Dns dcerpc reversed v4

[ilya-bakhtin]

Make sure these boxes are checked accordingly before submitting your Pull Request -- thank you.

Contribution style:

• I have read the contributing guide lines at
  https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html

Our Contribution agreements:

• I have signed the Open Information Security Foundation contribution agreement at
  https://suricata.io/about/contribution-agreement/ (note: this is only required once)

Changes (if applicable):

• I have updated the User Guide (in doc/userguide/) to reflect the changes made
• I have updated the JSON schema (in etc/schema.json) to reflect all logging changes
  (including schema descriptions)
• I have created a ticket at
  https://redmine.openinfosecfoundation.org/projects/suricata/issues

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7111

Describe changes:
This is a replacement of #11679
There are 2 commits.
The first one is intended to improve DCERPC UDP detection. False positives resulted in improper work of the detection framework.
The second commit simplifies the detection framework function AppLayerProtoDetectGetProto.
It previously contained a bug that combined with a false positive in DCERPC resulted in incorrect reporting of DNS flow direction.

Provide values to any of the below to override the defaults.

• To use an LibHTP, Suricata-Verify or Suricata-Update pull request,
  link to the pull request in the respective _BRANCH variable.
• Leave unused overrides blank or remove.

SV_REPO=
SV_BRANCH=OISF/suricata-verify#2151
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 79.49%. Comparing base (5d766df) to head (1eae0b0).
Report is 49 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #12134       +/-   ##
===========================================
+ Coverage   62.68%   79.49%   +16.80%     
===========================================
  Files         840      909       +69     
  Lines      153669   257701   +104032     
===========================================
+ Hits        96323   204851   +108528     
+ Misses      57346    52850     -4496     

Flag	Coverage Δ
fuzzcorpus	60.93% <100.00%> (?)
livemode	19.43% <0.00%> (?)
pcap	44.40% <100.00%> (?)
suricata-verify	?
unittests	59.27% <50.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

[catenacyber]

@ilya-bakhtin I think you need ro rebase your SV PR onto latest SV master to get CI green

[ilya-bakhtin]

i'm sorry, my bad
i tested it locally but forgot to submit the rebased version
it seems the main PR must also be rebased since one unrelated test failed after SV rebasing.

anyhow SV - OISF/suricata-verify#2151

[ilya-bakhtin]

BTW probably it would be better to return to my very first solution.
It's not so intrusive but it solves the trouble completely.
I mean the one that does not alter DCERPC at all.

[catenacyber]

I think the current solution is better as it solves more trouble :-)