Merge remote-tracking branch 'origin/master' into topic/bernhard/input-threads

Conflicts:
	src/CMakeLists.txt
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log

testing/btest/Baseline/bifs.md5/output

@@ -0,0 +1,4 @@
+f97c5d29941bfb1b2fdab0874906ab82
+7b0391feb2e0cd271f1cf39aafb4376f
+f97c5d29941bfb1b2fdab0874906ab82
+7b0391feb2e0cd271f1cf39aafb4376f

testing/btest/Baseline/bifs.sha1/output

@@ -0,0 +1,4 @@
+fe05bcdcdc4928012781a5f1a2a77cbb5398e106
+3e949019500deb1369f13d9644d420d3a920aa5e
+fe05bcdcdc4928012781a5f1a2a77cbb5398e106
+3e949019500deb1369f13d9644d420d3a920aa5e

testing/btest/Baseline/bifs.sha256/output

@@ -0,0 +1,4 @@
+7692c3ad3540bb803c020b3aee66cd8887123234ea0c6e7143c0add73ff431ed
+4592092e1061c7ea85af2aed194621cc17a2762bae33a79bf8ce33fd0168b801
+7692c3ad3540bb803c020b3aee66cd8887123234ea0c6e7143c0add73ff431ed
+4592092e1061c7ea85af2aed194621cc17a2762bae33a79bf8ce33fd0168b801

testing/btest/Baseline/core.checksums/bad.out

@@ -1,13 +1,83 @@
-1332784981.078396 weird: bad_IP_checksum
-1332784885.686428 weird: bad_TCP_checksum
-1332784933.501023 weird: bad_UDP_checksum
-1334075363.536871 weird: bad_ICMP_checksum
-1332785210.013051 weird: routing0_hdr
-1332785210.013051 weird: bad_TCP_checksum
-1332782580.798420 weird: routing0_hdr
-1332782580.798420 weird: bad_UDP_checksum
-1334075111.800086 weird: routing0_hdr
-1334075111.800086 weird: bad_ICMP_checksum
-1332785250.469132 weird: bad_TCP_checksum
-1332781342.923813 weird: bad_UDP_checksum
-1334074939.467194 weird: bad_ICMP_checksum
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784981.078396	-	-	-	-	-	bad_IP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784885.686428	UWkUyAuUGXf	127.0.0.1	30000	127.0.0.1	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332784933.501023	UWkUyAuUGXf	127.0.0.1	30000	127.0.0.1	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075363.536871	UWkUyAuUGXf	192.168.1.100	8	192.168.1.101	0	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785210.013051	-	-	-	-	-	routing0_hdr	-	F	bro
+1332785210.013051	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332782580.798420	-	-	-	-	-	routing0_hdr	-	F	bro
+1332782580.798420	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075111.800086	-	-	-	-	-	routing0_hdr	-	F	bro
+1334075111.800086	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:78:1:32::1	129	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785250.469132	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332781342.923813	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	13000	bad_UDP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334074939.467194	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro

testing/btest/Baseline/core.checksums/good.out

@@ -1,3 +1,56 @@
-1332785125.596793 weird: routing0_hdr
-1332782508.592037 weird: routing0_hdr
-1334075027.053380 weird: routing0_hdr
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334074939.467194	UWkUyAuUGXf	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332785125.596793	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1332782508.592037	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334075027.053380	-	-	-	-	-	routing0_hdr	-	F	bro

testing/btest/Baseline/core.disable-mobile-ipv6/output

@@ -1 +0,0 @@
-1333663011.602839 weird: unknown_protocol_135

testing/btest/Baseline/core.disable-mobile-ipv6/weird.log

@@ -0,0 +1,8 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1333663011.602839	-	-	-	-	-	unknown_protocol_135	-	F	bro

testing/btest/Baseline/core.file-caching-serialization/one0

@@ -0,0 +1,4 @@
+opened
+write 0
+write 3
+write 6

testing/btest/Baseline/core.file-caching-serialization/one1

@@ -0,0 +1,4 @@
+opened
+write 1
+write 4
+write 7

testing/btest/Baseline/core.file-caching-serialization/one2

@@ -0,0 +1,4 @@
+opened
+write 2
+write 5
+write 8

testing/btest/Baseline/core.file-caching-serialization/two0

@@ -0,0 +1,6 @@
+opened
+write 0
+opened
+write 3
+opened
+write 6

testing/btest/Baseline/core.file-caching-serialization/two1

@@ -0,0 +1,6 @@
+opened
+write 1
+opened
+write 4
+opened
+write 7

testing/btest/Baseline/core.file-caching-serialization/two2

@@ -0,0 +1,6 @@
+opened
+write 2
+opened
+write 5
+opened
+write 8

testing/btest/Baseline/core.icmp.icmp-context/output

@@ -1,12 +1,12 @@
 icmp_unreachable (code=0)
   conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp]
-  icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=0, v6=F]
+  icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=0, hlim=64, v6=F]
   icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
 icmp_unreachable (code=0)
   conn_id: [orig_h=10.0.0.1, orig_p=3/icmp, resp_h=10.0.0.2, resp_p=0/icmp]
-  icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=20, v6=F]
+  icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=3, icode=0, len=20, hlim=64, v6=F]
   icmp_context: [id=[orig_h=10.0.0.2, orig_p=0/unknown, resp_h=10.0.0.1, resp_p=0/unknown], len=20, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
 icmp_unreachable (code=3)
   conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp]
-  icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, v6=F]
+  icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, hlim=128, v6=F]
   icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]

testing/btest/Baseline/core.icmp.icmp-events/output

@@ -1,20 +1,20 @@
 icmp_unreachable (code=3)
   conn_id: [orig_h=192.168.1.102, orig_p=3/icmp, resp_h=192.168.1.1, resp_p=3/icmp]
-  icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, v6=F]
+  icmp_conn: [orig_h=192.168.1.102, resp_h=192.168.1.1, itype=3, icode=3, len=148, hlim=128, v6=F]
   icmp_context: [id=[orig_h=192.168.1.1, orig_p=53/udp, resp_h=192.168.1.102, resp_p=59207/udp], len=163, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
 icmp_time_exceeded (code=0)
   conn_id: [orig_h=10.0.0.1, orig_p=11/icmp, resp_h=10.0.0.2, resp_p=0/icmp]
-  icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=11, icode=0, len=32, v6=F]
+  icmp_conn: [orig_h=10.0.0.1, resp_h=10.0.0.2, itype=11, icode=0, len=32, hlim=64, v6=F]
   icmp_context: [id=[orig_h=10.0.0.2, orig_p=30000/udp, resp_h=10.0.0.1, resp_p=13000/udp], len=32, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
 icmp_echo_request (id=34844, seq=0, payload=O\x85\xe0C\0^N\xeb\xff^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
   conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
-  icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, v6=F]
+  icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F]
 icmp_echo_reply (id=34844, seq=0, payload=O\x85\xe0C\0^N\xeb\xff^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
   conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
-  icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, v6=F]
+  icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F]
 icmp_echo_request (id=34844, seq=1, payload=O\x85\xe0D\0^N\xf0}^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
   conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
-  icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, v6=F]
+  icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F]
 icmp_echo_reply (id=34844, seq=1, payload=O\x85\xe0D\0^N\xf0}^H^I^J^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./01234567)
   conn_id: [orig_h=10.0.0.1, orig_p=8/icmp, resp_h=74.125.225.99, resp_p=0/icmp]
-  icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, v6=F]
+  icmp_conn: [orig_h=10.0.0.1, resp_h=74.125.225.99, itype=8, icode=0, len=56, hlim=64, v6=F]

testing/btest/Baseline/core.icmp.icmp6-context/output

@@ -1,16 +1,16 @@
 icmp_unreachable (code=0)
   conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=0, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=0, hlim=64, v6=T]
   icmp_context: [id=[orig_h=::, orig_p=0/unknown, resp_h=::, resp_p=0/unknown], len=0, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
 icmp_unreachable (code=0)
   conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=40, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=40, hlim=64, v6=T]
   icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]
 icmp_unreachable (code=0)
   conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T]
   icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
 icmp_unreachable (code=0)
   conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=48, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=48, hlim=64, v6=T]
   icmp_context: [id=[orig_h=fe80::beef, orig_p=0/unknown, resp_h=fe80::dead, resp_p=0/unknown], len=48, proto=0, frag_offset=0, bad_hdr_len=T, bad_checksum=F, MF=F, DF=F]

