Merge remote-tracking branch 'origin/topic/johanna/bit-1612'

Addig a new random seed for external tests. I added a wrapper around the siphash() function to make calling it a little bit safer at least. BIT-1612 #merged * origin/topic/johanna/bit-1612: HLL: Fix missing typecast in test case. Remove the -K/-J options for setting keys. Add test checking the quality of HLL by adding a lot of elements. Fix serializing probabilistic hashers. Baseline updates after hash function change. Also switch BloomFilters from H3 to siphash. Change Hashing from H3 to Siphash. HLL: Remove unnecessary comparison. Hyperloglog: change calculation of Rho
2025-10-06 00:28:21 +00:00 · 2016-07-14 16:00:03 -07:00 · 2016-07-14 16:00:03 -07:00 · 4d84ee82da
commit 4d84ee82da
parent 1ba33bf66e 4252c003d0
347 changed files with 26269 additions and 26053 deletions
--- a/15
+++ b/15
@ -1,4 +1,19 @@
 2.4-705 | 2016-07-14 16:15:48 -0700
  * Change Bro's hashing for short inputs and Bloomfilters from H3 to
    Siphash, which produces much better results for HLL in particular.
    (Johanna Amann)
  * Fix a long-standing bug which truncated hash values to 32-bit on
    most machines. (Johanna Amann)
  * Fixes to HLL. Addresses BIT-1612. (Johanna Amann)
  * Add test checking the quality of HLL. (Johanna Amann)
  * Remove the -K/-J options for setting keys. (Johanna Amann)
 2.4-693 | 2016-07-12 11:29:17 -0700
  * Change TCP analysis to process connections without the initial SYN as
--- a/3
+++ b/3
@ -185,6 +185,9 @@ Removed Functionality
    - The event ack_above_hole() has been removed, as it was a subset
      of content_gap() and led to plenty noise.
    - The command line options --set-seed and --md5-hashkey have been
      removed.
 Deprecated Functionality
 ------------------------
--- a/2
+++ b/2
@ -1 +1 @@
-2.4-693
+2.4-705
--- a/doc/logs/index.rst
+++ b/doc/logs/index.rst
@ -244,7 +244,7 @@ crossreference that with the UIDs in the ``http.log`` file.
 .. btest:: using_bro
-   @TEST-EXEC: btest-rst-cmd "cat http.log | bro-cut uid id.resp_h method status_code host uri | grep VW0XPVINV8a"
+   @TEST-EXEC: btest-rst-cmd "cat http.log | bro-cut uid id.resp_h method status_code host uri | grep UM0KZ3MLUfNB0cl11"
 As you can see there are two HTTP ``GET`` requests within the
 session that Bro identified and logged.  Given that HTTP is a stream
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -348,6 +348,7 @@ set(bro_SRCS
    PacketDumper.cc
    strsep.c
    modp_numtoa.c
    siphash24.c
    threading/BasicThread.cc
    threading/Formatter.cc
--- a/src/H3.h
+++ b/src/H3.h
@ -1,143 +0,0 @@
 // Copyright 2004, 2005
 // The Regents of the University of California
 // All Rights Reserved
 // 
 // Permission to use, copy, modify and distribute any part of this
 // h3.h file, without fee, and without a written agreement is hereby
 // granted, provided that the above copyright notice, this paragraph
 // and the following paragraphs appear in all copies.
 // 
 // IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY
 // PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL
 // DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS
 // SOFTWARE, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF
 // THE POSSIBILITY OF SUCH DAMAGE.
 // 
 // THE SOFTWARE PROVIDED HEREIN IS ON AN "AS IS" BASIS, AND THE
 // UNIVERSITY OF CALIFORNIA HAS NO OBLIGATION TO PROVIDE MAINTENANCE,
 // SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. THE UNIVERSITY
 // OF CALIFORNIA MAKES NO REPRESENTATIONS AND EXTENDS NO WARRANTIES
 // OF ANY KIND, EITHER IMPLIED OR EXPRESS, INCLUDING, BUT NOT LIMITED
 // TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
 // PARTICULAR PURPOSE, OR THAT THE USE OF THE SOFTWARE WILL NOT INFRINGE
 // ANY PATENT, TRADEMARK OR OTHER RIGHTS.
 // 
 // The h3.h file is developed by the CoralReef development team at the
 // University of California, San Diego under the Cooperative Association
 // for Internet Data Analysis (CAIDA) Program.  Support for this effort was
 // provided by the CAIDA grant NCR-9711092, DARPA NGI Contract
 // N66001-98-2-8922, DARPA NMS Grant N66001-01-1-8909, NSF Grant ANI-013710
 // and by CAIDA members.
 // 
 // Report bugs and suggestions to coral-bugs@caida.org.
 // H3 hash function family
 // C++ template implementation by Ken Keys (kkeys@caida.org)
 //
 // Usage:
 //    #include <h3.h>
 //    const H3<T, N> h;
 //    T hashval = h(data, size [, offset]);
 // (T) is the type to be returned by the hash function; must be an integral
 //     type, e.g. uint32_t.
 // (N) is the size of the data in bytes (if data is a struct, beware of
 //     padding).
 // The hash function hashes the (size) bytes of the data pointed to by (data),
 //     starting at (offset).  Note: offset affects the hash value, so
 //     h(data, size, offset) is not the same as h(data+offset, size, 0).
 //     Typically (size) is N and (offset) is 0, but other values can be used to
 //     hash a substring of the data.  Hashes of substrings can be bitwise-XOR'ed
 //     together to get the same result as hashing the full string.
 // Any number of hash functions can be created by creating new instances of H3,
 //     with the same or different template parameters.  The hash function
 //     constructor takes a seed as argument which defaults to a call to
 //     bro_random().
 #ifndef H3_H
 #define H3_H
 #include <climits>
 #include <cstring>
 // The number of values representable by a byte.
 #define H3_BYTE_RANGE (UCHAR_MAX+1)
 template <typename T, int N>
 class H3 {
 public:
 	H3()
 		{
 		Init(false, 0);
 		}
 	H3(T seed)
 		{
 		Init(true, seed);
 		}
 	void Init(bool have_seed, T seed)
 		{
 		T bit_lookup[N * CHAR_BIT];
 		for ( size_t bit = 0; bit < N * CHAR_BIT; bit++ )
 			{
 			bit_lookup[bit] = 0;
 			for ( size_t i = 0; i < sizeof(T)/2; i++ )
 				{
 				seed = have_seed ? bro_prng(seed) : bro_random();
 				// assume random() returns at least 16 random bits
 				bit_lookup[bit] = (bit_lookup[bit] << 16) | (seed & 0xFFFF);
 				}
 			}
 		for ( size_t byte = 0; byte < N; byte++ )
 			{
 			for ( unsigned val = 0; val < H3_BYTE_RANGE; val++ )
 				{
 				byte_lookup[byte][val] = 0;
 				for ( size_t bit = 0; bit < CHAR_BIT; bit++ )
 					// Does this mean byte_lookup[*][0] == 0? -RP
 					if (val & (1 << bit))
 						byte_lookup[byte][val] ^= bit_lookup[byte*CHAR_BIT+bit];
 				}
 			}
 		}
 	T operator()(const void* data, size_t size, size_t offset = 0) const
 		{
 		const unsigned char *p = static_cast<const unsigned char*>(data);
 		T result = 0;
 		// loop optmized with Duff's Device
 		unsigned n = (size + 7) / 8;
 		switch ( size % 8 ) {
 		case 0: do { result ^= byte_lookup[offset++][*p++];
 		case 7:      result ^= byte_lookup[offset++][*p++];
 		case 6:      result ^= byte_lookup[offset++][*p++];
 		case 5:      result ^= byte_lookup[offset++][*p++];
 		case 4:      result ^= byte_lookup[offset++][*p++];
 		case 3:      result ^= byte_lookup[offset++][*p++];
 		case 2:      result ^= byte_lookup[offset++][*p++];
 		case 1:      result ^= byte_lookup[offset++][*p++];
 				} while ( --n > 0 );
 			}
 		return result;
 		}
 	friend bool operator==(const H3& x, const H3& y)
 		{
 		return ! std::memcmp(x.byte_lookup, y.byte_lookup, N * H3_BYTE_RANGE);
 		}
 	friend bool operator!=(const H3& x, const H3& y)
 		{
 		return ! (x == y);
 		}
 private:
 	T byte_lookup[N][H3_BYTE_RANGE];
 };
 #endif //H3_H
--- a/src/Hash.cc
+++ b/src/Hash.cc
@ -18,15 +18,15 @@
 #include "bro-config.h"
 #include "Hash.h"
 #include "Reporter.h"
-#include "H3.h"
+#include "siphash24.h"
 const H3<hash_t, UHASH_KEY_SIZE>* h3;
 void init_hash_function()
 	{
 	// Make sure we have already called init_random_seed().
-	ASSERT(hmac_key_set);
+	if ( ! (hmac_key_set && siphash_key_set) )
-	h3 = new H3<hash_t, UHASH_KEY_SIZE>();
+		reporter->InternalError("Bro's hash functions aren't fully initialized");
 	}
 HashKey::HashKey(bro_int_t i)
@ -166,12 +166,14 @@ hash_t HashKey::HashBytes(const void* bytes, int size)
 	{
 	if ( size <= UHASH_KEY_SIZE )
 		{
-		// H3 doesn't check if size is zero
+		hash_t digest;
-		return ( size == 0 ) ? 0 : (*h3)(bytes, size);
+		siphash(&digest, (const uint8_t *)bytes, size, shared_siphash_key);
 		return digest;
 		}
 	// Fall back to HMAC/MD5 for longer data (which is usually rare).
-	hash_t digest[16];
+	assert(sizeof(hash_t) == 8);
 	hash_t digest[2]; // 2x hash_t (uint64) = 128 bits = 32 hex chars = sizeof md5
 	hmac_md5(size, (const unsigned char*) bytes, (unsigned char*) digest);
 	return digest[0];
 	}
--- a/src/Hash.h
+++ b/src/Hash.h
@ -81,7 +81,8 @@ protected:
 	void* key;
 	int is_our_dynamic;
-	int size, hash;
+	int size;
 	hash_t hash;
 };
 extern void init_hash_function();
--- a/src/main.cc
+++ b/src/main.cc
@ -190,8 +190,6 @@ void usage()
 	fprintf(stderr, "    -G|--load-seeds <file>         | load seeds from given file\n");
 	fprintf(stderr, "    -H|--save-seeds <file>         | save seeds to given file\n");
 	fprintf(stderr, "    -I|--print-id <ID name>        | print out given ID\n");
 	fprintf(stderr, "    -J|--set-seed <seed>           | set the random number seed\n");
 	fprintf(stderr, "    -K|--md5-hashkey <hashkey>     | set key for MD5-keyed hashing\n");
 	fprintf(stderr, "    -N|--print-plugins             | print available plugins and exit (-NN for verbose)\n");
 	fprintf(stderr, "    -P|--prime-dns                 | prime DNS\n");
 	fprintf(stderr, "    -Q|--time                      | print execution time summary to stderr\n");
@ -459,7 +457,6 @@ int main(int argc, char** argv)
 	char* debug_streams = 0;
 	int parse_only = false;
 	int bare_mode = false;
 	int seed = 0;
 	int dump_cfg = false;
 	int to_xml = 0;
 	int do_watchdog = 0;
@ -491,8 +488,6 @@ int main(int argc, char** argv)
 		{"force-dns",		no_argument,		0,	'F'},
 		{"load-seeds",		required_argument,	0,	'G'},
 		{"save-seeds",		required_argument,	0,	'H'},
 		{"set-seed",		required_argument,	0,	'J'},
 		{"md5-hashkey",		required_argument,	0,	'K'},
 		{"print-plugins",	no_argument,		0,	'N'},
 		{"prime-dns",		no_argument,		0,	'P'},
 		{"time",		no_argument,		0,	'Q'},
@ -546,7 +541,7 @@ int main(int argc, char** argv)
 	opterr = 0;
 	char opts[256];
-	safe_strncpy(opts, "B:e:f:G:H:I:i:J:K:n:p:R:r:s:T:t:U:w:x:X:z:CFNPQSWabdghv",
+	safe_strncpy(opts, "B:e:f:G:H:I:i:n:p:R:r:s:T:t:U:w:x:X:z:CFNPQSWabdghv",
 		     sizeof(opts));
 #ifdef USE_PERFTOOLS_DEBUG
@ -661,15 +656,6 @@ int main(int argc, char** argv)
 			id_name = optarg;
 			break;
 		case 'J':
 			seed = atoi(optarg);
 			break;
 		case 'K':
 			MD5((const u_char*) optarg, strlen(optarg), shared_hmac_md5_key);
 			hmac_key_set = 1;
 			break;
 		case 'N':
 			++print_plugins;
 			break;
@ -760,7 +746,7 @@ int main(int argc, char** argv)
 		}
 #endif
-	init_random_seed(seed, (seed_load_file && *seed_load_file ? seed_load_file : 0) , seed_save_file);
+	init_random_seed((seed_load_file && *seed_load_file ? seed_load_file : 0) , seed_save_file);
 	// DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key));
 	init_hash_function();
--- a/src/probabilistic/CardinalityCounter.cc
+++ b/src/probabilistic/CardinalityCounter.cc
@ -28,10 +28,9 @@ int CardinalityCounter::OptimalB(double error, double confidence) const
 	return answer;
 	}
-void CardinalityCounter::Init(uint64 size)
+void CardinalityCounter::Init(uint64_t size)
 	{
 	m = size;
 	buckets = new uint8_t[m];
 	// The following magic values are taken directly out of the
 	// description of the HyperLogLog algorithn.
@ -51,60 +50,83 @@ void CardinalityCounter::Init(uint64 size)
 	else
 		reporter->InternalError("Invalid size %" PRIu64 ". Size either has to be 16, 32, 64 or bigger than 128", size);
-	for ( uint64 i = 0; i < m; i++ )
+	double calc_p = log2(m);
-		buckets[i] = 0;
+	if ( trunc(calc_p) != calc_p )
 		reporter->InternalError("Invalid size %" PRIu64 ". Size either has to be a power of 2", size);
 	p = calc_p;
 	buckets.reserve(m);
 	for ( uint64_t i = 0; i < m; i++ )
 		buckets.push_back(0);
 	assert(buckets.size() == m);
 	V = m;
 	}
 CardinalityCounter::CardinalityCounter(CardinalityCounter& other)
 	: buckets(other.buckets)
 	{
-	Init(other.GetM());
+	V = other.V;
-	Merge(&other);
+	alpha_m = other.alpha_m;
 	m = other.m;
 	p = other.p;
 	}
 CardinalityCounter::CardinalityCounter(CardinalityCounter&& o)
 	{
 	V = o.V;
 	alpha_m = o.alpha_m;
 	m = o.m;
 	p = o.p;
 	o.m = 0;
 	buckets = std::move(o.buckets);
 	}
 CardinalityCounter::CardinalityCounter(double error_margin, double confidence)
 	{
 	int b = OptimalB(error_margin, confidence);
 	Init((uint64) pow(2, b));
 	assert(b == p);
 	}
-CardinalityCounter::CardinalityCounter(uint64 size)
+CardinalityCounter::CardinalityCounter(uint64_t size)
 	{
 	Init(size);
 	}
-CardinalityCounter::CardinalityCounter(uint64 arg_size, uint64 arg_V, double arg_alpha_m)
+CardinalityCounter::CardinalityCounter(uint64_t arg_size, uint64_t arg_V, double arg_alpha_m)
 	{
 	m = arg_size;
-	buckets = new uint8_t[m];
+
 	buckets.reserve(m);
 	for ( uint64_t i = 0; i < m; i++ )
 		buckets.push_back(0);
 	alpha_m = arg_alpha_m;
 	V = arg_V;
 	p = log2(m);
 	}
 CardinalityCounter::~CardinalityCounter()
 	{
 	delete [] buckets;
 	}
-uint8_t CardinalityCounter::Rank(uint64 hash_modified) const
+uint8_t CardinalityCounter::Rank(uint64_t hash_modified) const
 	{
-	uint8_t answer = 0;
+	hash_modified = hash_modified >> p;
-
+	int answer = 64 - p - CardinalityCounter::flsll(hash_modified) + 1;
-	hash_modified = (uint64)(hash_modified / m);
+	assert(answer > 0 && answer < 64);
 	hash_modified *= 2;
 	do {
 		hash_modified = (uint64)(hash_modified / 2);
 		answer++;
 	} while ( hash_modified % 2 == 0);
 	return answer;
 	}
-void CardinalityCounter::AddElement(uint64 hash)
+void CardinalityCounter::AddElement(uint64_t hash)
 	{
-	uint64 index = hash % m;
+	uint64_t index = hash % m;
 	hash = hash-index;
 	if( buckets[index] == 0 )
@ -149,7 +171,7 @@ bool CardinalityCounter::Merge(CardinalityCounter* c)
 	if ( m != c->GetM() )
 		return false;
-	uint8_t* temp = c->GetBuckets();
+	const vector<uint8_t> temp = c->GetBuckets();
 	V = 0;
@ -165,12 +187,12 @@ bool CardinalityCounter::Merge(CardinalityCounter* c)
 	return true;
 	}
-uint8_t* CardinalityCounter::GetBuckets()
+const vector<uint8_t> &CardinalityCounter::GetBuckets() const
 	{
 	return buckets;
 	}
-uint64 CardinalityCounter::GetM() const
+uint64_t CardinalityCounter::GetM() const
 	{
 	return m;
 	}
@ -192,7 +214,7 @@ bool CardinalityCounter::Serialize(SerialInfo* info) const
 CardinalityCounter* CardinalityCounter::Unserialize(UnserialInfo* info)
 	{
 	uint64_t m;
-	uint64 V;
+	uint64_t V;
 	double alpha_m;
 	bool valid = true;
@ -202,13 +224,13 @@ CardinalityCounter* CardinalityCounter::Unserialize(UnserialInfo* info)
 	CardinalityCounter* c = new CardinalityCounter(m, V, alpha_m);
-	uint8_t* buckets = c->buckets;
+	vector<uint8_t>& buckets = c->buckets;
 	for ( unsigned int i = 0; i < m; i++ )
 		{
 		char c;
 		valid &= UNSERIALIZE(&c);
-		buckets[i] = (uint8)c;
+		buckets[i] = (uint8_t)c;
 		}
 	if ( ! valid )
@ -219,3 +241,51 @@ CardinalityCounter* CardinalityCounter::Unserialize(UnserialInfo* info)
 	return c;
 	}
 /**
 * The following function is copied from libc/string/flsll.c from the FreeBSD source
 * tree. Original copyright message follows
 */
 /*-
 * Copyright (c) 1990, 1993
 *      The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */
 /*
 * Find Last Set bit
 */
 int
 CardinalityCounter::flsll(uint64_t mask)
 {
        int bit;
        if (mask == 0)
                return (0);
        for (bit = 1; mask != 1; bit++)
                mask = (uint64_t)mask >> 1;
        return (bit);
 }
--- a/src/probabilistic/CardinalityCounter.h
+++ b/src/probabilistic/CardinalityCounter.h
@ -28,13 +28,18 @@ public:
 	 *
 	 * @param confidence confidence of the error. Default: 0.95
 	 */
-	CardinalityCounter(double error_margin, double confidence = 0.95);
+	explicit CardinalityCounter(double error_margin, double confidence = 0.95);
 	/**
 	 * Copy-Constructor
 	 */
 	CardinalityCounter(CardinalityCounter& other);
 	/**
 	 * Move-Constructor
 	 */
 	CardinalityCounter(CardinalityCounter&& o);
 	/**
 	 * Constructor for a known number of buckets.
 	 *
@ -43,7 +48,7 @@ public:
 	 *
 	 * @param size number of buckets to create
 	 */
-	CardinalityCounter(uint64 size);
+	explicit CardinalityCounter(uint64_t size);
 	/**
 	 * Destructor.
@ -58,7 +63,7 @@ public:
 	 *
 	 * @param hash 64-bit hash value of the element to be added
 	 */
-	void AddElement(uint64 hash);
+	void AddElement(uint64_t hash);
 	/**
 	 * Get the current estimated number of elements in the data
@ -104,7 +109,7 @@ protected:
 	 *
 	 * @return Number of buckets
 	 */
-	uint64 GetM() const;
+	uint64_t GetM() const;
 	/**
 	 * Returns the buckets array that holds all of the rough cardinality
@ -114,21 +119,21 @@ protected:
 	 *
 	 * @return Array containing cardinality estimates
 	 */
-	uint8_t* GetBuckets();
+	const std::vector<uint8_t>& GetBuckets() const;
 private:
 	/**
 	 * Constructor used when unserializing, i.e., all parameters are
 	 * known.
 	 */
-	CardinalityCounter(uint64 size, uint64 V, double alpha_m);
+	explicit CardinalityCounter(uint64_t size, uint64_t V, double alpha_m);
 	/**
 	 * Helper function with code used jointly by multiple constructors.
 	 *
 	 * @param arg_size: number of buckets that need to be kept
 	 */
-	void Init(uint64 arg_size);
+	void Init(uint64_t arg_size);
 	/**
 	 * This function calculates the smallest value of b that will
@ -150,22 +155,28 @@ private:
 	int OptimalB(double error, double confidence) const;
 	/**
-	 * Determines at which index (counted from the back) the first one-bit
+	 * Determines at which index (counted from the front) the first one-bit
 	 * appears. The last b bits have to be 0 (the element has to be divisible
-	 * by m), hence they are ignored.
+	 * by m), hence they are ignored. Always adds 1 to the result. This is the
 	 * rho function from the original algorithm.
 	 *
 	 * @param hash_modified hash value
 	 *
 	 * @returns index of first one-bit
 	 */
-	uint8_t Rank(uint64 hash_modified) const;
+	uint8_t Rank(uint64_t hash_modified) const;
 	/**
 	 * flsll from FreeBSD; especially Linux does not have this.
 	 */
 	static int flsll(uint64_t mask);
 	/**
 	 * This is the number of buckets that will be stored. The standard
 	 * error is 1.04/sqrt(m), so the actual cardinality will be the
 	 * estimate +/- 1.04/sqrt(m) with approximately 68% probability.
 	 */
-	uint64 m;
+	uint64_t m;
 	/**
 	 * These are the actual buckets that are storing an estimate of the
@ -173,7 +184,7 @@ private:
 	 * appears in the bitstring and that location is at most 65, so not
 	 * that many bits are needed to store it.
 	 */
-	uint8_t* buckets;
+	std::vector<uint8_t> buckets;
 	/**
 	 * There are some state constants that need to be kept track of to
@ -181,8 +192,9 @@ private:
 	 * buckets that are 0 and this is used in the small error correction.
 	 * alpha_m is a multiplicative constant used in the algorithm.
