Merge branch 'master' into topic/jgras/intel-update

2025-10-05 08:08:19 +00:00 · 2016-03-22 18:06:09 +01:00 · 2016-03-22 18:06:09 +01:00 · 06faee2cc8
commit 06faee2cc8
parent 0146e85c41 a9cb90b6f5
141 changed files with 6503 additions and 108 deletions
--- a/testing/btest/Baseline/bifs.check_subnet/output
+++ b/testing/btest/Baseline/bifs.check_subnet/output
@ -0,0 +1,8 @@
+in says: 10.2.0.2/32 is member
+check_subnet says: 10.2.0.2/32 is no member
+in says: 10.2.0.2/31 is member
+check_subnet says: 10.2.0.2/31 is member
+in says: 10.0.0.0/9 is member
+check_subnet says: 10.0.0.0/9 is no member
+in says: 10.0.0.0/8 is member
+check_subnet says: 10.0.0.0/8 is member
--- a/testing/btest/Baseline/bifs.filter_subnet_table/output
+++ b/testing/btest/Baseline/bifs.filter_subnet_table/output
@ -0,0 +1,20 @@
+{
+10.0.0.0/8,
+10.2.0.2/31,
+10.2.0.0/16
+}
+{
+[10.0.0.0/8] = a,
+[10.2.0.2/31] = c,
+[10.2.0.0/16] = b
+}
+{
+[10.0.0.0/8] = a,
+[10.3.0.0/16] = e
+}
+{
+
+}
+{
+
+}
--- a/testing/btest/Baseline/bifs.matching_subnets/output
+++ b/testing/btest/Baseline/bifs.matching_subnets/output
@ -0,0 +1,18 @@
+{
+10.0.0.0/8,
+10.3.0.0/16,
+10.2.0.2/31,
+2607:f8b0:4007:807::/64,
+10.2.0.0/16,
+5.2.0.0/32,
+5.5.0.0/25,
+10.1.0.0/16,
+5.0.0.0/8,
+2607:f8b0:4007:807::200e/128,
+7.2.0.0/32,
+2607:f8b0:4008:807::/64
+}
+[10.2.0.2/31, 10.2.0.0/16, 10.0.0.0/8]
+[2607:f8b0:4007:807::200e/128, 2607:f8b0:4007:807::/64]
+[]
+[10.0.0.0/8]
--- a/testing/btest/Baseline/bifs.subnet_to_addr/error
+++ b/testing/btest/Baseline/bifs.subnet_to_addr/error
--- a/testing/btest/Baseline/bifs.subnet_to_addr/output
+++ b/testing/btest/Baseline/bifs.subnet_to_addr/output
@ -0,0 +1,3 @@
+subnet_to_addr(0.0.0.0/32) = 0.0.0.0 (SUCCESS)
+subnet_to_addr(1.2.0.0/16) = 1.2.0.0 (SUCCESS)
+subnet_to_addr(2607:f8b0:4005:803::200e/128) = 2607:f8b0:4005:803::200e (SUCCESS)
--- a/testing/btest/Baseline/bifs.subnet_version/out
+++ b/testing/btest/Baseline/bifs.subnet_version/out
@ -0,0 +1,4 @@
+T
+F
+F
+T
--- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2015-08-31-05-07-15
+#open	2016-02-17-20-30-50
 #fields	name
 #types	string
 scripts/base/init-bare.bro
@ -188,6 +188,30 @@ scripts/base/init-default.bro
    scripts/base/frameworks/sumstats/non-cluster.bro
  scripts/base/frameworks/tunnels/__load__.bro
    scripts/base/frameworks/tunnels/main.bro
+  scripts/base/frameworks/openflow/__load__.bro
+    scripts/base/frameworks/openflow/consts.bro
+    scripts/base/frameworks/openflow/types.bro
+    scripts/base/frameworks/openflow/main.bro
+    scripts/base/frameworks/openflow/plugins/__load__.bro
+      scripts/base/frameworks/openflow/plugins/ryu.bro
+        scripts/base/utils/json.bro
+      scripts/base/frameworks/openflow/plugins/log.bro
+      scripts/base/frameworks/openflow/plugins/broker.bro
+    scripts/base/frameworks/openflow/non-cluster.bro
+  scripts/base/frameworks/netcontrol/__load__.bro
+    scripts/base/frameworks/netcontrol/types.bro
+    scripts/base/frameworks/netcontrol/main.bro
+      scripts/base/frameworks/netcontrol/plugin.bro
+    scripts/base/frameworks/netcontrol/plugins/__load__.bro
+      scripts/base/frameworks/netcontrol/plugins/debug.bro
+      scripts/base/frameworks/netcontrol/plugins/openflow.bro
+      scripts/base/frameworks/netcontrol/plugins/packetfilter.bro
+      scripts/base/frameworks/netcontrol/plugins/broker.bro
+      scripts/base/frameworks/netcontrol/plugins/acld.bro
+    scripts/base/frameworks/netcontrol/drop.bro
+    scripts/base/frameworks/netcontrol/shunt.bro
+    scripts/base/frameworks/netcontrol/catch-and-release.bro
+    scripts/base/frameworks/netcontrol/non-cluster.bro
  scripts/base/protocols/conn/__load__.bro
    scripts/base/protocols/conn/main.bro
    scripts/base/protocols/conn/contents.bro
@ -273,4 +297,4 @@ scripts/base/init-default.bro
  scripts/base/misc/find-checksum-offloading.bro
  scripts/base/misc/find-filtered-trace.bro
 scripts/policy/misc/loaded-scripts.bro
-#close	2015-08-31-05-07-15
+#close	2016-02-17-20-30-50
--- a/testing/btest/Baseline/coverage.find-bro-logs/out
+++ b/testing/btest/Baseline/coverage.find-bro-logs/out
@ -23,8 +23,12 @@ loaded_scripts
 modbus
 modbus_register_change
 mysql
+net_control
+netcontrol_drop
+netcontrol_shunt
 notice
 notice_alarm
+open_flow
 packet_filter
 pe
 radius
--- a/testing/btest/Baseline/coverage.init-default/missing_loads
+++ b/testing/btest/Baseline/coverage.init-default/missing_loads
@ -3,6 +3,8 @@
 -./frameworks/cluster/nodes/worker.bro
 -./frameworks/cluster/setup-connections.bro
 -./frameworks/intel/cluster.bro
+-./frameworks/netcontrol/cluster.bro
 -./frameworks/notice/cluster.bro
+-./frameworks/openflow/cluster.bro
 -./frameworks/packet-filter/cluster.bro
 -./frameworks/sumstats/cluster.bro
--- a/testing/btest/Baseline/language.expire_multiple-2/output
+++ b/testing/btest/Baseline/language.expire_multiple-2/output
@ -0,0 +1 @@
+error in /Users/johanna/bro/master/testing/btest/.tmp/language.expire_multiple-2/expire_multiple.test, line 2: set/table can only have one of &read_expire, &write_expire, &create_expire (&write_expire=1.0 sec, &create_expire=3.0 secs)
--- a/testing/btest/Baseline/language.expire_multiple-3/output
+++ b/testing/btest/Baseline/language.expire_multiple-3/output
@ -0,0 +1 @@
+error in /Users/johanna/bro/master/testing/btest/.tmp/language.expire_multiple-3/expire_multiple.test, line 2: set/table can only have one of &read_expire, &write_expire, &create_expire (&write_expire=1.0 sec, &read_expire=3.0 secs)
--- a/testing/btest/Baseline/language.expire_multiple/output
+++ b/testing/btest/Baseline/language.expire_multiple/output
@ -0,0 +1 @@
+error in /Users/johanna/bro/master/testing/btest/.tmp/language.expire_multiple/expire_multiple.test, line 4: set/table can only have one of &read_expire, &write_expire, &create_expire (&create_expire=1.0 sec, &read_expire=1.0 sec)
--- a/testing/btest/Baseline/language.expire_subnet/output
+++ b/testing/btest/Baseline/language.expire_subnet/output
@ -0,0 +1,27 @@
+All:
+0 --> zero
+2 --> two
+4 --> four
+1 --> one
+3 --> three
+192.168.3.0/24 --> three
+192.168.0.0/16 --> zero
+192.168.4.0/24 --> four
+192.168.1.0/24 --> one
+192.168.2.0/24 --> two
+Time: 0 secs
+
+Accessed table nums: two; three
+Accessed table nets: two; three, zero
+Time: 7.0 secs 518.0 msecs 828.0 usecs
+
+Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Num: 4 --> four at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Num: 1 --> one at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Subnet: 192.168.1.0/24 --> one at 8.0 secs 835.0 msecs 30.0 usecs
+Expired Num: 2 --> two at 15.0 secs 150.0 msecs 681.0 usecs
+Expired Num: 3 --> three at 15.0 secs 150.0 msecs 681.0 usecs
+Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.0 usecs
+Expired Subnet: 192.168.0.0/16 --> zero at 15.0 secs 150.0 msecs 681.0 usecs
+Expired Subnet: 192.168.2.0/24 --> two at 15.0 secs 150.0 msecs 681.0 usecs
--- a/testing/btest/Baseline/language.record-function-recursion/out
+++ b/testing/btest/Baseline/language.record-function-recursion/out
@ -0,0 +1,2 @@
+[id=<uninitialized>, inner=<uninitialized>]
+record { id:count; inner:record { create:function(input:<recursion>;) : string; }; }
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@ -164,8 +164,12 @@
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=intel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=kerberos, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=modbus, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (NetControl::DROP, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=netcontrol_drop, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=netcontrol, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=netcontrol_shunt, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=openflow, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=pe, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__add_filter, <frame>, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=radius, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
@ -199,8 +203,12 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) -> <no result>
@ -220,7 +228,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1457718658.75999, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Communication::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Conn::LOG)) -> <no result>
@ -235,8 +243,12 @@
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Intel::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (KRB::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Modbus::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (NetControl::DROP)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (NetControl::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (NetControl::SHUNT)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Notice::ALARM_LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Notice::LOG)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (OpenFlow::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (PE::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (PacketFilter::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (RADIUS::LOG)) -> <no result>
@ -270,8 +282,12 @@
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (NetControl::DROP, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_filter, <frame>, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])) -> <no result>
@ -305,8 +321,12 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])) -> <no result>
@ -326,7 +346,9 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1457718658.75999, node=bro, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
+0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(PacketFilter::build, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, )) -> <no result>
@ -361,6 +383,7 @@
 0.000000   MetaHookPost  CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, )) -> <no result>
 0.000000   MetaHookPost  DrainEvents() -> <void>
 0.000000   MetaHookPost  LoadFile(../main) -> -1
+0.000000   MetaHookPost  LoadFile(../plugin) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_ARP.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_AYIYA.events.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_AsciiReader.ascii.bif.bro) -> -1
@ -434,13 +457,16 @@
 0.000000   MetaHookPost  LoadFile(./Bro_X509.functions.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_X509.types.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./Bro_ZIP.events.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./acld) -> -1
 0.000000   MetaHookPost  LoadFile(./addrs) -> -1
 0.000000   MetaHookPost  LoadFile(./analyzer.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./average) -> -1
 0.000000   MetaHookPost  LoadFile(./bloom-filter.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./bro.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./broker) -> -1
 0.000000   MetaHookPost  LoadFile(./broxygen.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./cardinality-counter.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./catch-and-release) -> -1
 0.000000   MetaHookPost  LoadFile(./comm.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./const.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./consts) -> -1
@ -448,6 +474,8 @@
 0.000000   MetaHookPost  LoadFile(./contents) -> -1
 0.000000   MetaHookPost  LoadFile(./data.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./dcc-send) -> -1
+0.000000   MetaHookPost  LoadFile(./debug) -> -1
+0.000000   MetaHookPost  LoadFile(./drop) -> -1
 0.000000   MetaHookPost  LoadFile(./entities) -> -1
 0.000000   MetaHookPost  LoadFile(./event.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./exec) -> -1
@ -463,6 +491,7 @@
 0.000000   MetaHookPost  LoadFile(./input) -> -1
 0.000000   MetaHookPost  LoadFile(./input.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./last) -> -1
+0.000000   MetaHookPost  LoadFile(./log) -> -1
 0.000000   MetaHookPost  LoadFile(./logging.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./magic) -> -1
 0.000000   MetaHookPost  LoadFile(./main) -> -1
@ -473,14 +502,19 @@
 0.000000   MetaHookPost  LoadFile(./mozilla-ca-list) -> -1
 0.000000   MetaHookPost  LoadFile(./netstats) -> -1
 0.000000   MetaHookPost  LoadFile(./non-cluster) -> -1
+0.000000   MetaHookPost  LoadFile(./openflow) -> -1
+0.000000   MetaHookPost  LoadFile(./packetfilter) -> -1
 0.000000   MetaHookPost  LoadFile(./patterns) -> -1
+0.000000   MetaHookPost  LoadFile(./plugin) -> -1
 0.000000   MetaHookPost  LoadFile(./plugins) -> -1
 0.000000   MetaHookPost  LoadFile(./polling) -> -1
 0.000000   MetaHookPost  LoadFile(./postprocessors) -> -1
 0.000000   MetaHookPost  LoadFile(./reporter.bif.bro) -> -1
+0.000000   MetaHookPost  LoadFile(./ryu) -> -1
 0.000000   MetaHookPost  LoadFile(./sample) -> -1
 0.000000   MetaHookPost  LoadFile(./scp) -> -1
 0.000000   MetaHookPost  LoadFile(./sftp) -> -1
+0.000000   MetaHookPost  LoadFile(./shunt) -> -1
 0.000000   MetaHookPost  LoadFile(./site) -> -1
 0.000000   MetaHookPost  LoadFile(./std-dev) -> -1
 0.000000   MetaHookPost  LoadFile(./store.bif.bro) -> -1
@ -489,6 +523,7 @@
 0.000000   MetaHookPost  LoadFile(./thresholds) -> -1
 0.000000   MetaHookPost  LoadFile(./top-k.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./topk) -> -1
+0.000000   MetaHookPost  LoadFile(./types) -> -1
 0.000000   MetaHookPost  LoadFile(./types.bif.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./types.bro) -> -1
 0.000000   MetaHookPost  LoadFile(./unique) -> -1
@ -548,14 +583,17 @@
 0.000000   MetaHookPost  LoadFile(base<...>/input.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/intel) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/irc) -> -1
+0.000000   MetaHookPost  LoadFile(base<...>/json) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/krb) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/logging) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/logging.bif) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/main) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/modbus) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/mysql) -> -1
+0.000000   MetaHookPost  LoadFile(base<...>/netcontrol) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/notice) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/numbers) -> -1
+0.000000   MetaHookPost  LoadFile(base<...>/openflow) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/packet-filter) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/paths) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/patterns) -> -1
