IPv6 support for detect-external-names and testcase

This commit builds on top of GH-4183 and adds IPv6 support for
policy/protocols/dns/detect-external-names.

Additionally it adds a test-case for this file testing it with mDNS
queries.

scripts/policy/protocols/dns/detect-external-names.zeek

@@ -20,7 +20,7 @@ export {
 	option skip_resp_host_port_pairs: set[addr, port] = { [[224.0.0.251, [ff02::fb]], 5353/udp] };
 }
 
-event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) &priority=-3
+function detect_external_names(c: connection, msg: dns_msg, ans: dns_answer, a: addr)
 	{
 	if ( |Site::local_zones| == 0 )
 		return;
@@ -39,3 +39,13 @@ event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr) &priori
 		        $identifier=cat(a,ans$query)]);
 		}
 	}
+
+event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr)
+	{
+	detect_external_names(c, msg, ans, a);
+	}
+
+event dns_AAAA_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr)
+	{
+	detect_external_names(c, msg, ans, a);
+	}

testing/btest/Baseline/scripts.policy.protocols.dns.detect-external-names-mdns-broadcast-2/notice.log

@@ -0,0 +1,13 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	notice
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	email_dest	suppress_for	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
+#types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	set[string]	interval	string	string	string	double	double
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	fd52:429e:c03c:8235:883c:d6ff:fee1:4dc4	5353	ff02::fb	5353	-	-	-	udp	DNS::External_Name	johanna-qemu-virtual-machine.local is pointing to a local host - fd52:429e:c03c:8235:883c:d6ff:fee1:4dc4.	-	fd52:429e:c03c:8235:883c:d6ff:fee1:4dc4	ff02::fb	5353	-	-	Notice::ACTION_LOG	(empty)	3600.000000	-	-	-	-	-
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	fd52:429e:c03c:8235:883c:d6ff:fee1:4dc4	5353	ff02::fb	5353	-	-	-	udp	DNS::External_Name	johanna-qemu-virtual-machine.local is pointing to a local host - fd52:429e:c03c:8235:5968:5bc6:1563:f82f.	-	fd52:429e:c03c:8235:883c:d6ff:fee1:4dc4	ff02::fb	5353	-	-	Notice::ACTION_LOG	(empty)	3600.000000	-	-	-	-	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	10.0.2.7	5353	224.0.0.251	5353	-	-	-	udp	DNS::External_Name	johanna-qemu-virtual-machine.local is pointing to a local host - 10.0.2.7.	-	10.0.2.7	224.0.0.251	5353	-	-	Notice::ACTION_LOG	(empty)	3600.000000	-	-	-	-	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.policy.protocols.dns.detect-external-names-mdns-broadcast/notice.log

@@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

testing/btest/scripts/policy/protocols/dns/detect-external-names-mdns-broadcast.zeek

@@ -0,0 +1,27 @@
+# Test verifies that mDNS broadcasts are not logged by default.
+# @TEST-EXEC: zeek -b -C -r $TRACES/dns/mdns.pcap %INPUT
+# @TEST-EXEC: touch notice.log
+# @TEST-EXEC: btest-diff notice.log
+
+##! First test - no log
+
+@load base/protocols/dns
+@load policy/protocols/dns/detect-external-names
+
+redef Site::local_zones +=  {"example.inalid"};
+
+@TEST-START-NEXT
+
+##! second test - should output log due to changed config
+
+@load base/protocols/dns
+@load policy/protocols/dns/detect-external-names
+@load base/frameworks/config
+
+redef Site::local_zones +=  {"example.inalid"};
+
+event zeek_init()
+	{
+	print Site::local_nets;
+	Config::set_value("DNS::skip_resp_host_port_pairs", set());
+	}