Merge remote branch 'origin/master' into topic/gregor/reassmbler-hotfix

2025-10-02 14:48:21 +00:00 · 2011-02-22 16:58:05 -08:00 · 2011-02-22 16:58:05 -08:00 · 6af01a205f
commit 6af01a205f
parent a5632aff4e f79a1f6e58
77 changed files with 2933 additions and 1284 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -10,3 +10,6 @@
 [submodule "aux/broctl"]
 	path = aux/broctl
 	url = git://git.icir.org/broctl
+[submodule "aux/btest"]
+	path = aux/btest
+	url = git://git.icir.org/btest
--- a/139
+++ b/139
@ -1,6 +1,141 @@
-@(#) $Id: CHANGES 7076 2010-09-13 02:42:27Z vern $
+1.6-dev.45 Tue Feb  8 21:28:01 PST 2011
+
+- Fixing a number of compiler warnings. (Seth Hall and Robin Sommer)
+
+1.6-dev.44 Tue Feb  8 20:11:44 PST 2011
+
+- A number of updates to the SSL analyzer, including support for new
+  ciphers; SSL extensions; and bug fixes. The analyzer does not longer
+  throw weird for exceeding a predefined cipherspec_size anymore.
+  (Seth Hall and Rmkml).
+
+- The various split*() BiFs now handle strings containing null bytes
+  correctly. (Seth Hall)
+
+- Adding new aux/btest submodule. This is a framework we will use in
+  the future for doing unit tests. (Robin Sommer)
+
+1.6-dev.41 Mon Feb  7 13:43:56 PST 2011
+
+- Smarter way to increase the parent/child pipe's socket buffer.
+  (Craig Leres).
+    
+- Fixing bug with defining bro_int_t and bro_uint_t to be 64 bits wide
+  on some platforms. (Robin Sommer)
+
+1.6-dev.39 Mon Jan 31 16:42:23 PST 2011
+
+- Login's confused messages now go through weird.bro. (Robin Sommer)
+
+1.6-dev.36 Mon Jan 31 08:45:35 PST 2011
+
+- Adding more configure options for finding dependencies, (Jon Siwek)
+
+    --with-flex=PATH       path to flex executable
+    --with-bison=PATH      path to bison executable
+    --with-perl=PATH       path to perl executable
+    --with-python=PATH     path to Python interpreter
+    --with-python-lib=PATH path to libpython
+    --with-python-inc=PATH path to Python headers
+    --with-swig=PATH       path to SWIG executable
+
+- Fixing typo in PCAPTests.cmake  (Jon Siwek)
+
+
+1.6-dev.33 Mon Jan 24 15:29:04 PST 2011
+
+- Fixing bug in SMB analyzer. (Robin Sommer)
+
+- Configure wrapper now deletes previous CMake cache (Jon Siwek)
+
+- Fix for the --with-binpac configure option. (Jon Siwek)
+
+1.6-dev.30 Thu Jan 20 16:32:43 PST 2011
+
+- Changed configure wrapper to create config.status. (Jon Siwek)
+
+1.6-dev.29 Thu Jan 20 16:29:56 PST 2011
+
+- Fixing little problem with initialization of Bro-to-Bro event
+  communication. (Christian Kreibich)
+
+
+1.6-dev.27 Thu Jan 20 13:52:25 PST 2011
+
+- Fine-tuning of the HTTP analyzer in terms of raising protocol
+  violations and interrupted transfers. (Gregor Maier)
+
+
+1.6-dev.21 Wed Jan 19 17:36:02 PST 2011
+
+- Added 4 new BiFs and a new record type for testing the entropy of
+  strings. (Seth Hall)
+
+    find_entropy(data: string): entropy_test_result
+        This is a one shot function that accepts a string and
+        returns the result of the entropy calculations.
+
+    entropy_test_init(index: any): bool
+        This and the next two functions are for calculating entropy
+        piece-wise. It only needs an index which can be any type of
+        variable. It needs to be something that uniquely identifies
+        the data stream that is currently having it's entropy
+        calculated.
+
+    entropy_test_add(index: any, data: string): bool
+        This function is used to add data into the entropy
+        calculation. It takes the index used in the function above
+        and the data that you are adding and returns true if
+        everything seemed to work, false otherwise.
+
+     entropy_test_finish(index: any): entropy_test_result
+        Calling this function indicates that all of the desired data
+        has been inserted into the entropy_test_add function and the
+        entropy should be calculated. This function *must* be called
+        in order to clean up an internal state tracking variable.
+        If this is never called on an index, it will result in a
+        memory leak.
+
+  The entropy_test_result values have several measures of the
+  entropy, but a good one to work with is the "entropy" attribute.
+  It's a double and as the value approaches 8.0 it can be considered
+  more and more random.  For example, a value of 7.832 would be
+  quite random but a value of 4.671 is not very random.
+
+1.6-dev.20 Wed Jan 19 17:30:11 PST 2011
+
+- BRO_DNS_FAKE is now listed in the --help output. (Seth Hall)
+
+
+1.6-dev.18 Wed Jan 19 16:37:13 PST 2011
+
+- Removing unnecessary expire timer from http_sessions. (Gregor
+  Maier)
+
+
+1.6-dev.16 Sat Jan 15 14:14:21 PST 2011
+
+- Updates to the build system. (Jonathan Siwek)
+
+    * ``make dist`` is now available to be used with the top-level
+      Makefile for creating source packages according to #344.
+
+    * ``make-rpm-packages`` and ``make-mac-packages`` scripts can
+      now generate binary packages according to #295.
+
+    * Additional configure options to change packaging behavior.
+
+    * OS X builds will now prefer to link static libraries of
+      optional dependencies that don't come with the vanilla
+      operating system.
+
+    * Fix for OS X 10.5 compile error dealing with the llabs()
+      function from stdlib.
+
+    * Installing as a different user than the one that
+      configured/built now works (although, a harmless error message
+      about not being able to write the install manifest may occur).

-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

 1.6-dev.3 Wed Dec  8 04:09:38 PST 2010

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -57,6 +57,7 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${EXTRA_COMPILE_FLAGS}")
 ########################################################################
 ## Dependency Configuration

+include(MacDependencyPaths)
 include(FindRequiredPackage)

 # Check cache value first to avoid displaying "Found sed" messages everytime
@ -76,7 +77,8 @@ FindRequiredPackage(PCAP)
 FindRequiredPackage(OpenSSL)
 FindRequiredPackage(BIND)

-if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/aux/binpac/CMakeLists.txt)
+if (NOT BinPAC_ROOT_DIR AND
+    EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/aux/binpac/CMakeLists.txt)
    add_subdirectory(aux/binpac)
 endif ()
 FindRequiredPackage(BinPAC)
@ -159,81 +161,27 @@ add_subdirectory(policy)
 #add_subdirectory(scripts)
 #add_subdirectory(doc)

-if (INSTALL_BROCCOLI)
-    if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/aux/broccoli/CMakeLists.txt)
-        add_subdirectory(aux/broccoli)
-    else ()
-        message(FATAL_ERROR "Broccoli selected for installation, "
-                            "but the source code does not exist in "
-                            "${CMAKE_CURRENT_SOURCE_DIR}/aux/broccoli")
-    endif ()
-endif ()
+include(CheckOptionalBuildSources)

-if (INSTALL_BROCTL)
-    if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/aux/broctl/CMakeLists.txt)
-        add_subdirectory(aux/broctl)
-    else ()
-        message(FATAL_ERROR "Broctl selected for installation, "
-                            "but the source code does not exist in "
-                            "${CMAKE_CURRENT_SOURCE_DIR}/aux/broctl")
-    endif ()
-endif ()
-
-if (INSTALL_AUX_TOOLS)
-    if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/aux/bro-aux/CMakeLists.txt)
-        add_subdirectory(aux/bro-aux)
-    else ()
-        message(FATAL_ERROR "Bro auxilliary tools selected for installation, "
-                            "but the source code does not exist in "
-                            "${CMAKE_CURRENT_SOURCE_DIR}/aux/bro-aux")
-    endif ()
-endif ()
+CheckOptionalBuildSources(aux/broctl   Broctl   INSTALL_BROCTL)
+CheckOptionalBuildSources(aux/bro-aux  Bro-Aux  INSTALL_AUX_TOOLS)
+CheckOptionalBuildSources(aux/broccoli Broccoli INSTALL_BROCCOLI)

 ########################################################################
 ## Packaging Setup

-include(SetPackageVersion)
-SetPackageVersion(${VERSION})
-include(SetPackageGenerators)
-include(SetPackageFileName)
-
-set(CPACK_PACKAGE_VENDOR "Lawrence Berkeley National Laboratory")
-set(CPACK_PACKAGE_CONTACT "info@bro-ids.org")
-set(CPACK_PACKAGE_DESCRIPTION_SUMMARY
-    "The Bro Network Intrusion Detection System")
-
-# CPack may enforce file name extensions for certain package generators
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/README
-               ${CMAKE_CURRENT_BINARY_DIR}/README.txt
-                COPYONLY)
-configure_file(${CMAKE_CURRENT_SOURCE_DIR}/COPYING
-               ${CMAKE_CURRENT_BINARY_DIR}/COPYING.txt
-                COPYONLY)
-
-set(CPACK_PACKAGE_DESCRIPTION_FILE ${CMAKE_CURRENT_BINARY_DIR}/README.txt)
-set(CPACK_RESOURCE_FILE_LICENSE ${CMAKE_CURRENT_BINARY_DIR}/COPYING.txt)
-set(CPACK_RESOURCE_FILE_README ${CMAKE_CURRENT_BINARY_DIR}/README.txt)
-set(CPACK_RESOURCE_FILE_WELCOME ${CMAKE_CURRENT_BINARY_DIR}/README.txt)
-
-if (APPLE)
-    # /usr prefix is hardcoded for PackageMaker generator, but that
-    # directory may not be ideal for OS X (it's tricky to remove
-    # packages installed there).  So instead we rely on CMAKE_INSTALL_PREFIX
-    # and set the following variable to workaround the hardcoded /usr prefix
-    set(CPACK_PACKAGING_INSTALL_PREFIX "/")
-    set(CPACK_PACKAGE_DEFAULT_LOCATION ${CMAKE_INSTALL_PREFIX})
-elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-    # A prefix of /usr would follow Filesystem Hierarchy Standard.
-    # For RPM packaging by CPack, /usr should be a default, but
-    # CMAKE_INSTALL_PREFIX also needs to be set to /usr so that
-    # the default BROPATH is set right at build time
-    set(CPACK_RPM_PACKAGE_LICENSE "BSD")
+if (INSTALL_BROCTL)
+    # CPack RPM Generator may not automatically detect this
+    set(CPACK_RPM_PACKAGE_REQUIRES "python >= 2.4.0")
 endif ()

-# Ignore the build directory
-set(CPACK_SOURCE_IGNORE_FILES ${CMAKE_BINARY_DIR} ".git")
-
-include(CPack)
+# If this CMake project is a sub-project of another, we will not
+# configure the generic packaging because CPack will fail in the case
+# that the parent project has already configured packaging
+if ("${PROJECT_SOURCE_DIR}" STREQUAL "${CMAKE_SOURCE_DIR}")
+    include(ConfigurePackaging)
+    ConfigurePackaging(${VERSION})
+endif ()

 ########################################################################
 ## Build Summary
@ -276,3 +224,17 @@ message(
    "\n"
    "\n================================================================\n"
 )
+
+########################################################################
+## Show warning when installing user is different from the one that configured
+
+install(CODE "
+    if (NOT $ENV{USER} STREQUAL \$ENV{USER})
+        message(STATUS \"ATTENTION: Install is being performed by user \"
+                \"'\$ENV{USER}', but the build directory was configured by \"
+                \"user '$ENV{USER}'. This may result in a permissions error \"
+                \"when writing the install manifest, but you can ignore it \"
+                \"and consider the installation as successful if you don't \"
+                \"care about the install manifest.\")
+    endif ()
+")
--- a/8
+++ b/8
@ -70,12 +70,18 @@ build/, using default build options. It then installs the Bro binary
 into /usr/local/bro/bin. Depending on the Bro package you
 downloaded, there may be auxiliary tools and libraries available in
 the aux/ directory. If so, they will be installed by default as well
-if not explicitly disabled via configure options.
+if not explicitly disabled via configure options and may also have
+additional installation/configuration instructions that you can
+find in their source directories.

 You can specify a different installation directory with

    > ./configure --prefix=<dir>

+Note that "/usr" and "/opt/bro" are standard prefixes for binary
+packages to be installed, so those are typically not good choices
+unless you are creating such a package.
+
 Run "./configure --help" for more options.

 Running Bro
--- a/49
+++ b/49
@ -6,6 +6,14 @@
 #

 BUILD=build
+BROCCOLI=aux/broccoli
+BROCTL=aux/broctl
+
+# CMake/CPack versions before 2.8.2 have bugs that can create bad packages
+CMAKE_PACK_REQ=2.8.2
+CMAKE_VER=`cmake -version`
+
+OSX_VER_CMD=sw_vers | sed -n 's/ProductVersion://p' | cut -d . -f 2

 all: configured
 	( cd $(BUILD) && make )
@ -16,13 +24,48 @@ install: configured
 clean: configured
 	( cd $(BUILD) && make clean )

-dist: configured
-	( cd $(BUILD) && make package_source )
+dist: cmake_version
+	# Minimum Bro source package
+	( \
+	./configure --ignore-dirs='aux/broctl;aux/broccoli' --pkg-name-prefix=Bro && \
+	cd $(BUILD) && \
+	make package_source \
+	)
+	# Full Bro source package
+	( \
+	./configure --pkg-name-prefix=Bro-all && \
+	cd $(BUILD) && \
+	make package_source \
+	)
+	# Broccoli source package
+	( \
+	cd $(BROCCOLI) && \
+	./configure && \
+	cd $(BUILD) && \
+	make package_source && \
+	mv Broccoli*.tar.gz ../../../$(BUILD)/ && \
+	cd .. && \
+	rm -r $(BUILD) \
+	)
+	# Broctl source package
+	( \
+	cd $(BROCTL) && \
+	./configure && \
+	cd $(BUILD) && \
+	make package_source && \
+	mv Broctl*.tar.gz ../../../$(BUILD)/ && \
+	cd .. && \
+	rm -r $(BUILD) \
+	)

 distclean:
 	rm -rf $(BUILD)