 	 */
-	uint64 V;
+	uint64_t V;
 	double alpha_m;
 	int p; // the log2 of m
 };
 }
--- a/src/probabilistic/Hasher.cc
+++ b/src/probabilistic/Hasher.cc
@ -5,18 +5,21 @@
 #include "Hasher.h"
 #include "NetVar.h"
 #include "digest.h"
 #include "Serializer.h"
 #include "digest.h"
 #include "siphash24.h"
 using namespace probabilistic;
-uint64 Hasher::MakeSeed(const void* data, size_t size)
+Hasher::seed_t Hasher::MakeSeed(const void* data, size_t size)
 	{
 	u_char buf[SHA256_DIGEST_LENGTH];
-	uint64 tmpseed;
+	seed_t tmpseed;
 	SHA256_CTX ctx;
 	sha256_init(&ctx);
 	assert(sizeof(tmpseed) == 16);
 	if ( data )
 		sha256_update(&ctx, data, size);
@ -56,7 +59,10 @@ bool Hasher::DoSerialize(SerialInfo* info) const
 	if ( ! SERIALIZE(static_cast<uint16>(k)) )
 		return false;
-	return SERIALIZE(static_cast<uint64>(seed));
+	if ( ! SERIALIZE(static_cast<uint64>(seed.h1)) )
 		return false;
 	return SERIALIZE(static_cast<uint64>(seed.h2));
 	}
 bool Hasher::DoUnserialize(UnserialInfo* info)
@ -70,8 +76,11 @@ bool Hasher::DoUnserialize(UnserialInfo* info)
 	k = serial_k;
 	assert(k > 0);
-	uint64 serial_seed;
+	seed_t serial_seed;
-	if ( ! UNSERIALIZE(&serial_seed) )
+	if ( ! UNSERIALIZE(&serial_seed.h1) )
 		return false;
 	if ( ! UNSERIALIZE(&serial_seed.h2) )
 		return false;
 	seed = serial_seed;
@ -79,14 +88,18 @@ bool Hasher::DoUnserialize(UnserialInfo* info)
 	return true;
 	}
-Hasher::Hasher(size_t arg_k, size_t arg_seed)
+Hasher::Hasher(size_t arg_k, seed_t arg_seed)
 	{
 	k = arg_k;
 	seed = arg_seed;
 	}
-UHF::UHF(size_t arg_seed)
+UHF::UHF()
-	: h(arg_seed)
+	{
 	memset(&seed, 0, sizeof(seed));
 	}
 UHF::UHF(Hasher::seed_t arg_seed)
 	{
 	seed = arg_seed;
 	}
@ -96,8 +109,14 @@ UHF::UHF(size_t arg_seed)
 // times.
 Hasher::digest UHF::hash(const void* x, size_t n) const
 	{
 	assert(sizeof(Hasher::seed_t) == SIPHASH_KEYLEN);
 	if ( n <= UHASH_KEY_SIZE )
-		return n == 0 ? 0 : h(x, n);
+		{
 		hash_t outdigest;
 		siphash(&outdigest, reinterpret_cast<const uint8_t*>(x), n, reinterpret_cast<const uint8_t*>(&seed));
 		return outdigest;
 		}
 	unsigned char d[16];
 	MD5(reinterpret_cast<const unsigned char*>(x), n, d);
@ -111,11 +130,15 @@ Hasher::digest UHF::hash(const void* x, size_t n) const
 	return *reinterpret_cast<const Hasher::digest*>(d);
 	}
-DefaultHasher::DefaultHasher(size_t k, size_t seed)
+DefaultHasher::DefaultHasher(size_t k, Hasher::seed_t seed)
 	: Hasher(k, seed)
 	{
 	for ( size_t i = 1; i <= k; ++i )
-		hash_functions.push_back(UHF(Seed() + bro_prng(i)));
+		{
 		seed_t s = Seed();
 		s.h1 += bro_prng(i);
 		hash_functions.push_back(UHF(s));
 		}
 	}
 Hasher::digest_vector DefaultHasher::Hash(const void* x, size_t n) const
@ -158,12 +181,16 @@ bool DefaultHasher::DoUnserialize(UnserialInfo* info)
 	hash_functions.clear();
 	for ( size_t i = 0; i < K(); ++i )
-		hash_functions.push_back(UHF(Seed() + bro_prng(i)));
+		{
 		Hasher::seed_t s = Seed();
 		s.h1 += bro_prng(i);
 		hash_functions.push_back(UHF(s));
 		}
 	return true;
 	}
-DoubleHasher::DoubleHasher(size_t k, size_t seed)
+DoubleHasher::DoubleHasher(size_t k, seed_t seed)
 	: Hasher(k, seed), h1(seed + bro_prng(1)), h2(seed + bro_prng(2))
 	{
 	}
--- a/src/probabilistic/Hasher.h
+++ b/src/probabilistic/Hasher.h
@ -4,7 +4,6 @@
 #define PROBABILISTIC_HASHER_H
 #include "Hash.h"
 #include "H3.h"
 #include "SerialObj.h"
 namespace probabilistic {
@ -17,6 +16,15 @@ class Hasher : public SerialObj {
 public:
 	typedef hash_t digest;
 	typedef std::vector<digest> digest_vector;
 	struct seed_t {
 		uint64_t h1;
 		uint64_t h2;
 		friend seed_t operator+(seed_t lhs, const uint64_t rhs) {
 			lhs.h1 += rhs;
 			return lhs;
 		}
 	};
 	/**
 	 * Creates a valid hasher seed from an arbitrary string.
@ -30,7 +38,7 @@ public:
 	 *
 	 * @return A seed suitable for hashers.
 	 */
-	static uint64 MakeSeed(const void* data, size_t size);
+	static seed_t MakeSeed(const void* data, size_t size);
 	/**
 	 * Destructor.
@ -89,7 +97,7 @@ public:
 	/**
 	 * Returns the seed used to construct the hasher.
 	 */
-	size_t Seed() const	{ return seed; }
+	seed_t Seed() const	{ return seed; }
 	bool Serialize(SerialInfo* info) const;
 	static Hasher* Unserialize(UnserialInfo* info);
@ -106,11 +114,11 @@ protected:
 	 *
 	 * @param arg_seed The seed for the hasher.
 	 */
-	Hasher(size_t arg_k, size_t arg_seed);
+	Hasher(size_t arg_k, seed_t arg_seed);
 private:
 	size_t k;
-	size_t seed;
+	seed_t seed;
 };
 /**
@ -120,12 +128,17 @@ private:
 class UHF {
 public:
 	/**
-	 * Constructs an H3 hash function seeded with a given seed and an
+	 * Default constructor with zero seed.
 	 */
 	UHF();
 	/**
 	 * Constructs an hash function seeded with a given seed and an
 	 * optional extra seed to replace the initial Bro seed.
 	 *
 	 * @param arg_seed The seed to use for this instance.
 	 */
-	UHF(size_t arg_seed = 0);
+	UHF(Hasher::seed_t arg_seed);
 	template <typename T>
 	Hasher::digest operator()(const T& x) const
@ -159,7 +172,8 @@ public:
 	friend bool operator==(const UHF& x, const UHF& y)
 		{
-		return x.h == y.h;
+		return (x.seed.h1 == y.seed.h1) &&
 		       (x.seed.h2 == y.seed.h2);
 		}
 	friend bool operator!=(const UHF& x, const UHF& y)
@ -168,10 +182,9 @@ public:
 		}
 private:
-	static size_t compute_seed(size_t seed);
+	static size_t compute_seed(Hasher::seed_t seed);
-	H3<Hasher::digest, UHASH_KEY_SIZE> h;
+	Hasher::seed_t seed;
 	size_t seed;
 };
@ -188,7 +201,7 @@ public:
 	 *
 	 * @param seed The seed for the hasher.
 	 */
-	DefaultHasher(size_t k, size_t seed);
+	DefaultHasher(size_t k, Hasher::seed_t seed);
 	// Overridden from Hasher.
 	virtual digest_vector Hash(const void* x, size_t n) const final;
@ -216,7 +229,7 @@ public:
 	 *
 	 * @param seed The seed for the hasher.
 	 */
-	DoubleHasher(size_t k, size_t seed);
+	DoubleHasher(size_t k, Hasher::seed_t seed);
 	// Overridden from Hasher.
 	virtual digest_vector Hash(const void* x, size_t n) const final;
--- a/src/probabilistic/bloom-filter.bif
+++ b/src/probabilistic/bloom-filter.bif
@ -42,7 +42,7 @@ function bloomfilter_basic_init%(fp: double, capacity: count,
 	size_t cells = BasicBloomFilter::M(fp, capacity);
 	size_t optimal_k = BasicBloomFilter::K(cells, capacity);
-	size_t seed = Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0,
+	Hasher::seed_t seed = Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0,
                                 name->Len());
 	const Hasher* h = new DoubleHasher(optimal_k, seed);
@ -82,7 +82,7 @@ function bloomfilter_basic_init2%(k: count, cells: count,
 		return 0;
 		}
-	size_t seed = Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0,
+	Hasher::seed_t seed = Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0,
 				       name->Len());
 	const Hasher* h = new DoubleHasher(k, seed);
@ -121,7 +121,7 @@ function bloomfilter_counting_init%(k: count, cells: count, max: count,
 		return 0;
 		}
-	size_t seed = Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0,
+	Hasher::seed_t seed = Hasher::MakeSeed(name->Len() > 0 ? name->Bytes() : 0,
 				       name->Len());
 	const Hasher* h = new DefaultHasher(k, seed);
--- a/src/siphash24.c
+++ b/src/siphash24.c
@ -0,0 +1,166 @@
 /*
   SipHash reference C implementation
   Copyright (c) 2012-2014 Jean-Philippe Aumasson
   <jeanphilippe.aumasson@gmail.com>
   Copyright (c) 2012-2014 Daniel J. Bernstein <djb@cr.yp.to>
   To the extent possible under law, the author(s) have dedicated all copyright
   and related and neighboring rights to this software to the public domain
   worldwide. This software is distributed without any warranty.
   You should have received a copy of the CC0 Public Domain Dedication along
   with
   this software. If not, see
   <http://creativecommons.org/publicdomain/zero/1.0/>.
 */
 #include <stdint.h>
 #include <stdio.h>
 #include <string.h>
 /* default: SipHash-2-4 */
 #define cROUNDS 2
 #define dROUNDS 4
 #define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
 #define U32TO8_LE(p, v)                                                        \
  (p)[0] = (uint8_t)((v));                                                     \
  (p)[1] = (uint8_t)((v) >> 8);                                                \
  (p)[2] = (uint8_t)((v) >> 16);                                               \
  (p)[3] = (uint8_t)((v) >> 24);
 #define U64TO8_LE(p, v)                                                        \
  U32TO8_LE((p), (uint32_t)((v)));                                             \
  U32TO8_LE((p) + 4, (uint32_t)((v) >> 32));
 #define U8TO64_LE(p)                                                           \
  (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) |                          \
   ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) |                   \
   ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) |                   \
   ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56))
 #define SIPROUND                                                               \
  do {                                                                         \
    v0 += v1;                                                                  \
    v1 = ROTL(v1, 13);                                                         \
    v1 ^= v0;                                                                  \
    v0 = ROTL(v0, 32);                                                         \
    v2 += v3;                                                                  \
    v3 = ROTL(v3, 16);                                                         \
    v3 ^= v2;                                                                  \
    v0 += v3;                                                                  \
    v3 = ROTL(v3, 21);                                                         \
    v3 ^= v0;                                                                  \
    v2 += v1;                                                                  \
    v1 = ROTL(v1, 17);                                                         \
    v1 ^= v2;                                                                  \
    v2 = ROTL(v2, 32);                                                         \
  } while (0)
 #ifdef SIPHASHDEBUG
 #define TRACE                                                                  \
  do {                                                                         \
    printf("(%3d) v0 %08x %08x\n", (int)inlen, (uint32_t)(v0 >> 32),           \
           (uint32_t)v0);                                                      \
    printf("(%3d) v1 %08x %08x\n", (int)inlen, (uint32_t)(v1 >> 32),           \
           (uint32_t)v1);                                                      \
    printf("(%3d) v2 %08x %08x\n", (int)inlen, (uint32_t)(v2 >> 32),           \
           (uint32_t)v2);                                                      \
    printf("(%3d) v3 %08x %08x\n", (int)inlen, (uint32_t)(v3 >> 32),           \
           (uint32_t)v3);                                                      \
  } while (0)
 #else
 #define TRACE
 #endif
 // [Bro] We turn this into an internal function. siphash.h defines a wrapper.
 int _siphash(uint8_t *out, const uint8_t *in, uint64_t inlen, const uint8_t *k) {
  /* "somepseudorandomlygeneratedbytes" */
  uint64_t v0 = 0x736f6d6570736575ULL;
  uint64_t v1 = 0x646f72616e646f6dULL;
  uint64_t v2 = 0x6c7967656e657261ULL;
  uint64_t v3 = 0x7465646279746573ULL;
  uint64_t b;
  uint64_t k0 = U8TO64_LE(k);
  uint64_t k1 = U8TO64_LE(k + 8);
  uint64_t m;
  int i;
  const uint8_t *end = in + inlen - (inlen % sizeof(uint64_t));
  const int left = inlen & 7;
  b = ((uint64_t)inlen) << 56;
  v3 ^= k1;
  v2 ^= k0;
  v1 ^= k1;
  v0 ^= k0;
 #ifdef DOUBLE
  v1 ^= 0xee;
 #endif
  for (; in != end; in += 8) {
    m = U8TO64_LE(in);
    v3 ^= m;
    TRACE;
    for (i = 0; i < cROUNDS; ++i)
      SIPROUND;
    v0 ^= m;
  }
  switch (left) {
  case 7:
    b |= ((uint64_t)in[6]) << 48;
  case 6:
    b |= ((uint64_t)in[5]) << 40;
  case 5:
    b |= ((uint64_t)in[4]) << 32;
  case 4:
    b |= ((uint64_t)in[3]) << 24;
  case 3:
    b |= ((uint64_t)in[2]) << 16;
  case 2:
    b |= ((uint64_t)in[1]) << 8;
  case 1:
    b |= ((uint64_t)in[0]);
    break;
  case 0:
    break;
  }
  v3 ^= b;
  TRACE;
  for (i = 0; i < cROUNDS; ++i)
    SIPROUND;
  v0 ^= b;
 #ifndef DOUBLE
  v2 ^= 0xff;
 #else
  v2 ^= 0xee;
 #endif
  TRACE;
  for (i = 0; i < dROUNDS; ++i)
    SIPROUND;
  b = v0 ^ v1 ^ v2 ^ v3;
  U64TO8_LE(out, b);
 #ifdef DOUBLE
  v1 ^= 0xdd;
  TRACE;
  for (i = 0; i < dROUNDS; ++i)
    SIPROUND;
  b = v0 ^ v1 ^ v2 ^ v3;
  U64TO8_LE(out + 8, b);
 #endif
  return 0;
 }
--- a/src/siphash24.h
+++ b/src/siphash24.h
@ -0,0 +1,18 @@
 #ifndef SIPHASH24_H
 #define SIPHASH24_H
 #define SIPHASH_KEYLEN 16
 #define SIPHASH_HASHLEN 8
 extern "C" {
 int _siphash(uint8_t *out, const uint8_t *in, uint64_t inlen, const uint8_t *k);
 }
 // [Bro] Wrapper for better type-safety.
 inline void siphash(uint64_t* digest, const uint8_t *in, uint64_t inlen, const uint8_t* key)
 	{
 	_siphash((uint8_t*)digest, in, inlen, key);
 	}
 #endif
--- a/src/util.cc
+++ b/src/util.cc
@ -695,9 +695,12 @@ std::string strstrip(std::string s)
 	return s;
 	}
-int hmac_key_set = 0;
+bool hmac_key_set = false;
 uint8 shared_hmac_md5_key[16];
 bool siphash_key_set = false;
 uint8 shared_siphash_key[SIPHASH_KEYLEN];
 void hmac_md5(size_t size, const unsigned char* bytes, unsigned char digest[16])
 	{
 	if ( ! hmac_key_set )
@ -789,18 +792,19 @@ void bro_srandom(unsigned int seed)
 		srandom(seed);
 	}
-void init_random_seed(uint32 seed, const char* read_file, const char* write_file)
+void init_random_seed(const char* read_file, const char* write_file)
 	{
-	static const int bufsiz = 16;
+	static const int bufsiz = 20;
 	uint32 buf[bufsiz];
 	memset(buf, 0, sizeof(buf));
 	int pos = 0;	// accumulates entropy
 	bool seeds_done = false;
 	uint32 seed = 0;
 	if ( read_file )
 		{
 		if ( ! read_random_seeds(read_file, &seed, buf, bufsiz) )
-			reporter->Error("Could not load seeds from file '%s'.\n",
+			reporter->FatalError("Could not load seeds from file '%s'.\n",
 					     read_file);
 		else
 			seeds_done = true;
@ -812,12 +816,13 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file
 		gettimeofday((struct timeval *)(buf + pos), 0);
 		pos += sizeof(struct timeval) / sizeof(uint32);
 		// use urandom. For reasons see e.g. http://www.2uo.de/myths-about-urandom/
 #if defined(O_NONBLOCK)
-		int fd = open("/dev/random", O_RDONLY | O_NONBLOCK);
+		int fd = open("/dev/urandom", O_RDONLY | O_NONBLOCK);
 #elif defined(O_NDELAY)
-		int fd = open("/dev/random", O_RDONLY | O_NDELAY);
+		int fd = open("/dev/urandom", O_RDONLY | O_NDELAY);
 #else
-		int fd = open("/dev/random", O_RDONLY);
+		int fd = open("/dev/urandom", O_RDONLY);
 #endif
 		if ( fd >= 0 )
@ -835,12 +840,7 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file
 			}
 		if ( pos < bufsiz )
-			{
+			reporter->FatalError("Could not read enough random data from /dev/urandom. Wanted %d, got %d", bufsiz, pos);
 			buf[pos++] = getpid();
 			if ( pos < bufsiz )
 				buf[pos++] = getuid();
 			}
 		if ( ! seed )
 			{
@ -864,8 +864,16 @@ void init_random_seed(uint32 seed, const char* read_file, const char* write_file
 	if ( ! hmac_key_set )
 		{
-		MD5((const u_char*) buf, sizeof(buf), shared_hmac_md5_key);
+		assert(sizeof(buf) - 16 == 64);
-		hmac_key_set = 1;
+		MD5((const u_char*) buf, sizeof(buf) - 16, shared_hmac_md5_key); // The last 128 bits of buf are for siphash
 		hmac_key_set = true;
 		}
 	if ( ! siphash_key_set )
 		{
 		assert(sizeof(buf) - 64 == SIPHASH_KEYLEN);
 		memcpy(shared_siphash_key, reinterpret_cast<const char*>(buf) + 64, SIPHASH_KEYLEN);
 		siphash_key_set = true;
 		}
 	if ( write_file && ! write_random_seeds(write_file, seed, buf, bufsiz) )
--- a/src/util.h
+++ b/src/util.h
@ -23,7 +23,9 @@
 #include <string.h>
 #include <stdarg.h>
 #include <libgen.h>
 #include "bro-config.h"
 #include "siphash24.h"
 #if __STDC__
 #define myattribute __attribute__
@ -181,10 +183,11 @@ extern std::string strreplace(const std::string& s, const std::string& o, const
 // Remove all leading and trailing white space from string.
 extern std::string strstrip(std::string s);
 extern bool hmac_key_set;
 extern uint8 shared_hmac_md5_key[16];
 extern bool siphash_key_set;
 extern uint8 shared_siphash_key[SIPHASH_KEYLEN];
 extern int hmac_key_set;
 extern unsigned char shared_hmac_md5_key[16];
 extern void hmac_md5(size_t size, const unsigned char* bytes,
 			unsigned char digest[16]);
@ -194,8 +197,7 @@ extern void hmac_md5(size_t size, const unsigned char* bytes,
 // over the "seed" argument.  If write_file is given, the seeds are written
 // to that file.