@ -588,6 +626,7 @@
 0.000000   MetaHookPost  LoadFile(base<...>/urls) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/utils) -> -1
 0.000000   MetaHookPost  LoadFile(base<...>/x509) -> -1
+0.000000   MetaHookPost  QueueEvent(NetControl::init()) -> false
 0.000000   MetaHookPost  QueueEvent(bro_init()) -> false
 0.000000   MetaHookPost  QueueEvent(filter_change_tracking()) -> false
 0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_BACKDOOR))
@ -756,8 +795,12 @@
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=intel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=kerberos, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=modbus, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (NetControl::DROP, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=netcontrol_drop, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=netcontrol, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=netcontrol_shunt, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=openflow, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=pe, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::__add_filter, <frame>, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=radius, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
@ -791,8 +834,12 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice]))
+0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius]))
@ -812,7 +859,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1457718658.75999, node=bro, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Communication::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Conn::LOG))
@ -827,8 +874,12 @@
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Intel::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (KRB::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Modbus::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (NetControl::DROP))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (NetControl::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (NetControl::SHUNT))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Notice::ALARM_LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Notice::LOG))
+0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (OpenFlow::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (PE::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (PacketFilter::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (RADIUS::LOG))
@ -862,8 +913,12 @@
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (NetControl::DROP, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
+0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
 0.000000   MetaHookPre   CallFunction(Log::add_filter, <frame>, (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}]))
@ -897,8 +952,12 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice]))
+0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius]))
@ -918,7 +977,9 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1457718658.75999, node=bro, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
+0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
 0.000000   MetaHookPre   CallFunction(PacketFilter::build, <frame>, ())
 0.000000   MetaHookPre   CallFunction(PacketFilter::combine_filters, <frame>, (ip or not ip, and, ))
@ -953,6 +1014,7 @@
 0.000000   MetaHookPre   CallFunction(sub, <frame>, ((^\.?|\.)(~~)$, <...>/, ))
 0.000000   MetaHookPre   DrainEvents()
 0.000000   MetaHookPre   LoadFile(../main)
+0.000000   MetaHookPre   LoadFile(../plugin)
 0.000000   MetaHookPre   LoadFile(./Bro_ARP.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_AYIYA.events.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_AsciiReader.ascii.bif.bro)
@ -1026,13 +1088,16 @@
 0.000000   MetaHookPre   LoadFile(./Bro_X509.functions.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_X509.types.bif.bro)
 0.000000   MetaHookPre   LoadFile(./Bro_ZIP.events.bif.bro)
+0.000000   MetaHookPre   LoadFile(./acld)
 0.000000   MetaHookPre   LoadFile(./addrs)
 0.000000   MetaHookPre   LoadFile(./analyzer.bif.bro)
 0.000000   MetaHookPre   LoadFile(./average)
 0.000000   MetaHookPre   LoadFile(./bloom-filter.bif.bro)
 0.000000   MetaHookPre   LoadFile(./bro.bif.bro)
+0.000000   MetaHookPre   LoadFile(./broker)
 0.000000   MetaHookPre   LoadFile(./broxygen.bif.bro)
 0.000000   MetaHookPre   LoadFile(./cardinality-counter.bif.bro)
+0.000000   MetaHookPre   LoadFile(./catch-and-release)
 0.000000   MetaHookPre   LoadFile(./comm.bif.bro)
 0.000000   MetaHookPre   LoadFile(./const.bif.bro)
 0.000000   MetaHookPre   LoadFile(./consts)
@ -1040,6 +1105,8 @@
 0.000000   MetaHookPre   LoadFile(./contents)
 0.000000   MetaHookPre   LoadFile(./data.bif.bro)
 0.000000   MetaHookPre   LoadFile(./dcc-send)
+0.000000   MetaHookPre   LoadFile(./debug)
+0.000000   MetaHookPre   LoadFile(./drop)
 0.000000   MetaHookPre   LoadFile(./entities)
 0.000000   MetaHookPre   LoadFile(./event.bif.bro)
 0.000000   MetaHookPre   LoadFile(./exec)
@ -1055,6 +1122,7 @@
 0.000000   MetaHookPre   LoadFile(./input)
 0.000000   MetaHookPre   LoadFile(./input.bif.bro)
 0.000000   MetaHookPre   LoadFile(./last)
+0.000000   MetaHookPre   LoadFile(./log)
 0.000000   MetaHookPre   LoadFile(./logging.bif.bro)
 0.000000   MetaHookPre   LoadFile(./magic)
 0.000000   MetaHookPre   LoadFile(./main)
@ -1065,14 +1133,19 @@
 0.000000   MetaHookPre   LoadFile(./mozilla-ca-list)
 0.000000   MetaHookPre   LoadFile(./netstats)
 0.000000   MetaHookPre   LoadFile(./non-cluster)
+0.000000   MetaHookPre   LoadFile(./openflow)
+0.000000   MetaHookPre   LoadFile(./packetfilter)
 0.000000   MetaHookPre   LoadFile(./patterns)
+0.000000   MetaHookPre   LoadFile(./plugin)
 0.000000   MetaHookPre   LoadFile(./plugins)
 0.000000   MetaHookPre   LoadFile(./polling)
 0.000000   MetaHookPre   LoadFile(./postprocessors)
 0.000000   MetaHookPre   LoadFile(./reporter.bif.bro)
+0.000000   MetaHookPre   LoadFile(./ryu)
 0.000000   MetaHookPre   LoadFile(./sample)
 0.000000   MetaHookPre   LoadFile(./scp)
 0.000000   MetaHookPre   LoadFile(./sftp)
+0.000000   MetaHookPre   LoadFile(./shunt)
 0.000000   MetaHookPre   LoadFile(./site)
 0.000000   MetaHookPre   LoadFile(./std-dev)
 0.000000   MetaHookPre   LoadFile(./store.bif.bro)
@ -1081,6 +1154,7 @@
 0.000000   MetaHookPre   LoadFile(./thresholds)
 0.000000   MetaHookPre   LoadFile(./top-k.bif.bro)
 0.000000   MetaHookPre   LoadFile(./topk)
+0.000000   MetaHookPre   LoadFile(./types)
 0.000000   MetaHookPre   LoadFile(./types.bif.bro)
 0.000000   MetaHookPre   LoadFile(./types.bro)
 0.000000   MetaHookPre   LoadFile(./unique)
@ -1140,14 +1214,17 @@
 0.000000   MetaHookPre   LoadFile(base<...>/input.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/intel)
 0.000000   MetaHookPre   LoadFile(base<...>/irc)
+0.000000   MetaHookPre   LoadFile(base<...>/json)
 0.000000   MetaHookPre   LoadFile(base<...>/krb)
 0.000000   MetaHookPre   LoadFile(base<...>/logging)
 0.000000   MetaHookPre   LoadFile(base<...>/logging.bif)
 0.000000   MetaHookPre   LoadFile(base<...>/main)
 0.000000   MetaHookPre   LoadFile(base<...>/modbus)
 0.000000   MetaHookPre   LoadFile(base<...>/mysql)
+0.000000   MetaHookPre   LoadFile(base<...>/netcontrol)
 0.000000   MetaHookPre   LoadFile(base<...>/notice)
 0.000000   MetaHookPre   LoadFile(base<...>/numbers)
+0.000000   MetaHookPre   LoadFile(base<...>/openflow)
 0.000000   MetaHookPre   LoadFile(base<...>/packet-filter)
 0.000000   MetaHookPre   LoadFile(base<...>/paths)
 0.000000   MetaHookPre   LoadFile(base<...>/patterns)
@ -1180,6 +1257,7 @@
 0.000000   MetaHookPre   LoadFile(base<...>/urls)
 0.000000   MetaHookPre   LoadFile(base<...>/utils)
 0.000000   MetaHookPre   LoadFile(base<...>/x509)
+0.000000   MetaHookPre   QueueEvent(NetControl::init())
 0.000000   MetaHookPre   QueueEvent(bro_init())
 0.000000   MetaHookPre   QueueEvent(filter_change_tracking())
 0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_BACKDOOR)
@ -1347,8 +1425,12 @@
 0.000000 | HookCallFunction Log::__add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=intel, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=kerberos, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=modbus, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(NetControl::DROP, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=netcontrol_drop, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=netcontrol, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=netcontrol_shunt, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice_alarm, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=notice, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::__add_filter(OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=openflow, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=pe, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=packet_filter, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::__add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=radius, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
@ -1382,8 +1464,12 @@
 0.000000 | HookCallFunction Log::__create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])
 0.000000 | HookCallFunction Log::__create_stream(KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])
 0.000000 | HookCallFunction Log::__create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])
+0.000000 | HookCallFunction Log::__create_stream(NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
 0.000000 | HookCallFunction Log::__create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])
 0.000000 | HookCallFunction Log::__create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])
+0.000000 | HookCallFunction Log::__create_stream(OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])
 0.000000 | HookCallFunction Log::__create_stream(PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])
 0.000000 | HookCallFunction Log::__create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])
 0.000000 | HookCallFunction Log::__create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])
@ -1403,7 +1489,7 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1457718658.75999, node=bro, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Communication::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Conn::LOG)
@ -1418,8 +1504,12 @@
 0.000000 | HookCallFunction Log::add_default_filter(Intel::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(KRB::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Modbus::LOG)
+0.000000 | HookCallFunction Log::add_default_filter(NetControl::DROP)
+0.000000 | HookCallFunction Log::add_default_filter(NetControl::LOG)
+0.000000 | HookCallFunction Log::add_default_filter(NetControl::SHUNT)
 0.000000 | HookCallFunction Log::add_default_filter(Notice::ALARM_LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Notice::LOG)
+0.000000 | HookCallFunction Log::add_default_filter(OpenFlow::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(PE::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(PacketFilter::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(RADIUS::LOG)
@ -1453,8 +1543,12 @@
 0.000000 | HookCallFunction Log::add_filter(Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(KRB::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::add_filter(NetControl::DROP, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::add_filter(NetControl::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::add_filter(NetControl::SHUNT, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
+0.000000 | HookCallFunction Log::add_filter(OpenFlow::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(PE::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
 0.000000 | HookCallFunction Log::add_filter(RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=<uninitialized>, path=<uninitialized>, path_func=<uninitialized>, include=<uninitialized>, exclude=<uninitialized>, log_local=T, log_remote=T, interv=0 secs, postprocessor=<uninitialized>, config={}])
@ -1488,8 +1582,12 @@
 0.000000 | HookCallFunction Log::create_stream(Intel::LOG, [columns=<no value description>, ev=Intel::log_intel, path=intel])
 0.000000 | HookCallFunction Log::create_stream(KRB::LOG, [columns=<no value description>, ev=KRB::log_krb, path=kerberos])
 0.000000 | HookCallFunction Log::create_stream(Modbus::LOG, [columns=<no value description>, ev=Modbus::log_modbus, path=modbus])
+0.000000 | HookCallFunction Log::create_stream(NetControl::DROP, [columns=<no value description>, ev=NetControl::log_netcontrol_drop, path=netcontrol_drop])
+0.000000 | HookCallFunction Log::create_stream(NetControl::LOG, [columns=<no value description>, ev=NetControl::log_netcontrol, path=netcontrol])
+0.000000 | HookCallFunction Log::create_stream(NetControl::SHUNT, [columns=<no value description>, ev=NetControl::log_netcontrol_shunt, path=netcontrol_shunt])
 0.000000 | HookCallFunction Log::create_stream(Notice::ALARM_LOG, [columns=<no value description>, ev=<uninitialized>, path=notice_alarm])
 0.000000 | HookCallFunction Log::create_stream(Notice::LOG, [columns=<no value description>, ev=Notice::log_notice, path=notice])
+0.000000 | HookCallFunction Log::create_stream(OpenFlow::LOG, [columns=<no value description>, ev=OpenFlow::log_openflow, path=openflow])
 0.000000 | HookCallFunction Log::create_stream(PE::LOG, [columns=<no value description>, ev=PE::log_pe, path=pe])
 0.000000 | HookCallFunction Log::create_stream(PacketFilter::LOG, [columns=<no value description>, ev=<uninitialized>, path=packet_filter])
 0.000000 | HookCallFunction Log::create_stream(RADIUS::LOG, [columns=<no value description>, ev=RADIUS::log_radius, path=radius])
@ -1509,7 +1607,9 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=<no value description>, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=<no value description>, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=<no value description>, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1452883249.168544, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1457718658.75999, node=bro, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction NetControl::check_plugins()
+0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
 0.000000 | HookCallFunction PacketFilter::build()
 0.000000 | HookCallFunction PacketFilter::combine_filters(ip or not ip, and, )
@ -1548,10 +1648,12 @@
 0.000000 | HookLoadFile  <...>/bro
 0.000000 | HookLoadFile  base<...>/bif
 0.000000 | HookLoadFile  base<...>/bro
+0.000000 | HookQueueEvent NetControl::init()
 0.000000 | HookQueueEvent bro_init()
