Updating test baselines for new dictionary code due to changes in ordering of fields in the dictionary

testing/btest/Baseline/bifs.filter_subnet_table/output

@@ -1,16 +1,16 @@
 {
+10.2.0.2/31,
 10.0.0.0/8,
-10.2.0.0/16,
+10.2.0.0/16
-10.2.0.2/31
+}
+{
+[10.2.0.2/31] = c,
+[10.0.0.0/8] = a,
+[10.2.0.0/16] = b
 }
 {
 [10.0.0.0/8] = a,
-[10.2.0.0/16] = b,
+[10.3.0.0/16] = e
-[10.2.0.2/31] = c
-}
-{
-[10.3.0.0/16] = e,
-[10.0.0.0/8] = a
 }
 {
 

testing/btest/Baseline/bifs.find_all/out

@@ -1,4 +1,4 @@
-es
 hi
+es
 -------------------
 0

testing/btest/Baseline/bifs.matching_subnets/output

@@ -1,16 +1,16 @@
 {
-5.0.0.0/8,
-7.2.0.0/32,
-10.3.0.0/16,
-2607:f8b0:4007:807::200e/128,
-10.0.0.0/8,
-2607:f8b0:4007:807::/64,
-10.1.0.0/16,
-5.2.0.0/32,
-10.2.0.0/16,
 2607:f8b0:4008:807::/64,
 10.2.0.2/31,
-5.5.0.0/25
+10.2.0.0/16,
+5.5.0.0/25,
+10.1.0.0/16,
+10.0.0.0/8,
+7.2.0.0/32,
+5.2.0.0/32,
+2607:f8b0:4007:807::200e/128,
+2607:f8b0:4007:807::/64,
+5.0.0.0/8,
+10.3.0.0/16
 }
 [10.2.0.2/31, 10.2.0.0/16, 10.0.0.0/8]
 [2607:f8b0:4007:807::200e/128, 2607:f8b0:4007:807::/64]

testing/btest/Baseline/bifs.netbios-functions/out

@@ -1,7 +1,7 @@
-\x01\x02__MSBROWSE__\x02
-1
 WORKGROUP
 27
+\x01\x02__MSBROWSE__\x02
+1
 MARTIN
 3
 ISATAP

testing/btest/Baseline/bifs.records_fields/out

@@ -1,32 +1,32 @@
 [a=42, b=Foo, c=<uninitialized>, d=Bar, e=tt]
 {
+[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>],
 [b] = [type_name=string, log=F, value=Foo, default_val=Foo],
 [c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[e] = [type_name=any, log=F, value=tt, default_val=<uninitialized>],
+[e] = [type_name=any, log=F, value=tt, default_val=<uninitialized>]
-[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
-[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
 }
 F
 {
-[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
-[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
-[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
+[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
+[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>]
 }
 {
-[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
-[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
-[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
+[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
+[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>]
 }
 {
+[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>],
 [b] = [type_name=string, log=F, value=Foo, default_val=Foo],
 [c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[e] = [type_name=any, log=F, value=mystring, default_val=<uninitialized>],
+[e] = [type_name=any, log=F, value=mystring, default_val=<uninitialized>]
-[a] = [type_name=count, log=F, value=42, default_val=<uninitialized>],
-[d] = [type_name=string, log=T, value=Bar, default_val=<uninitialized>]
 }
 {
 
@@ -35,23 +35,23 @@ F
 [myfield] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>]
 }
 {
-[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
-[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [a] = [type_name=bool, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
-[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>]
+[b] = [type_name=string, log=F, value=<uninitialized>, default_val=Bar],
+[m] = [type_name=record myrec, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>]
 }
 {
+[a] = [type_name=count, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>],
 [b] = [type_name=string, log=F, value=<uninitialized>, default_val=Foo],
 [c] = [type_name=double, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[e] = [type_name=any, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[e] = [type_name=any, log=F, value=<uninitialized>, default_val=<uninitialized>]
-[a] = [type_name=count, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[d] = [type_name=string, log=T, value=<uninitialized>, default_val=<uninitialized>]
 }
 {
+[a] = [type_name=set[double], log=F, value=<uninitialized>, default_val=<uninitialized>],
+[d] = [type_name=table[double,string] of table[string] of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>],
 [b] = [type_name=set[double,string], log=F, value=<uninitialized>, default_val=<uninitialized>],
 [c] = [type_name=set[double,record r], log=F, value=<uninitialized>, default_val=<uninitialized>],
-[e] = [type_name=vector of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>],
+[e] = [type_name=vector of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>]
-[a] = [type_name=set[double], log=F, value=<uninitialized>, default_val=<uninitialized>],
-[d] = [type_name=table[double,string] of table[string] of vector of string, log=F, value=<uninitialized>, default_val=<uninitialized>]
 }

testing/btest/Baseline/broker.store.ops/master.out

@@ -4,8 +4,8 @@
 [4], four, Broker::SUCCESS, [data=broker::data{{1, 2, 3}}]
 [5], five, Broker::FAILURE, [data=<uninitialized>]
 [6], {
-y,
+x,
-x
+y
 }, Broker::SUCCESS, [data=broker::data{(1/tcp, 2/tcp, 3/tcp)}]
 [7], two, Broker::SUCCESS, [data=broker::data{230}]
 [8], three, Broker::SUCCESS, [data=broker::data{320}]

testing/btest/Baseline/broker.store.sqlite/out

@@ -8,6 +8,6 @@ three, Broker::SUCCESS, [data=broker::data{330}]
 four, Broker::SUCCESS, [data=broker::data{{1, 2, 3}}]
 five, Broker::FAILURE, [data=<uninitialized>]
 {
-y,
+x,
-x
+y
 }, Broker::SUCCESS, [data=broker::data{(1/tcp, 2/tcp, 3/tcp)}]

testing/btest/Baseline/broker.store.type-conversion/master.out

@@ -33,13 +33,13 @@ hello
 Broker::BOOL
 {
 two,
-one,
+three,
-three
+one
 }
 {
 [two] = 2,
-[one] = 1,
+[three] = 3,
-[three] = 3
+[one] = 1
 }
 [zero, one, two]
 [s=abc]

testing/btest/Baseline/core.fake_dns/out

@@ -1,7 +1,7 @@
 {
-7a5f:b783:9808:380e:b1a2:ce20:b58e:2a4a,
 51f3:f001:5b82:e802:c401:6750:7b95:89bb,
-4cc7:de52:d869:b2f9:f215:19b8:c828:3bdd
+4cc7:de52:d869:b2f9:f215:19b8:c828:3bdd,
+7a5f:b783:9808:380e:b1a2:ce20:b58e:2a4a
 }
 lookup_hostname_txt, fake_text_lookup_result_bro.wp.dg.cx
 lookup_hostname, {

testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2019-07-31-18-53-23
+#open	2020-07-06-17-36-08
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1333458850.032887	C3eiCBGOLw3VtHfOj	10.131.42.160	62069	94.245.121.253	3544	udp	teredo	-	-	-	SHR	-	-	0	^d	0	0	1	84	C4J4Th3PJpwUYZZ6gc
@@ -22,5 +22,5 @@
 1333458850.029781	CmES5u32sYpV7JYN	190.104.181.254	2152	190.104.181.62	2152	udp	gtpv1	0.000002	192	0	S0	-	-	0	D	2	248	0	0	-
 1333458850.035456	CwjjYJ2WqgTbAqiHl6	190.104.181.210	2152	190.104.181.125	2152	udp	gtpv1	0.000004	194	0	S0	-	-	0	D	2	250	0	0	-
 1333458850.016620	CUM0KZ3MLUfNB0cl11	2001:0:5ef5:79fb:38b8:1695:2b37:be8e	128	2002:2571:c817::2571:c817	129	icmp	-	-	-	-	OTH	-	-	0	-	1	52	0	0	CtPZjS20MLrsMUOJi2
-1333458850.035456	CFLRIC3zaTU1loLGxh	fe80::ffff:ffff:fffe	133	ff02::2	134	icmp	-	0.000004	0	0	OTH	-	-	0	-	2	96	0	0	C9rXSW3KSpTYvPrlI1,C0LAHyvtKSQHyJxIl
+1333458850.035456	CFLRIC3zaTU1loLGxh	fe80::ffff:ffff:fffe	133	ff02::2	134	icmp	-	0.000004	0	0	OTH	-	-	0	-	2	96	0	0	C0LAHyvtKSQHyJxIl,C9rXSW3KSpTYvPrlI1
-#close	2019-07-31-18-53-23
+#close	2020-07-06-17-36-08

testing/btest/Baseline/core.tunnels.gtp.inner_teredo/tunnel.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2019-07-31-18-53-23
+#open	2020-07-06-17-36-08
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1333458850.014199	CHhAvVGS1DHFjwGM9	174.94.190.213	2152	190.104.181.57	2152	Tunnel::GTPv1	Tunnel::DISCOVER
@@ -24,4 +24,4 @@
 1333458850.043796	Ck51lg1bScffFj34Ri	190.104.181.57	2152	190.104.181.222	2152	Tunnel::GTPv1	Tunnel::CLOSE
 1333458850.043796	CmES5u32sYpV7JYN	190.104.181.254	2152	190.104.181.62	2152	Tunnel::GTPv1	Tunnel::CLOSE
 1333458850.043796	CwjjYJ2WqgTbAqiHl6	190.104.181.210	2152	190.104.181.125	2152	Tunnel::GTPv1	Tunnel::CLOSE
-#close	2019-07-31-18-53-23
+#close	2020-07-06-17-36-08

testing/btest/Baseline/core.tunnels.teredo/conn.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2020-04-30-00-45-53
+#open	2020-07-06-17-36-15
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1210953047.736921	ClEkJM2Vm5giqnMf4h	192.168.2.16	1576	75.126.130.163	80	tcp	-	0.000357	0	0	SHR	-	-	0	^fA	1	40	1	40	-
@@ -24,7 +24,7 @@
 1210953052.324629	CmES5u32sYpV7JYN	192.168.2.16	3797	65.55.158.81	3544	udp	-	-	-	-	SHR	-	-	0	^d	0	0	1	137	-
 1210953060.829233	Ck51lg1bScffFj34Ri	192.168.2.16	3797	83.170.1.38	32900	udp	teredo	13.293994	2359	11243	SF	-	-	0	Dd	12	2695	13	11607	-
 1210953046.591933	CHhAvVGS1DHFjwGM9	192.168.2.16	138	192.168.2.255	138	udp	-	28.448321	416	0	S0	-	-	0	D	2	472	0	0	-
-1210953060.829303	C9mvWx3ezztgzcexV7	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.463615	4	4	OTH	-	-	0	-	1	52	1	52	CtPZjS20MLrsMUOJi2,Ck51lg1bScffFj34Ri
+1210953060.829303	C9mvWx3ezztgzcexV7	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.463615	4	4	OTH	-	-	0	-	1	52	1	52	Ck51lg1bScffFj34Ri,CtPZjS20MLrsMUOJi2
 1210953052.324629	CP5puj4I8PtEU4qzYg	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	-	0	-	1	88	0	0	CmES5u32sYpV7JYN
 1210953052.202579	CUM0KZ3MLUfNB0cl11	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	CtPZjS20MLrsMUOJi2
-#close	2020-04-30-00-45-53
+#close	2020-07-06-17-36-15

