detect/parse: allow for OK signature parsing errors

The idea of an OK signature parsing error is an error that is
allowed to occur, but still lets test mode pass, unlike
silent errors which will still fail testing.

This is introduced to allow for app-layer event keywords to be
removed, but not have old rules fail out on this case. For example
the Rust DNS parser removes from DNS app-layer events that are
not used anymore.

To signal that an error is OK, -3 is returned. This also implies
silent.

src/detect-engine-loader.c

@@ -195,7 +195,9 @@ static int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file,
             if (rule_engine_analysis_set) {
                 EngineAnalysisRulesFailure(line, sig_file, lineno - multiline);
             }
-            bad++;
+            if (!de_ctx->sigerror_ok) {
+                bad++;
+            }
         }
         multiline = 0;
     }

src/detect-parse.c

@@ -1863,7 +1863,12 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, const char *sigstr,
     sig->gid = 1;
 
     int ret = SigParse(de_ctx, sig, sigstr, dir, &parser);
-    if (ret == -2) {
+    if (ret == -3) {
+        de_ctx->sigerror_silent = true;
+        de_ctx->sigerror_ok = true;
+        goto error;
+    }
+    else if (ret == -2) {
         de_ctx->sigerror_silent = true;
         goto error;
     } else if (ret < 0) {
@@ -1902,7 +1907,12 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, const char *sigstr,
     }
 
     ret = DetectAppLayerEventPrepare(sig);
-    if (ret == -2) {
+    if (ret == -3) {
+        de_ctx->sigerror_silent = true;
+        de_ctx->sigerror_ok = true;
+        goto error;
+    }
+    else if (ret == -2) {
         de_ctx->sigerror_silent = true;
         goto error;
     } else if (ret < 0) {

src/detect.h

@@ -865,6 +865,7 @@ typedef struct DetectEngineCtx_ {
     char *rule_file;
     int rule_line;
     bool sigerror_silent;
+    bool sigerror_ok;
     const char *sigerror;
 
     /** list of keywords that need thread local ctxs */