 0.000000 | HookQueueEvent filter_change_tracking()
 1362692526.869344   MetaHookPost  BroObjDtor(<void ptr>) -> <void>
 1362692526.869344   MetaHookPost  CallFunction(ChecksumOffloading::check, <null>, ()) -> <no result>
+1362692526.869344   MetaHookPost  CallFunction(NetControl::check_conn, <frame>, (141.142.228.5)) -> <no result>
 1362692526.869344   MetaHookPost  CallFunction(filter_change_tracking, <null>, ()) -> <no result>
 1362692526.869344   MetaHookPost  CallFunction(net_stats, <frame>, ()) -> <no result>
 1362692526.869344   MetaHookPost  CallFunction(new_connection, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])) -> <no result>
@ -1562,6 +1664,7 @@
 1362692526.869344   MetaHookPost  UpdateNetworkTime(1362692526.869344) -> <void>
 1362692526.869344   MetaHookPre   BroObjDtor(<void ptr>)
 1362692526.869344   MetaHookPre   CallFunction(ChecksumOffloading::check, <null>, ())
+1362692526.869344   MetaHookPre   CallFunction(NetControl::check_conn, <frame>, (141.142.228.5))
 1362692526.869344   MetaHookPre   CallFunction(filter_change_tracking, <null>, ())
 1362692526.869344   MetaHookPre   CallFunction(net_stats, <frame>, ())
 1362692526.869344   MetaHookPre   CallFunction(new_connection, <null>, ([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]))
@ -1573,6 +1676,7 @@
 1362692526.869344  | HookBroObjDtor
 1362692526.869344  | HookUpdateNetworkTime 1362692526.869344
 1362692526.869344 | HookCallFunction ChecksumOffloading::check()
+1362692526.869344 | HookCallFunction NetControl::check_conn(141.142.228.5)
 1362692526.869344 | HookCallFunction filter_change_tracking()
 1362692526.869344 | HookCallFunction net_stats()
 1362692526.869344 | HookCallFunction new_connection([id=[orig_h=141.142.228.5, orig_p=59856<...>/tcp], orig=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1362692526.869344, duration=0.0, service={}, history=, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>])
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/recv.recv.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/recv.recv.out
@ -0,0 +1,7 @@
+BrokerComm::incoming_connection_established
+add_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP, [command=blockhosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here]
+add_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP, [command=droptcpport, cookie=3, arg=443, comment=there]
+add_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], NetControl::DROP, [command=nullzero, cookie=4, arg=192.168.18.50/32, comment=]
+remove_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP, [command=restorehosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here]
+remove_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP, [command=restoretcpport, cookie=3, arg=443, comment=there]
+remove_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], NetControl::DROP, [command=nonullzero, cookie=4, arg=192.168.18.50/32, comment=]
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/send.send.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld-hook/send.send.out
@ -0,0 +1,7 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
+rule added, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule added, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule added, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], NetControl::DROP
+rule removed, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule removed, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule removed, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], NetControl::DROP
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/recv.recv.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/recv.recv.out
@ -0,0 +1,7 @@
+BrokerComm::incoming_connection_established
+add_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP, [command=blockhosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here]
+add_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP, [command=droptcpport, cookie=3, arg=443, comment=there]
+add_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], NetControl::DROP, [command=drop, cookie=4, arg=192.168.18.50/32, comment=]
+remove_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP, [command=restorehosthost, cookie=2, arg=192.168.18.50 74.125.239.97, comment=here]
+remove_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP, [command=restoretcpport, cookie=3, arg=443, comment=there]
+remove_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], NetControl::DROP, [command=restore, cookie=4, arg=192.168.18.50/32, comment=]
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/send.send.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.acld/send.send.out
@ -0,0 +1,7 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
+rule added, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule added, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule added, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], NetControl::DROP
+rule removed, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=<uninitialized>, dst_h=74.125.239.97/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule removed, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule removed, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], NetControl::DROP
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic-cluster/manager-1.netcontrol.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic-cluster/manager-1.netcontrol.log
@ -0,0 +1,26 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-09-23-10-49
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+1457565049.807080	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
+1457565049.807080	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
+1457565049.807080	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1457565051.874738	worker-1:2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	1.000000	-	Debug-All
+1457565051.874738	worker-1:3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+1457565051.874738	worker-1:2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	1.000000	-	Debug-All
+1457565051.874738	worker-1:3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+1457565052.874916	worker-1:2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	1.000000	-	Debug-All
+1457565052.874916	worker-1:2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	1.000000	-	Debug-All
+1457565052.874916	worker-1:3	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+1457565052.874916	worker-1:3	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+1457565052.874916	worker-1:2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	1.000000	-	Debug-All
+1457565052.874916	worker-1:3	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+1457565053.950376	worker-2:2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	1.000000	-	Debug-All
+1457565053.950376	worker-2:3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+1457565053.950376	worker-2:2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	1.000000	-	Debug-All
+1457565053.950376	worker-2:3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+#close	2016-03-09-23-10-54
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/.stdout
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/.stdout
@ -0,0 +1,11 @@
+netcontrol debug (Debug-All): init
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=30.0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=1.1.2.2/32, mac=<uninitialized>], expire=15.0 secs, priority=0, location=Hi there, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=1.2.3.4/32, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.17.1/32, src_p=32/tcp, dst_h=192.168.17.2/32, dst_p=32/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=30.0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=6, cid=6, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=8.8.8.8/32, dst_p=53/udp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=127.0.0.3, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>, redirect_port=<uninitialized>], id=7, cid=7, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::MODIFY, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=8.8.8.8/32, src_p=53/udp, dst_h=127.0.0.2/32, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=[src_h=8.8.8.8, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>, redirect_port=<uninitialized>], id=8, cid=8, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=127.0.0.3/32, dst_p=80/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=9, cid=9, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::MAC, conn=<uninitialized>, flow=<uninitialized>, ip=<uninitialized>, mac=FF:FF:FF:FF:FF:FF], expire=15.0 secs, priority=0, location=<uninitialized>, out_port=<uninitialized>, mod=<uninitialized>, id=10, cid=10, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=<uninitialized>, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=FF:FF:FF:FF:FF:FF, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=15.0 secs, priority=0, location=<uninitialized>, out_port=<uninitialized>, mod=<uninitialized>, id=11, cid=11, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/netcontrol.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/netcontrol.log
@ -0,0 +1,32 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-09-22-21-13
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+1457562073.119593	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
+1457562073.119593	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
+1457562073.119593	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1457562073.119593	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.17.1/32/32->192.168.17.2/32/32	-	-	0	30.000000	-	Debug-All
+1457562073.119593	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	1.1.2.2/32	-	-	0	15.000000	Hi there	Debug-All
+1457562073.119593	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	1.2.3.4/32	-	-	5	15.000000	-	Debug-All
+1457562073.119593	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.17.1/32/32->192.168.17.2/32/32	-> 5	-	0	30.000000	-	Debug-All
+1457562073.119593	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	127.0.0.2/32/*->*/*	-	-	0	15.000000	-	Debug-All
+1457562073.119593	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	127.0.0.2/32/*->8.8.8.8/32/53	Src: _/_ (_) Dst: 127.0.0.3/_ (_)	-	5	15.000000	-	Debug-All
+1457562073.119593	8	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	8.8.8.8/32/53->127.0.0.2/32/*	Src: 8.8.8.8/_ (_) Dst: _/_ (_)	-	5	15.000000	-	Debug-All
+1457562073.119593	9	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::FLOW	127.0.0.2/32/*->127.0.0.3/32/80	-	-	5	15.000000	-	Debug-All
+1457562073.119593	10	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::MAC	FF:FF:FF:FF:FF:FF	-	-	0	15.000000	-	Debug-All
+1457562073.119593	11	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	*/*->*/* (FF:FF:FF:FF:FF:FF->*)	-	-	0	15.000000	-	Debug-All
+1457562073.119593	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.17.1/32/32->192.168.17.2/32/32	-	-	0	30.000000	-	Debug-All
+1457562073.119593	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	1.1.2.2/32	-	-	0	15.000000	Hi there	Debug-All
+1457562073.119593	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	1.2.3.4/32	-	-	5	15.000000	-	Debug-All
+1457562073.119593	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.17.1/32/32->192.168.17.2/32/32	-> 5	-	0	30.000000	-	Debug-All
+1457562073.119593	6	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	127.0.0.2/32/*->*/*	-	-	0	15.000000	-	Debug-All
+1457562073.119593	7	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	127.0.0.2/32/*->8.8.8.8/32/53	Src: _/_ (_) Dst: 127.0.0.3/_ (_)	-	5	15.000000	-	Debug-All
+1457562073.119593	8	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	8.8.8.8/32/53->127.0.0.2/32/*	Src: 8.8.8.8/_ (_) Dst: _/_ (_)	-	5	15.000000	-	Debug-All
+1457562073.119593	9	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::FLOW	127.0.0.2/32/*->127.0.0.3/32/80	-	-	5	15.000000	-	Debug-All
+1457562073.119593	10	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::MAC	FF:FF:FF:FF:FF:FF	-	-	0	15.000000	-	Debug-All
+1457562073.119593	11	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	*/*->*/* (FF:FF:FF:FF:FF:FF->*)	-	-	0	15.000000	-	Debug-All
+#close	2016-03-09-22-21-13
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/netcontrol_drop.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/netcontrol_drop.log
@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol_drop
+#open	2016-02-17-20-21-38
+#fields	ts	rule_id	orig_h	orig_p	resp_h	resp_p	expire	location
+#types	time	string	addr	port	addr	port	interval	string
+1455740498.301865	3	1.1.2.2	-	-	-	15.000000	Hi there
+#close	2016-02-17-20-21-38
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/netcontrol_shunt.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.basic/netcontrol_shunt.log
@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol_shunt
+#open	2016-02-17-19-21-47
+#fields	ts	rule_id	f.src_h	f.src_p	f.dst_h	f.dst_p	expire	location
+#types	time	string	addr	port	addr	port	interval	string
+1455736907.597588	2	192.168.17.1	32	192.168.17.2	32	30.000000	-
+#close	2016-02-17-19-21-47
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/recv.recv.out
@ -0,0 +1,5 @@
+BrokerComm::incoming_connection_established
+add_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+add_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP
+remove_rule, 0, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+remove_rule, 0, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.netcontrol.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.netcontrol.log
@ -0,0 +1,23 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-08-22-15-15
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Broker-bro/event/netcontroltest
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	waiting for plugins to initialize	-	-	-	-
+1457475314.791475	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Broker-bro/event/netcontroltest
+1457475314.791475	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1457475315.175411	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1457475315.175411	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1457475315.175443	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1457475315.175443	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1457475315.175443	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1457475315.175443	3	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1457475315.175443	2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1457475315.175443	2	NetControl::ERROR	-	-	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	Removal of non-existing rule	0	36000.000000	-	Broker-bro/event/netcontroltest