-.PHONY : configured
 configured:
 	@test -d $(BUILD) || ( echo "Error: No build/ directory found. Did you run configure?" && exit 1 )
 	@test -e $(BUILD)/Makefile || ( echo "Error: No build/Makefile found. Did you run configure?" && exit 1 )
+
+cmake_version:
+	@test "$(CMAKE_VER)" \> "cmake version $(CMAKE_PACK_REQ)" || ( echo "Error: please use a CMake version greater than $(CMAKE_PACK_REQ)" && exit 1 )
+
+.PHONY : all install clean distclean configured cmake_version
--- a/2
+++ b/2
@ -1 +1 @@
-1.6-dev.3
+1.6-dev.45
--- a/aux/binpac
+++ b/aux/binpac
@ -1 +1 @@
-Subproject commit 2873ac642e2780cbbba3c0882423a75ca3350534
+Subproject commit 26d02716f9090651f319a4bfdf8ede49b3a7b53a
--- a/aux/bro-aux
+++ b/aux/bro-aux
@ -1 +1 @@
-Subproject commit 0a946b4d660fda37a868bb01974211df9cd48ac7
+Subproject commit 7e50bac938af1831ecf9660159145a3c2e77e13d
--- a/aux/broccoli
+++ b/aux/broccoli
@ -1 +1 @@
-Subproject commit 2a5e0d385e392f8b2212da5ab570d4600bbb8aa7
+Subproject commit a1c6b6e59b3087b6b79a37a847c669b61ae2c522
--- a/aux/broctl
+++ b/aux/broctl
@ -1 +1 @@
-Subproject commit df922e8a64a631aadb485b5044fe9ae1046d47ca
+Subproject commit fc940bbb72abbaef2e5f10ea4ab616ec9b61fe0a
--- a/aux/btest
+++ b/aux/btest
@ -0,0 +1 @@
+Subproject commit a2b04952ae91dcd27d5e68a42d5d26c291ecb1f5
--- a/cmake/CheckOptionalBuildSources.cmake
+++ b/cmake/CheckOptionalBuildSources.cmake
@ -0,0 +1,21 @@
+# A macro that checks whether optional sources exist and if they do, they
+# are added to the build/install process, else a warning is issued
+#
+#         _dir: the subdir of the current source dir in which the optional
+#               sources are located
+# _packageName: a string that identifies the package
+#     _varName: name of the variable indicating whether package is scheduled
+#               to be installed
+
+macro(CheckOptionalBuildSources _dir _packageName _varName)
+    if (${_varName})
+        if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${_dir}/CMakeLists.txt)
+            add_subdirectory(${_dir})
+        else ()
+            message(WARNING "${_packageName} source code does not exist in "
+                            "${CMAKE_CURRENT_SOURCE_DIR}/${_dir} "
+                            "so it will not be built or installed")
+            set(${_varName} false)
+        endif ()
+    endif ()
+endmacro(CheckOptionalBuildSources)
--- a/cmake/ConfigurePackaging.cmake
+++ b/cmake/ConfigurePackaging.cmake
@ -0,0 +1,208 @@
+# A collection of macros to assist in configuring CMake/Cpack
+# source and binary packaging
+
+# Sets CPack version variables by splitting the first macro argument
+# using "." as a delimiter.  If the length of the split list is
+# greater than 2, all remaining elements are tacked on to the patch
+# level version.  Not that the version set by the macro is internal
+# to binary packaging, the file name of our package will reflect the
+# exact version number.
+macro(SetPackageVersion _version)
+    string(REPLACE "." " " version_numbers ${_version})
+    separate_arguments(version_numbers)
+
+    list(GET version_numbers 0 CPACK_PACKAGE_VERSION_MAJOR)
+    list(REMOVE_AT version_numbers 0)
+    list(GET version_numbers 0 CPACK_PACKAGE_VERSION_MINOR)
+    list(REMOVE_AT version_numbers 0)
+    list(LENGTH version_numbers version_length)
+
+    while (version_length GREATER 0)
+        list(GET version_numbers 0 patch_level)
+        if (CPACK_PACKAGE_VERSION_PATCH)
+            set(CPACK_PACKAGE_VERSION_PATCH
+                "${CPACK_PACKAGE_VERSION_PATCH}.${patch_level}")
+        else ()
+            set(CPACK_PACKAGE_VERSION_PATCH ${patch_level})
+        endif ()
+        list(REMOVE_AT version_numbers 0)
+        list(LENGTH version_numbers version_length)
+    endwhile ()
+
+    if (APPLE)
+        # Mac PackageMaker package requires only numbers in the versioning
+        string(REGEX REPLACE "[_a-zA-Z-]" "" CPACK_PACKAGE_VERSION_MAJOR
+               ${CPACK_PACKAGE_VERSION_MAJOR})
+        string(REGEX REPLACE "[_a-zA-Z-]" "" CPACK_PACKAGE_VERSION_MINOR
+               ${CPACK_PACKAGE_VERSION_MINOR})
+        if (CPACK_PACKAGE_VERSION_PATCH)
+            string(REGEX REPLACE "[_a-zA-Z-]" "" CPACK_PACKAGE_VERSION_PATCH
+                   ${CPACK_PACKAGE_VERSION_PATCH})
+        endif ()
+    endif ()
+
+    if (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
+        # RPM version accepts letters, but not dashes.
+        string(REGEX REPLACE "[-]" "" CPACK_PACKAGE_VERSION_MAJOR
+               ${CPACK_PACKAGE_VERSION_MAJOR})
+        string(REGEX REPLACE "[-]" "" CPACK_PACKAGE_VERSION_MINOR
+               ${CPACK_PACKAGE_VERSION_MINOR})
+        if (CPACK_PACKAGE_VERSION_PATCH)
+            string(REGEX REPLACE "[-]" "" CPACK_PACKAGE_VERSION_PATCH
+                   ${CPACK_PACKAGE_VERSION_PATCH})
+        endif ()
+    endif ()
+
+    # Minimum supported OS X version
+    set(CPACK_OSX_PACKAGE_VERSION 10.5)
+endmacro(SetPackageVersion)
+
+# Sets the list of desired package types to be created by the make
+# package target.  A .tar.gz is only made for source packages, and 
+# binary pacakage format depends on the operating system:
+#
+# Darwin - PackageMaker
+# Linux - RPM if the platform has rpmbuild installed
+#         DEB is ommitted because CPack does not give enough
+#         control over how the package is created and lacks support
+#         for automatic dependency detection.
+#         
+#
+# CPACK_GENERATOR is set by this macro
+# CPACK_SOURCE_GENERATOR is set by this macro
+macro(SetPackageGenerators)
+    set(CPACK_SOURCE_GENERATOR TGZ)
+    #set(CPACK_GENERATOR TGZ)
+    if (APPLE)
+        list(APPEND CPACK_GENERATOR PackageMaker)
+    elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
+        find_program(RPMBUILD_EXE rpmbuild)
+        if (RPMBUILD_EXE)
+            set(CPACK_GENERATOR ${CPACK_GENERATOR} RPM)
+        endif ()
+    endif ()
+endmacro(SetPackageGenerators)
+
+# Sets CPACK_PACKAGE_FILE_NAME in the following format:
+#
+# <project_name>-<version>-<OS/platform>-<arch>
+#
+# and CPACK_SOURCE_PACKAGE_FILE_NAME as:
+#
+# <project_name>-<version>
+macro(SetPackageFileName _version)
+    if (PACKAGE_NAME_PREFIX)
+        set(CPACK_PACKAGE_FILE_NAME "${PACKAGE_NAME_PREFIX}-${_version}")
+        set(CPACK_SOURCE_PACKAGE_FILE_NAME "${PACKAGE_NAME_PREFIX}-${_version}")
+    else ()
+        set(CPACK_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${_version}")
+        set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${_version}")
+    endif ()
+
+    set(CPACK_PACKAGE_FILE_NAME
+        "${CPACK_PACKAGE_FILE_NAME}-${CMAKE_SYSTEM_NAME}")
+
+    if (APPLE)
+        # Only Intel-based Macs are supported.  CMAKE_SYSTEM_PROCESSOR may
+        # return the confusing 'i386' if running a 32-bit kernel, but chances
+        # are the binary is x86_64 (or more generally 'Intel') compatible.
+        set(arch "Intel")
+    else ()
+        set (arch ${CMAKE_SYSTEM_PROCESSOR})
+    endif ()
+
+    set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_FILE_NAME}-${arch}")
+endmacro(SetPackageFileName)
+
+# Sets up binary package metadata
+macro(SetPackageMetadata)
+    set(CPACK_PACKAGE_VENDOR "Lawrence Berkeley National Laboratory")
+    set(CPACK_PACKAGE_CONTACT "info@bro-ids.org")
+    set(CPACK_PACKAGE_DESCRIPTION_SUMMARY
+        "The Bro Network Intrusion Detection System")
+
+    # CPack may enforce file name extensions for certain package generators
+    configure_file(${CMAKE_CURRENT_SOURCE_DIR}/README
+                   ${CMAKE_CURRENT_BINARY_DIR}/README.txt
+                    COPYONLY)
+    configure_file(${CMAKE_CURRENT_SOURCE_DIR}/COPYING
+                   ${CMAKE_CURRENT_BINARY_DIR}/COPYING.txt
+                    COPYONLY)
+    configure_file(${CMAKE_CURRENT_SOURCE_DIR}/cmake/MAC_PACKAGE_INTRO
+                   ${CMAKE_CURRENT_BINARY_DIR}/MAC_PACKAGE_INTRO.txt)
+
+    set(CPACK_PACKAGE_DESCRIPTION_FILE ${CMAKE_CURRENT_BINARY_DIR}/README.txt)
+    set(CPACK_RESOURCE_FILE_LICENSE ${CMAKE_CURRENT_BINARY_DIR}/COPYING.txt)
+    set(CPACK_RESOURCE_FILE_README ${CMAKE_CURRENT_BINARY_DIR}/README.txt)
+    set(CPACK_RESOURCE_FILE_WELCOME
+        ${CMAKE_CURRENT_BINARY_DIR}/MAC_PACKAGE_INTRO.txt)
+
+    set(CPACK_RPM_PACKAGE_LICENSE "BSD")
+endmacro(SetPackageMetadata)
+
+# Sets pre and post install scripts for PackageMaker packages.
+# The main functionality that such scripts offer is a way to make backups
+# of "configuration" files that a user may have modified.
+# Note that RPMs already have a robust mechanism for dealing with
+# user-modified files, so we do not need this additional functionality
+macro(SetPackageInstallScripts VERSION)
+
+    if (INSTALLED_CONFIG_FILES)
+        # Remove duplicates from the list of installed config files
+        separate_arguments(INSTALLED_CONFIG_FILES)
+        list(REMOVE_DUPLICATES INSTALLED_CONFIG_FILES)
+        # Space delimit the list again
+        foreach (_file ${INSTALLED_CONFIG_FILES})
+            set(_tmp "${_tmp} ${_file}")
+        endforeach ()
+        set(INSTALLED_CONFIG_FILES "${_tmp}" CACHE STRING "" FORCE)
+    endif ()
+
+    if (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
+        # Leaving the set of installed config files empty will just
+        # bypass the logic in the pre/post install scripts and let
+        # the RPM do their own thing (regarding backups, etc.)
+        # when upgrading packages.
+        set (INSTALLED_CONFIG_FILES "")
+    endif ()
+
+    if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_preinstall.sh.in)
+        configure_file(
+            ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_preinstall.sh.in
+            ${CMAKE_CURRENT_BINARY_DIR}/package_preinstall.sh
+            @ONLY)
+        set(CPACK_PREFLIGHT_SCRIPT
+            ${CMAKE_CURRENT_BINARY_DIR}/package_preinstall.sh)
+        set(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE
+            ${CMAKE_CURRENT_BINARY_DIR}/package_preinstall.sh)
+    endif ()
+
+    if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_postupgrade.sh.in)
+        configure_file(
+            ${CMAKE_CURRENT_SOURCE_DIR}/cmake/package_postupgrade.sh.in
+            ${CMAKE_CURRENT_BINARY_DIR}/package_postupgrade.sh
+            @ONLY)
+        set(CPACK_POSTUPGRADE_SCRIPT
+            ${CMAKE_CURRENT_BINARY_DIR}/package_postupgrade.sh)
+        set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE
+            ${CMAKE_CURRENT_BINARY_DIR}/package_postupgrade.sh)
+    endif ()
+endmacro(SetPackageInstallScripts)
+
+# Main macro to configure all the packaging options
+macro(ConfigurePackaging _version)
+    SetPackageVersion(${_version})
+    SetPackageGenerators()
+    SetPackageFileName(${_version})
+    SetPackageMetadata()
+    SetPackageInstallScripts(${_version})
+
+    set(CPACK_SET_DESTDIR true)
+    set(CPACK_PACKAGING_INSTALL_PREFIX ${CMAKE_INSTALL_PREFIX})
+
+    # add default files/directories to ignore for source package
+    # user may specify others via configure script
+    list(APPEND CPACK_SOURCE_IGNORE_FILES ${CMAKE_BINARY_DIR} ".git")
+
+    include(CPack)
+endmacro(ConfigurePackaging)
--- a/cmake/FindLibGeoIP.cmake
+++ b/cmake/FindLibGeoIP.cmake
@ -21,8 +21,16 @@ find_path(LibGeoIP_ROOT_DIR
    NAMES include/GeoIPCity.h
 )

+if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+    # the static version of the library is preferred on OS X for the
+    # purposes of making packages (libGeoIP doesn't ship w/ OS X)
+    set(libgeoip_names libGeoIp.a GeoIP)
+else ()
+    set(libgeoip_names GeoIP)
+endif ()
+
 find_library(LibGeoIP_LIBRARY
-    NAMES GeoIP
+    NAMES ${libgeoip_names}
    HINTS ${LibGeoIP_ROOT_DIR}/lib
 )

--- a/cmake/FindLibMagic.cmake
+++ b/cmake/FindLibMagic.cmake
@ -21,8 +21,16 @@ find_path(LibMagic_ROOT_DIR
    NAMES include/magic.h
 )

+if (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+    # the static version of the library is preferred on OS X for the
+    # purposes of making packages (libmagic doesn't ship w/ OS X)
+    set(libmagic_names libmagic.a magic)
+else ()
+    set(libmagic_names magic)
+endif ()
+
 find_library(LibMagic_LIBRARY
-    NAMES magic
+    NAMES ${libmagic_names}
    HINTS ${LibMagic_ROOT_DIR}/lib
 )

--- a/cmake/MAC_PACKAGE_INTRO
+++ b/cmake/MAC_PACKAGE_INTRO
@ -0,0 +1,20 @@
+This package will install @CMAKE_PROJECT_NAME@ into the following location:
+
+    @CMAKE_INSTALL_PREFIX@
+
+You may choose to update your PATH environment variable:
+
+    # For Bash
+    export PATH=@CMAKE_INSTALL_PREFIX@/bin:$PATH
+
+    # For CSH
+    setenv PATH @CMAKE_INSTALL_PREFIX@/bin:$PATH
+ 
+If you have more than one volume, please choose the install
+destination as the one that contains the root filesystem.
+
+If you have existing configuration files that are modified or
+otherwise different from the version included in the package,
+this installer will attempt to prevent overwirting them,
+but its also advisable to make your own backups of important
+files before proceeding.
--- a/cmake/MacDependencyPaths.cmake
+++ b/cmake/MacDependencyPaths.cmake
@ -0,0 +1,10 @@
+if (NOT _MAC_DEPENDENCY_PATHS)
+set(_MAC_DEPENDENCY_PATHS)
+    # As of CMake 2.8.3, Fink and MacPorts search paths are appended to the
+    # default search prefix paths, but the nicer thing would be if they are
+    # prepended to the default, so that is fixed here.
+    if (APPLE) 
+        list(INSERT CMAKE_SYSTEM_PREFIX_PATH 0 /opt/local) # MacPorts
+        list(INSERT CMAKE_SYSTEM_PREFIX_PATH 0 /sw)        # Fink
+    endif ()
+endif ()
--- a/cmake/OSSpecific.cmake
+++ b/cmake/OSSpecific.cmake
@ -1,3 +1,6 @@
+include(CheckCSourceCompiles)
+include(CheckCXXSourceCompiles)
+
 if (${CMAKE_SYSTEM_NAME} MATCHES "FreeBSD")
    # alternate malloc is faster for FreeBSD, but needs more testing
    # need to add way to set this from the command line
@ -7,6 +10,28 @@ elseif (${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD")
    set(USE_NMALLOC true)

 elseif (${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+    # The following may have a greater scope than just Darwin
+    # (i.e. any platform w/ GCC < 4.1.0), but I've only seen
+    # it on OS X 10.5, which has GCC 4.0.1, so the workaround
+    # will be stuck here for now.
+    #
+    # See also http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13943
+
+    check_cxx_source_compiles("
+        #include <math.h>
+        #include <cstdlib>
+        using namespace std;
+        int main() {
+            llabs(1);
+            return 0;
+        }
+    " darwin_llabs_works)
+
+    if (NOT darwin_llabs_works)
+        # abs() should be used in this case, the long long version should
+        # exist in the __gnu_cxx namespace
+        set(DARWIN_NO_LLABS true)
+    endif ()

 elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
    set(HAVE_LINUX true)
@ -25,7 +50,7 @@ elseif (${CMAKE_SYSTEM_NAME} MATCHES "irix")
 elseif (${CMAKE_SYSTEM_NAME} MATCHES "ultrix")
    list(APPEND CMAKE_C_FLAGS -std1 -g3)
    list(APPEND CMAKE_CXX_FLAGS -std1 -g3)
-    include(CheckCSourceCompiles)
+
    check_c_source_compiles("
        #include <sys/types.h>
        int main() {
--- a/cmake/PCAPTests.cmake
+++ b/cmake/PCAPTests.cmake
@ -2,7 +2,7 @@ include(CheckFunctionExists)
 include(CheckCSourceCompiles)
 include(CheckIncludeFiles)

-set(CMAKE_REQUIRED_INCLUDES ${LIBPCAP_INCLUDE_DIR})
+set(CMAKE_REQUIRED_INCLUDES ${PCAP_INCLUDE_DIR})
 set(CMAKE_REQUIRED_LIBRARIES ${PCAP_LIBRARY})

 check_include_files(pcap-int.h HAVE_PCAP_INT_H)
--- a/cmake/SetPackageFileName.cmake
+++ b/cmake/SetPackageFileName.cmake
@ -1,18 +0,0 @@
-# Sets CPACK_PACKAGE_FILE name in the following format:
-#
-# <project_name>-<version>-<OS/platform>-<arch>
-#
-# The version must already be set in the VERSION variable
-
-set(CPACK_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME}-${VERSION}")
-set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_FILE_NAME}-${CMAKE_SYSTEM_NAME}")
-if (APPLE)
-    # Only Intel-based Macs are supported.  CMAKE_SYSTEM_PROCESSOR may
-    # return the confusing 'i386' if running a 32-bit kernel, but chances
-    # are the binary is x86_64 (or more generally 'Intel') compatible.
-    set(arch "Intel")
-else ()
-    set (arch ${CMAKE_SYSTEM_PROCESSOR})
-endif ()
-
-set(CPACK_PACKAGE_FILE_NAME "${CPACK_PACKAGE_FILE_NAME}-${arch}")
--- a/cmake/SetPackageGenerators.cmake
+++ b/cmake/SetPackageGenerators.cmake
@ -1,23 +0,0 @@
-# Sets the list of desired package types to be created by the make
-# package target.  A .tar.gz is always made, and depending on the
-# operating system, more are added:
-#
-# Darwin - PackageMaker
-# Linux - RPM if the platform has rpmbuild installed
-#         DEB is ommitted because CPack does not give enough
-#         control over how the package is created and lacks support
-#         for automatic dependency detection.
-#         
-#
-# CPACK_GENERATOR is set by this module
-
-set(CPACK_GENERATOR TGZ)
-set(CPACK_SOURCE_GENERATOR TGZ)
-if (APPLE)
-    list(APPEND CPACK_GENERATOR PackageMaker)
-elseif (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
-    find_program(RPMBUILD_EXE rpmbuild)
-    if (RPMBUILD_EXE)
-        set(CPACK_GENERATOR ${CPACK_GENERATOR} RPM)
-    endif ()
-endif ()
--- a/cmake/SetPackageVersion.cmake
+++ b/cmake/SetPackageVersion.cmake
@ -1,27 +0,0 @@
-# Sets CPack version variables by splitting the first macro argument
-# using "." as a delimiter.  If the length of the split list is
-# greater than 2, all remaining elements are tacked on to the patch
-# level version.
-
-macro(SetPackageVersion _version)
-    string(REPLACE "." " " version_numbers ${_version})
-    separate_arguments(version_numbers)
-
-    list(GET version_numbers 0 CPACK_PACKAGE_VERSION_MAJOR)
-    list(REMOVE_AT version_numbers 0)
-    list(GET version_numbers 0 CPACK_PACKAGE_VERSION_MINOR)
-    list(REMOVE_AT version_numbers 0)
-    list(LENGTH version_numbers version_length)
-
-    while (version_length GREATER 0)
-        list(GET version_numbers 0 patch_level)
-        if (CPACK_PACKAGE_VERSION_PATCH)
-            set(CPACK_PACKAGE_VERSION_PATCH
-                "${CPACK_PACKAGE_VERSION_PATCH}.${patch_level}")
-        else ()
-            set(CPACK_PACKAGE_VERSION_PATCH ${patch_level})
-        endif ()
-        list(REMOVE_AT version_numbers 0)
-        list(LENGTH version_numbers version_length)
-    endwhile ()
-endmacro(SetPackageVersion)
--- a/cmake/cmake_uninstall.cmake.in
+++ b/cmake/cmake_uninstall.cmake.in
@ -8,7 +8,7 @@ function(uninstall_manifest manifestPath)
            message(STATUS "Uninstalling: ${fileName}")

            execute_process(
-                COMMAND @CMAKE_COMMAND@ -E remove "${fileName}"
+                COMMAND "@CMAKE_COMMAND@" -E remove "${fileName}"
                OUTPUT_VARIABLE rm_out
                RESULT_VARIABLE rm_retval
            )
--- a/cmake/package_postupgrade.sh.in
+++ b/cmake/package_postupgrade.sh.in
@ -0,0 +1,70 @@
+#!/bin/sh
+
+# This script is meant to be used by binary packages post-installation.
+# Variables between @ symbols are replaced by CMake at configure time.
+
+backupNamesFile=/tmp/bro_install_backups
+version=@VERSION@
+newFiles=""
+
+# check whether it's safe to remove backup configuration files that
+# the most recent package install created
+
+if [ -e ${backupNamesFile} ]; then
+    backupFileList=`cat ${backupNamesFile}`
+
+    for backupFile in ${backupFileList}; do
+        origFileName=`echo ${backupFile} | sed 's/\(.*\)\..*/\1/'`
+
+        diff ${origFileName} ${backupFile} > /dev/null 2>&1
+
+        if [ $? -eq 0 ]; then
+            # if the installed version and the backup version don't differ
+            # then we can remove the backup version
+            rm ${backupFile}
+        else
+            # The backup file differs from the newly installed version,
+            # since we can't tell if the backup version has been modified
+            # by the user, we should restore it to its original location
+            # and rename the new version appropriately.
+
+            newFileName=${origFileName}.${version}
+            newFiles="${newFiles}\n${newFileName}"
+
+            mv ${origFileName} ${newFileName}
+            mv ${backupFile} ${origFileName}
+        fi
+
+    done
+
+    rm ${backupNamesFile}
+fi
+
+if [ -n "${newFiles}" ]; then
+# Use some apple script to display a message to user
+/usr/bin/osascript << EOF
+    tell application "System Events"
+        activate
+        display alert "Existing configuration files differ from the ones that would be installed by this package.  To avoid overwriting configuration which you may have modified, the following new config files have been installed:\n${newFiles}\n\nIf you have previously modified configuration files, please make sure that they are still compatible, else you should update your config files to the new versions."
+    end tell
+EOF
+fi
+
+# make sure that world-writeable dirs have the sticky bit set
+# so that unprivileged can't rename/remove files within
+
+if [ -d /var/opt/bro/spool ]; then
+    chmod +t /var/opt/bro/spool
+fi
+
+if [ -d /var/opt/bro/spool/tmp ]; then
+    chmod +t /var/opt/bro/spool/tmp
+fi
+
+if [ -d /var/opt/bro/spool/policy ]; then
+    chmod +t /var/opt/bro/spool/policy
+fi
+
+if [ -d /var/opt/bro/logs ]; then
+    chmod +t /var/opt/bro/logs
+fi
--- a/cmake/package_preinstall.sh.in
+++ b/cmake/package_preinstall.sh.in
@ -0,0 +1,34 @@
+#!/bin/sh
+
+# This script is meant to be used by binary packages pre-installation.
+# Variables between @ symbols are replaced by CMake at configure time.
+
+configFiles="@INSTALLED_CONFIG_FILES@"
+backupNamesFile=/tmp/bro_install_backups
+
+# Checks if a config file exists in a default location and makes a backup
+# so that a modified version is not clobbered
+backupFile () {
+    origFile="$1"
+
+    if [ -e ${origFile} ]; then
+        # choose a file suffix that doesn't already exist
+        ver=1
+        while [ -e ${origFile}.${ver} ]; do
+            ver=$(( ver + 1 ))
+        done
+
+        backupFile=${origFile}.${ver}
+
+        cp ${origFile} ${backupFile}
+
+        # the post upgrade script will check whether the installed
+        # config file actually differs from existing version
+        # and delete unnecessary backups
+        echo "${backupFile}" >> ${backupNamesFile}
+    fi
+}
+
+for file in ${configFiles}; do
+    backupFile "${file}"
+done
--- a/config.h.in
+++ b/config.h.in
@ -146,3 +146,6 @@