 //
-extern void init_random_seed(uint32 seed, const char* load_file,
+extern void init_random_seed(const char* load_file, const char* write_file);
 				const char* write_file);
 // Retrieves the initial seed computed after the very first call to
 // init_random_seed(). Repeated calls to init_random_seed() will not affect
--- a/testing/btest/Baseline/bifs.bloomfilter-seed/output
+++ b/testing/btest/Baseline/bifs.bloomfilter-seed/output
@ -1,8 +1,8 @@
-bf1, global_seed, 11979365913534242684
+bf1, global_seed, 4955302038280957656
-bf2, global_seed, 12550100962110750449
+bf2, global_seed, 11260532077783130352
-bf3, my_seed, 12550100962110750449
+bf3, my_seed, 4955302038280957656
-bf4, my_seed, 945716460325754659
+bf4, my_seed, 11260532077783130352
-bf1, global_seed, 12550100962110750449
+bf1, global_seed, 4955302038280957656
-bf2, global_seed, 945716460325754659
+bf2, global_seed, 11260532077783130352
-bf3, my_seed, 12550100962110750449
+bf3, my_seed, 4955302038280957656
-bf4, my_seed, 945716460325754659
+bf4, my_seed, 11260532077783130352
--- a/testing/btest/Baseline/bifs.bloomfilter/output
+++ b/testing/btest/Baseline/bifs.bloomfilter/output
@ -13,7 +13,6 @@ error: false-positive rate must take value between 0 and 1
 1
 1
 1, fp
 1, fp
 1
 1
 1
--- a/testing/btest/Baseline/bifs.decode_base64_conn/weird.log
+++ b/testing/btest/Baseline/bifs.decode_base64_conn/weird.log
@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2015-08-31-03-09-20
+#open	2016-07-13-16-12-36
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1254722767.875996	CjhGID4nQcgTWjvg4c	10.10.1.4	1470	74.53.140.153	25	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	bro
+1254722767.875996	ClEkJM2Vm5giqnMf4h	10.10.1.4	1470	74.53.140.153	25	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	bro
-1437831787.861602	CPbrpk1qSsw6ESzHV4	192.168.133.100	49648	192.168.133.102	25	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	bro
+1437831787.861602	CmES5u32sYpV7JYN	192.168.133.100	49648	192.168.133.102	25	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	bro
-1437831799.610433	C7XEbhP654jzLoe3a	192.168.133.100	49655	17.167.150.73	443	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	bro
+1437831799.610433	C3eiCBGOLw3VtHfOj	192.168.133.100	49655	17.167.150.73	443	base64_illegal_encoding	incomplete base64 group, padding with 12 bits of 0	F	bro
-#close	2015-08-31-03-09-20
+#close	2016-07-13-16-12-36
--- a/testing/btest/Baseline/bifs.filter_subnet_table/output
+++ b/testing/btest/Baseline/bifs.filter_subnet_table/output
@ -1,16 +1,16 @@
 {
 10.0.0.0/8,
-10.2.0.2/31,
+10.2.0.0/16,
-10.2.0.0/16
+10.2.0.2/31
 }
 {
 [10.0.0.0/8] = a,
-[10.2.0.2/31] = c,
+[10.2.0.0/16] = b,
-[10.2.0.0/16] = b
+[10.2.0.2/31] = c
 }
 {
-[10.0.0.0/8] = a,
+[10.3.0.0/16] = e,
-[10.3.0.0/16] = e
+[10.0.0.0/8] = a
 }
 {
--- a/testing/btest/Baseline/bifs.hll_large_estimate/out
+++ b/testing/btest/Baseline/bifs.hll_large_estimate/out
@ -0,0 +1,3 @@
 Ok error
 171249.90868
 Ok error
--- a/testing/btest/Baseline/bifs.matching_subnets/output
+++ b/testing/btest/Baseline/bifs.matching_subnets/output
@ -1,16 +1,16 @@
 {
 10.0.0.0/8,
 10.3.0.0/16,
 10.2.0.2/31,
 2607:f8b0:4007:807::/64,
 10.2.0.0/16,
 5.2.0.0/32,
 5.5.0.0/25,
 10.1.0.0/16,
 5.0.0.0/8,
 2607:f8b0:4007:807::200e/128,
 7.2.0.0/32,
-2607:f8b0:4008:807::/64
+10.3.0.0/16,
 2607:f8b0:4007:807::200e/128,
 10.0.0.0/8,
 2607:f8b0:4007:807::/64,
 10.1.0.0/16,
 5.2.0.0/32,
 10.2.0.0/16,
 2607:f8b0:4008:807::/64,
 10.2.0.2/31,
 5.5.0.0/25
 }
 [10.2.0.2/31, 10.2.0.0/16, 10.0.0.0/8]
 [2607:f8b0:4007:807::200e/128, 2607:f8b0:4007:807::/64]
--- a/testing/btest/Baseline/bifs.netbios-functions/out
+++ b/testing/btest/Baseline/bifs.netbios-functions/out
@ -1,8 +1,8 @@
 MARTIN
 3
 WORKGROUP
 27
 ISATAP
 0
 \x01\x02__MSBROWSE__\x02
 1
 WORKGROUP
 27
 MARTIN
 3
 ISATAP
 0
--- a/testing/btest/Baseline/bifs.rand/out
+++ b/testing/btest/Baseline/bifs.rand/out
@ -1,6 +1,6 @@
-985
+20
-474
+484
-738
+137
 4
 634
 473
--- a/testing/btest/Baseline/bifs.rand/out.2
+++ b/testing/btest/Baseline/bifs.rand/out.2
@ -1,6 +1,6 @@
-985
+20
-474
+484
-738
+137
-974
+263
-371
+217
-638
+243
--- a/testing/btest/Baseline/bifs.records_fields/out
+++ b/testing/btest/Baseline/bifs.records_fields/out
@ -1,8 +1,8 @@
 [a=42, b=Foo, c=<uninitialized>, d=Bar]
 {
 [b] = [type_name=record, log=F, value=Foo, default_val=Foo],
 [d] = [type_name=record, log=T, value=Bar, default_val=<uninitialized>],
 [c] = [type_name=record, log=F, value=<uninitialized>, default_val=<uninitialized>],
-[a] = [type_name=record, log=F, value=42, default_val=<uninitialized>]
+[a] = [type_name=record, log=F, value=42, default_val=<uninitialized>],
 [d] = [type_name=record, log=T, value=Bar, default_val=<uninitialized>]
 }
 F
--- a/testing/btest/Baseline/bifs.unique_id/out
+++ b/testing/btest/Baseline/bifs.unique_id/out
@ -1,6 +1,6 @@
-A-56gKBmhBBB6
+A-rFj3eGxkRR5
-B-PjbroujOxH4
+B-q3FkxySjt2a
-C-N4zgPFAv3J
+C-Chd8EgFWk2j
-D-R8BqVlcp23e
+D-NHNewIpRB26
-E-duYdXg7bTa3
+E-V26Y5PaLbW3
-F-FSX5JvMaA88
+F-xUIu5RK8w0f
--- a/testing/btest/Baseline/core.bits_per_uid/128
+++ b/testing/btest/Baseline/core.bits_per_uid/128
@ -1,9 +1,9 @@
-CUWkUyAuUGXfarKYeMETxOg
+C2NNAAAHZBl4GS1DHFjwGM9
-Ck6kgXLOoSKlnQcgTWjvg4c
+CecCbjYTWM3dVm5giqnMf4h
 Fj3nTWNjezo6G6xBmyo58Tf
-Cj4u32Pc5bifTEfuqmmG4bh
+C6CWH0ZufRpfPJpwUYZZ6gc
 F4VAnSiNGSQhKEoCPd4zuQd
-CFrJExwHcSal5OKnoww6xl4
+CIdXDQc8a0ud0MLrsMUOJi2
 FaJg8mtdsS86cWjSe4spPPl
-C3PKsZ2Uye21VW0XPVINV8a
+Cae9B2GP1sJiMLUfNB0cl11
 FvBr89nD30GgGAp3wgtm6qf
--- a/testing/btest/Baseline/core.bits_per_uid/256
+++ b/testing/btest/Baseline/core.bits_per_uid/256
@ -1,9 +1,9 @@
-CUWkUyAuUGXfarKYeMETxOg
+C2NNAAAHZBl4GS1DHFjwGM9
-Ck6kgXLOoSKlnQcgTWjvg4c
+CecCbjYTWM3dVm5giqnMf4h
 Fj3nTWNjezo6G6xBmyo58Tf
-Cj4u32Pc5bifTEfuqmmG4bh
+C6CWH0ZufRpfPJpwUYZZ6gc
 F4VAnSiNGSQhKEoCPd4zuQd
-CFrJExwHcSal5OKnoww6xl4
+CIdXDQc8a0ud0MLrsMUOJi2
 FaJg8mtdsS86cWjSe4spPPl
-C3PKsZ2Uye21VW0XPVINV8a
+Cae9B2GP1sJiMLUfNB0cl11
 FvBr89nD30GgGAp3wgtm6qf
--- a/testing/btest/Baseline/core.bits_per_uid/32
+++ b/testing/btest/Baseline/core.bits_per_uid/32
@ -1,9 +1,9 @@
-CXWv6p30
+CHhAvV0
-CCyvnA30
+CRQjp520
 F75yAm10
-CjhGID40
+ClEkJM20
 FmGk6O30
-CdfHBz20
+CHZeJD30
 Fuh3fj10
-CCvvfg30
+C4J4Th30
 Ftwuyy30
--- a/testing/btest/Baseline/core.bits_per_uid/64
+++ b/testing/btest/Baseline/core.bits_per_uid/64
@ -1,9 +1,9 @@
-CUWkUyAuUGXf0
+C2NNAAAHZBl40
-CarKYeMETxOg0
+CGS1DHFjwGM90
 Fj3nTWNjezo60
-Ck6kgXLOoSKl0
+CecCbjYTWM3d0
 F4VAnSiNGSQh0
-CnQcgTWjvg4c0
+CVm5giqnMf4h0
 FaJg8mtdsS860
-Cj4u32Pc5bif0
+C6CWH0ZufRpf0
 FvBr89nD30Gg0
--- a/testing/btest/Baseline/core.bits_per_uid/96
+++ b/testing/btest/Baseline/core.bits_per_uid/96
@ -1,9 +1,9 @@
-CXWv6p3arKYeMETxOg
+CHhAvVGS1DHFjwGM9
-CjhGID4nQcgTWjvg4c
+ClEkJM2Vm5giqnMf4h
 F75yAm1G6xBmyo58Tf
-CCvvfg3TEfuqmmG4bh
+C4J4Th3PJpwUYZZ6gc
 FmGk6O3KEoCPd4zuQd
-CsRx2w45OKnoww6xl4
+CtPZjS20MLrsMUOJi2
 Fuh3fj1cWjSe4spPPl
-CRJuHdVW0XPVINV8a
+CUM0KZ3MLUfNB0cl11
 Ftwuyy3GAp3wgtm6qf
--- a/testing/btest/Baseline/core.checksums/bad.out
+++ b/testing/btest/Baseline/core.checksums/bad.out
@ -3,101 +3,101 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-04
+#open	2016-07-13-16-12-42
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332784981.078396	-	-	-	-	-	bad_IP_checksum	-	F	bro
-#close	2016-06-15-20-38-04
+#close	2016-07-13-16-12-42
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-06
+#open	2016-07-13-16-12-42
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1332784885.686428	CXWv6p3arKYeMETxOg	127.0.0.1	30000	127.0.0.1	80	bad_TCP_checksum	-	F	bro
+1332784885.686428	CHhAvVGS1DHFjwGM9	127.0.0.1	30000	127.0.0.1	80	bad_TCP_checksum	-	F	bro
-#close	2016-06-15-20-38-06
+#close	2016-07-13-16-12-42
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-08
+#open	2016-07-13-16-12-43
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1332784933.501023	CXWv6p3arKYeMETxOg	127.0.0.1	30000	127.0.0.1	13000	bad_UDP_checksum	-	F	bro
+1332784933.501023	CHhAvVGS1DHFjwGM9	127.0.0.1	30000	127.0.0.1	13000	bad_UDP_checksum	-	F	bro
-#close	2016-06-15-20-38-08
+#close	2016-07-13-16-12-43
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-10
+#open	2016-07-13-16-12-43
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1334075363.536871	CXWv6p3arKYeMETxOg	192.168.1.100	8	192.168.1.101	0	bad_ICMP_checksum	-	F	bro
+1334075363.536871	CHhAvVGS1DHFjwGM9	192.168.1.100	8	192.168.1.101	0	bad_ICMP_checksum	-	F	bro
-#close	2016-06-15-20-38-10
+#close	2016-07-13-16-12-43
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-11
+#open	2016-07-13-16-12-44
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332785210.013051	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	bro
-1332785210.013051	CXWv6p3arKYeMETxOg	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	80	bad_TCP_checksum	-	F	bro
+1332785210.013051	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	80	bad_TCP_checksum	-	F	bro
-#close	2016-06-15-20-38-12
+#close	2016-07-13-16-12-44
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-13
+#open	2016-07-13-16-12-44
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332782580.798420	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	bro
-1332782580.798420	CXWv6p3arKYeMETxOg	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	13000	bad_UDP_checksum	-	F	bro
+1332782580.798420	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:78:1:32::2	13000	bad_UDP_checksum	-	F	bro
-#close	2016-06-15-20-38-13
+#close	2016-07-13-16-12-44
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-15
+#open	2016-07-13-16-12-45
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075111.800086	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	bro
-1334075111.800086	CXWv6p3arKYeMETxOg	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:78:1:32::1	129	bad_ICMP_checksum	-	F	bro
+1334075111.800086	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:78:1:32::1	129	bad_ICMP_checksum	-	F	bro
-#close	2016-06-15-20-38-15
+#close	2016-07-13-16-12-45
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-16
+#open	2016-07-13-16-12-45
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1332785250.469132	CXWv6p3arKYeMETxOg	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	80	bad_TCP_checksum	-	F	bro
+1332785250.469132	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	80	bad_TCP_checksum	-	F	bro
-#close	2016-06-15-20-38-17
+#close	2016-07-13-16-12-45
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-18
+#open	2016-07-13-16-12-46
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1332781342.923813	CXWv6p3arKYeMETxOg	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	13000	bad_UDP_checksum	-	F	bro
+1332781342.923813	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	30000	2001:4f8:4:7:2e0:81ff:fe52:9a6b	13000	bad_UDP_checksum	-	F	bro
-#close	2016-06-15-20-38-18
+#close	2016-07-13-16-12-46
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-20
+#open	2016-07-13-16-12-46
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1334074939.467194	CXWv6p3arKYeMETxOg	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
+1334074939.467194	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
-#close	2016-06-15-20-38-20
+#close	2016-07-13-16-12-47
--- a/testing/btest/Baseline/core.checksums/good.out
+++ b/testing/btest/Baseline/core.checksums/good.out
@ -3,68 +3,68 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-20
+#open	2016-07-13-16-12-46
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1334074939.467194	CXWv6p3arKYeMETxOg	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
+1334074939.467194	CHhAvVGS1DHFjwGM9	2001:4f8:4:7:2e0:81ff:fe52:ffff	128	2001:4f8:4:7:2e0:81ff:fe52:9a6b	129	bad_ICMP_checksum	-	F	bro
-#close	2016-06-15-20-38-20
+#close	2016-07-13-16-12-47
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-27
+#open	2016-07-13-16-12-49
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332785125.596793	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	bro
-#close	2016-06-15-20-38-27
+#close	2016-07-13-16-12-49
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-28
+#open	2016-07-13-16-12-49
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1332782508.592037	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::2	0	routing0_hdr	-	F	bro
-#close	2016-06-15-20-38-29
+#close	2016-07-13-16-12-49
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-30
+#open	2016-07-13-16-12-50
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075027.053380	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	bro
-#close	2016-06-15-20-38-30
+#close	2016-07-13-16-12-50
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-30
+#open	2016-07-13-16-12-50
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075027.053380	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	bro
-#close	2016-06-15-20-38-30
+#close	2016-07-13-16-12-50
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-30
+#open	2016-07-13-16-12-50
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075027.053380	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	bro
-#close	2016-06-15-20-38-30
+#close	2016-07-13-16-12-50
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-06-15-20-38-30
+#open	2016-07-13-16-12-50
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334075027.053380	-	2001:4f8:4:7:2e0:81ff:fe52:ffff	0	2001:78:1:32::1	0	routing0_hdr	-	F	bro
-#close	2016-06-15-20-38-30
+#close	2016-07-13-16-12-50
--- a/testing/btest/Baseline/core.conn-uid/output
+++ b/testing/btest/Baseline/core.conn-uid/output
@ -1,43 +1,43 @@
-[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], CXWv6p3arKYeMETxOg
+[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], CHhAvVGS1DHFjwGM9
-[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], CjhGID4nQcgTWjvg4c
+[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], ClEkJM2Vm5giqnMf4h
-[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], CCvvfg3TEfuqmmG4bh
+[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], C4J4Th3PJpwUYZZ6gc
-[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CsRx2w45OKnoww6xl4
+[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CtPZjS20MLrsMUOJi2
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CRJuHdVW0XPVINV8a
+[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CUM0KZ3MLUfNB0cl11
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CRJuHdVW0XPVINV8a
+[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], CUM0KZ3MLUfNB0cl11
-[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], CPbrpk1qSsw6ESzHV4
+[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], CmES5u32sYpV7JYN
-[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], C6pKV8GSxOnSLghOa
+[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], CP5puj4I8PtEU4qzYg
-[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], CIPOse170MGiRM1Qf4
+[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], C37jN32gN3y3AZzyf6
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C7XEbhP654jzLoe3a
+[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C3eiCBGOLw3VtHfOj
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CJ3xTn1c4Zw9TmAE05
+[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CwjjYJ2WqgTbAqiHl6
-[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], CMXxB5GvmoxJFXdTa
+[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], C0LAHyvtKSQHyJxIl
-[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], Caby8b1slFea8xwSmb
+[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], CFLRIC3zaTU1loLGxh
-[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], Che1bq3i2rO3KD1Syg
+[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], C9rXSW3KSpTYvPrlI1
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C3SfNE4BWaU4aSuwkc
+[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Ck51lg1bScffFj34Ri
-[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], CEle3f3zno26fFZkrh
+[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], C9mvWx3ezztgzcexV7
-[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], CwSkQu4eWZCH7OONC1
+[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], CNnMIj2QSd84NKf7U3
-[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], CfTOmO0HKorjr8Zp7
+[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], C7fIlMZDuRiqjpYbb
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CzA03V1VcgagLjnO92
+[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CykQaM33ztNt0csB9a
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CyAhVIzHqb7t7kv28
+[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CtxTCR2Yer0FR1tIBg
-[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], Cab0vO1xNYSS2hJkle
+[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], CpmdRlaUoJLN3uIRa
-[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], Cx2FqO23omNawSNrxj
+[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], C1Xkzz2MaGtLrc1Tla
-[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], Cx3C534wEyF3OvvcQe
+[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], CqlVyW1YwZ15RhTBc4
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CkDsfG2YIeWJmXWNWj
+[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CLNN1k2QMum1aexUK7
-[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], CUKS0W3HFYOnBqSE5e
+[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], CBA8792iHmnhPLksKa
-[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], CRrfvP2lalMAYOCLhj
+[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], CGLPPc35OzDQij1XX8
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], Cn78a440HlxuyZKs6f
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CiyBAq1bBLNaTiTAc
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CJ3xTn1c4Zw9TmAE05
+[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CwjjYJ2WqgTbAqiHl6
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C7XEbhP654jzLoe3a
+[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C3eiCBGOLw3VtHfOj
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], C3SfNE4BWaU4aSuwkc
+[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Ck51lg1bScffFj34Ri
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CyAhVIzHqb7t7kv28
+[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CtxTCR2Yer0FR1tIBg
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CzA03V1VcgagLjnO92
+[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CykQaM33ztNt0csB9a
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CkDsfG2YIeWJmXWNWj
+[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], CLNN1k2QMum1aexUK7
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], Cn78a440HlxuyZKs6f
+[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], CiyBAq1bBLNaTiTAc
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], CUof3F2yAIid8QS3dk
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], CFSwNi4CNGxcuffo49
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], CUof3F2yAIid8QS3dk
+[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], CFSwNi4CNGxcuffo49
-[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], CojBOU3CXcLHl1r6x1
+[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], Cipfzj1BEnhejw8cGf
-[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], CJzVQRGJrX6V15ik7
