Fixing tests.

Part of this involves making the file-analysis tests independent of
specific hash values. I've done that only partially though.

doc/scripts/DocSourcesList.cmake

@@ -16,15 +16,63 @@ rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro internal)
 rest_target(${psd} base/init-default.bro internal)
 rest_target(${psd} base/init-bare.bro internal)
 
-rest_target(${CMAKE_BINARY_DIR}/src base/bro.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/analyzer.bif.bro)
-rest_target(${CMAKE_BINARY_DIR}/src base/const.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/bro.bif.bro)
-rest_target(${CMAKE_BINARY_DIR}/src base/event.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/const.bif.bro)
-rest_target(${CMAKE_BINARY_DIR}/src base/file_analysis.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/event.bif.bro)
-rest_target(${CMAKE_BINARY_DIR}/src base/input.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/file_analysis.bif.bro)
-rest_target(${CMAKE_BINARY_DIR}/src base/logging.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/input.bif.bro)
-rest_target(${CMAKE_BINARY_DIR}/src base/reporter.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/logging.bif.bro)
-rest_target(${CMAKE_BINARY_DIR}/src base/strings.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_ARP.events.bif.bro)
-rest_target(${CMAKE_BINARY_DIR}/src base/types.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_AYIYA.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_BackDoor.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_BitTorrent.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_ConnSize.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_DCE_RPC.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_DHCP.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_DNS.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_FTP.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_FTP.functions.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_File.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_Finger.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_GTPv1.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_Gnutella.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_HTTP.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_HTTP.functions.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_ICMP.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_IRC.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_Ident.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_InterConn.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_Login.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_Login.functions.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_MIME.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_Modbus.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_NCP.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_NTP.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_NetBIOS.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_NetBIOS.functions.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_NetFlow.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_PIA.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_POP3.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_RPC.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_SMB.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_SMTP.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_SMTP.functions.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_SOCKS.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_SSH.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_SSL.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_SSL.functions.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_SteppingStone.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_Syslog.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_TCP.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_TCP.functions.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_Teredo.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_UDP.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/plugins/Bro_ZIP.events.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/reporter.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/strings.bif.bro)
+rest_target(${CMAKE_BINARY_DIR}/scripts base/bif/types.bif.bro)
+rest_target(${psd} base/frameworks/analyzer/main.bro)
 rest_target(${psd} base/frameworks/cluster/main.bro)
 rest_target(${psd} base/frameworks/cluster/nodes/manager.bro)
 rest_target(${psd} base/frameworks/cluster/nodes/proxy.bro)
@@ -146,7 +194,6 @@ rest_target(${psd} policy/frameworks/software/vulnerable.bro)
 rest_target(${psd} policy/integration/barnyard2/main.bro)
 rest_target(${psd} policy/integration/barnyard2/types.bro)
 rest_target(${psd} policy/integration/collective-intel/main.bro)
-rest_target(${psd} policy/misc/analysis-groups.bro)
 rest_target(${psd} policy/misc/app-metrics.bro)
 rest_target(${psd} policy/misc/capture-loss.bro)
 rest_target(${psd} policy/misc/detect-traceroute/main.bro)

scripts/base/protocols/ftp/main.bro

@@ -305,6 +305,8 @@ event ftp_reply(c: connection, code: count, msg: string, cont_resp: bool) &prior
 			c$ftp$passive=T;
 
 			if ( code == 229 && data$h == [::] )
+				data$h = c$id$resp_h;
+
 			add_expected_data_channel(c$ftp, [$passive=T, $orig_h=c$id$orig_h,
 			                          $resp_h=data$h, $resp_p=data$p]);
 			}

scripts/base/protocols/irc/dcc-send.bro

@@ -179,7 +179,7 @@ event irc_dcc_message(c: connection, is_orig: bool,
 	dcc_expected_transfers[address, p] = c$irc;
 	}
 
