Can't open pcap slice if the conn contains "files" activity

[philrz]

tl;dr

A change in Zeek broke Zui's Download Packets functionality if related conn record has an associated files record. I've already figured out a fix and will have a PR up shortly.

Details

Repro is with Zui commit e275ddd with the attached ifconfig.pcapng.gz test data (after gunziping).

As shown in the attached video, to repro:

1. Load the pcap
2. Click the conn record
3. Click the Download Packets button and find nothing happens

Repro.mp4

The error message that shows up in the console as I click:

17:57:35.719 › Error: "proto" not present in ["_path", "ts", "fuid", "uid", "id", "source", "depth", "analyzers", "mime_type", "filename", "duration", "local_orig", "is_orig", "seen_bytes", "total_bytes", "missing_bytes", "overflow_bytes", "timedout", "parent_fuid", "md5", "sha1", "sha256", "extracted", "extracted_cutoff", "extracted_size"]
    at _Record._getField (/Users/phil/work/zui/apps/zui/dist/main.js:91039:13)
    at _Record.getField (/Users/phil/work/zui/apps/zui/dist/main.js:91005:19)
    at _Record.get (/Users/phil/work/zui/apps/zui/dist/main.js:91001:24)
    at getSearchArgsFromConn (/Users/phil/work/zui/apps/zui/dist/main.js:97870:17)
    at downloadPackets (/Users/phil/work/zui/apps/zui/dist/main.js:97884:18)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

[philrz]

Verified in Zui commit a5ee8af.

As shown in the attached video, now when the Download Packets button is clicked the pcap slice opens in Wireshark as expected.

Verify.mp4