+1457475315.175443	3	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	-	0	36000.000000	-	Broker-bro/event/netcontroltest
+1457475315.175443	3	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	10.10.1.4/32	-	Removal of non-existing rule	0	36000.000000	-	Broker-bro/event/netcontroltest
+#close	2016-03-08-22-15-15
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.send.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.broker/send.send.out
@ -0,0 +1,7 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
+rule added, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule added, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP
+rule timeout, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP, [duration=<uninitialized>, packet_count=<uninitialized>, byte_count=<uninitialized>]
+rule removed, [ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
+rule timeout, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP, [duration=<uninitialized>, packet_count=<uninitialized>, byte_count=<uninitialized>]
+rule removed, [ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], NetControl::DROP
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.catch-and-release/netcontrol.log
@ -0,0 +1,18 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-09-23-42-34
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1398529018.678276	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
+1398529018.678276	3	NetControl::RULE	-	NetControl::FAILED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	discarded duplicate insertion	0	3600.000000	Re-drop by catch-and-release	-
+1398529018.678276	4	NetControl::RULE	-	NetControl::FAILED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	discarded duplicate insertion	0	86400.000000	Re-drop by catch-and-release	-
+1398529018.678276	5	NetControl::RULE	-	NetControl::FAILED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	discarded duplicate insertion	0	604800.000000	Re-drop by catch-and-release	-
+1398529018.678276	6	NetControl::RULE	-	NetControl::FAILED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	discarded duplicate insertion	0	604800.000000	Re-drop by catch-and-release	-
+1398529018.678276	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	Debug-All
+#close	2016-03-09-23-42-34
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.delete-internal-state/.stdout
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.delete-internal-state/.stdout
@ -0,0 +1,19 @@
+netcontrol debug (Debug-All): init
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): add_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x0a}, _active_plugin_ids={\x0a\x0a}, _added=F]
+netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::MONITOR, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=2, cid=2, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule: [ty=NetControl::DROP, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=<uninitialized>, mod=<uninitialized>, id=3, cid=3, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule: [ty=NetControl::WHITELIST, target=NetControl::FORWARD, entity=[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=192.168.18.50/32, mac=<uninitialized>], expire=0 secs, priority=5, location=, out_port=<uninitialized>, mod=<uninitialized>, id=4, cid=4, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _added=T]
+netcontrol debug (Debug-All): remove_rule: [ty=NetControl::REDIRECT, target=NetControl::FORWARD, entity=[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=192.168.18.50/32, src_p=56981/tcp, dst_h=74.125.239.97/32, dst_p=443/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=0 secs, priority=0, location=, out_port=5, mod=<uninitialized>, id=5, cid=5, _plugin_ids={\x0a\x091\x0a}, _active_plugin_ids={\x0a\x091\x0a}, _added=T]
+Dumping state
+{
+
+}
+{
+
+}
+{
+
+}
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.duplicate/netcontrol.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.duplicate/netcontrol.log
@ -0,0 +1,15 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-09-23-06-58
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1394747126.854788	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.4.149/32	-	-	0	0.000000	-	Debug-All
+1394747126.854788	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.4.149/32	-	-	0	0.000000	-	Debug-All
+1394747129.505358	3	NetControl::RULE	-	NetControl::FAILED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.4.149/32	-	discarded duplicate insertion	0	0.000000	-	-
+#close	2016-03-09-23-06-58
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.find-rules/out
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.find-rules/out
@ -0,0 +1,6 @@
+1
+[ty=NetControl::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=1.2.3.4/32, mac=<uninitialized>]
+0
+4
+[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=8.8.8.8/32, dst_p=53/udp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::MODIFY
+[ty=NetControl::FLOW, conn=<uninitialized>, flow=[src_h=127.0.0.2/32, src_p=<uninitialized>, dst_h=<uninitialized>, dst_p=<uninitialized>, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], NetControl::DROP
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.hook/netcontrol.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.hook/netcontrol.log
@ -0,0 +1,16 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-09-23-15-50
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1398529018.678276	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	0.0.0.0/0/56981->74.125.239.97/32/443	-	-	0	30.000000	-	Debug-All
+1398529018.678276	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	0.0.0.0/0/56981->74.125.239.97/32/443	-> 5	-	0	30.000000	-	Debug-All
+1398529018.678276	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	0.0.0.0/0/56981->74.125.239.97/32/443	-	-	0	30.000000	-	Debug-All
+1398529018.678276	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	0.0.0.0/0/56981->74.125.239.97/32/443	-> 5	-	0	30.000000	-	Debug-All
+#close	2016-03-09-23-15-50
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/netcontrol.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/netcontrol.log
@ -0,0 +1,49 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-09-23-40-32
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 10	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 10	-	-	-	Openflow-Log-42
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
+1398529018.678276	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	0.000000	-	Debug-All
+1398529018.678276	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	0.000000	-	Openflow-Log-42
+1398529018.678276	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	0.000000	-	Debug-All
+1398529018.678276	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	0.000000	-	Openflow-Log-42
+1398529018.678276	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	5	0.000000	-	Debug-All
+1398529018.678276	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	5	0.000000	-	Openflow-Log-42
+1398529018.678276	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-> 5	-	0	0.000000	-	Debug-All
+1398529018.678276	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-> 5	-	0	0.000000	-	Openflow-Log-42
+1398529018.678276	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	0.000000	-	Debug-All
+1398529018.678276	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	0.000000	-	Debug-All
+1398529018.678276	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	5	0.000000	-	Debug-All
+1398529018.678276	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-> 5	-	0	0.000000	-	Debug-All
+1398529018.678276	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	0.000000	-	Openflow-Log-42
+1398529018.678276	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	0.000000	-	Openflow-Log-42
+1398529018.678276	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	5	0.000000	-	Openflow-Log-42
+1398529018.678276	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-> 5	-	0	0.000000	-	Openflow-Log-42
+1398529020.091883	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	0.000000	-	Openflow-Log-42
+1398529020.091883	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	0.000000	-	Debug-All
+1398529020.091883	3	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	0.000000	-	Openflow-Log-42
+1398529020.091883	3	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	0.000000	-	Debug-All
+1398529020.091883	4	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	5	0.000000	-	Openflow-Log-42
+1398529020.091883	4	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	5	0.000000	-	Debug-All
+1398529020.091883	5	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-> 5	-	0	0.000000	-	Openflow-Log-42
+1398529020.091883	5	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-> 5	-	0	0.000000	-	Debug-All
+1398529020.091883	2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	0.000000	-	Debug-All
+1398529020.091883	3	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	0.000000	-	Debug-All
+1398529020.091883	4	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	5	0.000000	-	Debug-All
+1398529020.091883	5	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-> 5	-	0	0.000000	-	Debug-All
+1398529020.091883	2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-	-	0	0.000000	-	Openflow-Log-42
+1398529020.091883	3	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	0.000000	-	Openflow-Log-42
+1398529020.091883	4	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	5	0.000000	-	Openflow-Log-42
+1398529020.091883	5	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::REDIRECT	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/56981->74.125.239.97/32/443	-> 5	-	0	0.000000	-	Openflow-Log-42
+#close	2016-03-09-23-40-32
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/openflow.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.multiple/openflow.log
@ -0,0 +1,21 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	openflow
+#open	2016-03-09-23-40-54
+#fields	ts	dpid	match.in_port	match.dl_src	match.dl_dst	match.dl_vlan	match.dl_vlan_pcp	match.dl_type	match.nw_tos	match.nw_proto	match.nw_src	match.nw_dst	match.tp_src	match.tp_dst	flow_mod.cookie	flow_mod.table_id	flow_mod.command	flow_mod.idle_timeout	flow_mod.hard_timeout	flow_mod.priority	flow_mod.out_port	flow_mod.out_group	flow_mod.flags	flow_mod.actions.out_ports	flow_mod.actions.vlan_vid	flow_mod.actions.vlan_pcp	flow_mod.actions.vlan_strip	flow_mod.actions.dl_src	flow_mod.actions.dl_dst	flow_mod.actions.nw_tos	flow_mod.actions.nw_src	flow_mod.actions.nw_dst	flow_mod.actions.tp_src	flow_mod.actions.tp_dst
+#types	time	count	count	string	string	count	count	count	count	count	subnet	subnet	count	count	count	count	enum	count	count	count	count	count	count	vector[count]	count	count	bool	string	string	count	addr	addr	count	count
+1398529018.678276	42	-	-	-	-	-	2048	-	6	192.168.18.50/32	74.125.239.97/32	56981	443	4398046511108	-	OpenFlow::OFPFC_ADD	0	0	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1398529018.678276	42	-	-	-	-	-	2048	-	-	192.168.18.50/32	-	-	-	4398046511110	-	OpenFlow::OFPFC_ADD	0	0	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1398529018.678276	42	-	-	-	-	-	2048	-	-	-	192.168.18.50/32	-	-	4398046511111	-	OpenFlow::OFPFC_ADD	0	0	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1398529018.678276	42	-	-	-	-	-	2048	-	-	192.168.18.50/32	-	-	-	4398046511112	-	OpenFlow::OFPFC_ADD	0	0	5	-	-	1	4294967290	-	-	F	-	-	-	-	-	-	-
+1398529018.678276	42	-	-	-	-	-	2048	-	-	-	192.168.18.50/32	-	-	4398046511113	-	OpenFlow::OFPFC_ADD	0	0	5	-	-	1	4294967290	-	-	F	-	-	-	-	-	-	-
+1398529018.678276	42	-	-	-	-	-	2048	-	6	192.168.18.50/32	74.125.239.97/32	56981	443	4398046511114	-	OpenFlow::OFPFC_ADD	0	0	0	-	-	1	5	-	-	F	-	-	-	-	-	-	-
+1398529020.091883	42	-	-	-	-	-	-	-	-	-	-	-	-	4398046511108	-	OpenFlow::OFPFC_DELETE	0	0	0	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1398529020.091883	42	-	-	-	-	-	-	-	-	-	-	-	-	4398046511110	-	OpenFlow::OFPFC_DELETE	0	0	0	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1398529020.091883	42	-	-	-	-	-	-	-	-	-	-	-	-	4398046511111	-	OpenFlow::OFPFC_DELETE	0	0	0	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1398529020.091883	42	-	-	-	-	-	-	-	-	-	-	-	-	4398046511112	-	OpenFlow::OFPFC_DELETE	0	0	0	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1398529020.091883	42	-	-	-	-	-	-	-	-	-	-	-	-	4398046511113	-	OpenFlow::OFPFC_DELETE	0	0	0	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1398529020.091883	42	-	-	-	-	-	-	-	-	-	-	-	-	4398046511114	-	OpenFlow::OFPFC_DELETE	0	0	0	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+#close	2016-03-09-23-40-54
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/netcontrol.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/netcontrol.log
@ -0,0 +1,25 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-09-23-28-53
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Openflow-Log-42
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
+1254722767.875996	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	30.000000	-	Openflow-Log-42
+1254722767.875996	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	74.53.140.153/32	-	-	0	15.000000	-	Openflow-Log-42
+1254722767.875996	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	-	0	30.000000	-	Openflow-Log-42
+1254722767.875996	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	74.53.140.153/32	-	-	0	15.000000	-	Openflow-Log-42
+1437831787.861602	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.133.100/32/49648->192.168.133.102/32/25	-	-	0	30.000000	-	Openflow-Log-42
+1437831787.861602	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.133.102/32	-	-	0	15.000000	-	Openflow-Log-42
+1437831787.861602	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.133.100/32/49648->192.168.133.102/32/25	-	-	0	30.000000	-	Openflow-Log-42
+1437831787.861602	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.133.102/32	-	-	0	15.000000	-	Openflow-Log-42
+1437831799.610433	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.133.100/32/49655->17.167.150.73/32/443	-	-	0	30.000000	-	Openflow-Log-42
+1437831799.610433	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	17.167.150.73/32	-	-	0	15.000000	-	Openflow-Log-42
+1437831799.610433	6	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::MONITOR	NetControl::FLOW	192.168.133.100/32/49655->17.167.150.73/32/443	-	-	0	30.000000	-	Openflow-Log-42
