Merge remote-tracking branch 'origin/topic/awelzel/tap-analyzer-take-four-thanks-clang-tidy'

* origin/topic/awelzel/tap-analyzer-take-four-thanks-clang-tidy: btest/tap-analyzer: Update existing test and add new one for UpdateConnVal() SessionAdapter: Keep tap_analyzers until destruction tcp,udp,icmp adapters: Move TapPacket() to earlier tcp,udp,icmp adapters: Fix UpdateConnVal() superclass call
2025-10-02 14:48:21 +00:00 · 2025-08-07 10:48:40 +02:00 · 2025-08-07 10:48:40 +02:00 · bd9130a69a
commit bd9130a69a
parent 2f2f328a72 f98508bbb0
17 changed files with 713 additions and 77 deletions
--- a/27
+++ b/27
@ -1,3 +1,30 @@
 8.1.0-dev.19 | 2025-08-07 10:48:40 +0200
  * btest/tap-analyzer: Update existing test and add new one for UpdateConnVal() (Arne Welzel, Corelight)
    This also changes the output of connection UIDs from the tap analyzer to be
    prefixed with C for easier correlation with other logs.
  * SessionAdapter: Keep tap_analyzers until destruction (Arne Welzel, Corelight)
    connection_state_remove() is invoked after Done(), so it's not a good
    idea to remove the tap analyzers before in case they have up-to-date
    information for the connection val.
  * tcp,udp,icmp adapters: Move TapPacket() to earlier (Arne Welzel, Corelight)
    Writing a test, the packet was tapped after protocol analysis at least
    for TCP. Ensure tapping happens before. The adapter->Process() moving
    after pkt->session made me a bit wondering if things are underspecified
    here, but seems reasonable to set the session on pkt before adapter->Process().
  * tcp,udp,icmp adapters: Fix UpdateConnVal() superclass call (Arne Welzel, Corelight)
    Now that SessionAdapter implements UpdateConnVal(), the individual
    adapters need to call that instead of Analyzer::UpdateConnVal()
    Thanks clang-tidy.
 8.1.0-dev.14 | 2025-08-06 14:37:50 +0100
  * Add proto to analyzer.log (Johanna Amann, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-8.1.0-dev.14
+8.1.0-dev.19
--- a/src/packet_analysis/protocol/icmp/ICMP.cc
+++ b/src/packet_analysis/protocol/icmp/ICMP.cc
@ -112,11 +112,11 @@ void ICMPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int rema
    // handling those properly.
    pkt->session = c;
-    ForwardPacket(std::min(len, remaining), data, pkt);
+    // Tap the packet before processing/forwarding.
    // Tap the packet before sending it to protocol analysis.
    adapter->TapPacket(pkt);
    ForwardPacket(std::min(len, remaining), data, pkt);
    if ( remaining >= len )
        adapter->ForwardPacket(len, data, is_orig, -1, ip.get(), remaining);
--- a/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc
+++ b/src/packet_analysis/protocol/icmp/ICMPSessionAdapter.cc
@ -32,7 +32,7 @@ void ICMPSessionAdapter::UpdateConnVal(zeek::RecordVal* conn_val) {
    UpdateEndpointVal(orig_endp_val, true);
    UpdateEndpointVal(resp_endp_val, false);
-    analyzer::Analyzer::UpdateConnVal(conn_val);
+    SessionAdapter::UpdateConnVal(conn_val);
 }
 void ICMPSessionAdapter::UpdateEndpointVal(RecordVal* endp, bool is_orig) {
--- a/src/packet_analysis/protocol/ip/SessionAdapter.cc
+++ b/src/packet_analysis/protocol/ip/SessionAdapter.cc
@ -12,9 +12,6 @@ void SessionAdapter::Done() {
    Analyzer::Done();
    for ( const auto& ta : tap_analyzers )
        ta->Done();
    // Ensure no more TapPacket() calls after Done() on TapAnalyzer instances.
    tap_analyzers.clear();
 }
 bool SessionAdapter::IsReuse(double t, const u_char* pkt) { return parent->IsReuse(t, pkt); }
--- a/src/packet_analysis/protocol/tcp/TCP.cc
+++ b/src/packet_analysis/protocol/tcp/TCP.cc
@ -103,18 +103,18 @@ void TCPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int remai
        return;
    }
    adapter->Process(is_orig, tp, len, ip, data, remaining);
    // Store the session in the packet in case we get an encapsulation here. We need it for
    // handling those properly.
    pkt->session = c;
    // Tap the packet before processing/forwarding.
    adapter->TapPacket(pkt);
    adapter->Process(is_orig, tp, len, ip, data, remaining);
    // Send the packet back into the packet analysis framework.
    ForwardPacket(std::min(len, remaining), data, pkt);
    // Tap the packet before sending it to session analysis.
    adapter->TapPacket(pkt);
    // Call DeliverPacket on the adapter directly here. Normally we'd call ForwardPacket
    // but this adapter does some other things in its DeliverPacket with the packet children
    // analyzers.
--- a/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
+++ b/src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
@ -1044,7 +1044,7 @@ void TCPSessionAdapter::UpdateConnVal(RecordVal* conn_val) {
    resp_endp_val->Assign(1, resp->state);
    // Call children's UpdateConnVal
-    Analyzer::UpdateConnVal(conn_val);
+    SessionAdapter::UpdateConnVal(conn_val);
    // Have to do packet_children ourselves.
    for ( Analyzer* a : packet_children )
--- a/src/packet_analysis/protocol/udp/UDP.cc
+++ b/src/packet_analysis/protocol/udp/UDP.cc
@ -190,15 +190,15 @@ void UDPAnalyzer::DeliverPacket(Connection* c, double t, bool is_orig, int remai
    // handling those properly.
    pkt->session = c;
    // Tap the packet before processing/forwarding.
    adapter->TapPacket(pkt);
    // Send the packet back into the packet analysis framework. We only check the response
    // port here because the orig/resp should have already swapped around based on
    // likely_server_ports. This also prevents us from processing things twice if protocol
    // detection has to be used.
