Merge remote-tracking branch 'origin/topic/johanna/dpd-changes'

* origin/topic/johanna/dpd-changes:
  DPD: failed services logging alignment
  DPD: update test baselines; change options for external tests.
  DPD: change policy script for service violation logging; add NEWS
  DPD changes - small script fixes and renames.
  Update public and private test suite for DPD changes.
  Allow to track service violations in conn.log.
  Make conn.log service field ordered
  DPD: change handling of pre-confirmation violations, remove max_violations
  DPD: log analyzers that have confirmed
  IRC analyzer - make protocol confirmation more robust.

scripts/base/protocols/conn/main.zeek

@@ -27,8 +27,10 @@ export {
 		id:           conn_id         &log;
 		## The transport layer protocol of the connection.
 		proto:        transport_proto &log;
-		## An identification of an application protocol being sent over
-		## the connection.
+		## A comma-separated list of confirmed protocol(s).
+		## With :zeek:see:DPD::track_removed_services_in_connection, the list
+		## includes the same protocols prefixed with "-" to record that Zeek
+		## dropped them due to parsing violations."
 		service:      string          &log &optional;
 		## How long the connection lasted.
 		##