Make DCE_RPC skip input in strange fragment circumstances.

If there are too many concurrent fragments or too much
data fragmented, skip further input on DCE_RPC.

scripts/base/protocols/dce-rpc/consts.bro

@@ -4,12 +4,12 @@ module DCE_RPC;
 export {
 	## The maximum number of simultaneous fragmented commands that
 	## the analyzer will tolerate before the analyzer will generate
-	## a weird and remove itself from the connection.
+	## a weird and skip further input.
 	const max_cmd_reassembly = 20 &redef;
 
 	## The maximum number of fragmented bytes that will be tolerated 
 	## on a command before the analyzer will generate a weird and 
-	## remove itself from the connection.
+	## skip further input.
 	const max_frag_data = 30000 &redef;
 
 	const uuid_endpoint_map: table[string] of string = {

src/analyzer/protocol/dce-rpc/dce_rpc-protocol.pac

@@ -198,12 +198,14 @@ flow DCE_RPC_Flow(is_orig: bool) {
 					{
 					reporter->Weird(connection()->bro_analyzer()->Conn(), 
 					                "too_many_dce_rpc_msgs_in_reassembly");
+					connection()->bro_analyzer()->SetSkip(true);
 					}
 
 				if ( fb[${header.call_id}]->data_length() > BifConst::DCE_RPC::max_frag_data )
 					{
 					reporter->Weird(connection()->bro_analyzer()->Conn(), 
 					                "too_much_dce_rpc_fragment_data");
+					connection()->bro_analyzer()->SetSkip(true);
 					}
 
 				return false;
@@ -218,6 +220,7 @@ flow DCE_RPC_Flow(is_orig: bool) {
 				{
 				reporter->Weird(connection()->bro_analyzer()->Conn(), 
 				                "too_much_dce_rpc_fragment_data");
+				connection()->bro_analyzer()->SetSkip(true);
 				}
 
 			return ${header.lastfrag};