+[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], CV5WJ42jPYbNW9JNWf
-[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], ClAbxY1nmdjCuo0Le2
+[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], CPhDKt12KQPUVbQz06
-[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], CwG0BF1VXE0gWgs78
+[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], CAnFrb2Cvxr5T7quOc
-[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], CisNaL1Cm73CiNOmcg
+[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], C8rquZ3DjgNW06JGLl
-[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], CBQnJn22qN8TOeeZil
+[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], CzrZOtXqhwwndQva3
-[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], CbEsuD3dgDDngdlbKf
+[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], CaGCc13FffXe6RkQl9
--- a/testing/btest/Baseline/core.fake_dns/out
+++ b/testing/btest/Baseline/core.fake_dns/out
@ -1,7 +1,7 @@
 {
 1d59:20f4:b44b:27a8:2bd:77c4:f053:6f5a,
 50cd:1a9a:1837:5803:9b08:41aa:738c:3f0b,
-477c:8c51:4f4f:61ec:9981:1259:86b8:8987,
+477c:8c51:4f4f:61ec:9981:1259:86b8:8987
 1d59:20f4:b44b:27a8:2bd:77c4:f053:6f5a
 }
 lookup_hostname_txt, fake_text_lookup_result_bro.wp.dg.cx
 lookup_hostname, {
--- a/testing/btest/Baseline/core.history-flip/conn.log
+++ b/testing/btest/Baseline/core.history-flip/conn.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-12-00-18-19
+#open	2016-07-13-17-58-11
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1128727435.633408	CXWv6p3arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.550793	98	9417	SF	-	-	0	^hADdFaf	11	670	10	9945	(empty)
+1128727435.633408	CHhAvVGS1DHFjwGM9	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.550793	98	9417	SF	-	-	0	^hADdFaf	11	670	10	9945	(empty)
-#close	2016-07-12-00-18-19
+#close	2016-07-13-17-58-11
--- a/testing/btest/Baseline/core.ipv6-frag/dns.log
+++ b/testing/btest/Baseline/core.ipv6-frag/dns.log
@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
-#open	2016-06-15-03-33-34
+#open	2016-07-13-16-12-54
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
 #types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
-1331084278.438444	CXWv6p3arKYeMETxOg	2001:470:1f11:81f:d138:5f55:6d4:1fe2	51850	2607:f740:b::f93	53	udp	3903	0.079300	txtpadding_323.n1.netalyzr.icsi.berkeley.edu	1	C_INTERNET	16	TXT	0	NOERROR	T	F	T	F	0	TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 136 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX	1.000000	F
+1331084278.438444	CHhAvVGS1DHFjwGM9	2001:470:1f11:81f:d138:5f55:6d4:1fe2	51850	2607:f740:b::f93	53	udp	3903	0.079300	txtpadding_323.n1.netalyzr.icsi.berkeley.edu	1	C_INTERNET	16	TXT	0	NOERROR	T	F	T	F	0	TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 136 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX	1.000000	F
-1331084293.592245	CjhGID4nQcgTWjvg4c	2001:470:1f11:81f:d138:5f55:6d4:1fe2	51851	2607:f740:b::f93	53	udp	40849	5.084025	txtpadding_3230.n1.netalyzr.icsi.berkeley.edu	1	C_INTERNET	16	TXT	0	NOERROR	T	F	T	F	0	TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 192 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX	1.000000	F
+1331084293.592245	ClEkJM2Vm5giqnMf4h	2001:470:1f11:81f:d138:5f55:6d4:1fe2	51851	2607:f740:b::f93	53	udp	40849	5.084025	txtpadding_3230.n1.netalyzr.icsi.berkeley.edu	1	C_INTERNET	16	TXT	0	NOERROR	T	F	T	F	0	TXT 33 This TXT record should be ignored TXT 21 As it is just padding TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 189 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX TXT 192 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX	1.000000	F
-1331084298.593081	CjhGID4nQcgTWjvg4c	2001:470:1f11:81f:d138:5f55:6d4:1fe2	51851	2607:f740:b::f93	53	udp	40849	-	txtpadding_3230.n1.netalyzr.icsi.berkeley.edu	1	C_INTERNET	16	TXT	-	-	F	F	T	F	0	-	-	F
+1331084298.593081	ClEkJM2Vm5giqnMf4h	2001:470:1f11:81f:d138:5f55:6d4:1fe2	51851	2607:f740:b::f93	53	udp	40849	-	txtpadding_3230.n1.netalyzr.icsi.berkeley.edu	1	C_INTERNET	16	TXT	-	-	F	F	T	F	0	-	-	F
-#close	2016-06-15-03-33-34
+#close	2016-07-13-16-12-54
--- a/testing/btest/Baseline/core.mpls-in-vlan/conn.log
+++ b/testing/btest/Baseline/core.mpls-in-vlan/conn.log
@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-08-21-46-16
+#open	2016-07-13-16-12-55
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1371685686.536606	CXWv6p3arKYeMETxOg	65.65.65.65	19244	65.65.65.65	80	tcp	-	-	-	-	OTH	-	-	0	D	1	257	0	0	(empty)
+1371685686.536606	CHhAvVGS1DHFjwGM9	65.65.65.65	19244	65.65.65.65	80	tcp	-	-	-	-	OTH	-	-	0	D	1	257	0	0	(empty)
-1371686961.156859	CjhGID4nQcgTWjvg4c	65.65.65.65	32828	65.65.65.65	80	tcp	-	-	-	-	OTH	-	-	0	^d	0	0	1	1500	(empty)
+1371686961.479321	C4J4Th3PJpwUYZZ6gc	65.65.65.65	61193	65.65.65.65	80	tcp	-	-	-	-	OTH	-	-	0	D	1	710	0	0	(empty)
-1371686961.479321	CCvvfg3TEfuqmmG4bh	65.65.65.65	61193	65.65.65.65	80	tcp	-	-	-	-	OTH	-	-	0	D	1	710	0	0	(empty)
+1371686961.156859	ClEkJM2Vm5giqnMf4h	65.65.65.65	32828	65.65.65.65	80	tcp	-	-	-	-	OTH	-	-	0	^d	0	0	1	1500	(empty)
-#close	2016-07-08-21-46-16
+#close	2016-07-13-16-12-55
--- a/testing/btest/Baseline/core.pcap.dynamic-filter/conn.log
+++ b/testing/btest/Baseline/core.pcap.dynamic-filter/conn.log
@ -3,23 +3,23 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-32-35
+#open	2016-07-13-16-12-55
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1300475167.096535	CXWv6p3arKYeMETxOg	141.142.220.202	5353	224.0.0.251	5353	udp	dns	-	-	-	S0	-	-	0	D	1	73	0	0	(empty)
+1300475167.096535	CHhAvVGS1DHFjwGM9	141.142.220.202	5353	224.0.0.251	5353	udp	dns	-	-	-	S0	-	-	0	D	1	73	0	0	(empty)
-1300475168.853899	CCvvfg3TEfuqmmG4bh	141.142.220.118	43927	141.142.2.2	53	udp	dns	0.000435	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
+1300475168.853899	C4J4Th3PJpwUYZZ6gc	141.142.220.118	43927	141.142.2.2	53	udp	dns	0.000435	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
-1300475168.854378	CsRx2w45OKnoww6xl4	141.142.220.118	37676	141.142.2.2	53	udp	dns	0.000420	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
+1300475168.854378	CtPZjS20MLrsMUOJi2	141.142.220.118	37676	141.142.2.2	53	udp	dns	0.000420	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
-1300475168.854837	CRJuHdVW0XPVINV8a	141.142.220.118	40526	141.142.2.2	53	udp	dns	0.000392	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
+1300475168.854837	CUM0KZ3MLUfNB0cl11	141.142.220.118	40526	141.142.2.2	53	udp	dns	0.000392	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
-1300475168.857956	CPbrpk1qSsw6ESzHV4	141.142.220.118	32902	141.142.2.2	53	udp	dns	0.000317	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
+1300475168.857956	CmES5u32sYpV7JYN	141.142.220.118	32902	141.142.2.2	53	udp	dns	0.000317	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
-1300475168.858306	C6pKV8GSxOnSLghOa	141.142.220.118	59816	141.142.2.2	53	udp	dns	0.000343	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
+1300475168.858306	CP5puj4I8PtEU4qzYg	141.142.220.118	59816	141.142.2.2	53	udp	dns	0.000343	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
-1300475168.858713	CIPOse170MGiRM1Qf4	141.142.220.118	59714	141.142.2.2	53	udp	dns	0.000375	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
+1300475168.858713	C37jN32gN3y3AZzyf6	141.142.220.118	59714	141.142.2.2	53	udp	dns	0.000375	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
-1300475168.891644	C7XEbhP654jzLoe3a	141.142.220.118	58206	141.142.2.2	53	udp	dns	0.000339	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
+1300475168.891644	C3eiCBGOLw3VtHfOj	141.142.220.118	58206	141.142.2.2	53	udp	dns	0.000339	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
-1300475168.892037	CJ3xTn1c4Zw9TmAE05	141.142.220.118	38911	141.142.2.2	53	udp	dns	0.000335	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
+1300475168.892037	CwjjYJ2WqgTbAqiHl6	141.142.220.118	38911	141.142.2.2	53	udp	dns	0.000335	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
-1300475168.892414	CMXxB5GvmoxJFXdTa	141.142.220.118	59746	141.142.2.2	53	udp	dns	0.000421	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
+1300475168.892414	C0LAHyvtKSQHyJxIl	141.142.220.118	59746	141.142.2.2	53	udp	dns	0.000421	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
-1300475168.893988	Caby8b1slFea8xwSmb	141.142.220.118	45000	141.142.2.2	53	udp	dns	0.000384	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
+1300475168.893988	CFLRIC3zaTU1loLGxh	141.142.220.118	45000	141.142.2.2	53	udp	dns	0.000384	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
-1300475168.894422	Che1bq3i2rO3KD1Syg	141.142.220.118	48479	141.142.2.2	53	udp	dns	0.000317	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
+1300475168.894422	C9rXSW3KSpTYvPrlI1	141.142.220.118	48479	141.142.2.2	53	udp	dns	0.000317	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
-1300475168.894787	C3SfNE4BWaU4aSuwkc	141.142.220.118	48128	141.142.2.2	53	udp	dns	0.000423	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
+1300475168.894787	Ck51lg1bScffFj34Ri	141.142.220.118	48128	141.142.2.2	53	udp	dns	0.000423	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
-1300475168.901749	CEle3f3zno26fFZkrh	141.142.220.118	56056	141.142.2.2	53	udp	dns	0.000402	36	131	SF	-	-	0	Dd	1	64	1	159	(empty)
+1300475168.901749	C9mvWx3ezztgzcexV7	141.142.220.118	56056	141.142.2.2	53	udp	dns	0.000402	36	131	SF	-	-	0	Dd	1	64	1	159	(empty)
-1300475168.902195	CwSkQu4eWZCH7OONC1	141.142.220.118	55092	141.142.2.2	53	udp	dns	0.000374	36	198	SF	-	-	0	Dd	1	64	1	226	(empty)
+1300475168.902195	CNnMIj2QSd84NKf7U3	141.142.220.118	55092	141.142.2.2	53	udp	dns	0.000374	36	198	SF	-	-	0	Dd	1	64	1	226	(empty)
-1300475168.652003	CjhGID4nQcgTWjvg4c	141.142.220.118	35634	208.80.152.2	80	tcp	-	-	-	-	OTH	-	-	0	D	1	515	0	0	(empty)
+1300475168.652003	ClEkJM2Vm5giqnMf4h	141.142.220.118	35634	208.80.152.2	80	tcp	-	-	-	-	OTH	-	-	0	D	1	515	0	0	(empty)
-#close	2015-02-23-21-32-35
+#close	2016-07-13-16-12-55
--- a/testing/btest/Baseline/core.pcap.read-trace-with-filter/conn.log
+++ b/testing/btest/Baseline/core.pcap.read-trace-with-filter/conn.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-32-46
+#open	2016-07-13-16-12-56
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1300475168.892936	CXWv6p3arKYeMETxOg	141.142.220.118	50000	208.80.152.3	80	tcp	http	0.229603	1148	734	S1	-	-	0	ShADad	6	1468	4	950	(empty)
+1300475168.892936	CHhAvVGS1DHFjwGM9	141.142.220.118	50000	208.80.152.3	80	tcp	http	0.229603	1148	734	S1	-	-	0	ShADad	6	1468	4	950	(empty)
-#close	2015-02-23-21-32-46
+#close	2016-07-13-16-12-56
--- a/testing/btest/Baseline/core.pcap.read-trace-with-filter/packet_filter.log
+++ b/testing/btest/Baseline/core.pcap.read-trace-with-filter/packet_filter.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2014-08-23-18-29-48
+#open	2016-07-13-16-12-56
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1408818588.510297	bro	port 50000	T	T
+1468426376.541368	bro	port 50000	T	T
-#close	2014-08-23-18-29-48
+#close	2016-07-13-16-12-56
--- a/testing/btest/Baseline/core.pppoe/conn.log
+++ b/testing/btest/Baseline/core.pppoe/conn.log
@ -3,14 +3,14 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-32-47
+#open	2016-07-13-16-12-57
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1284385418.014560	CPbrpk1qSsw6ESzHV4	fe80::c801:eff:fe88:8	547	fe80::ce05:eff:fe88:0	546	udp	-	0.096000	192	0	S0	-	-	0	D	2	288	0	0	(empty)
+1284385417.962560	CUM0KZ3MLUfNB0cl11	fe80::ce05:eff:fe88:0	546	ff02::1:2	547	udp	-	0.078000	114	0	S0	-	-	0	D	2	210	0	0	(empty)
-1284385417.962560	CRJuHdVW0XPVINV8a	fe80::ce05:eff:fe88:0	546	ff02::1:2	547	udp	-	0.078000	114	0	S0	-	-	0	D	2	210	0	0	(empty)
+1284385418.014560	CmES5u32sYpV7JYN	fe80::c801:eff:fe88:8	547	fe80::ce05:eff:fe88:0	546	udp	-	0.096000	192	0	S0	-	-	0	D	2	288	0	0	(empty)
-1284385411.091560	CjhGID4nQcgTWjvg4c	fe80::c801:eff:fe88:8	136	ff02::1	135	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	(empty)
+1284385411.035560	CHhAvVGS1DHFjwGM9	fe80::c801:eff:fe88:8	143	ff02::16	0	icmp	-	0.835000	160	0	OTH	-	-	0	-	8	608	0	0	(empty)
-1284385411.035560	CXWv6p3arKYeMETxOg	fe80::c801:eff:fe88:8	143	ff02::16	0	icmp	-	0.835000	160	0	OTH	-	-	0	-	8	608	0	0	(empty)
+1284385451.658560	CP5puj4I8PtEU4qzYg	fc00:0:2:100::1:1	128	fc00::1	129	icmp	-	0.156000	260	260	OTH	-	-	0	-	5	500	5	500	(empty)
-1284385451.658560	C6pKV8GSxOnSLghOa	fc00:0:2:100::1:1	128	fc00::1	129	icmp	-	0.156000	260	260	OTH	-	-	0	-	5	500	5	500	(empty)
+1284385412.963560	C4J4Th3PJpwUYZZ6gc	fe80::ce05:eff:fe88:0	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	48	0	0	(empty)
-1284385413.027560	CsRx2w45OKnoww6xl4	fe80::c801:eff:fe88:8	134	fe80::ce05:eff:fe88:0	133	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	(empty)
+1284385413.027560	CtPZjS20MLrsMUOJi2	fe80::c801:eff:fe88:8	134	fe80::ce05:eff:fe88:0	133	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	(empty)
-1284385412.963560	CCvvfg3TEfuqmmG4bh	fe80::ce05:eff:fe88:0	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	48	0	0	(empty)
+1284385411.091560	ClEkJM2Vm5giqnMf4h	fe80::c801:eff:fe88:8	136	ff02::1	135	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	(empty)
-#close	2015-02-23-21-32-47
+#close	2016-07-13-16-12-57
--- a/testing/btest/Baseline/core.print-bpf-filters/conn.log
+++ b/testing/btest/Baseline/core.print-bpf-filters/conn.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-03-30-21-38-30
+#open	2016-07-13-16-12-58
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1278600802.069419	CXWv6p3arKYeMETxOg	10.20.80.1	50343	10.0.0.15	80	tcp	-	0.004152	9	3429	SF	-	-	0	ShADadfF	7	381	7	3801	(empty)
+1278600802.069419	CHhAvVGS1DHFjwGM9	10.20.80.1	50343	10.0.0.15	80	tcp	-	0.004152	9	3429	SF	-	-	0	ShADadfF	7	381	7	3801	(empty)
-#close	2015-03-30-21-38-30
+#close	2016-07-13-16-12-59
--- a/testing/btest/Baseline/core.print-bpf-filters/output
+++ b/testing/btest/Baseline/core.print-bpf-filters/output
@ -3,28 +3,28 @@
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2015-03-30-21-38-29
+#open	2016-07-13-16-12-57
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1427751509.034738	bro	ip or not ip	T	T
+1468426377.846975	bro	ip or not ip	T	T
-#close	2015-03-30-21-38-29
+#close	2016-07-13-16-12-57
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2015-03-30-21-38-29
+#open	2016-07-13-16-12-58
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1427751509.711080	bro	port 42	T	T
+1468426378.362651	bro	port 42	T	T
-#close	2015-03-30-21-38-29
+#close	2016-07-13-16-12-58
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	packet_filter
-#open	2015-03-30-21-38-30
+#open	2016-07-13-16-12-58
 #fields	ts	node	filter	init	success
 #types	time	string	string	bool	bool
-1427751510.380510	bro	(vlan) and (ip or not ip)	T	T
+1468426378.944945	bro	(vlan) and (ip or not ip)	T	T
-#close	2015-03-30-21-38-30
+#close	2016-07-13-16-12-59
--- a/testing/btest/Baseline/core.q-in-q/conn.log
+++ b/testing/btest/Baseline/core.q-in-q/conn.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-32-51
+#open	2016-07-13-16-13-00
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1363900699.548138	CXWv6p3arKYeMETxOg	172.19.51.37	47808	172.19.51.63	47808	udp	-	0.000100	36	0	S0	-	-	0	D	2	92	0	0	(empty)
+1363900699.548138	CHhAvVGS1DHFjwGM9	172.19.51.37	47808	172.19.51.63	47808	udp	-	0.000100	36	0	S0	-	-	0	D	2	92	0	0	(empty)
-1363900699.549647	CjhGID4nQcgTWjvg4c	193.1.186.60	9875	224.2.127.254	9875	udp	-	0.000139	552	0	S0	-	-	0	D	2	608	0	0	(empty)
+1363900699.549647	ClEkJM2Vm5giqnMf4h	193.1.186.60	9875	224.2.127.254	9875	udp	-	0.000139	552	0	S0	-	-	0	D	2	608	0	0	(empty)
-#close	2015-02-23-21-32-51
+#close	2016-07-13-16-13-00
--- a/testing/btest/Baseline/core.radiotap/conn.log
+++ b/testing/btest/Baseline/core.radiotap/conn.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-01-19-09-01-31
+#open	2016-07-13-16-13-00
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1439902891.705224	CXWv6p3arKYeMETxOg	172.17.156.76	61738	208.67.220.220	53	udp	dns	0.041654	35	128	SF	-	-	0	Dd	1	63	1	156	(empty)
+1439902891.705224	CHhAvVGS1DHFjwGM9	172.17.156.76	61738	208.67.220.220	53	udp	dns	0.041654	35	128	SF	-	-	0	Dd	1	63	1	156	(empty)
-1439903050.580632	CjhGID4nQcgTWjvg4c	fe80::a667:6ff:fef7:ec54	5353	ff02::fb	5353	udp	dns	-	-	-	S0	-	-	0	D	1	328	0	0	(empty)
+1439903050.580632	ClEkJM2Vm5giqnMf4h	fe80::a667:6ff:fef7:ec54	5353	ff02::fb	5353	udp	dns	-	-	-	S0	-	-	0	D	1	328	0	0	(empty)
-#close	2016-01-19-09-01-31
+#close	2016-07-13-16-13-00
--- a/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log
+++ b/testing/btest/Baseline/core.tcp.large-file-reassembly/conn.log
@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-04-15-23-53-28
+#open	2016-07-13-16-13-01
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1395939406.175845	CjhGID4nQcgTWjvg4c	192.168.56.1	59763	192.168.56.101	63988	tcp	ftp-data	0.001676	0	270	SF	-	-	0	ShAdfFa	5	272	4	486	(empty)
+1395939406.175845	ClEkJM2Vm5giqnMf4h	192.168.56.1	59763	192.168.56.101	63988	tcp	ftp-data	0.001676	0	270	SF	-	-	0	ShAdfFa	5	272	4	486	(empty)
-1395939411.361078	CCvvfg3TEfuqmmG4bh	192.168.56.1	59764	192.168.56.101	37150	tcp	ftp-data	150.496065	0	5416666670	SF	-	-	4675708816	ShAdfFa	13	688	12	24454	(empty)
+1395939411.361078	C4J4Th3PJpwUYZZ6gc	192.168.56.1	59764	192.168.56.101	37150	tcp	ftp-data	150.496065	0	5416666670	SF	-	-	4675708816	ShAdfFa	13	688	12	24454	(empty)
-1395939399.984671	CXWv6p3arKYeMETxOg	192.168.56.1	59762	192.168.56.101	21	tcp	ftp	169.634297	104	1041	SF	-	-	0	ShAdDaFf	31	1728	18	1985	(empty)
+1395939399.984671	CHhAvVGS1DHFjwGM9	192.168.56.1	59762	192.168.56.101	21	tcp	ftp	169.634297	104	1041	SF	-	-	0	ShAdDaFf	31	1728	18	1985	(empty)
-#close	2015-04-15-23-53-28
+#close	2016-07-13-16-13-01
--- a/testing/btest/Baseline/core.tcp.large-file-reassembly/files.log
+++ b/testing/btest/Baseline/core.tcp.large-file-reassembly/files.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	files
-#open	2015-04-15-23-53-28
+#open	2016-07-13-16-13-01
 #fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted
 #types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string
-1395939406.177079	FAb5m22Dhe2Zi95anf	192.168.56.101	192.168.56.1	CjhGID4nQcgTWjvg4c	FTP_DATA	0	DATA_EVENT	text/plain	-	0.000000	-	F	270	-	0	0	F	-	-	-	-	-
+1395939406.177079	FAb5m22Dhe2Zi95anf	192.168.56.101	192.168.56.1	ClEkJM2Vm5giqnMf4h	FTP_DATA	0	DATA_EVENT	text/plain	-	0.000000	-	F	270	-	0	0	F	-	-	-	-	-
-1395939411.364462	FhI0ao2FNTjabdfSBd	192.168.56.101	192.168.56.1	CCvvfg3TEfuqmmG4bh	FTP_DATA	0	DATA_EVENT	text/plain	-	150.490904	-	F	23822	-	5416642848	0	F	-	-	-	-	-
+1395939411.364462	FhI0ao2FNTjabdfSBd	192.168.56.101	192.168.56.1	C4J4Th3PJpwUYZZ6gc	FTP_DATA	0	DATA_EVENT	text/plain	-	150.490904	-	F	23822	-	5416642848	0	F	-	-	-	-	-
-#close	2015-04-15-23-53-28
+#close	2016-07-13-16-13-01
--- a/testing/btest/Baseline/core.tcp.miss-end-data/conn.log
+++ b/testing/btest/Baseline/core.tcp.miss-end-data/conn.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-32-57
+#open	2016-07-13-16-13-02
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1331764471.664131	CXWv6p3arKYeMETxOg	192.168.122.230	60648	77.238.160.184	80	tcp	http	10.048360	538	2902	SF	-	-	2902	ShADafF	5	750	4	172	(empty)