    ForwardPacket(std::min(len, remaining), data, pkt, ntohs(c->RespPort()));
    // Tap the packet before sending it to session analysis.
    adapter->TapPacket(pkt);
    // Forward any data through session-analysis, too.
    adapter->ForwardPacket(std::min(len, remaining), data, is_orig, -1, ip.get(), pkt->cap_len);
 }
--- a/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc
+++ b/src/packet_analysis/protocol/udp/UDPSessionAdapter.cc
@ -33,7 +33,7 @@ void UDPSessionAdapter::UpdateConnVal(RecordVal* conn_val) {
    UpdateEndpointVal(resp_endp_val, false);
    // Call children's UpdateConnVal
-    Analyzer::UpdateConnVal(conn_val);
+    SessionAdapter::UpdateConnVal(conn_val);
 }
 void UDPSessionAdapter::UpdateEndpointVal(RecordVal* endp, bool is_orig) {
--- a/testing/btest/Baseline/plugins.tap-analyzer-conn-val/output
+++ b/testing/btest/Baseline/plugins.tap-analyzer-conn-val/output
@ -0,0 +1,462 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 <...>/get.trace
 Analyzer added to uid=CHhAvVGS1DHFjwGM9
 Packet(len=78 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=202 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 http_request: uid=CHhAvVGS1DHFjwGM9 deliver=4 skip=0
 Packet(len=66 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=729 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 connection_state_remove: CHhAvVGS1DHFjwGM9 deliver=14 skip=0
 ===
 <...>/get.trace
 Analyzer added to uid=CHhAvVGS1DHFjwGM9
 Packet(len=78 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Packet(len=202 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 http_request: uid=CHhAvVGS1DHFjwGM9 deliver=4 skip=0
 skip_further_processing uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Packet(len=729 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 connection_state_remove: CHhAvVGS1DHFjwGM9 deliver=4 skip=10
 ===
 <...>/wikipedia.trace
 Analyzer added to uid=CHhAvVGS1DHFjwGM9
 Packet(len=87 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Analyzer added to uid=ClEkJM2Vm5giqnMf4h
 Packet(len=213 orig=1, action=0 skip_reason=0) uid=ClEkJM2Vm5giqnMf4h
 Analyzer added to uid=C4J4Th3PJpwUYZZ6gc
 Packet(len=193 orig=1, action=0 skip_reason=0) uid=C4J4Th3PJpwUYZZ6gc
 Analyzer added to uid=CtPZjS20MLrsMUOJi2
 Packet(len=529 orig=1, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2
 Packet(len=416 orig=0, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2
 Analyzer added to uid=CUM0KZ3MLUfNB0cl11
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 Packet(len=591 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 http_request: uid=CUM0KZ3MLUfNB0cl11 deliver=4 skip=0
 Packet(len=66 orig=0, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 Packet(len=298 orig=0, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 Analyzer added to uid=CmES5u32sYpV7JYN
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=CmES5u32sYpV7JYN
 Packet(len=131 orig=0, action=0 skip_reason=0) uid=CmES5u32sYpV7JYN
 Analyzer added to uid=CP5puj4I8PtEU4qzYg
 Packet(len=94 orig=1, action=0 skip_reason=0) uid=CP5puj4I8PtEU4qzYg
 Packet(len=141 orig=0, action=0 skip_reason=0) uid=CP5puj4I8PtEU4qzYg
 Analyzer added to uid=C37jN32gN3y3AZzyf6
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=C37jN32gN3y3AZzyf6
 Packet(len=225 orig=0, action=0 skip_reason=0) uid=C37jN32gN3y3AZzyf6
 Analyzer added to uid=C3eiCBGOLw3VtHfOj
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Analyzer added to uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Analyzer added to uid=C0LAHyvtKSQHyJxIl
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=C0LAHyvtKSQHyJxIl
 Packet(len=131 orig=0, action=0 skip_reason=0) uid=C0LAHyvtKSQHyJxIl
 Analyzer added to uid=CFLRIC3zaTU1loLGxh
 Packet(len=94 orig=1, action=0 skip_reason=0) uid=CFLRIC3zaTU1loLGxh
 Packet(len=141 orig=0, action=0 skip_reason=0) uid=CFLRIC3zaTU1loLGxh
 Analyzer added to uid=C9rXSW3KSpTYvPrlI1
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=C9rXSW3KSpTYvPrlI1
 Packet(len=225 orig=0, action=0 skip_reason=0) uid=C9rXSW3KSpTYvPrlI1
 Analyzer added to uid=Ck51lg1bScffFj34Ri
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Analyzer added to uid=C9mvWx3ezztgzcexV7
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=C9mvWx3ezztgzcexV7
 Packet(len=131 orig=0, action=0 skip_reason=0) uid=C9mvWx3ezztgzcexV7
 Analyzer added to uid=CNnMIj2QSd84NKf7U3
 Packet(len=94 orig=1, action=0 skip_reason=0) uid=CNnMIj2QSd84NKf7U3
 Packet(len=141 orig=0, action=0 skip_reason=0) uid=CNnMIj2QSd84NKf7U3
 Analyzer added to uid=C7fIlMZDuRiqjpYbb
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=C7fIlMZDuRiqjpYbb
 Packet(len=225 orig=0, action=0 skip_reason=0) uid=C7fIlMZDuRiqjpYbb
 Analyzer added to uid=CykQaM33ztNt0csB9a
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Analyzer added to uid=CtxTCR2Yer0FR1tIBg
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Analyzer added to uid=CpmdRlaUoJLN3uIRa
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=CpmdRlaUoJLN3uIRa
 Packet(len=131 orig=0, action=0 skip_reason=0) uid=CpmdRlaUoJLN3uIRa
 Analyzer added to uid=C1Xkzz2MaGtLrc1Tla
 Packet(len=94 orig=1, action=0 skip_reason=0) uid=C1Xkzz2MaGtLrc1Tla
