Merge remote-tracking branch 'origin/topic/timw/iptunnel-check-null-session'

* origin/topic/timw/iptunnel-check-null-session:
  Remove setting non-existent session history for IPTunnel

CHANGES

@@ -1,3 +1,7 @@
+6.2.0-dev.451 | 2024-01-23 12:40:53 -0700
+
+  * Remove setting non-existent session history for IPTunnel (Tim Wojtulewicz, Corelight)
+
 6.2.0-dev.449 | 2024-01-23 10:41:16 -0700
 
   * Change to use ToStdStringView() in a few other BIFs (Tim Wojtulewicz, Corelight)

VERSION

@@ -1 +1 @@
-6.2.0-dev.449
+6.2.0-dev.451

src/packet_analysis/protocol/iptunnel/IPTunnel.cc

@@ -23,7 +23,6 @@ bool IPTunnelAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* pa
     }
 
     if ( packet->encap && packet->encap->Depth() >= BifConst::Tunnel::max_depth ) {
-        packet->session->CheckHistory(zeek::session::detail::HIST_UNKNOWN_PKT, 'X');
         Weird("exceeded_tunnel_max_depth", packet);
         return false;
     }

testing/btest/Baseline/core.tunnels.gre-in-gre-min-depth/weird.log

@@ -0,0 +1,12 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	-	10.10.11.2	0	10.10.13.2	0	exceeded_tunnel_max_depth_in_tunnel	-	F	zeek	IPTUNNEL
+XXXXXXXXXX.XXXXXX	-	10.10.13.2	0	10.10.11.2	0	exceeded_tunnel_max_depth_in_tunnel	-	F	zeek	IPTUNNEL
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/core/tunnels/gre-in-gre-min-depth.test

@@ -0,0 +1,3 @@
+# @TEST-DOC: Tests that an IP-in-IP tunnel with max-depth set to 1 doesn't crash
+# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gre-within-gre.pcap Tunnel::max_depth=1
+# @TEST-EXEC: btest-diff weird.log