Merge branch 'zeek:master' into topic/jasonlu/dict-clone-performance

.clang-tidy

@@ -1,4 +1,5 @@
 Checks: '-*,
          bugprone-*,
+	 -bugprone-easily-swappable-parameters,
          clang-analyzer-*,
          performance-*'

.github/workflows/coverity-scan.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-20.04
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
         with:
           submodules: "recursive"
 

.github/workflows/docker.yml

@@ -28,7 +28,7 @@ jobs:
       TEST_TAG: zeek:latest
       CONFFLAGS: --generator=Ninja --build-type=Release
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
         with:
           submodules: "recursive"
 
@@ -77,7 +77,7 @@ jobs:
           fi
 
       - name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v2
         # Don't publish on forks. Also note that secrets for the login are not
         # available for pull requests, so trigger on pushes only.
         if: github.repository == 'zeek/zeek' && github.event_name == 'push'
@@ -99,14 +99,14 @@ jobs:
             zeekurity/${{ steps.target.outputs.tag }}
 
       - name: Preserve image artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: ${{ env.IMAGE_NAME }}
           path: ${{ env.IMAGE_FILE }}
           retention-days: 1
 
       - name: Preserve btest artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: docker-btest
@@ -122,7 +122,7 @@ jobs:
       # Grab the sources so we have access to btest. Could also use pip, but it
       # seems appealing to be using the in-tree version of btest. btest is in a
       # submodule; we check it out selectively to save time.
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
       - name: Check out btest
         run: git submodule update --init ./auxil/btest
 
@@ -144,7 +144,7 @@ jobs:
           echo "TESTSUITE_COMMIT=$(cat ./testing/external/commit-hash.zeek-testing-cluster)" >> $GITHUB_ENV
 
       - name: Retrieve cluster testsuite
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.1.0
         with:
           repository: zeek/zeek-testing-cluster
           path: testing/external/zeek-testing-cluster
@@ -162,7 +162,7 @@ jobs:
           find testing/external/zeek-testing-cluster/.tmp -depth -execdir rename 's/[":<>|*?\r\n]/./g' "{}" \;
 
       - name: Preserve btest artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
           name: cluster-btest
@@ -176,7 +176,7 @@ jobs:
           truncate -s0 ${{ env.IMAGE_FILE }}
 
       - name: Store truncated image artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: ${{ env.IMAGE_NAME }}
           path: ${{ env.IMAGE_FILE }}

.github/workflows/generate-docs.yml

@@ -24,12 +24,12 @@ jobs:
       # event, so we only need to authenticate in that case. Use
       # unauthenticated access otherwise so this action can e.g., also run from
       # clones.
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
         if: github.event_name == 'schedule'
         with:
           submodules: "recursive"
           token: ${{ secrets.ZEEK_BOT_TOKEN }}
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
         if: github.event_name != 'schedule'
         with:
           submodules: "recursive"
@@ -121,7 +121,7 @@ jobs:
         # Only send notifications for scheduled runs. Runs from pull requests
         # show failures in the Github UI.
         if: failure() && github.event_name == 'schedule'
-        uses: dawidd6/action-send-mail@v3.6.1
+        uses: dawidd6/action-send-mail@v3.7.0
         with:
           server_address: ${{secrets.SMTP_HOST}}
           server_port: ${{secrets.SMTP_PORT}}

.github/workflows/pre-commit.yml

@@ -9,6 +9,6 @@ jobs:
   pre-commit:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3.1.0
-    - uses: actions/setup-python@v2
+    - uses: actions/setup-python@v4
     - uses: pre-commit/action@v3.0.0

