- a/src/packet_analysis/protocol/icmp/ICMP.cc +++ b/src/packet_analysis/protocol/icmp/ICMP.cc @@ -112,11 +112,11 @@ void ICMPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int rema // handling those properly. pkt->session = c; - ForwardPacket(std::min(len, remaining), data, pkt); - - // Tap the packet before sending it to protocol analysis. + // Tap the packet before processing/forwarding. adapter->TapPacket(pkt); + ForwardPacket(std::min(len, remaining), data, pkt); + if ( remaining >= len ) adapter->ForwardPacket(len, data, is_orig, -1, ip.get(), remaining); diff --git a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc index 472df6a098..f0fb4ffb39 100644 --- a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc +++ b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc @@ -32,7 +32,7 @@ void ICMPSessionAdapter::UpdateConnVal(zeek::RecordVal* conn_val) { UpdateEndpointVal(orig_endp_val, true); UpdateEndpointVal(resp_endp_val, false); - analyzer::Analyzer::UpdateConnVal(conn_val); + SessionAdapter::UpdateConnVal(conn_val); } void ICMPSessionAdapter::UpdateEndpointVal(RecordVal* endp, bool is_orig) { diff --git a/src/packet_analysis/protocol/ip/SessionAdapter.cc b/src/packet_analysis/protocol/ip/SessionAdapter.cc index 06188ec8d7..56b400f7d9 100644 --- a/src/packet_analysis/protocol/ip/SessionAdapter.cc +++ b/src/packet_analysis/protocol/ip/SessionAdapter.cc @@ -12,9 +12,6 @@ void SessionAdapter::Done() { Analyzer::Done(); for ( const auto& ta : tap_analyzers ) ta->Done(); - - // Ensure no more TapPacket() calls after Done() on TapAnalyzer instances. - tap_analyzers.clear(); } bool SessionAdapter::IsReuse(double t, const u_char* pkt) { return parent->IsReuse(t, pkt); } diff --git a/src/packet_analysis/protocol/tcp/TCP.cc b/src/packet_analysis/protocol/tcp/TCP.cc index da5496efad..ef0e4b19b6 100644 --- a/src/packet_analysis/protocol/tcp/TCP.cc +++ b/src/packet_analysis/protocol/tcp/TCP.cc @@ -103,18 +103,18 @@ void TCPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int remai return; } - adapter->Process(is_orig, tp, len, ip, data, remaining); - // Store the session in the packet in case we get an encapsulation here. We need it for // handling those properly. pkt->session = c; + // Tap the packet before processing/forwarding. + adapter->TapPacket(pkt); + + adapter->Process(is_orig, tp, len, ip, data, remaining); + // Send the packet back into the packet analysis framework. ForwardPacket(std::min(len, remaining), data, pkt); - // Tap the packet before sending it to session analysis. - adapter->TapPacket(pkt); - // Call DeliverPacket on the adapter directly here. Normally we'd call ForwardPacket // but this adapter does some other things in its DeliverPacket with the packet children // analyzers. diff --git a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc index b7a73d5da1..61da05ca85 100644 --- a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc +++ b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc @@ -1044,7 +1044,7 @@ void TCPSessionAdapter::UpdateConnVal(RecordVal* conn_val) { resp_endp_val->Assign(1, resp->state); // Call children's UpdateConnVal - Analyzer::UpdateConnVal(conn_val); + SessionAdapter::UpdateConnVal(conn_val); // Have to do packet_children ourselves. for ( Analyzer* a : packet_children ) diff --git a/src/packet_analysis/protocol/udp/UDP.cc b/src/packet_analysis/protocol/udp/UDP.cc index 82cea42534..309aa28814 100644 --- a/src/packet_analysis/protocol/udp/UDP.cc +++ b/src/packet_analysis/protocol/udp/UDP.cc @@ -190,15 +190,15 @@ void UDPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int remai // handling those properly. pkt->session = c; + // Tap the packet before processing/forwarding. + adapter->TapPacket(pkt); + // Send the packet back into the packet analysis framework. We only check the response // port here because the orig/resp should have already swapped around based on // likely_server_ports. This also prevents us from processing things twice if protocol // detection has to be used. ForwardPacket(std::min(len, remaining), data, pkt, ntohs(c->RespPort())); - // Tap the packet before sending it to session analysis. - adapter->TapPacket(pkt); - // Forward any data through session-analysis, too. adapter->ForwardPacket(std::min(len, remaining), data, is_orig, -1, ip.get(), pkt->cap_len); } diff --git a/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc b/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc index 8f0a1761d8..fa5adc39e7 100644 --- a/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc +++ b/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc @@ -33,7 +33,7 @@ void UDPSessionAdapter::UpdateConnVal(RecordVal* conn_val) { UpdateEndpointVal(resp_endp_val, false); // Call children's UpdateConnVal - Analyzer::UpdateConnVal(conn_val); + SessionAdapter::UpdateConnVal(conn_val); } void UDPSessionAdapter::UpdateEndpointVal(RecordVal* endp, bool is_orig) { diff --git a/testing/btest/Baseline/plugins.tap-analyzer-conn-val/output b/testing/btest/Baseline/plugins.tap-analyzer-conn-val/output new file mode 100644 index 0000000000..9e14ce9832 --- /dev/null +++ b/testing/btest/Baseline/plugins.tap-analyzer-conn-val/output @@ -0,0 +1,462 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +<...