btest/plugins: Add smoke test for DeliverSkippedPacket()

testing/btest/Baseline/plugins.deliver-skipped-packet/output

@@ -0,0 +1,50 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+<...>/ip4-tcp-bad-chksum.pcap
+Analyzer added to HhAvVGS1DHFjwGM9
+DeliverSkippedPacket len=0 orig=1
+===
+<...>/ip4-tcp-good-chksum.pcap
+Analyzer added to HhAvVGS1DHFjwGM9
+Deliver Packet len=0 orig=1
+===
+<...>/ip4-udp-bad-chksum.pcap
+Analyzer added to HhAvVGS1DHFjwGM9
+DeliverSkippedPacket len=12 orig=1
+===
+<...>/ip4-udp-good-chksum.pcap
+Analyzer added to HhAvVGS1DHFjwGM9
+Deliver Packet len=4 orig=1
+===
+<...>/ip4-icmp-bad-chksum.pcap
+Analyzer added to HhAvVGS1DHFjwGM9
+DeliverSkippedPacket len=8 orig=1
+===
+<...>/ip4-icmp-good-chksum.pcap
+Analyzer added to HhAvVGS1DHFjwGM9
+Deliver Packet len=0 orig=1
+===
+<...>/ip6-icmp6-bad-chksum.pcap
+Analyzer added to HhAvVGS1DHFjwGM9
+DeliverSkippedPacket len=15 orig=1
+===
+<...>/ip6-icmp6-good-chksum.pcap
+Analyzer added to HhAvVGS1DHFjwGM9
+Deliver Packet len=7 orig=1
+===
+<...>/get.trace
+Analyzer added to HhAvVGS1DHFjwGM9
+Deliver Packet len=0 orig=1
+Deliver Packet len=0 orig=0
+Deliver Packet len=0 orig=1
+Deliver Packet len=136 orig=1
+Deliver Packet len=0 orig=0
+Deliver Packet len=1448 orig=0
+Deliver Packet len=1448 orig=0
+Deliver Packet len=1448 orig=0
+Deliver Packet len=663 orig=0
+Deliver Packet len=0 orig=1
+Deliver Packet len=0 orig=1
+Deliver Packet len=0 orig=1
+Deliver Packet len=0 orig=0
+Deliver Packet len=0 orig=1
+===

testing/btest/plugins/deliver-skipped-packet-plugin/src/Plugin.cc

@@ -0,0 +1,70 @@
+#include "Plugin.h"
+
+#include <cstdio>
+#include <cstring>
+
+#include "zeek/Reporter.h"
+#include "zeek/analyzer/Analyzer.h"
+#include "zeek/analyzer/Manager.h"
+#include "zeek/analyzer/protocol/tcp/TCP.h"
+
+namespace {
+class Foo : public zeek::analyzer::Analyzer {
+public:
+    Foo(zeek::Connection* conn) : zeek::analyzer::Analyzer("FOO", conn) {}
+
+    void DeliverPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip,
+                       int caplen) override {
+        std::printf("Deliver Packet len=%d orig=%d\n", len, orig);
+    }
+
+    void DeliverSkippedPacket(int len, const u_char* data, bool orig, uint64_t seq, const zeek::IP_Hdr* ip,
+                              int caplen) override {
+        std::printf("DeliverSkippedPacket len=%d orig=%d\n", len, orig);
+    }
+
+    static zeek::analyzer::Analyzer* Instantiate(zeek::Connection* conn) { return new Foo(conn); }
+};
+} // namespace
+
+
+namespace btest::plugin::Demo_Hooks {
+
+Plugin plugin;
+
+zeek::plugin::Configuration Plugin::Configure() {
+    EnableHook(zeek::plugin::HOOK_SETUP_ANALYZER_TREE);
+
+    AddComponent(new zeek::analyzer::Component("Foo", Foo::Instantiate));
+
+    zeek::plugin::Configuration config;
+    config.name = "Demo::Hooks";
+    config.description = "Custom analyzer for all connections";
+    config.version = {1, 0, 0};
+    return config;
+}
+
+void Plugin::HookSetupAnalyzerTree(zeek::Connection* conn) {
+    auto* analyzer = zeek::analyzer_mgr->InstantiateAnalyzer("FOO", conn);
+
+    if ( ! analyzer )
+        zeek::reporter->FatalError("could not instantiate analyzer");
+
+    if ( conn->ConnTransport() == TRANSPORT_TCP ) {
+        // Need to use AddChildPacketAnalyzer() for TCP packet analyzers,
+        // otherwise we only see packets if there's no reassembly.
+        auto* adapter = static_cast<zeek::packet_analysis::TCP::TCPSessionAdapter*>(conn->GetSessionAdapter());
+        adapter->AddChildPacketAnalyzer(analyzer);
+    }
+    else {
+        auto* adapter = conn->GetSessionAdapter();
+        adapter->AddChildAnalyzer(analyzer);
+    }
+
+    // Init the uid for GetUID()
+    conn->GetVal();
+
+    std::printf("Analyzer added to %s\n", conn->GetUID().Base62().c_str());
+}
+
+} // namespace btest::plugin::Demo_Hooks

testing/btest/plugins/deliver-skipped-packet-plugin/src/Plugin.h

@@ -0,0 +1,18 @@
+
+#pragma once
+
+#include "zeek/plugin/Plugin.h"
+
+namespace btest::plugin::Demo_Hooks {
+
+class Plugin : public zeek::plugin::Plugin {
+protected:
+    void HookSetupAnalyzerTree(zeek::Connection* conn) override;
+
+    // Overridden from zeek::plugin::Plugin.
+    zeek::plugin::Configuration Configure() override;
+};
+
+extern Plugin plugin;
+
+} // namespace btest::plugin::Demo_Hooks

testing/btest/plugins/deliver-skipped-packet.zeek

@@ -0,0 +1,28 @@
+# @TEST-DOC: A plugin providing an analyzer implementing DeliverPacket() and DeliverSkippedPacket() and using HookSetupAnalyzer() to attach it to every new connection.
+#
+# @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Demo Hooks
+# @TEST-EXEC: cp -r %DIR/deliver-skipped-packet-plugin/* .
+# @TEST-EXEC: ./configure --zeek-dist=${DIST} && make
+#
+# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap %INPUT >>output
+# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-tcp-good-chksum.pcap %INPUT >>output
+# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-udp-bad-chksum.pcap %INPUT >>output
+# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >>output
+# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap %INPUT >>output
+# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip4-icmp-good-chksum.pcap %INPUT >>output
+# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap %INPUT >>output
+# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap %INPUT >>output
+#
+# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Demo::Hooks" ZEEK_PLUGIN_PATH=`pwd` zeek -b -r $TRACES/http/get.trace %INPUT >>output
+#
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output
+
+event zeek_init()
+	{
+	print packet_source()$path;
+	}
+
+event zeek_done()
+	{
+	print "===";
+	}