+1331764471.664131	CHhAvVGS1DHFjwGM9	192.168.122.230	60648	77.238.160.184	80	tcp	http	10.048360	538	2902	SF	-	-	2902	ShADafF	5	750	4	172	(empty)
-#close	2015-02-23-21-32-57
+#close	2016-07-13-16-13-02
--- a/testing/btest/Baseline/core.tcp.missing-syn/conn.log
+++ b/testing/btest/Baseline/core.tcp.missing-syn/conn.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-12-00-09-49
+#open	2016-07-13-17-58-31
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1128727435.633408	CXWv6p3arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.550793	98	9417	SF	-	-	0	^hADdFaf	11	670	10	9945	(empty)
+1128727435.633408	CHhAvVGS1DHFjwGM9	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.550793	98	9417	SF	-	-	0	^hADdFaf	11	670	10	9945	(empty)
-#close	2016-07-12-00-09-49
+#close	2016-07-13-17-58-31
--- a/testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log
+++ b/testing/btest/Baseline/core.tcp.rxmit-history/conn-1.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-06-19-53-51
+#open	2016-07-13-16-13-02
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1285862902.700271	CXWv6p3arKYeMETxOg	10.0.88.85	50368	192.168.0.27	80	tcp	-	60.991770	474	23783	RSTO	-	-	24257	ShADadtR	17	1250	22	28961	(empty)
+1285862902.700271	CHhAvVGS1DHFjwGM9	10.0.88.85	50368	192.168.0.27	80	tcp	-	60.991770	474	23783	RSTO	-	-	24257	ShADadtR	17	1250	22	28961	(empty)
-#close	2016-07-06-19-53-51
+#close	2016-07-13-16-13-03
--- a/testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log
+++ b/testing/btest/Baseline/core.tcp.rxmit-history/conn-2.log
@ -3,41 +3,41 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-09-02-21-54
+#open	2016-07-13-16-13-03
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1300475167.096535	CXWv6p3arKYeMETxOg	141.142.220.202	5353	224.0.0.251	5353	udp	dns	-	-	-	S0	-	-	0	D	1	73	0	0	(empty)
+1300475167.096535	CHhAvVGS1DHFjwGM9	141.142.220.202	5353	224.0.0.251	5353	udp	dns	-	-	-	S0	-	-	0	D	1	73	0	0	(empty)
-1300475167.097012	CjhGID4nQcgTWjvg4c	fe80::217:f2ff:fed7:cf65	5353	ff02::fb	5353	udp	dns	-	-	-	S0	-	-	0	D	1	199	0	0	(empty)
+1300475167.097012	ClEkJM2Vm5giqnMf4h	fe80::217:f2ff:fed7:cf65	5353	ff02::fb	5353	udp	dns	-	-	-	S0	-	-	0	D	1	199	0	0	(empty)
-1300475167.099816	CCvvfg3TEfuqmmG4bh	141.142.220.50	5353	224.0.0.251	5353	udp	dns	-	-	-	S0	-	-	0	D	1	179	0	0	(empty)
+1300475167.099816	C4J4Th3PJpwUYZZ6gc	141.142.220.50	5353	224.0.0.251	5353	udp	dns	-	-	-	S0	-	-	0	D	1	179	0	0	(empty)
-1300475168.853899	CPbrpk1qSsw6ESzHV4	141.142.220.118	43927	141.142.2.2	53	udp	dns	0.000435	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
+1300475168.853899	CmES5u32sYpV7JYN	141.142.220.118	43927	141.142.2.2	53	udp	dns	0.000435	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
-1300475168.854378	C6pKV8GSxOnSLghOa	141.142.220.118	37676	141.142.2.2	53	udp	dns	0.000420	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
+1300475168.854378	CP5puj4I8PtEU4qzYg	141.142.220.118	37676	141.142.2.2	53	udp	dns	0.000420	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
-1300475168.854837	CIPOse170MGiRM1Qf4	141.142.220.118	40526	141.142.2.2	53	udp	dns	0.000392	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
+1300475168.854837	C37jN32gN3y3AZzyf6	141.142.220.118	40526	141.142.2.2	53	udp	dns	0.000392	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
-1300475168.857956	CMXxB5GvmoxJFXdTa	141.142.220.118	32902	141.142.2.2	53	udp	dns	0.000317	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
+1300475168.857956	C0LAHyvtKSQHyJxIl	141.142.220.118	32902	141.142.2.2	53	udp	dns	0.000317	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
-1300475168.858306	Caby8b1slFea8xwSmb	141.142.220.118	59816	141.142.2.2	53	udp	dns	0.000343	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
+1300475168.858306	CFLRIC3zaTU1loLGxh	141.142.220.118	59816	141.142.2.2	53	udp	dns	0.000343	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
-1300475168.858713	Che1bq3i2rO3KD1Syg	141.142.220.118	59714	141.142.2.2	53	udp	dns	0.000375	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
+1300475168.858713	C9rXSW3KSpTYvPrlI1	141.142.220.118	59714	141.142.2.2	53	udp	dns	0.000375	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
-1300475168.891644	CEle3f3zno26fFZkrh	141.142.220.118	58206	141.142.2.2	53	udp	dns	0.000339	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
+1300475168.891644	C9mvWx3ezztgzcexV7	141.142.220.118	58206	141.142.2.2	53	udp	dns	0.000339	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
-1300475168.892037	CwSkQu4eWZCH7OONC1	141.142.220.118	38911	141.142.2.2	53	udp	dns	0.000335	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
+1300475168.892037	CNnMIj2QSd84NKf7U3	141.142.220.118	38911	141.142.2.2	53	udp	dns	0.000335	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
-1300475168.892414	CfTOmO0HKorjr8Zp7	141.142.220.118	59746	141.142.2.2	53	udp	dns	0.000421	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
+1300475168.892414	C7fIlMZDuRiqjpYbb	141.142.220.118	59746	141.142.2.2	53	udp	dns	0.000421	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
-1300475168.893988	Cab0vO1xNYSS2hJkle	141.142.220.118	45000	141.142.2.2	53	udp	dns	0.000384	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
+1300475168.893988	CpmdRlaUoJLN3uIRa	141.142.220.118	45000	141.142.2.2	53	udp	dns	0.000384	38	89	SF	-	-	0	Dd	1	66	1	117	(empty)
-1300475168.894422	Cx2FqO23omNawSNrxj	141.142.220.118	48479	141.142.2.2	53	udp	dns	0.000317	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
+1300475168.894422	C1Xkzz2MaGtLrc1Tla	141.142.220.118	48479	141.142.2.2	53	udp	dns	0.000317	52	99	SF	-	-	0	Dd	1	80	1	127	(empty)
-1300475168.894787	Cx3C534wEyF3OvvcQe	141.142.220.118	48128	141.142.2.2	53	udp	dns	0.000423	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
+1300475168.894787	CqlVyW1YwZ15RhTBc4	141.142.220.118	48128	141.142.2.2	53	udp	dns	0.000423	38	183	SF	-	-	0	Dd	1	66	1	211	(empty)
-1300475168.901749	CUKS0W3HFYOnBqSE5e	141.142.220.118	56056	141.142.2.2	53	udp	dns	0.000402	36	131	SF	-	-	0	Dd	1	64	1	159	(empty)
+1300475168.901749	CBA8792iHmnhPLksKa	141.142.220.118	56056	141.142.2.2	53	udp	dns	0.000402	36	131	SF	-	-	0	Dd	1	64	1	159	(empty)
-1300475168.902195	CRrfvP2lalMAYOCLhj	141.142.220.118	55092	141.142.2.2	53	udp	dns	0.000374	36	198	SF	-	-	0	Dd	1	64	1	226	(empty)
+1300475168.902195	CGLPPc35OzDQij1XX8	141.142.220.118	55092	141.142.2.2	53	udp	dns	0.000374	36	198	SF	-	-	0	Dd	1	64	1	226	(empty)
-1300475169.899438	CojBOU3CXcLHl1r6x1	141.142.220.44	5353	224.0.0.251	5353	udp	dns	-	-	-	S0	-	-	0	D	1	85	0	0	(empty)
+1300475169.899438	Cipfzj1BEnhejw8cGf	141.142.220.44	5353	224.0.0.251	5353	udp	dns	-	-	-	S0	-	-	0	D	1	85	0	0	(empty)
-1300475170.862384	CJzVQRGJrX6V15ik7	141.142.220.226	137	141.142.220.255	137	udp	dns	2.613017	350	0	S0	-	-	0	D	7	546	0	0	(empty)
+1300475170.862384	CV5WJ42jPYbNW9JNWf	141.142.220.226	137	141.142.220.255	137	udp	dns	2.613017	350	0	S0	-	-	0	D	7	546	0	0	(empty)
-1300475171.675372	ClAbxY1nmdjCuo0Le2	fe80::3074:17d5:2052:c324	65373	ff02::1:3	5355	udp	dns	0.100096	66	0	S0	-	-	0	D	2	162	0	0	(empty)
+1300475171.675372	CPhDKt12KQPUVbQz06	fe80::3074:17d5:2052:c324	65373	ff02::1:3	5355	udp	dns	0.100096	66	0	S0	-	-	0	D	2	162	0	0	(empty)
-1300475171.677081	CwG0BF1VXE0gWgs78	141.142.220.226	55131	224.0.0.252	5355	udp	dns	0.100021	66	0	S0	-	-	0	D	2	122	0	0	(empty)
+1300475171.677081	CAnFrb2Cvxr5T7quOc	141.142.220.226	55131	224.0.0.252	5355	udp	dns	0.100021	66	0	S0	-	-	0	D	2	122	0	0	(empty)
-1300475173.116749	CisNaL1Cm73CiNOmcg	fe80::3074:17d5:2052:c324	54213	ff02::1:3	5355	udp	dns	0.099801	66	0	S0	-	-	0	D	2	162	0	0	(empty)
+1300475173.116749	C8rquZ3DjgNW06JGLl	fe80::3074:17d5:2052:c324	54213	ff02::1:3	5355	udp	dns	0.099801	66	0	S0	-	-	0	D	2	162	0	0	(empty)
-1300475173.117362	CBQnJn22qN8TOeeZil	141.142.220.226	55671	224.0.0.252	5355	udp	dns	0.099849	66	0	S0	-	-	0	D	2	122	0	0	(empty)
+1300475173.117362	CzrZOtXqhwwndQva3	141.142.220.226	55671	224.0.0.252	5355	udp	dns	0.099849	66	0	S0	-	-	0	D	2	122	0	0	(empty)
-1300475173.153679	CbEsuD3dgDDngdlbKf	141.142.220.238	56641	141.142.220.255	137	udp	dns	-	-	-	S0	-	-	0	D	1	78	0	0	(empty)
+1300475173.153679	CaGCc13FffXe6RkQl9	141.142.220.238	56641	141.142.220.255	137	udp	dns	-	-	-	S0	-	-	0	D	1	78	0	0	(empty)
-1300475168.859163	C3SfNE4BWaU4aSuwkc	141.142.220.118	49998	208.80.152.3	80	tcp	http	0.215893	1130	734	S1	-	-	0	ShADad	6	1450	4	950	(empty)
+1300475169.780331	CFSwNi4CNGxcuffo49	141.142.220.235	6705	173.192.163.128	80	tcp	-	-	-	-	OTH	-	-	0	^h	0	0	1	48	(empty)
-1300475168.652003	CsRx2w45OKnoww6xl4	141.142.220.118	35634	208.80.152.2	80	tcp	-	0.061329	463	350	OTH	-	-	0	DdA	2	567	1	402	(empty)
+1300475168.892913	CykQaM33ztNt0csB9a	141.142.220.118	49999	208.80.152.3	80	tcp	http	0.220961	1137	733	S1	-	-	0	ShADad	6	1457	4	949	(empty)
-1300475168.895267	CkDsfG2YIeWJmXWNWj	141.142.220.118	50001	208.80.152.3	80	tcp	http	0.227284	1178	734	S1	-	-	0	ShADad	6	1498	4	950	(empty)
+1300475168.724007	CUM0KZ3MLUfNB0cl11	141.142.220.118	48649	208.80.152.118	80	tcp	http	0.119905	525	232	S1	-	-	0	ShADad	4	741	3	396	(empty)
-1300475168.902635	Cn78a440HlxuyZKs6f	141.142.220.118	35642	208.80.152.2	80	tcp	http	0.120041	534	412	S1	-	-	0	ShADad	4	750	3	576	(empty)
+1300475168.855330	CwjjYJ2WqgTbAqiHl6	141.142.220.118	49997	208.80.152.3	80	tcp	http	0.219720	1125	734	S1	-	-	0	ShADad	6	1445	4	950	(empty)
-1300475168.892936	CyAhVIzHqb7t7kv28	141.142.220.118	50000	208.80.152.3	80	tcp	http	0.229603	1148	734	S1	-	-	0	ShADad	6	1468	4	950	(empty)
+1300475168.855305	C3eiCBGOLw3VtHfOj	141.142.220.118	49996	208.80.152.3	80	tcp	http	0.218501	1171	733	S1	-	-	0	ShADad	6	1491	4	949	(empty)
-1300475168.855305	C7XEbhP654jzLoe3a	141.142.220.118	49996	208.80.152.3	80	tcp	http	0.218501	1171	733	S1	-	-	0	ShADad	6	1491	4	949	(empty)
+1300475168.652003	CtPZjS20MLrsMUOJi2	141.142.220.118	35634	208.80.152.2	80	tcp	-	0.061329	463	350	OTH	-	-	0	DdA	2	567	1	402	(empty)
-1300475168.892913	CzA03V1VcgagLjnO92	141.142.220.118	49999	208.80.152.3	80	tcp	http	0.220961	1137	733	S1	-	-	0	ShADad	6	1457	4	949	(empty)
+1300475168.902635	CiyBAq1bBLNaTiTAc	141.142.220.118	35642	208.80.152.2	80	tcp	http	0.120041	534	412	S1	-	-	0	ShADad	4	750	3	576	(empty)
-1300475169.780331	CUof3F2yAIid8QS3dk	141.142.220.235	6705	173.192.163.128	80	tcp	-	-	-	-	OTH	-	-	0	^h	0	0	1	48	(empty)
+1300475168.859163	Ck51lg1bScffFj34Ri	141.142.220.118	49998	208.80.152.3	80	tcp	http	0.215893	1130	734	S1	-	-	0	ShADad	6	1450	4	950	(empty)
-1300475168.724007	CRJuHdVW0XPVINV8a	141.142.220.118	48649	208.80.152.118	80	tcp	http	0.119905	525	232	S1	-	-	0	ShADad	4	741	3	396	(empty)
+1300475168.892936	CtxTCR2Yer0FR1tIBg	141.142.220.118	50000	208.80.152.3	80	tcp	http	0.229603	1148	734	S1	-	-	0	ShADad	6	1468	4	950	(empty)
-1300475168.855330	CJ3xTn1c4Zw9TmAE05	141.142.220.118	49997	208.80.152.3	80	tcp	http	0.219720	1125	734	S1	-	-	0	ShADad	6	1445	4	950	(empty)
+1300475168.895267	CLNN1k2QMum1aexUK7	141.142.220.118	50001	208.80.152.3	80	tcp	http	0.227284	1178	734	S1	-	-	0	ShADad	6	1498	4	950	(empty)
-#close	2016-07-09-02-21-55
+#close	2016-07-13-16-13-03
--- a/testing/btest/Baseline/core.tunnels.ayiya/conn.log
+++ b/testing/btest/Baseline/core.tunnels.ayiya/conn.log
@ -3,15 +3,15 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-08-21-46-30
+#open	2016-07-13-16-13-04
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1257655301.595604	CIPOse170MGiRM1Qf4	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	tcp	http	2.101052	2981	4665	S1	-	-	0	ShADad	10	3605	11	5329	CCvvfg3TEfuqmmG4bh
+1257655301.595604	C37jN32gN3y3AZzyf6	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	tcp	http	2.101052	2981	4665	S1	-	-	0	ShADad	10	3605	11	5329	C4J4Th3PJpwUYZZ6gc
-1257655296.585034	CCvvfg3TEfuqmmG4bh	192.168.3.101	53859	216.14.98.22	5072	udp	ayiya	20.879001	5129	6109	SF	-	-	0	Dd	21	5717	13	6473	(empty)
+1257655296.585034	C4J4Th3PJpwUYZZ6gc	192.168.3.101	53859	216.14.98.22	5072	udp	ayiya	20.879001	5129	6109	SF	-	-	0	Dd	21	5717	13	6473	(empty)
-1257655293.629048	CXWv6p3arKYeMETxOg	192.168.3.101	53796	216.14.98.22	5072	udp	ayiya	-	-	-	SHR	-	-	0	^d	0	0	1	176	(empty)
+1257655293.629048	CHhAvVGS1DHFjwGM9	192.168.3.101	53796	216.14.98.22	5072	udp	ayiya	-	-	-	SHR	-	-	0	^d	0	0	1	176	(empty)
-1257655296.585333	C6pKV8GSxOnSLghOa	::	135	ff02::1:ff00:2	136	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	CCvvfg3TEfuqmmG4bh
+1257655296.585333	CP5puj4I8PtEU4qzYg	::	135	ff02::1:ff00:2	136	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	C4J4Th3PJpwUYZZ6gc
-1257655293.629048	CjhGID4nQcgTWjvg4c	2001:4978:f:4c::1	128	2001:4978:f:4c::2	129	icmp	-	23.834987	168	56	OTH	-	-	0	-	3	312	1	104	CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
+1257655296.585151	CUM0KZ3MLUfNB0cl11	fe80::216:cbff:fe9a:4cb9	131	ff02::2:f901:d225	130	icmp	-	0.719947	32	0	OTH	-	-	0	-	2	144	0	0	C4J4Th3PJpwUYZZ6gc
-1257655296.585188	CPbrpk1qSsw6ESzHV4	fe80::216:cbff:fe9a:4cb9	131	ff02::1:ff00:2	130	icmp	-	0.919988	32	0	OTH	-	-	0	-	2	144	0	0	CCvvfg3TEfuqmmG4bh
+1257655296.585034	CtPZjS20MLrsMUOJi2	fe80::216:cbff:fe9a:4cb9	131	ff02::1:ff9a:4cb9	130	icmp	-	4.922880	32	0	OTH	-	-	0	-	2	144	0	0	C4J4Th3PJpwUYZZ6gc
-1257655296.585151	CRJuHdVW0XPVINV8a	fe80::216:cbff:fe9a:4cb9	131	ff02::2:f901:d225	130	icmp	-	0.719947	32	0	OTH	-	-	0	-	2	144	0	0	CCvvfg3TEfuqmmG4bh
+1257655293.629048	ClEkJM2Vm5giqnMf4h	2001:4978:f:4c::1	128	2001:4978:f:4c::2	129	icmp	-	23.834987	168	56	OTH	-	-	0	-	3	312	1	104	CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
-1257655296.585034	CsRx2w45OKnoww6xl4	fe80::216:cbff:fe9a:4cb9	131	ff02::1:ff9a:4cb9	130	icmp	-	4.922880	32	0	OTH	-	-	0	-	2	144	0	0	CCvvfg3TEfuqmmG4bh
+1257655296.585188	CmES5u32sYpV7JYN	fe80::216:cbff:fe9a:4cb9	131	ff02::1:ff00:2	130	icmp	-	0.919988	32	0	OTH	-	-	0	-	2	144	0	0	C4J4Th3PJpwUYZZ6gc
-#close	2016-07-08-21-46-30
+#close	2016-07-13-16-13-04
--- a/testing/btest/Baseline/core.tunnels.ayiya/http.log
+++ b/testing/btest/Baseline/core.tunnels.ayiya/http.log
@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2016-06-15-05-35-59
+#open	2016-07-13-16-13-04
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
-1257655301.652206	CIPOse170MGiRM1Qf4	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	1	GET	ipv6.google.com	/	-	1.1	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre)	0	10102	200	OK	-	-	(empty)	-	-	-	-	-	-	FYAtjT24MvCBUs5K5f	-	text/html
+1257655301.652206	C37jN32gN3y3AZzyf6	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	1	GET	ipv6.google.com	/	-	1.1	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre)	0	10102	200	OK	-	-	(empty)	-	-	-	-	-	-	FYAtjT24MvCBUs5K5f	-	text/html
-1257655302.514424	CIPOse170MGiRM1Qf4	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	2	GET	ipv6.google.com	/csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645	http://ipv6.google.com/	1.1	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre)	0	0	204	No Content	-	-	(empty)	-	-	-	-	-	-	-	-	-
+1257655302.514424	C37jN32gN3y3AZzyf6	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	2	GET	ipv6.google.com	/csi?v=3&s=webhp&action=&tran=undefined&e=17259,19771,21517,21766,21887,22212&ei=BUz2Su7PMJTglQfz3NzCAw&rt=prt.77,xjs.565,ol.645	http://ipv6.google.com/	1.1	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre)	0	0	204	No Content	-	-	(empty)	-	-	-	-	-	-	-	-	-
-1257655303.603569	CIPOse170MGiRM1Qf4	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	3	GET	ipv6.google.com	/gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600	http://ipv6.google.com/	1.1	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre)	0	0	204	No Content	-	-	(empty)	-	-	-	-	-	-	-	-	-
+1257655303.603569	C37jN32gN3y3AZzyf6	2001:4978:f:4c::2	53382	2001:4860:b002::68	80	3	GET	ipv6.google.com	/gen_204?atyp=i&ct=fade&cad=1254&ei=BUz2Su7PMJTglQfz3NzCAw&zx=1257655303600	http://ipv6.google.com/	1.1	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en; rv:1.9.0.15pre) Gecko/2009091516 Camino/2.0b4 (like Firefox/3.0.15pre)	0	0	204	No Content	-	-	(empty)	-	-	-	-	-	-	-	-	-
-#close	2016-06-15-05-35-59
+#close	2016-07-13-16-13-04
--- a/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.ayiya/tunnel.log
@ -3,11 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2016-01-15-18-40-13
+#open	2016-07-13-16-13-04
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1257655293.629048	CXWv6p3arKYeMETxOg	192.168.3.101	53796	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::DISCOVER
+1257655293.629048	CHhAvVGS1DHFjwGM9	192.168.3.101	53796	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::DISCOVER
-1257655296.585034	CCvvfg3TEfuqmmG4bh	192.168.3.101	53859	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::DISCOVER
+1257655296.585034	C4J4Th3PJpwUYZZ6gc	192.168.3.101	53859	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::DISCOVER
-1257655317.464035	CCvvfg3TEfuqmmG4bh	192.168.3.101	53859	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::CLOSE
+1257655317.464035	C4J4Th3PJpwUYZZ6gc	192.168.3.101	53859	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::CLOSE
-1257655317.464035	CXWv6p3arKYeMETxOg	192.168.3.101	53796	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::CLOSE
+1257655317.464035	CHhAvVGS1DHFjwGM9	192.168.3.101	53796	216.14.98.22	5072	Tunnel::AYIYA	Tunnel::CLOSE
-#close	2016-01-15-18-40-13
+#close	2016-07-13-16-13-04
--- a/testing/btest/Baseline/core.tunnels.gre-in-gre/conn.log
+++ b/testing/btest/Baseline/core.tunnels.gre-in-gre/conn.log
@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-33-06
+#open	2016-07-13-16-13-05
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1341436440.002928	CRJuHdVW0XPVINV8a	3.3.3.2	520	224.0.0.9	520	udp	-	26.148268	48	0	S0	-	-	0	D	2	104	0	0	CjhGID4nQcgTWjvg4c
+1341436424.378840	CtPZjS20MLrsMUOJi2	3.3.3.1	520	224.0.0.9	520	udp	-	28.555457	168	0	S0	-	-	0	D	2	224	0	0	ClEkJM2Vm5giqnMf4h
-1341436424.378840	CsRx2w45OKnoww6xl4	3.3.3.1	520	224.0.0.9	520	udp	-	28.555457	168	0	S0	-	-	0	D	2	224	0	0	CjhGID4nQcgTWjvg4c
+1341436440.002928	CUM0KZ3MLUfNB0cl11	3.3.3.2	520	224.0.0.9	520	udp	-	26.148268	48	0	S0	-	-	0	D	2	104	0	0	ClEkJM2Vm5giqnMf4h
-1341436424.204043	CCvvfg3TEfuqmmG4bh	10.10.25.1	8	192.168.1.2	0	icmp	-	42.380221	22464	22464	OTH	-	-	0	-	312	31200	312	31200	CjhGID4nQcgTWjvg4c
+1341436424.204043	C4J4Th3PJpwUYZZ6gc	10.10.25.1	8	192.168.1.2	0	icmp	-	42.380221	22464	22464	OTH	-	-	0	-	312	31200	312	31200	ClEkJM2Vm5giqnMf4h
-#close	2015-02-23-21-33-06
+#close	2016-07-13-16-13-05
--- a/testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gre-in-gre/tunnel.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2014-01-16-21-51-36
+#open	2016-07-13-16-13-05
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1341436424.204043	CXWv6p3arKYeMETxOg	72.205.54.70	0	86.106.164.150	0	Tunnel::GRE	Tunnel::DISCOVER
+1341436424.204043	CHhAvVGS1DHFjwGM9	72.205.54.70	0	86.106.164.150	0	Tunnel::GRE	Tunnel::DISCOVER
-1341436424.204043	CjhGID4nQcgTWjvg4c	10.10.11.2	0	10.10.13.2	0	Tunnel::GRE	Tunnel::DISCOVER
+1341436424.204043	ClEkJM2Vm5giqnMf4h	10.10.11.2	0	10.10.13.2	0	Tunnel::GRE	Tunnel::DISCOVER
-#close	2014-01-16-21-51-36
+#close	2016-07-13-16-13-05
--- a/testing/btest/Baseline/core.tunnels.gre/conn.log
+++ b/testing/btest/Baseline/core.tunnels.gre/conn.log
@ -3,14 +3,14 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-33-05
+#open	2016-07-13-16-13-04