>/get.trace +Analyzer added to uid=CHhAvVGS1DHFjwGM9 +Packet(len=78 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=202 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +http_request: uid=CHhAvVGS1DHFjwGM9 deliver=4 skip=0 +Packet(len=66 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=729 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +connection_state_remove: CHhAvVGS1DHFjwGM9 deliver=14 skip=0 +=== +<...>/get.trace +Analyzer added to uid=CHhAvVGS1DHFjwGM9 +Packet(len=78 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=202 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +http_request: uid=CHhAvVGS1DHFjwGM9 deliver=4 skip=0 +skip_further_processing uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=729 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +connection_state_remove: CHhAvVGS1DHFjwGM9 deliver=4 skip=10 +=== +<...>/wikipedia.trace +Analyzer added to uid=CHhAvVGS1DHFjwGM9 +Packet(len=87 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Analyzer added to uid=ClEkJM2Vm5giqnMf4h +Packet(len=213 orig=1, action=0 skip_reason=0) uid=ClEkJM2Vm5giqnMf4h +Analyzer added to uid=C4J4Th3PJpwUYZZ6gc +Packet(len=193 orig=1, action=0 skip_reason=0) uid=C4J4Th3PJpwUYZZ6gc +Analyzer added to uid=CtPZjS20MLrsMUOJi2 +Packet(len=529 orig=1, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2 +Packet(len=416 orig=0, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2 +Analyzer added to uid=CUM0KZ3MLUfNB0cl11 +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +Packet(len=591 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +http_request: uid=CUM0KZ3MLUfNB0cl11 deliver=4 skip=0 +Packet(len=66 orig=0, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +Packet(len=298 orig=0, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +Analyzer added to uid=CmES5u32sYpV7JYN +Packet(len=80 orig=1, action=0 skip_reason=0) uid=CmES5u32sYpV7JYN +Packet(len=131 orig=0, action=0 skip_reason=0) uid=CmES5u32sYpV7JYN +Analyzer added to uid=CP5puj4I8PtEU4qzYg +Packet(len=94 orig=1, action=0 skip_reason=0) uid=CP5puj4I8PtEU4qzYg +Packet(len=141 orig=0, action=0 skip_reason=0) uid=CP5puj4I8PtEU4qzYg +Analyzer added to uid=C37jN32gN3y3AZzyf6 +Packet(len=80 orig=1, action=0 skip_reason=0) uid=C37jN32gN3y3AZzyf6 +Packet(len=225 orig=0, action=0 skip_reason=0) uid=C37jN32gN3y3AZzyf6 +Analyzer added to uid=C3eiCBGOLw3VtHfOj +Packet(len=74 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Analyzer added to uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Analyzer added to uid=C0LAHyvtKSQHyJxIl +Packet(len=80 orig=1, action=0 skip_reason=0) uid=C0LAHyvtKSQHyJxIl +Packet(len=131 orig=0, action=0 skip_reason=0) uid=C0LAHyvtKSQHyJxIl +Analyzer added to uid=CFLRIC3zaTU1loLGxh +Packet(len=94 orig=1, action=0 skip_reason=0) uid=CFLRIC3zaTU1loLGxh +Packet(len=141 orig=0, action=0 skip_reason=0) uid=CFLRIC3zaTU1loLGxh +Analyzer added to uid=C9rXSW3KSpTYvPrlI1 +Packet(len=80 orig=1, action=0 skip_reason=0) uid=C9rXSW3KSpTYvPrlI1 +Packet(len=225 orig=0, action=0 skip_reason=0) uid=C9rXSW3KSpTYvPrlI1 +Analyzer added to uid=Ck51lg1bScffFj34Ri +Packet(len=74 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Analyzer added to uid=C9mvWx3ezztgzcexV7 +Packet(len=80 orig=1, action=0 skip_reason=0) uid=C9mvWx3ezztgzcexV7 +Packet(len=131 orig=0, action=0 skip_reason=0) uid=C9mvWx3ezztgzcexV7 +Analyzer added to uid=CNnMIj2QSd84NKf7U3 +Packet(len=94 orig=1, action=0 skip_reason=0) uid=CNnMIj2QSd84NKf7U3 +Packet(len=141 orig=0, action=0 skip_reason=0) uid=CNnMIj2QSd84NKf7U3 +Analyzer added to uid=C7fIlMZDuRiqjpYbb +Packet(len=80 orig=1, action=0 skip_reason=0) uid=C7fIlMZDuRiqjpYbb +Packet(len=225 orig=0, action=0 skip_reason=0) uid=C7fIlMZDuRiqjpYbb +Analyzer added to uid=CykQaM33ztNt0csB9a +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Analyzer added to uid=CtxTCR2Yer0FR1tIBg +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Analyzer added to uid=CpmdRlaUoJLN3uIRa +Packet(len=80 orig=1, action=0 skip_reason=0) uid=CpmdRlaUoJLN3uIRa +Packet(len=131 orig=0, action=0 skip_reason=0) uid=CpmdRlaUoJLN3uIRa +Analyzer added to uid=C1Xkzz2MaGtLrc1Tla +Packet(len=94 orig=1, action=0 skip_reason=0) uid=C1Xkzz2MaGtLrc1Tla +Packet(len=141 orig=0, action=0 skip_reason=0) uid=C1Xkzz2MaGtLrc1Tla +Analyzer added to uid=CqlVyW1YwZ15RhTBc4 +Packet(len=80 orig=1, action=0 skip_reason=0) uid=CqlVyW1YwZ15RhTBc4 +Packet(len=225 orig=0, action=0 skip_reason=0) uid=CqlVyW1YwZ15RhTBc4 +Analyzer added to uid=CLNN1k2QMum1aexUK7 +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Analyzer added to uid=CBA8792iHmnhPLksKa +Packet(len=78 orig=1, action=0 skip_reason=0) uid=CBA8792iHmnhPLksKa +Packet(len=173 orig=0, action=0 skip_reason=0) uid=CBA8792iHmnhPLksKa +Analyzer added to uid=CGLPPc35OzDQij1XX8 +Packet(len=78 orig=1, action=0 skip_reason=0) uid=CGLPPc35OzDQij1XX8 +Packet(len=240 orig=0, action=0 skip_reason=0) uid=CGLPPc35OzDQij1XX8 +Analyzer added to uid=CiyBAq1bBLNaTiTAc +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=612 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +http_request: uid=CwjjYJ2WqgTbAqiHl6 deliver=4 skip=0 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Packet(len=66 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Packet(len=654 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +http_request: uid=C3eiCBGOLw3VtHfOj deliver=4 skip=0 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Packet(len=66 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Packet(len=615 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +http_request: uid=Ck51lg1bScffFj34Ri deliver=4 skip=0 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Packet(len=620 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +http_request: uid=CykQaM33ztNt0csB9a deliver=4 skip=0 +Packet(len=639 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +http_request: uid=CtxTCR2Yer0FR1tIBg deliver=4 skip=0 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Packet(len=645 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +http_request: uid=CLNN1k2QMum1aexUK7 deliver=4 skip=0 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +Packet(len=600 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +http_request: uid=CiyBAq1bBLNaTiTAc deliver=4 skip=0 +Packet(len=66 orig=0, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=66 orig=0, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Packet(len=433 orig=0, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=645 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +http_request: uid=CwjjYJ2WqgTbAqiHl6 deliver=8 skip=0 +Packet(len=432 orig=0, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Packet(len=66 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Packet(len=649 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +http_request: uid=C3eiCBGOLw3VtHfOj deliver=8 skip=0 +Packet(len=66 orig=0, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Packet(len=433 orig=0, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Packet(len=66 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Packet(len=647 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +http_request: uid=Ck51lg1bScffFj34Ri deliver=8 skip=0 +Packet(len=66 orig=0, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=0, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Packet(len=433 orig=0, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Packet(len=433 orig=0, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=0, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Packet(len=649 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +http_request: uid=CykQaM33ztNt0csB9a deliver=8 skip=0 +Packet(len=641 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +http_request: uid=CtxTCR2Yer0FR1tIBg deliver=8 skip=0 +Packet(len=433 orig=0, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Packet(len=665 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +http_request: uid=CLNN1k2QMum1aexUK7 deliver=8 skip=0 +Packet(len=66 orig=0, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +Packet(len=478 orig=0, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +Packet(len=433 orig=0, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=433 orig=0, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Packet(len=433 orig=0, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Packet(len=66 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Packet(len=433 orig=0, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Packet(len=432 orig=0, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Packet(len=433 orig=0, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Analyzer added to uid=CFSwNi4CNGxcuffo49 +Packet(len=62 orig=0, action=0 skip_reason=0) uid=CFSwNi4CNGxcuffo49 +Analyzer added to uid=Cipfzj1BEnhejw8cGf +Packet(len=99 orig=1, action=0 skip_reason=0) uid=Cipfzj1BEnhejw8cGf +Analyzer added to uid=CV5WJ42jPYbNW9JNWf +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Analyzer added to uid=CPhDKt12KQPUVbQz06 +Packet(len=95 orig=1, action=0 skip_reason=0) uid=CPhDKt12KQPUVbQz06 +Analyzer added to uid=CAnFrb2Cvxr5T7quOc +Packet(len=75 orig=1, action=0 skip_reason=0) uid=CAnFrb2Cvxr5T7quOc +Packet(len=95 orig=1, action=0 skip_reason=0) uid=CPhDKt12KQPUVbQz06 +Packet(len=75 orig=1, action=0 skip_reason=0) uid=CAnFrb2Cvxr5T7quOc +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Analyzer added to uid=C8rquZ3DjgNW06JGLl +Packet(len=95 orig=1, action=0 skip_reason=0) uid=C8rquZ3DjgNW06JGLl +Analyzer added to uid=CzrZOtXqhwwndQva3 +Packet(len=75 orig=1, action=0 skip_reason=0) uid=CzrZOtXqhwwndQva3 +Analyzer added to uid=CaGCc13FffXe6RkQl9 +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CaGCc13FffXe6RkQl9 +Packet(len=95 orig=1, action=0 skip_reason=0) uid=C8rquZ3DjgNW06JGLl +Packet(len=75 orig=1, action=0 skip_reason=0) uid=CzrZOtXqhwwndQva3 +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +connection_state_remove: C0LAHyvtKSQHyJxIl deliver=2 skip=0 +connection_state_remove: CP5puj4I8PtEU4qzYg deliver=2 skip=0 +connection_state_remove: CNnMIj2QSd84NKf7U3 deliver=2 skip=0 +connection_state_remove: C37jN32gN3y3AZzyf6 deliver=2 skip=0 +connection_state_remove: CmES5u32sYpV7JYN deliver=2 skip=0 +connection_state_remove: CpmdRlaUoJLN3uIRa deliver=2 skip=0 +connection_state_remove: CqlVyW1YwZ15RhTBc4 deliver=2 skip=0 +connection_state_remove: C1Xkzz2MaGtLrc1Tla deliver=2 skip=0 +connection_state_remove: CGLPPc35OzDQij1XX8 deliver=2 skip=0 +connection_state_remove: CBA8792iHmnhPLksKa deliver=2 skip=0 +connection_state_remove: C9mvWx3ezztgzcexV7 deliver=2 skip=0 +connection_state_remove: C9rXSW3KSpTYvPrlI1 deliver=2 skip=0 +connection_state_remove: C7fIlMZDuRiqjpYbb deliver=2 skip=0 +connection_state_remove: CFLRIC3zaTU1loLGxh deliver=2 skip=0 +connection_state_remove: Cipfzj1BEnhejw8cGf deliver=1 skip=0 +connection_state_remove: C4J4Th3PJpwUYZZ6gc deliver=1 skip=0 +connection_state_remove: CtPZjS20MLrsMUOJi2 deliver=3 skip=0 +connection_state_remove: CiyBAq1bBLNaTiTAc deliver=7 skip=0 +connection_state_remove: C3eiCBGOLw3VtHfOj deliver=10 skip=0 +connection_state_remove: CwjjYJ2WqgTbAqiHl6 deliver=10 skip=0 +connection_state_remove: Ck51lg1bScffFj34Ri deliver=10 skip=0 +connection_state_remove: CykQaM33ztNt0csB9a deliver=10 skip=0 +connection_state_remove: CtxTCR2Yer0FR1tIBg deliver=10 skip=0 +connection_state_remove: CLNN1k2QMum1aexUK7 deliver=10 skip=0 +connection_state_remove: CUM0KZ3MLUfNB0cl11 deliver=7 skip=0 +connection_state_remove: CHhAvVGS1DHFjwGM9 deliver=1 skip=0 +connection_state_remove: CV5WJ42jPYbNW9JNWf deliver=7 skip=0 +connection_state_remove: CAnFrb2Cvxr5T7quOc deliver=2 skip=0 +connection_state_remove: CzrZOtXqhwwndQva3 deliver=2 skip=0 +connection_state_remove: CFSwNi4CNGxcuffo49 deliver=1 skip=0 +connection_state_remove: CaGCc13FffXe6RkQl9 deliver=1 skip=0 +connection_state_remove: ClEkJM2Vm5giqnMf4h deliver=1 skip=0 +connection_state_remove: C8rquZ3DjgNW06JGLl deliver=2 skip=0 +connection_state_remove: CPhDKt12KQPUVbQz06 deliver=2 skip=0 +=== +<...>/wikipedia.trace +Analyzer added to uid=CHhAvVGS1DHFjwGM9 +Packet(len=87 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Analyzer added to uid=ClEkJM2Vm5giqnMf4h +Packet(len=213 orig=1, action=0 skip_reason=0) uid=ClEkJM2Vm5giqnMf4h +Analyzer added to uid=C4J4Th3PJpwUYZZ6gc +Packet(len=193 orig=1, action=0 skip_reason=0) uid=C4J4Th3PJpwUYZZ6gc +Analyzer added to uid=CtPZjS20MLrsMUOJi2 +Packet(len=529 orig=1, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2 +Packet(len=416 orig=0, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2 +Analyzer added to uid=CUM0KZ3MLUfNB0cl11 +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +Packet(len=591 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11 +http_request: uid=CUM0KZ3MLUfNB0cl11 deliver=4 skip=0 +skip_further_processing uid=CUM0KZ3MLUfNB0cl11 +Packet(len=66 orig=0, action=1 skip_reason=4) uid=CUM0KZ3MLUfNB0cl11 +Packet(len=298 orig=0, action=1 skip_reason=4) uid=CUM0KZ3MLUfNB0cl11 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CUM0KZ3MLUfNB0cl11 +Analyzer added to uid=CmES5u32sYpV7JYN +Packet(len=80 orig=1, action=0 skip_reason=0) uid=CmES5u32sYpV7JYN +Packet(len=131 orig=0, action=0 skip_reason=0) uid=CmES5u32sYpV7JYN +Analyzer added to uid=CP5puj4I8PtEU4qzYg +Packet(len=94 orig=1, action=0 skip_reason=0) uid=CP5puj4I8PtEU4qzYg +Packet(len=141 orig=0, action=0 skip_reason=0) uid=CP5puj4I8PtEU4qzYg +Analyzer added to uid=C37jN32gN3y3AZzyf6 +Packet(len=80 orig=1, action=0 skip_reason=0) uid=C37jN32gN3y3AZzyf6 +Packet(len=225 orig=0, action=0 skip_reason=0) uid=C37jN32gN3y3AZzyf6 +Analyzer added to uid=C3eiCBGOLw3VtHfOj +Packet(len=74 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Analyzer added to uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Analyzer added to uid=C0LAHyvtKSQHyJxIl +Packet(len=80 orig=1, action=0 skip_reason=0) uid=C0LAHyvtKSQHyJxIl +Packet(len=131 orig=0, action=0 skip_reason=0) uid=C0LAHyvtKSQHyJxIl +Analyzer added to uid=CFLRIC3zaTU1loLGxh +Packet(len=94 orig=1, action=0 skip_reason=0) uid=CFLRIC3zaTU1loLGxh +Packet(len=141 orig=0, action=0 skip_reason=0) uid=CFLRIC3zaTU1loLGxh +Analyzer added to uid=C9rXSW3KSpTYvPrlI1 +Packet(len=80 orig=1, action=0 skip_reason=0) uid=C9rXSW3KSpTYvPrlI1 +Packet(len=225 orig=0, action=0 skip_reason=0) uid=C9rXSW3KSpTYvPrlI1 +Analyzer added to uid=Ck51lg1bScffFj34Ri +Packet(len=74 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Analyzer added to uid=C9mvWx3ezztgzcexV7 +Packet(len=80 orig=1, action=0 skip_reason=0) uid=C9mvWx3ezztgzcexV7 +Packet(len=131 orig=0, action=0 skip_reason=0) uid=C9mvWx3ezztgzcexV7 +Analyzer added to uid=CNnMIj2QSd84NKf7U3 +Packet(len=94 orig=1, action=0 skip_reason=0) uid=CNnMIj2QSd84NKf7U3 +Packet(len=141 orig=0, action=0 skip_reason=0) uid=CNnMIj2QSd84NKf7U3 +Analyzer added to uid=C7fIlMZDuRiqjpYbb +Packet(len=80 orig=1, action=0 skip_reason=0) uid=C7fIlMZDuRiqjpYbb +Packet(len=225 orig=0, action=0 skip_reason=0) uid=C7fIlMZDuRiqjpYbb +Analyzer added to uid=CykQaM33ztNt0csB9a +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Analyzer