 Packet(len=141 orig=0, action=0 skip_reason=0) uid=C1Xkzz2MaGtLrc1Tla
 Analyzer added to uid=CqlVyW1YwZ15RhTBc4
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=CqlVyW1YwZ15RhTBc4
 Packet(len=225 orig=0, action=0 skip_reason=0) uid=CqlVyW1YwZ15RhTBc4
 Analyzer added to uid=CLNN1k2QMum1aexUK7
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Analyzer added to uid=CBA8792iHmnhPLksKa
 Packet(len=78 orig=1, action=0 skip_reason=0) uid=CBA8792iHmnhPLksKa
 Packet(len=173 orig=0, action=0 skip_reason=0) uid=CBA8792iHmnhPLksKa
 Analyzer added to uid=CGLPPc35OzDQij1XX8
 Packet(len=78 orig=1, action=0 skip_reason=0) uid=CGLPPc35OzDQij1XX8
 Packet(len=240 orig=0, action=0 skip_reason=0) uid=CGLPPc35OzDQij1XX8
 Analyzer added to uid=CiyBAq1bBLNaTiTAc
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=612 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 http_request: uid=CwjjYJ2WqgTbAqiHl6 deliver=4 skip=0
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Packet(len=654 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 http_request: uid=C3eiCBGOLw3VtHfOj deliver=4 skip=0
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Packet(len=615 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 http_request: uid=Ck51lg1bScffFj34Ri deliver=4 skip=0
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Packet(len=620 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 http_request: uid=CykQaM33ztNt0csB9a deliver=4 skip=0
 Packet(len=639 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 http_request: uid=CtxTCR2Yer0FR1tIBg deliver=4 skip=0
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Packet(len=645 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 http_request: uid=CLNN1k2QMum1aexUK7 deliver=4 skip=0
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 Packet(len=600 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 http_request: uid=CiyBAq1bBLNaTiTAc deliver=4 skip=0
 Packet(len=66 orig=0, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=66 orig=0, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Packet(len=433 orig=0, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=645 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 http_request: uid=CwjjYJ2WqgTbAqiHl6 deliver=8 skip=0
 Packet(len=432 orig=0, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Packet(len=649 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 http_request: uid=C3eiCBGOLw3VtHfOj deliver=8 skip=0
 Packet(len=66 orig=0, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Packet(len=433 orig=0, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Packet(len=647 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 http_request: uid=Ck51lg1bScffFj34Ri deliver=8 skip=0
 Packet(len=66 orig=0, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=0, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=433 orig=0, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=433 orig=0, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=0, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Packet(len=649 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 http_request: uid=CykQaM33ztNt0csB9a deliver=8 skip=0
 Packet(len=641 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 http_request: uid=CtxTCR2Yer0FR1tIBg deliver=8 skip=0
 Packet(len=433 orig=0, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Packet(len=665 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 http_request: uid=CLNN1k2QMum1aexUK7 deliver=8 skip=0
 Packet(len=66 orig=0, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 Packet(len=478 orig=0, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 Packet(len=433 orig=0, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=433 orig=0, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Packet(len=433 orig=0, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Packet(len=433 orig=0, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=432 orig=0, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Packet(len=433 orig=0, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Analyzer added to uid=CFSwNi4CNGxcuffo49
 Packet(len=62 orig=0, action=0 skip_reason=0) uid=CFSwNi4CNGxcuffo49
 Analyzer added to uid=Cipfzj1BEnhejw8cGf
 Packet(len=99 orig=1, action=0 skip_reason=0) uid=Cipfzj1BEnhejw8cGf
 Analyzer added to uid=CV5WJ42jPYbNW9JNWf
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Analyzer added to uid=CPhDKt12KQPUVbQz06
 Packet(len=95 orig=1, action=0 skip_reason=0) uid=CPhDKt12KQPUVbQz06
 Analyzer added to uid=CAnFrb2Cvxr5T7quOc
 Packet(len=75 orig=1, action=0 skip_reason=0) uid=CAnFrb2Cvxr5T7quOc
 Packet(len=95 orig=1, action=0 skip_reason=0) uid=CPhDKt12KQPUVbQz06
 Packet(len=75 orig=1, action=0 skip_reason=0) uid=CAnFrb2Cvxr5T7quOc
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Analyzer added to uid=C8rquZ3DjgNW06JGLl
 Packet(len=95 orig=1, action=0 skip_reason=0) uid=C8rquZ3DjgNW06JGLl
 Analyzer added to uid=CzrZOtXqhwwndQva3
 Packet(len=75 orig=1, action=0 skip_reason=0) uid=CzrZOtXqhwwndQva3
 Analyzer added to uid=CaGCc13FffXe6RkQl9
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CaGCc13FffXe6RkQl9