testing/btest/Baseline/core.tunnels.teredo/http.log

@@ -3,11 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2020-04-30-00-45-53
+#open	2020-07-06-17-36-15
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	origin	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
 1210953057.917183	C3eiCBGOLw3VtHfOj	192.168.2.16	1578	75.126.203.78	80	1	POST	download913.avast.com	/cgi-bin/iavs4stats.cgi	-	1.1	Syncer/4.80 (av_pro-1169;f)	-	589	0	204	<empty>	-	-	(empty)	-	-	-	FS64me2T5SbKZ5Cp53	-	text/plain	-	-	-
 1210953061.585996	CNnMIj2QSd84NKf7U3	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	-	0	6640	200	OK	-	-	(empty)	-	-	-	-	-	-	F6Q5fr1axmaI8Oxy77	-	text/html
 1210953073.381474	CNnMIj2QSd84NKf7U3	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	-	0	25119	200	OK	-	-	(empty)	-	-	-	-	-	-	FGaesFZVSRZcEseFi	-	text/html
 1210953074.674817	CpmdRlaUoJLN3uIRa	192.168.2.16	1580	67.228.110.120	80	1	GET	www.wireshark.org	/	http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	-	0	11845	200	OK	-	-	(empty)	-	-	-	-	-	-	FxVarSo2RcFkvGFxd	-	text/html
-#close	2020-04-30-00-45-53
+#close	2020-07-06-17-36-15

testing/btest/Baseline/core.tunnels.teredo/tunnel.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2020-04-30-00-45-53
+#open	2020-07-06-17-36-15
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1210953052.202579	CtPZjS20MLrsMUOJi2	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::DISCOVER
@@ -12,4 +12,4 @@
 1210953076.058333	CtPZjS20MLrsMUOJi2	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::CLOSE
 1210953076.058333	CmES5u32sYpV7JYN	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::CLOSE
 1210953076.058333	Ck51lg1bScffFj34Ri	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::CLOSE
-#close	2020-04-30-00-45-53
+#close	2020-07-06-17-36-15

testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log

@@ -3,14 +3,14 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2020-04-30-00-45-55
+#open	2020-07-06-17-36-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1340127577.354166	CP5puj4I8PtEU4qzYg	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	tcp	http	0.052829	1675	10467	S1	-	-	0	ShADad	10	2279	12	11191	CUM0KZ3MLUfNB0cl11
 1340127577.336558	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	udp	teredo	0.010291	129	52	SF	-	-	0	Dd	2	185	1	80	-
 1340127577.339015	C4J4Th3PJpwUYZZ6gc	192.168.2.16	3797	65.55.158.81	3544	udp	-	-	-	-	SHR	-	-	0	^d	0	0	1	137	-
 1340127577.341510	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	udp	teredo	0.065485	2367	11243	SF	-	-	0	Dd	12	2703	13	11607	-
-1340127577.343969	CmES5u32sYpV7JYN	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.007778	4	4	OTH	-	-	0	-	1	52	1	52	CUM0KZ3MLUfNB0cl11,CHhAvVGS1DHFjwGM9
+1340127577.343969	CmES5u32sYpV7JYN	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.007778	4	4	OTH	-	-	0	-	1	52	1	52	CHhAvVGS1DHFjwGM9,CUM0KZ3MLUfNB0cl11
 1340127577.339015	CtPZjS20MLrsMUOJi2	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	-	0	-	1	88	0	0	C4J4Th3PJpwUYZZ6gc
 1340127577.336558	ClEkJM2Vm5giqnMf4h	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	CHhAvVGS1DHFjwGM9
-#close	2020-04-30-00-45-55
+#close	2020-07-06-17-36-24

testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2020-04-30-00-45-55
+#open	2020-07-06-17-36-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	origin	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
 1340127577.361683	CP5puj4I8PtEU4qzYg	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	-	0	6640	200	OK	-	-	(empty)	-	-	-	-	-	-	FP83rC4NcNrcMNo2vc	-	text/html
 1340127577.379360	CP5puj4I8PtEU4qzYg	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	-	0	25119	200	OK	-	-	(empty)	-	-	-	-	-	-	FcGY7v3XYRhT3tOXIa	-	text/html
-#close	2020-04-30-00-45-55
+#close	2020-07-06-17-36-24

testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log

@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2020-04-30-00-45-55
+#open	2020-07-06-17-36-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
 1340127577.336558	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::DISCOVER
@@ -12,4 +12,4 @@
 1340127577.406995	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::CLOSE
 1340127577.406995	C4J4Th3PJpwUYZZ6gc	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::CLOSE
 1340127577.406995	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::CLOSE
-#close	2020-04-30-00-45-55
+#close	2020-07-06-17-36-24

testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-04-30-00-45-55
+#open	2020-07-06-17-36-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1340127577.341510	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	Teredo_bubble_with_payload	-	F	zeek
 1340127577.346849	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Teredo_bubble_with_payload	-	F	zeek
-#close	2020-04-30-00-45-55
+#close	2020-07-06-17-36-24

testing/btest/Baseline/language.container-ctor-scope/out

@@ -1,44 +1,44 @@
 {
-[3/tcp] = 3,
+[1/tcp] = 1,
 [2/tcp] = 2,
-[1/tcp] = 1
+[3/tcp] = 3
 }
 {
-[3/tcp] = 3,
+[1/tcp] = 1,
 [2/tcp] = 2,
-[1/tcp] = 1
+[3/tcp] = 3
 }
 {
-3/tcp,
+1/tcp,
 2/tcp,
-1/tcp
+3/tcp
 }
 {
-3/tcp,
+1/tcp,
 2/tcp,
-1/tcp
+3/tcp
 }
 [1/tcp, 2/tcp, 3/tcp, 1/tcp]
 [1/tcp, 2/tcp, 3/tcp, 1/tcp]
 {
-[3/tcp] = 3,
+[1/tcp] = 1,
 [2/tcp] = 2,
-[1/tcp] = 1
+[3/tcp] = 3
 }
 {
-[3/tcp] = 3,
+[1/tcp] = 1,
 [2/tcp] = 2,
-[1/tcp] = 1
+[3/tcp] = 3
 }
 {
-3/tcp,
+1/tcp,
 2/tcp,
-1/tcp
+3/tcp
 }
 {
-3/tcp,
+1/tcp,
 2/tcp,
-1/tcp
+3/tcp
 }
 [1/tcp, 2/tcp, 3/tcp, 1/tcp]
 [1/tcp, 2/tcp, 3/tcp, 1/tcp]

testing/btest/Baseline/language.copy-all-types/out

@@ -5,8 +5,8 @@ orig=42/tcp (port) clone=42/tcp (port) equal=T same_object=T (ok)
 orig=127.0.0.0/24 (subnet) clone=127.0.0.0/24 (subnet) equal=T same_object=T (ok)
 orig=Foo (string) clone=Foo (string) equal=T same_object=F (ok)
 orig=/^?(.*PATTERN.*)$?/ (pattern) clone=/^?(.*PATTERN.*)$?/ (pattern) same_object=F
-orig=2,4,1,5,3 (set[count]) clone=2,4,1,5,3 (set[count]) equal=T same_object=F (ok)
+orig=2,5,3,4,1 (set[count]) clone=2,5,3,4,1 (set[count]) equal=T same_object=F (ok)
 orig=[1, 2, 3, 4, 5] (vector of count) clone=[1, 2, 3, 4, 5] (vector of count) equal=T same_object=F (ok)
-orig=b=vb;a=va (table[string] of string) clone=b=vb;a=va (table[string] of string) equal=T same_object=F (ok)
+orig=a=va;b=vb (table[string] of string) clone=a=va;b=vb (table[string] of string) equal=T same_object=F (ok)
 orig=ENUMME (enum) clone=ENUMME (enum) equal=T same_object=T (ok)
 orig=[s1=s1, s2=s2, i1=[a=a], i2=[a=a], donotset=<uninitialized>, def=5] (record { s1:string; s2:string; i1:record { a:string; }; i2:record { a:string; }; donotset:record { a:string; }; def:count; }) clone=[s1=s1, s2=s2, i1=[a=a], i2=[a=a], donotset=<uninitialized>, def=5] (record { s1:string; s2:string; i1:record { a:string; }; i2:record { a:string; }; donotset:record { a:string; }; def:count; }) equal=T same_object=F (ok)

testing/btest/Baseline/language.cross-product-init/output

@@ -1,6 +1,6 @@
 {
-[foo, 1.2.0.0/19] ,
-[bar, 5.6.0.0/21] ,
 [bar, 1.2.0.0/19] ,
-[foo, 5.6.0.0/21] 
+[foo, 1.2.0.0/19] ,
+[foo, 5.6.0.0/21] ,
+[bar, 5.6.0.0/21] 
 }

testing/btest/Baseline/language.default-params/out

@@ -13,8 +13,8 @@ begin table_func, {
 [initial] = conditions
 }
 end table_func, {
-[initial] = conditions,
+[the test] = works,
-[the test] = works
+[initial] = conditions
 }
 foo_hook, test
 foo_hook, hello

testing/btest/Baseline/language.expire_func/output

@@ -1,99 +1,99 @@
 {
-am,
 here,
-[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
+i,
-i
+am,
+[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
 }
 {
-am,
+here,
+i,
 [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
-here,
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-i
+am
 }
 {
+here,
+i,
+[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
-am,
-[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
-here,
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-i
+am
 }
 {
-[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
-am,
-[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
 here,
-[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
+i,
 [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
-i
-}
-{
-[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
-[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
-am,
 [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
-here,
+[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+am
-i
 }
 {
+here,
+i,
+[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
 [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
 am,
+[orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
+}
+{
+here,
+i,
+[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
 [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
-here,
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+am
-i
 }
 {
-[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
-[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
-am,
-[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
 [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
 [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+i,
 here,
+[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
+[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+am
-i
 }
 {
-[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
-[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
+[orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp],
-am,
+[orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
-[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
+i,
-[orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp],
 here,
+[orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp],
+[orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp],
 [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp],
+am
-i
 }
-expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
+expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
-expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
-expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
-expired am
-expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
 expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
 expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
+expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
 expired here
-expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
-expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
 expired i
+expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
+expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
+expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
+expired am
 {
 [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
 }
 {
-[orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp],
+[orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
 }
-expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
 expired [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
 {
 [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
 }
@@ -102,277 +102,277 @@ expired [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53
 [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
 [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
 [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-}
-{
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
+}
+{
+[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
-[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp],
+[orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
-expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
+expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
 expired [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
+expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
 expired [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
 expired [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
+expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
-expired [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
 {
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp]
+[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp]
 }
 {
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp]
 }
 {
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
 [orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
 [orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
 [orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
 [orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
 [orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
-[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
-[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
-[orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=39723/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
-[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }
 {
+[orig_h=172.16.238.131, orig_p=39723/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=56485/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=123/udp, resp_h=69.50.219.51, resp_p=123/udp],
-[orig_h=172.16.238.131, orig_p=56214/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=46552/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=37934/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=36682/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=58367/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=39723/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp],
-[orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp],
 [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp],
-[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp],
+[orig_h=172.16.238.131, orig_p=38118/udp, resp_h=172.16.238.2, resp_p=53/udp]
-[orig_h=172.16.238.131, orig_p=42269/udp, resp_h=172.16.238.2, resp_p=53/udp]
 }