-event expected_connection_seen(c: connection, a: count) &priority=10
+event expected_connection_seen(c: connection, a: Analyzer::Tag) &priority=10
 	{
 	local id = c$id;
 	if ( [id$resp_h, id$resp_p] in dcc_expected_transfers )

scripts/test-all-policy.bro

@@ -31,7 +31,6 @@
 @load integration/barnyard2/types.bro
 @load integration/collective-intel/__load__.bro
 @load integration/collective-intel/main.bro
-@load misc/analysis-groups.bro
 @load misc/app-metrics.bro
 @load misc/capture-loss.bro
 @load misc/detect-traceroute/__load__.bro

src/AnalyzerTags.h

@@ -1,57 +0,0 @@
-#ifndef ANALYZERTAGS_H
-#define ANALYZERTAGS_H
-
-// Each kind of analyzer gets a tag. When adding an analyzer here, also adapt
-// the table of analyzers in Analyzer.cc.
-//
-// Using a namespace here is kind of a hack: ideally this would be in "class
-// Analyzer {...}". But then we'd have circular dependencies across the header
-// files.
-
-#include "util.h"
-
-typedef uint32 AnalyzerID;
-
-namespace AnalyzerTag {
-	enum Tag {
-		Error = 0,	// used as error code
-
-		// Analyzer in charge of protocol detection.
-		PIA_TCP, PIA_UDP,
-
-		// Transport-layer analyzers.
-		ICMP, TCP, UDP,
-
-		// Application-layer analyzers (hand-written).
-		BitTorrent, BitTorrentTracker,
-		DCE_RPC, DNS, Finger, FTP, Gnutella, HTTP, Ident, IRC,
-		Login, NCP, NetbiosSSN, NFS, NTP, POP3, Portmapper, Rlogin,
-		RPC, Rsh, SMB, SMTP, SSH,
-		Telnet,
-
-		// Application-layer analyzers, binpac-generated.
-		DHCP_BINPAC, DNS_TCP_BINPAC, DNS_UDP_BINPAC,
-		HTTP_BINPAC, SSL, SYSLOG_BINPAC,
-		Modbus,
-
-		// Decapsulation analyzers.
-		AYIYA,
-		SOCKS,
-		Teredo,
-		GTPv1,
-
-		// Other
-		File, IRC_Data, FTP_Data, Backdoor, InterConn, SteppingStone, TCPStats,
-		ConnSize,
-
-		// Support-analyzers
-		Contents, ContentLine, NVT, Zip, Contents_DNS, Contents_NCP,
-		Contents_NetbiosSSN, Contents_Rlogin, Contents_Rsh,
-		Contents_DCE_RPC, Contents_SMB, Contents_RPC, Contents_NFS,
-		FTP_ADAT,
-		// End-marker.
-		LastAnalyzer
-	};
-};
-
-#endif

src/analyzer/Tag.cc

@@ -6,6 +6,8 @@
 
 using namespace analyzer;
 
+Tag Tag::Error;
+
 Tag::Tag(type_t arg_type, subtype_t arg_subtype)
 	{
 	assert(arg_type > 0);

src/analyzer/Tag.h

@@ -115,6 +115,8 @@ public:
 		return type != other.type ? type < other.type : (subtype < other.subtype);
 		}
 
+	static Tag Error;
+
 protected:
 	friend class analyzer::Manager;
 	friend class analyzer::Component;

src/file_analysis/File.h

@@ -6,7 +6,6 @@
 #include <string>
 #include <vector>
 
-#include "AnalyzerTags.h"
 #include "Conn.h"
 #include "Val.h"
 #include "AnalyzerSet.h"
@@ -132,7 +131,7 @@ protected:
 	 * Constructor; only file_analysis::Manager should be creating these.
 	 */
 	File(const string& unique, Connection* conn = 0,
-	     analyzer::Tag tag = AnalyzerTag::Error, bool is_orig = false);
+	     analyzer::Tag tag = analyzer::Tag::Error, bool is_orig = false);
 
 	/**
 	 * Updates the "conn_ids" and "conn_uids" fields in #val record with the

src/file_analysis/Manager.h

@@ -134,7 +134,7 @@ protected:
 	 *         fields.
 	 */
 	File* GetFile(const string& unique, Connection* conn = 0,
-	              analyzer::Tag tag = AnalyzerTag::Error,
+	              analyzer::Tag tag = analyzer::Tag::Error,
 	              bool is_orig = false, bool update_conn = true);
 