testing/btest/Baseline/core.icmp.icmp6-events/output

@@ -1,55 +1,68 @@
 icmp_unreachable (code=0)
   conn_id: [orig_h=fe80::dead, orig_p=1/icmp, resp_h=fe80::beef, resp_p=0/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=1, icode=0, len=60, hlim=64, v6=T]
   icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=60, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
 icmp_packet_too_big (code=0)
   conn_id: [orig_h=fe80::dead, orig_p=2/icmp, resp_h=fe80::beef, resp_p=0/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=2, icode=0, len=52, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=2, icode=0, len=52, hlim=64, v6=T]
   icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
 icmp_time_exceeded (code=0)
   conn_id: [orig_h=fe80::dead, orig_p=3/icmp, resp_h=fe80::beef, resp_p=0/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=3, icode=0, len=52, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=3, icode=0, len=52, hlim=64, v6=T]
   icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
 icmp_parameter_problem (code=0)
   conn_id: [orig_h=fe80::dead, orig_p=4/icmp, resp_h=fe80::beef, resp_p=0/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=4, icode=0, len=52, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=4, icode=0, len=52, hlim=64, v6=T]
   icmp_context: [id=[orig_h=fe80::beef, orig_p=30000/udp, resp_h=fe80::dead, resp_p=13000/udp], len=52, proto=2, frag_offset=0, bad_hdr_len=F, bad_checksum=F, MF=F, DF=F]
 icmp_echo_request (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi)
   conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
-  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T]
+  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T]
 icmp_echo_reply (id=1, seq=3, payload=abcdefghijklmnopqrstuvwabcdefghi)
   conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
-  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T]
+  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T]
 icmp_echo_request (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi)
   conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
-  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T]
+  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T]
 icmp_echo_reply (id=1, seq=4, payload=abcdefghijklmnopqrstuvwabcdefghi)
   conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
-  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T]
+  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T]
 icmp_echo_request (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi)
   conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
-  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T]
+  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T]
 icmp_echo_reply (id=1, seq=5, payload=abcdefghijklmnopqrstuvwabcdefghi)
   conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
-  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T]
+  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T]
 icmp_echo_request (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi)
   conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
-  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T]
+  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T]
 icmp_echo_reply (id=1, seq=6, payload=abcdefghijklmnopqrstuvwabcdefghi)
   conn_id: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, orig_p=128/icmp, resp_h=2001:4860:8006::63, resp_p=129/icmp]
-  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, v6=T]
+  icmp_conn: [orig_h=2620:0:e00:400e:d1d:db37:beb:5aac, resp_h=2001:4860:8006::63, itype=128, icode=0, len=32, hlim=128, v6=T]
 icmp_redirect (tgt=fe80::cafe, dest=fe80::babe)
   conn_id: [orig_h=fe80::dead, orig_p=137/icmp, resp_h=fe80::beef, resp_p=0/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=137, icode=0, len=32, v6=T]
-icmp_router_advertisement (hop_limit=0, managed=F, rlifetime=1800, reachable=0.000000, retrans=0.000000)
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=137, icode=0, len=32, hlim=255, v6=T]
+icmp_router_advertisement
+    cur_hop_limit=13
+    managed=T
+    other=F
+    home_agent=T
+    pref=3
+    proxy=F
+    rsv=0
+    router_lifetime=30.0 mins
+    reachable_time=3.0 secs 700.0 msecs
+    retrans_timer=1.0 sec 300.0 msecs
   conn_id: [orig_h=fe80::dead, orig_p=134/icmp, resp_h=fe80::beef, resp_p=133/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=134, icode=0, len=8, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=134, icode=0, len=8, hlim=255, v6=T]
 icmp_neighbor_advertisement (tgt=fe80::babe)
+    router=T
+    solicited=F
+    override=T
   conn_id: [orig_h=fe80::dead, orig_p=136/icmp, resp_h=fe80::beef, resp_p=135/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=136, icode=0, len=16, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=136, icode=0, len=16, hlim=255, v6=T]
 icmp_router_solicitation
   conn_id: [orig_h=fe80::dead, orig_p=133/icmp, resp_h=fe80::beef, resp_p=134/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=133, icode=0, len=0, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=133, icode=0, len=0, hlim=255, v6=T]
 icmp_neighbor_solicitation (tgt=fe80::babe)
   conn_id: [orig_h=fe80::dead, orig_p=135/icmp, resp_h=fe80::beef, resp_p=136/icmp]
-  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=135, icode=0, len=16, v6=T]
+  icmp_conn: [orig_h=fe80::dead, resp_h=fe80::beef, itype=135, icode=0, len=16, hlim=255, v6=T]

testing/btest/Baseline/core.mobility-checksums/bad.out

@@ -1,3 +1,24 @@
-1333988844.893456 weird: bad_MH_checksum
-1333995733.276730 weird: bad_TCP_checksum
-1333995701.656496 weird: bad_UDP_checksum
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1333988844.893456	-	-	-	-	-	bad_MH_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1333640536.489921	UWkUyAuUGXf	2001:78:1:32::1	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	80	bad_TCP_checksum	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1333640468.146461	UWkUyAuUGXf	2001:78:1:32::1	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	13000	bad_UDP_checksum	-	F	bro

testing/btest/Baseline/core.truncation/output

@@ -1,3 +1,24 @@
-1334160095.895421 weird: truncated_IP
-1334156241.519125 weird: truncated_IP
-1334094648.590126 weird: truncated_IP
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334160095.895421	-	-	-	-	-	truncated_IP	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334156241.519125	-	-	-	-	-	truncated_IP	-	F	bro
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
+#types	time	string	addr	port	addr	port	string	string	bool	string
+1334094648.590126	-	-	-	-	-	truncated_IP	-	F	bro

testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log

@@ -19,6 +19,7 @@ scripts/base/init-bare.bro
       scripts/base/frameworks/logging/./postprocessors/./scp.bro
       scripts/base/frameworks/logging/./postprocessors/./sftp.bro
     scripts/base/frameworks/logging/./writers/ascii.bro
+    scripts/base/frameworks/logging/./writers/dataseries.bro
   scripts/base/frameworks/input/__load__.bro
     scripts/base/frameworks/input/./main.bro
       build/src/base/input.bif.bro

testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log

@@ -19,6 +19,7 @@ scripts/base/init-bare.bro
       scripts/base/frameworks/logging/./postprocessors/./scp.bro
       scripts/base/frameworks/logging/./postprocessors/./sftp.bro
     scripts/base/frameworks/logging/./writers/ascii.bro
+    scripts/base/frameworks/logging/./writers/dataseries.bro
   scripts/base/frameworks/input/__load__.bro
     scripts/base/frameworks/input/./main.bro
       build/src/base/input.bif.bro

testing/btest/Baseline/istate.pybroccoli/bro..stdout

@@ -1,7 +1,7 @@
 ==== atomic
 -10
 2
-1330035434.516896
+1336411585.166009
 2.0 mins
 F
 1.5

testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered

@@ -1,7 +1,7 @@
 ==== atomic a 1 ====
 -4L -4
 42 42
-1330035434.5180
+1336411585.1711
 60.0
 True True
 3.14
@@ -14,7 +14,7 @@ True True
 ==== atomic a 2 ====
 -10L -10
 2 2
-1330035434.5169
+1336411585.1660
 120.0
 False False
 1.5
@@ -27,7 +27,7 @@ False False
 ==== atomic b 2 ====
 -10L -10
 <broccoli.count instance at > 2
-<broccoli.time instance at > 1330035434.5169
+<broccoli.time instance at > 1336411585.1660
 <broccoli.interval instance at > 120.0
 False False
 1.5

testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.options/ssh.ds.xml

@@ -0,0 +1,16 @@
+<ExtentType name="ssh" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+	<field type="variable32" name="status" pack_unique="yes"/>
+	<field type="variable32" name="country" pack_unique="yes"/>
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+<!-- status : string -->
+<!-- country : string -->

testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.rotate/out

@@ -0,0 +1,290 @@
+test.2011-03-07-03-00-05.ds test 11-03-07_03.00.05 11-03-07_04.00.05 0 dataseries
+test.2011-03-07-04-00-05.ds test 11-03-07_04.00.05 11-03-07_05.00.05 0 dataseries
+test.2011-03-07-05-00-05.ds test 11-03-07_05.00.05 11-03-07_06.00.05 0 dataseries
+test.2011-03-07-06-00-05.ds test 11-03-07_06.00.05 11-03-07_07.00.05 0 dataseries
+test.2011-03-07-07-00-05.ds test 11-03-07_07.00.05 11-03-07_08.00.05 0 dataseries
+test.2011-03-07-08-00-05.ds test 11-03-07_08.00.05 11-03-07_09.00.05 0 dataseries
+test.2011-03-07-09-00-05.ds test 11-03-07_09.00.05 11-03-07_10.00.05 0 dataseries
+test.2011-03-07-10-00-05.ds test 11-03-07_10.00.05 11-03-07_11.00.05 0 dataseries
+test.2011-03-07-11-00-05.ds test 11-03-07_11.00.05 11-03-07_12.00.05 0 dataseries
+test.2011-03-07-12-00-05.ds test 11-03-07_12.00.05 11-03-07_12.59.55 1 dataseries
+> test.2011-03-07-03-00-05.ds
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="test" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+
+# Extent, type='test'
+t id.orig_h id.orig_p id.resp_h id.resp_p
+1299466805.000000 10.0.0.1 20 10.0.0.2 1024
+1299470395.000000 10.0.0.2 20 10.0.0.3 0
+> test.2011-03-07-04-00-05.ds
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="test" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+
+# Extent, type='test'
+t id.orig_h id.orig_p id.resp_h id.resp_p
+1299470405.000000 10.0.0.1 20 10.0.0.2 1025
+1299473995.000000 10.0.0.2 20 10.0.0.3 1
+> test.2011-03-07-05-00-05.ds
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="test" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+
+# Extent, type='test'
+t id.orig_h id.orig_p id.resp_h id.resp_p
+1299474005.000000 10.0.0.1 20 10.0.0.2 1026
+1299477595.000000 10.0.0.2 20 10.0.0.3 2
+> test.2011-03-07-06-00-05.ds
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="test" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+
+# Extent, type='test'
+t id.orig_h id.orig_p id.resp_h id.resp_p
+1299477605.000000 10.0.0.1 20 10.0.0.2 1027
+1299481195.000000 10.0.0.2 20 10.0.0.3 3
+> test.2011-03-07-07-00-05.ds
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="test" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+
+# Extent, type='test'
+t id.orig_h id.orig_p id.resp_h id.resp_p
+1299481205.000000 10.0.0.1 20 10.0.0.2 1028
+1299484795.000000 10.0.0.2 20 10.0.0.3 4
+> test.2011-03-07-08-00-05.ds
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="test" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+
+# Extent, type='test'
+t id.orig_h id.orig_p id.resp_h id.resp_p
+1299484805.000000 10.0.0.1 20 10.0.0.2 1029
+1299488395.000000 10.0.0.2 20 10.0.0.3 5
+> test.2011-03-07-09-00-05.ds
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="test" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+
+# Extent, type='test'
+t id.orig_h id.orig_p id.resp_h id.resp_p
+1299488405.000000 10.0.0.1 20 10.0.0.2 1030
+1299491995.000000 10.0.0.2 20 10.0.0.3 6
+> test.2011-03-07-10-00-05.ds
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="test" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+
+# Extent, type='test'
+t id.orig_h id.orig_p id.resp_h id.resp_p
+1299492005.000000 10.0.0.1 20 10.0.0.2 1031
+1299495595.000000 10.0.0.2 20 10.0.0.3 7
+> test.2011-03-07-11-00-05.ds
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="test" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+
+# Extent, type='test'
+t id.orig_h id.orig_p id.resp_h id.resp_p
+1299495605.000000 10.0.0.1 20 10.0.0.2 1032
+1299499195.000000 10.0.0.2 20 10.0.0.3 8
+> test.2011-03-07-12-00-05.ds
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="test" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+
+# Extent, type='test'
+t id.orig_h id.orig_p id.resp_h id.resp_p
+1299499205.000000 10.0.0.1 20 10.0.0.2 1033
+1299502795.000000 10.0.0.2 20 10.0.0.3 9

testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.test-logging/ssh.ds.txt

@@ -0,0 +1,34 @@
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="ssh" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="t" pack_relative="t" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+	<field type="variable32" name="status" pack_unique="yes"/>
+	<field type="variable32" name="country" pack_unique="yes"/>
+</ExtentType>
+<!-- t : time -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+<!-- status : string -->
+<!-- country : string -->
+
+# Extent, type='ssh'
+t id.orig_h id.orig_p id.resp_h id.resp_p status country
+1337216256.956476 1.2.3.4 1234 2.3.4.5 80 success unknown
+1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure US
+1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure UK
+1337216256.956476 1.2.3.4 1234 2.3.4.5 80 success BR
+1337216256.956476 1.2.3.4 1234 2.3.4.5 80 failure MX

testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.time-as-int/conn.ds.txt

@@ -0,0 +1,87 @@
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="conn" version="1.0" namespace="bro-ids.org">
+	<field type="int64" name="ts" pack_relative="ts" units="microseconds" epoch="unix"/>
+	<field type="variable32" name="uid" pack_unique="yes"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+	<field type="variable32" name="proto" pack_unique="yes"/>
+	<field type="variable32" name="service" pack_unique="yes"/>
+	<field type="int64" name="duration" pack_relative="duration" units="microseconds" epoch="unix"/>
+	<field type="int64" name="orig_bytes" />
+	<field type="int64" name="resp_bytes" />
+	<field type="variable32" name="conn_state" pack_unique="yes"/>
+	<field type="bool" name="local_orig" />
+	<field type="int64" name="missed_bytes" />
+	<field type="variable32" name="history" pack_unique="yes"/>
+	<field type="int64" name="orig_pkts" />
+	<field type="int64" name="orig_ip_bytes" />
+	<field type="int64" name="resp_pkts" />
+	<field type="int64" name="resp_ip_bytes" />
+</ExtentType>
+<!-- ts : time -->
+<!-- uid : string -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+<!-- proto : enum -->
+<!-- service : string -->
+<!-- duration : interval -->
+<!-- orig_bytes : count -->
+<!-- resp_bytes : count -->
+<!-- conn_state : string -->
+<!-- local_orig : bool -->
+<!-- missed_bytes : count -->
+<!-- history : string -->
+<!-- orig_pkts : count -->
+<!-- orig_ip_bytes : count -->
+<!-- resp_pkts : count -->
+<!-- resp_ip_bytes : count -->
+
+# Extent, type='conn'
+ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes
+1300475167096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 73 0 0
+1300475167097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp  0 0 0 S0 F 0 D 1 199 0 0
+1300475167099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp  0 0 0 S0 F 0 D 1 179 0 0
+1300475168853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 435 0 89 SHR F 0 Cd 0 0 1 117
+1300475168854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 420 0 99 SHR F 0 Cd 0 0 1 127
+1300475168854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 391 0 183 SHR F 0 Cd 0 0 1 211
+1300475168857956 3PKsZ2Uye21 141.142.220.118 32902 141.142.2.2 53 udp dns 317 0 89 SHR F 0 Cd 0 0 1 117
+1300475168858306 VW0XPVINV8a 141.142.220.118 59816 141.142.2.2 53 udp dns 343 0 99 SHR F 0 Cd 0 0 1 127
+1300475168858713 fRFu0wcOle6 141.142.220.118 59714 141.142.2.2 53 udp dns 375 0 183 SHR F 0 Cd 0 0 1 211
+1300475168891644 qSsw6ESzHV4 141.142.220.118 58206 141.142.2.2 53 udp dns 339 0 89 SHR F 0 Cd 0 0 1 117
+1300475168892037 iE6yhOq3SF 141.142.220.118 38911 141.142.2.2 53 udp dns 334 0 99 SHR F 0 Cd 0 0 1 127
+1300475168892414 GSxOnSLghOa 141.142.220.118 59746 141.142.2.2 53 udp dns 420 0 183 SHR F 0 Cd 0 0 1 211
+1300475168893988 qCaWGmzFtM5 141.142.220.118 45000 141.142.2.2 53 udp dns 384 0 89 SHR F 0 Cd 0 0 1 117
+1300475168894422 70MGiRM1Qf4 141.142.220.118 48479 141.142.2.2 53 udp dns 316 0 99 SHR F 0 Cd 0 0 1 127
+1300475168894787 h5DsfNtYzi1 141.142.220.118 48128 141.142.2.2 53 udp dns 422 0 183 SHR F 0 Cd 0 0 1 211
+1300475168901749 P654jzLoe3a 141.142.220.118 56056 141.142.2.2 53 udp dns 402 0 131 SHR F 0 Cd 0 0 1 159
+1300475168902195 Tw8jXtpTGu6 141.142.220.118 55092 141.142.2.2 53 udp dns 374 0 198 SHR F 0 Cd 0 0 1 226
+1300475169899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns 0 0 0 S0 F 0 D 1 85 0 0
+1300475170862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2613016 350 0 S0 F 0 D 7 546 0 0
+1300475171675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 100096 66 0 S0 F 0 D 2 162 0 0
+1300475171677081 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 100020 66 0 S0 F 0 D 2 122 0 0
+1300475173116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 99801 66 0 S0 F 0 D 2 162 0 0
+1300475173117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 99848 66 0 S0 F 0 D 2 122 0 0
+1300475173153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns 0 0 0 S0 F 0 D 1 78 0 0
+1300475168859163 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 tcp  215893 1130 734 S1 F 1130 ShACad 4 216 4 950
+1300475168652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp  61328 0 350 OTH F 0 CdA 1 52 1 402
+1300475168895267 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 tcp  227283 1178 734 S1 F 1178 ShACad 4 216 4 950
+1300475168902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp  120040 534 412 S1 F 534 ShACad 3 164 3 576
+1300475168892936 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 tcp  229603 1148 734 S1 F 1148 ShACad 4 216 4 950
+1300475168855305 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 tcp  218501 1171 733 S1 F 1171 ShACad 4 216 4 949
+1300475168892913 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 tcp  220960 1137 733 S1 F 1137 ShACad 4 216 4 949
+1300475169780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp  0 0 0 OTH F 0 h 0 0 1 48
+1300475168724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp  119904 525 232 S1 F 525 ShACad 3 164 3 396
+1300475168855330 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp  219720 1125 734 S1 F 1125 ShACad 4 216 4 950

testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/conn.ds.txt

@@ -0,0 +1,87 @@
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="conn" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="ts" pack_relative="ts" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="uid" pack_unique="yes"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+	<field type="variable32" name="proto" pack_unique="yes"/>
+	<field type="variable32" name="service" pack_unique="yes"/>
+	<field type="double" name="duration" pack_relative="duration" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="int64" name="orig_bytes" />
+	<field type="int64" name="resp_bytes" />
+	<field type="variable32" name="conn_state" pack_unique="yes"/>
+	<field type="bool" name="local_orig" />
+	<field type="int64" name="missed_bytes" />
+	<field type="variable32" name="history" pack_unique="yes"/>
+	<field type="int64" name="orig_pkts" />
+	<field type="int64" name="orig_ip_bytes" />
+	<field type="int64" name="resp_pkts" />
+	<field type="int64" name="resp_ip_bytes" />
+</ExtentType>
+<!-- ts : time -->
+<!-- uid : string -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+<!-- proto : enum -->
+<!-- service : string -->
+<!-- duration : interval -->
+<!-- orig_bytes : count -->
+<!-- resp_bytes : count -->
+<!-- conn_state : string -->
+<!-- local_orig : bool -->
+<!-- missed_bytes : count -->
+<!-- history : string -->
+<!-- orig_pkts : count -->
+<!-- orig_ip_bytes : count -->
+<!-- resp_pkts : count -->
+<!-- resp_ip_bytes : count -->
+
+# Extent, type='conn'
+ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes
+1300475167.096535 UWkUyAuUGXf 141.142.220.202 5353 224.0.0.251 5353 udp dns 0.000000 0 0 S0 F 0 D 1 73 0 0
+1300475167.097012 arKYeMETxOg fe80::217:f2ff:fed7:cf65 5353 ff02::fb 5353 udp  0.000000 0 0 S0 F 0 D 1 199 0 0
+1300475167.099816 k6kgXLOoSKl 141.142.220.50 5353 224.0.0.251 5353 udp  0.000000 0 0 S0 F 0 D 1 179 0 0
+1300475168.853899 TEfuqmmG4bh 141.142.220.118 43927 141.142.2.2 53 udp dns 0.000435 0 89 SHR F 0 Cd 0 0 1 117
+1300475168.854378 FrJExwHcSal 141.142.220.118 37676 141.142.2.2 53 udp dns 0.000420 0 99 SHR F 0 Cd 0 0 1 127
+1300475168.854837 5OKnoww6xl4 141.142.220.118 40526 141.142.2.2 53 udp dns 0.000392 0 183 SHR F 0 Cd 0 0 1 211
+1300475168.857956 3PKsZ2Uye21 141.142.220.118 32902 141.142.2.2 53 udp dns 0.000317 0 89 SHR F 0 Cd 0 0 1 117
+1300475168.858306 VW0XPVINV8a 141.142.220.118 59816 141.142.2.2 53 udp dns 0.000343 0 99 SHR F 0 Cd 0 0 1 127
+1300475168.858713 fRFu0wcOle6 141.142.220.118 59714 141.142.2.2 53 udp dns 0.000375 0 183 SHR F 0 Cd 0 0 1 211
+1300475168.891644 qSsw6ESzHV4 141.142.220.118 58206 141.142.2.2 53 udp dns 0.000339 0 89 SHR F 0 Cd 0 0 1 117
+1300475168.892037 iE6yhOq3SF 141.142.220.118 38911 141.142.2.2 53 udp dns 0.000335 0 99 SHR F 0 Cd 0 0 1 127
+1300475168.892414 GSxOnSLghOa 141.142.220.118 59746 141.142.2.2 53 udp dns 0.000421 0 183 SHR F 0 Cd 0 0 1 211
+1300475168.893988 qCaWGmzFtM5 141.142.220.118 45000 141.142.2.2 53 udp dns 0.000384 0 89 SHR F 0 Cd 0 0 1 117
+1300475168.894422 70MGiRM1Qf4 141.142.220.118 48479 141.142.2.2 53 udp dns 0.000317 0 99 SHR F 0 Cd 0 0 1 127
+1300475168.894787 h5DsfNtYzi1 141.142.220.118 48128 141.142.2.2 53 udp dns 0.000423 0 183 SHR F 0 Cd 0 0 1 211
+1300475168.901749 P654jzLoe3a 141.142.220.118 56056 141.142.2.2 53 udp dns 0.000402 0 131 SHR F 0 Cd 0 0 1 159
+1300475168.902195 Tw8jXtpTGu6 141.142.220.118 55092 141.142.2.2 53 udp dns 0.000374 0 198 SHR F 0 Cd 0 0 1 226
+1300475169.899438 BWaU4aSuwkc 141.142.220.44 5353 224.0.0.251 5353 udp dns 0.000000 0 0 S0 F 0 D 1 85 0 0
+1300475170.862384 10XodEwRycf 141.142.220.226 137 141.142.220.255 137 udp dns 2.613017 350 0 S0 F 0 D 7 546 0 0
+1300475171.675372 zno26fFZkrh fe80::3074:17d5:2052:c324 65373 ff02::1:3 5355 udp dns 0.100096 66 0 S0 F 0 D 2 162 0 0
+1300475171.677081 v5rgkJBig5l 141.142.220.226 55131 224.0.0.252 5355 udp dns 0.100021 66 0 S0 F 0 D 2 122 0 0
+1300475173.116749 eWZCH7OONC1 fe80::3074:17d5:2052:c324 54213 ff02::1:3 5355 udp dns 0.099801 66 0 S0 F 0 D 2 162 0 0
+1300475173.117362 0Pwk3ntf8O3 141.142.220.226 55671 224.0.0.252 5355 udp dns 0.099849 66 0 S0 F 0 D 2 122 0 0
+1300475173.153679 0HKorjr8Zp7 141.142.220.238 56641 141.142.220.255 137 udp dns 0.000000 0 0 S0 F 0 D 1 78 0 0
+1300475168.859163 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 tcp  0.215893 1130 734 S1 F 1130 ShACad 4 216 4 950
+1300475168.652003 nQcgTWjvg4c 141.142.220.118 35634 208.80.152.2 80 tcp  0.061329 0 350 OTH F 0 CdA 1 52 1 402
+1300475168.895267 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 tcp  0.227284 1178 734 S1 F 1178 ShACad 4 216 4 950
+1300475168.902635 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 tcp  0.120041 534 412 S1 F 534 ShACad 3 164 3 576
+1300475168.892936 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 tcp  0.229603 1148 734 S1 F 1148 ShACad 4 216 4 950
+1300475168.855305 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 tcp  0.218501 1171 733 S1 F 1171 ShACad 4 216 4 949
+1300475168.892913 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 tcp  0.220961 1137 733 S1 F 1137 ShACad 4 216 4 949
+1300475169.780331 2cx26uAvUPl 141.142.220.235 6705 173.192.163.128 80 tcp  0.000000 0 0 OTH F 0 h 0 0 1 48
+1300475168.724007 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 tcp  0.119905 525 232 S1 F 525 ShACad 3 164 3 396
+1300475168.855330 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 tcp  0.219720 1125 734 S1 F 1125 ShACad 4 216 4 950