 Packet(len=95 orig=1, action=0 skip_reason=0) uid=C8rquZ3DjgNW06JGLl
 Packet(len=75 orig=1, action=0 skip_reason=0) uid=CzrZOtXqhwwndQva3
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 connection_state_remove: C0LAHyvtKSQHyJxIl deliver=2 skip=0
 connection_state_remove: CP5puj4I8PtEU4qzYg deliver=2 skip=0
 connection_state_remove: CNnMIj2QSd84NKf7U3 deliver=2 skip=0
 connection_state_remove: C37jN32gN3y3AZzyf6 deliver=2 skip=0
 connection_state_remove: CmES5u32sYpV7JYN deliver=2 skip=0
 connection_state_remove: CpmdRlaUoJLN3uIRa deliver=2 skip=0
 connection_state_remove: CqlVyW1YwZ15RhTBc4 deliver=2 skip=0
 connection_state_remove: C1Xkzz2MaGtLrc1Tla deliver=2 skip=0
 connection_state_remove: CGLPPc35OzDQij1XX8 deliver=2 skip=0
 connection_state_remove: CBA8792iHmnhPLksKa deliver=2 skip=0
 connection_state_remove: C9mvWx3ezztgzcexV7 deliver=2 skip=0
 connection_state_remove: C9rXSW3KSpTYvPrlI1 deliver=2 skip=0
 connection_state_remove: C7fIlMZDuRiqjpYbb deliver=2 skip=0
 connection_state_remove: CFLRIC3zaTU1loLGxh deliver=2 skip=0
 connection_state_remove: Cipfzj1BEnhejw8cGf deliver=1 skip=0
 connection_state_remove: C4J4Th3PJpwUYZZ6gc deliver=1 skip=0
 connection_state_remove: CtPZjS20MLrsMUOJi2 deliver=3 skip=0
 connection_state_remove: CiyBAq1bBLNaTiTAc deliver=7 skip=0
 connection_state_remove: C3eiCBGOLw3VtHfOj deliver=10 skip=0
 connection_state_remove: CwjjYJ2WqgTbAqiHl6 deliver=10 skip=0
 connection_state_remove: Ck51lg1bScffFj34Ri deliver=10 skip=0
 connection_state_remove: CykQaM33ztNt0csB9a deliver=10 skip=0
 connection_state_remove: CtxTCR2Yer0FR1tIBg deliver=10 skip=0
 connection_state_remove: CLNN1k2QMum1aexUK7 deliver=10 skip=0
 connection_state_remove: CUM0KZ3MLUfNB0cl11 deliver=7 skip=0
 connection_state_remove: CHhAvVGS1DHFjwGM9 deliver=1 skip=0
 connection_state_remove: CV5WJ42jPYbNW9JNWf deliver=7 skip=0
 connection_state_remove: CAnFrb2Cvxr5T7quOc deliver=2 skip=0
 connection_state_remove: CzrZOtXqhwwndQva3 deliver=2 skip=0
 connection_state_remove: CFSwNi4CNGxcuffo49 deliver=1 skip=0
 connection_state_remove: CaGCc13FffXe6RkQl9 deliver=1 skip=0
 connection_state_remove: ClEkJM2Vm5giqnMf4h deliver=1 skip=0
 connection_state_remove: C8rquZ3DjgNW06JGLl deliver=2 skip=0
 connection_state_remove: CPhDKt12KQPUVbQz06 deliver=2 skip=0
 ===
 <...>/wikipedia.trace
 Analyzer added to uid=CHhAvVGS1DHFjwGM9
 Packet(len=87 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Analyzer added to uid=ClEkJM2Vm5giqnMf4h
 Packet(len=213 orig=1, action=0 skip_reason=0) uid=ClEkJM2Vm5giqnMf4h
 Analyzer added to uid=C4J4Th3PJpwUYZZ6gc
 Packet(len=193 orig=1, action=0 skip_reason=0) uid=C4J4Th3PJpwUYZZ6gc
 Analyzer added to uid=CtPZjS20MLrsMUOJi2
 Packet(len=529 orig=1, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2
 Packet(len=416 orig=0, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtPZjS20MLrsMUOJi2
 Analyzer added to uid=CUM0KZ3MLUfNB0cl11
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 Packet(len=591 orig=1, action=0 skip_reason=0) uid=CUM0KZ3MLUfNB0cl11
 http_request: uid=CUM0KZ3MLUfNB0cl11 deliver=4 skip=0
 skip_further_processing uid=CUM0KZ3MLUfNB0cl11
 Packet(len=66 orig=0, action=1 skip_reason=4) uid=CUM0KZ3MLUfNB0cl11
 Packet(len=298 orig=0, action=1 skip_reason=4) uid=CUM0KZ3MLUfNB0cl11
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CUM0KZ3MLUfNB0cl11
 Analyzer added to uid=CmES5u32sYpV7JYN
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=CmES5u32sYpV7JYN
 Packet(len=131 orig=0, action=0 skip_reason=0) uid=CmES5u32sYpV7JYN
 Analyzer added to uid=CP5puj4I8PtEU4qzYg
 Packet(len=94 orig=1, action=0 skip_reason=0) uid=CP5puj4I8PtEU4qzYg
 Packet(len=141 orig=0, action=0 skip_reason=0) uid=CP5puj4I8PtEU4qzYg
 Analyzer added to uid=C37jN32gN3y3AZzyf6
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=C37jN32gN3y3AZzyf6
 Packet(len=225 orig=0, action=0 skip_reason=0) uid=C37jN32gN3y3AZzyf6
 Analyzer added to uid=C3eiCBGOLw3VtHfOj
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Analyzer added to uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Analyzer added to uid=C0LAHyvtKSQHyJxIl
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=C0LAHyvtKSQHyJxIl
 Packet(len=131 orig=0, action=0 skip_reason=0) uid=C0LAHyvtKSQHyJxIl
 Analyzer added to uid=CFLRIC3zaTU1loLGxh
 Packet(len=94 orig=1, action=0 skip_reason=0) uid=CFLRIC3zaTU1loLGxh
 Packet(len=141 orig=0, action=0 skip_reason=0) uid=CFLRIC3zaTU1loLGxh
 Analyzer added to uid=C9rXSW3KSpTYvPrlI1
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=C9rXSW3KSpTYvPrlI1
 Packet(len=225 orig=0, action=0 skip_reason=0) uid=C9rXSW3KSpTYvPrlI1
 Analyzer added to uid=Ck51lg1bScffFj34Ri
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Analyzer added to uid=C9mvWx3ezztgzcexV7
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=C9mvWx3ezztgzcexV7
 Packet(len=131 orig=0, action=0 skip_reason=0) uid=C9mvWx3ezztgzcexV7
 Analyzer added to uid=CNnMIj2QSd84NKf7U3
 Packet(len=94 orig=1, action=0 skip_reason=0) uid=CNnMIj2QSd84NKf7U3
 Packet(len=141 orig=0, action=0 skip_reason=0) uid=CNnMIj2QSd84NKf7U3
 Analyzer added to uid=C7fIlMZDuRiqjpYbb
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=C7fIlMZDuRiqjpYbb
