packet_analysis: Raise violations once (and don't raise confirmations after violations)

This is mostly to avoid per-packet violations for packet analyzers that
have sessions attached to them.

NEWS

@@ -20,6 +20,13 @@ New Functionality
 - File analyzers can now raise analyzer violations to the script-layer via
   the new AnalyzerViolation() method.
 
+Changed Functionality
+---------------------
+
+- Violations for packet analyzers that have sessions attached with them
+  will be raised once only. Further, analyzer confirmations are not raised
+  after a violation.
+
 Deprecated Functionality
 ------------------------
 

src/packet_analysis/Analyzer.cc

@@ -189,6 +189,10 @@ void Analyzer::AnalyzerConfirmation(session::Session* session, zeek::Tag arg_tag
 	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::CONFIRMED )
 		return;
 
+	// If this session violated previously, we don't allow through a confirmation.
+	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::VIOLATED )
+		return;
+
 	session->SetAnalyzerState(effective_tag, session::AnalyzerConfirmationState::CONFIRMED);
 
 	if ( analyzer_confirmation_info )
@@ -238,6 +242,9 @@ void Analyzer::AnalyzerViolation(const char* reason, session::Session* session,
 	{
 	const auto& effective_tag = arg_tag ? arg_tag : GetAnalyzerTag();
 
+	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::VIOLATED )
+		return;
+
 	session->SetAnalyzerState(effective_tag, session::AnalyzerConfirmationState::VIOLATED);
 
 	if ( analyzer_violation_info )