 /* Define u_int8_t */
 #define u_int8_t @U_INT8_T@
+
+/* Whether llabs will be ambiguous in stdlib.h and cstdlib headers */
+#cmakedefine DARWIN_NO_LLABS
--- a/74
+++ b/74
@ -2,6 +2,8 @@
 # Convenience wrapper for easily viewing/setting options that
 # the project's CMake scripts will recognize

+command="$0 $*"
+
 # check for `cmake` command
 type cmake > /dev/null 2>&1 || {
    echo "\
@ -38,11 +40,26 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
    --with-bind=PATH       path to BIND install root
    --with-pcap=PATH       path to libpcap install root
    --with-binpac=PATH     path to BinPAC install root
+    --with-flex=PATH       path to flex executable
+    --with-bison=PATH      path to bison executable
+    --with-perl=PATH       path to perl executable

  Optional Packages in Non-Standard Locations:
    --with-libmagic=PATH   path to libmagic install root
    --with-geoip=PATH      path to the libGeoIP install root
    --with-perftools=PATH  path to Google Perftools install root
+    --with-python=PATH     path to Python interpreter
+    --with-python-lib=PATH path to libpython
+    --with-python-inc=PATH path to Python headers
+    --with-swig=PATH       path to SWIG executable
+
+  Packaging Options (for developers):
+    --ignore-dirs=PATHS    paths to ignore when creating source package
+                           (semicolon delimited and quoted when multiple)
+    --pkg-name-prefix=NAME use the given name as the package prefix instead
+                           of the default CMake project name
+    --osx-sysroot=PATH     path to the OS X SDK to compile against
+    --osx-min-version=VER  minimum OS X version (the deployment target)

  Influential Environment Variables (only on first invocation
  per build directory):
@ -79,6 +96,7 @@ append_cache_entry INSTALL_AUX_TOOLS    BOOL   true
 append_cache_entry INSTALL_BROCCOLI     BOOL   true
 append_cache_entry INSTALL_BROCTL       BOOL   true
 append_cache_entry STANDALONE           BOOL   true
+append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING

 # parse arguments
 while [ $# -ne 0 ]; do
@ -146,6 +164,15 @@ while [ $# -ne 0 ]; do
        --with-binpac=*)
            append_cache_entry BinPAC_ROOT_DIR PATH $optarg
            ;;
+        --with-flex=*)
+            append_cache_entry FLEX_EXECUTABLE PATH $optarg
+            ;;
+        --with-bison=*)
+            append_cache_entry BISON_EXECUTABLE PATH $optarg
+            ;;
+        --with-perl=*)
+            append_cache_entry PERL_EXECUTABLE PATH $optarg
+            ;;
        --with-libmagic=*)
            append_cache_entry LibMagic_ROOT_DIR PATH $optarg
            ;;
@ -155,6 +182,31 @@ while [ $# -ne 0 ]; do
        --with-perftools=*)
            append_cache_entry GooglePerftools_ROOT_DIR PATH $optarg
            ;;
+        --with-python=*)
+            append_cache_entry PYTHON_EXECUTABLE    PATH    $optarg
+            ;;
+        --with-python-lib=*)
+            append_cache_entry PYTHON_LIBRARY       PATH    $optarg
+            ;;
+        --with-python-inc=*)
+            append_cache_entry PYTHON_INCLUDE_DIR   PATH    $optarg
+            append_cache_entry PYTHON_INCLUDE_PATH  PATH    $optarg
+            ;;
+        --with-swig=*)
+            append_cache_entry SWIG_EXECUTABLE      PATH    $optarg
+            ;;
+        --ignore-dirs=*)
+            append_cache_entry CPACK_SOURCE_IGNORE_FILES STRING $optarg
+            ;;
+        --pkg-name-prefix=*)
+            append_cache_entry PACKAGE_NAME_PREFIX STRING $optarg
+            ;;
+        --osx-sysroot=*)
+            append_cache_entry CMAKE_OSX_SYSROOT PATH $optarg
+            ;;
+        --osx-min-version=*)
+            append_cache_entry CMAKE_OSX_DEPLOYMENT_TARGET STRING $optarg
+            ;;
        *)
            echo "Invalid option '$1'.  Try $0 --help to see available options."
            exit 1
@ -166,21 +218,9 @@ done
 if [ -d $builddir ]; then
    # If build directory exists, check if it has a CMake cache
    if [ -f $builddir/CMakeCache.txt ]; then
-        # If the Cmake cache exists, then check that it thinks
-        # the source tree exists where it's currently located
-        cmakehomedir=`grep CMAKE_HOME_DIRECTORY $builddir/CMakeCache.txt | \
-                      sed 's/CMAKE_HOME_DIRECTORY:INTERNAL=//g'`
-        if [ "$cmakehomedir" != "$sourcedir" ]; then
-            # The source tree moved since the build was last configured
-            echo "\
-The source tree has been moved from:
-    $cmakehomedir
-to:
-    $sourcedir
-To reconfigure in the new source directory, please delete:
-    $builddir/CMakeCache.txt" >&2
-            exit 1
-        fi
+        # If the CMake cache exists, delete it so that this configuration
+        # is not tainted by a previous one
+        rm -f $builddir/CMakeCache.txt
    fi
 else
    # Create build directory
@ -196,3 +236,7 @@ if [ -n "$CMakeGenerator" ]; then
 else
    cmake $CMakeCacheEntries $sourcedir
 fi
+
+echo "# This is the command used to configure this build" > config.status
+echo $command >> config.status
+chmod u+x config.status
--- a/67
+++ b/67
@ -0,0 +1,67 @@
+#!/bin/sh
+
+# This script creates binary packages for Mac OS X.
+# They can be found in build/ after running.
+
+# CMake/CPack versions before 2.8.2 have bugs that can create bad packages
+CMAKE_PACK_REQ=2.8.3
+CMAKE_VER=`cmake -version`
+
+if [ "${CMAKE_VER}" \< "${CMAKE_PACK_REQ}" ]; then
+    echo "Package creation requires CMake > 2.8.2" >&2
+    exit 1
+fi
+
+type sw_vers > /dev/null 2>&1 || {
+    echo "Unable to get Mac OS X version" >&2;
+    exit 1;
+}
+
+# Get the OS X minor version
+# 5 = Leopard, 6 = Snow Leopard, 7 = Lion ...
+osx_ver=`sw_vers | sed -n 's/ProductVersion://p' | cut -d . -f 2`
+
+if [ ${osx_ver} -lt 5 ]; then
+    echo "Packages for OS X < 10.5 are not supported" >&2
+    exit 1
+elif [ ${osx_ver} -eq 5 ]; then
+    # On OS X 10.5, the x86_64 version of libresolv is broken,
+    # so we build for i386 as the easiest solution
+    arch=i386
+else
+    # Currently it's just easiest to build the 10.5 package on
+    # on 10.5, but if it weren't for the libresolv issue, we could
+    # potentially build packages for older OS X version by using the
+    # --osx-sysroot and --osx-min-version options
+    arch=x86_64
+fi
+
+# Minimum Bro
+CMAKE_OSX_ARCHITECTURES=${arch} ./configure --prefix=/opt/bro \
+    --disable-broccoli --disable-broctl --pkg-name-prefix=Bro
+cd build
+make package
+cd ..
+
+# Full Bro package
+CMAKE_OSX_ARCHITECTURES=${arch} ./configure --prefix=/opt/bro \
+    --pkg-name-prefix=Bro-all
+cd build
+make package
+cd ..
+
+# Broccoli
+cd aux/broccoli
+CMAKE_OSX_ARCHITECTURES=${arch} ./configure --prefix=/opt/bro
+cd build
+make package
+mv Broccoli*.dmg ../../../build/
+cd ../../..
+
+# Broctl
+cd aux/broctl
+CMAKE_OSX_ARCHITECTURES=${arch} ./configure --prefix=/opt/bro
+cd build
+make package
+mv Broctl*.dmg ../../../build/
+cd ../../..
--- a/42
+++ b/42
@ -0,0 +1,42 @@
+#!/bin/sh
+
+# This script generates binary RPM packages.
+# They can be found in build/ after running.
+
+# CMake/CPack versions before 2.8.2 have bugs that can create bad packages
+CMAKE_PACK_REQ=2.8.2
+CMAKE_VER=`cmake -version`
+
+if [ "${CMAKE_VER}" \< "${CMAKE_PACK_REQ}" ]; then
+    echo "Package creation requires CMake > 2.8.2" >&2
+    exit 1
+fi
+
+# Minimum Bro
+./configure --prefix=/opt/bro --disable-broccoli --disable-broctl \
+            --pkg-name-prefix=Bro
+cd build
+make package
+cd ..
+
+# Full Bro package
+./configure --prefix=/opt/bro --pkg-name-prefix=Bro-all
+cd build
+make package
+cd ..
+
+# Broccoli
+cd aux/broccoli
+./configure --prefix=/opt/bro
+cd build
+make package
+mv Broccoli*.rpm ../../../build/
+cd ../../..
+
+# Broctl
+cd aux/broctl
+./configure --prefix=/opt/bro
+cd build
+make package
+mv Broctl*.rpm ../../../build/
+cd ../../..
--- a/policy/bro.init
+++ b/policy/bro.init
@ -264,6 +264,14 @@ type geo_location: record {
 	longitude: double;
 };

+type entropy_test_result: record {
+	entropy: double;
+	chi_square: double;
+	mean: double;
+	monte_carlo_pi: double;
+	serial_correlation: double;
+};
+
 # Prototypes of Bro built-in functions.
@load strings.bif.bro
@load bro.bif.bro
@ -904,8 +912,8 @@ global dns_skip_all_addl = T &redef;
 global dns_max_queries = 5;

 # The maxiumum size in bytes for an SSL cipherspec.  If we see a packet that
-# has bigger cipherspecs, we warn and won't do a comparisons of cipherspecs.
-const ssl_max_cipherspec_size = 45 &redef;
+# has bigger cipherspecs, we won't do a comparisons of cipherspecs.
+const ssl_max_cipherspec_size = 68 &redef;

 # SSL and X.509 types.
 type cipher_suites_list: set[count];
--- a/policy/heavy.http.bro
+++ b/policy/heavy.http.bro
@ -1,3 +0,0 @@
-# $Id: heavy.http.bro 4723 2007-08-07 18:14:35Z vern $
-
-redef http_sessions &write_expire = 5 hrs;
--- a/policy/http-header.bro
+++ b/policy/http-header.bro
@ -2,6 +2,8 @@

 # Prints out detailed HTTP headers.

+@load http
+
 module HTTP;

 export {
--- a/policy/http.bro
+++ b/policy/http.bro
@ -79,17 +79,8 @@ type http_session_info: record {

 const http_log = open_log_file("http") &redef;

-# Called when an HTTP session times out.
-global expire_http_session:
-	function(t: table[conn_id] of http_session_info, id: conn_id)
-		: interval;
-
 export {
-	# Indexed by conn_id.
-	# (Exported so that we can define a timeout on it.)
-	global http_sessions: table[conn_id] of http_session_info
-			&expire_func = expire_http_session
-			&read_expire = 15 min;
+	global http_sessions: table[conn_id] of http_session_info;
 }

 global http_session_id = 0;
@ -202,30 +193,6 @@ event connection_state_remove(c: connection)
 	delete http_sessions[c$id];
 	}

-function expire_http_session(t: table[conn_id] of http_session_info,
-				id: conn_id): interval
-	{
-	### FIXME: not really clear that we need this function at all ...
-	#
-	# One would think that connection_state_remove() already takes care
-	# of everything.  However, without this expire-handler, some requests
-	# don't show up with the test-suite (but haven't reproduced with
-	# smaller traces) - Robin.
-
-	local s = http_sessions[id];
-	finish_stream(id, s$id, s$request_stream);
-	return 0 sec;
-	}
-
-# event connection_timeout(c: connection)
-# 	{
-# 	if ( ! maintain_http_sessions )
-# 		{
-# 		local id = c$id;
-# 		if ( [id$orig_h, id$resp_h] in http_sessions )
-# 			delete http_sessions[id$orig_h, id$resp_h];
-# 		}
-# 	}

 # event http_stats(c: connection, stats: http_stats_rec)
 # 	{
--- a/policy/login.bro
+++ b/policy/login.bro
@ -544,10 +544,7 @@ event login_confused(c: connection, msg: string, line: string)

 	append_addl(c, "<confused>");

-	if ( line == "" )
-		print Weird::weird_file, fmt("%.6f %s %s", network_time(), id_string(c$id), msg);
-	else
-		print Weird::weird_file, fmt("%.6f %s %s (%s)", network_time(), id_string(c$id), msg, line);
+	event conn_weird_addl(msg, c, line);

 	set_record_packets(c$id, T);
 	}
--- a/policy/portmapper.bro
+++ b/policy/portmapper.bro
@ -4,6 +4,7 @@
@load hot
@load conn
@load weird
+@load scan

 module Portmapper;

--- a/policy/ssl-ciphers.bro
+++ b/policy/ssl-ciphers.bro
--- a/policy/ssl.bro
+++ b/policy/ssl.bro
@ -85,29 +85,28 @@ const myWeakCiphers: set[count] = {
 	SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
 	SSLv20_CK_DES_64_CBC_WITH_MD5,

-	SSLv3x_NULL_WITH_NULL_NULL,
-	SSLv3x_RSA_WITH_NULL_MD5,
-	SSLv3x_RSA_WITH_NULL_SHA,
-	SSLv3x_RSA_EXPORT_WITH_RC4_40_MD5,
-	SSLv3x_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
-	SSLv3x_RSA_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_RSA_WITH_DES_CBC_SHA,
+	TLS_NULL_WITH_NULL_NULL,
+	TLS_RSA_WITH_NULL_MD5,
+	TLS_RSA_WITH_NULL_SHA,
+	TLS_RSA_EXPORT_WITH_RC4_40_MD5,
+	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_RSA_WITH_DES_CBC_SHA,

-	SSLv3x_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_DH_DSS_WITH_DES_CBC_SHA,
-	SSLv3x_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_DH_RSA_WITH_DES_CBC_SHA,
-	SSLv3x_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_DHE_DSS_WITH_DES_CBC_SHA,
-	SSLv3x_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_DHE_RSA_WITH_DES_CBC_SHA,
+	TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DH_DSS_WITH_DES_CBC_SHA,
+	TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DH_RSA_WITH_DES_CBC_SHA,
+	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DHE_DSS_WITH_DES_CBC_SHA,
+	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DHE_RSA_WITH_DES_CBC_SHA,

-	SSLv3x_DH_anon_EXPORT_WITH_RC4_40_MD5,
-	SSLv3x_DH_anon_WITH_RC4_128_MD5,
-	SSLv3x_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
-	SSLv3x_DH_anon_WITH_DES_CBC_SHA,
-	SSLv3x_DH_anon_WITH_3DES_EDE_CBC_SHA,
-	SSLv3x_FORTEZZA_KEA_WITH_NULL_SHA
+	TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
+	TLS_DH_ANON_WITH_RC4_128_MD5,
+	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DH_ANON_WITH_DES_CBC_SHA,
+	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
 };

 const x509_ignore_errors: set[int] = {
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@ -160,7 +160,7 @@ macro(BINPAC_TARGET pacFile)
    add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.h
                              ${CMAKE_CURRENT_BINARY_DIR}/${basename}_pac.cc
                       COMMAND ${BinPAC_EXE}
-                       ARGS -d ${CMAKE_CURRENT_BINARY_DIR}
+                       ARGS -q -d ${CMAKE_CURRENT_BINARY_DIR}
                            -I ${CMAKE_CURRENT_SOURCE_DIR}
                            ${CMAKE_CURRENT_SOURCE_DIR}/${pacFile}
                       DEPENDS ${BinPAC_EXE} ${pacFile}
@ -177,9 +177,9 @@ binpac_target(binpac_bro-lib.pac)
 binpac_target(bittorrent.pac
    bittorrent-protocol.pac bittorrent-analyzer.pac)
 binpac_target(dce_rpc.pac
-    dce_rpc-protocol.pac dce_rpc-analyzer.pac)
+    dce_rpc-protocol.pac dce_rpc-analyzer.pac epmapper.pac)
 binpac_target(dce_rpc_simple.pac
-    dce_rpc-protocol.pac)
+    dce_rpc-protocol.pac epmapper.pac)
 binpac_target(dhcp.pac
    dhcp-protocol.pac dhcp-analyzer.pac)
 binpac_target(dns.pac
@ -217,6 +217,8 @@ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/DebugCmdConstants.h
 )

 set(dns_SRCS nb_dns.c nb_dns.h)
+set_source_files_properties(nb_dns.c PROPERTIES COMPILE_FLAGS
+                            -fno-strict-aliasing)

 set(openssl_SRCS X509.cc SSLCiphers.cc SSLInterpreter.cc SSLProxy.cc
                 SSLv2.cc SSLv3.cc SSLv3Automaton.cc)
@ -320,6 +322,7 @@ set(bro_SRCS
    PrefixTable.cc
    PriorityQueue.cc
    Queue.cc
+    RandTest.cc
    RE.cc
    RPC.cc
    Reassem.cc
--- a/src/ConnCompressor.cc
+++ b/src/ConnCompressor.cc
@ -391,26 +391,6 @@ Connection* ConnCompressor::NextFromOrig(PendingConn* pending, double t,
 			{
 			if ( (tp->th_flags & TH_ACK) && ! pending->ACK )
 				Weird(pending, t, "repeated_SYN_with_ack");
-			else
-				{
-				// We adjust the start-time. Unfortunately
-				// this means that we have to create a new
-				// PendingConn as all of them need to be
-				// monotonically increasing in time. This
-				// leads to some inconsistencies with TCP.cc,
-				// as by doing this we basically restart our
-				// attempt_timer.
-
-				pending = MoveState(t, pending);
-
-				// Removing is necessary because the key
-				// will be destroyed at some point.
-				conns.Remove(&pending->key, sizeof(pending->key),
-						pending->hash, true);
-				conns.Dictionary::Insert(&pending->key,
-					sizeof(pending->key), pending->hash,
-					MakeMapPtr(pending), 0);
-				}
 			}

 		else
@ -715,17 +695,6 @@ uint8 ConnCompressor::MakeFlags(const PendingConn* c) const
 	return tcp_flags;
 	}