testing/btest/Baseline/language.expire_subnet/expire-nets-output

@@ -1,5 +1,5 @@
-Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Subnet: 192.168.1.0/24 --> one at 8.0 secs 835.0 msecs 30.078888 usecs
+Expired Subnet: 192.168.4.0/24 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Subnet: 192.168.0.0/16 --> zero at 15.0 secs 150.0 msecs 681.018829 usecs
-Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.018829 usecs
 Expired Subnet: 192.168.2.0/24 --> two at 15.0 secs 150.0 msecs 681.018829 usecs
+Expired Subnet: 192.168.3.0/24 --> three at 15.0 secs 150.0 msecs 681.018829 usecs

testing/btest/Baseline/language.expire_subnet/expire-nums-output

@@ -1,5 +1,5 @@
+Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Num: 4 --> four at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Num: 1 --> one at 8.0 secs 835.0 msecs 30.078888 usecs
-Expired Num: 0 --> zero at 8.0 secs 835.0 msecs 30.078888 usecs
 Expired Num: 2 --> two at 15.0 secs 150.0 msecs 681.018829 usecs
 Expired Num: 3 --> three at 15.0 secs 150.0 msecs 681.018829 usecs

testing/btest/Baseline/language.expire_subnet/output

@@ -1,14 +1,14 @@
 All:
+0 --> zero
 2 --> two
 4 --> four
 1 --> one
-0 --> zero
 3 --> three
 192.168.0.0/16 --> zero
-192.168.3.0/24 --> three
-192.168.2.0/24 --> two
-192.168.4.0/24 --> four
 192.168.1.0/24 --> one
+192.168.2.0/24 --> two
+192.168.3.0/24 --> three
+192.168.4.0/24 --> four
 Time: 0 secs
 
 Accessed table nums: two; three

testing/btest/Baseline/language.index-assignment-invalid/out

@@ -1,5 +1,5 @@
-runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=<uninitialized>], expression: Queue::ret[Queue::j], call stack: 
+runtime error in /Users/tim/Desktop/projects/zeek/scripts/base/utils/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=<uninitialized>], expression: Queue::ret[Queue::j], call stack: 
- #0 Queue::get_vector([initialized=T, vals={[2] = test,[6] = jkl;,[4] = asdf,[1] = goodbye,[5] = 3,[0] = hello,[3] = [a=T, b=hi, c=<uninitialized>]}, settings=[max_len=<uninitialized>], top=7, bottom=0, size=0], [hello, goodbye, test]) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:19 
+ #0 Queue::get_vector([initialized=T, vals={[2] = test,[3] = [a=T, b=hi, c=<uninitialized>],[5] = 3,[0] = hello,[6] = jkl;,[4] = asdf,[1] = goodbye}, settings=[max_len=<uninitialized>], top=7, bottom=0, size=0], [hello, goodbye, test]) at /Users/tim/Desktop/projects/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:19 
- #1 bar(55) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:27 
+ #1 bar(55) at /Users/tim/Desktop/projects/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:27 
- #2 foo(hi, 13) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:39 
+ #2 foo(hi, 13) at /Users/tim/Desktop/projects/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.zeek:39 
  #3 zeek_init() 

testing/btest/Baseline/language.key-value-for/out

@@ -1,4 +1,4 @@
-1, hello
 55, goodbye
-goodbye, world, 55
+1, hello
 hello, world, 1
+goodbye, world, 55

testing/btest/Baseline/language.named-set-ctors/out

@@ -1,13 +1,13 @@
 {
+3,
 1,
-5,
+5
-3
 }
 {
-[min=<uninitialized>, max=5],
+[min=<uninitialized>, max=2],
-[min=<uninitialized>, max=2]
+[min=<uninitialized>, max=5]
 }
 {
-[test, 1] ,
+[cool, 2] ,
-[cool, 2] 
+[test, 1] 
 }

testing/btest/Baseline/language.named-table-ctors/out

@@ -1,15 +1,15 @@
 {
+[3] = three,
 [1] = one,
-[5] = five,
+[5] = five
-[3] = three
 }
 {
-[[min=<uninitialized>, max=5]] = max5,
+[[min=<uninitialized>, max=2]] = max2,
-[[min=<uninitialized>, max=2]] = max2
+[[min=<uninitialized>, max=5]] = max5
 }
 {
-[test, 1] = test1,
+[cool, 2] = cool2,
-[cool, 2] = cool2
+[test, 1] = test1
 }
 {
 [two] = 2.0,

testing/btest/Baseline/language.next-test/output

@@ -1,8 +1,8 @@
-1
-1
 0
+1
+1
 MIDDLE
+0
+0
 1
-0
-0
 THE END

testing/btest/Baseline/language.on_change_expire/output

@@ -7,30 +7,30 @@ change_function, [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp
 change_function, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp], 1, TABLE_ELEMENT_NEW
-expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
-change_function, [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
-change_function, [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
-change_function, [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
-change_function, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
-change_function, [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
-change_function, [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
-change_function, [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
 expired a
 change_function, a, 5, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
+change_function, [orig_h=172.16.238.131, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
+change_function, [orig_h=172.16.238.1, orig_p=49658/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp]
+change_function, [orig_h=172.16.238.1, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=37975/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp]
+change_function, [orig_h=172.16.238.1, orig_p=17500/udp, resp_h=172.16.238.255, resp_p=17500/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp]
+change_function, [orig_h=fe80::20c:29ff:febd:6f01, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp]
+change_function, [orig_h=172.16.238.1, orig_p=49657/tcp, resp_h=172.16.238.131, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp]
+change_function, [orig_h=172.16.238.1, orig_p=49656/tcp, resp_h=172.16.238.131, resp_p=22/tcp], 1, TABLE_ELEMENT_EXPIRED
 change_function, [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
-expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
-change_function, [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp], 1, TABLE_ELEMENT_EXPIRED
 expired [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp]
 change_function, [orig_h=172.16.238.131, orig_p=45126/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp]
+change_function, [orig_h=172.16.238.1, orig_p=49659/tcp, resp_h=172.16.238.131, resp_p=21/tcp], 1, TABLE_ELEMENT_EXPIRED
 change_function, [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
@@ -46,36 +46,36 @@ change_function, [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2,
 change_function, [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
-expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
-change_function, [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
-expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
-change_function, [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
 expired [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp]
 change_function, [orig_h=172.16.238.131, orig_p=53102/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=48621/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=33109/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=57272/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=50205/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=54304/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=44555/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=51970/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=59573/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp]
+change_function, [orig_h=172.16.238.131, orig_p=55515/tcp, resp_h=74.125.225.81, resp_p=80/tcp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=33818/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=55368/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=37846/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=45140/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
+expired [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp]
+change_function, [orig_h=172.16.238.131, orig_p=52952/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_EXPIRED
 change_function, [orig_h=172.16.238.131, orig_p=54935/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=33624/udp, resp_h=172.16.238.2, resp_p=53/udp], 1, TABLE_ELEMENT_NEW
 change_function, [orig_h=172.16.238.131, orig_p=45908/tcp, resp_h=141.142.192.39, resp_p=22/tcp], 1, TABLE_ELEMENT_NEW

testing/btest/Baseline/language.patterns-stored-in-containers/out

@@ -6,14 +6,14 @@
 /^?(b)$?/, F
 /^?(o)$?/, T
 ---
-/^?(a)$?/, F
-/^?(b)$?/, F
-/^?(o)$?/, T
----
-/^?(a)$?/, F
-/^?(b)$?/, F
-/^?(o)$?/, T
----
 /^?(o)$?/, T
 /^?(b)$?/, F
 /^?(a)$?/, F
+---
+/^?(o)$?/, T
+/^?(b)$?/, F
+/^?(a)$?/, F
+---
+/^?(a)$?/, F
+/^?(o)$?/, T
+/^?(b)$?/, F

testing/btest/Baseline/language.rec-table-default/output

@@ -5,9 +5,9 @@
 
 }
 {
-B,
 A,
-C
+C,
+B
 }
 {
 

testing/btest/Baseline/language.record-index-complex-fields/output

@@ -4,24 +4,24 @@
 [two] = 2,
 [one] = 1
 }, tags_s={
-b,
+a,
-a
+b
 }]
 }
 }
 {
 [a=13, tags_v=[, , 2, 3], tags_t={
-[five] = 5,
+[four] = 4,
-[four] = 4
+[five] = 5
 }, tags_s={
-c,
+d,
-d
+c
 }],
 [a=4, tags_v=[0, 1], tags_t={
 [two] = 2,
 [one] = 1
 }, tags_s={
-b,
+a,
-a
+b
 }]
 }

testing/btest/Baseline/language.table-init-attrs/output

@@ -1,9 +1,9 @@
 my_set_ctor_init
 {
 test4,
+test2,
 test3,
-test1,
+test1
-test2
 }
 
 my_table_ctor_init
@@ -17,17 +17,17 @@ nope
 my_set_init
 {
 test4,
+test2,
 test3,
-test1,
+test1
-test2
 }
 
 my_table_init
 {
-[2] = test2,
 [4] = test4,
-[1] = test1,
+[2] = test2,
-[3] = test3
+[3] = test3,
+[1] = test1
 }
 nope
 

testing/btest/Baseline/language.table-init-container-ctors/output

@@ -5,8 +5,8 @@ table of set
 [baz, 4] 
 },
 [13] = {
-[foo, 1] ,
+[bar, 2] ,
-[bar, 2] 
+[foo, 1] 
 }
 }
 
