mdns: adds rules to test to check they load

Ticket: 8501

diff --git a/tests/mdns/test.rules b/tests/mdns/test.rules
index 44f36faa0dc02b169ec648a3b797f4a0301e1734..66ef850470770661102385a93f5a6bf3b6beefbf 100644 (file)
--- a/tests/mdns/test.rules
+++ b/tests/mdns/test.rules
@@ -1,3 +1,8 @@
 alert mdns any any -> any any (mdns.queries.rrname; content: "_apple"; sid:1;)
 alert mdns any any -> any any (mdns.answers.rrname; content: "Mac"; sid:2;)
 alert mdns any any -> any any (mdns.response.rrname; content: "John’s iMac._companion-link._tcp.local"; sid:3;)
 alert mdns any any -> any any (mdns.queries.rrname; content: "_apple"; sid:1;)
 alert mdns any any -> any any (mdns.answers.rrname; content: "Mac"; sid:2;)
 alert mdns any any -> any any (mdns.response.rrname; content: "John’s iMac._companion-link._tcp.local"; sid:3;)

+
+# Same rules should also load with alert ip prefix
+alert ip any any -> any any (mdns.queries.rrname; content: "_apple"; requires: version >= 9; sid:11;)
+alert ip any any -> any any (mdns.answers.rrname; content: "Mac"; requires: version >= 9; sid:12;)
+alert ip any any -> any any (mdns.response.rrname; content: "John’s iMac._companion-link._tcp.local"; requires: version >= 9; sid:13;)