 Packet(len=225 orig=0, action=0 skip_reason=0) uid=C7fIlMZDuRiqjpYbb
 Analyzer added to uid=CykQaM33ztNt0csB9a
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Analyzer added to uid=CtxTCR2Yer0FR1tIBg
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Analyzer added to uid=CpmdRlaUoJLN3uIRa
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=CpmdRlaUoJLN3uIRa
 Packet(len=131 orig=0, action=0 skip_reason=0) uid=CpmdRlaUoJLN3uIRa
 Analyzer added to uid=C1Xkzz2MaGtLrc1Tla
 Packet(len=94 orig=1, action=0 skip_reason=0) uid=C1Xkzz2MaGtLrc1Tla
 Packet(len=141 orig=0, action=0 skip_reason=0) uid=C1Xkzz2MaGtLrc1Tla
 Analyzer added to uid=CqlVyW1YwZ15RhTBc4
 Packet(len=80 orig=1, action=0 skip_reason=0) uid=CqlVyW1YwZ15RhTBc4
 Packet(len=225 orig=0, action=0 skip_reason=0) uid=CqlVyW1YwZ15RhTBc4
 Analyzer added to uid=CLNN1k2QMum1aexUK7
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Analyzer added to uid=CBA8792iHmnhPLksKa
 Packet(len=78 orig=1, action=0 skip_reason=0) uid=CBA8792iHmnhPLksKa
 Packet(len=173 orig=0, action=0 skip_reason=0) uid=CBA8792iHmnhPLksKa
 Analyzer added to uid=CGLPPc35OzDQij1XX8
 Packet(len=78 orig=1, action=0 skip_reason=0) uid=CGLPPc35OzDQij1XX8
 Packet(len=240 orig=0, action=0 skip_reason=0) uid=CGLPPc35OzDQij1XX8
 Analyzer added to uid=CiyBAq1bBLNaTiTAc
 Packet(len=74 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=612 orig=1, action=0 skip_reason=0) uid=CwjjYJ2WqgTbAqiHl6
 http_request: uid=CwjjYJ2WqgTbAqiHl6 deliver=4 skip=0
 skip_further_processing uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 Packet(len=654 orig=1, action=0 skip_reason=0) uid=C3eiCBGOLw3VtHfOj
 http_request: uid=C3eiCBGOLw3VtHfOj deliver=4 skip=0
 skip_further_processing uid=C3eiCBGOLw3VtHfOj
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 Packet(len=615 orig=1, action=0 skip_reason=0) uid=Ck51lg1bScffFj34Ri
 http_request: uid=Ck51lg1bScffFj34Ri deliver=4 skip=0
 skip_further_processing uid=Ck51lg1bScffFj34Ri
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 Packet(len=620 orig=1, action=0 skip_reason=0) uid=CykQaM33ztNt0csB9a
 http_request: uid=CykQaM33ztNt0csB9a deliver=4 skip=0
 skip_further_processing uid=CykQaM33ztNt0csB9a
 Packet(len=639 orig=1, action=0 skip_reason=0) uid=CtxTCR2Yer0FR1tIBg
 http_request: uid=CtxTCR2Yer0FR1tIBg deliver=4 skip=0
 skip_further_processing uid=CtxTCR2Yer0FR1tIBg
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 Packet(len=645 orig=1, action=0 skip_reason=0) uid=CLNN1k2QMum1aexUK7
 http_request: uid=CLNN1k2QMum1aexUK7 deliver=4 skip=0
 skip_further_processing uid=CLNN1k2QMum1aexUK7
 Packet(len=74 orig=0, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 Packet(len=66 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 Packet(len=600 orig=1, action=0 skip_reason=0) uid=CiyBAq1bBLNaTiTAc
 http_request: uid=CiyBAq1bBLNaTiTAc deliver=4 skip=0
 skip_further_processing uid=CiyBAq1bBLNaTiTAc
 Packet(len=66 orig=0, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=66 orig=0, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj
 Packet(len=433 orig=0, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=645 orig=1, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=432 orig=0, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj
 Packet(len=649 orig=1, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj
 Packet(len=66 orig=0, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri
 Packet(len=433 orig=0, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri
 Packet(len=647 orig=1, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri
 Packet(len=66 orig=0, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=0, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=433 orig=0, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=433 orig=0, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=0, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7
 Packet(len=649 orig=1, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a
 Packet(len=641 orig=1, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=433 orig=0, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7
 Packet(len=665 orig=1, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7
 Packet(len=66 orig=0, action=1 skip_reason=4) uid=CiyBAq1bBLNaTiTAc
 Packet(len=478 orig=0, action=1 skip_reason=4) uid=CiyBAq1bBLNaTiTAc
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CiyBAq1bBLNaTiTAc
 Packet(len=433 orig=0, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=433 orig=0, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj
 Packet(len=433 orig=0, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=C3eiCBGOLw3VtHfOj
 Packet(len=433 orig=0, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=432 orig=0, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CwjjYJ2WqgTbAqiHl6
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=Ck51lg1bScffFj34Ri
 Packet(len=433 orig=0, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CykQaM33ztNt0csB9a
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CtxTCR2Yer0FR1tIBg
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CLNN1k2QMum1aexUK7
 Analyzer added to uid=CFSwNi4CNGxcuffo49