@@ -23,8 +23,8 @@ table of table
 [baz, 4] = 4
 },
 [13] = {
-[foo, 1] = 1,
+[bar, 2] = 2,
-[bar, 2] = 2
+[foo, 1] = 1
 }
 }
 

testing/btest/Baseline/language.table-init-record-idx-2/output

@@ -16,10 +16,10 @@ F
 F
 now here's the foo table...
 {
-[[a=foo, b=1], 1] = 1,
-[[a=baz, b=5], 5] = 5,
-[[a=foo, b=2], 2] = 2,
 [[a=bar, b=3], 3] = 3,
 [[a=baz, b=6], 6] = 6,
+[[a=baz, b=5], 5] = 5,
+[[a=foo, b=2], 2] = 2,
+[[a=foo, b=1], 1] = 1,
 [[a=bar, b=4], 4] = 4
 }

testing/btest/Baseline/language.table-init-record-idx-3/output

@@ -20,6 +20,6 @@ now here's the foo table...
 [[a=foo, b=1]] = 1,
 [[a=bar, b=3]] = 3,
 [[a=baz, b=6]] = 6,
-[[a=baz, b=5]] = 5,
+[[a=bar, b=4]] = 4,
-[[a=bar, b=4]] = 4
+[[a=baz, b=5]] = 5
 }

testing/btest/Baseline/language.table-init-record-idx-4/output

@@ -16,10 +16,10 @@ F
 F
 now here's the foo table...
 {
-[[a=foo, b=1], 1] = 1,
-[[a=baz, b=5], 5] = 5,
-[[a=foo, b=2], 2] = 2,
 [[a=bar, b=3], 3] = 3,
 [[a=baz, b=6], 6] = 6,
+[[a=baz, b=5], 5] = 5,
+[[a=foo, b=2], 2] = 2,
+[[a=foo, b=1], 1] = 1,
 [[a=bar, b=4], 4] = 4
 }

testing/btest/Baseline/language.table-init-record-idx/output

@@ -20,6 +20,6 @@ now here's the foo table...
 [[a=foo, b=1]] = 1,
 [[a=bar, b=3]] = 3,
 [[a=baz, b=6]] = 6,
-[[a=baz, b=5]] = 5,
+[[a=bar, b=4]] = 4,
-[[a=bar, b=4]] = 4
+[[a=baz, b=5]] = 5
 }

testing/btest/Baseline/language.table-pattern-index/out

@@ -4,16 +4,16 @@
 /^?(four)$?/
 -----------------
 /^?(two|oob)$?/
-/^?(four)$?/
 /^?(one|foo|bar)$?/
+/^?(four)$?/
 /^?(three|oob)$?/
 -----------------
 /^?(two|oob)$?/, 1
-/^?(four)$?/, 3
 /^?(one|foo|bar)$?/, 0
+/^?(four)$?/, 3
 /^?(three|oob)$?/, 2
 -----------------
+/^?(three|oob)$?/, 4, 4
+/^?(two|oob)$?/, 3, 2
 /^?(one|foo|bar)$?/, 2, 0
 /^?(four)$?/, 5, 6
-/^?(two|oob)$?/, 3, 2
-/^?(three|oob)$?/, 4, 4

testing/btest/Baseline/language.table-redef/out

@@ -1,6 +1,6 @@
 {
-[cool] = 28.0,
+[abc] = 8.0,
-[def] = 99.0,
 [neat] = 1.0,
-[abc] = 8.0
+[cool] = 28.0,
+[def] = 99.0
 }

testing/btest/Baseline/language.while/out

@@ -3,10 +3,10 @@ s
 ss
 sss
 {
-9,
-1,
-7,
 5,
-3
+7,
+3,
+9,
+1
 }
 [number 0, number 1, number 2, number 3, number 4, number 5, number 6, number 7, number 8, number 9, number 10, number 11, number 12]

testing/btest/Baseline/plugins.hooks/output

@@ -133,14 +133,14 @@
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_AYIYA, {5072/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DCE_RPC, {135/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DHCP, {67<...>/udp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5355<...>/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5353<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2123<...>/udp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {8080<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {80<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6669<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6666<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB, {88/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB_TCP, {88/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_MODBUS, {502/tcp})) -> <no result>
@@ -151,11 +151,11 @@
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_RDPEUDP, {3389/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SIP, {5060/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMB, {139<...>/tcp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {587<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {25<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SNMP, {162<...>/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SOCKS, {1080/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSH, {22/tcp})) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {5223<...>/tcp})) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {563<...>/tcp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SYSLOG, {514/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp})) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_VXLAN, {4789/udp})) -> <no result>
@@ -282,7 +282,7 @@
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Broker::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::add_default_filter, <frame>, (Config::LOG)) -> <no result>
@@ -463,7 +463,7 @@
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])) -> <no result>
 0.000000   MetaHookPost  CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])) -> <no result>
-0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
+0.000000   MetaHookPost  CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::check_plugins, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(NetControl::init, <null>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(Notice::want_pp, <frame>, ()) -> <no result>
@@ -1056,14 +1056,14 @@
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_AYIYA, {5072/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DCE_RPC, {135/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DHCP, {67<...>/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5355<...>/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DNS, {5353<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_DTLS, {443/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_FTP, {2811<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2123<...>/udp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_GTPV1, {2152<...>/udp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {8080<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_HTTP, {80<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IMAP, {143/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6669<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_IRC, {6666<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB, {88/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_KRB_TCP, {88/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_MODBUS, {502/tcp}))
@@ -1074,11 +1074,11 @@
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_RDPEUDP, {3389/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SIP, {5060/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMB, {139<...>/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {587<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SMTP, {25<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SNMP, {162<...>/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SOCKS, {1080/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSH, {22/tcp}))
-0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {5223<...>/tcp}))
+0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SSL, {563<...>/tcp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_SYSLOG, {514/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_TEREDO, {3544/udp}))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_ports, <frame>, (Analyzer::ANALYZER_VXLAN, {4789/udp}))
@@ -1205,7 +1205,7 @@
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::__create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::__write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Broker::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Cluster::LOG))
 0.000000   MetaHookPre   CallFunction(Log::add_default_filter, <frame>, (Config::LOG))
@@ -1386,7 +1386,7 @@
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509]))
 0.000000   MetaHookPre   CallFunction(Log::create_stream, <frame>, (mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql]))
-0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]))
+0.000000   MetaHookPre   CallFunction(Log::write, <frame>, (PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T]))
 0.000000   MetaHookPre   CallFunction(NetControl::check_plugins, <frame>, ())
 0.000000   MetaHookPre   CallFunction(NetControl::init, <null>, ())
 0.000000   MetaHookPre   CallFunction(Notice::want_pp, <frame>, ())
@@ -1979,14 +1979,14 @@
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_AYIYA, {5072/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DCE_RPC, {135/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, {67<...>/udp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/udp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, {20000<...>/tcp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5355<...>/udp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, {5353<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_DTLS, {443/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, {2811<...>/tcp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2123<...>/udp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_GTPV1, {2152<...>/udp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {8080<...>/tcp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, {80<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IMAP, {143/tcp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6669<...>/tcp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, {6666<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB, {88/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_KRB_TCP, {88/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, {502/tcp})
@@ -1997,11 +1997,11 @@
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_RDPEUDP, {3389/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SIP, {5060/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMB, {139<...>/tcp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {587<...>/tcp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, {25<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, {162<...>/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, {1080/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, {22/tcp})
-0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, {5223<...>/tcp})
+0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, {563<...>/tcp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, {514/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, {3544/udp})
 0.000000 | HookCallFunction Analyzer::register_for_ports(Analyzer::ANALYZER_VXLAN, {4789/udp})
@@ -2127,7 +2127,7 @@
 0.000000 | HookCallFunction Log::__create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::__create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::__create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::__write(PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction Log::add_default_filter(Broker::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Cluster::LOG)
 0.000000 | HookCallFunction Log::add_default_filter(Config::LOG)
@@ -2308,7 +2308,7 @@
 0.000000 | HookCallFunction Log::create_stream(Weird::LOG, [columns=Weird::Info, ev=Weird::log_weird, path=weird])
 0.000000 | HookCallFunction Log::create_stream(X509::LOG, [columns=X509::Info, ev=X509::log_x509, path=x509])
 0.000000 | HookCallFunction Log::create_stream(mysql::LOG, [columns=MySQL::Info, ev=MySQL::log_mysql, path=mysql])
-0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T])
+0.000000 | HookCallFunction Log::write(PacketFilter::LOG, [ts=1594057891.73307, node=zeek, filter=ip or not ip, init=T, success=T])
 0.000000 | HookCallFunction NetControl::check_plugins()
 0.000000 | HookCallFunction NetControl::init()
 0.000000 | HookCallFunction Notice::want_pp()
@@ -2762,7 +2762,7 @@
 0.000000 | HookLoadFile  base<...>/xmpp
 0.000000 | HookLoadFile  base<...>/zeek.bif.zeek
 0.000000 | HookLogInit   packet_filter 1/1 {ts (time), node (string), filter (string), init (bool), success (bool)}
-0.000000 | HookLogWrite  packet_filter [ts=1594172474.563824, node=zeek, filter=ip or not ip, init=T, success=T]
+0.000000 | HookLogWrite  packet_filter [ts=1594057891.733070, node=zeek, filter=ip or not ip, init=T, success=T]
 0.000000 | HookQueueEvent NetControl::init()
 0.000000 | HookQueueEvent filter_change_tracking()
 0.000000 | HookQueueEvent zeek_init()

testing/btest/Baseline/plugins.logging-hooks/output

@@ -1 +1 @@
-1488216470.960453 | HookLogInit   ssh 1/1 {b (bool), i (int), e (enum), c (count), p (port), sn (subnet), a (addr), d (double), t (time), iv (interval), s (string), sc (set[count]), ss (set[string]), se (set[string]), vc (vector[count]), ve (vector[string]), f (func)}
+1594057911.083127 | HookLogInit   ssh 1/1 {b (bool), i (int), e (enum), c (count), p (port), sn (subnet), a (addr), d (double), t (time), iv (interval), s (string), sc (set[count]), ss (set[string]), se (set[string]), vc (vector[count]), ve (vector[string]), f (func)}

testing/btest/Baseline/plugins.logging-hooks/ssh.log

@@ -3,9 +3,9 @@
 #empty_field	EMPTY
 #unset_field	-
 #path	ssh
-#open	2017-02-27-17-27-50
+#open	2020-07-06-17-51-51
 #fields	b	i	e	c	p	sn	a	d	t	iv	s	sc	ss	se	vc	ve	f
 #types	bool	int	enum	count	port	subnet	addr	double	time	interval	string	set[count]	set[string]	set[string]	vector[count]	vector[string]	func
-F	-2	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1488216470.960453	100.000000	hurz	2,4,1,3	BB,AA,CC	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
+F	-2	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1594057911.083127	100.000000	hurz	4,2,3,1	CC,BB,AA	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
-T	-	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1488216470.960453	100.000000	hurz	2,4,1,3	BB,AA,CC	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
+T	-	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1594057911.083127	100.000000	hurz	4,2,3,1	CC,BB,AA	EMPTY	10,20,30	EMPTY	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
-#close	2017-02-27-17-27-50
+#close	2020-07-06-17-51-51