-ConnCompressor::PendingConn* ConnCompressor::MoveState(double time,
-							PendingConn* c)
-	{
-	PendingConn* nc = MakeNewState(time);
-	memcpy(nc, c, sizeof(PendingConn));
-	c->invalid = 1;
-	nc->time = time;
-	++sizes.pending_in_mem;
-	return nc;
-	}
-
 ConnCompressor::PendingConn* ConnCompressor::MakeNewState(double t)
 	{
 	// See if there is enough space in the current block.
--- a/src/ConnCompressor.h
+++ b/src/ConnCompressor.h
@ -138,10 +138,6 @@ private:
 	// Fakes a TCP packet based on the available information.
 	const IP_Hdr* PendingConnToPacket(const PendingConn* c);

-	// For changing the timestamp of PendingConn - allocates a new one,
-	// sets the given time, and copies all other data from old.
-	PendingConn* MoveState(double time, PendingConn* old);
-
 	// Construct a TCP-flags byte.
 	uint8 MakeFlags(const PendingConn* c) const;

--- a/src/DCE_RPC.cc
+++ b/src/DCE_RPC.cc
@ -82,7 +82,7 @@ UUID::UUID(const char* str)
 		}

 	if ( i != 16 )
-		internal_error(fmt("invalid UUID string: %s", str));
+		internal_error("invalid UUID string: %s", str);
 	}

 typedef map<UUID, BroEnum::dce_rpc_if_id> uuid_map_t;
--- a/src/Expr.cc
+++ b/src/Expr.cc
@ -2611,7 +2611,6 @@ Val* AssignExpr::Eval(Frame* f) const
 	if ( v )
 		{
 		op1->Assign(f, v);
-		//### op1->SetAttribs();
 		return val ? val->Ref() : v->Ref();
 		}
 	else
@ -3062,13 +3061,6 @@ FieldExpr::FieldExpr(Expr* arg_op, const char* arg_field_name)
 	if ( IsError() )
 		return;

-	if ( streq(arg_field_name, "attr") )
-		{
-		field = -1;
-		SetType(op->Type()->AttributesType()->Ref());
-		return;
-		}
-
 	if ( ! IsRecord(op->Type()->Tag()) )
 		ExprError("not a record");
 	else
@ -3106,12 +3098,7 @@ void FieldExpr::Assign(Frame* f, Val* v, Opcode opcode)
 		return;

 	if ( field < 0 )
-		{
-		Val* lhs = op->Eval(f);
-		lhs->SetAttribs(v->AsRecordVal());
-		Unref(lhs);
-		return;
-		}
+		ExprError("no such field in record");

 	Val* op_v = op->Eval(f);
 	if ( op_v )
@ -3124,9 +3111,6 @@ void FieldExpr::Assign(Frame* f, Val* v, Opcode opcode)

 Val* FieldExpr::Fold(Val* v) const
 	{
-	if ( field < 0 )
-		return v->GetAttribs(true)->Ref();
-
 	Val* result = v->AsRecordVal()->Lookup(field);
 	if ( result )
 		return result->Ref();
@ -3179,24 +3163,20 @@ bool FieldExpr::DoUnserialize(UnserialInfo* info)
 	return td != 0;
 	}

-HasFieldExpr::HasFieldExpr(Expr* arg_op, const char* arg_field_name,
-			   bool arg_is_attr)
+HasFieldExpr::HasFieldExpr(Expr* arg_op, const char* arg_field_name)
 : UnaryExpr(EXPR_HAS_FIELD, arg_op)
 	{
 	field_name = arg_field_name;
-	is_attr = arg_is_attr;
 	field = 0;

 	if ( IsError() )
 		return;

-	if ( ! is_attr && ! IsRecord(op->Type()->Tag()) )
+	if ( ! IsRecord(op->Type()->Tag()) )
 		ExprError("not a record");
 	else
 		{
-		RecordType* rt = is_attr ?
-					op->Type()->AttributesType() :
-					op->Type()->AsRecordType();
+		RecordType* rt = op->Type()->AsRecordType();
 		field = rt->FieldOffset(field_name);

 		if ( field < 0 )
@ -3215,9 +3195,6 @@ Val* HasFieldExpr::Fold(Val* v) const
 	{
 	RecordVal* rec_to_look_at;

-	if ( is_attr )
-		rec_to_look_at = v->GetAttribs(false);
-	else
 	rec_to_look_at = v->AsRecordVal();

 	if ( ! rec_to_look_at )
@ -3235,12 +3212,7 @@ void HasFieldExpr::ExprDescribe(ODesc* d) const
 	op->Describe(d);

 	if ( d->IsReadable() )
-		{
-		if ( is_attr )
-			d->Add("?$$");
-		else
 		d->Add("?$");
-		}

 	if ( IsError() )
 		d->Add("<error>");
@ -3255,13 +3227,17 @@ IMPLEMENT_SERIAL(HasFieldExpr, SER_HAS_FIELD_EXPR);
 bool HasFieldExpr::DoSerialize(SerialInfo* info) const
 	{
 	DO_SERIALIZE(SER_HAS_FIELD_EXPR, UnaryExpr);
-	return SERIALIZE(is_attr) && SERIALIZE(field_name) && SERIALIZE(field);
+
+	// Serialize the former "bool is_attr" first for backwards compatibility.
+	return SERIALIZE(false) && SERIALIZE(field_name) && SERIALIZE(field);
 	}

 bool HasFieldExpr::DoUnserialize(UnserialInfo* info)
 	{
 	DO_UNSERIALIZE(UnaryExpr);
-	return UNSERIALIZE(&is_attr) && UNSERIALIZE_STR(&field_name, 0) && UNSERIALIZE(&field);
+	// Unserialize the former "bool is_attr" first for backwards compatibility.
+	bool not_used;
+	return UNSERIALIZE(&not_used) && UNSERIALIZE_STR(&field_name, 0) && UNSERIALIZE(&field);
 	}

 RecordConstructorExpr::RecordConstructorExpr(ListExpr* constructor_list)
@ -3507,8 +3483,6 @@ Val* SetConstructorExpr::Eval(Frame* f) const
 		aggr->Assign(element, 0);
 		}

-	aggr->AsTableVal()->SetAttrs(attrs);
-
 	return aggr;
 	}

--- a/src/Expr.h
+++ b/src/Expr.h
@ -709,7 +709,7 @@ protected:
 // "rec?$$attrname" is true if the attribute attrname is not nil.
 class HasFieldExpr : public UnaryExpr {
 public:
-	HasFieldExpr(Expr* op, const char* field_name, bool is_attr);
+	HasFieldExpr(Expr* op, const char* field_name);
 	~HasFieldExpr();

 protected:
--- a/src/File.cc
+++ b/src/File.cc
@ -195,10 +195,9 @@ bool BroFile::Open(FILE* file)
 	InstallRotateTimer();

 	if ( ! f )
-		{
 		f = fopen(name, access);
+
 	SetBuf(buffered);
-		}

 	if ( f )
 		{
--- a/src/HTTP.cc
+++ b/src/HTTP.cc
@ -16,16 +16,20 @@

 const bool DEBUG_http = false;

+// The EXPECT_*_NOTHING states are used to prevent further parsing. Used if a
+// message was interrupted. 
 enum {
 	EXPECT_REQUEST_LINE,
 	EXPECT_REQUEST_MESSAGE,
 	EXPECT_REQUEST_TRAILER,
+	EXPECT_REQUEST_NOTHING,
 };

 enum {
 	EXPECT_REPLY_LINE,
 	EXPECT_REPLY_MESSAGE,
 	EXPECT_REPLY_TRAILER,
+	EXPECT_REPLY_NOTHING,
 };

 HTTP_Entity::HTTP_Entity(HTTP_Message *arg_message, MIME_Entity* parent_entity, int arg_expect_body)
@ -851,7 +855,23 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
 					HTTP_Event("crud_trailing_HTTP_request",
 						   new_string_val(line, end_of_line));
 				else
+					{
+					// We do see HTTP requests with a
+					// trailing EOL that's not accounted
+					// for by the content-length. This
+					// will lead to a call to this method
+					// with len==0 while we are expecting
+					// a new request. Since HTTP servers
+					// handle such requests gracefully,
+					// we should do so as well. 
+					if ( len == 0 )
+					    Weird("empty_http_request");
+					else 
+						{
 						ProtocolViolation("not a http request line");
+						request_state = EXPECT_REQUEST_NOTHING;
+						}
+					}
 				}
 			break;

@ -861,6 +881,9 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)

 		case EXPECT_REQUEST_TRAILER:
 			break;
+
+		case EXPECT_REQUEST_NOTHING:
+			break;
 		}
 		}
 	else
@ -873,6 +896,8 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)

 				if ( unanswered_requests.empty() )
 					Weird("unmatched_HTTP_reply");
+				else
+					ProtocolConfirmation();

 				reply_state = EXPECT_REPLY_MESSAGE;
 				reply_ongoing = 1;
@ -885,7 +910,10 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
 						len);
 				}
 			else
+				{
 				ProtocolViolation("not a http reply line");
+				reply_state = EXPECT_REPLY_NOTHING;
+				}

 			break;

@ -895,6 +923,9 @@ void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)

 		case EXPECT_REPLY_TRAILER:
 			break;
+
+		case EXPECT_REPLY_NOTHING:
+			break;
 		}
 		}
 	}
@ -1042,6 +1073,7 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line)
 		// HTTP methods for distributed authoring.
 		"PROPFIND", "PROPPATCH", "MKCOL", "DELETE", "PUT",
 		"COPY", "MOVE", "LOCK", "UNLOCK",
+		"POLL", "REPORT", "SUBSCRIBE", "BMOVE",

 		"SEARCH",

@ -1256,6 +1288,9 @@ void HTTP_Analyzer::RequestMade(const int interrupted, const char* msg)

 	num_request_lines = 0;

+	if ( interrupted )
+		request_state = EXPECT_REQUEST_NOTHING;
+	else 
 		request_state = EXPECT_REQUEST_LINE;
 	}

@ -1285,6 +1320,9 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg)
 		reply_reason_phrase = 0;
 		}

+	if ( interrupted )
+		reply_state = EXPECT_REPLY_NOTHING;
+	else
 		reply_state = EXPECT_REPLY_LINE;
 	}

--- a/src/NetVar.cc
+++ b/src/NetVar.cc
@ -126,6 +126,8 @@ TableType* smb_negotiate;

 RecordType* geo_location;

+RecordType* entropy_test_result;
+
 TableType* dhcp_router_list;
 RecordType* dhcp_msg;

@ -460,6 +462,8 @@ void init_net_var()

 	geo_location = internal_type("geo_location")->AsRecordType();

+	entropy_test_result = internal_type("entropy_test_result")->AsRecordType();
+
 	dhcp_router_list = internal_type("dhcp_router_list")->AsTableType();
 	dhcp_msg = internal_type("dhcp_msg")->AsRecordType();

--- a/src/NetVar.h
+++ b/src/NetVar.h
@ -133,6 +133,8 @@ extern TableType* smb_negotiate;

 extern RecordType* geo_location;

+extern RecordType* entropy_test_result;
+
 extern TableType* dhcp_router_list;
 extern RecordType* dhcp_msg;

--- a/src/PersistenceSerializer.cc
+++ b/src/PersistenceSerializer.cc
@ -348,9 +348,6 @@ bool PersistenceSerializer::RunSerialization(SerialStatus* status)
 			status->conn_cookie = status->conns->InitForIteration();
 			status->conns->MakeRobustCookie(status->conn_cookie);
 			}
-
-		if ( status->info.may_suspend )
-			bro_logger->Log("Starting incremental serialization...");
 		}

 	else if ( cont->ChildSuspended() )
@ -480,9 +477,6 @@ bool PersistenceSerializer::RunSerialization(SerialStatus* status)
 			}
 		}

-	if ( status->info.may_suspend )
-		bro_logger->Log("Finished incremental serialization.");
-
 	delete status;
 	return ret;
 	}
--- a/src/PrefixTable.cc
+++ b/src/PrefixTable.cc
@ -99,8 +99,8 @@ void* PrefixTable::Lookup(const Val* value, bool exact) const
 		break;

 	default:
-		internal_error(fmt("Wrong index type %d for PrefixTable",
-					value->Type()->Tag()));
+		internal_error("Wrong index type %d for PrefixTable",
+		               value->Type()->Tag());
 		return 0;
 	}
 	}
--- a/src/RandTest.cc
+++ b/src/RandTest.cc
@ -0,0 +1,132 @@
+/*
+	Apply various randomness tests to a stream of bytes
+
+		by John Walker  --  September 1996
+			http://www.fourmilab.ch/random
+
+		This software is in the public domain. Permission to use, copy, modify,
+		and distribute this software and its documentation for any purpose and
+		without fee is hereby granted, without any conditions or restrictions.
+		This software is provided “as is” without express or implied warranty.
+
+	Modified for Bro by Seth Hall - July 2010
+*/
+
+#include <RandTest.h>
+
+RandTest::RandTest()
+	{
+	totalc = 0;
+	mp = 0;
+	sccfirst = 1;
+	inmont = mcount = 0;
+	cexp = montex = montey = montepi = sccu0 = scclast = scct1 = scct2 = scct3 = 0.0;
+
+	for (int i = 0; i < 256; i++)
+		{
+		ccount[i] = 0;
+		}
+	}
+
+void RandTest::add(void *buf, int bufl)
+	{
+	unsigned char *bp = (unsigned char*)buf;
+	int oc;
+
+	while (bufl-- > 0)
+		{
+		oc = *bp++;
+		ccount[oc]++;   /* Update counter for this bin */
+		totalc++;
+
+		/* Update inside / outside circle counts for Monte Carlo
+ 		   computation of PI */
+		monte[mp++] = oc;  /* Save character for Monte Carlo */
+		if (mp >= RT_MONTEN)  /* Calculate every RT_MONTEN character */
+			{
+			mp = 0;
+			mcount++;
+			montex = 0;
+			montey = 0;
+			for (int mj=0; mj < RT_MONTEN/2; mj++)
+				{
+				montex = (montex * 256.0) + monte[mj];
+				montey = (montey * 256.0) + monte[(RT_MONTEN / 2) + mj];
+				}
+			if (montex*montex + montey*montey <= RT_INCIRC)
+				{
+				inmont++;
+				}
+			}
+
+		/* Update calculation of serial correlation coefficient */
+		if (sccfirst)
+			{
+			sccfirst = 0;
+			scclast = 0;
+			sccu0 = oc;
+			}
+		else
+			{
+			scct1 = scct1 + scclast * oc;
+			}
+
+		scct2 = scct2 + oc;
+		scct3 = scct3 + (oc * oc);
+		scclast = oc;
+		oc <<= 1;
+		}
+	}
+
+void RandTest::end(double *r_ent, double *r_chisq,
+                   double *r_mean, double *r_montepicalc, double *r_scc)
+	{
+	int i;
+	double ent, chisq, scc, datasum;
+	ent = 0.0; chisq = 0.0; scc = 0.0; datasum = 0.0;
+	double prob[256];    /* Probabilities per bin for entropy */
+
+	/* Complete calculation of serial correlation coefficient */
+	scct1 = scct1 + scclast * sccu0;
+	scct2 = scct2 * scct2;
+	scc = totalc * scct3 - scct2;
+	if (scc == 0.0)
+	   scc = -100000;
+	else
+	   scc = (totalc * scct1 - scct2) / scc;
+
+	/* Scan bins and calculate probability for each bin and
+	   Chi-Square distribution.  The probability will be reused
+	   in the entropy calculation below.  While we're at it,
+	   we sum of all the data which will be used to compute the
+	   mean. */
+	cexp = totalc / 256.0;  /* Expected count per bin */
+	for (i = 0; i < 256; i++)
+		{
+		double a = ccount[i] - cexp;
+
+		prob[i] = ((double) ccount[i]) / totalc;
+		chisq += (a * a) / cexp;
+		datasum += ((double) i) * ccount[i];
+		}
+
+	/* Calculate entropy */
+	for (i = 0; i < 256; i++)
+		{
+		if (prob[i] > 0.0)
+			{
+			ent += prob[i] * rt_log2(1 / prob[i]);
+			}
+		}
+
+	/* Calculate Monte Carlo value for PI from percentage of hits
+	   within the circle */
+	montepi = 4.0 * (((double) inmont) / mcount);
+
+	/* Return results through arguments */
+	*r_ent = ent;
+	*r_chisq = chisq;
+	*r_mean = datasum / totalc;
+	*r_montepicalc = montepi;
+	*r_scc = scc;
+	}
--- a/src/RandTest.h
+++ b/src/RandTest.h
@ -0,0 +1,34 @@
+#include <math.h>
+
+#define log2of10 3.32192809488736234787
+/*  RT_LOG2  --  Calculate log to the base 2  */
+static double rt_log2(double x)
+{
+    return log2of10 * log10(x);
+}
+
+#define RT_MONTEN 6  /* Bytes used as Monte Carlo
+                        co-ordinates. This should be no more
+                        bits than the mantissa of your "double"
+                        floating point type. */
+
+// RT_INCIRC = pow(pow(256.0, (double) (RT_MONTEN / 2)) - 1, 2.0);
+#define RT_INCIRC 281474943156225.0
+
+class RandTest {
+	public:
+		RandTest();
+		void add(void *buf, int bufl);
+		void end(double *r_ent, double *r_chisq, double *r_mean,
+		         double *r_montepicalc, double *r_scc);
+
+	private:
+		long ccount[256];  /* Bins to count occurrences of values */
+		long totalc;       /* Total bytes counted */
+		int mp;
+		int sccfirst;
+		unsigned int monte[RT_MONTEN];
+		long inmont, mcount;
+		double cexp, montex, montey, montepi,
+		       sccu0, scclast, scct1, scct2, scct3;
+	};
--- a/src/RemoteSerializer.cc
+++ b/src/RemoteSerializer.cc
@ -544,6 +544,36 @@ void RemoteSerializer::Init()
 	initialized = 1;
 	}

+void RemoteSerializer::SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose)
+	{
+	int defsize = 0;
+	socklen_t len = sizeof(defsize);
+
+	if ( getsockopt(fd, SOL_SOCKET, opt, (void *)&defsize, &len) < 0 )
+		{
+		if ( verbose )
+			Log(LogInfo, fmt("warning: cannot get socket buffer size (%s): %s", what, strerror(errno)));
+		return;
+		}
+
+	for ( int trysize = size; trysize > defsize; trysize -= 1024 )
+		{
+		if ( setsockopt(fd, SOL_SOCKET, opt, &trysize, sizeof(trysize)) >= 0 )
+			{
+			if ( verbose )
+			    {
+			    if ( trysize == size )
+				    Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK", defsize / 1024, trysize / 1024));
+			    else
+				    Log(LogInfo, fmt("raised pipe's socket buffer size from %dK to %dK (%dK was requested)", defsize / 1024, trysize / 1024, size / 1024));
+			    }
+			return;
+			}
+		}
+
+	Log(LogInfo, fmt("warning: cannot increase %s socket buffer size from %dK (%dK was requested)", what, defsize / 1024, size / 1024));
+	}
+
 void RemoteSerializer::Fork()
 	{
 	if ( child_pid )
@ -562,25 +592,11 @@ void RemoteSerializer::Fork()
 		return;
 		}