added to uid=CtxTCR2Yer0FR1tIBg +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Analyzer added to uid=CpmdRlaUoJLN3uIRa +Packet(len=80 orig=1, action=0 skip_reason=0) uid=CpmdRlaUoJLN3uIRa +Packet(len=131 orig=0, action=0 skip_reason=0) uid=CpmdRlaUoJLN3uIRa +Analyzer added to uid=C1Xkzz2MaGtLrc1Tla +Packet(len=94 orig=1, action=0 skip_reason=0) uid=C1Xkzz2MaGtLrc1Tla +Packet(len=141 orig=0, action=0 skip_reason=0) uid=C1Xkzz2MaGtLrc1Tla +Analyzer added to uid=CqlVyW1YwZ15RhTBc4 +Packet(len=80 orig=1, action=0 skip_reason=0) uid=CqlVyW1YwZ15RhTBc4 +Packet(len=225 orig=0, action=0 skip_reason=0) uid=CqlVyW1YwZ15RhTBc4 +Analyzer added to uid=CLNN1k2QMum1aexUK7 +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Analyzer added to uid=CBA8792iHmnhPLksKa +Packet(len=78 orig=1, action=0 skip_reason=0) uid=CBA8792iHmnhPLksKa +Packet(len=173 orig=0, action=0 skip_reason=0) uid=CBA8792iHmnhPLksKa +Analyzer added to uid=CGLPPc35OzDQij1XX8 +Packet(len=78 orig=1, action=0 skip_reason=0) uid=CGLPPc35OzDQij1XX8 +Packet(len=240 orig=0, action=0 skip_reason=0) uid=CGLPPc35OzDQij1XX8 +Analyzer added to uid=CiyBAq1bBLNaTiTAc +Packet(len=74 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=612 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6 +http_request: uid=CwjjYJ2WqgTbAqiHl6 deliver=4 skip=0 +skip_further_processing uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Packet(len=66 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +Packet(len=654 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj +http_request: uid=C3eiCBGOLw3VtHfOj deliver=4 skip=0 +skip_further_processing uid=C3eiCBGOLw3VtHfOj +Packet(len=74 orig=0, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Packet(len=66 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +Packet(len=615 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri +http_request: uid=Ck51lg1bScffFj34Ri deliver=4 skip=0 +skip_further_processing uid=Ck51lg1bScffFj34Ri +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +Packet(len=620 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a +http_request: uid=CykQaM33ztNt0csB9a deliver=4 skip=0 +skip_further_processing uid=CykQaM33ztNt0csB9a +Packet(len=639 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg +http_request: uid=CtxTCR2Yer0FR1tIBg deliver=4 skip=0 +skip_further_processing uid=CtxTCR2Yer0FR1tIBg +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +Packet(len=645 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7 +http_request: uid=CLNN1k2QMum1aexUK7 deliver=4 skip=0 +skip_further_processing uid=CLNN1k2QMum1aexUK7 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +Packet(len=600 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc +http_request: uid=CiyBAq1bBLNaTiTAc deliver=4 skip=0 +skip_further_processing uid=CiyBAq1bBLNaTiTAc +Packet(len=66 orig=0, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=66 orig=0, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj +Packet(len=433 orig=0, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=645 orig=1, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=432 orig=0, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj +Packet(len=66 orig=1, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj +Packet(len=649 orig=1, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj +Packet(len=66 orig=0, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri +Packet(len=433 orig=0, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri +Packet(len=66 orig=1, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri +Packet(len=647 orig=1, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri +Packet(len=66 orig=0, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=0, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg +Packet(len=433 orig=0, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg +Packet(len=433 orig=0, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=0, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7 +Packet(len=649 orig=1, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a +Packet(len=641 orig=1, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg +Packet(len=433 orig=0, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7 +Packet(len=665 orig=1, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7 +Packet(len=66 orig=0, action=1 skip_reason=4) uid=CiyBAq1bBLNaTiTAc +Packet(len=478 orig=0, action=1 skip_reason=4) uid=CiyBAq1bBLNaTiTAc +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CiyBAq1bBLNaTiTAc +Packet(len=433 orig=0, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=433 orig=0, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj +Packet(len=433 orig=0, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri +Packet(len=66 orig=1, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj +Packet(len=433 orig=0, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg +Packet(len=432 orig=0, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri +Packet(len=433 orig=0, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7 +Analyzer added to