+1437831799.610433	7	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	17.167.150.73/32	-	-	0	15.000000	-	Openflow-Log-42
+#close	2016-03-09-23-28-53
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/openflow.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.openflow/openflow.log
@ -0,0 +1,18 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	openflow
+#open	2016-03-09-23-28-53
+#fields	ts	dpid	match.in_port	match.dl_src	match.dl_dst	match.dl_vlan	match.dl_vlan_pcp	match.dl_type	match.nw_tos	match.nw_proto	match.nw_src	match.nw_dst	match.tp_src	match.tp_dst	flow_mod.cookie	flow_mod.table_id	flow_mod.command	flow_mod.idle_timeout	flow_mod.hard_timeout	flow_mod.priority	flow_mod.out_port	flow_mod.out_group	flow_mod.flags	flow_mod.actions.out_ports	flow_mod.actions.vlan_vid	flow_mod.actions.vlan_pcp	flow_mod.actions.vlan_strip	flow_mod.actions.dl_src	flow_mod.actions.dl_dst	flow_mod.actions.nw_tos	flow_mod.actions.nw_src	flow_mod.actions.nw_dst	flow_mod.actions.tp_src	flow_mod.actions.tp_dst
+#types	time	count	count	string	string	count	count	count	count	count	subnet	subnet	count	count	count	count	enum	count	count	count	count	count	count	vector[count]	count	count	bool	string	string	count	addr	addr	count	count
+1254722767.875996	42	-	-	-	-	-	2048	-	6	10.10.1.4/32	74.53.140.153/32	1470	25	4398046511108	-	OpenFlow::OFPFC_ADD	0	30	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1254722767.875996	42	-	-	-	-	-	2048	-	-	74.53.140.153/32	-	-	-	4398046511110	-	OpenFlow::OFPFC_ADD	0	15	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1254722767.875996	42	-	-	-	-	-	2048	-	-	-	74.53.140.153/32	-	-	4398046511111	-	OpenFlow::OFPFC_ADD	0	15	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1437831787.861602	42	-	-	-	-	-	2048	-	6	192.168.133.100/32	192.168.133.102/32	49648	25	4398046511112	-	OpenFlow::OFPFC_ADD	0	30	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1437831787.861602	42	-	-	-	-	-	2048	-	-	192.168.133.102/32	-	-	-	4398046511114	-	OpenFlow::OFPFC_ADD	0	15	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1437831787.861602	42	-	-	-	-	-	2048	-	-	-	192.168.133.102/32	-	-	4398046511115	-	OpenFlow::OFPFC_ADD	0	15	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1437831799.610433	42	-	-	-	-	-	2048	-	6	192.168.133.100/32	17.167.150.73/32	49655	443	4398046511116	-	OpenFlow::OFPFC_ADD	0	30	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1437831799.610433	42	-	-	-	-	-	2048	-	-	17.167.150.73/32	-	-	-	4398046511118	-	OpenFlow::OFPFC_ADD	0	15	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1437831799.610433	42	-	-	-	-	-	2048	-	-	-	17.167.150.73/32	-	-	4398046511119	-	OpenFlow::OFPFC_ADD	0	15	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+#close	2016-03-09-23-28-53
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.packetfilter/conn.log
@ -0,0 +1,14 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2016-02-12-03-18-52
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
+1254722767.492060	CXWv6p3arKYeMETxOg	10.10.1.4	56166	10.10.1.1	53	udp	dns	0.034025	34	100	SF	-	-	0	Dd	1	62	1	128	(empty)
+1254722776.690444	CCvvfg3TEfuqmmG4bh	10.10.1.20	138	10.10.1.255	138	udp	-	-	-	-	S0	-	-	0	D	1	229	0	0	(empty)
+1254722767.529046	CjhGID4nQcgTWjvg4c	10.10.1.4	1470	74.53.140.153	25	tcp	-	0.346950	0	0	S1	-	-	0	Sh	1	48	1	48	(empty)
+1437831787.856895	CRJuHdVW0XPVINV8a	192.168.133.100	49648	192.168.133.102	25	tcp	-	0.004707	0	0	S1	-	-	0	Sh	1	64	1	60	(empty)
+1437831776.764391	CsRx2w45OKnoww6xl4	192.168.133.100	49285	66.196.121.26	5050	tcp	-	0.343008	41	0	OTH	-	-	0	Da	1	93	1	52	(empty)
+#close	2016-02-12-03-18-52
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.quarantine-openflow/netcontrol.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.quarantine-openflow/netcontrol.log
@ -0,0 +1,21 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-08-22-48-10
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Openflow-Log-42
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Openflow-Log-42
+1398529018.678276	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->*/*	-	-	0	36000.000000	-	Openflow-Log-42
+1398529018.678276	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->8.8.8.8/32/53	Src: _/_ (_) Dst: 192.169.18.1/_ (_)	-	5	36000.000000	-	Openflow-Log-42
+1398529018.678276	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	8.8.8.8/32/53->192.168.18.50/32/*	Src: 8.8.8.8/_ (_) Dst: _/_ (_)	-	5	36000.000000	-	Openflow-Log-42
+1398529018.678276	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->192.169.18.1/32/80	-	-	5	36000.000000	-	Openflow-Log-42
+1398529018.678276	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->*/*	-	-	0	36000.000000	-	Openflow-Log-42
+1398529018.678276	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->8.8.8.8/32/53	Src: _/_ (_) Dst: 192.169.18.1/_ (_)	-	5	36000.000000	-	Openflow-Log-42
+1398529018.678276	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::MODIFY	NetControl::FORWARD	NetControl::FLOW	8.8.8.8/32/53->192.168.18.50/32/*	Src: 8.8.8.8/_ (_) Dst: _/_ (_)	-	5	36000.000000	-	Openflow-Log-42
+1398529018.678276	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::WHITELIST	NetControl::FORWARD	NetControl::FLOW	192.168.18.50/32/*->192.169.18.1/32/80	-	-	5	36000.000000	-	Openflow-Log-42
+#close	2016-03-08-22-48-10
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.quarantine-openflow/openflow.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.quarantine-openflow/openflow.log
@ -0,0 +1,13 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	openflow
+#open	2016-02-12-03-28-52
+#fields	ts	dpid	match.in_port	match.dl_src	match.dl_dst	match.dl_vlan	match.dl_vlan_pcp	match.dl_type	match.nw_tos	match.nw_proto	match.nw_src	match.nw_dst	match.tp_src	match.tp_dst	flow_mod.cookie	flow_mod.table_id	flow_mod.command	flow_mod.idle_timeout	flow_mod.hard_timeout	flow_mod.priority	flow_mod.out_port	flow_mod.out_group	flow_mod.flags	flow_mod.actions.out_ports	flow_mod.actions.vlan_vid	flow_mod.actions.vlan_pcp	flow_mod.actions.vlan_strip	flow_mod.actions.dl_src	flow_mod.actions.dl_dst	flow_mod.actions.nw_tos	flow_mod.actions.nw_src	flow_mod.actions.nw_dst	flow_mod.actions.tp_src	flow_mod.actions.tp_dst
+#types	time	count	count	string	string	count	count	count	count	count	subnet	subnet	count	count	count	count	enum	count	count	count	count	count	count	vector[count]	count	count	bool	string	string	count	addr	addr	count	count
+1398529018.678276	42	-	-	-	-	-	2048	-	-	192.168.18.50/32	-	-	-	4398046511108	-	OpenFlow::OFPFC_ADD	0	36000	0	-	-	1	(empty)	-	-	F	-	-	-	-	-	-	-
+1398529018.678276	42	-	-	-	-	-	2048	-	17	192.168.18.50/32	8.8.8.8/32	-	53	4398046511110	-	OpenFlow::OFPFC_ADD	0	36000	5	-	-	1	4294967290	-	-	F	-	-	-	-	192.169.18.1	-	-
+1398529018.678276	42	-	-	-	-	-	2048	-	17	8.8.8.8/32	192.168.18.50/32	53	-	4398046511112	-	OpenFlow::OFPFC_ADD	0	36000	5	-	-	1	4294967290	-	-	F	-	-	-	8.8.8.8	-	-	-
+1398529018.678276	42	-	-	-	-	-	2048	-	6	192.168.18.50/32	192.169.18.1/32	-	80	4398046511114	-	OpenFlow::OFPFC_ADD	0	36000	5	-	-	1	4294967290	-	-	F	-	-	-	-	-	-	-
+#close	2016-02-12-03-28-52
--- a/testing/btest/Baseline/scripts.base.frameworks.netcontrol.timeout/netcontrol.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.netcontrol.timeout/netcontrol.log
@ -0,0 +1,17 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol
+#open	2016-03-09-23-06-49
+#fields	ts	rule_id	category	cmd	state	action	target	entity_type	entity	mod	msg	priority	expire	location	plugin
+#types	time	string	enum	string	enum	string	enum	string	string	string	string	int	interval	string	string
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	Debug-All
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+1457564809.281931	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+1457564809.281931	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+1457564810.695538	2	NetControl::RULE	EXPIRE	NetControl::TIMEOUT	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+1457564810.695538	2	NetControl::RULE	REMOVE	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+1457564810.695538	2	NetControl::RULE	REMOVE	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	1.000000	-	Debug-All
+#close	2016-03-09-23-06-51
--- a/testing/btest/Baseline/scripts.base.frameworks.openflow.broker-basic/recv.recv.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.openflow.broker-basic/recv.recv.out
@ -0,0 +1,5 @@
+BrokerComm::incoming_connection_established
+flow_clear, 42
+got flow_mod, 42, [in_port=<uninitialized>, dl_src=<uninitialized>, dl_dst=<uninitialized>, dl_vlan=<uninitialized>, dl_vlan_pcp=<uninitialized>, dl_type=<uninitialized>, nw_tos=<uninitialized>, nw_proto=<uninitialized>, nw_src=<uninitialized>, nw_dst=<uninitialized>, tp_src=<uninitialized>, tp_dst=<uninitialized>], [cookie=4398046511105, table_id=<uninitialized>, command=OpenFlow::OFPFC_ADD, idle_timeout=0, hard_timeout=0, priority=0, out_port=<uninitialized>, out_group=<uninitialized>, flags=0, actions=[out_ports=[3, 7], vlan_vid=<uninitialized>, vlan_pcp=<uninitialized>, vlan_strip=F, dl_src=<uninitialized>, dl_dst=<uninitialized>, nw_tos=<uninitialized>, nw_src=<uninitialized>, nw_dst=<uninitialized>, tp_src=<uninitialized>, tp_dst=<uninitialized>]]
+got flow_mod, 42, [in_port=<uninitialized>, dl_src=<uninitialized>, dl_dst=<uninitialized>, dl_vlan=<uninitialized>, dl_vlan_pcp=<uninitialized>, dl_type=2048, nw_tos=<uninitialized>, nw_proto=6, nw_src=10.10.1.4/32, nw_dst=74.53.140.153/32, tp_src=1470, tp_dst=25], [cookie=4398046511146, table_id=<uninitialized>, command=OpenFlow::OFPFC_ADD, idle_timeout=30, hard_timeout=0, priority=5, out_port=<uninitialized>, out_group=<uninitialized>, flags=0, actions=[out_ports=[], vlan_vid=<uninitialized>, vlan_pcp=<uninitialized>, vlan_strip=F, dl_src=<uninitialized>, dl_dst=<uninitialized>, nw_tos=<uninitialized>, nw_src=<uninitialized>, nw_dst=<uninitialized>, tp_src=<uninitialized>, tp_dst=<uninitialized>]]
+got flow_mod, 42, [in_port=<uninitialized>, dl_src=<uninitialized>, dl_dst=<uninitialized>, dl_vlan=<uninitialized>, dl_vlan_pcp=<uninitialized>, dl_type=2048, nw_tos=<uninitialized>, nw_proto=6, nw_src=74.53.140.153/32, nw_dst=10.10.1.4/32, tp_src=25, tp_dst=1470], [cookie=4398046511146, table_id=<uninitialized>, command=OpenFlow::OFPFC_ADD, idle_timeout=30, hard_timeout=0, priority=5, out_port=<uninitialized>, out_group=<uninitialized>, flags=0, actions=[out_ports=[], vlan_vid=<uninitialized>, vlan_pcp=<uninitialized>, vlan_strip=F, dl_src=<uninitialized>, dl_dst=<uninitialized>, nw_tos=<uninitialized>, nw_src=<uninitialized>, nw_dst=<uninitialized>, tp_src=<uninitialized>, tp_dst=<uninitialized>]]
--- a/testing/btest/Baseline/scripts.base.frameworks.openflow.broker-basic/send.send.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.openflow.broker-basic/send.send.out
@ -0,0 +1,8 @@
+BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
+Flow_mod_success
+Flow_mod_failure
+connection established
+Flow_mod_success
+Flow_mod_failure
+Flow_mod_success
+Flow_mod_failure
--- a/testing/btest/Baseline/scripts.base.frameworks.openflow.log-basic/openflow.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.openflow.log-basic/openflow.log
@ -0,0 +1,16 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	openflow
+#open	2016-02-11-20-32-05
+#fields	ts	dpid	match.in_port	match.dl_src	match.dl_dst	match.dl_vlan	match.dl_vlan_pcp	match.dl_type	match.nw_tos	match.nw_proto	match.nw_src	match.nw_dst	match.tp_src	match.tp_dst	flow_mod.cookie	flow_mod.table_id	flow_mod.command	flow_mod.idle_timeout	flow_mod.hard_timeout	flow_mod.priority	flow_mod.out_port	flow_mod.out_group	flow_mod.flags	flow_mod.actions.out_ports	flow_mod.actions.vlan_vid	flow_mod.actions.vlan_pcp	flow_mod.actions.vlan_strip	flow_mod.actions.dl_src	flow_mod.actions.dl_dst	flow_mod.actions.nw_tos	flow_mod.actions.nw_src	flow_mod.actions.nw_dst	flow_mod.actions.tp_src	flow_mod.actions.tp_dst
+#types	time	count	count	string	string	count	count	count	count	count	subnet	subnet	count	count	count	count	enum	count	count	count	count	count	count	vector[count]	count	count	bool	string	string	count	addr	addr	count	count
+0.000000	42	-	-	-	-	-	-	-	-	-	-	-	-	4398046511105	-	OpenFlow::OFPFC_ADD	0	0	0	-	-	0	3,7	-	-	F	-	-	-	-	-	-	-
+1254722767.875996	42	-	-	-	-	-	2048	-	6	10.10.1.4/32	74.53.140.153/32	1470	25	4398046511147	-	OpenFlow::OFPFC_ADD	30	0	5	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1254722767.875996	42	-	-	-	-	-	2048	-	6	74.53.140.153/32	10.10.1.4/32	25	1470	4398046511147	-	OpenFlow::OFPFC_ADD	30	0	5	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1437831787.861602	42	-	-	-	-	-	2048	-	6	192.168.133.100/32	192.168.133.102/32	49648	25	4398046511148	-	OpenFlow::OFPFC_ADD	30	0	5	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1437831787.861602	42	-	-	-	-	-	2048	-	6	192.168.133.102/32	192.168.133.100/32	25	49648	4398046511148	-	OpenFlow::OFPFC_ADD	30	0	5	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1437831799.610433	42	-	-	-	-	-	2048	-	6	192.168.133.100/32	17.167.150.73/32	49655	443	4398046511149	-	OpenFlow::OFPFC_ADD	30	0	5	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1437831799.610433	42	-	-	-	-	-	2048	-	6	17.167.150.73/32	192.168.133.100/32	443	49655	4398046511149	-	OpenFlow::OFPFC_ADD	30	0	5	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+#close	2016-02-11-20-32-05
--- a/testing/btest/Baseline/scripts.base.frameworks.openflow.log-cluster/manager-1.openflow.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.openflow.log-cluster/manager-1.openflow.log
@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	openflow
+#open	2016-02-11-21-06-45
+#fields	ts	dpid	match.in_port	match.dl_src	match.dl_dst	match.dl_vlan	match.dl_vlan_pcp	match.dl_type	match.nw_tos	match.nw_proto	match.nw_src	match.nw_dst	match.tp_src	match.tp_dst	flow_mod.cookie	flow_mod.table_id	flow_mod.command	flow_mod.idle_timeout	flow_mod.hard_timeout	flow_mod.priority	flow_mod.out_port	flow_mod.out_group	flow_mod.flags	flow_mod.actions.out_ports	flow_mod.actions.vlan_vid	flow_mod.actions.vlan_pcp	flow_mod.actions.vlan_strip	flow_mod.actions.dl_src	flow_mod.actions.dl_dst	flow_mod.actions.nw_tos	flow_mod.actions.nw_src	flow_mod.actions.nw_dst	flow_mod.actions.tp_src	flow_mod.actions.tp_dst
+#types	time	count	count	string	string	count	count	count	count	count	subnet	subnet	count	count	count	count	enum	count	count	count	count	count	count	vector[count]	count	count	bool	string	string	count	addr	addr	count	count