-	int bufsize;
-	socklen_t len = sizeof(bufsize);
-
-	if ( getsockopt(pipe[0], SOL_SOCKET, SO_SNDBUF, &bufsize, &len ) < 0 )
-		Log(LogInfo, fmt("warning: cannot get socket buffer size: %s", strerror(errno)));
-	else
-		Log(LogInfo, fmt("pipe's socket buffer size is %d, setting to %d", bufsize, SOCKBUF_SIZE));
-
-	bufsize = SOCKBUF_SIZE;
-
-	if ( setsockopt(pipe[0], SOL_SOCKET, SO_SNDBUF,
-			&bufsize, sizeof(bufsize) ) < 0 ||
-	     setsockopt(pipe[0], SOL_SOCKET, SO_RCVBUF,
-			&bufsize, sizeof(bufsize) ) < 0 ||
-	     setsockopt(pipe[1], SOL_SOCKET, SO_SNDBUF,
-			&bufsize, sizeof(bufsize) ) < 0 ||
-	     setsockopt(pipe[1], SOL_SOCKET, SO_RCVBUF,
-			&bufsize, sizeof(bufsize) ) < 0 )
-		Log(LogInfo, fmt("warning: cannot set socket buffer size to %dK: %s", bufsize / 1024, strerror(errno)));
+	// Try to increase the size of the socket send and receive buffers.
+	SetSocketBufferSize(pipe[0], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 1);
+	SetSocketBufferSize(pipe[0], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0);
+	SetSocketBufferSize(pipe[1], SO_SNDBUF, "SO_SNDBUF", SOCKBUF_SIZE, 0);
+	SetSocketBufferSize(pipe[1], SO_RCVBUF, "SO_RCVBUF", SOCKBUF_SIZE, 0);

 	child_pid = 0;

@ -823,14 +839,9 @@ bool RemoteSerializer::SendCall(SerialInfo* info, PeerID id,
 	if ( ! peer )
 		return false;

-	// Do not send events back to originating peer.
-	if ( current_peer == peer )
-		return true;
-
 	return SendCall(info, peer, name, vl);
 	}

-
 bool RemoteSerializer::SendCall(SerialInfo* info, Peer* peer,
 					const char* name, val_list* vl)
 	{
@ -1505,13 +1516,13 @@ bool RemoteSerializer::DoMessage()
 		{
 		// We shut the connection to this peer down,
 		// so we ignore all further messages.
-		DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%d",
+		DEBUG_COMM(fmt("parent: ignoring %s due to shutdown of peer #%" PRI_SOURCE_ID,
 					msgToStr(current_msgtype),
 					current_peer ? current_peer->id : 0));
 		return true;
 		}

-	DEBUG_COMM(fmt("parent: %s from child; peer is #%d",
+	DEBUG_COMM(fmt("parent: %s from child; peer is #%" PRI_SOURCE_ID,
 			msgToStr(current_msgtype),
 			current_peer ? current_peer->id : 0));

@ -1841,10 +1852,9 @@ bool RemoteSerializer::EnterPhaseRunning(Peer* peer)
 	if ( in_sync == peer )
 		in_sync = 0;

-	current_peer->phase = Peer::RUNNING;
+	peer->phase = Peer::RUNNING;
 	Log(LogInfo, "phase: running", peer);
-
-	RaiseEvent(remote_connection_handshake_done, current_peer);
+	RaiseEvent(remote_connection_handshake_done, peer);

 	if ( remote_trace_sync_interval )
 		{
@ -2008,12 +2018,11 @@ bool RemoteSerializer::HandshakeDone(Peer* peer)
 			return false;
 #endif

-	if ( ! (current_peer->caps & Peer::PID_64BIT) )
-		Log(LogInfo, "peer does not support 64bit PIDs; using compatibility mode", current_peer);
+	if ( ! (peer->caps & Peer::PID_64BIT) )
+		Log(LogInfo, "peer does not support 64bit PIDs; using compatibility mode", peer);

-	if ( (current_peer->caps & Peer::NEW_CACHE_STRATEGY) )
-		Log(LogInfo, "peer supports keep-in-cache; using that",
-			current_peer);
+	if ( (peer->caps & Peer::NEW_CACHE_STRATEGY) )
+		Log(LogInfo, "peer supports keep-in-cache; using that", peer);

 	if ( peer->sync_requested != Peer::NONE )
 		{
@ -2030,7 +2039,7 @@ bool RemoteSerializer::HandshakeDone(Peer* peer)
 			{
 			Log(LogError, "misconfiguration: authoritative state on both sides",
 				current_peer);
-			CloseConnection(current_peer);
+			CloseConnection(peer);
 			return false;
 			}

@ -2610,7 +2619,7 @@ bool RemoteSerializer::SendCMsgToChild(char msg_type, Peer* peer)

 bool RemoteSerializer::SendToChild(char type, Peer* peer, char* str, int len)
 	{
-	DEBUG_COMM(fmt("parent: (->child) %s (#%d, %s)", msgToStr(type), peer ? peer->id : PEER_NONE, str));
+	DEBUG_COMM(fmt("parent: (->child) %s (#%" PRI_SOURCE_ID ", %s)", msgToStr(type), peer ? peer->id : PEER_NONE, str));

 	if ( ! child_pid )
 		return false;
@ -2634,7 +2643,7 @@ bool RemoteSerializer::SendToChild(char type, Peer* peer, int nargs, ...)

 #ifdef DEBUG
 	va_start(ap, nargs);
-	DEBUG_COMM(fmt("parent: (->child) %s (#%d,%s)",
+	DEBUG_COMM(fmt("parent: (->child) %s (#%" PRI_SOURCE_ID ",%s)",
 			msgToStr(type), peer ? peer->id : PEER_NONE, fmt_uint32s(nargs, ap)));
 	va_end(ap);
 #endif
@ -3065,7 +3074,7 @@ bool SocketComm::ProcessParentMessage()
 			}

 		default:
-			internal_error(fmt("unknown msg type %d", parent_msgtype));
+			internal_error("unknown msg type %d", parent_msgtype);
 			return true;
 		}

@ -3235,7 +3244,7 @@ bool SocketComm::ForwardChunkToPeer()
 		{
 #ifdef DEBUG
 		if ( parent_peer )
-			DEBUG_COMM(fmt("child: not connected to #%d", parent_id));
+			DEBUG_COMM(fmt("child: not connected to #%" PRI_SOURCE_ID, parent_id));
 #endif
 		}

@ -3318,7 +3327,7 @@ bool SocketComm::ProcessRemoteMessage(SocketComm::Peer* peer)

 		CMsg* msg = (CMsg*) c->data;

-		DEBUG_COMM(fmt("child: %s from peer #%d",
+		DEBUG_COMM(fmt("child: %s from peer #%" PRI_SOURCE_ID,
 				msgToStr(msg->Type()), peer->id));

 		switch ( msg->Type() ) {
@ -3795,7 +3804,7 @@ bool SocketComm::SendToParent(char type, Peer* peer, const char* str, int len)
 #ifdef DEBUG
 	// str  may already by constructed with fmt()
 	const char* tmp = copy_string(str);
-	DEBUG_COMM(fmt("child: (->parent) %s (#%d, %s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, tmp));
+	DEBUG_COMM(fmt("child: (->parent) %s (#%" PRI_SOURCE_ID ", %s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, tmp));
 	delete [] tmp;
 #endif
 	if ( sendToIO(io, type, peer ? peer->id : RemoteSerializer::PEER_NONE,
@ -3814,7 +3823,7 @@ bool SocketComm::SendToParent(char type, Peer* peer, int nargs, ...)

 #ifdef DEBUG
 	va_start(ap,nargs);
-	DEBUG_COMM(fmt("child: (->parent) %s (#%d,%s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, fmt_uint32s(nargs, ap)));
+	DEBUG_COMM(fmt("child: (->parent) %s (#%" PRI_SOURCE_ID ",%s)", msgToStr(type), peer ? peer->id : RemoteSerializer::PEER_NONE, fmt_uint32s(nargs, ap)));
 	va_end(ap);
 #endif

@ -3850,7 +3859,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, const char* str, int len)
 #ifdef DEBUG
 	// str  may already by constructed with fmt()
 	const char* tmp = copy_string(str);
-	DEBUG_COMM(fmt("child: (->peer) %s to #%d (%s)", msgToStr(type), peer->id, tmp));
+	DEBUG_COMM(fmt("child: (->peer) %s to #%" PRI_SOURCE_ID " (%s)", msgToStr(type), peer->id, tmp));
 	delete [] tmp;
 #endif

@ -3869,7 +3878,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...)

 #ifdef DEBUG
 	va_start(ap,nargs);
-	DEBUG_COMM(fmt("child: (->peer) %s to #%d (%s)",
+	DEBUG_COMM(fmt("child: (->peer) %s to #%" PRI_SOURCE_ID " (%s)",
 			msgToStr(type), peer->id, fmt_uint32s(nargs, ap)));
 	va_end(ap);
 #endif
@ -3890,7 +3899,7 @@ bool SocketComm::SendToPeer(Peer* peer, char type, int nargs, ...)

 bool SocketComm::SendToPeer(Peer* peer, ChunkedIO::Chunk* c)
 	{
-	DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%d", c->len, peer->id));
+	DEBUG_COMM(fmt("child: (->peer) chunk of size %d to #%" PRI_SOURCE_ID, c->len, peer->id));
 	if ( ! sendToIO(peer->io, c) )
 		{
 		Error(fmt("child: write error %s", io->Error()), peer);
--- a/src/RemoteSerializer.h
+++ b/src/RemoteSerializer.h
@ -297,6 +297,8 @@ protected:
 	bool SendToChild(char type, Peer* peer, int nargs, ...); // can send uints32 only
 	bool SendToChild(ChunkedIO::Chunk* c);

+	void SetSocketBufferSize(int fd, int opt, const char *what, int size, int verbose);
+
 private:
 	enum { TYPE, ARGS } msgstate;	// current state of reading comm.
 	Peer* current_peer;
--- a/src/SMB.cc
+++ b/src/SMB.cc
@ -166,7 +166,7 @@ void SMB_Session::Deliver(int is_orig, int len, const u_char* data)
 			const u_char* tmp = data_start + next;
 			if ( data_start + next < data + body.length() )
 				{
-				Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %d", next, data + body.length() - data_start));
+				Weird(fmt("ANDX buffer overlapping: next = %d, buffer_end = %" PRIuPTR, next, data + body.length() - data_start));
 				break;
 				}

@ -480,8 +480,8 @@ int SMB_Session::ParseTreeConnectAndx(binpac::SMB::SMB_header const& hdr,
 	r->Assign(0, new Val(req.flags(), TYPE_COUNT));
 	r->Assign(1, new StringVal(req.password_length(),
 					(const char*) req.password()));
-	r->Assign(3, new StringVal(path));
-	r->Assign(4, new StringVal(service));
+	r->Assign(2, new StringVal(path));
+	r->Assign(3, new StringVal(service));

 	if ( strstr_n(norm_path->Len(), norm_path->Bytes(), 5,
 		      (const u_char*) "\\IPC$") != -1 )
--- a/src/SSLCiphers.cc
+++ b/src/SSLCiphers.cc
@ -319,52 +319,52 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
 		168,
 		160
 	},
-	{ TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
+	{ TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
 		SSL_CIPHER_TYPE_STREAM,
 		SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_RC4,
 		SSL_MAC_MD5,
-		SSL_KEY_EXCHANGE_DH_ANON_EXPORT,
+		SSL_KEY_EXCHANGE_DH_anon_EXPORT,
 		0,
 		40,
 		128
 	},
-	{ TLS_DH_ANON_WITH_RC4_128_MD5,
+	{ TLS_DH_anon_WITH_RC4_128_MD5,
 		SSL_CIPHER_TYPE_STREAM,
 		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_RC4,
 		SSL_MAC_MD5,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		128,
 		128
 	},
-	{ TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
+	{ TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
 		SSL_FLAG_EXPORT | SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_DES40,
 		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		40,
 		160
 	},
-	{ TLS_DH_ANON_WITH_DES_CBC_SHA,
+	{ TLS_DH_anon_WITH_DES_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
 		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_DES,
 		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		56,
 		160
 	},
-	{ TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
+	{ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
 		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_3DES,
 		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		168,
 		160
@ -389,16 +389,48 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
 		96,
 		160
 	},
-	{ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA,
-		SSL_CIPHER_TYPE_STREAM,
-		SSL_FLAG_SSLv30,
-		SSL_CIPHER_RC4,
-		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_FORTEZZA_KEA,
+	
+	{ SSL_RSA_WITH_RC2_CBC_MD5,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv20,
+		SSL_CIPHER_RC2,
+		SSL_MAC_MD5,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		56,
+		160
+	},
+	{ SSL_RSA_WITH_IDEA_CBC_MD5,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv20,
+		SSL_CIPHER_IDEA,
+		SSL_MAC_MD5,
+		SSL_KEY_EXCHANGE_RSA,
 		0,
 		128,
 		160
 	},
+	{ SSL_RSA_WITH_DES_CBC_MD5,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv20,
+		SSL_CIPHER_DES,
+		SSL_MAC_MD5,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		56,
+		160
+	},
+	{ SSL_RSA_WITH_3DES_EDE_CBC_MD5,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv20,
+		SSL_CIPHER_3DES,
+		SSL_MAC_MD5,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		168,
+		160
+	},
+	
 	// --- special SSLv3 FIPS ciphers
 	{ SSL_RSA_FIPS_WITH_DES_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
@ -522,12 +554,12 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
 		128,
 		160
 	},
-	{ TLS_DH_ANON_WITH_AES_128_CBC_SHA,
+	{ TLS_DH_anon_WITH_AES_128_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
 		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_AES,
 		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		128,
 		160
@ -582,16 +614,459 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
 		256,
 		160
 	},
-	{ TLS_DH_ANON_WITH_AES_256_CBC_SHA,
+	{ TLS_DH_anon_WITH_AES_256_CBC_SHA,
 		SSL_CIPHER_TYPE_BLOCK,
 		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
 		SSL_CIPHER_AES,
 		SSL_MAC_SHA,
-		SSL_KEY_EXCHANGE_DH_ANON,
+		SSL_KEY_EXCHANGE_DH_anon,
 		0,
 		256,
 		160
-	}
+	},
+	{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_DSS,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_DSS,
+		0,
+		128,
+		160
+	},
+	{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_anon,
+		0,
+		128,
+		160
+	},
+	{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_DSS,
+		0,
+		256,
+		160
+	},
+	{ TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_RSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_DSS,
+		0,
+		256,
+		160
+	},
+	{ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_RSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_CAMELLIA,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_anon,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_3DES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+		0,
+		168,
+		160
+	},
+	{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+		0,
+		0,
+		160
+	},
+	{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_RC4,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_3DES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_RSA,
+		0,
+		168,
+		160
+	},
+	{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_RSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDHE_RSA_WITH_NULL_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_RSA,
+		0,
+		0,
+		160
+	},
+	{ TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_RC4,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDHE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_3DES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_ECDSA,
+		0,
+		168,
+		160
+	},
+	{ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_ECDSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_ECDSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDH_ECDSA_WITH_NULL_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_ECDSA,
+		0,
+		0,
+		160
+	},
+	{ TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_RC4,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_ECDSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_3DES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_RSA,
+		0,
+		168,
+		160
+	},
+	{ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_RSA,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDH_RSA_WITH_NULL_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_RSA,
+		0,
+		0,
+		160
+	},
+	{ TLS_ECDH_RSA_WITH_RC4_128_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_RC4,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_3DES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_anon,
+		0,
+		168,
+		160
+	},
+	{ TLS_ECDH_anon_WITH_AES_128_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_anon,
+		0,
+		128,
+		160
+	},
+	{ TLS_ECDH_anon_WITH_AES_256_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_AES,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_anon,
+		0,
+		256,
+		160
+	},
+	{ TLS_ECDH_anon_WITH_NULL_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_anon,
+		0,
+		0,
+		160
+	},
+	{ TLS_ECDH_anon_WITH_RC4_128_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_RC4,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_ECDH_anon,
+		0,
+		128,
+		160
+	},
+	{ TLS_RSA_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_DSS_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_DSS,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_RSA_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DHE_DSS_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_DSS,
+		0,
+		128,
+		160
+	},
+	{ TLS_DHE_RSA_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DHE_RSA,
+		0,
+		128,
+		160
+	},
+	{ TLS_DH_anon_WITH_SEED_CBC_SHA,
+		SSL_CIPHER_TYPE_BLOCK,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_SEED,
+		SSL_MAC_SHA,
+		SSL_KEY_EXCHANGE_DH_anon,
+		0,
+		128,
+		160
+	},
+	
+	{ TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
+		SSL_CIPHER_TYPE_NULL,
+		SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
+		SSL_CIPHER_NULL,
+		SSL_MAC_NULL,
+		SSL_KEY_EXCHANGE_NULL,
+		0,
+		0,
+		0
+	},
+	
+	
 };