testing/btest/Baseline/plugins.writer/output

@@ -3,7 +3,7 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
 
 ===
 [conn] 1340213005.165293|CHhAvVGS1DHFjwGM9|10.0.0.55|53994|60.190.189.214|8124|tcp|-|4.314406|0|0|S0|-|-|0|S|5|320|0|0|-
-[conn] 1340213010.582723|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|socks,http|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|-
+[conn] 1340213010.582723|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|tcp|http,socks|13.839419|3860|2934|SF|-|-|0|ShADadfF|23|5080|20|3986|-
 [conn] 1340213048.780152|C4J4Th3PJpwUYZZ6gc|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
 [conn] 1340213097.272764|CtPZjS20MLrsMUOJi2|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
 [conn] 1340213162.160367|CUM0KZ3MLUfNB0cl11|10.0.0.55|53994|60.190.189.214|8124|tcp|-|-|-|-|SH|-|-|0|F|1|52|0|0|-
@@ -17,6 +17,6 @@ Demo::Foo - A Foo test logging writer (dynamic, version 1.0.0)
 [http] 1340213020.732963|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|GET|www.osnews.com|/images/icons/17.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
 [http] 1340213021.300269|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|6|GET|www.osnews.com|/images/left.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
 [http] 1340213021.861584|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|7|GET|www.osnews.com|/images/icons/32.gif|http://www.osnews.com/|1.1|Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0.2) Gecko/20100101 Firefox/10.0.2|-|0|0|304|Not Modified|-|-||-|-|-|-|-|-|-|-|-
-[packet_filter] 1588207600.726061|zeek|ip or not ip|T|T
+[packet_filter] 1594057935.894949|zeek|ip or not ip|T|T
 [socks] 1340213015.276495|ClEkJM2Vm5giqnMf4h|10.0.0.55|53994|60.190.189.214|8124|5|-|-|succeeded|-|www.osnews.com|80|192.168.0.31|-|2688
 [tunnel] 1340213015.276495|-|10.0.0.55|0|60.190.189.214|8124|Tunnel::SOCKS|Tunnel::DISCOVER

testing/btest/Baseline/scripts.base.frameworks.config.basic/zeek.config.log

@@ -3,23 +3,23 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2018-08-10-18-16-52
+#open	2020-07-06-18-21-36
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1533925012.140634	testbool	T	F	../configfile
+1594059696.059713	testbool	T	F	../configfile
-1533925012.140634	testcount	0	1	../configfile
+1594059696.059713	testcount	0	1	../configfile
-1533925012.140634	testcount	1	2	../configfile
+1594059696.059713	testcount	1	2	../configfile
-1533925012.140634	testint	0	-1	../configfile
+1594059696.059713	testint	0	-1	../configfile
-1533925012.140634	testenum	SSH::LOG	Conn::LOG	../configfile
+1594059696.059713	testenum	SSH::LOG	Conn::LOG	../configfile
-1533925012.140634	testport	42/tcp	45/unknown	../configfile
+1594059696.059713	testport	42/tcp	45/unknown	../configfile
-1533925012.140634	testporttcp	40/udp	42/tcp	../configfile
+1594059696.059713	testporttcp	40/udp	42/tcp	../configfile
-1533925012.140634	testportudp	40/tcp	42/udp	../configfile
+1594059696.059713	testportudp	40/tcp	42/udp	../configfile
-1533925012.140634	testaddr	127.0.0.1	127.0.0.1	../configfile
+1594059696.059713	testaddr	127.0.0.1	127.0.0.1	../configfile
-1533925012.140634	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1594059696.059713	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
-1533925012.140634	testinterval	1.0 sec	1.0 min	../configfile
+1594059696.059713	testinterval	1.0 sec	1.0 min	../configfile
-1533925012.140634	testtime	0.0	1507321987.0	../configfile
+1594059696.059713	testtime	0.0	1507321987.0	../configfile
-1533925012.140634	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1594059696.059713	test_set	(empty)	a,d,b,c,erdbeerschnitzel	../configfile
-1533925012.140634	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1594059696.059713	test_vector	(empty)	1,2,3,4,5,6	../configfile
-1533925012.140634	test_set	b,c,a,d,erdbeerschnitzel	(empty)	../configfile
+1594059696.059713	test_set	a,d,b,c,erdbeerschnitzel	(empty)	../configfile
-1533925012.140634	test_set	(empty)	\x2d	../configfile
+1594059696.059713	test_set	(empty)	\x2d	../configfile
-#close	2018-08-10-18-16-52
+#close	2020-07-06-18-21-36

testing/btest/Baseline/scripts.base.frameworks.config.basic_cluster/manager-1.config.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2018-06-22-18-27-45
+#open	2020-07-06-18-21-44
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1529692065.525489	testport	42/tcp	44/tcp	-
+1594059704.790556	testport	42/tcp	44/tcp	-
-1529692065.562594	teststring	a	b	comment
+1594059704.790556	teststring	a	b	comment
-#close	2018-06-22-18-27-50
+#close	2020-07-06-18-21-49

testing/btest/Baseline/scripts.base.frameworks.config.container-options/out

@@ -8,9 +8,9 @@ RED
 BLUE
 }
 {
+RED,
 BLUE,
-GREEN,
+GREEN
-RED
 }
 {
 
@@ -32,9 +32,9 @@ RED
 [BLUE] = blue
 }
 {
+[RED] = red,
 [BLUE] = blue,
-[GREEN] = green,
+[GREEN] = green
-[RED] = red
 }
 {
 

testing/btest/Baseline/scripts.base.frameworks.config.read_config/zeek.config.log

@@ -3,22 +3,22 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2019-10-14-15-40-21
+#open	2020-07-06-18-22-46
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1571067621.558501	testbool	T	F	../configfile
+1594059766.418882	testbool	T	F	../configfile
-1571067621.558501	testcount	0	1	../configfile
+1594059766.418882	testcount	0	1	../configfile
-1571067621.558501	testcount	1	2	../configfile
+1594059766.418882	testcount	1	2	../configfile
-1571067621.558501	testint	0	-1	../configfile
+1594059766.418882	testint	0	-1	../configfile
-1571067621.558501	testenum	SSH::LOG	Conn::LOG	../configfile
+1594059766.418882	testenum	SSH::LOG	Conn::LOG	../configfile
-1571067621.558501	testport	42/tcp	45/unknown	../configfile
+1594059766.418882	testport	42/tcp	45/unknown	../configfile
-1571067621.558501	testaddr	127.0.0.1	127.0.0.1	../configfile
+1594059766.418882	testaddr	127.0.0.1	127.0.0.1	../configfile
-1571067621.558501	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1594059766.418882	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
-1571067621.558501	testinterval	1.0 sec	1.0 min	../configfile
+1594059766.418882	testinterval	1.0 sec	1.0 min	../configfile
-1571067621.558501	teststring	a	abc	../configfile
+1594059766.418882	teststring	a	abc	../configfile
-1571067621.558501	testtime	0.0	1507321987.0	../configfile
+1594059766.418882	testtime	0.0	1507321987.0	../configfile
-1571067621.558501	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1594059766.418882	test_set	(empty)	a,d,b,c,erdbeerschnitzel	../configfile
-1571067621.558501	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1594059766.418882	test_vector	(empty)	1,2,3,4,5,6	../configfile
-1571067621.558501	test_set	b,c,a,d,erdbeerschnitzel	(empty)	../configfile
+1594059766.418882	test_set	a,d,b,c,erdbeerschnitzel	(empty)	../configfile
-1571067621.558501	test_set	(empty)	\x2d	../configfile
+1594059766.418882	test_set	(empty)	\x2d	../configfile
-#close	2019-10-14-15-40-21
+#close	2020-07-06-18-22-46

testing/btest/Baseline/scripts.base.frameworks.config.read_config_cluster/manager-1.config.log

@@ -3,22 +3,22 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2018-07-20-20-40-10
+#open	2020-07-06-18-22-53
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1532119210.151927	testbool	T	F	../configfile
+1594059773.776304	testbool	T	F	../configfile
-1532119210.151927	testcount	0	1	../configfile
+1594059773.776304	testcount	0	1	../configfile
-1532119210.151927	testcount	1	2	../configfile
+1594059773.776304	testcount	1	2	../configfile
-1532119210.151927	testint	0	-1	../configfile
+1594059773.776304	testint	0	-1	../configfile
-1532119210.151927	testenum	SSH::LOG	Conn::LOG	../configfile
+1594059773.776304	testenum	SSH::LOG	Conn::LOG	../configfile
-1532119210.151927	testport	42/tcp	45/unknown	../configfile
+1594059773.776304	testport	42/tcp	45/unknown	../configfile
-1532119210.151927	testaddr	127.0.0.1	127.0.0.1	../configfile
+1594059773.776304	testaddr	127.0.0.1	127.0.0.1	../configfile
-1532119210.151927	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1594059773.776304	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
-1532119210.151927	testinterval	1.0 sec	1.0 min	../configfile
+1594059773.776304	testinterval	1.0 sec	1.0 min	../configfile
-1532119210.151927	testtime	0.0	1507321987.0	../configfile
+1594059773.776304	testtime	0.0	1507321987.0	../configfile
-1532119210.151927	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1594059773.776304	test_set	(empty)	a,d,b,c,erdbeerschnitzel	../configfile
-1532119210.151927	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1594059773.776304	test_vector	(empty)	1,2,3,4,5,6	../configfile
-1532119210.151927	test_set	b,c,a,d,erdbeerschnitzel	\x28empty)	../configfile
+1594059773.776304	test_set	a,d,b,c,erdbeerschnitzel	\x28empty)	../configfile
-1532119210.151927	test_set	\x28empty)	\x2d	../configfile
+1594059773.776304	test_set	\x28empty)	\x2d	../configfile
-1532119210.151927	test_set_full	2,1,7,15,10,3	6,4,1,7,5,3	../configfile
+1594059773.776304	test_set_full	2,7,3,15,10,1	3,5,7,6,4,1	../configfile
-#close	2018-07-20-20-40-22
+#close	2020-07-06-18-23-04

testing/btest/Baseline/scripts.base.frameworks.config.read_config_cluster/worker-1..stdout