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1055289978.756932	CsRx2w45OKnoww6xl4	66.59.111.190	40264	172.28.2.3	22	tcp	ssh	3.157831	952	1671	SF	-	-	0	ShAdDaFf	12	1584	10	2199	CXWv6p3arKYeMETxOg
+1055289978.756932	CtPZjS20MLrsMUOJi2	66.59.111.190	40264	172.28.2.3	22	tcp	ssh	3.157831	952	1671	SF	-	-	0	ShAdDaFf	12	1584	10	2199	CHhAvVGS1DHFjwGM9
-1055289987.055189	CRJuHdVW0XPVINV8a	66.59.111.190	37675	172.28.2.3	53	udp	dns	5.001141	66	0	S0	-	-	0	D	2	122	0	0	CXWv6p3arKYeMETxOg
+1055289987.055189	CUM0KZ3MLUfNB0cl11	66.59.111.190	37675	172.28.2.3	53	udp	dns	5.001141	66	0	S0	-	-	0	D	2	122	0	0	CHhAvVGS1DHFjwGM9
-1055289996.849099	CIPOse170MGiRM1Qf4	66.59.111.190	123	129.170.17.4	123	udp	-	0.072374	48	48	SF	-	-	0	Dd	1	76	1	76	CXWv6p3arKYeMETxOg
+1055289973.849878	C4J4Th3PJpwUYZZ6gc	66.59.111.190	123	18.26.4.105	123	udp	-	0.074086	48	48	SF	-	-	0	Dd	1	76	1	76	CHhAvVGS1DHFjwGM9
-1055289973.849878	CCvvfg3TEfuqmmG4bh	66.59.111.190	123	18.26.4.105	123	udp	-	0.074086	48	48	SF	-	-	0	Dd	1	76	1	76	CXWv6p3arKYeMETxOg
+1055289992.849231	CP5puj4I8PtEU4qzYg	66.59.111.190	123	66.59.111.182	123	udp	-	0.056629	48	48	SF	-	-	0	Dd	1	76	1	76	CHhAvVGS1DHFjwGM9
-1055289992.849231	C6pKV8GSxOnSLghOa	66.59.111.190	123	66.59.111.182	123	udp	-	0.056629	48	48	SF	-	-	0	Dd	1	76	1	76	CXWv6p3arKYeMETxOg
+1055289996.849099	C37jN32gN3y3AZzyf6	66.59.111.190	123	129.170.17.4	123	udp	-	0.072374	48	48	SF	-	-	0	Dd	1	76	1	76	CHhAvVGS1DHFjwGM9
-1055289968.793044	CjhGID4nQcgTWjvg4c	66.59.111.190	8	172.28.2.3	0	icmp	-	3.061298	224	224	OTH	-	-	0	-	4	336	4	336	CXWv6p3arKYeMETxOg
+1055289968.793044	ClEkJM2Vm5giqnMf4h	66.59.111.190	8	172.28.2.3	0	icmp	-	3.061298	224	224	OTH	-	-	0	-	4	336	4	336	CHhAvVGS1DHFjwGM9
-1055289987.106744	CPbrpk1qSsw6ESzHV4	172.28.2.3	3	66.59.111.190	3	icmp	-	4.994662	122	0	OTH	-	-	0	-	2	178	0	0	CXWv6p3arKYeMETxOg
+1055289987.106744	CmES5u32sYpV7JYN	172.28.2.3	3	66.59.111.190	3	icmp	-	4.994662	122	0	OTH	-	-	0	-	2	178	0	0	CHhAvVGS1DHFjwGM9
-#close	2015-02-23-21-33-05
+#close	2016-07-13-16-13-05
--- a/testing/btest/Baseline/core.tunnels.gre/dns.log
+++ b/testing/btest/Baseline/core.tunnels.gre/dns.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
-#open	2016-06-15-03-34-43
+#open	2016-07-13-16-13-04
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
 #types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
-1055289987.055189	CRJuHdVW0XPVINV8a	66.59.111.190	37675	172.28.2.3	53	udp	48554	-	www.gleeble.org	1	C_INTERNET	255	*	-	-	F	F	T	F	0	-	-	F
+1055289987.055189	CUM0KZ3MLUfNB0cl11	66.59.111.190	37675	172.28.2.3	53	udp	48554	-	www.gleeble.org	1	C_INTERNET	255	*	-	-	F	F	T	F	0	-	-	F
-1055289992.056330	CRJuHdVW0XPVINV8a	66.59.111.190	37675	172.28.2.3	53	udp	48554	-	www.gleeble.org	1	C_INTERNET	255	*	-	-	F	F	T	F	0	-	-	F
+1055289992.056330	CUM0KZ3MLUfNB0cl11	66.59.111.190	37675	172.28.2.3	53	udp	48554	-	www.gleeble.org	1	C_INTERNET	255	*	-	-	F	F	T	F	0	-	-	F
-#close	2016-06-15-03-34-43
+#close	2016-07-13-16-13-05
--- a/testing/btest/Baseline/core.tunnels.gre/ssh.log
+++ b/testing/btest/Baseline/core.tunnels.gre/ssh.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssh
-#open	2015-03-17-17-42-58
+#open	2016-07-13-16-13-04
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	auth_success	direction	client	server	cipher_alg	mac_alg	compression_alg	kex_alg	host_key_alg	host_key
 #types	time	string	addr	port	addr	port	count	bool	enum	string	string	string	string	string	string	string	string
-1055289978.855543	CsRx2w45OKnoww6xl4	66.59.111.190	40264	172.28.2.3	22	2	-	-	SSH-2.0-OpenSSH_3.6.1p1	SSH-1.99-OpenSSH_3.1p1	aes128-cbc	hmac-md5	none	diffie-hellman-group-exchange-sha1	ssh-rsa	20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
+1055289978.855137	CtPZjS20MLrsMUOJi2	66.59.111.190	40264	172.28.2.3	22	2	-	-	SSH-2.0-OpenSSH_3.6.1p1	SSH-1.99-OpenSSH_3.1p1	aes128-cbc	hmac-md5	none	diffie-hellman-group-exchange-sha1	ssh-rsa	20:7c:e5:96:b0:4e:ce:a4:db:e4:aa:29:e8:90:98:07
-#close	2015-03-17-17-42-59
+#close	2016-07-13-16-13-05
--- a/testing/btest/Baseline/core.tunnels.gre/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gre/tunnel.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2014-01-16-21-51-12
+#open	2016-07-13-16-13-04
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1055289968.793044	CXWv6p3arKYeMETxOg	172.27.1.66	0	66.59.109.137	0	Tunnel::GRE	Tunnel::DISCOVER
+1055289968.793044	CHhAvVGS1DHFjwGM9	172.27.1.66	0	66.59.109.137	0	Tunnel::GRE	Tunnel::DISCOVER
-#close	2014-01-16-21-51-12
+#close	2016-07-13-16-13-05
--- a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/conn.log
@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-01-15-18-40-14
+#open	2016-07-13-16-13-06
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1333458850.321642	CjhGID4nQcgTWjvg4c	10.131.17.170	51803	173.199.115.168	80	tcp	http	0.257902	1138	63424	S3	-	-	0	ShADadf	29	2310	49	65396	CXWv6p3arKYeMETxOg,CCvvfg3TEfuqmmG4bh
+1333458850.321642	ClEkJM2Vm5giqnMf4h	10.131.17.170	51803	173.199.115.168	80	tcp	http	0.257902	1138	63424	S3	-	-	0	ShADadf	29	2310	49	65396	CHhAvVGS1DHFjwGM9,C4J4Th3PJpwUYZZ6gc
-1333458850.325787	CCvvfg3TEfuqmmG4bh	207.233.125.40	2152	167.55.105.244	2152	udp	gtpv1	0.251127	65788	0	S0	-	-	0	D	49	67160	0	0	(empty)
+1333458850.321642	CHhAvVGS1DHFjwGM9	167.55.105.244	5906	207.233.125.40	2152	udp	gtpv1	0.257902	2542	0	S0	-	-	0	D	29	3354	0	0	(empty)
-1333458850.321642	CXWv6p3arKYeMETxOg	167.55.105.244	5906	207.233.125.40	2152	udp	gtpv1	0.257902	2542	0	S0	-	-	0	D	29	3354	0	0	(empty)
+1333458850.325787	C4J4Th3PJpwUYZZ6gc	207.233.125.40	2152	167.55.105.244	2152	udp	gtpv1	0.251127	65788	0	S0	-	-	0	D	49	67160	0	0	(empty)
-#close	2016-01-15-18-40-14
+#close	2016-07-13-16-13-06
--- a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/http.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/http.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2016-06-15-05-35-27
+#open	2016-07-13-16-13-06
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
-1333458850.340368	CjhGID4nQcgTWjvg4c	10.131.17.170	51803	173.199.115.168	80	1	GET	cdn.epicgameads.com	/ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=4&cac=1&t=728x90&cb=1333458879	http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&channel=4&cb=1333458905296	1.1	Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)	0	31461	200	OK	-	-	(empty)	-	-	-	-	-	-	FHKKd91EMHBEK0hbdg	-	application/x-shockwave-flash
+1333458850.340368	ClEkJM2Vm5giqnMf4h	10.131.17.170	51803	173.199.115.168	80	1	GET	cdn.epicgameads.com	/ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=4&cac=1&t=728x90&cb=1333458879	http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&channel=4&cb=1333458905296	1.1	Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)	0	31461	200	OK	-	-	(empty)	-	-	-	-	-	-	FHKKd91EMHBEK0hbdg	-	application/x-shockwave-flash
-1333458850.399501	CjhGID4nQcgTWjvg4c	10.131.17.170	51803	173.199.115.168	80	2	GET	cdn.epicgameads.com	/ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=0&cac=1&t=728x90&cb=1333458881	http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&cb=1333458920207	1.1	Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)	0	31461	200	OK	-	-	(empty)	-	-	-	-	-	-	Fu64Vqjy6nBop9nRd	-	application/x-shockwave-flash
+1333458850.399501	ClEkJM2Vm5giqnMf4h	10.131.17.170	51803	173.199.115.168	80	2	GET	cdn.epicgameads.com	/ads/flash/728x90_nx8com.swf?clickTAG=http://www.epicgameads.com/ads/bannerclickPage.php?id=e3ubwU6IF&pd=1&adid=0&icpc=1&axid=0&uctt=1&channel=0&cac=1&t=728x90&cb=1333458881	http://www.epicgameads.com/ads/banneriframe.php?id=e3ubwU6IF&t=728x90&cb=1333458920207	1.1	Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)	0	31461	200	OK	-	-	(empty)	-	-	-	-	-	-	Fu64Vqjy6nBop9nRd	-	application/x-shockwave-flash
-#close	2016-06-15-05-35-27
+#close	2016-07-13-16-13-06
--- a/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.different_dl_and_ul/tunnel.log
@ -3,11 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2016-01-15-18-40-14
+#open	2016-07-13-16-13-06
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1333458850.321642	CXWv6p3arKYeMETxOg	167.55.105.244	5906	207.233.125.40	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458850.321642	CHhAvVGS1DHFjwGM9	167.55.105.244	5906	207.233.125.40	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458850.325787	CCvvfg3TEfuqmmG4bh	207.233.125.40	2152	167.55.105.244	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458850.325787	C4J4Th3PJpwUYZZ6gc	207.233.125.40	2152	167.55.105.244	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458850.579544	CCvvfg3TEfuqmmG4bh	207.233.125.40	2152	167.55.105.244	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458850.579544	CHhAvVGS1DHFjwGM9	167.55.105.244	5906	207.233.125.40	2152	Tunnel::GTPv1	Tunnel::CLOSE
-1333458850.579544	CXWv6p3arKYeMETxOg	167.55.105.244	5906	207.233.125.40	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458850.579544	C4J4Th3PJpwUYZZ6gc	207.233.125.40	2152	167.55.105.244	2152	Tunnel::GTPv1	Tunnel::CLOSE
-#close	2016-01-15-18-40-14
+#close	2016-07-13-16-13-06
--- a/testing/btest/Baseline/core.tunnels.gtp.false_gtp/conn.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.false_gtp/conn.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-33-08
+#open	2016-07-13-16-13-07
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1333458871.219794	CXWv6p3arKYeMETxOg	10.131.24.6	2152	195.178.38.3	53	udp	dns	-	-	-	S0	-	-	0	D	1	64	0	0	(empty)
+1333458871.219794	CHhAvVGS1DHFjwGM9	10.131.24.6	2152	195.178.38.3	53	udp	dns	-	-	-	S0	-	-	0	D	1	64	0	0	(empty)
-#close	2015-02-23-21-33-09
+#close	2016-07-13-16-13-07
--- a/testing/btest/Baseline/core.tunnels.gtp.false_gtp/dns.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.false_gtp/dns.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dns
-#open	2016-06-15-04-11-36
+#open	2016-07-13-16-13-07
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	trans_id	rtt	query	qclass	qclass_name	qtype	qtype_name	rcode	rcode_name	AA	TC	RD	RA	Z	answers	TTLs	rejected
 #types	time	string	addr	port	addr	port	enum	count	interval	string	count	string	count	string	count	string	bool	bool	bool	bool	count	vector[string]	vector[interval]	bool
-1333458871.219794	CXWv6p3arKYeMETxOg	10.131.24.6	2152	195.178.38.3	53	udp	27595	-	abcd.efg.hijklm.nm	1	C_INTERNET	1	A	-	-	F	F	T	F	0	-	-	F
+1333458871.219794	CHhAvVGS1DHFjwGM9	10.131.24.6	2152	195.178.38.3	53	udp	27595	-	abcd.efg.hijklm.nm	1	C_INTERNET	1	A	-	-	F	F	T	F	0	-	-	F
-#close	2016-06-15-04-11-36
+#close	2016-07-13-16-13-07
--- a/testing/btest/Baseline/core.tunnels.gtp.inner_ipv6/conn.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.inner_ipv6/conn.log
@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-33-09
+#open	2016-07-13-16-13-08
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1333458851.770000	CjhGID4nQcgTWjvg4c	fe80::224c:4fff:fe43:414c	1234	ff02::1:3	5355	udp	dns	-	-	-	S0	-	-	0	D	1	80	0	0	CXWv6p3arKYeMETxOg
+1333458851.770000	ClEkJM2Vm5giqnMf4h	fe80::224c:4fff:fe43:414c	1234	ff02::1:3	5355	udp	dns	-	-	-	S0	-	-	0	D	1	80	0	0	CHhAvVGS1DHFjwGM9
-1333458851.770000	CXWv6p3arKYeMETxOg	118.92.124.41	2152	118.92.124.72	2152	udp	gtpv1	0.199236	152	0	S0	-	-	0	D	2	208	0	0	(empty)
+1333458851.770000	CHhAvVGS1DHFjwGM9	118.92.124.41	2152	118.92.124.72	2152	udp	gtpv1	0.199236	152	0	S0	-	-	0	D	2	208	0	0	(empty)
-1333458851.969236	CCvvfg3TEfuqmmG4bh	fe80::224c:4fff:fe43:414c	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	56	0	0	CXWv6p3arKYeMETxOg
+1333458851.969236	C4J4Th3PJpwUYZZ6gc	fe80::224c:4fff:fe43:414c	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	56	0	0	CHhAvVGS1DHFjwGM9
-#close	2015-02-23-21-33-09
+#close	2016-07-13-16-13-08
--- a/testing/btest/Baseline/core.tunnels.gtp.inner_ipv6/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.inner_ipv6/tunnel.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2013-08-26-19-02-17
+#open	2016-07-13-16-13-08
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1333458851.770000	CXWv6p3arKYeMETxOg	118.92.124.41	2152	118.92.124.72	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458851.770000	CHhAvVGS1DHFjwGM9	118.92.124.41	2152	118.92.124.72	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458851.969236	CXWv6p3arKYeMETxOg	118.92.124.41	2152	118.92.124.72	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458851.969236	CHhAvVGS1DHFjwGM9	118.92.124.41	2152	118.92.124.72	2152	Tunnel::GTPv1	Tunnel::CLOSE
-#close	2013-08-26-19-02-17
+#close	2016-07-13-16-13-08
--- a/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/conn.log
@ -3,24 +3,24 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-08-21-46-35
+#open	2016-07-13-16-13-08
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1333458850.037956	CEle3f3zno26fFZkrh	10.131.112.102	51403	94.245.121.253	3544	udp	teredo	-	-	-	SHR	-	-	0	^d	0	0	1	84	C3SfNE4BWaU4aSuwkc
+1333458850.014199	ClEkJM2Vm5giqnMf4h	172.24.204.200	56528	65.55.158.118	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	88	0	0	CHhAvVGS1DHFjwGM9
-1333458850.040098	CwSkQu4eWZCH7OONC1	174.94.190.229	2152	190.104.181.57	2152	udp	gtpv1	0.003698	192	0	S0	-	-	0	D	2	248	0	0	(empty)
+1333458850.035456	C0LAHyvtKSQHyJxIl	172.27.159.9	63912	94.245.121.253	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	89	0	0	CwjjYJ2WqgTbAqiHl6
-1333458850.016620	CsRx2w45OKnoww6xl4	172.24.16.121	61901	94.245.121.251	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	80	0	0	CCvvfg3TEfuqmmG4bh
+1333458850.029783	C37jN32gN3y3AZzyf6	172.24.16.67	52298	65.55.158.118	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	88	0	0	CmES5u32sYpV7JYN
-1333458850.029781	C6pKV8GSxOnSLghOa	172.24.16.67	52298	94.245.121.253	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	88	0	0	CPbrpk1qSsw6ESzHV4
+1333458850.040098	C7fIlMZDuRiqjpYbb	172.24.203.81	54447	65.55.158.118	3544	udp	teredo	0.003698	120	0	S0	-	-	0	D	2	176	0	0	CNnMIj2QSd84NKf7U3
-1333458850.035456	CJ3xTn1c4Zw9TmAE05	190.104.181.210	2152	190.104.181.125	2152	udp	gtpv1	0.000004	194	0	S0	-	-	0	D	2	250	0	0	(empty)
+1333458850.037956	Ck51lg1bScffFj34Ri	190.104.181.57	2152	190.104.181.222	2152	udp	gtpv1	-	-	-	S0	-	-	0	D	1	120	0	0	(empty)
-1333458850.016620	CCvvfg3TEfuqmmG4bh	174.94.190.229	2152	190.104.181.62	2152	udp	gtpv1	0.016267	88	92	SF	-	-	0	Dd	1	116	1	120	(empty)
+1333458850.035460	C9rXSW3KSpTYvPrlI1	172.27.159.9	63912	94.245.121.254	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	89	0	0	CwjjYJ2WqgTbAqiHl6
-1333458850.029781	CPbrpk1qSsw6ESzHV4	190.104.181.254	2152	190.104.181.62	2152	udp	gtpv1	0.000002	192	0	S0	-	-	0	D	2	248	0	0	(empty)
+1333458850.040098	CNnMIj2QSd84NKf7U3	174.94.190.229	2152	190.104.181.57	2152	udp	gtpv1	0.003698	192	0	S0	-	-	0	D	2	248	0	0	(empty)
-1333458850.035460	Che1bq3i2rO3KD1Syg	172.27.159.9	63912	94.245.121.254	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	89	0	0	CJ3xTn1c4Zw9TmAE05
+1333458850.035456	CwjjYJ2WqgTbAqiHl6	190.104.181.210	2152	190.104.181.125	2152	udp	gtpv1	0.000004	194	0	S0	-	-	0	D	2	250	0	0	(empty)
-1333458850.037956	C3SfNE4BWaU4aSuwkc	190.104.181.57	2152	190.104.181.222	2152	udp	gtpv1	-	-	-	S0	-	-	0	D	1	120	0	0	(empty)
+1333458850.029781	CP5puj4I8PtEU4qzYg	172.24.16.67	52298	94.245.121.253	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	88	0	0	CmES5u32sYpV7JYN
-1333458850.014199	CXWv6p3arKYeMETxOg	174.94.190.213	2152	190.104.181.57	2152	udp	gtpv1	-	-	-	S0	-	-	0	D	1	124	0	0	(empty)
+1333458850.032887	C3eiCBGOLw3VtHfOj	10.131.42.160	62069	94.245.121.253	3544	udp	teredo	-	-	-	SHR	-	-	0	^d	0	0	1	84	C4J4Th3PJpwUYZZ6gc
-1333458850.040098	CfTOmO0HKorjr8Zp7	172.24.203.81	54447	65.55.158.118	3544	udp	teredo	0.003698	120	0	S0	-	-	0	D	2	176	0	0	CwSkQu4eWZCH7OONC1
+1333458850.037956	C9mvWx3ezztgzcexV7	10.131.112.102	51403	94.245.121.253	3544	udp	teredo	-	-	-	SHR	-	-	0	^d	0	0	1	84	Ck51lg1bScffFj34Ri
-1333458850.029783	CIPOse170MGiRM1Qf4	172.24.16.67	52298	65.55.158.118	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	88	0	0	CPbrpk1qSsw6ESzHV4
+1333458850.014199	CHhAvVGS1DHFjwGM9	174.94.190.213	2152	190.104.181.57	2152	udp	gtpv1	-	-	-	S0	-	-	0	D	1	124	0	0	(empty)
-1333458850.032887	C7XEbhP654jzLoe3a	10.131.42.160	62069	94.245.121.253	3544	udp	teredo	-	-	-	SHR	-	-	0	^d	0	0	1	84	CCvvfg3TEfuqmmG4bh
+1333458850.016620	C4J4Th3PJpwUYZZ6gc	174.94.190.229	2152	190.104.181.62	2152	udp	gtpv1	0.016267	88	92	SF	-	-	0	Dd	1	116	1	120	(empty)
-1333458850.014199	CjhGID4nQcgTWjvg4c	172.24.204.200	56528	65.55.158.118	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	88	0	0	CXWv6p3arKYeMETxOg
+1333458850.016620	CtPZjS20MLrsMUOJi2	172.24.16.121	61901	94.245.121.251	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	80	0	0	C4J4Th3PJpwUYZZ6gc
-1333458850.035456	CMXxB5GvmoxJFXdTa	172.27.159.9	63912	94.245.121.253	3544	udp	teredo	-	-	-	S0	-	-	0	D	1	89	0	0	CJ3xTn1c4Zw9TmAE05
+1333458850.029781	CmES5u32sYpV7JYN	190.104.181.254	2152	190.104.181.62	2152	udp	gtpv1	0.000002	192	0	S0	-	-	0	D	2	248	0	0	(empty)
-1333458850.016620	CRJuHdVW0XPVINV8a	2001:0:5ef5:79fb:38b8:1695:2b37:be8e	128	2002:2571:c817::2571:c817	129	icmp	-	-	-	-	OTH	-	-	0	-	1	52	0	0	CsRx2w45OKnoww6xl4
+1333458850.016620	CUM0KZ3MLUfNB0cl11	2001:0:5ef5:79fb:38b8:1695:2b37:be8e	128	2002:2571:c817::2571:c817	129	icmp	-	-	-	-	OTH	-	-	0	-	1	52	0	0	CtPZjS20MLrsMUOJi2
-1333458850.035456	Caby8b1slFea8xwSmb	fe80::ffff:ffff:fffe	133	ff02::2	134	icmp	-	0.000004	0	0	OTH	-	-	0	-	2	96	0	0	Che1bq3i2rO3KD1Syg,CMXxB5GvmoxJFXdTa
+1333458850.035456	CFLRIC3zaTU1loLGxh	fe80::ffff:ffff:fffe	133	ff02::2	134	icmp	-	0.000004	0	0	OTH	-	-	0	-	2	96	0	0	C9rXSW3KSpTYvPrlI1,C0LAHyvtKSQHyJxIl
-#close	2016-07-08-21-46-35
+#close	2016-07-13-16-13-08
--- a/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.inner_teredo/tunnel.log
@ -3,25 +3,25 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2013-08-26-19-02-17
+#open	2016-07-13-16-13-08
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1333458850.014199	CXWv6p3arKYeMETxOg	174.94.190.213	2152	190.104.181.57	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458850.014199	CHhAvVGS1DHFjwGM9	174.94.190.213	2152	190.104.181.57	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458850.016620	CCvvfg3TEfuqmmG4bh	174.94.190.229	2152	190.104.181.62	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458850.016620	C4J4Th3PJpwUYZZ6gc	174.94.190.229	2152	190.104.181.62	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458850.016620	CsRx2w45OKnoww6xl4	172.24.16.121	61901	94.245.121.251	3544	Tunnel::TEREDO	Tunnel::DISCOVER
+1333458850.016620	CtPZjS20MLrsMUOJi2	172.24.16.121	61901	94.245.121.251	3544	Tunnel::TEREDO	Tunnel::DISCOVER
-1333458850.029781	CPbrpk1qSsw6ESzHV4	190.104.181.254	2152	190.104.181.62	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458850.029781	CmES5u32sYpV7JYN	190.104.181.254	2152	190.104.181.62	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458850.035456	CJ3xTn1c4Zw9TmAE05	190.104.181.210	2152	190.104.181.125	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458850.035456	CwjjYJ2WqgTbAqiHl6	190.104.181.210	2152	190.104.181.125	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458850.035456	CMXxB5GvmoxJFXdTa	172.27.159.9	63912	94.245.121.253	3544	Tunnel::TEREDO	Tunnel::DISCOVER
+1333458850.035456	C0LAHyvtKSQHyJxIl	172.27.159.9	63912	94.245.121.253	3544	Tunnel::TEREDO	Tunnel::DISCOVER