 const uint SSL_CipherSpecs_Count =
--- a/src/SSLCiphers.h
+++ b/src/SSLCiphers.h
@ -51,37 +51,222 @@ enum SSL3_1_CipherSpec {
 	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA    = 0x0014,
 	TLS_DHE_RSA_WITH_DES_CBC_SHA             = 0x0015,
 	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        = 0x0016,
-	TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5     = 0x0017,
-	TLS_DH_ANON_WITH_RC4_128_MD5           = 0x0018,
-	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA  = 0x0019,
-	TLS_DH_ANON_WITH_DES_CBC_SHA           = 0x001A,
-	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA      = 0x001B,
+	TLS_DH_anon_EXPORT_WITH_RC4_40_MD5       = 0x0017,
+	TLS_DH_anon_WITH_RC4_128_MD5             = 0x0018,
+	TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA    = 0x0019,
+	TLS_DH_anon_WITH_DES_CBC_SHA             = 0x001A,
+	TLS_DH_anon_WITH_3DES_EDE_CBC_SHA        = 0x001B,
 	// --- special SSLv3 ciphers            
 	SSL_FORTEZZA_KEA_WITH_NULL_SHA           = 0x001C,
 	SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA   = 0x001D,
-	SSL_FORTEZZA_KEA_WITH_RC4_128_SHA      = 0x001E,
-	// --- special SSLv3 FIPS ciphers
-	SSL_RSA_FIPS_WITH_DES_CBC_SHA		   = 0xFEFE,
-	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA	   = 0XFEFF,
-	// --- new 56 bit export ciphers
-	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     = 0x0062,
-	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      = 0x0064,
-	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063,
-	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  = 0x0065,
-	TLS_DHE_DSS_WITH_RC4_128_SHA            = 0x0066,
+	//SSL_FORTEZZA_KEA_WITH_RC4_128_SHA        = 0x001E,
+	// -- RFC 2712 (ciphers not fully described in SSLCiphers.cc)
+	TLS_KRB5_WITH_DES_CBC_SHA                = 0x001E,
+	TLS_KRB5_WITH_3DES_EDE_CBC_SHA           = 0x001F,
+	TLS_KRB5_WITH_RC4_128_SHA                = 0x0020,
+	TLS_KRB5_WITH_IDEA_CBC_SHA               = 0x0021,
+	TLS_KRB5_WITH_DES_CBC_MD5                = 0x0022,
+	TLS_KRB5_WITH_3DES_EDE_CBC_MD5           = 0x0023,
+	TLS_KRB5_WITH_RC4_128_MD5                = 0x0024,
+	TLS_KRB5_WITH_IDEA_CBC_MD5               = 0x0025,
+	TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA      = 0x0026,
+	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA      = 0x0027,
+	TLS_KRB5_EXPORT_WITH_RC4_40_SHA          = 0x0028,
+	TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5      = 0x0029,
+	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5      = 0x002A,
+	TLS_KRB5_EXPORT_WITH_RC4_40_MD5          = 0x002B,
+	
 	// --- new AES ciphers
 	TLS_RSA_WITH_AES_128_CBC_SHA             = 0x002F,
 	TLS_DH_DSS_WITH_AES_128_CBC_SHA          = 0x0030,
 	TLS_DH_RSA_WITH_AES_128_CBC_SHA          = 0x0031,
 	TLS_DHE_DSS_WITH_AES_128_CBC_SHA         = 0x0032,
 	TLS_DHE_RSA_WITH_AES_128_CBC_SHA         = 0x0033,
-	TLS_DH_ANON_WITH_AES_128_CBC_SHA  = 0x0034,
+	TLS_DH_anon_WITH_AES_128_CBC_SHA         = 0x0034,
 	TLS_RSA_WITH_AES_256_CBC_SHA             = 0x0035,
 	TLS_DH_DSS_WITH_AES_256_CBC_SHA          = 0x0036,
 	TLS_DH_RSA_WITH_AES_256_CBC_SHA          = 0x0037,
 	TLS_DHE_DSS_WITH_AES_256_CBC_SHA         = 0x0038,
 	TLS_DHE_RSA_WITH_AES_256_CBC_SHA         = 0x0039,
-	TLS_DH_ANON_WITH_AES_256_CBC_SHA  = 0x003A
+	TLS_DH_anon_WITH_AES_256_CBC_SHA         = 0x003A,
+	TLS_RSA_WITH_NULL_SHA256                 = 0x003B,
+	TLS_RSA_WITH_AES_128_CBC_SHA256          = 0x003C,
+	TLS_RSA_WITH_AES_256_CBC_SHA256          = 0x003D,
+	TLS_DH_DSS_WITH_AES_128_CBC_SHA256       = 0x003E,
+	TLS_DH_RSA_WITH_AES_128_CBC_SHA256       = 0x003F,
+	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256      = 0x0040,
+	// -- RFC 4132
+	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        = 0x0041,
+	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA     = 0x0042,
+	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA     = 0x0043,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA    = 0x0044,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    = 0x0045,
+	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA    = 0x0046,
+	// -- Non-RFC.  Widely deployed implementation (ciphers not fully described in SSLCiphers.cc)
+	TLS_RSA_EXPORT1024_WITH_RC4_56_MD5       = 0x0060,
+	TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5   = 0x0061,
+	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA      = 0x0062,
+	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA  = 0x0063,
+	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA       = 0x0064,
+	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA   = 0x0065,
+	TLS_DHE_DSS_WITH_RC4_128_SHA             = 0x0066,
+	// -- RFC 5246 (ciphers not fully described in SSLCiphers.cc)
+	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      = 0x0067,
+	TLS_DH_DSS_WITH_AES_256_CBC_SHA256       = 0x0068,
+	TLS_DH_RSA_WITH_AES_256_CBC_SHA256       = 0x0069,
+	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256      = 0x006A,
+	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      = 0x006B,
+	TLS_DH_anon_WITH_AES_128_CBC_SHA256      = 0x006C,
+	TLS_DH_anon_WITH_AES_256_CBC_SHA256      = 0x006D,
+	// -- RFC 5932
+	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        = 0x0084,
+	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA     = 0x0085,
+	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA     = 0x0086,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA    = 0x0087,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    = 0x0088,
+	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA    = 0x0089,
+	// -- RFC 4279 (ciphers not fully described in SSLCiphers.cc)
+	TLS_PSK_WITH_RC4_128_SHA                 = 0x008A,
+	TLS_PSK_WITH_3DES_EDE_CBC_SHA            = 0x008B,
+	TLS_PSK_WITH_AES_128_CBC_SHA             = 0x008C,
+	TLS_PSK_WITH_AES_256_CBC_SHA             = 0x008D,
+	TLS_DHE_PSK_WITH_RC4_128_SHA             = 0x008E,
+	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        = 0x008F,
+	TLS_DHE_PSK_WITH_AES_128_CBC_SHA         = 0x0090,
+	TLS_DHE_PSK_WITH_AES_256_CBC_SHA         = 0x0091,
+	TLS_RSA_PSK_WITH_RC4_128_SHA             = 0x0092,
+	TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        = 0x0093,
+	TLS_RSA_PSK_WITH_AES_128_CBC_SHA         = 0x0094,
+	TLS_RSA_PSK_WITH_AES_256_CBC_SHA         = 0x0095,
+	// -- RFC 4162
+	TLS_RSA_WITH_SEED_CBC_SHA                = 0x0096,
+	TLS_DH_DSS_WITH_SEED_CBC_SHA             = 0x0097,
+	TLS_DH_RSA_WITH_SEED_CBC_SHA             = 0x0098,
+	TLS_DHE_DSS_WITH_SEED_CBC_SHA            = 0x0099,
+	TLS_DHE_RSA_WITH_SEED_CBC_SHA            = 0x009A,
+	TLS_DH_anon_WITH_SEED_CBC_SHA            = 0x009B,
+	// -- RFC 5288 (ciphers not fully described in SSLCiphers.cc)
+	TLS_RSA_WITH_AES_128_GCM_SHA256          = 0x009C,
+	TLS_RSA_WITH_AES_256_GCM_SHA384          = 0x009D,
+	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      = 0x009E,
+	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      = 0x009F,
+	TLS_DH_RSA_WITH_AES_128_GCM_SHA256       = 0x00A0,
+	TLS_DH_RSA_WITH_AES_256_GCM_SHA384       = 0x00A1,
+	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256      = 0x00A2,
+	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384      = 0x00A3,
+	TLS_DH_DSS_WITH_AES_128_GCM_SHA256       = 0x00A4,
+	TLS_DH_DSS_WITH_AES_256_GCM_SHA384       = 0x00A5,
+	TLS_DH_anon_WITH_AES_128_GCM_SHA256      = 0x00A6,
+	TLS_DH_anon_WITH_AES_256_GCM_SHA384      = 0x00A7,
+    // -- RFC 5487 (ciphers not fully described in SSLCiphers.cc)
+	TLS_PSK_WITH_AES_128_GCM_SHA256          = 0x00A8,
+	TLS_PSK_WITH_AES_256_GCM_SHA384          = 0x00A9,
+	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      = 0x00AA,
+	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      = 0x00AB,
+	TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      = 0x00AC,
+	TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      = 0x00AD,
+	TLS_PSK_WITH_AES_128_CBC_SHA256          = 0x00AE,
+	TLS_PSK_WITH_AES_256_CBC_SHA384          = 0x00AF,
+	TLS_PSK_WITH_NULL_SHA256                 = 0x00B0,
+	TLS_PSK_WITH_NULL_SHA384                 = 0x00B1,
+	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      = 0x00B2,
+	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      = 0x00B3,
+	TLS_DHE_PSK_WITH_NULL_SHA256             = 0x00B4,
+	TLS_DHE_PSK_WITH_NULL_SHA384             = 0x00B5,
+	TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      = 0x00B6,
+	TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      = 0x00B7,
+	TLS_RSA_PSK_WITH_NULL_SHA256             = 0x00B8,
+	TLS_RSA_PSK_WITH_NULL_SHA384             = 0x00B9,
+	// -- RFC 5932 (ciphers not fully described in SSLCiphers.cc)
+	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     = 0x00BA,
+	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256  = 0x00BB,
+	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256  = 0x00BC,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE,
+	TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF,
+	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     = 0x00C0,
+	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256  = 0x00C1,
+	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256  = 0x00C2,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
+	TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
+	// -- RFC 4492
+	TLS_ECDH_ECDSA_WITH_NULL_SHA             = 0xC001,
+	TLS_ECDH_ECDSA_WITH_RC4_128_SHA          = 0xC002,
+	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA     = 0xC003,
+	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      = 0xC004,
+	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      = 0xC005,
+	TLS_ECDHE_ECDSA_WITH_NULL_SHA            = 0xC006,
+	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         = 0xC007,
+	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    = 0xC008,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     = 0xC009,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     = 0xC00A,
+	TLS_ECDH_RSA_WITH_NULL_SHA               = 0xC00B,
+	TLS_ECDH_RSA_WITH_RC4_128_SHA            = 0xC00C,
+	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA       = 0xC00D,
+	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        = 0xC00E,
+	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        = 0xC00F,
+	TLS_ECDHE_RSA_WITH_NULL_SHA              = 0xC010,
+	TLS_ECDHE_RSA_WITH_RC4_128_SHA           = 0xC011,
+	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA      = 0xC012,
+	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       = 0xC013,
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       = 0xC014,
+	TLS_ECDH_anon_WITH_NULL_SHA              = 0xC015,
+	TLS_ECDH_anon_WITH_RC4_128_SHA           = 0xC016,
+	TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA      = 0xC017,
+	TLS_ECDH_anon_WITH_AES_128_CBC_SHA       = 0xC018,
+	TLS_ECDH_anon_WITH_AES_256_CBC_SHA       = 0xC019,
+	// -- RFC 5054 (ciphers not fully described in SSLCiphers.cc)
+	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA        = 0xC01A,
+	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA    = 0xC01B,
+	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA    = 0xC01C,
+	TLS_SRP_SHA_WITH_AES_128_CBC_SHA         = 0xC01D,
+	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA     = 0xC01E,
+	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA     = 0xC01F,
+	TLS_SRP_SHA_WITH_AES_256_CBC_SHA         = 0xC020,
+	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA     = 0xC021,
+	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA     = 0xC022,
+	// -- RFC 5289 (ciphers not fully described in SSLCiphers.cc)
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  = 0xC023,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  = 0xC024,
+	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   = 0xC025,
+	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   = 0xC026,
+	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    = 0xC027,
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    = 0xC028,
+	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     = 0xC029,
+	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     = 0xC02A,
+	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  = 0xC02B,
+	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  = 0xC02C,
+	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   = 0xC02D,
+	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   = 0xC02E,
+	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    = 0xC02F,
+	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    = 0xC030,
+	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     = 0xC031,
+	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     = 0xC032,
+	// -- RFC 5489 (ciphers not fully described in SSLCiphers.cc)
+	TLS_ECDHE_PSK_WITH_RC4_128_SHA           = 0xC033,
+	TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      = 0xC034,
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       = 0xC035,
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       = 0xC036,
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    = 0xC037,
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    = 0xC038,
+	TLS_ECDHE_PSK_WITH_NULL_SHA              = 0xC039,
+	TLS_ECDHE_PSK_WITH_NULL_SHA256           = 0xC03A,
+	TLS_ECDHE_PSK_WITH_NULL_SHA384           = 0xC03B,
+	
+	// --- special SSLv3 FIPS ciphers
+	SSL_RSA_FIPS_WITH_DES_CBC_SHA            = 0xFEFE,
+	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA       = 0xFEFF,
+	SSL_RSA_FIPS_WITH_DES_CBC_SHA_2          = 0xFFE1,
+	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2     = 0xFFE0,
+
+	// Tags for SSL 2 cipher kinds which are not specified for SSL 3. 
+	SSL_RSA_WITH_RC2_CBC_MD5                 = 0xFF80,
+	SSL_RSA_WITH_IDEA_CBC_MD5                = 0xFF81,
+	SSL_RSA_WITH_DES_CBC_MD5                 = 0xFF82,
+	SSL_RSA_WITH_3DES_EDE_CBC_MD5            = 0xFF83,
+	
+	TLS_EMPTY_RENEGOTIATION_INFO_SCSV        = 0x00FF,
 };

 enum SSL_CipherType {
@ -99,7 +284,9 @@ enum SSL_BulkCipherAlgorithm {
 	SSL_CIPHER_DES40,
 	SSL_CIPHER_FORTEZZA,
 	SSL_CIPHER_IDEA,
-	SSL_CIPHER_AES
+	SSL_CIPHER_AES,
+	SSL_CIPHER_CAMELLIA,
+	SSL_CIPHER_SEED,
 };

 enum SSL_MACAlgorithm {
@ -121,12 +308,18 @@ enum SSL_KeyExchangeAlgorithm {
 	SSL_KEY_EXCHANGE_DHE_DSS_EXPORT,
 	SSL_KEY_EXCHANGE_DHE_RSA,
 	SSL_KEY_EXCHANGE_DHE_RSA_EXPORT,
-	SSL_KEY_EXCHANGE_DH_ANON,
-	SSL_KEY_EXCHANGE_DH_ANON_EXPORT,
+	SSL_KEY_EXCHANGE_DH_anon,
+	SSL_KEY_EXCHANGE_DH_anon_EXPORT,
 	SSL_KEY_EXCHANGE_FORTEZZA_KEA,
 	// --- new 56 bit export ciphers
 	SSL_KEY_EXCHANGE_RSA_EXPORT1024,
-	SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024
+	SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024,
+	// -- Elliptic Curve key change algorithms (rfc4492)
+	SSL_KEY_EXCHANGE_ECDH_ECDSA,
+	SSL_KEY_EXCHANGE_ECDHE_ECDSA,
+	SSL_KEY_EXCHANGE_ECDH_RSA,
+	SSL_KEY_EXCHANGE_ECDHE_RSA,
+	SSL_KEY_EXCHANGE_ECDH_anon,
 };

 #if 0
--- a/src/SSLProxy.cc
+++ b/src/SSLProxy.cc
@ -174,7 +174,6 @@ bool SSL_RecordBuilder::addSegment(const u_char* data, int length)
 			if ( ! computeExpectedSize(data, length) )
 				return false;

-			// Insert weird here replacing assert.
 			if ( neededSize > expectedSize )
 				{
 				sslEndpoint->Weird("SSL_RecordBuilder::addSegment neededSize > expectedSize");
@ -277,8 +276,7 @@ bool SSL_RecordBuilder::addSegment(const u_char* data, int length)
 		else if ( currentSize + length < expectedSize )
 			{ // another (middle) segment
 			if ( length <= MIN_FRAGMENT_SIZE )
-				sslEndpoint->Parent()->Weird( "SSLProxy: Excessive small TCP Segment!" );
-
+				sslEndpoint->Parent()->Weird("SSLProxy: Excessive small TCP Segment!");
 			addData(data, length);
 			break;
 			}
--- a/src/SSLv3.cc
+++ b/src/SSLv3.cc
@ -195,7 +195,7 @@ void SSLv3_Interpreter::printStats()
 	printf( "SSLv3x:\n" );
 	printf( "Note: Because handshake messages may be coalesced into a \n");
 	printf( "      single SSLv3x record, the number of total messages for SSLv3x plus \n");
-	printf( "      the number of total records seen for SSLv2 won't match \n");
+	printf( "      the number of total records seen for SSLv3 won't match \n");
 	printf( "      SSLProxy_Analyzer::totalRecords! \n");
 	printf( "total connections			= %u\n", totalConnections );
 	printf( "opened connections (complete handshake)	= %u\n", openedConnections );
@ -382,24 +382,12 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 			}

 		case SSL3_1_CERTIFICATE:
-			{
-			if ( rec->length >= 3 )
 			{
 			const u_char* pData = rec->data;
 			uint32 certListLength =
 				uint32((pData[4] << 16) |
 				       pData[5] << 8) | pData[6];
 			
-				// Size consistency checks.
-				if ( certListLength + 3 != uint32(rec->length) )
-					{
-					if ( rec->endp->IsOrig() )
-						Weird("SSLv3x: Corrupt length field in client certificate list!");
-					else
-						Weird("SSLv3x: Corrupt length field in server certificate list!");
-					return;
-					}
-
 			// Sum of all cert sizes has to match
 			// certListLength.
 			uint tempLength = 0;
@ -430,7 +418,9 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 				(SSL_InterpreterEndpoint*) rec->endp;

 			if ( certCount == 0 )
-					{ // we don't have a certificate...
+				{ 
+				// we don't have a certificate, but this is valid
+				// according to RFC2246
 				if ( rec->endp->IsOrig() )
 					{
 					Weird("SSLv3x: Client certificate is missing!");
@ -458,9 +448,6 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 					certListLength-3, 1, false);
 				}

-				}
-			else
-				Weird("SSLv3x: Certificate record too small!" );
 			break;
 			}

@ -554,7 +541,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 					}
 				else
 					{
-					if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
+					if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
 						{
 						if ( rec->length < 2 )
 							{
@ -595,11 +582,11 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 			switch (cipherSuite)
 				{
 				case TLS_NULL_WITH_NULL_NULL:
-				case TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5:
-				case TLS_DH_ANON_WITH_RC4_128_MD5:
-				case TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA:
-				case TLS_DH_ANON_WITH_DES_CBC_SHA:
-				case TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA:
+				case TLS_DH_anon_EXPORT_WITH_RC4_40_MD5:
+				case TLS_DH_anon_WITH_RC4_128_MD5:
+				case TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
+				case TLS_DH_anon_WITH_DES_CBC_SHA:
+				case TLS_DH_anon_WITH_3DES_EDE_CBC_SHA:
 					{
 					Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!");
 					break;
@ -618,7 +605,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 				break;
 				}

-			if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT )
+			if ( pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon || pCipherSuite->keyExchangeAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT )
 				Weird("SSLv3x: Sending certificate-request not allowed for anonymous servers!");

 			// FIXME: Insert weird checks!
@ -654,7 +641,7 @@ void SSLv3_Interpreter::DeliverSSLv3_Record(SSLv3_HandshakeRecord* rec)
 					}
 				else
 					{
-					if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_ANON_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
+					if ( keyXAlgorithm == SSL_KEY_EXCHANGE_DH || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_RSA_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon || keyXAlgorithm == SSL_KEY_EXCHANGE_DH_anon_EXPORT || keyXAlgorithm == SSL_KEY_EXCHANGE_DHE_DSS_EXPORT1024 )
 						{
 						if ( rec->length < 2 )
 							{
@ -938,14 +925,6 @@ TableVal* SSLv3_Interpreter::analyzeCiphers(const SSLv3_Endpoint* s, int length,
 	{
 	int is_orig = (SSL_InterpreterEndpoint*) s == orig;

-	if ( length > ssl_max_cipherspec_size )
-		{
-		if ( is_orig )
-			Weird("SSLv2: Client has CipherSpecs > ssl_max_cipherspec_size");
-		else
-			Weird("SSLv2: Server has CipherSpecs > ssl_max_cipherspec_size");
-		}
-
 	const u_char* pCipher = data;
 	SSL_CipherSpec* pCipherSuiteTemp = 0;
 	uint16 cipherSuite;
@ -1236,16 +1215,6 @@ SSLv3_HandshakeRecord::SSLv3_HandshakeRecord(const u_char* data, int len,
 				uint16 version, SSLv3_Endpoint const* e)
 : SSLv3_Record(data, len, version, e)
 	{
-	// Weird-check for minimum handshake length header.
-	if ( len < 4 )
-		{
-		e->Interpreter()->Weird("SSLv3x: Handshake-header-length too small!");
-		type = 255;
-		length = 0;
-		next = 0;
-		return;
-		}
-
 	// Don't analyze encrypted client handshake messages.
 	if ( e->IsOrig() &&
 	     ((SSLv3_Interpreter*) e->Interpreter())->change_cipher_client_seen &&
@ -1270,7 +1239,10 @@ SSLv3_HandshakeRecord::SSLv3_HandshakeRecord(const u_char* data, int len,

 	type = uint8(*(this->data));
 	length = ExtractInt24(data, len, 1);
-	if ( length + 4 < len )
+	
+	if ( length == 0 ) // this is a special case to deal with 0 length certs
+		next = 0;
+	else if ( length + 4 < len )
 		next = new SSLv3_HandshakeRecord(data + length + 4,
 					len - (length + 4), version, e);
 	else if ( length + 4 > len )
@ -1328,7 +1300,9 @@ int SSLv3_HandshakeRecord::checkClientHello()
 	     version != SSLProxy_Analyzer::SSLv31 )
 		endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Client hello!");