@@ -1,12 +1,12 @@
 cluster_set_option, testtime, [data=broker::data{1507321987000000000ns}], ../configfile
-cluster_set_option, testint, [data=broker::data{-1}], ../configfile
+cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile
+cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
+cluster_set_option, testcount, [data=broker::data{2}], ../configfile
+cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
 option changed, testport, 45/unknown, ../configfile
 cluster_set_option, testport, [data=broker::data{45/?}], ../configfile
 cluster_set_option, testinterval, [data=broker::data{60000000000ns}], ../configfile
+cluster_set_option, testint, [data=broker::data{-1}], ../configfile
 cluster_set_option, test_set, [data=broker::data{{-}}], ../configfile
-cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
-cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
-cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile
 cluster_set_option, testbool, [data=broker::data{F}], ../configfile
-cluster_set_option, testcount, [data=broker::data{2}], ../configfile
+cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile
-cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile

testing/btest/Baseline/scripts.base.frameworks.config.read_config_cluster/worker-2..stdout

@@ -1,12 +1,12 @@
 cluster_set_option, testtime, [data=broker::data{1507321987000000000ns}], ../configfile
-cluster_set_option, testint, [data=broker::data{-1}], ../configfile
+cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile
+cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
+cluster_set_option, testcount, [data=broker::data{2}], ../configfile
+cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
 option changed, testport, 45/unknown, ../configfile
 cluster_set_option, testport, [data=broker::data{45/?}], ../configfile
 cluster_set_option, testinterval, [data=broker::data{60000000000ns}], ../configfile
+cluster_set_option, testint, [data=broker::data{-1}], ../configfile
 cluster_set_option, test_set, [data=broker::data{{-}}], ../configfile
-cluster_set_option, testaddr, [data=broker::data{2607:f8b0:4005:801::200e}], ../configfile
-cluster_set_option, testenum, [data=broker::data{Conn::LOG}], ../configfile
-cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile
 cluster_set_option, testbool, [data=broker::data{F}], ../configfile
-cluster_set_option, testcount, [data=broker::data{2}], ../configfile
+cluster_set_option, test_vector, [data=broker::data{(1, 2, 3, 4, 5, 6)}], ../configfile
-cluster_set_option, test_set_full, [data=broker::data{{1, 3, 4, 5, 6, 7}}], ../configfile

testing/btest/Baseline/scripts.base.frameworks.config.several-files/zeek.config.log

@@ -1,19 +1,19 @@
-#close	2018-02-07-22-20-13
-#empty_field	(empty)
-#fields	ts	id	old_value	new_value	location
-#open	2018-02-07-22-20-13
-#path	config
 #separator \x09
 #set_separator	,
-#types	time	string	string	string	string
+#empty_field	(empty)
 #unset_field	-
-1518042012.989543	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile1
+#path	config
-1518042012.989543	test_vector	(empty)	1,2,3,4,5,6	../configfile1
+#open	2020-07-06-18-23-08
-1518042012.989543	testaddr	127.0.0.1	127.0.0.1	../configfile2
+#fields	ts	id	old_value	new_value	location
-1518042012.989543	testbool	T	F	../configfile1
+#types	time	string	string	string	string
-1518042012.989543	testcount	0	2	../configfile1
+1594059788.562153	testbool	T	F	../configfile1
-1518042012.989543	testenum	SSH::LOG	Conn::LOG	../configfile1
+1594059788.562153	testcount	0	2	../configfile1
-1518042012.989543	testint	0	-1	../configfile1
+1594059788.562153	testint	0	-1	../configfile1
-1518042012.989543	testinterval	1.0 sec	1.0 min	../configfile2
+1594059788.562153	testenum	SSH::LOG	Conn::LOG	../configfile1
-1518042012.989543	testport	42/tcp	45/unknown	../configfile2
+1594059788.562153	test_set	(empty)	a,d,b,c,erdbeerschnitzel	../configfile1
-1518042012.989543	testtime	0.0	1507321987.0	../configfile2
+1594059788.562153	test_vector	(empty)	1,2,3,4,5,6	../configfile1
+1594059788.562153	testport	42/tcp	45/unknown	../configfile2
+1594059788.562153	testaddr	127.0.0.1	127.0.0.1	../configfile2
+1594059788.562153	testinterval	1.0 sec	1.0 min	../configfile2
+1594059788.562153	testtime	0.0	1507321987.0	../configfile2
+#close	2020-07-06-18-23-08

testing/btest/Baseline/scripts.base.frameworks.config.updates/zeek.config.log

@@ -3,25 +3,25 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2018-01-18-23-16-41
+#open	2020-07-06-18-23-11
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1516317401.889929	testbool	T	F	../configfile
+1594059791.896375	testbool	T	F	../configfile
-1516317401.889929	testcount	0	1	../configfile
+1594059791.896375	testcount	0	1	../configfile
-1516317401.889929	testcount	1	2	../configfile
+1594059791.896375	testcount	1	2	../configfile
-1516317401.889929	testint	0	-1	../configfile
+1594059791.896375	testint	0	-1	../configfile
-1516317401.889929	testenum	SSH::LOG	Conn::LOG	../configfile
+1594059791.896375	testenum	SSH::LOG	Conn::LOG	../configfile
-1516317401.889929	testport	42/tcp	45/unknown	../configfile
+1594059791.896375	testport	42/tcp	45/unknown	../configfile
-1516317401.889929	testaddr	127.0.0.1	127.0.0.1	../configfile
+1594059791.896375	testaddr	127.0.0.1	127.0.0.1	../configfile
-1516317401.889929	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1594059791.896375	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
-1516317401.889929	testinterval	1.0 sec	1.0 min	../configfile
+1594059791.896375	testinterval	1.0 sec	1.0 min	../configfile
-1516317401.889929	testtime	0.0	1507321987.0	../configfile
+1594059791.896375	testtime	0.0	1507321987.0	../configfile
-1516317401.889929	test_set	(empty)	b,c,a,d,erdbeerschnitzel	../configfile
+1594059791.896375	test_set	(empty)	a,d,b,c,erdbeerschnitzel	../configfile
-1516317401.889929	test_vector	(empty)	1,2,3,4,5,6	../configfile
+1594059791.896375	test_vector	(empty)	1,2,3,4,5,6	../configfile
-1516317405.093522	testcount	2	1	../configfile
+1594059793.173710	testcount	2	1	../configfile
-1516317405.093522	testcount	1	2	../configfile
+1594059793.173710	testcount	1	2	../configfile
-1516317405.093522	testaddr	2607:f8b0:4005:801::200e	127.0.0.1	../configfile
+1594059793.173710	testaddr	2607:f8b0:4005:801::200e	127.0.0.1	../configfile
-1516317405.093522	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
+1594059793.173710	testaddr	127.0.0.1	2607:f8b0:4005:801::200e	../configfile
-1516317405.093522	test_vector	1,2,3,4,5,6	1,2,3,4,5,9	../configfile
+1594059793.173710	test_vector	1,2,3,4,5,6	1,2,3,4,5,9	../configfile
-1516317409.199572	test_vector	1,2,3,4,5,9	1,2,3,4,5,9	../configfile
+1594059795.177655	test_vector	1,2,3,4,5,9	1,2,3,4,5,9	../configfile
-#close	2018-01-18-23-16-49
+#close	2020-07-06-18-23-15

testing/btest/Baseline/scripts.base.frameworks.config.weird/config.log

@@ -3,11 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2018-09-05-19-30-42
+#open	2020-07-06-18-23-21
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
 0.000000	Weird::sampling_duration	10.0 mins	5.0 secs	-
 0.000000	Weird::sampling_threshold	25	10	-
 0.000000	Weird::sampling_rate	1000	10	-
 0.000000	Weird::sampling_whitelist	(empty)	whitelisted_net_weird,whitelisted_flow_weird,whitelisted_conn_weird	-
-#close	2018-09-05-19-30-42
+#close	2020-07-06-18-23-21

testing/btest/Baseline/scripts.base.frameworks.config.weird/output

@@ -1,8 +1,8 @@
 Config values set
 {
 whitelisted_net_weird,
-whitelisted_flow_weird,
+whitelisted_conn_weird,
-whitelisted_conn_weird
+whitelisted_flow_weird
 }
 10
 10

testing/btest/Baseline/scripts.base.frameworks.file-analysis.big-bof-buffer/files.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	files
-#open	2020-04-30-00-46-52
+#open	2020-07-06-18-28-50
 #fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size
 #types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string	bool	count
-1362692527.009512	FMnxxt3xjVcWNS2141	192.150.187.43	141.142.228.5	CHhAvVGS1DHFjwGM9	HTTP	0	MD5,SHA1	text/plain	-	0.000263	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	1dd7ac0398df6cbc0696445a91ec681facf4dc47	-	-	-	-
+1362692527.009512	FMnxxt3xjVcWNS2141	192.150.187.43	141.142.228.5	CHhAvVGS1DHFjwGM9	HTTP	0	SHA1,MD5	text/plain	-	0.000263	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	1dd7ac0398df6cbc0696445a91ec681facf4dc47	-	-	-	-
-#close	2020-04-30-00-46-52
+#close	2020-07-06-18-28-50

testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out

@@ -4,8 +4,8 @@ FILE_OVER_NEW_CONNECTION
 FILE_OVER_NEW_CONNECTION
 FILE_STATE_REMOVE
 file #0, 498668, 0
-[orig_h=10.45.179.94, orig_p=19950/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
 [orig_h=10.45.179.94, orig_p=19953/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
+[orig_h=10.45.179.94, orig_p=19950/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
 FILE_BOF_BUFFER
 %PDF-1.4\x0d%\xe2
 MIME_TYPE

testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	files
-#open	2020-04-30-00-46-56
+#open	2020-07-06-18-30-22
 #fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted	extracted_cutoff	extracted_size
 #types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string	bool	count
-1362692527.009512	FMnxxt3xjVcWNS2141	192.150.187.43	141.142.228.5	CHhAvVGS1DHFjwGM9	HTTP	0	MD5,EXTRACT,DATA_EVENT,SHA1,SHA256	text/plain	-	0.000263	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	1dd7ac0398df6cbc0696445a91ec681facf4dc47	4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18	FMnxxt3xjVcWNS2141-file	F	-
+1362692527.009512	FMnxxt3xjVcWNS2141	192.150.187.43	141.142.228.5	CHhAvVGS1DHFjwGM9	HTTP	0	SHA256,EXTRACT,SHA1,MD5,DATA_EVENT	text/plain	-	0.000263	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	1dd7ac0398df6cbc0696445a91ec681facf4dc47	4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18	FMnxxt3xjVcWNS2141-file	F	-
-#close	2020-04-30-00-46-56
+#close	2020-07-06-18-30-22

testing/btest/Baseline/scripts.base.frameworks.input.basic/out

@@ -1,13 +1,13 @@
 {
 [-42] = [b=T, bt=T, e=SSH::LOG, c=21, p=123/unknown, pp=5/icmp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.bignumber/out