-1333458850.035460	Che1bq3i2rO3KD1Syg	172.27.159.9	63912	94.245.121.254	3544	Tunnel::TEREDO	Tunnel::DISCOVER
+1333458850.035460	C9rXSW3KSpTYvPrlI1	172.27.159.9	63912	94.245.121.254	3544	Tunnel::TEREDO	Tunnel::DISCOVER
-1333458850.037956	C3SfNE4BWaU4aSuwkc	190.104.181.57	2152	190.104.181.222	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458850.037956	Ck51lg1bScffFj34Ri	190.104.181.57	2152	190.104.181.222	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458850.040098	CwSkQu4eWZCH7OONC1	174.94.190.229	2152	190.104.181.57	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458850.040098	CNnMIj2QSd84NKf7U3	174.94.190.229	2152	190.104.181.57	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458850.043796	CwSkQu4eWZCH7OONC1	174.94.190.229	2152	190.104.181.57	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458850.043796	C0LAHyvtKSQHyJxIl	172.27.159.9	63912	94.245.121.253	3544	Tunnel::TEREDO	Tunnel::CLOSE
-1333458850.043796	CsRx2w45OKnoww6xl4	172.24.16.121	61901	94.245.121.251	3544	Tunnel::TEREDO	Tunnel::CLOSE
+1333458850.043796	Ck51lg1bScffFj34Ri	190.104.181.57	2152	190.104.181.222	2152	Tunnel::GTPv1	Tunnel::CLOSE
-1333458850.043796	CJ3xTn1c4Zw9TmAE05	190.104.181.210	2152	190.104.181.125	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458850.043796	C9rXSW3KSpTYvPrlI1	172.27.159.9	63912	94.245.121.254	3544	Tunnel::TEREDO	Tunnel::CLOSE
-1333458850.043796	CCvvfg3TEfuqmmG4bh	174.94.190.229	2152	190.104.181.62	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458850.043796	CNnMIj2QSd84NKf7U3	174.94.190.229	2152	190.104.181.57	2152	Tunnel::GTPv1	Tunnel::CLOSE
-1333458850.043796	CPbrpk1qSsw6ESzHV4	190.104.181.254	2152	190.104.181.62	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458850.043796	CwjjYJ2WqgTbAqiHl6	190.104.181.210	2152	190.104.181.125	2152	Tunnel::GTPv1	Tunnel::CLOSE
-1333458850.043796	Che1bq3i2rO3KD1Syg	172.27.159.9	63912	94.245.121.254	3544	Tunnel::TEREDO	Tunnel::CLOSE
+1333458850.043796	CHhAvVGS1DHFjwGM9	174.94.190.213	2152	190.104.181.57	2152	Tunnel::GTPv1	Tunnel::CLOSE
-1333458850.043796	C3SfNE4BWaU4aSuwkc	190.104.181.57	2152	190.104.181.222	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458850.043796	C4J4Th3PJpwUYZZ6gc	174.94.190.229	2152	190.104.181.62	2152	Tunnel::GTPv1	Tunnel::CLOSE
-1333458850.043796	CXWv6p3arKYeMETxOg	174.94.190.213	2152	190.104.181.57	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458850.043796	CtPZjS20MLrsMUOJi2	172.24.16.121	61901	94.245.121.251	3544	Tunnel::TEREDO	Tunnel::CLOSE
-1333458850.043796	CMXxB5GvmoxJFXdTa	172.27.159.9	63912	94.245.121.253	3544	Tunnel::TEREDO	Tunnel::CLOSE
+1333458850.043796	CmES5u32sYpV7JYN	190.104.181.254	2152	190.104.181.62	2152	Tunnel::GTPv1	Tunnel::CLOSE
-#close	2013-08-26-19-02-17
+#close	2016-07-13-16-13-08
--- a/testing/btest/Baseline/core.tunnels.gtp.not_user_plane_data/conn.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.not_user_plane_data/conn.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-33-12
+#open	2016-07-13-16-13-09
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1333458850.532814	CXWv6p3arKYeMETxOg	247.56.43.90	2152	247.56.43.248	2152	udp	-	-	-	-	S0	-	-	0	D	1	52	0	0	(empty)
+1333458850.867091	ClEkJM2Vm5giqnMf4h	247.56.43.214	2152	237.56.101.238	2152	udp	-	0.028676	12	14	SF	-	-	0	Dd	1	40	1	42	(empty)
-1333458850.867091	CjhGID4nQcgTWjvg4c	247.56.43.214	2152	237.56.101.238	2152	udp	-	0.028676	12	14	SF	-	-	0	Dd	1	40	1	42	(empty)
+1333458850.532814	CHhAvVGS1DHFjwGM9	247.56.43.90	2152	247.56.43.248	2152	udp	-	-	-	-	S0	-	-	0	D	1	52	0	0	(empty)
-#close	2015-02-23-21-33-12
+#close	2016-07-13-16-13-09
--- a/testing/btest/Baseline/core.tunnels.gtp.opt_header/conn.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.opt_header/conn.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-33-13
+#open	2016-07-13-16-13-10
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1333458852.011535	CjhGID4nQcgTWjvg4c	10.222.10.10	44960	173.194.69.188	5228	tcp	ssl	0.573499	704	1026	S1	-	-	0	ShADad	17	1604	14	1762	CXWv6p3arKYeMETxOg
+1333458852.011535	ClEkJM2Vm5giqnMf4h	10.222.10.10	44960	173.194.69.188	5228	tcp	ssl	0.573499	704	1026	S1	-	-	0	ShADad	17	1604	14	1762	CHhAvVGS1DHFjwGM9
-1333458852.011535	CXWv6p3arKYeMETxOg	79.188.154.91	2152	243.149.173.198	2152	udp	gtpv1	0.573499	1740	1930	SF	-	-	0	Dd	17	2216	14	2322	(empty)
+1333458852.011535	CHhAvVGS1DHFjwGM9	79.188.154.91	2152	243.149.173.198	2152	udp	gtpv1	0.573499	1740	1930	SF	-	-	0	Dd	17	2216	14	2322	(empty)
-#close	2015-02-23-21-33-13
+#close	2016-07-13-16-13-10
--- a/testing/btest/Baseline/core.tunnels.gtp.opt_header/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.opt_header/tunnel.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2013-08-26-19-02-18
+#open	2016-07-13-16-13-10
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1333458852.011535	CXWv6p3arKYeMETxOg	79.188.154.91	2152	243.149.173.198	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458852.011535	CHhAvVGS1DHFjwGM9	79.188.154.91	2152	243.149.173.198	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458852.585034	CXWv6p3arKYeMETxOg	79.188.154.91	2152	243.149.173.198	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458852.585034	CHhAvVGS1DHFjwGM9	79.188.154.91	2152	243.149.173.198	2152	Tunnel::GTPv1	Tunnel::CLOSE
-#close	2013-08-26-19-02-18
+#close	2016-07-13-16-13-10
--- a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/conn.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-01-15-18-40-15
+#open	2016-07-13-16-13-10
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1333458850.364667	CjhGID4nQcgTWjvg4c	10.131.47.185	1923	79.101.110.141	80	tcp	http	0.069783	2100	56702	SF	-	-	0	ShADadfF	27	3204	41	52594	CXWv6p3arKYeMETxOg
+1333458850.364667	ClEkJM2Vm5giqnMf4h	10.131.47.185	1923	79.101.110.141	80	tcp	http	0.069783	2100	56702	SF	-	-	0	ShADadfF	27	3204	41	52594	CHhAvVGS1DHFjwGM9
-1333458850.364667	CXWv6p3arKYeMETxOg	239.114.155.111	2152	63.94.149.181	2152	udp	gtpv1	0.069813	3420	52922	SF	-	-	0	Dd	27	4176	41	54070	(empty)
+1333458850.364667	CHhAvVGS1DHFjwGM9	239.114.155.111	2152	63.94.149.181	2152	udp	gtpv1	0.069813	3420	52922	SF	-	-	0	Dd	27	4176	41	54070	(empty)
-#close	2016-01-15-18-40-15
+#close	2016-07-13-16-13-10
--- a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/http.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/http.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2016-06-15-05-36-15
+#open	2016-07-13-16-13-10
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
-1333458850.375568	CjhGID4nQcgTWjvg4c	10.131.47.185	1923	79.101.110.141	80	1	GET	o-o.preferred.telekomrs-beg1.v2.lscache8.c.youtube.com	/videoplayback?upn=MTU2MDY5NzQ5OTM0NTI3NDY4NDc&sparams=algorithm,burst,cp,factor,id,ip,ipbits,itag,source,upn,expire&fexp=912300,907210&algorithm=throttle-factor&itag=34&ip=212.0.0.0&burst=40&sver=3&signature=832FB1042E20780CFCA77A4DB5EA64AC593E8627.D1166C7E8365732E52DAFD68076DAE0146E0AE01&source=youtube&expire=1333484980&key=yt1&ipbits=8&factor=1.25&cp=U0hSSFRTUl9NSkNOMl9MTVZKOjh5eEN2SG8tZF84&id=ebf1e932d4bd1286&cm2=1	http://s.ytimg.com/yt/swfbin/watch_as3-vflqrJwOA.swf	1.1	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko; X-SBLSP) Chrome/17.0.963.83 Safari/535.11	0	56320	206	Partial Content	-	-	(empty)	-	-	-	-	-	-	FNJkBA1b8FSHt5N8jl	-	-
+1333458850.375568	ClEkJM2Vm5giqnMf4h	10.131.47.185	1923	79.101.110.141	80	1	GET	o-o.preferred.telekomrs-beg1.v2.lscache8.c.youtube.com	/videoplayback?upn=MTU2MDY5NzQ5OTM0NTI3NDY4NDc&sparams=algorithm,burst,cp,factor,id,ip,ipbits,itag,source,upn,expire&fexp=912300,907210&algorithm=throttle-factor&itag=34&ip=212.0.0.0&burst=40&sver=3&signature=832FB1042E20780CFCA77A4DB5EA64AC593E8627.D1166C7E8365732E52DAFD68076DAE0146E0AE01&source=youtube&expire=1333484980&key=yt1&ipbits=8&factor=1.25&cp=U0hSSFRTUl9NSkNOMl9MTVZKOjh5eEN2SG8tZF84&id=ebf1e932d4bd1286&cm2=1	http://s.ytimg.com/yt/swfbin/watch_as3-vflqrJwOA.swf	1.1	Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko; X-SBLSP) Chrome/17.0.963.83 Safari/535.11	0	56320	206	Partial Content	-	-	(empty)	-	-	-	-	-	-	FNJkBA1b8FSHt5N8jl	-	-
-#close	2016-06-15-05-36-15
+#close	2016-07-13-16-13-10
--- a/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.outer_ip_frag/tunnel.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2016-01-15-18-40-15
+#open	2016-07-13-16-13-10
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1333458850.364667	CXWv6p3arKYeMETxOg	239.114.155.111	2152	63.94.149.181	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458850.364667	CHhAvVGS1DHFjwGM9	239.114.155.111	2152	63.94.149.181	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458850.434480	CXWv6p3arKYeMETxOg	239.114.155.111	2152	63.94.149.181	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458850.434480	CHhAvVGS1DHFjwGM9	239.114.155.111	2152	63.94.149.181	2152	Tunnel::GTPv1	Tunnel::CLOSE
-#close	2016-01-15-18-40-15
+#close	2016-07-13-16-13-10
--- a/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/dpd.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/dpd.log
@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	dpd
-#open	2015-04-15-23-53-30
+#open	2016-07-13-16-13-11
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	analyzer	failure_reason
 #types	time	string	addr	port	addr	port	enum	string	string
-1333458853.075889	CXWv6p3arKYeMETxOg	173.86.159.28	2152	213.72.147.186	2152	udp	GTPV1	Truncated GTPv1 [0\\xff\\x00\\xac\\x98\\x13\\x01LE\\x00\\x05\\xc8G\\xea@\\x00\\x80\\x06\\xb6\\x83\\x0a\\x83w&\\xd9\\x14\\x9c\\x04\\xd9\\xc2\\x00P\\xddh\\xb4\\x8f41eV...]
+1333458853.075889	CHhAvVGS1DHFjwGM9	173.86.159.28	2152	213.72.147.186	2152	udp	GTPV1	Truncated GTPv1 [0\\xff\\x00\\xac\\x98\\x13\\x01LE\\x00\\x05\\xc8G\\xea@\\x00\\x80\\x06\\xb6\\x83\\x0a\\x83w&\\xd9\\x14\\x9c\\x04\\xd9\\xc2\\x00P\\xddh\\xb4\\x8f41eV...]
-#close	2015-04-15-23-53-30
+#close	2016-07-13-16-13-11
--- a/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.gtp.unknown_or_too_short/tunnel.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2015-04-15-23-53-30
+#open	2016-07-13-16-13-11
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1333458853.034734	CXWv6p3arKYeMETxOg	173.86.159.28	2152	213.72.147.186	2152	Tunnel::GTPv1	Tunnel::DISCOVER
+1333458853.034734	CHhAvVGS1DHFjwGM9	173.86.159.28	2152	213.72.147.186	2152	Tunnel::GTPv1	Tunnel::DISCOVER
-1333458853.108391	CXWv6p3arKYeMETxOg	173.86.159.28	2152	213.72.147.186	2152	Tunnel::GTPv1	Tunnel::CLOSE
+1333458853.108391	CHhAvVGS1DHFjwGM9	173.86.159.28	2152	213.72.147.186	2152	Tunnel::GTPv1	Tunnel::CLOSE
-#close	2015-04-15-23-53-30
+#close	2016-07-13-16-13-11
--- a/testing/btest/Baseline/core.tunnels.ip-in-ip/output
+++ b/testing/btest/Baseline/core.tunnels.ip-in-ip/output
@ -1,22 +1,22 @@
 new_connection: tunnel
    conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
-    encap: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    encap: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 new_connection: tunnel
    conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
-    encap: [[cid=[orig_h=feed::beef, orig_p=0/unknown, resp_h=feed::cafe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg], [cid=[orig_h=babe::beef, orig_p=0/unknown, resp_h=dead::babe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CjhGID4nQcgTWjvg4c]]
+    encap: [[cid=[orig_h=feed::beef, orig_p=0/unknown, resp_h=feed::cafe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9], [cid=[orig_h=babe::beef, orig_p=0/unknown, resp_h=dead::babe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=ClEkJM2Vm5giqnMf4h]]
 new_connection: tunnel
    conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
-    encap: [[cid=[orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    encap: [[cid=[orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 new_connection: tunnel
    conn_id: [orig_h=70.55.213.211, orig_p=31337/tcp, resp_h=192.88.99.1, resp_p=80/tcp]
-    encap: [[cid=[orig_h=2002:4637:d5d3::4637:d5d3, orig_p=0/unknown, resp_h=2001:4860:0:2001::68, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    encap: [[cid=[orig_h=2002:4637:d5d3::4637:d5d3, orig_p=0/unknown, resp_h=2001:4860:0:2001::68, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 new_connection: tunnel
    conn_id: [orig_h=10.0.0.1, orig_p=30000/udp, resp_h=10.0.0.2, resp_p=13000/udp]
-    encap: [[cid=[orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    encap: [[cid=[orig_h=1.2.3.4, orig_p=0/unknown, resp_h=5.6.7.8, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 new_connection: tunnel
    conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
-    encap: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    encap: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 tunnel_changed:
    conn_id: [orig_h=dead::beef, orig_p=30000/udp, resp_h=cafe::babe, resp_p=13000/udp]
-    old: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    old: [[cid=[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=0/unknown, resp_h=2001:4f8:4:7:2e0:81ff:fe52:9a6b, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
-    new: [[cid=[orig_h=feed::beef, orig_p=0/unknown, resp_h=feed::cafe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CCvvfg3TEfuqmmG4bh]]
+    new: [[cid=[orig_h=feed::beef, orig_p=0/unknown, resp_h=feed::cafe, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=C4J4Th3PJpwUYZZ6gc]]
--- a/testing/btest/Baseline/core.tunnels.ip-tunnel-uid/output
+++ b/testing/btest/Baseline/core.tunnels.ip-tunnel-uid/output
@ -1,33 +1,33 @@
 new_connection: tunnel
    conn_id: [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    encap: [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    encap: [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 NEW_PACKET:
    [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 NEW_PACKET:
    [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 NEW_PACKET:
    [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 NEW_PACKET:
    [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 NEW_PACKET:
    [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 NEW_PACKET:
    [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 NEW_PACKET:
    [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 NEW_PACKET:
    [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 NEW_PACKET:
    [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
 NEW_PACKET:
    [orig_h=2001:db8:0:1::1, orig_p=128/icmp, resp_h=2001:db8:0:1::2, resp_p=129/icmp]
-    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CXWv6p3arKYeMETxOg]]
+    [[cid=[orig_h=10.0.0.1, orig_p=0/unknown, resp_h=10.0.0.2, resp_p=0/unknown], tunnel_type=Tunnel::IP, uid=CHhAvVGS1DHFjwGM9]]
--- a/testing/btest/Baseline/core.tunnels.teredo/conn.log
+++ b/testing/btest/Baseline/core.tunnels.teredo/conn.log
@ -3,28 +3,28 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-08-21-46-39
+#open	2016-07-13-16-13-14
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1210953047.736921	CjhGID4nQcgTWjvg4c	192.168.2.16	1576	75.126.130.163	80	tcp	-	0.000357	0	0	SHR	-	-	0	^fA	1	40	1	40	(empty)
+1210953047.736921	ClEkJM2Vm5giqnMf4h	192.168.2.16	1576	75.126.130.163	80	tcp	-	0.000357	0	0	SHR	-	-	0	^fA	1	40	1	40	(empty)
-1210953050.867067	CCvvfg3TEfuqmmG4bh	192.168.2.16	1577	75.126.203.78	80	tcp	-	0.000387	0	0	SHR	-	-	0	^fA	1	40	1	40	(empty)
+1210953050.867067	C4J4Th3PJpwUYZZ6gc	192.168.2.16	1577	75.126.203.78	80	tcp	-	0.000387	0	0	SHR	-	-	0	^fA	1	40	1	40	(empty)
-1210953057.833364	CIPOse170MGiRM1Qf4	192.168.2.16	1577	75.126.203.78	80	tcp	-	0.079208	0	0	SH	-	-	0	Fa	1	40	1	40	(empty)
+1210953057.833364	C37jN32gN3y3AZzyf6	192.168.2.16	1577	75.126.203.78	80	tcp	-	0.079208	0	0	SH	-	-	0	Fa	1	40	1	40	(empty)
-1210953058.007081	CJ3xTn1c4Zw9TmAE05	192.168.2.16	1576	75.126.130.163	80	tcp	-	-	-	-	RSTOS0	-	-	0	R	1	40	0	0	(empty)
+1210953058.007081	CwjjYJ2WqgTbAqiHl6	192.168.2.16	1576	75.126.130.163	80	tcp	-	-	-	-	RSTOS0	-	-	0	R	1	40	0	0	(empty)
-1210953057.834454	C7XEbhP654jzLoe3a	192.168.2.16	1578	75.126.203.78	80	tcp	http	0.407908	790	171	RSTO	-	-	0	ShADadR	6	1038	4	335	(empty)
+1210953057.834454	C3eiCBGOLw3VtHfOj	192.168.2.16	1578	75.126.203.78	80	tcp	http	0.407908	790	171	RSTO	-	-	0	ShADadR	6	1038	4	335	(empty)
-1210953058.350065	CMXxB5GvmoxJFXdTa	192.168.2.16	1920	192.168.2.1	53	udp	dns	0.223055	66	438	SF	-	-	0	Dd	2	122	2	494	(empty)
+1210953058.350065	C0LAHyvtKSQHyJxIl	192.168.2.16	1920	192.168.2.1	53	udp	dns	0.223055	66	438	SF	-	-	0	Dd	2	122	2	494	(empty)
-1210953058.577231	Caby8b1slFea8xwSmb	192.168.2.16	137	192.168.2.255	137	udp	dns	1.499261	150	0	S0	-	-	0	D	3	234	0	0	(empty)
+1210953058.577231	CFLRIC3zaTU1loLGxh	192.168.2.16	137	192.168.2.255	137	udp	dns	1.499261	150	0	S0	-	-	0	D	3	234	0	0	(empty)
-1210953074.264819	CyAhVIzHqb7t7kv28	192.168.2.16	1920	192.168.2.1	53	udp	dns	0.297723	123	598	SF	-	-	0	Dd	3	207	3	682	(empty)
+1210953074.264819	CtxTCR2Yer0FR1tIBg	192.168.2.16	1920	192.168.2.1	53	udp	dns	0.297723	123	598	SF	-	-	0	Dd	3	207	3	682	(empty)
-1210953061.312379	CwSkQu4eWZCH7OONC1	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	tcp	http	12.810848	1675	10467	S1	-	-	0	ShADad	10	2279	12	11191	C3SfNE4BWaU4aSuwkc
+1210953074.570439	CpmdRlaUoJLN3uIRa	192.168.2.16	1580	67.228.110.120	80	tcp	http	0.466677	469	3916	SF	-	-	0	ShADadFf	7	757	6	4164	(empty)
-1210953076.058333	Cx2FqO23omNawSNrxj	192.168.2.16	1578	75.126.203.78	80	tcp	-	-	-	-	RSTRH	-	-	0	^r	0	0	1	40	(empty)
+1210953074.057124	CykQaM33ztNt0csB9a	192.168.2.16	1576	75.126.130.163	80	tcp	-	-	-	-	RSTRH	-	-	0	^r	0	0	1	40	(empty)
-1210953074.055744	CfTOmO0HKorjr8Zp7	192.168.2.16	1577	75.126.203.78	80	tcp	-	-	-	-	RSTRH	-	-	0	^r	0	0	1	40	(empty)
+1210953061.312379	CNnMIj2QSd84NKf7U3	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	tcp	http	12.810848	1675	10467	S1	-	-	0	ShADad	10	2279	12	11191	Ck51lg1bScffFj34Ri
-1210953074.057124	CzA03V1VcgagLjnO92	192.168.2.16	1576	75.126.130.163	80	tcp	-	-	-	-	RSTRH	-	-	0	^r	0	0	1	40	(empty)
+1210953076.058333	C1Xkzz2MaGtLrc1Tla	192.168.2.16	1578	75.126.203.78	80	tcp	-	-	-	-	RSTRH	-	-	0	^r	0	0	1	40	(empty)
-1210953074.570439	Cab0vO1xNYSS2hJkle	192.168.2.16	1580	67.228.110.120	80	tcp	http	0.466677	469	3916	SF	-	-	0	ShADadFf	7	757	6	4164	(empty)
+1210953074.055744	C7fIlMZDuRiqjpYbb	192.168.2.16	1577	75.126.203.78	80	tcp	-	-	-	-	RSTRH	-	-	0	^r	0	0	1	40	(empty)
-1210953052.202579	CsRx2w45OKnoww6xl4	192.168.2.16	3797	65.55.158.80	3544	udp	teredo	8.928880	129	48	SF	-	-	0	Dd	2	185	1	76	(empty)
+1210953052.324629	CmES5u32sYpV7JYN	192.168.2.16	3797	65.55.158.81	3544	udp	-	-	-	-	SHR	-	-	0	^d	0	0	1	137	(empty)
-1210953060.829233	C3SfNE4BWaU4aSuwkc	192.168.2.16	3797	83.170.1.38	32900	udp	teredo	13.293994	2359	11243	SF	-	-	0	Dd	12	2695	13	11607	(empty)
+1210953052.202579	CtPZjS20MLrsMUOJi2	192.168.2.16	3797	65.55.158.80	3544	udp	teredo	8.928880	129	48	SF	-	-	0	Dd	2	185	1	76	(empty)
-1210953058.933954	Che1bq3i2rO3KD1Syg	0.0.0.0	68	255.255.255.255	67	udp	dhcp	-	-	-	S0	-	-	0	D	1	328	0	0	(empty)
+1210953058.933954	C9rXSW3KSpTYvPrlI1	0.0.0.0	68	255.255.255.255	67	udp	dhcp	-	-	-	S0	-	-	0	D	1	328	0	0	(empty)
-1210953052.324629	CPbrpk1qSsw6ESzHV4	192.168.2.16	3797	65.55.158.81	3544	udp	-	-	-	-	SHR	-	-	0	^d	0	0	1	137	(empty)
+1210953060.829233	Ck51lg1bScffFj34Ri	192.168.2.16	3797	83.170.1.38	32900	udp	teredo	13.293994	2359	11243	SF	-	-	0	Dd	12	2695	13	11607	(empty)