+1455224805.349129	42	-	-	-	-	-	2048	-	6	10.10.1.4/32	74.53.140.153/32	1470	25	4398046511146	-	OpenFlow::OFPFC_ADD	30	0	5	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+1455224805.349129	42	-	-	-	-	-	2048	-	6	74.53.140.153/32	10.10.1.4/32	25	1470	4398046511146	-	OpenFlow::OFPFC_ADD	30	0	5	-	-	0	(empty)	-	-	F	-	-	-	-	-	-	-
+#close	2016-02-11-21-06-46
--- a/testing/btest/Baseline/scripts.base.frameworks.openflow.ryu-basic/.stdout
+++ b/testing/btest/Baseline/scripts.base.frameworks.openflow.ryu-basic/.stdout
@ -0,0 +1,22 @@
+http://127.0.0.1:8080/stats/flowentry/clear/42
+http://127.0.0.1:8080/stats/flowentry/add
+{"match": {}, "dpid": 42, "flags": 0, "hard_timeout": 0, "priority": 0, "actions": [{"port": 3, "type": "OUTPUT"}, {"port": 7, "type": "OUTPUT"}], "cookie": 4398046511105, "idle_timeout": 0}
+Flow_mod_success
+http://127.0.0.1:8080/stats/flowentry/add
+{"match": {"tp_dst": 25, "nw_dst": "74.53.140.153/32", "nw_src": "10.10.1.4/32", "dl_type": 2048, "tp_src": 1470, "nw_proto": 6}, "dpid": 42, "flags": 0, "hard_timeout": 0, "priority": 5, "actions": [], "cookie": 4398046511146, "idle_timeout": 30}
+http://127.0.0.1:8080/stats/flowentry/add
+{"match": {"tp_dst": 1470, "nw_dst": "10.10.1.4/32", "nw_src": "74.53.140.153/32", "dl_type": 2048, "tp_src": 25, "nw_proto": 6}, "dpid": 42, "flags": 0, "hard_timeout": 0, "priority": 5, "actions": [], "cookie": 4398046511146, "idle_timeout": 30}
+Flow_mod_success
+Flow_mod_success
+http://127.0.0.1:8080/stats/flowentry/add
+{"match": {"tp_dst": 25, "nw_dst": "192.168.133.102/32", "nw_src": "192.168.133.100/32", "dl_type": 2048, "tp_src": 49648, "nw_proto": 6}, "dpid": 42, "flags": 0, "hard_timeout": 0, "priority": 5, "actions": [], "cookie": 4398046511146, "idle_timeout": 30}
+http://127.0.0.1:8080/stats/flowentry/add
+{"match": {"tp_dst": 49648, "nw_dst": "192.168.133.100/32", "nw_src": "192.168.133.102/32", "dl_type": 2048, "tp_src": 25, "nw_proto": 6}, "dpid": 42, "flags": 0, "hard_timeout": 0, "priority": 5, "actions": [], "cookie": 4398046511146, "idle_timeout": 30}
+Flow_mod_success
+Flow_mod_success
+http://127.0.0.1:8080/stats/flowentry/add
+{"match": {"tp_dst": 443, "nw_dst": "17.167.150.73/32", "nw_src": "192.168.133.100/32", "dl_type": 2048, "tp_src": 49655, "nw_proto": 6}, "dpid": 42, "flags": 0, "hard_timeout": 0, "priority": 5, "actions": [], "cookie": 4398046511146, "idle_timeout": 30}
+http://127.0.0.1:8080/stats/flowentry/add
+{"match": {"tp_dst": 49655, "nw_dst": "192.168.133.100/32", "nw_src": "17.167.150.73/32", "dl_type": 2048, "tp_src": 443, "nw_proto": 6}, "dpid": 42, "flags": 0, "hard_timeout": 0, "priority": 5, "actions": [], "cookie": 4398046511146, "idle_timeout": 30}
+Flow_mod_success
+Flow_mod_success
--- a/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-get-file-size/ftp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ftp.ftp-get-file-size/ftp.log
@ -0,0 +1,15 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ftp
+#open	2016-03-11-17-40-18
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	password	command	arg	mime_type	file_size	reply_code	reply_msg	data_channel.passive	data_channel.orig_h	data_channel.resp_h	data_channel.resp_p	fuid
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	count	string	bool	addr	addr	port	string
+1457455890.667768	CXWv6p3arKYeMETxOg	192.168.21.95	54089	164.107.123.6	21	<unknown>	-	PASV	-	-	-	227	Entering Passive Mode (164,107,123,6,183,187)	T	192.168.21.95	164.107.123.6	47035	-
+1457455890.667768	CXWv6p3arKYeMETxOg	192.168.21.95	54089	164.107.123.6	21	<unknown>	-	PASV	-	-	-	227	Entering Passive Mode (164,107,123,6,183,187)	-	-	-	-	-
+1457455891.781896	CXWv6p3arKYeMETxOg	192.168.21.95	54089	164.107.123.6	21	<unknown>	-	PASV	-	-	-	227	Entering Passive Mode (164,107,123,6,183,231)	T	192.168.21.95	164.107.123.6	47079	FaFkMs3Gc0F1kvwXD
+1457455894.380514	CXWv6p3arKYeMETxOg	192.168.21.95	54089	164.107.123.6	21	<unknown>	-	PASV	-	-	-	227	Entering Passive Mode (164,107,123,6,183,211)	T	192.168.21.95	164.107.123.6	47059	Fm58Rm14ZG2Ai7nW9g
+1457455900.398202	CXWv6p3arKYeMETxOg	192.168.21.95	54089	164.107.123.6	21	<unknown>	-	PASV	-	-	-	227	Entering Passive Mode (164,107,123,6,183,197)	T	192.168.21.95	164.107.123.6	47045	FnxQXApi8WTTWNyH1
+1457455900.530943	CXWv6p3arKYeMETxOg	192.168.21.95	54089	164.107.123.6	21	<unknown>	-	RETR	ftp://164.107.123.6/mirror/internic/rfc/rfc1001.txt	text/plain	154427	226	File send OK.	-	-	-	-	FJblKh2PaOnGa8zcmg
+#close	2016-03-11-17-40-18
--- a/testing/btest/Baseline/scripts.base.protocols.ssh.basic/conn.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssh.basic/conn.log
@ -3,14 +3,14 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-03-07-21-31-43
+#open	2016-03-08-15-45-10
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1324071333.493287	CXWv6p3arKYeMETxOg	192.168.1.79	51880	131.159.21.1	22	tcp	ssh	6.159326	2669	2501	SF	-	-	0	ShAdDaFf	25	3981	20	3549	(empty)
-1409516196.337184	CjhGID4nQcgTWjvg4c	10.0.0.18	40184	128.2.6.88	41644	tcp	ssh	0.392307	3205	2129	S1	-	-	0	ShADad	12	3837	12	2761	(empty)
+1409516196.337184	CjhGID4nQcgTWjvg4c	10.0.0.18	40184	128.2.6.88	41644	tcp	ssh	2.079071	3813	3633	SF	-	-	0	ShADadFf	22	4965	26	5017	(empty)
+1419870189.485611	CCvvfg3TEfuqmmG4bh	192.168.2.1	57189	192.168.2.158	22	tcp	ssh	6.641754	5253	3489	SF	-	-	0	ShADadFf	38	7241	29	5005	(empty)
 1419870206.101883	CsRx2w45OKnoww6xl4	192.168.2.1	57191	192.168.2.158	22	tcp	ssh	3.862198	576	813	SF	-	-	0	ShAdDaFf	23	1784	16	1653	(empty)
-1419870189.485611	CCvvfg3TEfuqmmG4bh	192.168.2.1	57189	192.168.2.158	22	tcp	ssh	5.267866	4601	2805	S1	-	-	0	ShADad	22	5757	18	3749	(empty)
-1419996264.318569	CRJuHdVW0XPVINV8a	192.168.2.1	55179	192.168.2.158	2200	tcp	ssh	1.124642	1909	1161	S1	-	-	0	ShADad	16	2753	12	1793	(empty)
+1419996264.318569	CRJuHdVW0XPVINV8a	192.168.2.1	55179	192.168.2.158	2200	tcp	ssh	2.557930	2757	1721	RSTR	-	-	0	ShADadFr	37	4693	29	3225	(empty)
 1420588548.721272	CPbrpk1qSsw6ESzHV4	192.168.2.1	56594	192.168.2.158	22	tcp	ssh	8.841749	480	537	SF	-	-	0	ShAdDaFf	17	1376	14	1273	(empty)
 1420590124.879760	C6pKV8GSxOnSLghOa	192.168.2.1	56821	192.168.2.158	22	tcp	ssh	1.106250	820	1125	SF	-	-	0	ShAdDaFf	26	2184	20	2173	(empty)
 1420590308.775525	CIPOse170MGiRM1Qf4	192.168.2.1	56837	192.168.2.158	22	tcp	ssh	1.080767	692	997	SF	-	-	0	ShAdDaFf	25	2004	19	1993	(empty)
@ -19,16 +19,16 @@
 1420590659.422161	CMXxB5GvmoxJFXdTa	192.168.2.1	56878	192.168.2.158	22	tcp	ssh	3.628964	684	825	SF	-	-	0	ShAdDaFf	25	1996	19	1821	(empty)
 1420591379.650462	Caby8b1slFea8xwSmb	192.168.2.1	56940	192.168.2.158	22	tcp	ssh	0.104978	500	609	SF	-	-	0	ShAdDaFf	14	1240	10	1137	(empty)
 1420599430.822385	Che1bq3i2rO3KD1Syg	192.168.2.1	57831	192.168.2.158	22	tcp	ssh	2.758790	576	813	SF	-	-	0	ShAdDaFf	23	1784	18	1757	(empty)
-1420851448.309629	C3SfNE4BWaU4aSuwkc	192.168.2.1	59246	192.168.2.158	22	tcp	ssh	2.046715	2421	3505	S1	-	-	0	ShADad	18	3369	13	4189	(empty)
-1420860616.400297	CwSkQu4eWZCH7OONC1	192.168.1.32	33910	128.2.13.133	22	tcp	ssh	0.660753	3383	2645	S1	-	-	0	ShADad	18	4327	16	3485	(empty)
-1420860283.029061	CEle3f3zno26fFZkrh	192.168.1.32	41164	128.2.10.238	22	tcp	ssh	7.498828	5479	2327	S1	-	-	0	ShADad	21	6579	18	3271	(empty)
+1420851448.309629	C3SfNE4BWaU4aSuwkc	192.168.2.1	59246	192.168.2.158	22	tcp	ssh	3.076752	3049	4165	SF	-	-	0	ShADadFf	32	4725	23	5369	(empty)
+1420860283.029061	CEle3f3zno26fFZkrh	192.168.1.32	41164	128.2.10.238	22	tcp	ssh	8.485357	6087	3015	SF	-	-	0	ShADadFf	32	7759	33	4763	(empty)
+1420860616.400297	CwSkQu4eWZCH7OONC1	192.168.1.32	33910	128.2.13.133	22	tcp	ssh	1.910959	6471	6037	SF	-	-	0	ShADadFf	33	8195	29	7565	(empty)
 1420868281.639103	CfTOmO0HKorjr8Zp7	192.168.1.32	41268	128.2.10.238	22	tcp	ssh	2.710778	5613	2487	SF	-	-	0	ShADadFf	24	6869	20	3535	(empty)
+1420917487.220407	Cab0vO1xNYSS2hJkle	192.168.1.31	52294	192.168.1.32	22	tcp	ssh	3.658968	3729	2229	SF	-	-	0	ShADadFf	36	5613	24	3497	(empty)
 1420917487.213378	CzA03V1VcgagLjnO92	192.168.1.31	57621	192.168.1.255	57621	udp	-	-	-	-	S0	-	-	0	D	1	72	0	0	(empty)
 1420917487.213468	CyAhVIzHqb7t7kv28	192.168.1.32	57621	192.168.1.31	57621	udp	-	-	-	-	S0	-	-	0	D	1	72	0	0	(empty)
-1420917487.220407	Cab0vO1xNYSS2hJkle	192.168.1.31	52294	192.168.1.32	22	tcp	ssh	2.807865	3169	1329	S1	-	-	0	ShADad	19	4169	13	2013	(empty)
 1421006072.431795	Cx3C534wEyF3OvvcQe	192.168.1.31	51476	192.168.1.32	8118	tcp	-	0.000539	76	0	SF	-	-	0	DaFfA	6	388	5	284	(empty)
-1421006072.001012	Cx2FqO23omNawSNrxj	192.168.1.31	51489	192.168.1.32	22	tcp	ssh	2.408961	3469	1565	S1	-	-	0	ShAdDa	25	4805	16	2421	(empty)
+1421006072.001012	Cx2FqO23omNawSNrxj	192.168.1.31	51489	192.168.1.32	22	tcp	ssh	4.926958	4029	2497	SF	-	-	0	ShAdDaFf	42	6249	27	3937	(empty)
 1421041176.944687	CkDsfG2YIeWJmXWNWj	192.168.1.32	58641	131.103.20.168	22	tcp	ssh	0.587601	2885	2309	SF	-	-	0	ShADdaFf	16	3725	13	2993	(empty)
-1421041299.738916	CUKS0W3HFYOnBqSE5e	192.168.1.32	58646	131.103.20.168	22	tcp	ssh	0.538385	3517	3197	S1	-	-	0	ShADad	18	4461	16	4037	(empty)
-1421041526.312919	CRrfvP2lalMAYOCLhj	192.168.1.32	58649	131.103.20.168	22	tcp	ssh	0.542213	3517	3197	S1	-	-	0	ShADad	17	4409	16	4037	(empty)
-#close	2016-03-07-21-31-43
+1421041299.738916	CUKS0W3HFYOnBqSE5e	192.168.1.32	58646	131.103.20.168	22	tcp	ssh	2.236727	4477	535101	SF	-	-	0	ShADadFf	179	13793	226	546861	(empty)
+1421041526.312919	CRrfvP2lalMAYOCLhj	192.168.1.32	58649	131.103.20.168	22	tcp	ssh	2.066433	4477	534861	SF	-	-	0	ShADadFf	183	14001	236	547141	(empty)
+#close	2016-03-08-15-45-10
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
@ -1,5 +1,6 @@
         0.000000 bro_init
         0.000000 filter_change_tracking
+         0.000000 NetControl::init
 1254722767.492060 protocol_confirmation
 1254722767.492060 ChecksumOffloading::check
 1254722767.492060 filter_change_tracking
--- a/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
+++ b/testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
@ -1,5 +1,6 @@
         0.000000 bro_init
         0.000000 filter_change_tracking
+         0.000000 NetControl::init
 1254722767.492060 protocol_confirmation
                  [0] c: connection      = [id=[orig_h=10.10.1.4, orig_p=56166/udp, resp_h=10.10.1.1, resp_p=53/udp], orig=[size=34, state=1, num_pkts=0, num_bytes_ip=0, flow_label=0], resp=[size=0, state=0, num_pkts=0, num_bytes_ip=0, flow_label=0], start_time=1254722767.49206, duration=0.0, service={\x0a\x0a}, history=D, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, dpd=<uninitialized>, conn=<uninitialized>, extract_orig=F, extract_resp=F, thresholds=<uninitialized>, dhcp=<uninitialized>, dnp3=<uninitialized>, dns=<uninitialized>, dns_state=<uninitialized>, ftp=<uninitialized>, ftp_data_reuse=F, ssl=<uninitialized>, http=<uninitialized>, http_state=<uninitialized>, irc=<uninitialized>, krb=<uninitialized>, modbus=<uninitialized>, mysql=<uninitialized>, radius=<uninitialized>, rdp=<uninitialized>, sip=<uninitialized>, sip_state=<uninitialized>, snmp=<uninitialized>, smtp=<uninitialized>, smtp_state=<uninitialized>, socks=<uninitialized>, ssh=<uninitialized>, syslog=<uninitialized>]
                  [1] atype: enum        = Analyzer::ANALYZER_DNS
--- a/testing/btest/Traces/ftp/ftp-with-numbers-in-filename.pcap
+++ b/testing/btest/Traces/ftp/ftp-with-numbers-in-filename.pcap
--- a/testing/btest/bifs/check_subnet.bro
+++ b/testing/btest/bifs/check_subnet.bro
@ -0,0 +1,39 @@
+# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+global testt: set[subnet] = {
+	10.0.0.0/8,
+	10.2.0.0/16,
+	10.2.0.2/31,
+	10.1.0.0/16,
+	10.3.0.0/16,
+	5.0.0.0/8,
+	5.5.0.0/25,
+	5.2.0.0/32,
+	7.2.0.0/32,
+	[2607:f8b0:4008:807::200e]/64,
+	[2607:f8b0:4007:807::200e]/64,
+	[2607:f8b0:4007:807::200e]/128
+};
+
+function check_member(s: subnet)
+	{
+	if ( s in testt )
+		print fmt("in says: %s is member", s);
+	else
+		print fmt("in says: %s is no member", s);
+
+	if ( check_subnet(s, testt) )
+		print fmt("check_subnet says: %s is member", s);
+	else
+		print fmt("check_subnet says: %s is no member", s);
+
+	}
+
+event bro_init()
+	{
+	check_member(10.2.0.2/32);
+	check_member(10.2.0.2/31);
+	check_member(10.6.0.0/9);
+	check_member(10.2.0.0/8);
+	}
--- a/testing/btest/bifs/filter_subnet_table.bro
+++ b/testing/btest/bifs/filter_subnet_table.bro
@ -0,0 +1,49 @@
+# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+global testa: set[subnet] = {
+	10.0.0.0/8,
+	10.2.0.0/16,
+	10.2.0.2/31,
+	10.1.0.0/16,
+	10.3.0.0/16,
+	5.0.0.0/8,
+	5.5.0.0/25,
+	5.2.0.0/32,
+	7.2.0.0/32,
+	[2607:f8b0:4008:807::200e]/64,
+	[2607:f8b0:4007:807::200e]/64,
+	[2607:f8b0:4007:807::200e]/128
+};
+
+global testb: table[subnet] of string = {
+	[10.0.0.0/8] = "a",
+	[10.2.0.0/16] = "b",
+	[10.2.0.2/31] = "c",
+	[10.1.0.0/16] = "d",
+	[10.3.0.0/16] = "e",
+	[5.0.0.0/8] = "f",
+	[5.5.0.0/25] = "g",
+	[5.2.0.0/32] = "h",
+	[7.2.0.0/32] = "i",
+	[[2607:f8b0:4008:807::200e]/64] = "j",
+	[[2607:f8b0:4007:807::200e]/64] = "k",
+	[[2607:f8b0:4007:807::200e]/128] = "l"
+};
+
+
+event bro_init()
+	{
+	local c = filter_subnet_table(10.2.0.2/32, testa);
+	print c;
+	c = filter_subnet_table(10.2.0.2/32, testb);
+	print c;
+	c = filter_subnet_table(10.3.0.2/32, testb);
+	print c;
+	c = filter_subnet_table(1.0.0.0/8, testb);
+	print c;
+
+	local unspecified: table[subnet] of string = table();
+	c = filter_subnet_table(10.2.0.2/32, unspecified);
+	print c;
+	}
--- a/testing/btest/bifs/matching_subnets.bro
+++ b/testing/btest/bifs/matching_subnets.bro
@ -0,0 +1,30 @@
+# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+global testt: set[subnet] = {
+	10.0.0.0/8,
+	10.2.0.0/16,
+	10.2.0.2/31,
+	10.1.0.0/16,
+	10.3.0.0/16,
+	5.0.0.0/8,
+	5.5.0.0/25,
+	5.2.0.0/32,
+	7.2.0.0/32,
+	[2607:f8b0:4008:807::200e]/64,
+	[2607:f8b0:4007:807::200e]/64,
+	[2607:f8b0:4007:807::200e]/128
+};
+
+event bro_init()
+	{
+	print testt;
+	local c = matching_subnets(10.2.0.2/32, testt);
+	print c;
+	c = matching_subnets([2607:f8b0:4007:807::200e]/128, testt);
+	print c;
+	c = matching_subnets(128.0.0.1/32, testt);
+	print c;
+	c = matching_subnets(10.0.0.2/8, testt);
+	print c;
+	}
--- a/testing/btest/bifs/subnet_to_addr.bro
+++ b/testing/btest/bifs/subnet_to_addr.bro
@ -0,0 +1,14 @@
+# @TEST-EXEC: bro -b %INPUT >output 2>error
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: btest-diff error
+
+function test_to_addr(sn: subnet, expect: addr)
+	{
+	local result = subnet_to_addr(sn);
+	print fmt("subnet_to_addr(%s) = %s (%s)", sn, result,
+	          result == expect ? "SUCCESS" : "FAILURE");
+	}
+
+test_to_addr(0.0.0.0/32, 0.0.0.0);
+test_to_addr(1.2.3.4/16, 1.2.0.0);
+test_to_addr([2607:f8b0:4005:803::200e]/128, [2607:f8b0:4005:803::200e]);
--- a/testing/btest/bifs/subnet_version.bro