uid=CFSwNi4CNGxcuffo49 +Packet(len=62 orig=0, action=0 skip_reason=0) uid=CFSwNi4CNGxcuffo49 +Analyzer added to uid=Cipfzj1BEnhejw8cGf +Packet(len=99 orig=1, action=0 skip_reason=0) uid=Cipfzj1BEnhejw8cGf +Analyzer added to uid=CV5WJ42jPYbNW9JNWf +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Analyzer added to uid=CPhDKt12KQPUVbQz06 +Packet(len=95 orig=1, action=0 skip_reason=0) uid=CPhDKt12KQPUVbQz06 +Analyzer added to uid=CAnFrb2Cvxr5T7quOc +Packet(len=75 orig=1, action=0 skip_reason=0) uid=CAnFrb2Cvxr5T7quOc +Packet(len=95 orig=1, action=0 skip_reason=0) uid=CPhDKt12KQPUVbQz06 +Packet(len=75 orig=1, action=0 skip_reason=0) uid=CAnFrb2Cvxr5T7quOc +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Analyzer added to uid=C8rquZ3DjgNW06JGLl +Packet(len=95 orig=1, action=0 skip_reason=0) uid=C8rquZ3DjgNW06JGLl +Analyzer added to uid=CzrZOtXqhwwndQva3 +Packet(len=75 orig=1, action=0 skip_reason=0) uid=CzrZOtXqhwwndQva3 +Analyzer added to uid=CaGCc13FffXe6RkQl9 +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CaGCc13FffXe6RkQl9 +Packet(len=95 orig=1, action=0 skip_reason=0) uid=C8rquZ3DjgNW06JGLl +Packet(len=75 orig=1, action=0 skip_reason=0) uid=CzrZOtXqhwwndQva3 +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf +connection_state_remove: C0LAHyvtKSQHyJxIl deliver=2 skip=0 +connection_state_remove: CP5puj4I8PtEU4qzYg deliver=2 skip=0 +connection_state_remove: CNnMIj2QSd84NKf7U3 deliver=2 skip=0 +connection_state_remove: C37jN32gN3y3AZzyf6 deliver=2 skip=0 +connection_state_remove: CmES5u32sYpV7JYN deliver=2 skip=0 +connection_state_remove: CpmdRlaUoJLN3uIRa deliver=2 skip=0 +connection_state_remove: CqlVyW1YwZ15RhTBc4 deliver=2 skip=0 +connection_state_remove: C1Xkzz2MaGtLrc1Tla deliver=2 skip=0 +connection_state_remove: CGLPPc35OzDQij1XX8 deliver=2 skip=0 +connection_state_remove: CBA8792iHmnhPLksKa deliver=2 skip=0 +connection_state_remove: C9mvWx3ezztgzcexV7 deliver=2 skip=0 +connection_state_remove: C9rXSW3KSpTYvPrlI1 deliver=2 skip=0 +connection_state_remove: C7fIlMZDuRiqjpYbb deliver=2 skip=0 +connection_state_remove: CFLRIC3zaTU1loLGxh deliver=2 skip=0 +connection_state_remove: Cipfzj1BEnhejw8cGf deliver=1 skip=0 +connection_state_remove: C4J4Th3PJpwUYZZ6gc deliver=1 skip=0 +connection_state_remove: CtPZjS20MLrsMUOJi2 deliver=3 skip=0 +connection_state_remove: CiyBAq1bBLNaTiTAc deliver=4 skip=3 +connection_state_remove: C3eiCBGOLw3VtHfOj deliver=4 skip=6 +connection_state_remove: CwjjYJ2WqgTbAqiHl6 deliver=4 skip=6 +connection_state_remove: Ck51lg1bScffFj34Ri deliver=4 skip=6 +connection_state_remove: CykQaM33ztNt0csB9a deliver=4 skip=6 +connection_state_remove: CtxTCR2Yer0FR1tIBg deliver=4 skip=6 +connection_state_remove: CLNN1k2QMum1aexUK7 deliver=4 skip=6 +connection_state_remove: CUM0KZ3MLUfNB0cl11 deliver=4 skip=3 +connection_state_remove: CHhAvVGS1DHFjwGM9 deliver=1 skip=0 +connection_state_remove: CV5WJ42jPYbNW9JNWf deliver=7 skip=0 +connection_state_remove: CAnFrb2Cvxr5T7quOc deliver=2 skip=0 +connection_state_remove: CzrZOtXqhwwndQva3 deliver=2 skip=0 +connection_state_remove: CFSwNi4CNGxcuffo49 deliver=1 skip=0 +connection_state_remove: CaGCc13FffXe6RkQl9 deliver=1 skip=0 +connection_state_remove: ClEkJM2Vm5giqnMf4h deliver=1 skip=0 +connection_state_remove: C8rquZ3DjgNW06JGLl deliver=2 skip=0 +connection_state_remove: CPhDKt12KQPUVbQz06 deliver=2 skip=0 +=== diff --git a/testing/btest/Baseline/plugins.tap-analyzer/output b/testing/btest/Baseline/plugins.tap-analyzer/output index c658e4feb7..14c50c7f23 100644 --- a/testing/btest/Baseline/plugins.tap-analyzer/output +++ b/testing/btest/Baseline/plugins.tap-analyzer/output @@ -1,87 +1,90 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. <...>/ip4-tcp-bad-chksum.pcap -Init() uid=HhAvVGS1DHFjwGM9 +Init() uid=CHhAvVGS1DHFjwGM9 Analyzer added to HhAvVGS1DHFjwGM9 -Packet(len=54 orig=1, action=1 skip_reason=2) uid=HhAvVGS1DHFjwGM9 -Done() uid=HhAvVGS1DHFjwGM9 +Packet(len=54 orig=1, action=1 skip_reason=2) uid=CHhAvVGS1DHFjwGM9 +Done() uid=CHhAvVGS1DHFjwGM9 === <...>/ip4-tcp-good-chksum.pcap -Init() uid=HhAvVGS1DHFjwGM9 +Init() uid=CHhAvVGS1DHFjwGM9 Analyzer added to HhAvVGS1DHFjwGM9 -Packet(len=54 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Done() uid=HhAvVGS1DHFjwGM9 +Packet(len=54 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Done() uid=CHhAvVGS1DHFjwGM9 === <...>/ip4-udp-bad-chksum.pcap -Init() uid=HhAvVGS1DHFjwGM9 +Init() uid=CHhAvVGS1DHFjwGM9 Analyzer added to HhAvVGS1DHFjwGM9 -Packet(len=46 orig=1, action=1 skip_reason=2) uid=HhAvVGS1DHFjwGM9 -Done() uid=HhAvVGS1DHFjwGM9 +Packet(len=46 orig=1, action=1 skip_reason=2) uid=CHhAvVGS1DHFjwGM9 +Done() uid=CHhAvVGS1DHFjwGM9 === <...>/ip4-udp-good-chksum.pcap -Init() uid=HhAvVGS1DHFjwGM9 +Init() uid=CHhAvVGS1DHFjwGM9 Analyzer added to HhAvVGS1DHFjwGM9 -Packet(len=46 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Done() uid=HhAvVGS1DHFjwGM9 +Packet(len=46 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Done() uid=CHhAvVGS1DHFjwGM9 === <...