 	/**

testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log

@@ -3,19 +3,19 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2013-05-15-23-01-21
+#open	2013-05-17-03-57-47
 #fields	name
 #types	string
 scripts/base/init-bare.bro
-  build/src/base/const.bif.bro
+  build/scripts/base/bif/const.bif.bro
-  build/src/base/types.bif.bro
+  build/scripts/base/bif/types.bif.bro
-  build/src/base/strings.bif.bro
+  build/scripts/base/bif/strings.bif.bro
-  build/src/base/bro.bif.bro
+  build/scripts/base/bif/bro.bif.bro
-  build/src/base/reporter.bif.bro
+  build/scripts/base/bif/reporter.bif.bro
-  build/src/base/event.bif.bro
+  build/scripts/base/bif/event.bif.bro
   scripts/base/frameworks/logging/__load__.bro
     scripts/base/frameworks/logging/main.bro
-      build/src/base/logging.bif.bro
+      build/scripts/base/bif/logging.bif.bro
     scripts/base/frameworks/logging/postprocessors/__load__.bro
       scripts/base/frameworks/logging/postprocessors/scp.bro
       scripts/base/frameworks/logging/postprocessors/sftp.bro
@@ -26,15 +26,65 @@ scripts/base/init-bare.bro
     scripts/base/frameworks/logging/writers/none.bro
   scripts/base/frameworks/input/__load__.bro
     scripts/base/frameworks/input/main.bro
-      build/src/base/input.bif.bro
+      build/scripts/base/bif/input.bif.bro
     scripts/base/frameworks/input/readers/ascii.bro
     scripts/base/frameworks/input/readers/raw.bro
     scripts/base/frameworks/input/readers/benchmark.bro
     scripts/base/frameworks/input/readers/binary.bro
     scripts/base/frameworks/input/readers/sqlite.bro
+  scripts/base/frameworks/analyzer/__load__.bro
+    scripts/base/frameworks/analyzer/main.bro
+      build/scripts/base/bif/analyzer.bif.bro
   scripts/base/frameworks/file-analysis/__load__.bro
     scripts/base/frameworks/file-analysis/main.bro
-      build/src/base/file_analysis.bif.bro
+      build/scripts/base/bif/file_analysis.bif.bro
+  build/scripts/base/bif/plugins/__load__.bro
+    build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_AYIYA.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_DNS.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_FTP.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_File.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Finger.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_HTTP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_ICMP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Login.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_NetFlow.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_PIA.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_ZIP.events.bif.bro
 scripts/policy/misc/loaded-scripts.bro
   scripts/base/utils/paths.bro
-#close	2013-05-15-23-01-21
+#close	2013-05-17-03-57-47

testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log

@@ -3,19 +3,19 @@
 #empty_field	(empty)
 #unset_field	-
 #path	loaded_scripts
-#open	2013-05-16-00-19-22
+#open	2013-05-17-03-58-48
 #fields	name
 #types	string
 scripts/base/init-bare.bro
-  build/src/base/const.bif.bro
+  build/scripts/base/bif/const.bif.bro
-  build/src/base/types.bif.bro
+  build/scripts/base/bif/types.bif.bro
-  build/src/base/strings.bif.bro
+  build/scripts/base/bif/strings.bif.bro
-  build/src/base/bro.bif.bro
+  build/scripts/base/bif/bro.bif.bro
-  build/src/base/reporter.bif.bro
+  build/scripts/base/bif/reporter.bif.bro
-  build/src/base/event.bif.bro
+  build/scripts/base/bif/event.bif.bro
   scripts/base/frameworks/logging/__load__.bro
     scripts/base/frameworks/logging/main.bro
-      build/src/base/logging.bif.bro
+      build/scripts/base/bif/logging.bif.bro
     scripts/base/frameworks/logging/postprocessors/__load__.bro
       scripts/base/frameworks/logging/postprocessors/scp.bro
       scripts/base/frameworks/logging/postprocessors/sftp.bro
@@ -26,15 +26,65 @@ scripts/base/init-bare.bro
     scripts/base/frameworks/logging/writers/none.bro
   scripts/base/frameworks/input/__load__.bro
     scripts/base/frameworks/input/main.bro
-      build/src/base/input.bif.bro
+      build/scripts/base/bif/input.bif.bro
     scripts/base/frameworks/input/readers/ascii.bro
     scripts/base/frameworks/input/readers/raw.bro
     scripts/base/frameworks/input/readers/benchmark.bro
     scripts/base/frameworks/input/readers/binary.bro
     scripts/base/frameworks/input/readers/sqlite.bro
+  scripts/base/frameworks/analyzer/__load__.bro
+    scripts/base/frameworks/analyzer/main.bro
+      build/scripts/base/bif/analyzer.bif.bro
   scripts/base/frameworks/file-analysis/__load__.bro
     scripts/base/frameworks/file-analysis/main.bro
-      build/src/base/file_analysis.bif.bro
+      build/scripts/base/bif/file_analysis.bif.bro
+  build/scripts/base/bif/plugins/__load__.bro
+    build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_AYIYA.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_DNS.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_FTP.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_File.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Finger.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_HTTP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_ICMP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Login.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_NetFlow.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_PIA.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro
+    build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro
+    build/scripts/base/bif/plugins/Bro_ZIP.events.bif.bro
 scripts/base/init-default.bro
   scripts/base/utils/site.bro
     scripts/base/utils/patterns.bro
@@ -141,4 +191,4 @@ scripts/base/init-default.bro
     scripts/base/protocols/syslog/main.bro
   scripts/base/misc/find-checksum-offloading.bro
 scripts/policy/misc/loaded-scripts.bro
-#close	2013-05-16-00-19-22
+#close	2013-05-17-03-58-48

testing/btest/Baseline/doc.autogen-reST-example/example.rst

@@ -109,17 +109,6 @@ Notices
 
 Configuration Changes
 #####################
-Port Analysis
-^^^^^^^^^^^^^
-Loading this script makes the following changes to :bro:see:`dpd_config`.
-
-SSL::
-
-    [ports={
-        443/tcp,
-        562/tcp
-    }]
-
 Packet Filter
 ^^^^^^^^^^^^^
 Loading this script makes the following changes to :bro:see:`capture_filters`.

testing/btest/Baseline/scripts.base.frameworks.file-analysis.ftp/out

@@ -1,11 +1,11 @@
 FILE_NEW
-sidhzrR4IT8, 0, 0
+5LcdtqrLA97, 0, 0
 FILE_BOF_BUFFER
 The Nationa
 MIME_TYPE
 text/x-pascal
 FILE_STATE_REMOVE
-sidhzrR4IT8, 16557, 0
+5LcdtqrLA97, 16557, 0
 [orig_h=141.142.228.5, orig_p=50737/tcp, resp_h=141.142.192.162, resp_p=38141/tcp]
 source: FTP_DATA
 MD5: 7192a8075196267203adb3dfaa5c908d

testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.size

@@ -1 +1 @@
-555523 7gZBKVUgy4l-file0
+555523 file-0

testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out

@@ -1,19 +1,19 @@
 FILE_NEW
-oDwT1BbzjM1, 0, 0
+Cvu8OAp0WEd, 0, 0
 MIME_TYPE
 application/x-dosexec
 FILE_STATE_REMOVE
-oDwT1BbzjM1, 1022920, 0
+Cvu8OAp0WEd, 1022920, 0
 [orig_h=192.168.72.14, orig_p=3254/tcp, resp_h=65.54.95.206, resp_p=80/tcp]
 total bytes: 1022920
 source: HTTP
 FILE_NEW
-oDwT1BbzjM1, 0, 0
+Cvu8OAp0WEd, 0, 0
 MIME_TYPE
 application/octet-stream
 FILE_TIMEOUT
 FILE_STATE_REMOVE
-oDwT1BbzjM1, 206024, 0
+Cvu8OAp0WEd, 206024, 0
 [orig_h=192.168.72.14, orig_p=3257/tcp, resp_h=65.54.95.14, resp_p=80/tcp]
 total bytes: 1022920
 source: HTTP

testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.size

@@ -1 +1 @@
-1022920 oDwT1BbzjM1-file0
+1022920 file-0

testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out

@@ -1,10 +1,10 @@
 FILE_NEW
-uHS14uhRKGe, 0, 0
+me4WAjZH0Ik, 0, 0
 MIME_TYPE
 application/octet-stream
 FILE_OVER_NEW_CONNECTION
 FILE_STATE_REMOVE
-uHS14uhRKGe, 498702, 0
+me4WAjZH0Ik, 498702, 0
 [orig_h=10.45.179.94, orig_p=19950/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
 [orig_h=10.45.179.94, orig_p=19953/tcp, resp_h=129.174.93.170, resp_p=80/tcp]
 total bytes: 498668

testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.size

@@ -1 +1 @@
-498668 uHS14uhRKGe-file0
+498668 file-0

testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp.log

@@ -3,19 +3,19 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ftp
-#open	2013-04-12-16-32-25
+#open	2013-05-18-00-48-19
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	user	password	command	arg	mime_type	file_size	reply_code	reply_msg	tags	data_channel.passive	data_channel.orig_h	data_channel.resp_h	data_channel.resp_p	extraction_file
 #types	time	string	addr	port	addr	port	string	string	string	string	string	count	count	string	table[string]	bool	addr	addr	port	string
 1329843175.680248	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	PASV	-	-	-	227	Entering Passive Mode (199,233,217,249,221,90)	(empty)	T	141.142.220.235	199.233.217.249	56666	-
 1329843175.791528	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	LIST	-	-	-	226	Transfer complete.	(empty)	-	-	-	-	-
 1329843179.815947	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	PASV	-	-	-	227	Entering Passive Mode (199,233,217,249,221,91)	(empty)	T	141.142.220.235	199.233.217.249	56667	-
-1329843193.984222	arKYeMETxOg	141.142.220.235	37604	199.233.217.249	56666	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-Rqjkzoroau4-0.dat
+1329843193.984222	arKYeMETxOg	141.142.220.235	37604	199.233.217.249	56666	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-pVhQhhFsB2b-0.dat
-1329843193.984222	k6kgXLOoSKl	141.142.220.235	59378	199.233.217.249	56667	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-BTsa70Ua9x7-1.dat
+1329843193.984222	k6kgXLOoSKl	141.142.220.235	59378	199.233.217.249	56667	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-fFCPkV1sEsc-1.dat
 1329843179.926563	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	RETR	ftp://199.233.217.249/./robots.txt	text/plain	77	226	Transfer complete.	(empty)	-	-	-	-	-
 1329843194.040188	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	PORT	141,142,220,235,131,46	-	-	200	PORT command successful.	(empty)	F	199.233.217.249	141.142.220.235	33582	-
 1329843194.095782	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	LIST	-	-	-	226	Transfer complete.	(empty)	-	-	-	-	-
 1329843197.672179	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	PORT	141,142,220,235,147,203	-	-	200	PORT command successful.	(empty)	F	199.233.217.249	141.142.220.235	37835	-
-1329843199.968212	nQcgTWjvg4c	199.233.217.249	61920	141.142.220.235	33582	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-VLQvJybrm38-2.dat
+1329843199.968212	nQcgTWjvg4c	199.233.217.249	61920	141.142.220.235	33582	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-g3zS3MuJFh-2.dat
 1329843197.727769	UWkUyAuUGXf	141.142.220.235	50003	199.233.217.249	21	anonymous	test	RETR	ftp://199.233.217.249/./robots.txt	text/plain	77	226	Transfer complete.	(empty)	-	-	-	-	-
-1329843200.079930	j4u32Pc5bif	199.233.217.249	61918	141.142.220.235	37835	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-zrfwSs9K1yk-3.dat
+1329843200.079930	j4u32Pc5bif	199.233.217.249	61918	141.142.220.235	37835	<ftp-data>	-	-	-	-	-	-	-	(empty)	-	-	-	-	ftp-item-lMf4UWRkEO5-3.dat
-#close	2013-04-12-16-32-25
+#close	2013-05-18-00-48-19

testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2013-03-22-14-38-28
+#open	2013-05-17-23-19-09
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	string
-1128727435.634189	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	http-item-BFymS6bFgT3-0.dat
+1128727435.634189	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	1	GET	www.icir.org	/	-	Wget/1.10	0	9130	200	OK	-	-	-	(empty)	-	-	-	text/html	-	http-item-54zlJFqn0x6-0.dat
-#close	2013-03-22-14-38-28
+#close	2013-05-17-23-19-09

testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log

@@ -3,11 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	irc
-#open	2013-03-27-18-49-16
+#open	2013-05-17-23-19-21
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	nick	user	command	value	addl	dcc_file_name	dcc_file_size	dcc_mime_type	extraction_file
 #types	time	string	addr	port	addr	port	string	string	string	string	string	string	count	string	string
 1311189164.119437	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	-	-	NICK	bloed	-	-	-	-	-
 1311189164.119437	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	-	USER	sdkfje	sdkfje Montreal.QC.CA.Undernet.org dkdkrwq	-	-	-	-
 1311189174.474127	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	sdkfje	JOIN	#easymovies	(empty)	-	-	-	-
-1311189316.326025	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	sdkfje	DCC	#easymovies	(empty)	ladyvampress-default(2011-07-07)-OS.zip	42208	FAKE_MIME	irc-dcc-item-wqKMAamJVSb-0.dat
+1311189316.326025	UWkUyAuUGXf	192.168.1.77	57640	66.198.80.67	6667	bloed	sdkfje	DCC	#easymovies	(empty)	ladyvampress-default(2011-07-07)-OS.zip	42208	FAKE_MIME	irc-dcc-item-A3OSdqG9zvk-0.dat
-#close	2013-03-27-18-49-16
+#close	2013-05-17-23-19-21

testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log

@@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	smtp_entities
-#open	2013-03-26-20-43-14
+#open	2013-05-17-23-19-41
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	filename	content_len	mime_type	md5	extraction_file	excerpt
 #types	time	string	addr	port	addr	port	count	string	count	string	string	string	string
-1254722770.692743	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	-	79	text/plain	-	smtp-entity-cwR7l6Zctxb-0.dat	(empty)
+1254722770.692743	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	-	79	text/plain	-	smtp-entity-mR3f2AAKo11-0.dat	(empty)
 1254722770.692743	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	-	1918	text/html	-	-	(empty)
-1254722770.692804	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	NEWS.txt	10823	text/plain	-	smtp-entity-Ltd7QO7jEv3-1.dat	(empty)
+1254722770.692804	arKYeMETxOg	10.10.1.4	1470	74.53.140.153	25	1	NEWS.txt	10823	text/plain	-	smtp-entity-ZNp0KBSLByc-1.dat	(empty)
-#close	2013-03-26-20-43-14
+#close	2013-05-17-23-19-41

testing/btest/core/tunnels/teredo-known-services.test

@@ -1,6 +1,6 @@
-# @TEST-EXEC: bro -b -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd protocols/conn/known-services Tunnel::delay_teredo_confirmation=T "Site::local_nets+={192.168.1.0/24}"
+# @TEST-EXEC: bro -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd protocols/conn/known-services Tunnel::delay_teredo_confirmation=T "Site::local_nets+={192.168.1.0/24}"
 # @TEST-EXEC: test ! -e known_services.log
-# @TEST-EXEC: bro -b -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd protocols/conn/known-services Tunnel::delay_teredo_confirmation=F "Site::local_nets+={192.168.1.0/24}"
+# @TEST-EXEC: bro -r $TRACES/tunnels/false-teredo.pcap base/frameworks/dpd protocols/conn/known-services Tunnel::delay_teredo_confirmation=F "Site::local_nets+={192.168.1.0/24}"
 # @TEST-EXEC: btest-diff known_services.log
 