+++ b/testing/btest/bifs/subnet_version.bro
@ -0,0 +1,7 @@
+# @TEST-EXEC: bro -b %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+print is_v4_subnet(1.2.3.4/16);
+print is_v4_subnet([2607:f8b0:4005:801::200e]/64);
+print is_v6_subnet(1.2.3.4/24);
+print is_v6_subnet([2607:f8b0:4005:801::200e]/12);
--- a/testing/btest/language/expire_multiple.test
+++ b/testing/btest/language/expire_multiple.test
@ -0,0 +1,12 @@
+# @TEST-EXEC-FAIL: bro -b %INPUT >output 2>&1
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output
+
+global s: set[string] &create_expire=1secs &read_expire=1secs;
+
+# @TEST-START-NEXT:
+
+global s: set[string] &write_expire=1secs &create_expire=3secs;
+
+# @TEST-START-NEXT:
+
+global s: set[string] &write_expire=1secs &read_expire=3secs;
--- a/testing/btest/language/expire_subnet.test
+++ b/testing/btest/language/expire_subnet.test
@ -0,0 +1,96 @@
+# @TEST-EXEC: bro -C -r $TRACES/var-services-std-ports.trace %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+redef table_expire_interval = 1sec;
+
+global start_time: time;
+
+function time_past(): interval
+	{
+	return network_time() - start_time;
+	}
+
+function expire_nums(tbl: table[count] of string, idx: count): interval
+	{
+	print fmt("Expired Num: %s --> %s at %s", idx, tbl[idx], time_past());
+	return 0sec;
+	}
+
+function expire_nets(tbl: table[subnet] of string, idx: subnet): interval
+	{
+	print fmt("Expired Subnet: %s --> %s at %s", idx, tbl[idx], time_past());
+	return 0sec;
+	}
+
+global nums: table[count] of string &read_expire=8sec &expire_func=expire_nums;
+global nets: table[subnet] of string &read_expire=8sec &expire_func=expire_nets;
+global step: count;
+
+### Test ###
+
+function execute_test()
+	{
+	local num_a = nums[2];
+	local num_b = nums[3];
+
+	local net_a = nets[192.168.2.0/24];
+	#local net_b = nets[192.168.3.0/24];
+	local nets_b = "";
+	local nets_b_tbl: table[subnet] of string;
+
+	nets_b_tbl = filter_subnet_table(192.168.3.0/24, nets);
+	for ( idx in nets_b_tbl )
+		nets_b += cat(", ", nets_b_tbl[idx]);
+	nets_b = nets_b[2:];
+	
+	# writing resets expire as expected
+	#nets[192.168.2.0/24] = "accessed";
+	#nets[192.168.3.0/24] = "accessed";
+
+	print fmt("Accessed table nums: %s; %s", num_a, num_b);
+	print fmt("Accessed table nets: %s; %s", net_a, nets_b);
+	print fmt("Time: %s", time_past());
+	print "";
+	}
+
+### Events ###
+
+event bro_init()
+	{
+	step = 0;
+
+	nums[0] = "zero";
+	nums[1] = "one";
+	nums[2] = "two";
+	nums[3] = "three";
+	nums[4] = "four";
+
+	nets[192.168.0.0/16] = "zero";
+	nets[192.168.1.0/24] = "one";
+	nets[192.168.2.0/24] = "two";
+	nets[192.168.3.0/24] = "three";
+	nets[192.168.4.0/24] = "four";
+	}
+
+event new_packet(c: connection, p: pkt_hdr)
+	{
+	if ( step == 0 )
+		{
+		++step;
+		start_time = network_time();
+
+		print "All:";
+		for ( num in nums )
+			print fmt("%s --> %s", num, nums[num]);
+		for ( net in nets )
+			print fmt("%s --> %s", net, nets[net]);
+		print fmt("Time: %s", time_past());
+		print "";
+		}
+
+	if ( (time_past() > 7sec) && (step == 1) )
+		{
+		++step;
+		execute_test();
+		}
+	}
--- a/testing/btest/language/record-function-recursion.bro
+++ b/testing/btest/language/record-function-recursion.bro
@ -0,0 +1,20 @@
+# @TEST-EXEC: bro -b %INPUT 2>&1 >out
+# @TEST-EXEC: btest-diff out
+
+type Outer: record {
+	id: count &optional;
+};
+
+type Inner: record {
+	create: function(input: Outer) : string;
+};
+
+redef record Outer += {
+	inner: Inner &optional;
+};
+
+event bro_init() {
+	local o = Outer();
+	print o;
+	print type_name(o);
+}
--- a/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/acld-hook.bro
@ -0,0 +1,122 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff send/send.out
+
+@TEST-START-FILE send.bro
+
+@load base/frameworks/netcontrol
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event NetControl::init()
+	{
+	suspend_processing();
+	local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=broker_port, $acld_topic="bro/event/netcontroltest"));
+	NetControl::activate(netcontrol_acld, 0);
+	}
+
+event NetControl::init_done()
+	{
+	continue_processing();
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+hook NetControl::acld_rule_policy(p: NetControl::PluginState, r: NetControl::Rule, ar: NetControl::AclRule)
+	{
+	# use nullzero instead of drop for address drops
+	if ( r$ty == NetControl::DROP && r$entity$ty == NetControl::ADDRESS && ar$command == "drop" )
+		ar$command = "nullzero";
+	}
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+
+	local flow1 = NetControl::Flow(
+		$src_h=addr_to_subnet(c$id$orig_h),
+		$dst_h=addr_to_subnet(c$id$resp_h)
+	);
+	local e1: NetControl::Entity = [$ty=NetControl::FLOW, $flow=flow1];
+	local r1: NetControl::Rule = [$ty=NetControl::DROP, $target=NetControl::FORWARD, $entity=e1, $expire=10hrs, $location="here"];
+
+	local flow2 = NetControl::Flow(
+		$dst_p=c$id$resp_p
+	);
+	local e2: NetControl::Entity = [$ty=NetControl::FLOW, $flow=flow2];
+	local r2: NetControl::Rule = [$ty=NetControl::DROP, $target=NetControl::FORWARD, $entity=e2, $expire=10hrs, $location="there"];
+
+	NetControl::add_rule(r1);
+	NetControl::add_rule(r2);
+	NetControl::drop_address(id$orig_h, 10hrs);
+	}
+
+event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	print "rule added", r$entity, r$ty;
+	NetControl::remove_rule(r$id);
+	}
+
+event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	print "rule removed", r$entity, r$ty;
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE recv.bro
+
+@load base/frameworks/netcontrol
+@load base/frameworks/broker
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/netcontroltest");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established";
+	}
+
+event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
+	{
+	print "add_rule", id, r$entity, r$ty, ar;
+
+	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_added, id, r, ar$command));
+	}
+
+event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
+	{
+	print "remove_rule", id, r$entity, r$ty, ar;
+
+	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_removed, id, r, ar$command));
+
+	if ( r$cid == 4 )
+		terminate();
+	}
+
+@TEST-END-FILE
+
--- a/testing/btest/scripts/base/frameworks/netcontrol/acld.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/acld.bro
@ -0,0 +1,115 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff send/send.out
+
+@TEST-START-FILE send.bro
+
+@load base/frameworks/netcontrol
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event NetControl::init()
+	{
+	suspend_processing();
+	local netcontrol_acld = NetControl::create_acld(NetControl::AcldConfig($acld_host=127.0.0.1, $acld_port=broker_port, $acld_topic="bro/event/netcontroltest"));
+	NetControl::activate(netcontrol_acld, 0);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
+	}
+
+event NetControl::init_done()
+	{
+	continue_processing();
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+
+	local flow1 = NetControl::Flow(
+		$src_h=addr_to_subnet(c$id$orig_h),
+		$dst_h=addr_to_subnet(c$id$resp_h)
+	);
+	local e1: NetControl::Entity = [$ty=NetControl::FLOW, $flow=flow1];
+	local r1: NetControl::Rule = [$ty=NetControl::DROP, $target=NetControl::FORWARD, $entity=e1, $expire=10hrs, $location="here"];
+
+	local flow2 = NetControl::Flow(
+		$dst_p=c$id$resp_p
+	);
+	local e2: NetControl::Entity = [$ty=NetControl::FLOW, $flow=flow2];
+	local r2: NetControl::Rule = [$ty=NetControl::DROP, $target=NetControl::FORWARD, $entity=e2, $expire=10hrs, $location="there"];
+
+	NetControl::add_rule(r1);
+	NetControl::add_rule(r2);
+	NetControl::drop_address(id$orig_h, 10hrs);
+	}
+
+event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	print "rule added", r$entity, r$ty;
+	NetControl::remove_rule(r$id);
+	}
+
+event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	print "rule removed", r$entity, r$ty;
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE recv.bro
+
+@load base/frameworks/netcontrol
+@load base/frameworks/broker
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/netcontroltest");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established";
+	}
+
+event NetControl::acld_add_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
+	{
+	print "add_rule", id, r$entity, r$ty, ar;
+
+	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_added, id, r, ar$command));
+	}
+
+event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetControl::AclRule)
+	{
+	print "remove_rule", id, r$entity, r$ty, ar;
+
+	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::acld_rule_removed, id, r, ar$command));
+
+	if ( r$cid == 4 )
+		terminate();
+	}
+
+@TEST-END-FILE
+
--- a/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/basic-cluster.bro
@ -0,0 +1,62 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run worker-2  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/ecdhe.pcap %INPUT"
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff manager-1/netcontrol.log
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth0"],
+};
+@TEST-END-FILE
+
+redef Log::default_rotation_interval = 0secs;
+#redef exit_only_after_terminate = T;
+
+@load base/frameworks/netcontrol
+
+@if ( Cluster::local_node_type() == Cluster::WORKER )
+event bro_init()
+	{
+	suspend_processing();
+	}
+@endif
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T);
+	NetControl::activate(netcontrol_debug, 0);
+	}
+
+@if ( Cluster::local_node_type() == Cluster::WORKER )
+event remote_connection_handshake_done(p: event_peer)
+	{
+	continue_processing();
+	}
+@endif
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 1sec);
+	NetControl::drop_address(id$orig_h, 1sec);
+	}
+
+event terminate_me() {
+	terminate();
+}
+
+event remote_connection_closed(p: event_peer) {
+	schedule 1sec { terminate_me() };
+}
+
+event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string &default="")
+	{
+	print "Rule added", r$id, r$cid;
+	}
--- a/testing/btest/scripts/base/frameworks/netcontrol/basic.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/basic.bro
@ -0,0 +1,44 @@
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff netcontrol.log
+# @TEST-EXEC: btest-diff netcontrol_shunt.log
+# @TEST-EXEC: btest-diff netcontrol_drop.log
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/frameworks/netcontrol
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T);
+	NetControl::activate(netcontrol_debug, 0);
+	}
+
+function test_mac_flow()
+	{
+	local flow = NetControl::Flow(
+		$src_m = "FF:FF:FF:FF:FF:FF"
+	);
+	local e: NetControl::Entity = [$ty=NetControl::FLOW, $flow=flow];
+	local r: NetControl::Rule = [$ty=NetControl::DROP, $target=NetControl::FORWARD, $entity=e, $expire=15sec];
+
+	NetControl::add_rule(r);
+	}
+
+function test_mac()
+	{
+	local e: NetControl::Entity = [$ty=NetControl::MAC, $mac="FF:FF:FF:FF:FF:FF"];
+	local r: NetControl::Rule = [$ty=NetControl::DROP, $target=NetControl::FORWARD, $entity=e, $expire=15sec];
+
+	NetControl::add_rule(r);
+	}
+
+event NetControl::init_done() &priority=-5
+	{
+	NetControl::shunt_flow([$src_h=192.168.17.1, $src_p=32/tcp, $dst_h=192.168.17.2, $dst_p=32/tcp], 30sec);
+	NetControl::drop_address(1.1.2.2, 15sec, "Hi there");
+	NetControl::whitelist_address(1.2.3.4, 15sec);
+	NetControl::redirect_flow([$src_h=192.168.17.1, $src_p=32/tcp, $dst_h=192.168.17.2, $dst_p=32/tcp], 5, 30sec);
+	NetControl::quarantine_host(127.0.0.2, 8.8.8.8, 127.0.0.3, 15sec);
+	test_mac();
+	test_mac_flow();
+	}
+
--- a/testing/btest/scripts/base/frameworks/netcontrol/broker.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/broker.bro
@ -0,0 +1,107 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff send/netcontrol.log
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff send/send.out
+
+@TEST-START-FILE send.bro
+
+@load base/frameworks/netcontrol
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event NetControl::init()
+	{
+	suspend_processing();
+	local netcontrol_broker = NetControl::create_broker(127.0.0.1, broker_port, "bro/event/netcontroltest", T);
+	NetControl::activate(netcontrol_broker, 0);
+	}
+
+event NetControl::init_done()
+	{
+	continue_processing();
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 10hrs);
+	NetControl::drop_address(id$orig_h, 10hrs);
+	}
+
+event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	print "rule added", r$entity, r$ty;
+	NetControl::remove_rule(r$id);
+	}
+
+event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	print "rule removed", r$entity, r$ty;
+	}
+
+event NetControl::rule_timeout(r: NetControl::Rule, i: NetControl::FlowInfo, p: NetControl::PluginState)
+	{
+	print "rule timeout", r$entity, r$ty, i;
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE recv.bro
+
+@load base/frameworks/netcontrol
+@load base/frameworks/broker
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/netcontroltest");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established";
+	}
+
+event NetControl::broker_add_rule(id: count, r: NetControl::Rule)
+	{
+	print "add_rule", id, r$entity, r$ty;
+
+	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_added, id, r, ""));
+	}
+
+event NetControl::broker_remove_rule(id: count, r: NetControl::Rule)
+	{
+	print "remove_rule", id, r$entity, r$ty;
+
+	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_timeout, id, r, NetControl::FlowInfo()));
+	BrokerComm::event("bro/event/netcontroltest", BrokerComm::event_args(NetControl::broker_rule_removed, id, r, ""));
+
+	if ( r$cid == 3 )
+		terminate();
+	}
+
+@TEST-END-FILE
+
--- a/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/catch-and-release.bro
@ -0,0 +1,31 @@
+# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log
+
+@load base/frameworks/netcontrol
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T);
+	NetControl::activate(netcontrol_debug, 0);
+	}
+
+module NetControl;
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::drop_address_catch_release(id$orig_h);
+	# second one should be ignored because duplicate
+	NetControl::drop_address_catch_release(id$orig_h);
+
+	# mean call directly into framework - simulate new connection
+	delete current_blocks[id$orig_h];
+	check_conn(id$orig_h);
+	delete current_blocks[id$orig_h];
+	check_conn(id$orig_h);
+	delete current_blocks[id$orig_h];
+	check_conn(id$orig_h);
+	delete current_blocks[id$orig_h];
+	check_conn(id$orig_h);
+	}
+
--- a/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/delete-internal-state.bro
@ -0,0 +1,54 @@
+# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+# Verify the state of internal tables after rules have been deleted...
