Revert "tests: remove unneeded flowbit ops"

This reverts commit bcdbc43dc8c84fb703b693cc47f27a39d5890215.

Flowbits are used in this test to control the number of alerts per signature.
They were removed under the incorrect assumption of being unnecessarily
used as they were not checked anywhere.

diff --git a/tests/geoip/test.rules b/tests/geoip/test.rules
index 5e8669262cc6a09e70c97868778700ab3b56bd0b..213a091650266e2ebcad988e4a128b0acca593b0 100644 (file)
--- a/tests/geoip/test.rules
+++ b/tests/geoip/test.rules
@@ -1,2 +1,2 @@
-alert tcp any any -> any any (msg:"French IP"; flow:established,to_server; geoip:dst,FR; sid:1; rev:1;)
-alert tcp any any -> any any (msg:"German IP"; flow:established,to_server; geoip: dst,DE; sid:2; rev:1;)
+alert tcp any any -> any any (msg:"French IP"; flow:established,to_server; geoip:dst,FR; sid:1; rev:1; flowbits:isnotset,french; flowbits:set,french;)
+alert tcp any any -> any any (msg:"German IP"; flow:established,to_server; geoip: dst,DE; sid:2; rev:1; flowbits:isnotset,german; flowbits:set,german;)