rust/dns/tcp - probe even if payload is short

As the DNS probe just uses the query portion of a response, don't
require there to be as many bytes as specified in the TCP DNS
header. This can occur in large responses where probe is called
without all the data.

Fixes the cases where the app proto is recorded as failed.

Fixes issue:
https://redmine.openinfosecfoundation.org/issues/2169

diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs
index 9c69642451b8e7362b01c4d6affbbd1b2aa007df..b599eda54f339e59b6695767c058c3d7503c4653 100644 (file)
--- a/rust/src/dns/dns.rs
+++ b/rust/src/dns/dns.rs
@@ -545,10 +545,8 @@ fn probe(input: &[u8]) -> bool {
 /// Probe TCP input to see if it looks like DNS.
 pub fn probe_tcp(input: &[u8]) -> bool {
     match nom::be_u16(input) {
-        nom::IResult::Done(rem, len) => {
-            if rem.len() >= len as usize {
-                return probe(rem);
-            }
+        nom::IResult::Done(rem, _) => {
+            return probe(rem);
         },
         _ => {}
     }