 # The first case using Tunnel::delay_teredo_confirmation=T doesn't produce

testing/btest/scripts/base/frameworks/file-analysis/http/get.bro

@@ -1,13 +1,15 @@
-# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT >get.out
+# @TEST-EXEC: bro -r $TRACES/http/get.trace $SCRIPTS/file-analysis-test.bro %INPUT c=1 >get.out
-# @TEST-EXEC: bro -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.bro %INPUT >get-gzip.out
+# @TEST-EXEC: bro -r $TRACES/http/get-gzip.trace $SCRIPTS/file-analysis-test.bro %INPUT c=2 >get-gzip.out
 # @TEST-EXEC: btest-diff get.out
 # @TEST-EXEC: btest-diff get-gzip.out
-# @TEST-EXEC: btest-diff Cx92a0ym5R8-file
+# @TEST-EXEC: btest-diff 1-file
-# @TEST-EXEC: btest-diff kg59rqyYxN-file
+# @TEST-EXEC: btest-diff 2-file
 
 redef test_file_analysis_source = "HTTP";
 
+global c = 0 &redef;
+
 redef test_get_file_name = function(f: fa_file): string
 	{
-	return fmt("%s-file", f$id);
+	return fmt("%d-file", c);
 	};

testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.bro

@@ -1,16 +1,16 @@
 # @TEST-EXEC: bro -r $TRACES/http/206_example_a.pcap $SCRIPTS/file-analysis-test.bro %INPUT >a.out
 # @TEST-EXEC: btest-diff a.out
-# @TEST-EXEC: wc -c 7gZBKVUgy4l-file0 | sed 's/^[ \t]* //g' >a.size
+# @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >a.size
 # @TEST-EXEC: btest-diff a.size
 
 # @TEST-EXEC: bro -r $TRACES/http/206_example_b.pcap $SCRIPTS/file-analysis-test.bro %INPUT >b.out
 # @TEST-EXEC: btest-diff b.out
-# @TEST-EXEC: wc -c oDwT1BbzjM1-file0 | sed 's/^[ \t]* //g' >b.size
+# @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >b.size
 # @TEST-EXEC: btest-diff b.size
 
 # @TEST-EXEC: bro -r $TRACES/http/206_example_c.pcap $SCRIPTS/file-analysis-test.bro %INPUT >c.out
 # @TEST-EXEC: btest-diff c.out
-# @TEST-EXEC: wc -c uHS14uhRKGe-file0 | sed 's/^[ \t]* //g' >c.size
+# @TEST-EXEC: wc -c file-0 | sed 's/^[ \t]* //g' >c.size
 # @TEST-EXEC: btest-diff c.size
 
 global cnt: count = 0;
@@ -19,7 +19,7 @@ redef test_file_analysis_source = "HTTP";
 
 redef test_get_file_name = function(f: fa_file): string
 	{
-	local rval: string = fmt("%s-file%d", f$id, cnt);
+	local rval: string = fmt("file-%d", cnt);
 	++cnt;
 	return rval;
 	};

testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.bro

@@ -1,14 +1,16 @@
 # @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace $SCRIPTS/file-analysis-test.bro %INPUT >out
 # @TEST-EXEC: btest-diff out
-# @TEST-EXEC: btest-diff aFQKI8SPOL2-file
+# @TEST-EXEC: btest-diff 1-file
-# @TEST-EXEC: btest-diff CCU3vUEr06l-file
+# @TEST-EXEC: btest-diff 2-file
-# @TEST-EXEC: btest-diff HCzA0dVwDPj-file
+# @TEST-EXEC: btest-diff 3-file
-# @TEST-EXEC: btest-diff a1Zu1fteVEf-file
+# @TEST-EXEC: btest-diff 4-file
-# @TEST-EXEC: btest-diff xXlF7wFdsR-file
+# @TEST-EXEC: btest-diff 5-file
 
 redef test_file_analysis_source = "HTTP";
 
+global c = 0;
+
 redef test_get_file_name = function(f: fa_file): string
 	{
-	return fmt("%s-file", f$id);
+	return fmt("%d-file", ++c);
 	};

testing/btest/scripts/base/frameworks/file-analysis/http/post.bro

@@ -1,11 +1,13 @@
 # @TEST-EXEC: bro -r $TRACES/http/post.trace $SCRIPTS/file-analysis-test.bro %INPUT >out
 # @TEST-EXEC: btest-diff out
-# @TEST-EXEC: btest-diff v5HLI7MxPQh-file
+# @TEST-EXEC: btest-diff 1-file
-# @TEST-EXEC: btest-diff PZS1XGHkIf1-file
+# @TEST-EXEC: btest-diff 2-file
 
 redef test_file_analysis_source = "HTTP";
 
