Merge remote-tracking branch 'origin/topic/awelzel/3145-dcerpc-state-clean'

* origin/topic/awelzel/3145-dcerpc-state-clean:
  dce-rpc: Test cases for unbounded state growth
  dce-rpc: Handle smb2_close_request() in scripts
  smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them
  dce-rpc: Do not repeatedly register removal hooks

(cherry picked from commit f9904511ab)

testing/btest/scripts/base/protocols/dce-rpc/dce-rpc-backing-discard.zeek

@@ -0,0 +1,19 @@
+# @TEST-DOC: Pcap does not contain close requests for the involved fids (filtered out with wireshark)
+# @TEST-EXEC: zeek -C -r $TRACES/dce-rpc/20-fids-no-close.pcap %INPUT >out
+# @TEST-EXEC: btest-diff out
+# @TEST-EXEC: btest-diff weird.log
+
+@load base/protocols/smb
+@load base/protocols/dce-rpc
+
+redef SMB::max_dce_rpc_analyzers = 5;
+
+event dce_rpc_request(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count)
+	{
+	print "dce_rpc_request", c$uid, "fid", fid, "backing", |c$dce_rpc_backing|;
+	}
+
+event smb_discarded_dce_rpc_analyzers(c: connection)
+	{
+	print "smb_discarded_dce_rpc_analyzers", c$uid;
+	}

testing/btest/scripts/base/protocols/dce-rpc/dce-rpc-backing-size.zeek

@@ -0,0 +1,19 @@
+# @TEST-DOC: Ensure dce_rpc_backing state stays bounded when pipes are closed properly.
+# @TEST-EXEC: zeek -C -r $TRACES/dce-rpc/20-fids.pcap %INPUT >out
+# @TEST-EXEC: btest-diff out
+# @TEST-EXEC: test ! -f weird.log
+
+@load base/protocols/smb
+@load base/protocols/dce-rpc
+
+redef SMB::max_dce_rpc_analyzers = 5;
+
+event dce_rpc_request(c: connection, fid: count, ctx_id: count, opnum: count, stub_len: count)
+	{
+	print "dce_rpc_request", c$uid, "fid", fid, "backing", |c$dce_rpc_backing|;
+	}
+
+event smb_discarded_dce_rpc_analyzers(c: connection)
+	{
+	print "UNEXPECTED", "smb_discarded_dce_rpc_analyzers", c$uid;
+	}