-	uint8 sessionIDLength = uint8(data[38]);
+	uint16 offset = 38;
+	uint8 sessionIDLength = uint8(data[offset]);
+	offset += (1 + sessionIDLength);
 	if ( sessionIDLength > 32 )
 		{
 		endp->Interpreter()->Weird("SSLv3x: SessionID too long in Client hello!");
@ -1336,30 +1310,39 @@ int SSLv3_HandshakeRecord::checkClientHello()
 		}

 	uint16 cipherSuiteLength =
-		uint16(data[39 + sessionIDLength] << 8 ) |
-		data[40 + sessionIDLength];
-
+		uint16(data[offset] << 8) | data[offset+1];
+	offset += (2 + cipherSuiteLength);
 	if ( cipherSuiteLength < 2 )
 		endp->Interpreter()->Weird("SSLv3x: CipherSuite length too small!");

-	if ( cipherSuiteLength + sessionIDLength + 41 > recordLength )
+	if ( offset > recordLength )
 		{
 		endp->Interpreter()->Weird("SSLv3x: Client hello too small, corrupt length fields!");
 		return 0;
 		}

-	uint8 compressionMethodLength =
-		uint8(data[41 + sessionIDLength + cipherSuiteLength]);
-
+	uint8 compressionMethodLength = uint8(data[offset]);
+	offset += (1 + compressionMethodLength);
 	if ( compressionMethodLength < 1 )
 		endp->Interpreter()->Weird("SSLv3x: CompressionMethod length too small!");

-	if ( sessionIDLength + cipherSuiteLength +
-	     compressionMethodLength + 38 != length )
+	if ( offset < length )
+		{
+		uint16 sslExtensionsLength =
+			uint16(data[offset] << 8) | data[offset+1];
+		offset += 2;
+		if ( sslExtensionsLength < 4 )
+			endp->Interpreter()->Weird("SSLv3x: Extensions length too small!");
+
+		// TODO: extract SSL extensions here
+
+		offset += sslExtensionsLength;
+		if ( offset != length+4 )
 			{
 			endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Client hello!");
 			return 0;
 			}
+		}

 	return 1;
 	}
@ -1377,19 +1360,36 @@ int SSLv3_HandshakeRecord::checkServerHello()
 	     version != SSLProxy_Analyzer::SSLv31 )
 		endp->Interpreter()->Weird("SSLv3x: Corrupt version information in Server hello!");

-	uint8 sessionIDLength = uint8(data[38]);
+	uint16 offset = 38;
+	uint8 sessionIDLength = uint8(data[offset]);
 	if ( sessionIDLength > 32 )
 		{
 		endp->Interpreter()->Weird("SSLv3x: SessionID too long in Server hello!");
 		return 0;
 		}
+	offset += (1 + sessionIDLength);

-	if ( (sessionIDLength + 38) != length )
+	offset += 3; // account for cipher and compression method
+	if ( offset < length )
+		{
+		uint16 sslExtensionsLength =
+			uint16(data[offset] << 8) | data[offset+1];
+		offset += 2;
+		if ( sslExtensionsLength < 4 )
+			endp->Interpreter()->Weird("SSLv3x: Extensions length too small!");
+
+		// TODO: extract SSL extensions here
+		offset += sslExtensionsLength;
+
+		if ( offset != length+4 )
 			{
 			endp->Interpreter()->Weird("SSLv3x: Corrupt length fields in Server hello!");
 			return 0;
 			}

+		return 0;
+		}
+
 	return 1;
 	}

--- a/src/Scope.cc
+++ b/src/Scope.cc
@ -11,9 +11,6 @@
 static scope_list scopes;
 static Scope* top_scope;

-extern const char* GLOBAL_MODULE_NAME = "GLOBAL";
-
-
 // Returns it without trailing "::".
 string extract_module_name(const char* name)
 	{
--- a/src/Scope.h
+++ b/src/Scope.h
@ -59,7 +59,7 @@ protected:
 	id_list* inits;
 };

-extern const char* GLOBAL_MODULE_NAME;
+static const char* GLOBAL_MODULE_NAME = "GLOBAL";

 extern string extract_module_name(const char* name);
 extern string normalized_module_name(const char* module_name); // w/o ::
--- a/src/Trigger.cc
+++ b/src/Trigger.cc
@ -130,11 +130,17 @@ Trigger::Trigger(Expr* arg_cond, Stmt* arg_body, Stmt* arg_timeout_stmts,

 	Val* timeout = arg_timeout ? arg_timeout->ExprVal() : 0;

+	// Make sure we don't get deleted if somebody calls a method like
+	// Timeout() while evaluating the trigger. 
+	Ref(this);
+
 	if ( ! Eval() && timeout )
 		{
 		timer = new TriggerTimer(timeout->AsInterval(), this);
 		timer_mgr->Add(timer);
 		}
+
+	Unref(this);
 	}

 Trigger::~Trigger()
--- a/src/Type.cc
+++ b/src/Type.cc
@ -10,20 +10,6 @@
 #include "Scope.h"
 #include "Serializer.h"

-RecordType* init_global_attrs();
-
-bool in_global_attr_decl = false;
-RecordType* global_attributes_type = init_global_attrs();
-
-RecordType* init_global_attrs()
-	{
-	in_global_attr_decl = true;
-	RecordType* rt = new RecordType(new type_decl_list);
-	in_global_attr_decl = false;
-	rt->MakeGlobalAttributeType();
-	return rt;
-	}
-
 const char* type_name(TypeTag t)
 	{
 	static char errbuf[512];
@ -58,7 +44,6 @@ BroType::BroType(TypeTag t, bool arg_base_type)
 	tag = t;
 	is_network_order = 0;
 	base_type = arg_base_type;
-	is_global_attributes_type = false;

 	switch ( tag ) {
 	case TYPE_VOID:
@ -118,28 +103,6 @@ BroType::BroType(TypeTag t, bool arg_base_type)
 		break;
 	}

-	// Kind of hacky; we don't want an error while we're defining
-	// the global attrs!
-	if ( in_global_attr_decl )
-		{
-		attributes_type = 0;
-		return;
-		}
-
-	if ( ! global_attributes_type )
-		SetError();
-	else
-		attributes_type = global_attributes_type;
-	}
-
-bool BroType::SetAttributesType(type_decl_list* attr_types)
-	{
-	TypeList* global = new TypeList();
-	global->Append(global_attributes_type);
-
-	attributes_type = refine_type(global, attr_types)->AsRecordType();
-
-	return (attributes_type != 0);
 	}

 int BroType::MatchesIndex(ListExpr*& /* index */) const
@ -241,16 +204,6 @@ BroType* BroType::Unserialize(UnserialInfo* info, TypeTag want)
 		return t2;
 		}

-	// For the global_attribute_type, we also return our current instance.
-	if ( t->is_global_attributes_type )
-		{
-		BroType* t2 = global_attributes_type;
-		Unref(t);
-		t2->Ref();
-		assert(t2);
-		return t2;
-		}
-
 	assert(t);
 	return t;
 	}
@ -267,10 +220,15 @@ bool BroType::DoSerialize(SerialInfo* info) const
 		return false;

 	if ( ! (SERIALIZE(is_network_order) && SERIALIZE(base_type) &&
-		SERIALIZE(is_global_attributes_type)) )
+		// Serialize the former "bool is_global_attributes_type" for
+		// backwards compatibility.
+		SERIALIZE(false)) )
 		return false;

-	SERIALIZE_OPTIONAL(attributes_type);
+	// Likewise, serialize the former optional "RecordType* attributes_type"
+	// for backwards compatibility.
+	void* null = NULL;
+	SERIALIZE(null);

 	info->s->WriteCloseTag("Type");

@ -288,13 +246,19 @@ bool BroType::DoUnserialize(UnserialInfo* info)
 	tag = (TypeTag) c1;
 	internal_tag = (InternalTypeTag) c2;

+	bool not_used;
+
 	if ( ! (UNSERIALIZE(&is_network_order) && UNSERIALIZE(&base_type)
-			&& UNSERIALIZE(&is_global_attributes_type)) )
+			// Unerialize the former "bool is_global_attributes_type" for
+			// backwards compatibility.
+			&& UNSERIALIZE(&not_used)) )
 		return 0;

-	BroType* type;
-	UNSERIALIZE_OPTIONAL(type, BroType::Unserialize(info, TYPE_RECORD));
-	attributes_type = (RecordType*) type;
+	BroType* not_used_either;
+
+	// Likewise, unserialize the former optional "RecordType*
+	// attributes_type" for backwards compatibility.
+	UNSERIALIZE_OPTIONAL(not_used_either, BroType::Unserialize(info, TYPE_RECORD));

 	return true;
 	}
@ -721,9 +685,6 @@ TypeDecl::TypeDecl(BroType* t, const char* i, attr_list* arg_attrs)
 	type = t;
 	attrs = arg_attrs ? new Attributes(arg_attrs, t) : 0;
 	id = i;
-
-	if ( in_global_attr_decl && ! attrs->FindAttr(ATTR_DEFAULT) )
-		error("global attribute types must have default values");
 	}

 TypeDecl::~TypeDecl()
--- a/src/Type.h
+++ b/src/Type.h
@ -60,9 +60,6 @@ class EnumType;
 class Serializer;
 class VectorType;

-extern bool in_global_attr_decl;
-extern RecordType* global_attributes_type;
-
 const int DOES_NOT_MATCH_INDEX = 0;
 const int MATCHES_INDEX_SCALAR = 1;
 const int MATCHES_INDEX_VECTOR = 2;
@ -74,15 +71,6 @@ public:
 	TypeTag Tag() const		{ return tag; }
 	InternalTypeTag InternalType() const	{ return internal_tag; }

-	// Type for the attributes (metadata) on this type.
-	RecordType* AttributesType()
-		{
-		if ( ! attributes_type )
-			attributes_type = global_attributes_type;
-		return attributes_type;
-		}
-	bool SetAttributesType(type_decl_list* attr_types);
-
 	// Whether it's stored in network order.
 	int IsNetworkOrder() const	{ return is_network_order; }

@ -211,8 +199,6 @@ public:

 	BroType* Ref()		{ ::Ref(this); return this; }

-	void MakeGlobalAttributeType()	{ is_global_attributes_type = true; }
-
 	virtual void Describe(ODesc* d) const;

 	virtual unsigned MemoryAllocation() const;
@ -221,7 +207,7 @@ public:
 	static BroType* Unserialize(UnserialInfo* info, TypeTag want = TYPE_ANY);

 protected:
-	BroType()	{ attributes_type = 0; }
+	BroType()	{ }

 	void SetError();

@ -232,8 +218,6 @@ private:
 	InternalTypeTag internal_tag;
 	bool is_network_order;
 	bool base_type;
-	bool is_global_attributes_type;
-	RecordType* attributes_type;
 };

 class TypeList : public BroType {
--- a/src/Val.cc
+++ b/src/Val.cc
@ -414,15 +414,6 @@ bool Val::DoUnserialize(UnserialInfo* info)
 	return false;
 	}

-RecordVal* Val::GetAttribs(bool instantiate)
-	{
-	if ( ! instantiate || attribs )
-		return attribs;
-
-	attribs = new RecordVal(type->AttributesType());
-	return attribs;
-	}
-
 int Val::IsZero() const
 	{
 	switch ( type->InternalType() ) {
@ -524,7 +515,11 @@ Val* Val::SizeVal() const
 	{
 	switch ( type->InternalType() ) {
 	case TYPE_INTERNAL_INT:
+#ifdef DARWIN_NO_LLABS
+		return new Val(abs(val.int_val), TYPE_COUNT);
+#else
 		return new Val(llabs(val.int_val), TYPE_COUNT);
+#endif

 	case TYPE_INTERNAL_UNSIGNED:
 		return new Val(val.uint_val, TYPE_COUNT);
--- a/src/Val.h
+++ b/src/Val.h
@ -178,13 +178,6 @@ public:
 	Val* Ref()			{ ::Ref(this); return this; }
 	virtual Val* Clone() const;

-	RecordVal* GetAttribs(bool instantiate);
-	void SetAttribs(RecordVal* arg_attribs)
-		{
-		Unref((Val*) attribs);
-		attribs = arg_attribs;
-		}
-
 	int IsZero() const;
 	int IsOne() const;

--- a/src/bro.bif
+++ b/src/bro.bif
@ -1365,12 +1365,17 @@ function skip_http_entity_data%(c: connection, is_orig: bool%): any
 		{
 		Analyzer* ha = c->FindAnalyzer(id);

+		if ( ha )
+			{
 			if ( ha->GetTag() == AnalyzerTag::HTTP )
 				static_cast<HTTP_Analyzer*>(ha)->SkipEntityData(is_orig);
 			else
 				run_time("non-HTTP analyzer associated with connection record");
 			}
+		else
+			run_time("could not find analyzer for skip_http_entity_data");

+		}
 	else
 		run_time("no analyzer associated with connection record");

@ -1725,7 +1730,7 @@ function md5_hmac%(...%): string
 %%{
 static map<BroString, md5_state_s> md5_states;

-BroString* convert_md5_index_to_string(Val* index)
+BroString* convert_index_to_string(Val* index)
 	{
 	ODesc d;
 	index->Describe(&d);
@ -1735,7 +1740,7 @@ BroString* convert_md5_index_to_string(Val* index)

 function md5_hash_init%(index: any%): bool
 	%{
-	BroString* s = convert_md5_index_to_string(index);
+	BroString* s = convert_index_to_string(index);
 	int status = 0;

 	if ( md5_states.count(*s) < 1 )
@ -1752,7 +1757,7 @@ function md5_hash_init%(index: any%): bool

 function md5_hash_update%(index: any, data: string%): bool
 	%{
-	BroString* s = convert_md5_index_to_string(index);
+	BroString* s = convert_index_to_string(index);
 	int status = 0;

 	if ( md5_states.count(*s) > 0 )
@ -1767,7 +1772,7 @@ function md5_hash_update%(index: any, data: string%): bool

 function md5_hash_finish%(index: any%): string
 	%{
-	BroString* s = convert_md5_index_to_string(index);
+	BroString* s = convert_index_to_string(index);
 	StringVal* printable_digest;

 	if ( md5_states.count(*s) > 0 )
@ -1848,15 +1853,15 @@ function uuid_to_string%(uuid: string%): string
 	%}


-# The following functions are attempts to convert strings into
-# patterns at run-time. These attempts were later *abandoned* because
-# NFA and DFA cannot be cleanly deallocated.
+# The following functions convert strings into patterns at run-time. As the
+# computed NFAs and DFAs cannot be cleanly deallocated (at least for now),
+# they can only be used at initialization time.

 function merge_pattern%(p1: pattern, p2: pattern%): pattern
 	%{
-	if ( reading_live )
+	if ( bro_start_network_time != 0.0 )
 		{
-		builtin_run_time("should not call merge_pattern while reading live traffic");
+		builtin_run_time("merge_pattern can only be called at init time");
 		return 0;
 		}

@ -1900,9 +1905,9 @@ function convert_for_pattern%(s: string%): string

 function string_to_pattern%(s: string, convert: bool%): pattern
 	%{
-	if ( reading_live )
+	if ( bro_start_network_time != 0.0 )
 		{
-		builtin_run_time("should not call merge_pattern while reading live traffic");
+		builtin_run_time("string_to_pattern can only be called at init time");
 		return 0;
 		}

@ -2808,7 +2813,7 @@ private:
 # function result.  Therefore, they can only be called inside a when-condition.
 function lookup_addr%(host: addr%) : string
 	%{
-	// FIXME: Is should be easy to adapt the function to synchronous
+	// FIXME: It should be easy to adapt the function to synchronous
 	// lookups if we're reading a trace.
 	Trigger* trigger = frame->GetTrigger();

@ -2824,8 +2829,18 @@ function lookup_addr%(host: addr%) : string
 #ifdef BROv6
 	if ( ! is_v4_addr(host) )
 		{
-		builtin_run_time("lookup_addr() only supports IPv4 addresses");
-		return new StringVal("<ipv6-address>");
+		// FIXME: This is a temporary work-around until we get this
+		// fixed. We warn the user once, and always trigger a timeout.
+		// Ticket #355 records the problem.
+		static bool warned = false;
+		if ( ! warned )
+			{
+			warn("lookup_addr() only supports IPv4 addresses currently");
+			warned = true;
+			}
+
+		trigger->Timeout();
+		return 0;
 		}

 	dns_mgr->AsyncLookupAddr(to_v4_addr(host),
@ -3196,3 +3211,83 @@ function disable_event_group%(group: string%) : any
 	event_registry->EnableGroup(group->CheckString(), false);
 	return 0;
 	%}
+
+
+%%{
+#include <RandTest.h>
+static map<BroString, RandTest*> entropy_states;
+%%}
+
+function find_entropy%(data: string%): entropy_test_result
+	%{
+	double montepi, scc, ent, mean, chisq;
+	montepi = scc = ent = mean = chisq = 0.0;
+	RecordVal* ent_result = new RecordVal(entropy_test_result);
+	RandTest *rt = new RandTest();
+
+	rt->add((char*) data->Bytes(), data->Len());
+	rt->end(&ent, &chisq, &mean, &montepi, &scc);
+	delete rt;
+
+	ent_result->Assign(0, new Val(ent,     TYPE_DOUBLE));
+	ent_result->Assign(1, new Val(chisq,   TYPE_DOUBLE));
+	ent_result->Assign(2, new Val(mean,    TYPE_DOUBLE));
+	ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE));
+	ent_result->Assign(4, new Val(scc,     TYPE_DOUBLE));
+	return ent_result;
+	%}
+
+function entropy_test_init%(index: any%): bool
+	%{
+	BroString* s = convert_index_to_string(index);
+	int status = 0;
+
+	if ( entropy_states.count(*s) < 1 )
+		{
+		entropy_states[*s] = new RandTest();
+		status = 1;
+		}
+
+	delete s;
+	return new Val(status, TYPE_BOOL);
+	%}
+
+function entropy_test_add%(index: any, data: string%): bool
+	%{
+	BroString* s = convert_index_to_string(index);
+	int status = 0;
+
+	if ( entropy_states.count(*s) > 0 )
+		{
+		entropy_states[*s]->add((char*) data->Bytes(), data->Len());
+		status = 1;
+		}
+
+	delete s;
+	return new Val(status, TYPE_BOOL);
+	%}
+
+function entropy_test_finish%(index: any%): entropy_test_result
+	%{
+	BroString* s = convert_index_to_string(index);
+	double montepi, scc, ent, mean, chisq;
+	montepi = scc = ent = mean = chisq = 0.0;
+	RecordVal* ent_result = new RecordVal(entropy_test_result);
+
+	if ( entropy_states.count(*s) > 0 )
+		{
+		RandTest *rt = entropy_states[*s];
+		rt->end(&ent, &chisq, &mean, &montepi, &scc);
+		entropy_states.erase(*s);
+		delete rt;
+		}
+
+	ent_result->Assign(0, new Val(ent,     TYPE_DOUBLE));
+	ent_result->Assign(1, new Val(chisq,   TYPE_DOUBLE));
+	ent_result->Assign(2, new Val(mean,    TYPE_DOUBLE));
+	ent_result->Assign(3, new Val(montepi, TYPE_DOUBLE));
+	ent_result->Assign(4, new Val(scc,     TYPE_DOUBLE));
+
+	delete s;
+	return ent_result;
+	%}
--- a/src/cq.c
+++ b/src/cq.c
@ -570,8 +570,8 @@ cq_debugbucket(register struct cq_handle *hp,
 			bp2 = hp->buckets + PRI2BUCKET(hp, bp->pri);
 			if (bp2 != buckets) {
 				fprintf(stderr,
-				    "%f in wrong bucket! (off by %d)\n",
-				    bp->pri, bp2 - buckets);
+				    "%f in wrong bucket! (off by %ld)\n",
+				    bp->pri, (long)(bp2 - buckets));
 				cq_dump(hp);
 				abort();
 			}
--- a/src/dce_rpc.pac
+++ b/src/dce_rpc.pac
@ -8,5 +8,5 @@ analyzer DCE_RPC withcontext {
 	flow: DCE_RPC_Flow;
 };

