Remove some DNS weirds that caused volume and didn't help anyone.

These have been lingering for a while and they generally annoy everyone because of the sheer volume. They also don't really add any useful information for debugging and they were generated differently than most other weirds anyway (which was a little weird...).
2025-10-14 12:38:20 +00:00 · 2017-12-13 15:00:15 -05:00 · 2017-12-13 15:00:15 -05:00 · ac955519b2
commit ac955519b2
parent 895e7b06b1
2 changed files with 4 additions and 16 deletions
--- a/scripts/base/protocols/dns/main.bro
+++ b/scripts/base/protocols/dns/main.bro
@ -2,7 +2,6 @@
 ##! their responses.

@load base/utils/queue
-@load base/frameworks/notice/weird
@load ./consts

 module DNS;
@ -177,9 +176,6 @@ function log_unmatched_msgs_queue(q: Queue::Queue)

 	for ( i in infos )
 		{
-		local wi = Weird::Info($ts=network_time(), $name="dns_unmatched_msg", $uid=infos[i]$uid,
-		                       $id=infos[i]$id);
-		Weird::weird(wi);
 		Log::write(DNS::LOG, infos[i]);
 		}
 	}
@ -187,21 +183,19 @@ function log_unmatched_msgs_queue(q: Queue::Queue)
 function log_unmatched_msgs(msgs: PendingMessages)
 	{
 	for ( trans_id in msgs )
+		{
 		log_unmatched_msgs_queue(msgs[trans_id]);
+		}

 	clear_table(msgs);
 	}

 function enqueue_new_msg(msgs: PendingMessages, id: count, msg: Info)
 	{
-	local wi: Weird::Info;
 	if ( id !in msgs )
 		{
 		if ( |msgs| > max_pending_query_ids )
 			{
-			wi = Weird::Info($ts=network_time(), $name="dns_unmatched_msg", $uid=msg$uid,
-			                       $id=msg$id);
-			Weird::weird(wi);
 			# Throw away all unmatched on assumption they'll never be matched.
 			log_unmatched_msgs(msgs);
 			}
@ -212,9 +206,6 @@ function enqueue_new_msg(msgs: PendingMessages, id: count, msg: Info)
 		{
 		if ( Queue::len(msgs[id]) > max_pending_msgs )
 			{
-			wi = Weird::Info($ts=network_time(), $name="dns_unmatched_msg_quantity", $uid=msg$uid,
-			                       $id=msg$id);
-			Weird::weird(wi);
 			log_unmatched_msgs_queue(msgs[id]);
 			# Throw away all unmatched on assumption they'll never be matched.
 			msgs[id] = Queue::init();
@ -271,7 +262,6 @@ hook set_session(c: connection, msg: dns_msg, is_query: bool) &priority=5
 			# Create a new DNS session and put it in the reply queue so
 			# we can wait for a matching query.
 			c$dns = new_session(c, msg$id);
-			event conn_weird("dns_unmatched_reply", c, "");
 			enqueue_new_msg(c$dns_state$pending_replies, msg$id, c$dns);
 			}
 		}
--- a/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.duplicate-reponses/weird.log
@ -3,10 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-07-13-16-16-12
+#open	2017-12-13-19-40-49
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1363716396.798286	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	DNS_RR_unknown_type	46	F	bro
-1363716396.798374	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	dns_unmatched_reply	-	F	bro
-1363716396.798374	CHhAvVGS1DHFjwGM9	55.247.223.174	27285	222.195.43.124	53	dns_unmatched_msg	-	F	bro
-#close	2016-07-13-16-16-12
+#close	2017-12-13-19-40-49