@@ -1,4 +1,4 @@
 {
-[-9223372036854775800] = [c=18446744073709551612],
+[9223372036854775800] = [c=18446744073709551612],
-[9223372036854775800] = [c=18446744073709551612]
+[-9223372036854775800] = [c=18446744073709551612]
 }

testing/btest/Baseline/scripts.base.frameworks.input.config.basic/out

@@ -10,10 +10,10 @@ testaddr, 2607:f8b0:4005:801::200e
 testinterval, 1.0 min
 testtime, 1507321987.0
 test_set, {
-b,
-c,
 a,
 d,
+b,
+c,
 erdbeerschnitzel
 }
 test_vector, [1, 2, 3, 4, 5, 6]

testing/btest/Baseline/scripts.base.frameworks.input.config.enum-set/zeek.config.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	config
-#open	2019-10-03-04-02-02
+#open	2020-07-06-18-34-22
 #fields	ts	id	old_value	new_value	location
 #types	time	string	string	string	string
-1570075321.966826	DPD::ignore_violations	(empty)	Analyzer::ANALYZER_SYSLOG	-
+1594060462.186976	DPD::ignore_violations	(empty)	Analyzer::ANALYZER_SYSLOG	-
-#close	2019-10-03-04-02-02
+#close	2020-07-06-18-34-22

testing/btest/Baseline/scripts.base.frameworks.input.config.spaces/out

@@ -4,8 +4,8 @@ testint, -1
 testportandproto, 45/udp
 testaddr, 127.0.0.3
 test_set, {
-127.0.0.2,
 127.0.0.1,
-127.0.0.3
+127.0.0.3,
+127.0.0.2
 }
 test_vector, [10.0.0.1/32, 10.0.0.0/16, 10.0.0.0/8]

testing/btest/Baseline/scripts.base.frameworks.input.invalid-lines/.stderrwithoutfirstline

@@ -2,8 +2,8 @@ warning: ../input.log/Input::READER_ASCII: Not enough fields in line 'T	-41	SSH:
 warning: ../input.log/Input::READER_ASCII: Tried to parse invalid/unknown protocol: whatever
 warning: ../input.log/Input::READER_ASCII: Bad address: 342.2.3.4
 warning: ../input.log/Input::READER_ASCII: Not enough fields in line 'T	-41' of ../input.log. Found 1 fields, want positions 2 and -1
+received termination signal
 error: ../input.log/Input::READER_ASCII: Not enough fields in line 'T	-41	SSH::LOG	21	123	tcp	10.0.0.0/24	1.2.3.4	3.14	1315801931.273616	100.000000	hurz	2,4,1,3	CC,AA,BB	EMPTY	10,20,30' of ../input.log. Found 15 fields, want positions 17 and -1
 error: ../input.log/Input::READER_ASCII: Init failed
 error: ../input.log/Input::READER_ASCII: terminating thread
-received termination signal
 >>>

testing/btest/Baseline/scripts.base.frameworks.input.invalid-lines/out

@@ -1,37 +1,37 @@
 {
-[-44] = [b=T, e=SSH::LOG, c=21, p=123/udp, sn=10.0.0.0/24, a=0.0.0.0, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
-2,
-4,
-1,
-3
-}, ss={
-BB,
-AA,
-CC
-}, se={
-
-}, vc=[10, 20, 30], ve=[]],
 [-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]],
 [-42] = [b=T, e=SSH::LOG, c=21, p=123/tcp, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
+}, se={
+
+}, vc=[10, 20, 30], ve=[]],
+[-44] = [b=T, e=SSH::LOG, c=21, p=123/udp, sn=10.0.0.0/24, a=0.0.0.0, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242 HOHOHO, sc={
+4,
+2,
+1,
+3
+}, ss={
+CC,
+AA,
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.invalidtext/out

@@ -1,8 +1,8 @@
-TableErrorEvent, String 'l' contained no parseable number, Reporter::WARNING
-TableErrorEvent, Could not convert line '\x09l' of ../input.log to Val. Ignoring line., Reporter::WARNING
 EventErrorEvent, String 'l' contained no parseable number, Reporter::WARNING
 EventErrorEvent, Could not convert line '\x09l' of ../input.log to Val. Ignoring line., Reporter::WARNING
 Event, [c=5]
+TableErrorEvent, String 'l' contained no parseable number, Reporter::WARNING
+TableErrorEvent, Could not convert line '\x09l' of ../input.log to Val. Ignoring line., Reporter::WARNING
 {
 [] = [c=5]
 }

testing/btest/Baseline/scripts.base.frameworks.input.missing-file-initially/zeek..stdout

@@ -1,5 +1,5 @@
-input: 1 now it does
-input: 2 and more!
 inputstream: 1 now it does
 inputstream: 2 and more!
+input: 1 now it does
+input: 2 and more!
 inputstream: 3 streaming still works

testing/btest/Baseline/scripts.base.frameworks.input.optional/out

@@ -1,9 +1,9 @@
 {
 [2] = [b=T, notb=F],
+[5] = [b=F, notb=T],
+[3] = [b=F, notb=T],
+[7] = [b=T, notb=F],
 [6] = [b=F, notb=T],
 [4] = [b=F, notb=T],
-[1] = [b=T, notb=F],
+[1] = [b=T, notb=F]
-[7] = [b=T, notb=F],
-[5] = [b=F, notb=T],
-[3] = [b=F, notb=T]
 }

testing/btest/Baseline/scripts.base.frameworks.input.path-prefix.absolute-prefix/output

@@ -1,5 +1,5 @@
 {
+[127.0.3.1] = just,
 [127.0.3.2] = some,
-[127.0.3.3] = value,
+[127.0.3.3] = value
-[127.0.3.1] = just
 }

testing/btest/Baseline/scripts.base.frameworks.input.path-prefix.no-paths/output

@@ -1,5 +1,5 @@
 {
-[127.0.0.2] = some,
 [127.0.0.1] = just,
-[127.0.0.3] = value
+[127.0.0.3] = value,
+[127.0.0.2] = some
 }

testing/btest/Baseline/scripts.base.frameworks.input.path-prefix.relative-prefix/output

@@ -1,5 +1,5 @@
 {
-[127.0.1.1] = just,
 [127.0.1.2] = some,
+[127.0.1.1] = just,
 [127.0.1.3] = value
 }

testing/btest/Baseline/scripts.base.frameworks.input.patterns/out

@@ -2,8 +2,8 @@ T
 F
 T
 {
-[2] = [p=/^?(cat)$?/],
 [4] = [p=/^?(^oob)$?/],
-[1] = [p=/^?(dog)$?/],
+[2] = [p=/^?(cat)$?/],
-[3] = [p=/^?(foo|bar)$?/]
+[3] = [p=/^?(foo|bar)$?/],
+[1] = [p=/^?(dog)$?/]
 }

testing/btest/Baseline/scripts.base.frameworks.input.raw.executestdin/out

@@ -1,10 +1,10 @@
-Input::EVENT_NEW, cat |, input0, hello
-Input::EVENT_NEW, cat |, input0, there\x01\x02\x03\x04\x05\x01\x02\x03yay0
 Input::EVENT_NEW, cat |, input1, hello
 Input::EVENT_NEW, cat |, input1, there\x01\x02\x03\x04\x05\x01\x02\x03yay01
-Input::EVENT_NEW, cat |, input4, hello
+Input::EVENT_NEW, cat |, input0, hello
-Input::EVENT_NEW, cat |, input4, there\x01\x02\x03\x04\x05\x01\x02\x03yay01234
+Input::EVENT_NEW, cat |, input0, there\x01\x02\x03\x04\x05\x01\x02\x03yay0
 Input::EVENT_NEW, cat |, input2, hello
 Input::EVENT_NEW, cat |, input2, there\x01\x02\x03\x04\x05\x01\x02\x03yay012
+Input::EVENT_NEW, cat |, input4, hello
+Input::EVENT_NEW, cat |, input4, there\x01\x02\x03\x04\x05\x01\x02\x03yay01234
 Input::EVENT_NEW, cat |, input3, hello
 Input::EVENT_NEW, cat |, input3, there\x01\x02\x03\x04\x05\x01\x02\x03yay0123

testing/btest/Baseline/scripts.base.frameworks.input.set/out

@@ -1,7 +1,7 @@
 {
-192.168.17.14,
-192.168.17.42,
 192.168.17.1,
+192.168.17.42,
 192.168.17.2,
-192.168.17.7
+192.168.17.7,
+192.168.17.14
 }

testing/btest/Baseline/scripts.base.frameworks.input.setseparator/out

@@ -1,10 +1,10 @@
 {
 [1] = [s={
-b,
-f,
-c,
-e,
 a,
-d
+d,
+f,
+b,
+c,
+e
 }, ss=[1, 2, 3, 4, 5, 6]]
 }

testing/btest/Baseline/scripts.base.frameworks.input.setspecialcases/out

@@ -3,6 +3,13 @@
 testing,
 
 }, s=[testing, , testing]],
+[5] = [s={
+
+}, s=[, , , ]],
+[3] = [s={
+testing,
+
+}, s=[, testing]],
 [6] = [s={
 
 }, s=[]],
@@ -12,12 +19,5 @@ testing,
 }, s=[testing, ]],
 [1] = [s={
 testing,testing,testing,
-}, s=[testing,testing,testing,]],
+}, s=[testing,testing,testing,]]
-[5] = [s={
-
-}, s=[, , , ]],
-[3] = [s={
-testing,
-
-}, s=[, testing]]
 }

testing/btest/Baseline/scripts.base.frameworks.input.sqlite.types/out

@@ -1,12 +1,12 @@
 [b=T, i=-42, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1358376849.393854, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], vs=[], vn=<uninitialized>]

testing/btest/Baseline/scripts.base.frameworks.input.stream/out

@@ -2,28 +2,28 @@
 Input::EVENT_NEW
 [i=-42]
 [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
 ============SERVERS============
 {
 [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
@@ -32,40 +32,40 @@ CC
 Input::EVENT_NEW
 [i=-43]
 [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
 ============SERVERS============
 {
 [-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]],
 [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
@@ -74,40 +74,40 @@ CC
 Input::EVENT_CHANGED
 [i=-43]
 [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
 ============SERVERS============
 {
 [-43] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]],
 [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.subrecord-event/out

@@ -1,12 +1,12 @@
 [sub=[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, two=[a=1.2.3.4, d=3.14]], t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.subrecord/out

@@ -1,13 +1,13 @@
 {
 [-42] = [sub=[b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, two=[a=1.2.3.4, d=3.14]], t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.twotables/fin.out

@@ -3,27 +3,27 @@
 ==========SERVERS============
 done
 {
-[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
+[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]],
-[-43] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
+[-44] = [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred1.out

@@ -2,14 +2,14 @@
 Input::EVENT_NEW
 [i=-42]
 [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
@@ -17,14 +17,14 @@ CC
 Input::EVENT_NEW
 [i=-44]
 [b=F, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]
@@ -32,14 +32,14 @@ CC
 Input::EVENT_REMOVED
 [i=-42]
 [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.twotables/pred2.out