-1210953046.591933	CXWv6p3arKYeMETxOg	192.168.2.16	138	192.168.2.255	138	udp	-	28.448321	416	0	S0	-	-	0	D	2	472	0	0	(empty)
+1210953046.591933	CHhAvVGS1DHFjwGM9	192.168.2.16	138	192.168.2.255	138	udp	-	28.448321	416	0	S0	-	-	0	D	2	472	0	0	(empty)
-1210953052.324629	C6pKV8GSxOnSLghOa	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	-	0	-	1	88	0	0	CPbrpk1qSsw6ESzHV4
+1210953052.324629	CP5puj4I8PtEU4qzYg	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	-	0	-	1	88	0	0	CmES5u32sYpV7JYN
-1210953060.829303	CEle3f3zno26fFZkrh	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.463615	4	4	OTH	-	-	0	-	1	52	1	52	C3SfNE4BWaU4aSuwkc,CsRx2w45OKnoww6xl4
+1210953060.829303	C9mvWx3ezztgzcexV7	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.463615	4	4	OTH	-	-	0	-	1	52	1	52	CtPZjS20MLrsMUOJi2,Ck51lg1bScffFj34Ri
-1210953052.202579	CRJuHdVW0XPVINV8a	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	CsRx2w45OKnoww6xl4
+1210953052.202579	CUM0KZ3MLUfNB0cl11	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	CtPZjS20MLrsMUOJi2
-#close	2016-07-08-21-46-39
+#close	2016-07-13-16-13-14
--- a/testing/btest/Baseline/core.tunnels.teredo/http.log
+++ b/testing/btest/Baseline/core.tunnels.teredo/http.log
@ -3,11 +3,11 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2016-06-15-05-36-31
+#open	2016-07-13-16-13-14
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
-1210953057.917183	C7XEbhP654jzLoe3a	192.168.2.16	1578	75.126.203.78	80	1	POST	download913.avast.com	/cgi-bin/iavs4stats.cgi	-	1.1	Syncer/4.80 (av_pro-1169;f)	589	0	204	<empty>	-	-	(empty)	-	-	-	Fp32SIJztq0Szn5Qc	-	text/plain	-	-	-
+1210953057.917183	C3eiCBGOLw3VtHfOj	192.168.2.16	1578	75.126.203.78	80	1	POST	download913.avast.com	/cgi-bin/iavs4stats.cgi	-	1.1	Syncer/4.80 (av_pro-1169;f)	589	0	204	<empty>	-	-	(empty)	-	-	-	Fp32SIJztq0Szn5Qc	-	text/plain	-	-	-
-1210953061.585996	CwSkQu4eWZCH7OONC1	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	6640	200	OK	-	-	(empty)	-	-	-	-	-	-	FNFYdH11h5iQcoD3a2	-	text/html
+1210953061.585996	CNnMIj2QSd84NKf7U3	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	6640	200	OK	-	-	(empty)	-	-	-	-	-	-	FNFYdH11h5iQcoD3a2	-	text/html
-1210953073.381474	CwSkQu4eWZCH7OONC1	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	25119	200	OK	-	-	(empty)	-	-	-	-	-	-	FHD5nv1iSVFZVM0aH7	-	text/html
+1210953073.381474	CNnMIj2QSd84NKf7U3	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	25119	200	OK	-	-	(empty)	-	-	-	-	-	-	FHD5nv1iSVFZVM0aH7	-	text/html
-1210953074.674817	Cab0vO1xNYSS2hJkle	192.168.2.16	1580	67.228.110.120	80	1	GET	www.wireshark.org	/	http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	11845	200	OK	-	-	(empty)	-	-	-	-	-	-	FS7lUf2cJFAVBCu6w6	-	text/html
+1210953074.674817	CpmdRlaUoJLN3uIRa	192.168.2.16	1580	67.228.110.120	80	1	GET	www.wireshark.org	/	http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	11845	200	OK	-	-	(empty)	-	-	-	-	-	-	FS7lUf2cJFAVBCu6w6	-	text/html
-#close	2016-06-15-05-36-31
+#close	2016-07-13-16-13-14
--- a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log
@ -3,13 +3,13 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2016-01-15-18-40-16
+#open	2016-07-13-16-13-14
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1210953052.202579	CsRx2w45OKnoww6xl4	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::DISCOVER
+1210953052.202579	CtPZjS20MLrsMUOJi2	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::DISCOVER
-1210953052.324629	CPbrpk1qSsw6ESzHV4	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::DISCOVER
+1210953052.324629	CmES5u32sYpV7JYN	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::DISCOVER
-1210953061.292918	C3SfNE4BWaU4aSuwkc	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::DISCOVER
+1210953061.292918	Ck51lg1bScffFj34Ri	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::DISCOVER
-1210953076.058333	CsRx2w45OKnoww6xl4	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::CLOSE
+1210953076.058333	CmES5u32sYpV7JYN	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::CLOSE
-1210953076.058333	C3SfNE4BWaU4aSuwkc	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::CLOSE
+1210953076.058333	CtPZjS20MLrsMUOJi2	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::CLOSE
-1210953076.058333	CPbrpk1qSsw6ESzHV4	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::CLOSE
+1210953076.058333	Ck51lg1bScffFj34Ri	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::CLOSE
-#close	2016-01-15-18-40-16
+#close	2016-07-13-16-13-14
--- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log
+++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/conn.log
@ -3,14 +3,14 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-08-21-46-55
+#open	2016-07-13-16-13-14
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1340127577.354166	C6pKV8GSxOnSLghOa	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	tcp	http	0.052829	1675	10467	S1	-	-	0	ShADad	10	2279	12	11191	CRJuHdVW0XPVINV8a
+1340127577.354166	CP5puj4I8PtEU4qzYg	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	tcp	http	0.052829	1675	10467	S1	-	-	0	ShADad	10	2279	12	11191	CUM0KZ3MLUfNB0cl11
-1340127577.336558	CXWv6p3arKYeMETxOg	192.168.2.16	3797	65.55.158.80	3544	udp	teredo	0.010291	129	52	SF	-	-	0	Dd	2	185	1	80	(empty)
+1340127577.339015	C4J4Th3PJpwUYZZ6gc	192.168.2.16	3797	65.55.158.81	3544	udp	-	-	-	-	SHR	-	-	0	^d	0	0	1	137	(empty)
-1340127577.341510	CRJuHdVW0XPVINV8a	192.168.2.16	3797	83.170.1.38	32900	udp	teredo	0.065485	2367	11243	SF	-	-	0	Dd	12	2703	13	11607	(empty)
+1340127577.336558	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	udp	teredo	0.010291	129	52	SF	-	-	0	Dd	2	185	1	80	(empty)
-1340127577.339015	CCvvfg3TEfuqmmG4bh	192.168.2.16	3797	65.55.158.81	3544	udp	-	-	-	-	SHR	-	-	0	^d	0	0	1	137	(empty)
+1340127577.341510	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	udp	teredo	0.065485	2367	11243	SF	-	-	0	Dd	12	2703	13	11607	(empty)
-1340127577.339015	CsRx2w45OKnoww6xl4	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	-	0	-	1	88	0	0	CCvvfg3TEfuqmmG4bh
+1340127577.339015	CtPZjS20MLrsMUOJi2	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	-	0	-	1	88	0	0	C4J4Th3PJpwUYZZ6gc
-1340127577.343969	CPbrpk1qSsw6ESzHV4	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.007778	4	4	OTH	-	-	0	-	1	52	1	52	CXWv6p3arKYeMETxOg,CRJuHdVW0XPVINV8a
+1340127577.343969	CmES5u32sYpV7JYN	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.007778	4	4	OTH	-	-	0	-	1	52	1	52	CUM0KZ3MLUfNB0cl11,CHhAvVGS1DHFjwGM9
-1340127577.336558	CjhGID4nQcgTWjvg4c	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	CXWv6p3arKYeMETxOg
+1340127577.336558	ClEkJM2Vm5giqnMf4h	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	-	0	-	1	64	0	0	CHhAvVGS1DHFjwGM9
-#close	2016-07-08-21-46-56
+#close	2016-07-13-16-13-14
--- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log
+++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/http.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	http
-#open	2016-06-15-05-36-42
+#open	2016-07-13-16-13-14
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
 #types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
-1340127577.361683	C6pKV8GSxOnSLghOa	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	6640	200	OK	-	-	(empty)	-	-	-	-	-	-	FWSTWv4EZLVlc2Zywi	-	text/html
+1340127577.361683	CP5puj4I8PtEU4qzYg	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	6640	200	OK	-	-	(empty)	-	-	-	-	-	-	FWSTWv4EZLVlc2Zywi	-	text/html
-1340127577.379360	C6pKV8GSxOnSLghOa	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	25119	200	OK	-	-	(empty)	-	-	-	-	-	-	FGKV3B3jz083xhGO13	-	text/html
+1340127577.379360	CP5puj4I8PtEU4qzYg	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	1.1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	25119	200	OK	-	-	(empty)	-	-	-	-	-	-	FGKV3B3jz083xhGO13	-	text/html
-#close	2016-06-15-05-36-42
+#close	2016-07-13-16-13-14
--- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log
+++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/tunnel.log
@ -3,13 +3,13 @@
 #empty_field	(empty)
 #unset_field	-
 #path	tunnel
-#open	2016-01-15-18-40-17
+#open	2016-07-13-16-13-14
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	tunnel_type	action
 #types	time	string	addr	port	addr	port	enum	enum
-1340127577.336558	CXWv6p3arKYeMETxOg	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::DISCOVER
+1340127577.336558	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::DISCOVER
-1340127577.339015	CCvvfg3TEfuqmmG4bh	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::DISCOVER
+1340127577.339015	C4J4Th3PJpwUYZZ6gc	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::DISCOVER
-1340127577.351747	CRJuHdVW0XPVINV8a	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::DISCOVER
+1340127577.351747	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::DISCOVER
-1340127577.406995	CXWv6p3arKYeMETxOg	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::CLOSE
+1340127577.406995	C4J4Th3PJpwUYZZ6gc	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::CLOSE
-1340127577.406995	CRJuHdVW0XPVINV8a	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::CLOSE
+1340127577.406995	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Tunnel::TEREDO	Tunnel::CLOSE
-1340127577.406995	CCvvfg3TEfuqmmG4bh	192.168.2.16	3797	65.55.158.81	3544	Tunnel::TEREDO	Tunnel::CLOSE
+1340127577.406995	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	Tunnel::TEREDO	Tunnel::CLOSE
-#close	2016-01-15-18-40-17
+#close	2016-07-13-16-13-14
--- a/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log
+++ b/testing/btest/Baseline/core.tunnels.teredo_bubble_with_payload/weird.log
@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2016-01-15-18-40-17
+#open	2016-07-13-16-13-14
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1340127577.341510	CRJuHdVW0XPVINV8a	192.168.2.16	3797	83.170.1.38	32900	Teredo_bubble_with_payload	-	F	bro
+1340127577.341510	CUM0KZ3MLUfNB0cl11	192.168.2.16	3797	83.170.1.38	32900	Teredo_bubble_with_payload	-	F	bro
-1340127577.346849	CXWv6p3arKYeMETxOg	192.168.2.16	3797	65.55.158.80	3544	Teredo_bubble_with_payload	-	F	bro
+1340127577.346849	CHhAvVGS1DHFjwGM9	192.168.2.16	3797	65.55.158.80	3544	Teredo_bubble_with_payload	-	F	bro
-#close	2016-01-15-18-40-17
+#close	2016-07-13-16-13-14
--- a/testing/btest/Baseline/core.vlan-mpls/conn.log
+++ b/testing/btest/Baseline/core.vlan-mpls/conn.log
@ -3,10 +3,10 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2015-02-23-21-33-22
+#open	2016-07-13-16-13-15
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-952109346.874907	CXWv6p3arKYeMETxOg	10.1.2.1	11001	10.34.0.1	23	tcp	-	2.102560	26	0	SH	-	-	0	SADF	11	470	0	0	(empty)
+952109346.874907	CHhAvVGS1DHFjwGM9	10.1.2.1	11001	10.34.0.1	23	tcp	-	2.102560	26	0	SH	-	-	0	SADF	11	470	0	0	(empty)
-1128727435.450898	CjhGID4nQcgTWjvg4c	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.733303	98	9417	SF	-	-	0	ShADdFaf	12	730	10	9945	(empty)
+1128727435.450898	ClEkJM2Vm5giqnMf4h	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.733303	98	9417	SF	-	-	0	ShADdFaf	12	730	10	9945	(empty)
-1278600802.069419	CCvvfg3TEfuqmmG4bh	10.20.80.1	50343	10.0.0.15	80	tcp	-	0.004152	9	3429	SF	-	-	0	ShADadfF	7	381	7	3801	(empty)
+1278600802.069419	C4J4Th3PJpwUYZZ6gc	10.20.80.1	50343	10.0.0.15	80	tcp	-	0.004152	9	3429	SF	-	-	0	ShADadfF	7	381	7	3801	(empty)
-#close	2015-02-23-21-33-22
+#close	2016-07-13-16-13-15
--- a/testing/btest/Baseline/doc.sphinx.conditional-notice/btest-doc.sphinx.conditional-notice#1
+++ b/testing/btest/Baseline/doc.sphinx.conditional-notice/btest-doc.sphinx.conditional-notice#1
@ -18,9 +18,9 @@
      #empty_field	(empty)
      #unset_field	-
      #path	notice
-      #open	2015-03-23-18-03-21
+      #open	2016-07-13-16-13-16
      #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
      #types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
-      1394745603.293028	CXWv6p3arKYeMETxOg	192.168.4.149	60539	87.98.220.10	443	F1fX1R2cDOzbvg17ye	-	-	tcp	SSL::Certificate_Expired	Certificate CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated expired at 2014-03-04-23:59:59.000000000	-	192.168.4.149	87.98.220.10	443	-	bro	Notice::ACTION_EMAIL,Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+      1394745603.293028	CHhAvVGS1DHFjwGM9	192.168.4.149	60539	87.98.220.10	443	F1fX1R2cDOzbvg17ye	-	-	tcp	SSL::Certificate_Expired	Certificate CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated expired at 2014-03-04-23:59:59.000000000	-	192.168.4.149	87.98.220.10	443	-	bro	Notice::ACTION_EMAIL,Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
-      #close	2015-03-23-18-03-21
+      #close	2016-07-13-16-13-17
--- a/testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1
+++ b/testing/btest/Baseline/doc.sphinx.connection-record-01/btest-doc.sphinx.connection-record-01#1
@ -7,7 +7,7 @@
      # bro -b -r http/get.trace connection_record_01.bro
      [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.211484, service={
-      }, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
+      }, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
      }], extract_orig=F, extract_resp=F, thresholds=<uninitialized>]
--- a/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1
+++ b/testing/btest/Baseline/doc.sphinx.connection-record-02/btest-doc.sphinx.connection-record-02#1
@ -7,9 +7,9 @@
      # bro -b -r http/get.trace connection_record_02.bro
      [id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], orig=[size=136, state=5, num_pkts=7, num_bytes_ip=512, flow_label=0, l2_addr=c8:bc:c8:96:d2:a0], resp=[size=5007, state=5, num_pkts=7, num_bytes_ip=5379, flow_label=0, l2_addr=00:10:db:88:d2:ef], start_time=1362692526.869344, duration=0.211484, service={
-      }, history=ShADadFf, uid=CXWv6p3arKYeMETxOg, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
+      }, history=ShADadFf, uid=CHhAvVGS1DHFjwGM9, tunnel=<uninitialized>, vlan=<uninitialized>, inner_vlan=<uninitialized>, conn=[ts=1362692526.869344, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], proto=tcp, service=<uninitialized>, duration=0.211484, orig_bytes=136, resp_bytes=5007, conn_state=SF, local_orig=<uninitialized>, local_resp=<uninitialized>, missed_bytes=0, history=ShADadFf, orig_pkts=7, orig_ip_bytes=512, resp_pkts=7, resp_ip_bytes=5379, tunnel_parents={
-      }], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, http=[ts=1362692526.939527, uid=CXWv6p3arKYeMETxOg, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, tags={
+      }], extract_orig=F, extract_resp=F, thresholds=<uninitialized>, http=[ts=1362692526.939527, uid=CHhAvVGS1DHFjwGM9, id=[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp], trans_depth=1, method=GET, host=bro.org, uri=/download/CHANGES.bro-aux.txt, referrer=<uninitialized>, version=1.1, user_agent=Wget/1.14 (darwin12.2.0), request_body_len=0, response_body_len=4705, status_code=200, status_msg=OK, info_code=<uninitialized>, info_msg=<uninitialized>, tags={
      }, username=<uninitialized>, password=<uninitialized>, capture_password=F, proxied=<uninitialized>, range_request=F, orig_fuids=<uninitialized>, orig_filenames=<uninitialized>, orig_mime_types=<uninitialized>, resp_fuids=[FakNcS1Jfe01uljb3], resp_filenames=<uninitialized>, resp_mime_types=[text/plain], current_entity=<uninitialized>, orig_mime_depth=1, resp_mime_depth=1], http_state=[pending={
--- a/testing/btest/Baseline/doc.sphinx.data_struct_record_01/btest-doc.sphinx.data_struct_record_01#1
+++ b/testing/btest/Baseline/doc.sphinx.data_struct_record_01/btest-doc.sphinx.data_struct_record_01#1
@ -6,9 +6,9 @@
      # bro data_struct_record_01.bro
      Service: dns(RFC1035)
        port: 53/tcp
        port: 53/udp
        port: 53/tcp
      Service: http(RFC2616)
        port: 80/tcp
        port: 8080/tcp
        port: 80/tcp
--- a/testing/btest/Baseline/doc.sphinx.data_struct_record_02/btest-doc.sphinx.data_struct_record_02#1
+++ b/testing/btest/Baseline/doc.sphinx.data_struct_record_02/btest-doc.sphinx.data_struct_record_02#1
@ -6,10 +6,10 @@
      # bro data_struct_record_02.bro
      System: morlock
        Service: dns(RFC1035)
          port: 53/tcp
          port: 53/udp
        Service: http(RFC2616)
          port: 80/tcp
          port: 8080/tcp
          port: 80/tcp
        Service: dns(RFC1035)
          port: 53/udp
          port: 53/tcp
--- a/testing/btest/Baseline/doc.sphinx.data_struct_set_declaration/btest-doc.sphinx.data_struct_set_declaration#1
+++ b/testing/btest/Baseline/doc.sphinx.data_struct_set_declaration/btest-doc.sphinx.data_struct_set_declaration#1
@ -5,12 +5,12 @@
      :emphasize-lines: 1,1
      # bro data_struct_set_declaration.bro
      SSL Port: 993/tcp
      SSL Port: 22/tcp
      SSL Port: 587/tcp
      SSL Port: 443/tcp
-      Non-SSL Port: 143/tcp
+      SSL Port: 587/tcp
-      Non-SSL Port: 25/tcp
+      SSL Port: 993/tcp
      Non-SSL Port: 80/tcp
      Non-SSL Port: 25/tcp
      Non-SSL Port: 143/tcp
      Non-SSL Port: 23/tcp
--- a/testing/btest/Baseline/doc.sphinx.data_struct_table_complex/btest-doc.sphinx.data_struct_table_complex#1
+++ b/testing/btest/Baseline/doc.sphinx.data_struct_table_complex/btest-doc.sphinx.data_struct_table_complex#1
@ -5,8 +5,8 @@
      :emphasize-lines: 1,1
      # bro -b data_struct_table_complex.bro
      Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai
      Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai
      Harakiri was released in 1962 by Shochiku Eiga studios, directed by Masaki Kobayashi and starring Tatsuya Nakadai
      Goyokin was released in 1969 by Fuji studios, directed by Hideo Gosha and starring Tatsuya Nakadai
      Tasogare Seibei was released in 2002 by Eisei Gekijo studios, directed by Yoji Yamada and starring Hiroyuki Sanada
      Kiru was released in 1968 by Toho studios, directed by Kihachi Okamoto and starring Tatsuya Nakadai
--- a/testing/btest/Baseline/doc.sphinx.data_struct_table_declaration/btest-doc.sphinx.data_struct_table_declaration#1
+++ b/testing/btest/Baseline/doc.sphinx.data_struct_table_declaration/btest-doc.sphinx.data_struct_table_declaration#1
@ -5,8 +5,8 @@
      :emphasize-lines: 1,1
      # bro data_struct_table_declaration.bro
      Service Name:  IMAPS - Common Port: 993/tcp
      Service Name:  HTTPS - Common Port: 443/tcp
      Service Name:  SSH - Common Port: 22/tcp
      Service Name:  HTTPS - Common Port: 443/tcp
      Service Name:  SMTPS - Common Port: 587/tcp
      Service Name:  IMAPS - Common Port: 993/tcp
--- a/testing/btest/Baseline/doc.sphinx.data_type_const.bro/btest-doc.sphinx.data_type_const.bro#1
+++ b/testing/btest/Baseline/doc.sphinx.data_type_const.bro/btest-doc.sphinx.data_type_const.bro#1
@ -6,7 +6,7 @@
      # bro -b data_type_const.bro
      {
-      [6666/tcp] = IRC,
+      [80/tcp] = WWW,
-      [80/tcp] = WWW
+      [6666/tcp] = IRC
      }
--- a/Show more
+++ b/Show more
`@ -13,7 +13,6 @@ error: false-positive rate must take value between 0 and 1`
	`1`	`1`
	`1`	`1`
	`1, fp`	`1, fp`
	`1, fp`
	`1`	`1`
	`1`	`1`
	`1`	`1`
`@ -1,6 +1,6 @@`
	`985`	`20`
	`474`	`484`
	`738`	`137`
	`4`	`4`
	`634`	`634`
	`473`	`473`