-%include "dce_rpc-protocol.pac"
-%include "dce_rpc-analyzer.pac"
+%include dce_rpc-protocol.pac
+%include dce_rpc-analyzer.pac
--- a/src/main.cc
+++ b/src/main.cc
@ -8,6 +8,7 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <signal.h>
+#include <string.h>
 #ifdef HAVE_GETOPT_H
 #include <getopt.h>
 #endif
@ -122,6 +123,14 @@ const char* bro_version()
 #endif
 	}

+const char* bro_dns_fake()
+	{
+	if ( ! getenv("BRO_DNS_FAKE") )
+		return "off";
+	else 
+		return "on";
+	}
+
 void usage()
 	{
 	fprintf(stderr, "bro version %s\n", bro_version());
@ -184,6 +193,7 @@ void usage()

 	fprintf(stderr, "    $BROPATH                       | file search path (%s)\n", bro_path());
 	fprintf(stderr, "    $BRO_PREFIXES                  | prefix list (%s)\n", bro_prefixes());
+	fprintf(stderr, "    $BRO_DNS_FAKE                  | disable DNS lookups (%s)\n", bro_dns_fake());

 	exit(1);
 	}
@ -412,7 +422,7 @@ int main(int argc, char** argv)

 	prog = argv[0];

-	prefixes.append("");	// "" = "no prefix"
+	prefixes.append(strdup(""));	// "" = "no prefix"

 	char* p = getenv("BRO_PREFIXES");
 	if ( p )
--- a/src/net_util.cc
+++ b/src/net_util.cc
@ -97,7 +97,9 @@ int udp6_checksum(const struct ip6_hdr* ip6, const struct udphdr* up, int len)
 	sum = ones_complement_checksum((void*) ip6->ip6_src.s6_addr, 16, sum);
 	sum = ones_complement_checksum((void*) ip6->ip6_dst.s6_addr, 16, sum);

-	sum = ones_complement_checksum((void*) &len, 4, sum);
+	uint32 l = htonl(len);
+	sum = ones_complement_checksum((void*) &l, 4, sum);
+
 	uint32 addl_pseudo = htons(IPPROTO_UDP);
 	sum = ones_complement_checksum((void*) &addl_pseudo, 4, sum);
 	sum = ones_complement_checksum((void*) up, len, sum);
--- a/src/parse.y
+++ b/src/parse.y
@ -3,12 +3,14 @@
 // See the file "COPYING" in the main distribution directory for copyright.
 %}

+%expect 71
+
 %token TOK_ADD TOK_ADD_TO TOK_ADDR TOK_ALARM TOK_ANY
 %token TOK_ATENDIF TOK_ATELSE TOK_ATIF TOK_ATIFDEF TOK_ATIFNDEF
 %token TOK_BOOL TOK_BREAK TOK_CASE TOK_CONST
 %token TOK_CONSTANT TOK_COPY TOK_COUNT TOK_COUNTER TOK_DEFAULT TOK_DELETE
 %token TOK_DOUBLE TOK_ELSE TOK_ENUM TOK_EVENT TOK_EXPORT TOK_FILE TOK_FOR
-%token TOK_FUNCTION TOK_GLOBAL TOK_GLOBAL_ATTR TOK_ID TOK_IF TOK_INT
+%token TOK_FUNCTION TOK_GLOBAL TOK_ID TOK_IF TOK_INT
 %token TOK_INTERVAL TOK_LIST TOK_LOCAL TOK_MODULE TOK_MATCH TOK_NET
 %token TOK_NEXT TOK_OF TOK_PATTERN TOK_PATTERN_TEXT
 %token TOK_PORT TOK_PRINT TOK_RECORD TOK_REDEF
@ -53,7 +55,7 @@
 %type <func_type> func_hdr func_params
 %type <type_l> type_list
 %type <type_decl> type_decl formal_args_decl
-%type <type_decl_l> type_decl_list formal_args_decl_list opt_attr_attr
+%type <type_decl_l> type_decl_list formal_args_decl_list
 %type <record> formal_args
 %type <list> expr_list opt_expr_list
 %type <c_case> case
@ -417,13 +419,7 @@ expr:
 	|	expr TOK_HAS_FIELD TOK_ID
 			{
 			set_location(@1, @3);
-			$$ = new HasFieldExpr($1, $3, false);
-			}
-
-	|	expr TOK_HAS_ATTR TOK_ID
-			{
-			set_location(@1, @3);
-			$$ = new HasFieldExpr($1, $3, true);
+			$$ = new HasFieldExpr($1, $3);
 			}

 	|	anonymous_function
@ -821,17 +817,9 @@ decl:
 				}
 			}

-	|	TOK_TYPE global_id ':' refined_type opt_attr opt_attr_attr ';'
+	|	TOK_TYPE global_id ':' refined_type opt_attr ';'
 			{
 			add_type($2, $4, $5, 0);
-			if ( $6 )
-				$2->AsType()->SetAttributesType($6);
-			}
-
-	|	TOK_GLOBAL_ATTR ':' { in_global_attr_decl = true; }
-		'{' type_decl_list '}' ';' { in_global_attr_decl = false; }
-			{
-			global_attributes_type = new RecordType($5);
 			}

 	|	TOK_EVENT event_id ':' refined_type opt_attr ';'
@ -856,13 +844,6 @@ conditional:
 			{ do_atelse(); }
 	;

-opt_attr_attr:
-		TOK_ATTR_ATTR '=' '{' type_decl_list '}'
-			{ $$ = $4; }
-	|
-			{ $$ = 0; }
-	;
-
 func_hdr:
 		TOK_FUNCTION global_id func_params
 			{
--- a/src/patricia.c
+++ b/src/patricia.c
@ -1027,7 +1027,7 @@ lookup_then_remove (patricia_tree_t *tree, char *string)
 {
    patricia_node_t *node;

-    if (node = try_search_exact (tree, string))
+    if ( (node = try_search_exact(tree, string)) )
        patricia_remove (tree, node);
 }

--- a/src/portmap-analyzer.pac
+++ b/src/portmap-analyzer.pac
@ -79,6 +79,10 @@ function PortmapBuildDumpVal(params: PortmapDumpResults): BroVal

 	for ( int i = 0; i < params->size(); ++i )
 		{
+		// The last element has cont()!=1 and this element doesn't contain a
+		// mapping.
+		if ((*params)[i]->cont() != 1)
+			continue;
 		Val* m = PortmapBuildMappingVal((*params)[i]->mapping());
 		Val* index = new Val(i + 1, TYPE_COUNT);
 		mappings->Assign(index, m);
--- a/src/portmap-protocol.pac
+++ b/src/portmap-protocol.pac
@ -68,6 +68,7 @@ type PortmapDumpEntry = record {
 	};
 };

+# The final element that has cont!=1 will be included in the array.
 type PortmapDumpResults = PortmapDumpEntry[] &until($element.cont != 1);

 type PortmapCallItResults = record {
--- a/src/scan.l
+++ b/src/scan.l
@ -151,9 +151,7 @@ file	return TOK_FILE;
 for	return TOK_FOR;
 function	return TOK_FUNCTION;
 global	return TOK_GLOBAL;
-global_attr	return TOK_GLOBAL_ATTR;
 "?$"	return TOK_HAS_FIELD;
-"?$$"	return TOK_HAS_ATTR;
 if	return TOK_IF;
 in	return TOK_IN;
 "!"{OWS}in/[^A-Za-z0-9]	return TOK_NOT_IN;	/* don't confuse w "! infoo"! */
--- a/src/strings.bif
+++ b/src/strings.bif
@ -138,27 +138,27 @@ function sort_string_array%(a: string_array%): string_array

 function edit%(arg_s: string, arg_edit_char: string%): string
 	%{
-	const char* s = arg_s->AsString()->CheckString();
-	const char* edit_s = arg_edit_char->AsString()->CheckString();
-
-	if ( strlen(edit_s) != 1 )
+	if ( arg_edit_char->Len() != 1 )
 		builtin_run_time("not exactly one edit character", @ARG@[1]);

-	char edit_c = *edit_s;
+	const u_char* s = arg_s->Bytes();
+	const u_char* edit_s = arg_edit_char->Bytes();

-	int n = strlen(s) + 1;
-	char* new_s = new char[n];
+	u_char edit_c = *edit_s;
+
+	int n = arg_s->Len();
+	u_char* new_s = new u_char[n+1];
 	int ind = 0;

-	for ( ; *s; ++s )
+	for ( int i = 0; i < n; ++i )
 		{
-		if ( *s == edit_c )
+		if ( s[i] == edit_c )
 			{ // Delete last character
 			if ( --ind < 0 )
 				ind = 0;
 			}
 		else
-			new_s[ind++] = *s;
+			new_s[ind++] = s[i];
 		}

 	new_s[ind] = '\0';
@ -198,75 +198,55 @@ static int match_prefix(int s_len, const char* s, int t_len, const char* t)
 Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep,
 		int incl_sep, int max_num_sep)
 	{
-	const BroString* str = str_val->AsString();
 	TableVal* a = new TableVal(internal_type("string_array")->AsTableType());
 	ListVal* other_strings = 0;

 	if ( other_sep && other_sep->Size() > 0 )
 		other_strings = other_sep->ConvertToPureList();

-	// Currently let us assume that str is NUL-terminated. In
-	// the future we expect to change this by giving RE_Matcher a
-	// const char* segment.
-
-	const char* s = str->CheckString();
-	int len = strlen(s);
-	const char* end_of_s = s + len;
+	const u_char* s = str_val->Bytes();
+	int n = str_val->Len();
+	const u_char* end_of_s = s + n;
 	int num = 0;
 	int num_sep = 0;

-	while ( 1 )
-		{
 	int offset = 0;
-		const char* t;
-
-		if ( max_num_sep > 0 && num_sep >= max_num_sep )
-			t = end_of_s;
-		else
+	while ( n >= 0 )
 		{
-			for ( t = s; t < end_of_s; ++t )
+		offset = 0;
+		// Find next match offset.
+		int end_of_match = 0;
+		while ( n > 0 &&
+		        (end_of_match = re->MatchPrefix(s + offset, n)) <= 0 )
 			{
-				offset = re->MatchPrefix(t);
-
-				if ( other_strings )
-					{
-					val_list* vl = other_strings->Vals();
-					loop_over_list(*vl, i)
-						{
-						const BroString* sub =
-							(*vl)[i]->AsString();
-						if ( sub->Len() > offset &&
-						     match_prefix(end_of_s - t,
-								t, sub->Len(),
-								(const char*) (sub->Bytes())) )
-							{
-							offset = sub->Len();
-							}
-						}
-					}
-
-				if ( offset > 0 )
-					break;
-				}
+			// Move on to next byte.
+			++offset;
+			--n;
 			}

 		Val* ind = new Val(++num, TYPE_COUNT);
-		a->Assign(ind, new StringVal(t - s, s));
+		a->Assign(ind, new StringVal(offset, (const char*) s));
 		Unref(ind);

-		if ( t >= end_of_s )
+		// No more separators will be needed if this is the end of string.
+		if ( n <= 0 )
 			break;

-		++num_sep;
-
 		if ( incl_sep )
 			{ // including the part that matches the pattern
 			ind = new Val(++num, TYPE_COUNT);
-			a->Assign(ind, new StringVal(offset, t));
+			a->Assign(ind, new StringVal(end_of_match, (const char*) s+offset));
 			Unref(ind);
 			}

-		s = t + offset;
+		if ( max_num_sep && num_sep >= max_num_sep )
+			break;
+
+		++num_sep;
+
+		n -= end_of_match;
+		s += offset + end_of_match;;
+
 		if ( s > end_of_s )
 			internal_error("RegMatch in split goes beyond the string");
 		}
@ -476,42 +456,38 @@ function subst_string%(s: string, from: string, to: string%): string

 function to_lower%(str: string%): string
 	%{
-	const char* s = str->CheckString();
-	int n = strlen(s) + 1;
+	const u_char* s = str->Bytes();
+	int n = str->Len();
 	char* lower_s = new char[n];
+	char* ls = lower_s;

-	char* ls;
-	for ( ls = lower_s; *s; ++s )
+	for ( int i = 0; i < n; ++i)
 		{
-		if ( isascii(*s) && isupper(*s) )
-			*ls++ = tolower(*s);
+		if ( isascii(s[i]) && isupper(s[i]) )
+			*ls++ = tolower(s[i]);
 		else
-			*ls++ = *s;
+			*ls++ = s[i];
 		}

-	*ls = '\0';
-
-	return new StringVal(new BroString(1, byte_vec(lower_s), n-1));
+	return new StringVal(new BroString(1, byte_vec(lower_s), n));
 	%}

 function to_upper%(str: string%): string
 	%{
-	const char* s = str->CheckString();
-	int n = strlen(s) + 1;
+	const u_char* s = str->Bytes();
+	int n = str->Len();
 	char* upper_s = new char[n];
+	char* us = upper_s;

-	char* us;
-	for ( us = upper_s; *s; ++s )
+	for ( int i = 0; i < n; ++i)
 		{
-		if ( isascii(*s) && islower(*s) )
-			*us++ = toupper(*s);
+		if ( isascii(s[i]) && islower(s[i]) )
+			*us++ = toupper(s[i]);
 		else
-			*us++ = *s;
+			*us++ = s[i];
 		}

-	*us = '\0';
-
-	return new StringVal(new BroString(1, byte_vec(upper_s), n-1));
+	return new StringVal(new BroString(1, byte_vec(upper_s), n));
 	%}

 function clean%(str: string%): string
@ -604,40 +580,35 @@ function str_split%(s: string, idx: index_vec%): string_vec

 function strip%(str: string%): string
 	%{
-	const char* s = str->CheckString();
+	const u_char* s = str->Bytes();
+	int n = str->Len();

-	int n = strlen(s) + 1;
-	char* strip_s = new char[n];
-
-	if ( n == 1 )
+	if ( n == 0 )
 		// Empty string.
-		return new StringVal(new BroString(1, byte_vec(strip_s), 0));
+		return new StringVal(new BroString(s, n, 1));

-	while ( isspace(*s) )
-		++s;
+	const u_char* sp = s;

-	strncpy(strip_s, s, n);
-
-	char* s2 = strip_s;
-	char* e = &s2[strlen(s2) - 1];
-
-	while ( e > s2 && isspace(*e) )
+	// Move a pointer from the end of the string.
+	const u_char* e = sp + n - 1;
+	while ( e > sp && isspace(*e) )
 		--e;

-	e[1] = '\0';	// safe even if e hasn't changed, due to n = strlen + 1
+	// Move the pointer for the beginning of the string.
+	while ( isspace(*sp) && sp <= e )
+		++sp;

-	return new StringVal(new BroString(1, byte_vec(s2), (e-s2)+1));
+	return new StringVal(new BroString(sp, (e - sp + 1), 1));
 	%}

 function string_fill%(len: int, source: string%): string
 	%{
-	const char* src = source->CheckString();
-
-	int sn = strlen(src);
+	const u_char* src = source->Bytes();
+	int n = source->Len();
 	char* dst = new char[len];

-	for ( int i = 0; i < len; i += sn )
-		::memcpy((dst + i), src, min(sn, len - i));
+	for ( int i = 0; i < len; i += n )
+		::memcpy((dst + i), src, min(n, len - i));

 	dst[len - 1] = 0;

@ -651,10 +622,11 @@ function string_fill%(len: int, source: string%): string
 function str_shell_escape%(source: string%): string
 	%{
 	unsigned j = 0;
-	const char* src = source->CheckString();
-	char* dst = new char[strlen(src) * 2 + 1];
+	const u_char* src = source->Bytes();
+	unsigned n = source->Len();
+	byte_vec dst = new u_char[n * 2 + 1];

-	for ( unsigned i = 0; i < strlen(src); ++i )
+	for ( unsigned i = 0; i < n; ++i )
 		{
 		switch ( src[i] ) {
 		case '`': case '"': case '\\': case '$':
@ -672,7 +644,7 @@ function str_shell_escape%(source: string%): string
 		}

 	dst[j] = '\0';
-	return new StringVal(new BroString(1, byte_vec(dst), j));
+	return new StringVal(new BroString(1, dst, j));
 	%}

 # Returns all occurrences of the given pattern in the given string (an empty
--- a/src/util.h
+++ b/src/util.h
@ -11,6 +11,11 @@
 #include <stdarg.h>
 #include "config.h"

+// Expose C99 functionality from inttypes.h, which would otherwise not be
+// available in C++.
+#define __STDC_FORMAT_MACROS
+#include <inttypes.h>
+
 #if __STDC__
 #define myattribute __attribute__
 #else
@ -39,24 +44,21 @@
 extern HeapLeakChecker* heap_checker;
 #endif

-typedef unsigned long long int uint64;
-typedef unsigned int uint32;
-typedef unsigned short uint16;
-typedef unsigned char uint8;
-typedef long long int int64;
+#include <stdint.h>
+
+typedef uint64_t uint64;
+typedef uint32_t uint32;
+typedef uint16_t uint16;
+typedef uint8_t uint8;
+
+typedef int64_t int64;
+typedef int32_t int32;
+typedef int16_t int16;
+typedef int8_t int8;
+
 typedef int64 bro_int_t;
 typedef uint64 bro_uint_t;

-#if SIZEOF_LONG_LONG == 8
-typedef unsigned long long uint64;
-typedef long long int64;
-#elif SIZEOF_LONG_INT == 8
-typedef unsigned long int uint64;
-typedef long int int64;
-#else
-# error "Couldn't reliably identify 64-bit type. Please report to bro@bro-ids.org."
-#endif
-
 // "ptr_compat_uint" and "ptr_compat_int" are (un)signed integers of
 // pointer size. They can be cast safely to a pointer, e.g. in Lists,
 // which represent their entities as void* pointers.
@ -64,9 +66,13 @@ typedef long int int64;
 #if SIZEOF_VOID_P == 8
 typedef uint64 ptr_compat_uint;
 typedef int64 ptr_compat_int;
+#define PRI_PTR_COMPAT_INT PRId64 // Format to use with printf.
+#define PRI_PTR_COMPAT_UINT PRIu64
 #elif SIZEOF_VOID_P == 4
 typedef uint32 ptr_compat_uint;
-typedef int ptr_compat_int;
+typedef int32 ptr_compat_int;
+#define PRI_PTR_COMPAT_INT PRId32
+#define PRI_PTR_COMPAT_UINT PRIu32
 #else
 # error "Unusual pointer size. Please report to bro@bro-ids.org."
 #endif
@ -157,6 +163,7 @@ extern uint8 uhash_key[UHASH_KEY_SIZE];
 // the obvious places (like Event.h or RemoteSerializer.h)

 typedef ptr_compat_uint SourceID;
+#define PRI_SOURCE_ID PRI_PTR_COMPAT_UINT
 static const SourceID SOURCE_LOCAL = 0;

 class BroObj;
				`@ -0,0 +1 @@`
				`Subproject commit a2b04952ae91dcd27d5e68a42d5d26c291ecb1f5`