>/ip4-icmp-bad-chksum.pcap -Init() uid=HhAvVGS1DHFjwGM9 +Init() uid=CHhAvVGS1DHFjwGM9 Analyzer added to HhAvVGS1DHFjwGM9 -Packet(len=42 orig=1, action=1 skip_reason=2) uid=HhAvVGS1DHFjwGM9 -Done() uid=HhAvVGS1DHFjwGM9 +Packet(len=42 orig=1, action=1 skip_reason=2) uid=CHhAvVGS1DHFjwGM9 +Done() uid=CHhAvVGS1DHFjwGM9 === <...>/ip4-icmp-good-chksum.pcap -Init() uid=HhAvVGS1DHFjwGM9 +Init() uid=CHhAvVGS1DHFjwGM9 Analyzer added to HhAvVGS1DHFjwGM9 -Packet(len=42 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Done() uid=HhAvVGS1DHFjwGM9 +Packet(len=42 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Done() uid=CHhAvVGS1DHFjwGM9 === <...>/ip6-icmp6-bad-chksum.pcap -Init() uid=HhAvVGS1DHFjwGM9 +Init() uid=CHhAvVGS1DHFjwGM9 Analyzer added to HhAvVGS1DHFjwGM9 -Packet(len=69 orig=1, action=1 skip_reason=2) uid=HhAvVGS1DHFjwGM9 -Done() uid=HhAvVGS1DHFjwGM9 +Packet(len=69 orig=1, action=1 skip_reason=2) uid=CHhAvVGS1DHFjwGM9 +Done() uid=CHhAvVGS1DHFjwGM9 === <...>/ip6-icmp6-good-chksum.pcap -Init() uid=HhAvVGS1DHFjwGM9 +Init() uid=CHhAvVGS1DHFjwGM9 Analyzer added to HhAvVGS1DHFjwGM9 -Packet(len=69 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Done() uid=HhAvVGS1DHFjwGM9 +Packet(len=69 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Done() uid=CHhAvVGS1DHFjwGM9 === <...>/get.trace -Init() uid=HhAvVGS1DHFjwGM9 +Init() uid=CHhAvVGS1DHFjwGM9 Analyzer added to HhAvVGS1DHFjwGM9 -Packet(len=78 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=74 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=202 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=1514 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=1514 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=1514 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=729 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Done() uid=HhAvVGS1DHFjwGM9 +Packet(len=78 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=202 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +http_request: uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=729 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Done() uid=CHhAvVGS1DHFjwGM9 === <...>/get.trace -Init() uid=HhAvVGS1DHFjwGM9 +Init() uid=CHhAvVGS1DHFjwGM9 Analyzer added to HhAvVGS1DHFjwGM9 -Packet(len=78 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=74 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=202 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9 -Packet(len=1514 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9 -Packet(len=1514 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9 -Packet(len=1514 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9 -Packet(len=729 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=1, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=1, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=1, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9 -Packet(len=66 orig=1, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9 -Done() uid=HhAvVGS1DHFjwGM9 +Packet(len=78 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=74 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +Packet(len=202 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9 +http_request: uid=CHhAvVGS1DHFjwGM9 +skip_further_processing uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=729 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9 +Done() uid=CHhAvVGS1DHFjwGM9 === diff --git a/testing/btest/plugins/tap-analyzer-conn-val-plugin/.btest-ignore b/testing/btest/plugins/tap-analyzer-conn-val-plugin/.btest-ignore new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/btest/plugins/tap-analyzer-conn-val-plugin/src/Plugin.cc b/testing/btest/plugins/tap-analyzer-conn-val-plugin/src/Plugin.cc new file mode 100644 index 0000000000..4faa92a287 --- /dev/null +++ b/testing/btest/plugins/tap-analyzer-conn-val-plugin/src/Plugin.cc @@ -0,0 +1,74 @@ +#include "Plugin.h" + +#include +#include + +#include "zeek/ID.h" +#include "zeek/Reporter.h" +#include "zeek/analyzer/Analyzer.h" +#include "zeek/analyzer/Manager.h" +#include "zeek/analyzer/protocol/tcp/TCP.h" +#include "zeek/packet_analysis/protocol/ip/SessionAdapter.h" + +namespace { +class MyTapAnalyzer : public zeek::packet_analysis::TapAnalyzer { +public: + MyTapAnalyzer(zeek::Connection* conn) : conn(conn) {} + + void TapPacket(const zeek::Packet& pkt, zeek::packet_analysis::PacketAction action, + const zeek::packet_analysis::SkipReason skip_reason) override { + std::printf("Packet(len=%d orig=%d, action=%d skip_reason=%d) uid=C%s\n", pkt.len, pkt.is_orig, + static_cast(action), static_cast(skip_reason), conn->GetUID().Base62().c_str()); + if ( action == zeek::packet_analysis::PacketAction::Deliver ) + ++deliver; + else if ( action == zeek::packet_analysis::PacketAction::Skip ) + ++skip; + else + zeek::reporter->FatalError("Unknown action %d", static_cast(action)); + } + + void UpdateConnVal(zeek::RecordVal* conn_val) override { + // Set some fields on connection that are added in the zeek script. + static auto tap_deliver_offset = zeek::id::connection->FieldOffset("tap_deliver"); + static auto tap_skip_offset = zeek::id::connection->FieldOffset("tap_skip"); + + conn_val->Assign(tap_deliver_offset, zeek::val_mgr->Count(deliver)); + conn_val->Assign(tap_skip_offset, zeek::val_mgr->Count(skip)); + } + +private: + zeek::Connection* conn = nullptr; + zeek_uint_t deliver = 0; + zeek_uint_t skip = 0; +}; +} // namespace + + +namespace btest::plugin::Demo_TapAnalyzer { + +Plugin plugin; + +zeek::plugin::Configuration Plugin::Configure() { + EnableHook(zeek::plugin::HOOK_SETUP_ANALYZER_TREE); + + zeek::plugin::Configuration config; + config.name = "Demo::TapAnalyzer"; + config.description = "Testing the TapAnalyzer"; + config.version = {1, 0, 0}; + return config; +} + +void Plugin::HookSetupAnalyzerTree(zeek::Connection* conn) { + // Init the uid for GetUID() + conn->GetVal(); + + auto analyzer = std::make_unique(conn); + + auto* adapter = conn->GetSessionAdapter(); + adapter->AddTapAnalyzer(std::move(analyzer)); + + + std::printf("Analyzer added to uid=C%s\n", conn->GetUID().Base62().c_str()); +} + +} // namespace btest::plugin::Demo_TapAnalyzer diff --git a/testing/btest/plugins/tap-analyzer-conn-val-plugin/src/Plugin.h b/testing/btest/plugins/tap-analyzer-conn-val-plugin/src/Plugin.h new file mode 100644 index 0000000000..b25c289db2 --- /dev/null +++ b/testing/btest/plugins/tap-analyzer-conn-val-plugin/src/Plugin.h @@ -0,0 +1,18 @@ + +#pragma once + +#include "zeek/plugin/Plugin.h" + +namespace btest::plugin::Demo_TapAnalyzer { + +class Plugin : public zeek::plugin::Plugin { +protected: + void HookSetupAnalyzerTree(zeek::Connection* conn) override; + + // Overridden from zeek::plugin::Plugin. + zeek::plugin::Configuration Configure() override; +}; + +extern Plugin plugin; + +} // namespace btest::plugin::Demo_TapAnalyzer diff --git a/testing/btest/plugins/tap-analyzer-conn-val.zeek b/testing/btest/plugins/tap-analyzer-conn-val.zeek new file mode 100644 index 0000000000..21ea858ce4 --- /dev/null +++ b/testing/btest/plugins/tap-analyzer-conn-val.zeek @@ -0,0 +1,50 @@ +# @TEST-DOC: A plugin hooking HookSetupAnalyzerTree() to attach a TapAnalyzer to every connection. +# +# @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Demo TapAnalyzer +# @TEST-EXEC: cp -r %DIR/tap-analyzer-conn-val-plugin/* . +# @TEST-EXEC: ./configure --zeek-dist=${DIST} && make +# +# +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT >>output +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT http_skip_further_processing=T >>output +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/wikipedia.trace %INPUT >>output +# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/wikipedia.trace %INPUT http_skip_further_processing=T >>output +# +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output + +@load base/protocols/http + +redef record connection += { + tap_deliver: count &default=0; + tap_skip: count &default=0; +}; + + +event zeek_init() + { + print packet_source()$path; + } + +event zeek_done() + { + print "==="; + } + + +global http_skip_further_processing = F &redef; + +event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string) + { + print fmt("http_request: uid=%s deliver=%s skip=%s", c$uid, c$tap_deliver, c$tap_skip); + + if ( http_skip_further_processing ) + { + print fmt("skip_further_processing uid=%s", c$uid); + skip_further_processing(c$id); + } + } + +event connection_state_remove(c: connection) + { + print fmt("connection_state_remove: %s deliver=%s skip=%s", c$uid, c$tap_deliver, c$tap_skip); + } diff --git a/testing/btest/plugins/tap-analyzer-plugin/src/Plugin.cc b/testing/btest/plugins/tap-analyzer-plugin/src/Plugin.cc index 89d3537945..095bf3d65b 100644 --- a/testing/btest/plugins/tap-analyzer-plugin/src/Plugin.cc +++ b/testing/btest/plugins/tap-analyzer-plugin/src/Plugin.cc @@ -16,13 +16,13 @@ public: void TapPacket(const zeek::Packet& pkt, zeek::packet_analysis::PacketAction action, const zeek::packet_analysis::SkipReason skip_reason) override { - std::printf("Packet(len=%d orig=%d, action=%d skip_reason=%d) uid=%s\n", pkt.len, pkt.is_orig, + std::printf("Packet(len=%d orig=%d, action=%d skip_reason=%d) uid=C%s\n", pkt.len, pkt.is_orig, static_cast(action), static_cast(skip_reason), conn->GetUID().Base62().c_str()); } - void Init() override { std::printf("Init() uid=%s\n", conn->GetUID().Base62().c_str()); } + void Init() override { std::printf("Init() uid=C%s\n", conn->GetUID().Base62().c_str()); } - void Done() override { std::printf("Done() uid=%s\n", conn->GetUID().Base62().c_str()); } + void Done() override { std::printf("Done() uid=C%s\n", conn->GetUID().Base62().c_str()); } private: zeek::Connection* conn = nullptr; diff --git a/testing/btest/plugins/tap-analyzer.zeek b/testing/btest/plugins/tap-analyzer.zeek index 2887780a8b..50343c2c76 100644 --- a/testing/btest/plugins/tap-analyzer.zeek +++ b/testing/btest/plugins/tap-analyzer.zeek @@ -36,6 +36,11 @@ global http_skip_further_processing = F &redef; event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string) { + print fmt("http_request: uid=%s", c$uid); + if ( http_skip_further_processing ) + { + print fmt("skip_further_processing uid=%s", c$uid); skip_further_processing(c$id); + } }