Lots of SMB1 parsing fixes.

scripts/base/frameworks/dpd/main.bro

@@ -27,6 +27,9 @@ export {
 		disabled_aids:  set[count];
 	};
 
+	## Analyzers which you don't want to throw 
+	const ignore_violations: set[Analyzer::Tag] = set() &redef;
+
 	## Ignore violations which go this many bytes into the connection.
 	## Set to 0 to never ignore protocol violations.
 	const ignore_violations_after = 10 * 1024 &redef;
@@ -82,6 +85,9 @@ event protocol_violation(c: connection, atype: Analyzer::Tag, aid: count, reason
 	if ( ignore_violations_after > 0 && size > ignore_violations_after )
 		return;
 
+	if ( atype in ignore_violations )
+		return;
+
 	# Disable the analyzer that raised the last core-generated event.
 	disable_analyzer(c$id, aid);
 	add c$dpd$disabled_aids[aid];

scripts/base/protocols/dce-rpc/main.bro

@@ -34,6 +34,8 @@ export {
 	} &redef;
 }
 
+redef DPD::ignore_violations += { Analyzer::ANALYZER_DCE_RPC };
+
 type State: record {
 	uuid       : string &optional;
 	named_pipe : string &optional;

scripts/base/protocols/ntlm/main.bro

@@ -46,6 +46,8 @@ export {
 	} &redef;
 }
 
+redef DPD::ignore_violations += { Analyzer::ANALYZER_NTLM };
+
 redef record connection += {
 	ntlm: Info &optional;
 };