@@ -2,14 +2,14 @@
 Input::EVENT_NEW
 [i=-43]
 [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.unsupported_types/out

@@ -1,13 +1,13 @@
 {
 [-42] = [fi=<uninitialized>, b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.input.windows/out

@@ -1,13 +1,13 @@
 {
 [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=1.0 min 40.0 secs, s=hurz, ns=4242, sc={
-2,
 4,
+2,
 1,
 3
 }, ss={
-BB,
+CC,
 AA,
-CC
+BB
 }, se={
 
 }, vc=[10, 20, 30], ve=[]]

testing/btest/Baseline/scripts.base.frameworks.intel.expire-item/output

@@ -3,18 +3,15 @@
 #empty_field	(empty)
 #unset_field	-
 #path	intel
-#open	2019-06-07-02-20-05
+#open	2020-07-06-18-47-48
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	seen.indicator	seen.indicator_type	seen.where	seen.node	matched	sources	fuid	file_mime_type	file_desc
 #types	time	string	addr	port	addr	port	string	enum	enum	string	set[enum]	set[string]	string	string	string
-1559874005.130930	-	-	-	-	-	1.2.3.4	Intel::ADDR	SOMEWHERE	zeek	Intel::ADDR	source1	-	-	-
+1594061268.125378	-	-	-	-	-	1.2.3.4	Intel::ADDR	SOMEWHERE	zeek	Intel::ADDR	source1	-	-	-
-1559874008.152069	-	-	-	-	-	1.2.3.4	Intel::ADDR	SOMEWHERE	zeek	Intel::ADDR	source1	-	-	-
+1594061271.127050	-	-	-	-	-	1.2.3.4	Intel::ADDR	SOMEWHERE	zeek	Intel::ADDR	source2,source1	-	-	-
-1559874011.172813	-	-	-	-	-	1.2.3.4	Intel::ADDR	SOMEWHERE	zeek	Intel::ADDR	source1,source2	-	-	-
+1594061274.130721	-	-	-	-	-	1.2.3.4	Intel::ADDR	SOMEWHERE	zeek	Intel::ADDR	source2,source1	-	-	-
-1559874014.190374	-	-	-	-	-	1.2.3.4	Intel::ADDR	SOMEWHERE	zeek	Intel::ADDR	source1,source2	-	-	-
+#close	2020-07-06-18-48-00
-1559874017.207215	-	-	-	-	-	1.2.3.4	Intel::ADDR	SOMEWHERE	zeek	Intel::ADDR	source1,source2	-	-	-
-#close	2019-06-07-02-20-20
 -- Run 1 --
 Trigger: 1.2.3.4
-Seen: 1.2.3.4
 -- Run 2 --
 Trigger: 1.2.3.4
 Reinsert: 1.2.3.4
@@ -26,9 +23,8 @@ Expired: 192.168.0.0/16
 -- Run 4 --
 Trigger: 1.2.3.4
 Seen: 1.2.3.4
+Expired: 1.2.3.4
 -- Run 5 --
 Trigger: 1.2.3.4
-Seen: 1.2.3.4
-Expired: 1.2.3.4
 -- Run 6 --
 Trigger: 1.2.3.4

testing/btest/Baseline/scripts.base.frameworks.logging.adapt-filter/ssh-new-default.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh-new-default
-#open	2012-07-20-01-49-19
+#open	2020-07-06-18-39-54
 #fields	t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country
 #types	time	addr	port	addr	port	string	string
-1342748959.430282	1.2.3.4	1234	2.3.4.5	80	success	unknown
+1594060794.337699	1.2.3.4	1234	2.3.4.5	80	success	unknown
-1342748959.430282	1.2.3.4	1234	2.3.4.5	80	failure	US
+1594060794.337699	1.2.3.4	1234	2.3.4.5	80	failure	US
-#close	2012-07-20-01-49-19
+#close	2020-07-06-18-39-54

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-empty/ssh-filtered.log

@@ -5,8 +5,8 @@ PREFIX<>unset_field|NOT-SET
 PREFIX<>path|ssh
 PREFIX<>fields|t|id.orig_h|id.orig_p|id.resp_h|id.resp_p|status|country|b
 PREFIX<>types|time|addr|port|addr|port|string|string|bool
-1342748959.659721|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
+1594060800.650242|1.2.3.4|1234|2.3.4.5|80|success|unknown|NOT-SET
-1342748959.659721|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
+1594060800.650242|1.2.3.4|1234|2.3.4.5|80|NOT-SET|US|NOT-SET
-1342748959.659721|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
+1594060800.650242|1.2.3.4|1234|2.3.4.5|80|failure|UK|NOT-SET
-1342748959.659721|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
+1594060800.650242|1.2.3.4|1234|2.3.4.5|80|NOT-SET|BR|NOT-SET
-1342748959.659721|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T
+1594060800.650242|1.2.3.4|1234|2.3.4.5|80|failure|EMPTY|T

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-set-separator/test.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	test
-#open	2016-07-13-16-15-14
+#open	2020-07-06-18-40-14
 #fields	ss
 #types	set[string]
-\x2c,AA,CC,\x2c\x2c
+\x2c,CC,\x2c\x2c,AA
-#close	2016-07-13-16-15-14
+#close	2020-07-06-18-40-14

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape/ssh.log

@@ -5,8 +5,8 @@
 #path||ssh
 #fields||t||id.orig_h||id.orig_p||id.resp_h||id.resp_p||status||country
 #types||time||addr||port||addr||port||string||string
-1343417536.767956||1.2.3.4||1234||2.3.4.5||80||success||unknown
+1594060802.302306||1.2.3.4||1234||2.3.4.5||80||success||unknown
-1343417536.767956||1.2.3.4||1234||2.3.4.5||80||failure||US
+1594060802.302306||1.2.3.4||1234||2.3.4.5||80||failure||US
-1343417536.767956||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK
+1594060802.302306||1.2.3.4||1234||2.3.4.5||80||fa\x7c\x7cure||UK
-1343417536.767956||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR
+1594060802.302306||1.2.3.4||1234||2.3.4.5||80||su\x7c\x7cess||BR
-1343417536.767956||1.2.3.4||1234||2.3.4.5||80||failure||MX
+1594060802.302306||1.2.3.4||1234||2.3.4.5||80||failure||MX

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-gz/ssh-uncompressed.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh-uncompressed
-#open	2017-04-18-16-16-16
+#open	2020-07-06-18-40-15
 #fields	b	i	e	c	p	sn	a	d	t	iv	s	sc	ss	se	vc	ve	f
 #types	bool	int	enum	count	port	subnet	addr	double	time	interval	string	set[count]	set[string]	set[string]	vector[count]	vector[string]	func
-T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1215620010.543210	100.000000	hurz	2,4,1,3	BB,AA,CC	(empty)	10,20,30	(empty)	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
+T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1215620010.543210	100.000000	hurz	4,2,3,1	CC,BB,AA	(empty)	10,20,30	(empty)	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
-#close	2017-04-18-16-16-16
+#close	2020-07-06-18-40-15

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-gz/ssh.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
-#open	2017-04-18-16-15-17
+#open	2020-07-06-18-40-15
 #fields	b	i	e	c	p	sn	a	d	t	iv	s	sc	ss	se	vc	ve	f
 #types	bool	int	enum	count	port	subnet	addr	double	time	interval	string	set[count]	set[string]	set[string]	vector[count]	vector[string]	func
-T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1215620010.543210	100.000000	hurz	2,4,1,3	BB,AA,CC	(empty)	10,20,30	(empty)	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
+T	-42	SSH::LOG	21	123	10.0.0.0/24	1.2.3.4	3.14	1215620010.543210	100.000000	hurz	4,2,3,1	CC,BB,AA	(empty)	10,20,30	(empty)	SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a}
-#close	2017-04-18-16-15-17
+#close	2020-07-06-18-40-15

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-json/ssh.log

@@ -1 +1 @@
-{"b":true,"i":-42,"e":"SSH::LOG","c":21,"p":123,"sn":"10.0.0.0/24","a":"1.2.3.4","d":3.14,"t":1215620010.54321,"iv":100.0,"s":"hurz","sc":[2,4,1,3],"ss":["BB","AA","CC"],"se":[],"vc":[10,20,30],"ve":[],"vn":[0,null,2],"f":"SSH::foo\n{ \nif (0 < SSH::i) \n\treturn (Foo);\nelse\n\treturn (Bar);\n\n}"}
+{"b":true,"i":-42,"e":"SSH::LOG","c":21,"p":123,"sn":"10.0.0.0/24","a":"1.2.3.4","d":3.14,"t":1215620010.54321,"iv":100.0,"s":"hurz","sc":[4,2,3,1],"ss":["CC","BB","AA"],"se":[],"vc":[10,20,30],"ve":[],"vn":[0,null,2],"f":"SSH::foo\n{ \nif (0 < SSH::i) \n\treturn (Foo);\nelse\n\treturn (Bar);\n\n}"}

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-options/ssh.log

@@ -1,5 +1,5 @@
-1342748960.098729|1.2.3.4|1234|2.3.4.5|80|success|unknown
+1594060824.890596|1.2.3.4|1234|2.3.4.5|80|success|unknown
-1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|US
+1594060824.890596|1.2.3.4|1234|2.3.4.5|80|failure|US
-1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|UK
+1594060824.890596|1.2.3.4|1234|2.3.4.5|80|failure|UK
-1342748960.098729|1.2.3.4|1234|2.3.4.5|80|success|BR
+1594060824.890596|1.2.3.4|1234|2.3.4.5|80|success|BR
-1342748960.098729|1.2.3.4|1234|2.3.4.5|80|failure|MX
+1594060824.890596|1.2.3.4|1234|2.3.4.5|80|failure|MX

testing/btest/Baseline/scripts.base.frameworks.logging.ascii-tsv/ssh-filtered.log

@@ -1,6 +1,6 @@
 t	id.orig_h	id.orig_p	id.resp_h	id.resp_p	status	country	b
-1353727995.082217	1.2.3.4	1234	2.3.4.5	80	success	unknown	-
+1594060827.047609	1.2.3.4	1234	2.3.4.5	80	success	unknown	-
-1353727995.082217	1.2.3.4	1234	2.3.4.5	80	-	US	-
+1594060827.047609	1.2.3.4	1234	2.3.4.5	80	-	US	-
-1353727995.082217	1.2.3.4	1234	2.3.4.5	80	failure	UK	-
+1594060827.047609	1.2.3.4	1234	2.3.4.5	80	failure	UK	-
-1353727995.082217	1.2.3.4	1234	2.3.4.5	80	-	BR	-
+1594060827.047609	1.2.3.4	1234	2.3.4.5	80	-	BR	-
-1353727995.082217	1.2.3.4	1234	2.3.4.5	80	failure	(empty)	T
+1594060827.047609	1.2.3.4	1234	2.3.4.5	80	failure	(empty)	T