Can't open pcap slice if the conn contains "files" activity #2980
Description
tl;dr
A change in Zeek broke Zui's Download Packets functionality if related conn record has an associated files record. I've already figured out a fix and will have a PR up shortly.
Details
Repro is with Zui commit e275ddd with the attached ifconfig.pcapng.gz test data (after gunziping).
As shown in the attached video, to repro:
- Load the pcap
- Click the
connrecord - Click the Download Packets button and find nothing happens
Repro.mp4
The error message that shows up in the console as I click:
17:57:35.719 › Error: "proto" not present in ["_path", "ts", "fuid", "uid", "id", "source", "depth", "analyzers", "mime_type", "filename", "duration", "local_orig", "is_orig", "seen_bytes", "total_bytes", "missing_bytes", "overflow_bytes", "timedout", "parent_fuid", "md5", "sha1", "sha256", "extracted", "extracted_cutoff", "extracted_size"]
at _Record._getField (/Users/phil/work/zui/apps/zui/dist/main.js:91039:13)
at _Record.getField (/Users/phil/work/zui/apps/zui/dist/main.js:91005:19)
at _Record.get (/Users/phil/work/zui/apps/zui/dist/main.js:91001:24)
at getSearchArgsFromConn (/Users/phil/work/zui/apps/zui/dist/main.js:97870:17)
at downloadPackets (/Users/phil/work/zui/apps/zui/dist/main.js:97884:18)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)