 Packet(len=62 orig=0, action=0 skip_reason=0) uid=CFSwNi4CNGxcuffo49
 Analyzer added to uid=Cipfzj1BEnhejw8cGf
 Packet(len=99 orig=1, action=0 skip_reason=0) uid=Cipfzj1BEnhejw8cGf
 Analyzer added to uid=CV5WJ42jPYbNW9JNWf
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Analyzer added to uid=CPhDKt12KQPUVbQz06
 Packet(len=95 orig=1, action=0 skip_reason=0) uid=CPhDKt12KQPUVbQz06
 Analyzer added to uid=CAnFrb2Cvxr5T7quOc
 Packet(len=75 orig=1, action=0 skip_reason=0) uid=CAnFrb2Cvxr5T7quOc
 Packet(len=95 orig=1, action=0 skip_reason=0) uid=CPhDKt12KQPUVbQz06
 Packet(len=75 orig=1, action=0 skip_reason=0) uid=CAnFrb2Cvxr5T7quOc
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Analyzer added to uid=C8rquZ3DjgNW06JGLl
 Packet(len=95 orig=1, action=0 skip_reason=0) uid=C8rquZ3DjgNW06JGLl
 Analyzer added to uid=CzrZOtXqhwwndQva3
 Packet(len=75 orig=1, action=0 skip_reason=0) uid=CzrZOtXqhwwndQva3
 Analyzer added to uid=CaGCc13FffXe6RkQl9
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CaGCc13FffXe6RkQl9
 Packet(len=95 orig=1, action=0 skip_reason=0) uid=C8rquZ3DjgNW06JGLl
 Packet(len=75 orig=1, action=0 skip_reason=0) uid=CzrZOtXqhwwndQva3
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 Packet(len=92 orig=1, action=0 skip_reason=0) uid=CV5WJ42jPYbNW9JNWf
 connection_state_remove: C0LAHyvtKSQHyJxIl deliver=2 skip=0
 connection_state_remove: CP5puj4I8PtEU4qzYg deliver=2 skip=0
 connection_state_remove: CNnMIj2QSd84NKf7U3 deliver=2 skip=0
 connection_state_remove: C37jN32gN3y3AZzyf6 deliver=2 skip=0
 connection_state_remove: CmES5u32sYpV7JYN deliver=2 skip=0
 connection_state_remove: CpmdRlaUoJLN3uIRa deliver=2 skip=0
 connection_state_remove: CqlVyW1YwZ15RhTBc4 deliver=2 skip=0
 connection_state_remove: C1Xkzz2MaGtLrc1Tla deliver=2 skip=0
 connection_state_remove: CGLPPc35OzDQij1XX8 deliver=2 skip=0
 connection_state_remove: CBA8792iHmnhPLksKa deliver=2 skip=0
 connection_state_remove: C9mvWx3ezztgzcexV7 deliver=2 skip=0
 connection_state_remove: C9rXSW3KSpTYvPrlI1 deliver=2 skip=0
 connection_state_remove: C7fIlMZDuRiqjpYbb deliver=2 skip=0
 connection_state_remove: CFLRIC3zaTU1loLGxh deliver=2 skip=0
 connection_state_remove: Cipfzj1BEnhejw8cGf deliver=1 skip=0
 connection_state_remove: C4J4Th3PJpwUYZZ6gc deliver=1 skip=0
 connection_state_remove: CtPZjS20MLrsMUOJi2 deliver=3 skip=0
 connection_state_remove: CiyBAq1bBLNaTiTAc deliver=4 skip=3
 connection_state_remove: C3eiCBGOLw3VtHfOj deliver=4 skip=6
 connection_state_remove: CwjjYJ2WqgTbAqiHl6 deliver=4 skip=6
 connection_state_remove: Ck51lg1bScffFj34Ri deliver=4 skip=6
 connection_state_remove: CykQaM33ztNt0csB9a deliver=4 skip=6
 connection_state_remove: CtxTCR2Yer0FR1tIBg deliver=4 skip=6
 connection_state_remove: CLNN1k2QMum1aexUK7 deliver=4 skip=6
 connection_state_remove: CUM0KZ3MLUfNB0cl11 deliver=4 skip=3
 connection_state_remove: CHhAvVGS1DHFjwGM9 deliver=1 skip=0
 connection_state_remove: CV5WJ42jPYbNW9JNWf deliver=7 skip=0
 connection_state_remove: CAnFrb2Cvxr5T7quOc deliver=2 skip=0
 connection_state_remove: CzrZOtXqhwwndQva3 deliver=2 skip=0
 connection_state_remove: CFSwNi4CNGxcuffo49 deliver=1 skip=0
 connection_state_remove: CaGCc13FffXe6RkQl9 deliver=1 skip=0
 connection_state_remove: ClEkJM2Vm5giqnMf4h deliver=1 skip=0
 connection_state_remove: C8rquZ3DjgNW06JGLl deliver=2 skip=0
 connection_state_remove: CPhDKt12KQPUVbQz06 deliver=2 skip=0
 ===
--- a/testing/btest/Baseline/plugins.tap-analyzer/output
+++ b/testing/btest/Baseline/plugins.tap-analyzer/output
@ -1,87 +1,90 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 <...>/ip4-tcp-bad-chksum.pcap
-Init() uid=HhAvVGS1DHFjwGM9
+Init() uid=CHhAvVGS1DHFjwGM9
 Analyzer added to HhAvVGS1DHFjwGM9
-Packet(len=54 orig=1, action=1 skip_reason=2) uid=HhAvVGS1DHFjwGM9
+Packet(len=54 orig=1, action=1 skip_reason=2) uid=CHhAvVGS1DHFjwGM9
-Done() uid=HhAvVGS1DHFjwGM9
+Done() uid=CHhAvVGS1DHFjwGM9
 ===
 <...>/ip4-tcp-good-chksum.pcap
-Init() uid=HhAvVGS1DHFjwGM9
+Init() uid=CHhAvVGS1DHFjwGM9
 Analyzer added to HhAvVGS1DHFjwGM9
-Packet(len=54 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=54 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Done() uid=HhAvVGS1DHFjwGM9
+Done() uid=CHhAvVGS1DHFjwGM9
 ===
 <...>/ip4-udp-bad-chksum.pcap
-Init() uid=HhAvVGS1DHFjwGM9
+Init() uid=CHhAvVGS1DHFjwGM9
 Analyzer added to HhAvVGS1DHFjwGM9
-Packet(len=46 orig=1, action=1 skip_reason=2) uid=HhAvVGS1DHFjwGM9
+Packet(len=46 orig=1, action=1 skip_reason=2) uid=CHhAvVGS1DHFjwGM9
-Done() uid=HhAvVGS1DHFjwGM9
+Done() uid=CHhAvVGS1DHFjwGM9
 ===
 <...>/ip4-udp-good-chksum.pcap
-Init() uid=HhAvVGS1DHFjwGM9
+Init() uid=CHhAvVGS1DHFjwGM9
 Analyzer added to HhAvVGS1DHFjwGM9
-Packet(len=46 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=46 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Done() uid=HhAvVGS1DHFjwGM9
+Done() uid=CHhAvVGS1DHFjwGM9
 ===
 <...>/ip4-icmp-bad-chksum.pcap
-Init() uid=HhAvVGS1DHFjwGM9
+Init() uid=CHhAvVGS1DHFjwGM9
 Analyzer added to HhAvVGS1DHFjwGM9
-Packet(len=42 orig=1, action=1 skip_reason=2) uid=HhAvVGS1DHFjwGM9
+Packet(len=42 orig=1, action=1 skip_reason=2) uid=CHhAvVGS1DHFjwGM9
-Done() uid=HhAvVGS1DHFjwGM9
+Done() uid=CHhAvVGS1DHFjwGM9
 ===