+
+@load base/frameworks/netcontrol
+
+module NetControl;
+
+export {
+	global dump_state: function();
+}
+
+function dump_state()
+	{
+	print "Dumping state";
+	print rules;
+	print rule_entities;
+	print rules_by_subnets;
+	}
+
+module GLOBAL;
+
+global rules: vector of string;
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T);
+	NetControl::activate(netcontrol_debug, 10);
+	}
+
+event remove_all()
+	{
+	for ( i in rules )
+		NetControl::remove_rule(rules[i]);
+	}
+
+event dump_info()
+	{
+	NetControl::dump_state();
+	}
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	rules[|rules|] = NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 0secs);
+	rules[|rules|] = NetControl::drop_address(id$orig_h, 0secs);
+	rules[|rules|] = NetControl::whitelist_address(id$orig_h, 0secs);
+	rules[|rules|] = NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 0secs);
+
+	schedule 1sec { remove_all() };
+	schedule 2sec { dump_info() };
+	}
+
--- a/testing/btest/scripts/base/frameworks/netcontrol/duplicate.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/duplicate.bro
@ -0,0 +1,15 @@
+# @TEST-EXEC: bro -b -r $TRACES/tls/google-duplicate.trace %INPUT
+# @TEST-EXEC: btest-diff netcontrol.log
+
+@load base/frameworks/netcontrol
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T);
+	NetControl::activate(netcontrol_debug, 0);
+	}
+
+event connection_established(c: connection)
+	{
+	NetControl::drop_address(c$id$orig_h, 0secs);
+	}
--- a/testing/btest/scripts/base/frameworks/netcontrol/find-rules.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/find-rules.bro
@ -0,0 +1,34 @@
+# @TEST-EXEC: bro %INPUT
+# @TEST-EXEC: btest-diff out
+
+@load base/frameworks/netcontrol
+
+global outfile: file;
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T);
+	NetControl::activate(netcontrol_debug, 0);
+	}
+
+event NetControl::init_done() &priority=-5
+	{
+	NetControl::shunt_flow([$src_h=192.168.17.1, $src_p=32/tcp, $dst_h=192.168.17.2, $dst_p=32/tcp], 30sec);
+	NetControl::drop_address(1.1.2.2, 15sec, "Hi there");
+	NetControl::whitelist_address(1.2.3.4, 15sec);
+	NetControl::redirect_flow([$src_h=192.168.17.1, $src_p=32/tcp, $dst_h=192.168.17.2, $dst_p=32/tcp], 5, 30sec);
+	NetControl::quarantine_host(127.0.0.2, 8.8.8.8, 127.0.0.3, 15sec);
+
+	outfile = open("out");
+	local rules = NetControl::find_rules_addr(1.2.3.4);
+	print outfile, |rules|;
+	print outfile, rules[0]$entity;
+	rules = NetControl::find_rules_addr(1.2.3.5);
+	print outfile, |rules|;
+	rules = NetControl::find_rules_addr(127.0.0.2);
+	print outfile, |rules|;
+	print outfile, rules[0]$entity, rules[0]$ty;
+	print outfile, rules[3]$entity, rules[3]$ty;
+	close(outfile);
+	}
+
--- a/testing/btest/scripts/base/frameworks/netcontrol/hook.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/hook.bro
@ -0,0 +1,27 @@
+# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: btest-diff netcontrol.log
+
+@load base/frameworks/netcontrol
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T);
+	NetControl::activate(netcontrol_debug, 0);
+	}
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
+	NetControl::drop_address(id$orig_h, 15sec);
+	NetControl::whitelist_address(id$orig_h, 15sec);
+	NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 30sec);
+	}
+
+hook NetControl::rule_policy(r: NetControl::Rule)
+	{
+	if ( r$expire == 15sec )
+		break;
+
+	r$entity$flow$src_h = 0.0.0.0/0;
+	}
--- a/testing/btest/scripts/base/frameworks/netcontrol/multiple.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/multiple.bro
@ -0,0 +1,37 @@
+# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-sort' btest-diff netcontrol.log
+# @TEST-EXEC: btest-diff openflow.log
+
+@load base/frameworks/netcontrol
+
+global rules: vector of string;
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T);
+	local netcontrol_debug_2 = NetControl::create_debug(T);
+	local of_controller = OpenFlow::log_new(42);
+	local netcontrol_of = NetControl::create_openflow(of_controller);
+	NetControl::activate(netcontrol_debug, 10);
+	NetControl::activate(netcontrol_of, 10);
+	NetControl::activate(netcontrol_debug_2, 0);
+	}
+
+event remove_all()
+	{
+	for ( i in rules )
+		NetControl::remove_rule(rules[i]);
+	}
+
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	rules[|rules|] = NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 0secs);
+	rules[|rules|] = NetControl::drop_address(id$orig_h, 0secs);
+	rules[|rules|] = NetControl::whitelist_address(id$orig_h, 0secs);
+	rules[|rules|] = NetControl::redirect_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 5, 0secs);
+
+	schedule 1sec { remove_all() };
+	}
+
--- a/testing/btest/scripts/base/frameworks/netcontrol/openflow.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/openflow.bro
@ -0,0 +1,21 @@
+# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
+# @TEST-EXEC: btest-diff netcontrol.log
+# @TEST-EXEC: btest-diff openflow.log
+
+@load base/frameworks/netcontrol
+
+global of_controller: OpenFlow::Controller;
+
+event NetControl::init()
+	{
+	of_controller = OpenFlow::log_new(42);
+	local netcontrol_of = NetControl::create_openflow(of_controller);
+	NetControl::activate(netcontrol_of, 0);
+	}
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
+	NetControl::drop_address(id$resp_h, 15sec);
+	}
--- a/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/packetfilter.bro
@ -0,0 +1,18 @@
+# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
+# @TEST-EXEC: btest-diff conn.log
+
+@load base/frameworks/netcontrol
+
+event NetControl::init()
+	{
+	local netcontrol_packetfilter = NetControl::create_packetfilter();
+	NetControl::activate(netcontrol_packetfilter, 0);
+	}
+
+event connection_established(c: connection)
+	{
+	local e = NetControl::Entity($ty=NetControl::ADDRESS, $ip=addr_to_subnet(c$id$orig_h));
+	local r = NetControl::Rule($ty=NetControl::DROP, $target=NetControl::MONITOR, $entity=e, $expire=10min);
+
+	NetControl::add_rule(r);
+	}
--- a/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/quarantine-openflow.bro
@ -0,0 +1,19 @@
+# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: btest-diff netcontrol.log
+# @TEST-EXEC: btest-diff openflow.log
+
+@load base/frameworks/netcontrol
+
+global of_controller: OpenFlow::Controller;
+
+event NetControl::init()
+	{
+	of_controller = OpenFlow::log_new(42);
+	local netcontrol_of = NetControl::create_openflow(of_controller);
+	NetControl::activate(netcontrol_of, 0);
+	}
+
+event connection_established(c: connection)
+	{
+	NetControl::quarantine_host(c$id$orig_h, 8.8.8.8, 192.169.18.1, 10hrs);
+	}
--- a/testing/btest/scripts/base/frameworks/netcontrol/timeout.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/timeout.bro
@ -0,0 +1,15 @@
+# @TEST-EXEC: bro -b -r $TRACES/tls/ecdhe.pcap --pseudo-realtime %INPUT
+# @TEST-EXEC: btest-diff netcontrol.log
+
+@load base/frameworks/netcontrol
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T);
+	NetControl::activate(netcontrol_debug, 0);
+	}
+
+event connection_established(c: connection)
+	{
+	NetControl::drop_address(c$id$orig_h, 1secs);
+	}
--- a/testing/btest/scripts/base/frameworks/openflow/broker-basic.bro
+++ b/testing/btest/scripts/base/frameworks/openflow/broker-basic.bro
@ -0,0 +1,120 @@
+# @TEST-SERIALIZE: brokercomm
+# @TEST-REQUIRES: grep -q ENABLE_BROKER $BUILD/CMakeCache.txt
+# @TEST-EXEC: btest-bg-run recv "bro -b ../recv.bro broker_port=$BROKER_PORT >recv.out"
+# @TEST-EXEC: btest-bg-run send "bro -b -r $TRACES/smtp.trace --pseudo-realtime ../send.bro broker_port=$BROKER_PORT >send.out"
+
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff recv/recv.out
+# @TEST-EXEC: btest-diff send/send.out
+
+@TEST-START-FILE send.bro
+
+@load base/protocols/conn
+@load base/frameworks/openflow
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+global of_controller: OpenFlow::Controller;
+
+event bro_init()
+	{
+	suspend_processing();
+	of_controller = OpenFlow::broker_new("broker1", 127.0.0.1, broker_port, "bro/event/openflow", 42);
+	}
+
+event BrokerComm::outgoing_connection_established(peer_address: string,
+                                            peer_port: port,
+                                            peer_name: string)
+	{
+	print "BrokerComm::outgoing_connection_established", peer_address, peer_port;
+	}
+
+event OpenFlow::controller_activated(name: string, controller: OpenFlow::Controller)
+	{
+	continue_processing();
+	OpenFlow::flow_clear(of_controller);
+	OpenFlow::flow_mod(of_controller, [], [$cookie=OpenFlow::generate_cookie(1), $command=OpenFlow::OFPFC_ADD, $actions=[$out_ports=vector(3, 7)]]);
+	}
+
+event BrokerComm::outgoing_connection_broken(peer_address: string,
+                                       peer_port: port)
+	{
+	terminate();
+	}
+
+event connection_established(c: connection)
+	{
+	print "connection established";
+	local match = OpenFlow::match_conn(c$id);
+	local match_rev = OpenFlow::match_conn(c$id, T);
+
+	local flow_mod: OpenFlow::ofp_flow_mod = [
+		$cookie=OpenFlow::generate_cookie(42),
+		$command=OpenFlow::OFPFC_ADD,
+		$idle_timeout=30,
+		$priority=5
+	];
+
+	OpenFlow::flow_mod(of_controller, match, flow_mod);
+	OpenFlow::flow_mod(of_controller, match_rev, flow_mod);
+	}
+
+event OpenFlow::flow_mod_success(name: string, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod, msg: string)
+	{
+	print "Flow_mod_success";
+	}
+
+event OpenFlow::flow_mod_failure(name: string, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod, msg: string)
+	{
+	print "Flow_mod_failure";
+	}
+
+@TEST-END-FILE
+
+@TEST-START-FILE recv.bro
+
+@load base/frameworks/openflow
+
+const broker_port: port &redef;
+redef exit_only_after_terminate = T;
+
+global msg_count: count = 0;
+
+event bro_init()
+	{
+	BrokerComm::enable();
+	BrokerComm::subscribe_to_events("bro/event/openflow");
+	BrokerComm::listen(broker_port, "127.0.0.1");
+	}
+
+event BrokerComm::incoming_connection_established(peer_name: string)
+	{
+	print "BrokerComm::incoming_connection_established";
+	}
+
+function got_message()
+	{
+	++msg_count;
+
+	if ( msg_count >= 4 )
+		terminate();
+	}
+
+event OpenFlow::broker_flow_mod(name: string, dpid: count, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod)
+	{
+	print "got flow_mod", dpid, match, flow_mod;
+	BrokerComm::event("bro/event/openflow", BrokerComm::event_args(OpenFlow::flow_mod_success, name, match, flow_mod, ""));
+	BrokerComm::event("bro/event/openflow", BrokerComm::event_args(OpenFlow::flow_mod_failure, name, match, flow_mod, ""));
+	got_message();
+	}
+
+event OpenFlow::broker_flow_clear(name: string, dpid: count)
+	{
+	print "flow_clear", dpid;
+	got_message();
+	}
+
+
+@TEST-END-FILE
+
--- a/testing/btest/scripts/base/frameworks/openflow/log-basic.bro
+++ b/testing/btest/scripts/base/frameworks/openflow/log-basic.bro
@ -0,0 +1,32 @@
+# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
+# @TEST-EXEC: btest-diff openflow.log
+
+@load base/protocols/conn
+@load base/frameworks/openflow
+
+global of_controller: OpenFlow::Controller;
+
+global cookie_id: count = 42;
+
+event bro_init()
+	{
+	of_controller = OpenFlow::log_new(42);
+
+	OpenFlow::flow_mod(of_controller, [], [$cookie=OpenFlow::generate_cookie(1), $command=OpenFlow::OFPFC_ADD, $actions=[$out_ports=vector(3, 7)]]);
+	}
+
+event connection_established(c: connection)
+	{
+	local match = OpenFlow::match_conn(c$id);
+	local match_rev = OpenFlow::match_conn(c$id, T);
+
+	local flow_mod: OpenFlow::ofp_flow_mod = [
+		$cookie=OpenFlow::generate_cookie(++cookie_id),
+		$command=OpenFlow::OFPFC_ADD,
+		$idle_timeout=30,
+		$priority=5
+	];
+
+	OpenFlow::flow_mod(of_controller, match, flow_mod);
+	OpenFlow::flow_mod(of_controller, match_rev, flow_mod);
+	}
--- a/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro
+++ b/testing/btest/scripts/base/frameworks/openflow/log-cluster.bro
@ -0,0 +1,55 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT"
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff manager-1/openflow.log
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+};
+@TEST-END-FILE
+
+redef Log::default_rotation_interval = 0secs;
+#redef exit_only_after_terminate = T;
+
+@load base/protocols/conn
+@load base/frameworks/openflow
+
+global of_controller: OpenFlow::Controller;
+
+event bro_init()
+	{
+	of_controller = OpenFlow::log_new(42);
+	}
+
+event connection_established(c: connection)
+	{
+	print "conn established";
+	local match = OpenFlow::match_conn(c$id);
+	local match_rev = OpenFlow::match_conn(c$id, T);
+
+	local flow_mod: OpenFlow::ofp_flow_mod = [
+		$cookie=OpenFlow::generate_cookie(42),
+		$command=OpenFlow::OFPFC_ADD,
+		$idle_timeout=30,
+		$priority=5
+	];
+
+	OpenFlow::flow_mod(of_controller, match, flow_mod);
+	OpenFlow::flow_mod(of_controller, match_rev, flow_mod);
+
+	terminate();
+	}
+
+event terminate_me() {
+	terminate();
+}
+
+event remote_connection_closed(p: event_peer) {
+	schedule 1sec { terminate_me() };
+}
+
--- a/testing/btest/scripts/base/frameworks/openflow/ryu-basic.bro
+++ b/testing/btest/scripts/base/frameworks/openflow/ryu-basic.bro
@ -0,0 +1,37 @@
+# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+@load base/protocols/conn
+@load base/frameworks/openflow
+
+global of_controller: OpenFlow::Controller;
+
+event bro_init()
+	{
+	of_controller = OpenFlow::ryu_new(127.0.0.1, 8080, 42);
+	of_controller$state$ryu_debug=T;
+
+	OpenFlow::flow_clear(of_controller);
+	OpenFlow::flow_mod(of_controller, [], [$cookie=OpenFlow::generate_cookie(1), $command=OpenFlow::OFPFC_ADD, $actions=[$out_ports=vector(3, 7)]]);
+	}
+
+event connection_established(c: connection)
+	{
+	local match = OpenFlow::match_conn(c$id);
+	local match_rev = OpenFlow::match_conn(c$id, T);
+
+	local flow_mod: OpenFlow::ofp_flow_mod = [
+		$cookie=OpenFlow::generate_cookie(42),
+		$command=OpenFlow::OFPFC_ADD,
+		$idle_timeout=30,
+		$priority=5
+	];
+
+	OpenFlow::flow_mod(of_controller, match, flow_mod);
+	OpenFlow::flow_mod(of_controller, match_rev, flow_mod);
+	}
+
+event OpenFlow::flow_mod_success(name: string, match: OpenFlow::ofp_match, flow_mod: OpenFlow::ofp_flow_mod, msg: string)
+	{
+	print "Flow_mod_success";
+	}
--- a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.bro
+++ b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.bro
@ -0,0 +1,5 @@
+# This tests extracting the server reported file size 
+# from FTP sessions.
+#
+# @TEST-EXEC: bro -r $TRACES/ftp/ftp-with-numbers-in-filename.pcap
+# @TEST-EXEC: btest-diff ftp.log
				`@ -0,0 +1 @@`
				`error in /Users/johanna/bro/master/testing/btest/.tmp/language.expire_multiple-2/expire_multiple.test, line 2: set/table can only have one of &read_expire, &write_expire, &create_expire (&write_expire=1.0 sec, &create_expire=3.0 secs)`