Remove variable content from weird names

This changes many weird names to move non-static content from the
weird name into the "addl" field to help ensure the total number of
weird names is reasonably bounded.  Note the net_weird and flow_weird
events do not have an "addl" parameter, so information may no longer
be available in those cases -- to make it available again we'd need
to either (1) define new events that contain such a parameter, or
(2) change net_weird/flow_weird event signature (which is a breaking
change for user-code at the moment).

Also, the generic handling of binpac exceptions for analyzers which
to not otherwise catch and handle them has been changed from a Weird
to a ProtocolViolation.

Finally, a new "file_weird" event has been added for reporting
weirdness found during file analysis.

testing/btest/Baseline/core.disable-mobile-ipv6/weird.log

@@ -6,5 +6,5 @@
 #open	2012-04-05-21-56-51
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1333663011.602839	-	-	-	-	-	unknown_protocol_135	-	F	bro
+1333663011.602839	-	-	-	-	-	unknown_protocol	-	F	bro
 #close	2012-04-05-21-56-51

testing/btest/Baseline/scripts.base.protocols.modbus.events/conn.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-13-16-16-30
+#open	2019-04-02-01-01-40
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1093521678.945447	CHhAvVGS1DHFjwGM9	10.0.0.57	2387	10.0.0.3	502	tcp	-	0.000493	0	0	SF	-	-	0	FafA	2	80	2	80	-
@@ -13,6 +13,6 @@
 1093522946.554059	CUM0KZ3MLUfNB0cl11	10.0.0.57	2585	10.0.0.8	502	tcp	-	76.561880	926	0	SF	-	-	0	ShADafF	8	1254	7	288	-
 1093523065.562221	CmES5u32sYpV7JYN	10.0.0.8	502	10.0.0.57	4446	tcp	-	155.114237	128	0	SF	-	-	0	ShADaFf	16	776	15	608	-
 1153491879.610371	CP5puj4I8PtEU4qzYg	192.168.66.235	2582	166.161.16.230	502	tcp	-	2.905078	0	0	S0	-	-	0	S	2	96	0	0	-
-1153491888.530306	C37jN32gN3y3AZzyf6	192.168.66.235	2582	166.161.16.230	502	tcp	modbus	85.560847	1692	1278	S1	-	-	0	ShADad	167	8380	181	8522	-
+1153491888.530306	C37jN32gN3y3AZzyf6	192.168.66.235	2582	166.161.16.230	502	tcp	-	85.560847	1692	1278	S1	-	-	0	ShADad	167	8380	181	8522	-
 1342774499.588269	C3eiCBGOLw3VtHfOj	10.1.1.234	51411	10.10.5.85	502	tcp	modbus	2100.811351	237936	4121200	S2	-	-	0	ShADdaF	39659	2300216	20100	5166412	-
-#close	2016-07-13-16-16-33
+#close	2019-04-02-01-01-42

testing/btest/Baseline/scripts.base.protocols.modbus.exception_handling/weird.log

@@ -1,13 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	weird
-#open	2016-07-13-16-16-39
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1153491909.414066	-	-	-	-	-	truncated_IP	-	F	bro
-1153491912.529443	CHhAvVGS1DHFjwGM9	192.168.66.235	2582	166.161.16.230	502	binpac exception: out_of_bound: WriteSingleRegisterRequest: 4 > 0	-	F	bro
-1153491920.661039	CHhAvVGS1DHFjwGM9	192.168.66.235	2582	166.161.16.230	502	TCP_ack_underflow_or_misorder	-	F	bro
-1153491929.715910	CHhAvVGS1DHFjwGM9	192.168.66.235	2582	166.161.16.230	502	TCP_seq_underflow_or_misorder	-	F	bro
-#close	2016-07-13-16-16-39

testing/btest/Baseline/scripts.base.protocols.modbus.length_mismatch/weird.log

@@ -1,10 +0,0 @@
-#separator \x09
-#set_separator	,
-#empty_field	(empty)
-#unset_field	-
-#path	weird
-#open	2018-08-30-14-12-39
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
-#types	time	string	addr	port	addr	port	string	string	bool	string
-1445502056.228889	CHhAvVGS1DHFjwGM9	192.168.2.166	1987	192.168.88.95	502	binpac exception: out_of_bound: ReadWriteMultipleRegistersRequest:write_register_values: 16932 > 191	-	F	bro
-#close	2018-08-30-14-12-39

testing/btest/scripts/base/protocols/modbus/events.bro

@@ -7,6 +7,7 @@
 # @TEST-EXEC: btest-diff coverage
 # @TEST-EXEC: btest-diff conn.log
 
+redef DPD::ignore_violations_after = 1;
 
 event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool)
 {

testing/btest/scripts/base/protocols/modbus/exception_handling.test

@@ -1,10 +1,8 @@
 # @TEST-EXEC: bro -r $TRACES/modbus/fuzz-72.trace
 # @TEST-EXEC: btest-diff modbus.log
-# @TEST-EXEC: btest-diff weird.log
 
 # The pcap has a flow with some fuzzed modbus traffic in it that should cause
 # the binpac-generated analyzer code to throw a binpac::ExceptionOutOfBound.
 # This should be correctly caught as a type of binpac::Exception and the
 # binpac::ModbusTCP::Exception type that's defined as part of the analyzer
 # shouldn't interfere with that handling and definitely shouldn't crash bro.
-# A weird is currently emitted for parsing exceptions.

testing/btest/scripts/base/protocols/modbus/length_mismatch.bro

@@ -12,4 +12,3 @@
 # data buffer.
 
 # @TEST-EXEC: bro -r $TRACES/modbus/4SICS-GeekLounge-151022-min.pcap
-# @TEST-EXEC: btest-diff weird.log

testing/btest/scripts/base/protocols/modbus/policy.bro

@@ -7,3 +7,5 @@
 
 @load protocols/modbus/known-masters-slaves.bro
 @load protocols/modbus/track-memmap.bro
+
+redef DPD::ignore_violations_after = 1;

testing/external/commit-hash.zeek-testing

@@ -1 +1 @@
-1de9cb3f7386e8243431f57b00d87b0ecf98e5ef
+b9e28fecbc04c1fe37906f6d6078fb11114b6661

testing/external/commit-hash.zeek-testing-private

@@ -1 +1 @@
-47df32597eb14183ca0a468be4ab1525417d79dc
+68e6f55eaaced3f4f42b8e291f6e97dd709833c0