dns: cleanup: remove unused events

Removed events that are no longer used since the Rust
implementation of DNS:
- UnsolicitedResponse
- StateMemCapReached
- Flooded

rules/dns-events.rules

@@ -1,5 +1,3 @@
-# Response (answer) we didn't see a Request for. Could be packet loss.
-alert dns any any -> any any (msg:"SURICATA DNS Unsolicited response"; flow:to_client; app-layer-event:dns.unsollicited_response; classtype:protocol-command-decode; sid:2240001; rev:2;)
 # Malformed data in request. Malformed means length fields are wrong, etc.
 alert dns any any -> any any (msg:"SURICATA DNS malformed request data"; flow:to_server; app-layer-event:dns.malformed_data; classtype:protocol-command-decode; sid:2240002; rev:2;)
 alert dns any any -> any any (msg:"SURICATA DNS malformed response data"; flow:to_client; app-layer-event:dns.malformed_data; classtype:protocol-command-decode; sid:2240003; rev:2;)
@@ -9,7 +7,3 @@ alert dns any any -> any any (msg:"SURICATA DNS Not a request"; flow:to_server;
 alert dns any any -> any any (msg:"SURICATA DNS Not a response"; flow:to_client; app-layer-event:dns.not_a_response; classtype:protocol-command-decode; sid:2240005; rev:2;)
 # Z flag (reserved) not 0
 alert dns any any -> any any (msg:"SURICATA DNS Z flag set"; app-layer-event:dns.z_flag_set; classtype:protocol-command-decode; sid:2240006; rev:2;)
-# Request Flood Detected
-alert dns any any -> any any (msg:"SURICATA DNS request flood detected"; flow:to_server; app-layer-event:dns.flooded; classtype:protocol-command-decode; sid:2240007; rev:2;)
-# Per-flow (state) memcap reached. Relates to the app-layer.protocols.dns.state-memcap setting.
-alert dns any any -> any any (msg:"SURICATA DNS flow memcap reached"; flow:to_server; app-layer-event:dns.state_memcap_reached; classtype:protocol-command-decode; sid:2240008; rev:3;)

rust/src/dns/dns.rs

@@ -127,13 +127,10 @@ const MAX_TRANSACTIONS: usize = 32;
 
 #[repr(u32)]
 pub enum DNSEvent {
-    UnsolicitedResponse = 0,
     MalformedData,
     NotRequest,
     NotResponse,
     ZFlagSet,
-    Flooded,
-    StateMemCapReached,
 }
 
 #[derive(Debug,PartialEq)]

src/app-layer-dns-common.c

@@ -25,13 +25,10 @@
 #include "app-layer-dns-common.h"
 
 SCEnumCharMap dns_decoder_event_table[ ] = {
-    { "UNSOLLICITED_RESPONSE",      DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE, },
     { "MALFORMED_DATA",             DNS_DECODER_EVENT_MALFORMED_DATA, },
     { "NOT_A_REQUEST",              DNS_DECODER_EVENT_NOT_A_REQUEST, },
     { "NOT_A_RESPONSE",             DNS_DECODER_EVENT_NOT_A_RESPONSE, },
     { "Z_FLAG_SET",                 DNS_DECODER_EVENT_Z_FLAG_SET, },
-    { "FLOODED",                    DNS_DECODER_EVENT_FLOODED, },
-    { "STATE_MEMCAP_REACHED",       DNS_DECODER_EVENT_STATE_MEMCAP_REACHED, },
 
     { NULL,                         -1 },
 };

src/app-layer-dns-common.h

@@ -28,13 +28,10 @@
 #include "app-layer-parser.h"
 
 enum {
-    DNS_DECODER_EVENT_UNSOLLICITED_RESPONSE,
     DNS_DECODER_EVENT_MALFORMED_DATA,
     DNS_DECODER_EVENT_NOT_A_REQUEST,
     DNS_DECODER_EVENT_NOT_A_RESPONSE,
     DNS_DECODER_EVENT_Z_FLAG_SET,
-    DNS_DECODER_EVENT_FLOODED,
-    DNS_DECODER_EVENT_STATE_MEMCAP_REACHED,
 };
 
 /** Opaque Rust types. */