testing/btest/Baseline/scripts.base.frameworks.logging.dataseries.wikipedia/http.ds.txt

@@ -0,0 +1,81 @@
+# Extent Types ...
+<ExtentType name="DataSeries: ExtentIndex">
+  <field type="int64" name="offset" />
+  <field type="variable32" name="extenttype" />
+</ExtentType>
+
+<ExtentType name="DataSeries: XmlType">
+  <field type="variable32" name="xmltype" />
+</ExtentType>
+
+<ExtentType name="http" version="1.0" namespace="bro-ids.org">
+	<field type="double" name="ts" pack_relative="ts" pack_scale="1e-6" print_format="%.6f" pack_scale_warn="no"/>
+	<field type="variable32" name="uid" pack_unique="yes"/>
+	<field type="variable32" name="id.orig_h" pack_unique="yes"/>
+	<field type="int64" name="id.orig_p" />
+	<field type="variable32" name="id.resp_h" pack_unique="yes"/>
+	<field type="int64" name="id.resp_p" />
+	<field type="int64" name="trans_depth" />
+	<field type="variable32" name="method" pack_unique="yes"/>
+	<field type="variable32" name="host" pack_unique="yes"/>
+	<field type="variable32" name="uri" pack_unique="yes"/>
+	<field type="variable32" name="referrer" pack_unique="yes"/>
+	<field type="variable32" name="user_agent" pack_unique="yes"/>
+	<field type="int64" name="request_body_len" />
+	<field type="int64" name="response_body_len" />
+	<field type="int64" name="status_code" />
+	<field type="variable32" name="status_msg" pack_unique="yes"/>
+	<field type="int64" name="info_code" />
+	<field type="variable32" name="info_msg" pack_unique="yes"/>
+	<field type="variable32" name="filename" pack_unique="yes"/>
+	<field type="variable32" name="tags" pack_unique="yes"/>
+	<field type="variable32" name="username" pack_unique="yes"/>
+	<field type="variable32" name="password" pack_unique="yes"/>
+	<field type="variable32" name="proxied" pack_unique="yes"/>
+	<field type="variable32" name="mime_type" pack_unique="yes"/>
+	<field type="variable32" name="md5" pack_unique="yes"/>
+	<field type="variable32" name="extraction_file" pack_unique="yes"/>
+</ExtentType>
+<!-- ts : time -->
+<!-- uid : string -->
+<!-- id.orig_h : addr -->
+<!-- id.orig_p : port -->
+<!-- id.resp_h : addr -->
+<!-- id.resp_p : port -->
+<!-- trans_depth : count -->
+<!-- method : string -->
+<!-- host : string -->
+<!-- uri : string -->
+<!-- referrer : string -->
+<!-- user_agent : string -->
+<!-- request_body_len : count -->
+<!-- response_body_len : count -->
+<!-- status_code : count -->
+<!-- status_msg : string -->
+<!-- info_code : count -->
+<!-- info_msg : string -->
+<!-- filename : string -->
+<!-- tags : table[enum] -->
+<!-- username : string -->
+<!-- password : string -->
+<!-- proxied : table[string] -->
+<!-- mime_type : string -->
+<!-- md5 : string -->
+<!-- extraction_file : file -->
+
+# Extent, type='http'
+ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file
+1300475168.843894 j4u32Pc5bif 141.142.220.118 48649 208.80.152.118 80 0      0 0 304 Not Modified 0         
+1300475168.975800 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475168.976327 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475168.979160 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475169.012666 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475169.012730 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475169.014860 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475169.022665 i2rO3KD1Syg 141.142.220.118 35642 208.80.152.2 80 0      0 0 304 Not Modified 0         
+1300475169.036294 c4Zw9TmAE05 141.142.220.118 49997 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475169.036798 EAr0uf4mhq 141.142.220.118 49996 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475169.039923 GvmoxJFXdTa 141.142.220.118 49998 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475169.074793 0Q4FH8sESw5 141.142.220.118 50000 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475169.074938 slFea8xwSmb 141.142.220.118 49999 208.80.152.3 80 0      0 0 304 Not Modified 0         
+1300475169.075065 UfGkYA2HI2g 141.142.220.118 50001 208.80.152.3 80 0      0 0 304 Not Modified 0         

testing/btest/Baseline/scripts.base.frameworks.logging.path-func-column-demote/local.log

@@ -5,15 +5,15 @@
 #path	local
 #fields	ts	id.orig_h
 #types	time	addr
-1300475168.855330	141.142.220.118
+1300475168.859163	141.142.220.118
 1300475168.652003	141.142.220.118
 1300475168.895267	141.142.220.118
+1300475168.902635	141.142.220.118
+1300475168.892936	141.142.220.118
 1300475168.855305	141.142.220.118
-1300475168.859163	141.142.220.118
 1300475168.892913	141.142.220.118
 1300475168.724007	141.142.220.118
-1300475168.892936	141.142.220.118
-1300475168.902635	141.142.220.118
+1300475168.855330	141.142.220.118
 1300475168.891644	141.142.220.118
 1300475170.862384	141.142.220.226
 1300475168.853899	141.142.220.118

testing/btest/Baseline/scripts.base.frameworks.logging.rotate-custom/.stderr

@@ -1,10 +1,10 @@
-1st test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0
-1st test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0
-1st test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0
-1st test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0
-1st test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0
-1st test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0
-1st test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0
-1st test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0
-1st test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0
-1st test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
+1st test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0 ascii
+1st test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0 ascii
+1st test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0 ascii
+1st test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0 ascii
+1st test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0 ascii
+1st test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0 ascii
+1st test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0 ascii
+1st test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0 ascii
+1st test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0 ascii
+1st test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 ascii

testing/btest/Baseline/scripts.base.frameworks.logging.rotate/out

@@ -1,13 +1,13 @@
-test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0
-test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0
-test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0
-test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0
-test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0
-test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0
-test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0
-test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0
-test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0
-test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1
+test.2011-03-07-03-00-05.log test 11-03-07_03.00.05 11-03-07_04.00.05 0 ascii
+test.2011-03-07-04-00-05.log test 11-03-07_04.00.05 11-03-07_05.00.05 0 ascii
+test.2011-03-07-05-00-05.log test 11-03-07_05.00.05 11-03-07_06.00.05 0 ascii
+test.2011-03-07-06-00-05.log test 11-03-07_06.00.05 11-03-07_07.00.05 0 ascii
+test.2011-03-07-07-00-05.log test 11-03-07_07.00.05 11-03-07_08.00.05 0 ascii
+test.2011-03-07-08-00-05.log test 11-03-07_08.00.05 11-03-07_09.00.05 0 ascii
+test.2011-03-07-09-00-05.log test 11-03-07_09.00.05 11-03-07_10.00.05 0 ascii
+test.2011-03-07-10-00-05.log test 11-03-07_10.00.05 11-03-07_11.00.05 0 ascii
+test.2011-03-07-11-00-05.log test 11-03-07_11.00.05 11-03-07_12.00.05 0 ascii
+test.2011-03-07-12-00-05.log test 11-03-07_12.00.05 11-03-07_12.59.55 1 ascii
 > test.2011-03-07-03-00-05.log
 #separator \x09
 #set_separator	,

testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat

@@ -0,0 +1,22 @@
+USER anonymous
+PASS test
+SYST
+FEAT
+PWD
+EPSV
+LIST
+EPSV
+NLST
+TYPE I
+SIZE robots.txt
+EPSV
+RETR robots.txt
+MDTM robots.txt
+SIZE robots.txt
+EPRT |2|2001:470:1f11:81f:c999:d94:aa7c:2e3e|49189|
+RETR robots.txt
+MDTM robots.txt
+TYPE A
+EPRT |2|2001:470:1f11:81f:c999:d94:aa7c:2e3e|49190|
+LIST
+QUIT

testing/btest/Baseline/scripts.base.protocols.conn.contents-default-extract/contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat

@@ -0,0 +1,73 @@
+220 ftp.NetBSD.org FTP server (NetBSD-ftpd 20100320) ready.
+331 Guest login ok, type your name as password.
+230-
+    The NetBSD Project FTP Server located in Redwood City, CA, USA
+    1 Gbps connectivity courtesy of                          ,        ,
+    Internet Systems Consortium                 WELCOME!    /(        )`
+                                                            \ \___   / |
+      +--- Currently Supported Platforms ----+              /- _  `-/  '
+      |  acorn[26,32], algor, alpha, amd64,  |             (/\/ \ \   /\
+      |   amiga[,ppc], arc, atari, bebox,    |             / /   | `    \
+      |   cats, cesfic, cobalt, dreamcast,   |             O O   ) /    |
+      |  evb[arm,mips,ppc,sh3], hp[300,700], |             `-^--'`<     '
+      |       hpc[arm,mips,sh], i386,        |            (_.)  _  )   /
+      |      ibmnws, iyonix, luna68k,        |              .___/`    /
+      |    mac[m68k,ppc], mipsco, mmeye,     |               `-----' /
+      |      mvme[m68k,ppc], netwinders,     |  <----.     __ / __   \
+      |   news[m68k,mips], next68k, ofppc,   |  <----|====O)))==) \) /====
+      | playstation2, pmax, prep, sandpoint, |  <----'    `--' `.__,' \
+      |  sbmips, sgimips, shark, sparc[,64], |               |        |
+      |      sun[2,3], vax, x68k, xen        |                \       /
+      +--------------------------------------+           ______( (_  / \_____
+      See our website at http://www.NetBSD.org/        ,'  ,-----'   |       \
+       We log all FTP transfers and commands.          `--{__________)  (FL) \/
+230-
+    EXPORT NOTICE
+    
+    Please note that portions of this FTP site contain cryptographic
+    software controlled under the Export Administration Regulations (EAR).
+    
+    None of this software may be downloaded or otherwise exported or
+    re-exported into (or to a national or resident of) Cuba, Iran, Libya,
+    Sudan, North Korea, Syria or any other country to which the U.S. has
+    embargoed goods.
+    
+    By downloading or using said software, you are agreeing to the
+    foregoing and you are representing and warranting that you are not
+    located in, under the control of, or a national or resident of any
+    such country or on any such list.
+230 Guest login ok, access restrictions apply.
+215 UNIX Type: L8 Version: NetBSD-ftpd 20100320
+211-Features supported
+ MDTM
+ MLST Type*;Size*;Modify*;Perm*;Unique*;
+ REST STREAM
+ SIZE
+ TVFS
+211 End
+257 "/" is the current directory.
+229 Entering Extended Passive Mode (|||57086|)
+150 Opening ASCII mode data connection for '/bin/ls'.
+226 Transfer complete.
+229 Entering Extended Passive Mode (|||57087|)
+150 Opening ASCII mode data connection for 'file list'.
+226 Transfer complete.
+200 Type set to I.
+213 77
+229 Entering Extended Passive Mode (|||57088|)
+150 Opening BINARY mode data connection for 'robots.txt' (77 bytes).
+226 Transfer complete.
+213 20090816112038
+213 77
+200 EPRT command successful.
+150 Opening BINARY mode data connection for 'robots.txt' (77 bytes).
+226 Transfer complete.
+213 20090816112038
+200 Type set to A.
+200 EPRT command successful.
+150 Opening ASCII mode data connection for '/bin/ls'.
+226 Transfer complete.
+221-
+    Data traffic for this session was 154 bytes in 2 files.
+    Total traffic for this session was 4512 bytes in 5 transfers.
+221 Thank you for using the FTP service on ftp.NetBSD.org.

testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log

@@ -0,0 +1,8 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	subject	issuer_subject	not_valid_before	not_valid_after	last_alert
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	time	time	string
+1335538392.319381	UWkUyAuUGXf	192.168.1.105	62045	74.125.224.79	443	TLSv10	TLS_ECDHE_RSA_WITH_RC4_128_SHA	ssl.gstatic.com	-	CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority,O=Google Inc,C=US	1334102677.000000	1365639277.000000	-

testing/btest/bifs/md5.test

@@ -0,0 +1,16 @@
+# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+print md5_hash("one");
+print md5_hash("one", "two", "three");
+
+md5_hash_init("a");
+md5_hash_init("b");
+
+md5_hash_update("a", "one");
+md5_hash_update("b", "one");
+md5_hash_update("b", "two");
+md5_hash_update("b", "three");
+
+print md5_hash_finish("a");
+print md5_hash_finish("b");

testing/btest/bifs/sha1.test

@@ -0,0 +1,16 @@
+# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+print sha1_hash("one");
+print sha1_hash("one", "two", "three");
+
+sha1_hash_init("a");
+sha1_hash_init("b");
+
+sha1_hash_update("a", "one");
+sha1_hash_update("b", "one");
+sha1_hash_update("b", "two");
+sha1_hash_update("b", "three");
+
+print sha1_hash_finish("a");
+print sha1_hash_finish("b");

testing/btest/bifs/sha256.test

@@ -0,0 +1,16 @@
+# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+print sha256_hash("one");
+print sha256_hash("one", "two", "three");
+
+sha256_hash_init("a");
+sha256_hash_init("b");
+
+sha256_hash_update("a", "one");
+sha256_hash_update("b", "one");
+sha256_hash_update("b", "two");
+sha256_hash_update("b", "three");
+
+print sha256_hash_finish("a");
+print sha256_hash_finish("b");

testing/btest/core/checksums.test

@@ -1,23 +1,42 @@
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-bad-chksum.pcap
+# @TEST-EXEC: mv weird.log bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
 
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-tcp-good-chksum.pcap
+# @TEST-EXEC: mv weird.log good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-udp-good-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/ip4-icmp-good-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-tcp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-udp-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap
+# @TEST-EXEC: cat weird.log >> good.out
 
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip4-icmp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-route0-icmp6-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-tcp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-udp-good-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-icmp6-good-chksum.pcap >>good.out 2>&1
 # @TEST-EXEC: btest-diff bad.out
 # @TEST-EXEC: btest-diff good.out

testing/btest/core/disable-mobile-ipv6.test

@@ -1,6 +1,6 @@
 # @TEST-REQUIRES: grep -q "#undef ENABLE_MOBILE_IPV6" $BUILD/config.h
-# @TEST-EXEC: bro -b -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT >output 2>&1
-# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: bro -r $TRACES/mobile-ipv6/mip6_back.trace %INPUT
+# @TEST-EXEC: btest-diff weird.log
 
 event mobile_ipv6_message(p: pkt_hdr)
 	{

testing/btest/core/file-caching-serialization.test

@@ -0,0 +1,49 @@
+# This checks that the interactions between open-file caching and
+# serialization works ok.  In the first case, all files can fit
+# in the cache, but get serialized before every write.  In the
+# second case, files are eventually forced out of the cache and
+# undergo serialization, which requires re-opening.
+
+# @TEST-EXEC: bro -b %INPUT "test_file_prefix=one"
+# @TEST-EXEC: btest-diff one0
+# @TEST-EXEC: btest-diff one1
+# @TEST-EXEC: btest-diff one2
+# @TEST-EXEC: bro -b %INPUT "test_file_prefix=two" "max_files_in_cache=2"
+# @TEST-EXEC: btest-diff two0
+# @TEST-EXEC: btest-diff two1
+# @TEST-EXEC: btest-diff two2
+
+const test_file_prefix = "" &redef;
+global file_table: table[string] of file;
+global iterations: vector of count = vector(0,1,2,3,4,5,6,7,8);
+
+function write_to_file(c: count)
+	{
+	local f: file;
+	# Take turns writing across three output files.
+	local filename = fmt("%s%s", test_file_prefix, c % 3 );
+
+	if ( filename in file_table )
+		f = file_table[filename];
+	else
+		{
+		f = open(filename);
+		file_table[filename] = f;
+		}
+
+	# This when block is a trick to get the frame cloned
+	# and thus serialize the local file value
+	when ( local s = fmt("write %d", c) )
+		print f, s;
+	}
+
+event file_opened(f: file)
+	{
+	print f, "opened";
+	}
+
+event bro_init()
+	{
+	for ( i in iterations )
+		write_to_file(iterations[i]);
+	}

testing/btest/core/icmp/icmp6-events.test

@@ -88,9 +88,12 @@ event icmp_neighbor_solicitation(c: connection, icmp: icmp_conn, tgt: addr)
     print "  icmp_conn: " + fmt("%s", icmp);
     }
 