+global c = 0;
+
 redef test_get_file_name = function(f: fa_file): string
 	{
-	return fmt("%s-file", f$id);
+	return fmt("%d-file", ++c);
 	};

testing/btest/scripts/base/protocols/ftp/ftp-extract.bro

@@ -3,10 +3,14 @@
 # @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff ftp.log
-# @TEST-EXEC: btest-diff ftp-item-Rqjkzoroau4-0.dat
+# @TEST-EXEC: mv ftp-item-*-0.dat ftp-item-0.dat
-# @TEST-EXEC: btest-diff ftp-item-BTsa70Ua9x7-1.dat
+# @TEST-EXEC: mv ftp-item-*-1.dat ftp-item-1.dat
-# @TEST-EXEC: btest-diff ftp-item-VLQvJybrm38-2.dat
+# @TEST-EXEC: mv ftp-item-*-2.dat ftp-item-2.dat
-# @TEST-EXEC: btest-diff ftp-item-zrfwSs9K1yk-3.dat
+# @TEST-EXEC: mv ftp-item-*-3.dat ftp-item-3.dat
+# @TEST-EXEC: btest-diff ftp-item-0.dat
+# @TEST-EXEC: btest-diff ftp-item-1.dat
+# @TEST-EXEC: btest-diff ftp-item-2.dat
+# @TEST-EXEC: btest-diff ftp-item-3.dat
 
 redef FTP::logged_commands += {"LIST"};
 redef FTP::extract_file_types=/.*/;

testing/btest/scripts/base/protocols/http/http-extract-files.bro

@@ -1,5 +1,6 @@
 # @TEST-EXEC: bro -C -r $TRACES/web.trace %INPUT
 # @TEST-EXEC: btest-diff http.log
-# @TEST-EXEC: btest-diff http-item-BFymS6bFgT3-0.dat
+# @TEST-EXEC: mv http-item-*.dat http-item.dat
+# @TEST-EXEC: btest-diff http-item.dat
 
 redef HTTP::extract_file_types += /text\/html/;

testing/btest/scripts/base/protocols/irc/dcc-extract.test

@@ -4,9 +4,10 @@
 
 # @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT
 # @TEST-EXEC: btest-diff irc.log
-# @TEST-EXEC: btest-diff irc-dcc-item-wqKMAamJVSb-0.dat
+# @TEST-EXEC: mv irc-dcc-item-*-0.dat irc-dcc-item.dat
+# @TEST-EXEC: btest-diff irc-dcc-item.dat
 # @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT IRC::extraction_prefix="test"
-# @TEST-EXEC: test -e test-wqKMAamJVSb-0.dat
+# @TEST-EXEC: test -e test-*-0.dat
 
 redef IRC::extract_file_types=/.*/;
 

testing/btest/scripts/base/protocols/smtp/mime-extract.test

@@ -1,10 +1,12 @@
 # @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
 # @TEST-EXEC: btest-diff smtp_entities.log
-# @TEST-EXEC: btest-diff smtp-entity-cwR7l6Zctxb-0.dat
+# @TEST-EXEC: mv smtp-entity-*-0.dat smtp-entity-0.dat
-# @TEST-EXEC: btest-diff smtp-entity-Ltd7QO7jEv3-1.dat
+# @TEST-EXEC: mv smtp-entity-*-1.dat smtp-entity-1.dat
+# @TEST-EXEC: btest-diff smtp-entity-0.dat
+# @TEST-EXEC: btest-diff smtp-entity-1.dat
 # @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT SMTP::extraction_prefix="test"
-# @TEST-EXEC: test -e test-cwR7l6Zctxb-0.dat
+# @TEST-EXEC: test -e test-*-0.dat
-# @TEST-EXEC: test -e test-Ltd7QO7jEv3-1.dat
+# @TEST-EXEC: test -e test-*-1.dat
 
 @load base/protocols/smtp