 <...>/ip4-icmp-good-chksum.pcap
-Init() uid=HhAvVGS1DHFjwGM9
+Init() uid=CHhAvVGS1DHFjwGM9
 Analyzer added to HhAvVGS1DHFjwGM9
-Packet(len=42 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=42 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Done() uid=HhAvVGS1DHFjwGM9
+Done() uid=CHhAvVGS1DHFjwGM9
 ===
 <...>/ip6-icmp6-bad-chksum.pcap
-Init() uid=HhAvVGS1DHFjwGM9
+Init() uid=CHhAvVGS1DHFjwGM9
 Analyzer added to HhAvVGS1DHFjwGM9
-Packet(len=69 orig=1, action=1 skip_reason=2) uid=HhAvVGS1DHFjwGM9
+Packet(len=69 orig=1, action=1 skip_reason=2) uid=CHhAvVGS1DHFjwGM9
-Done() uid=HhAvVGS1DHFjwGM9
+Done() uid=CHhAvVGS1DHFjwGM9
 ===
 <...>/ip6-icmp6-good-chksum.pcap
-Init() uid=HhAvVGS1DHFjwGM9
+Init() uid=CHhAvVGS1DHFjwGM9
 Analyzer added to HhAvVGS1DHFjwGM9
-Packet(len=69 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=69 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Done() uid=HhAvVGS1DHFjwGM9
+Done() uid=CHhAvVGS1DHFjwGM9
 ===
 <...>/get.trace
-Init() uid=HhAvVGS1DHFjwGM9
+Init() uid=CHhAvVGS1DHFjwGM9
 Analyzer added to HhAvVGS1DHFjwGM9
-Packet(len=78 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=78 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=74 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=74 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=202 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=202 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+http_request: uid=CHhAvVGS1DHFjwGM9
-Packet(len=1514 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=1514 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=1514 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=729 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=1514 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=729 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Done() uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
 Done() uid=CHhAvVGS1DHFjwGM9
 ===
 <...>/get.trace
-Init() uid=HhAvVGS1DHFjwGM9
+Init() uid=CHhAvVGS1DHFjwGM9
 Analyzer added to HhAvVGS1DHFjwGM9
-Packet(len=78 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=78 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=74 orig=0, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=74 orig=0, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=202 orig=1, action=0 skip_reason=0) uid=HhAvVGS1DHFjwGM9
+Packet(len=202 orig=1, action=0 skip_reason=0) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9
+http_request: uid=CHhAvVGS1DHFjwGM9
-Packet(len=1514 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9
+skip_further_processing uid=CHhAvVGS1DHFjwGM9
-Packet(len=1514 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
-Packet(len=1514 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9
+Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
-Packet(len=729 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9
+Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=1, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9
+Packet(len=1514 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=1, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9
+Packet(len=729 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=1, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=0, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
-Packet(len=66 orig=1, action=1 skip_reason=4) uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
-Done() uid=HhAvVGS1DHFjwGM9
+Packet(len=66 orig=0, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Packet(len=66 orig=1, action=1 skip_reason=4) uid=CHhAvVGS1DHFjwGM9
 Done() uid=CHhAvVGS1DHFjwGM9
 ===
--- a/testing/btest/plugins/tap-analyzer-conn-val-plugin/.btest-ignore
+++ b/testing/btest/plugins/tap-analyzer-conn-val-plugin/.btest-ignore
--- a/testing/btest/plugins/tap-analyzer-conn-val-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/tap-analyzer-conn-val-plugin/src/Plugin.cc
@ -0,0 +1,74 @@
 #include "Plugin.h"
 #include <cstdio>
 #include <cstring>
 #include "zeek/ID.h"
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/Analyzer.h"
 #include "zeek/analyzer/Manager.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 #include "zeek/packet_analysis/protocol/ip/SessionAdapter.h"
 namespace {
 class MyTapAnalyzer : public zeek::packet_analysis::TapAnalyzer {
 public:
    MyTapAnalyzer(zeek::Connection* conn) : conn(conn) {}
    void TapPacket(const zeek::Packet& pkt, zeek::packet_analysis::PacketAction action,
                   const zeek::packet_analysis::SkipReason skip_reason) override {
        std::printf("Packet(len=%d orig=%d, action=%d skip_reason=%d) uid=C%s\n", pkt.len, pkt.is_orig,
                    static_cast<int>(action), static_cast<int>(skip_reason), conn->GetUID().Base62().c_str());
        if ( action == zeek::packet_analysis::PacketAction::Deliver )
            ++deliver;
        else if ( action == zeek::packet_analysis::PacketAction::Skip )
            ++skip;
        else
            zeek::reporter->FatalError("Unknown action %d", static_cast<int>(action));
    }
    void UpdateConnVal(zeek::RecordVal* conn_val) override {
        // Set some fields on connection that are added in the zeek script.