-event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, tgt:addr)
+event icmp_neighbor_advertisement(c: connection, icmp: icmp_conn, router: bool, solicited: bool, override: bool, tgt: addr)
     {
     print "icmp_neighbor_advertisement (tgt=" + fmt("%s", tgt) + ")";
+	print "    router=" + fmt("%s", router);
+	print "    solicited=" + fmt("%s", solicited);
+	print "    override=" + fmt("%s", override);
     print "  conn_id: " + fmt("%s", c$id);
     print "  icmp_conn: " + fmt("%s", icmp);
     }
@@ -102,9 +105,19 @@ event icmp_router_solicitation(c: connection, icmp: icmp_conn)
     print "  icmp_conn: " + fmt("%s", icmp);
     }
 
-event icmp_router_advertisement(c: connection, icmp: icmp_conn, hop_limit: count, managed: bool, router_lifetime: count, reachable_time: interval, retrans_timer: interval)
+event icmp_router_advertisement(c: connection, icmp: icmp_conn, cur_hop_limit: count, managed: bool, other: bool, home_agent: bool, pref: count, proxy: bool, rsv: count, router_lifetime: interval, reachable_time: interval, retrans_timer: interval)
     {
-    print "icmp_router_advertisement (hop_limit=" + fmt("%d", hop_limit) + ", managed=" + fmt("%s", managed) + ", rlifetime=" + fmt("%d", router_lifetime) + ", reachable=" + fmt("%f", reachable_time) + ", retrans=" + fmt("%f", retrans_timer) + ")";
+    print "icmp_router_advertisement";
+	print "    cur_hop_limit=" + fmt("%s", cur_hop_limit);
+	print "    managed=" + fmt("%s", managed);
+	print "    other=" + fmt("%s", other);
+	print "    home_agent=" + fmt("%s", home_agent);
+	print "    pref=" + fmt("%s", pref);
+	print "    proxy=" + fmt("%s", proxy);
+	print "    rsv=" + fmt("%s", rsv);
+	print "    router_lifetime=" + fmt("%s", router_lifetime);
+	print "    reachable_time=" + fmt("%s", reachable_time);
+	print "    retrans_timer=" + fmt("%s", retrans_timer);
     print "  conn_id: " + fmt("%s", c$id);
     print "  icmp_conn: " + fmt("%s", icmp);
     }

testing/btest/core/leaks/dataseries-rotate.bro

@@ -0,0 +1,35 @@
+#
+# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-GROUP: leaks
+# @TEST-GROUP: dataseries
+#
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/rotation.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES
+
+module Test;
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { LOG };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+	} &log;
+}
+
+redef Log::default_rotation_interval = 1hr;
+redef Log::default_rotation_postprocessor_cmd = "echo";
+
+event bro_init()
+{
+	Log::create_stream(Test::LOG, [$columns=Log]);
+}
+
+event new_connection(c: connection)
+	{
+	Log::write(Test::LOG, [$t=network_time(), $id=c$id]);
+	}

testing/btest/core/leaks/dataseries.bro

@@ -0,0 +1,10 @@
+# Needs perftools support.
+#
+# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
+# @TEST-REQUIRES: bro  --help 2>&1 | grep -q mem-leaks
+#
+# @TEST-GROUP: leaks
+# @TEST-GROUP: dataseries
+#
+# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks
+# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES

testing/btest/core/mobility-checksums.test

@@ -1,9 +1,15 @@
 # @TEST-REQUIRES: grep -q "#define ENABLE_MOBILE_IPV6" $BUILD/config.h
-# @TEST-EXEC: bro -b -r $TRACES/chksums/mip6-bad-mh-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-hoa-udp-bad-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/mip6-good-mh-chksum.pcap >>good.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-hoa-tcp-good-chksum.pcap >>bad.out 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/chksums/ip6-hoa-udp-good-chksum.pcap >>bad.out 2>&1
+# @TEST-EXEC: bro -r $TRACES/chksums/mip6-bad-mh-chksum.pcap
+# @TEST-EXEC: mv weird.log bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-udp-bad-chksum.pcap
+# @TEST-EXEC: cat weird.log >> bad.out
+# @TEST-EXEC: rm weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/mip6-good-mh-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-tcp-good-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
+# @TEST-EXEC: bro -r $TRACES/chksums/ip6-hoa-udp-good-chksum.pcap
+# @TEST-EXEC: test ! -e weird.log
 # @TEST-EXEC: btest-diff bad.out
-# @TEST-EXEC: btest-diff good.out

testing/btest/core/truncation.test

@@ -1,6 +1,9 @@
 # Truncated IP packet's should not be analyzed, and generate truncated_IP weird
 
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip4-trunc.pcap >>output 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-trunc.pcap >>output 2>&1
-# @TEST-EXEC: bro -b -r $TRACES/trunc/ip6-ext-trunc.pcap >>output 2>&1
+# @TEST-EXEC: bro -r $TRACES/trunc/ip4-trunc.pcap
+# @TEST-EXEC: mv weird.log output
+# @TEST-EXEC: bro -r $TRACES/trunc/ip6-trunc.pcap
+# @TEST-EXEC: cat weird.log >> output
+# @TEST-EXEC: bro -r $TRACES/trunc/ip6-ext-trunc.pcap
+# @TEST-EXEC: cat weird.log >> output
 # @TEST-EXEC: btest-diff output

testing/btest/coverage/doc.test

@@ -1,7 +1,10 @@
 # This tests that we're generating bro script documentation for all the
 # available bro scripts.  If this fails, then the genDocSources.sh needs
 # to be run to produce a new DocSourcesList.cmake or genDocSources.sh needs
-# to be updated to blacklist undesired scripts.
+# to be updated to blacklist undesired scripts. To update, run the
+# top-level Makefile:
+#
+#   make update-doc-sources
 #
 # @TEST-EXEC: $DIST/doc/scripts/genDocSourcesList.sh
 # @TEST-EXEC: cmp $DIST/doc/scripts/DocSourcesList.cmake ./DocSourcesList.cmake

testing/btest/istate/broccoli-ipv6.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 #

testing/btest/istate/broccoli.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 #

testing/btest/istate/events-ssl.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender   bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro

testing/btest/istate/events.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender   bro -C -r $TRACES/web.trace --pseudo-realtime ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro ../receiver.bro

testing/btest/istate/pybroccoli.py

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
 # @TEST-REQUIRES: test -e $BUILD/aux/broccoli/bindings/broccoli-python/_broccoli_intern.so

testing/btest/istate/sync.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender   bro %INPUT ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro %INPUT ../receiver.bro

testing/btest/scripts/base/frameworks/cluster/start-it-up.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT

testing/btest/scripts/base/frameworks/communication/communication_log_baseline.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run receiver bro -b ../receiver.bro
 # @TEST-EXEC: btest-bg-run sender   bro -b ../sender.bro

testing/btest/scripts/base/frameworks/control/configuration_update.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65531/tcp 
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT test-redef frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65531/tcp Control::cmd=configuration_update

testing/btest/scripts/base/frameworks/control/id_value.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run controllee  BROPATH=$BROPATH:.. bro %INPUT only-for-controllee frameworks/control/controllee Communication::listen_port=65532/tcp 
 # @TEST-EXEC: btest-bg-run controller  BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65532/tcp Control::cmd=id_value Control::arg=test_var

testing/btest/scripts/base/frameworks/control/shutdown.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run controllee BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controllee Communication::listen_port=65530/tcp 
 # @TEST-EXEC: btest-bg-run controller BROPATH=$BROPATH:.. bro %INPUT frameworks/control/controller Control::host=127.0.0.1 Control::host_port=65530/tcp Control::cmd=shutdown

testing/btest/scripts/base/frameworks/logging/dataseries/options.bro

@@ -0,0 +1,44 @@
+#
+# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
+# @TEST-GROUP: dataseries
+#
+# @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES
+# @TEST-EXEC: test -e ssh.ds.xml
+# @TEST-EXEC: btest-diff ssh.ds.xml
+
+module SSH;
+
+redef LogDataSeries::dump_schema = T;
+
+# Haven't yet found a way to check for the effect of these.
+redef LogDataSeries::compression = "bz2";
+redef LogDataSeries::extent_size = 1000;
+redef LogDataSeries::num_threads = 5;
+
+# LogDataSeries::use_integer_for_time is tested separately.
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH::LOG, [$columns=Log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro

@@ -0,0 +1,34 @@
+#
+# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
+# @TEST-GROUP: dataseries
+#
+# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT 2>&1 Log::default_writer=Log::WRITER_DATASERIES | grep "test" >out
+# @TEST-EXEC: for i in test.*.ds; do printf '> %s\n' $i; ds2txt --skip-index $i; done >>out
+# @TEST-EXEC: btest-diff out
+
+module Test;
+
+export {
+	# Create a new ID for our log stream
+	redef enum Log::ID += { LOG };
+
+	# Define a record with all the columns the log file can have.
+	# (I'm using a subset of fields from ssh-ext for demonstration.)
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+	} &log;
+}
+
+redef Log::default_rotation_interval = 1hr;
+redef Log::default_rotation_postprocessor_cmd = "echo";
+
+event bro_init()
+{
+	Log::create_stream(Test::LOG, [$columns=Log]);
+}
+
+event new_connection(c: connection)
+	{
+	Log::write(Test::LOG, [$t=network_time(), $id=c$id]);
+	}

testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro

@@ -0,0 +1,35 @@
+#
+# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
+# @TEST-GROUP: dataseries
+#
+# @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES
+# @TEST-EXEC: ds2txt --skip-index ssh.ds >ssh.ds.txt
+# @TEST-EXEC: btest-diff ssh.ds.txt
+
+module SSH;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Log: record {
+		t: time;
+		id: conn_id; # Will be rolled out into individual columns.
+		status: string &optional;
+		country: string &default="unknown";
+	} &log;
+}
+
+event bro_init()
+{
+	Log::create_stream(SSH::LOG, [$columns=Log]);
+
+    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
+
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
+	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
+	
+}
+

testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro

@@ -0,0 +1,9 @@
+#
+# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
+# @TEST-GROUP: dataseries
+#
+# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES
+# @TEST-EXEC: ds2txt --skip-index conn.ds >conn.ds.txt
+# @TEST-EXEC: btest-diff conn.ds.txt
+
+redef LogDataSeries::use_integer_for_time = T;

testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro

@@ -0,0 +1,9 @@
+#
+# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
+# @TEST-GROUP: dataseries
+#
+# @TEST-EXEC: bro -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES
+# @TEST-EXEC: ds2txt --skip-index conn.ds >conn.ds.txt
+# @TEST-EXEC: ds2txt --skip-index http.ds >http.ds.txt
+# @TEST-EXEC: btest-diff conn.ds.txt
+# @TEST-EXEC: btest-diff http.ds.txt

testing/btest/scripts/base/frameworks/logging/remote-types.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro
 # @TEST-EXEC: btest-bg-run receiver bro --pseudo-realtime %INPUT ../receiver.bro

testing/btest/scripts/base/frameworks/logging/remote.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run sender bro --pseudo-realtime %INPUT ../sender.bro
 # @TEST-EXEC: sleep 1

testing/btest/scripts/base/frameworks/logging/rotate-custom.bro

@@ -1,5 +1,5 @@
 #
-# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT | egrep "test|test2" | sort >out
+#@TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT | egrep "test|test2" | sort >out
 # @TEST-EXEC: for i in `ls test*.log | sort`; do printf '> %s\n' $i; cat $i; done | sort | uniq >>out
 # @TEST-EXEC: btest-diff out
 # @TEST-EXEC: btest-diff .stderr

testing/btest/scripts/base/frameworks/logging/rotate.bro

@@ -1,6 +1,6 @@
 #
-# @TEST-EXEC: bro -b -r %DIR/rotation.trace %INPUT 2>&1 | grep "test" >out
-# @TEST-EXEC: for i in test.*.log; do printf '> %s\n' $i; cat $i; done >>out
+# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT 2>&1 | grep "test" >out
+# @TEST-EXEC: for i in `ls test.*.log | sort`; do printf '> %s\n' $i; cat $i; done >>out
 # @TEST-EXEC: btest-diff out
 
 module Test;

testing/btest/scripts/base/frameworks/metrics/basic-cluster.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT

testing/btest/scripts/base/frameworks/metrics/cluster-intermediate-update.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT

testing/btest/scripts/base/frameworks/notice/cluster.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT

testing/btest/scripts/base/frameworks/notice/suppression-cluster.bro

@@ -1,4 +1,4 @@
-# @TEST-GROUP: comm
+# @TEST-SERIALIZE: comm
 #
 # @TEST-EXEC: btest-bg-run manager-1 BROPATH=$BROPATH:.. CLUSTER_NODE=manager-1 bro %INPUT
 # @TEST-EXEC: btest-bg-run proxy-1   BROPATH=$BROPATH:.. CLUSTER_NODE=proxy-1 bro %INPUT

testing/btest/scripts/base/protocols/conn/contents-default-extract.test

@@ -0,0 +1,3 @@
+# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ipv6-ftp.trace "Conn::default_extract=T"
+# @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat
+# @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat

testing/btest/scripts/base/protocols/ssl/basic.test

@@ -0,0 +1,4 @@
+# This tests a normal SSL connection and the log it outputs.
+
+# @TEST-EXEC: bro -r $TRACES/tls-conn-with-extensions.trace %INPUT
+# @TEST-EXEC: btest-diff ssl.log

testing/external/Makefile

@@ -6,11 +6,11 @@ DIAG=diag.log
 
 all:
 	@rm -f $(DIAG)
-	@for repo in $(REPOS); do (cd $$repo && make ); done
+	@for repo in $(REPOS); do (cd $$repo && make -s ); done
 
 brief:
 	@rm -f $(DIAG)
-	@for repo in $(REPOS); do (cd $$repo && make brief ); done
+	@for repo in $(REPOS); do (cd $$repo && make -s brief ); done
 
 init:
 	git clone $(PUBLIC_REPO)

testing/external/scripts/update-traces

@@ -69,9 +69,9 @@ cat $cfg | while read line; do
         eval "$proxy curl $auth -f --anyauth $url -o $file"
         echo
         mv $fp.tmp $fp
-    else
-        echo "`basename $file` already available."
-    fi
+     #else
+     #  echo "`basename $file` already available."
+     fi
 
     rm -f $fp.tmp
 

testing/external/subdir-btest.cfg

@@ -10,7 +10,7 @@ BROPATH=`bash -c %(testbase)s/../../../build/bro-path-dev`:%(testbase)s/../scrip
 BRO_SEED_FILE=%(testbase)s/../random.seed
 TZ=UTC
 LC_ALL=C
-PATH=%(testbase)s/../../../build/src:%(testbase)s/../../../aux/btest:%(default_path)s
+PATH=%(testbase)s/../../../build/src:%(testbase)s/../../../aux/btest:%(testbase)s/../../scripts:%(default_path)s
 TEST_DIFF_CANONIFIER=%(testbase)s/../../scripts/diff-canonifier-external
 TEST_DIFF_BRIEF=1
 TRACES=%(testbase)s/Traces

testing/scripts/has-writer

@@ -0,0 +1,6 @@
+#! /usr/bin/env bash
+#
+# Returns true if Bro has been compiled with support for writer type
+# $1. The type name must match what "bro --help" prints.
+
+bro --helper 2>&1 | grep -qi "Supported log formats:.*$1"