        static auto tap_deliver_offset = zeek::id::connection->FieldOffset("tap_deliver");
        static auto tap_skip_offset = zeek::id::connection->FieldOffset("tap_skip");
        conn_val->Assign(tap_deliver_offset, zeek::val_mgr->Count(deliver));
        conn_val->Assign(tap_skip_offset, zeek::val_mgr->Count(skip));
    }
 private:
    zeek::Connection* conn = nullptr;
    zeek_uint_t deliver = 0;
    zeek_uint_t skip = 0;
 };
 } // namespace
 namespace btest::plugin::Demo_TapAnalyzer {
 Plugin plugin;
 zeek::plugin::Configuration Plugin::Configure() {
    EnableHook(zeek::plugin::HOOK_SETUP_ANALYZER_TREE);
    zeek::plugin::Configuration config;
    config.name = "Demo::TapAnalyzer";
    config.description = "Testing the TapAnalyzer";
    config.version = {1, 0, 0};
    return config;
 }
 void Plugin::HookSetupAnalyzerTree(zeek::Connection* conn) {
    // Init the uid for GetUID()
    conn->GetVal();
    auto analyzer = std::make_unique<MyTapAnalyzer>(conn);
    auto* adapter = conn->GetSessionAdapter();
    adapter->AddTapAnalyzer(std::move(analyzer));
    std::printf("Analyzer added to uid=C%s\n", conn->GetUID().Base62().c_str());
 }
 } // namespace btest::plugin::Demo_TapAnalyzer
--- a/testing/btest/plugins/tap-analyzer-conn-val-plugin/src/Plugin.h
+++ b/testing/btest/plugins/tap-analyzer-conn-val-plugin/src/Plugin.h
@ -0,0 +1,18 @@
 #pragma once
 #include "zeek/plugin/Plugin.h"
 namespace btest::plugin::Demo_TapAnalyzer {
 class Plugin : public zeek::plugin::Plugin {
 protected:
    void HookSetupAnalyzerTree(zeek::Connection* conn) override;
    // Overridden from zeek::plugin::Plugin.
    zeek::plugin::Configuration Configure() override;
 };
 extern Plugin plugin;
 } // namespace btest::plugin::Demo_TapAnalyzer
--- a/testing/btest/plugins/tap-analyzer-conn-val.zeek
+++ b/testing/btest/plugins/tap-analyzer-conn-val.zeek
@ -0,0 +1,50 @@
 # @TEST-DOC: A plugin hooking HookSetupAnalyzerTree() to attach a TapAnalyzer to every connection.
 #
 # @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Demo TapAnalyzer
 # @TEST-EXEC: cp -r %DIR/tap-analyzer-conn-val-plugin/* .
 # @TEST-EXEC: ./configure --zeek-dist=${DIST} && make
 #
 #
 # @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT >>output
 # @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT http_skip_further_processing=T >>output
 # @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/wikipedia.trace %INPUT >>output
 # @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::TapAnalyzer" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/wikipedia.trace %INPUT http_skip_further_processing=T >>output
 #
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output
@load base/protocols/http
 redef record connection += {
 	tap_deliver: count &default=0;
 	tap_skip: count &default=0;
 };
 event zeek_init()
 	{
 	print packet_source()$path;
 	}
 event zeek_done()
 	{
 	print "===";
 	}
 global http_skip_further_processing = F &redef;
 event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string)
 	{
 	print fmt("http_request: uid=%s deliver=%s skip=%s", c$uid, c$tap_deliver, c$tap_skip);
 	if ( http_skip_further_processing )
 		{
 		print fmt("skip_further_processing uid=%s", c$uid);
 		skip_further_processing(c$id);
 		}
 	}
 event connection_state_remove(c: connection)
 	{
 	print fmt("connection_state_remove: %s deliver=%s skip=%s", c$uid, c$tap_deliver, c$tap_skip);
 	}
--- a/testing/btest/plugins/tap-analyzer-plugin/src/Plugin.cc
+++ b/testing/btest/plugins/tap-analyzer-plugin/src/Plugin.cc
@ -16,13 +16,13 @@ public:
    void TapPacket(const zeek::Packet& pkt, zeek::packet_analysis::PacketAction action,
                   const zeek::packet_analysis::SkipReason skip_reason) override {
-        std::printf("Packet(len=%d orig=%d, action=%d skip_reason=%d) uid=%s\n", pkt.len, pkt.is_orig,
+        std::printf("Packet(len=%d orig=%d, action=%d skip_reason=%d) uid=C%s\n", pkt.len, pkt.is_orig,
                    static_cast<int>(action), static_cast<int>(skip_reason), conn->GetUID().Base62().c_str());
    }
-    void Init() override { std::printf("Init() uid=%s\n", conn->GetUID().Base62().c_str()); }
+    void Init() override { std::printf("Init() uid=C%s\n", conn->GetUID().Base62().c_str()); }
-    void Done() override { std::printf("Done() uid=%s\n", conn->GetUID().Base62().c_str()); }
+    void Done() override { std::printf("Done() uid=C%s\n", conn->GetUID().Base62().c_str()); }
 private:
    zeek::Connection* conn = nullptr;
--- a/testing/btest/plugins/tap-analyzer.zeek
+++ b/testing/btest/plugins/tap-analyzer.zeek
@ -36,6 +36,11 @@ global http_skip_further_processing = F &redef;
 event http_request(c: connection, method: string, original_URI: string, unescaped_URI: string, version: string)
 	{
 	print fmt("http_request: uid=%s", c$uid);
 	if ( http_skip_further_processing )
 		{
 		print fmt("skip_further_processing uid=%s", c$uid);
 		skip_further_processing(c$id);
 		}
 	}