CHANGES

@@ -1,3 +1,128 @@
+5.2.0-dev.90 | 2022-10-13 08:57:45 -0500
+
+  * ZAM maintenance for recent test suite changes (and fixups missed last time) (Vern Paxson, Corelight)
+
+5.2.0-dev.86 | 2022-10-12 15:56:23 -0500
+
+  * Update gen-zam and paraglob submodules for Coverity/clang-tidy fixes (Tim Wojtulewicz, Corelight)
+
+  * Fix some compiler warnings in script_opt (Tim Wojtulewicz, Corelight)
+
+  * Fix recent Coverity findings (Tim Wojtulewicz, Corelight)
+
+    1491334: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto&
+    1498652: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto&
+    1498745: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto&
+
+5.2.0-dev.82 | 2022-10-12 20:02:36 +0200
+
+  * Move API for disabling packet analyzers into component. (Robin Sommer)
+
+    Before, that API was part of the analyzers themselves, which meant
+    we couldn't disable a packet analyzer before it had been
+    instantiated. That was different from protocol/file analyzers,
+    where we disable them through the corresponding component.
+
+  * Suppress warning on an existing packet analyzer being remapped. (Robin Sommer)
+
+5.2.0-dev.79 | 2022-10-12 09:32:38 -0700
+
+  * smtp: Prevent script errors when smtp$entity is not set (Tim Wojtulewicz, Corelight)
+
+    This is the same issue presented in 38e226bf75772dad8769fa4b5ae61fabb5fb34b9 but
+    for SMTP instead of HTTP.
+
+5.2.0-dev.77 | 2022-10-10 11:10:31 -0700
+
+  * Disable robust iteration for ordered dictionaries (Tim Wojtulewicz, Corelight)
+
+    This also includes some minor commenting cleanup in that class
+
+  * Add support for itertors with ordered dictionaries (Tim Wojtulewicz, Corelight)
+
+  * Add equality, inequality, copy, and move operators to HashKey (Tim Wojtulewicz, Corelight)
+
+  * Disable annoying bugprone-easily-swappable-parameters clang-tidy check [skip ci] (Tim Wojtulewicz, Corelight)
+
+5.2.0-dev.70 | 2022-10-06 14:18:18 -0700
+
+  * Remove stray `/` at the end of directory name. (Benjamin Bannier, Corelight)
+
+    This variable is used to construct a path where the trailing `/` lead to
+    full paths like `/foo/spicy-plugin//spicyz`.
+
+  * Remove commented out code. (Benjamin Bannier, Corelight)
+
+  * Bump spicy-plugin to v1.3.19. (Benjamin Bannier, Corelight)
+
+5.2.0-dev.66 | 2022-10-06 14:15:01 -0700
+
+  * Update CT log list. (Johanna Amann, Corelight)
+
+    This uses the v3 json as a source for the first time. The test needed
+    some updating because Google removed a couple more logs - in the future
+    this should hopefully not be neccessary anymore because I think v3
+    should retain all logs.
+
+    In theory this might be neat in 5.1.
+
+5.2.0-dev.51 | 2022-10-05 13:27:08 +0200
+
+  * analyzer: Add file_analyzer support to enable_analyzer()/disable_analyzer() (Arne Welzel, Corelight)
+
+5.2.0-dev.46 | 2022-10-03 09:45:05 -0700
+
+  * use dynamic rather than static initialization of globals for scripts compiled to C++ (Vern Paxson, Corelight)
+
+  * safety checking for initializing scripts compiled to C++ (Vern Paxson, Corelight)
+
+  * fixes for initializing scripts compiled to C++ (Vern Paxson, Corelight)
+
+  * restructured tracking of initializations of globals for script compilation (Vern Paxson, Corelight)
+
+5.2.0-dev.40 | 2022-10-03 09:44:40 -0700
+
+  * http: Prevent script errors when http$current_entity is not set (Arne Welzel, Corelight)
+
+    The current_entity tracking in HTTP assumes that client/server never
+    send HTTP entities at the same time. The attached pcap (generated
+    artificially) violates this and triggers:
+
+        1663698249.307259 expression error in <...>base/protocols/http/./entities.zeek, line 89: field value missing (HTTP::c$http$current_entity)
+
+    For the http-no-crlf test, include weird.log as baseline. Now that weird is
+    @load'ed from http, it is actually created and seems to make sense
+    to btest-diff it, too.
+
+5.2.0-dev.38 | 2022-10-03 09:08:42 -0700
+
+  * Fix some Coverity issues in the recent ZAM updates (Tim Wojtulewicz, Corelight)
+
+5.2.0-dev.35 | 2022-09-30 16:40:22 -0700
+
+  * fixes for compiling "standalone" C++ scripts (Vern Paxson, Corelight)
+
+5.2.0-dev.33 | 2022-09-30 12:36:34 -0700
+
+  * fix for deprecated when's where the inner frame is larger than the outer frame (Vern Paxson, Corelight)
+
+5.2.0-dev.31 | 2022-09-30 10:03:00 +0200
+
+  * const: Deprecate tunnel-specific enable_* flags (Arne Welzel, Corelight)
+
+    With packet analyzers being toggle-able at runtime these can go.
+    They hadn't been consistently implemented either (VXLAN, Geneve).
+
+  * packet_analysis: Introduce PacketAnalyzer::__disable_analyzer() (Arne Welzel, Corelight)
+
+    This adds machinery to the packet_analysis manager for disabling
+    and enabling packet analyzers and implements two low-level bifs
+    to use it.
+
+    Extend Analyzer::enable_analyzer() and Analyzer::disable_analyzer()
+    to transparently work with packet analyzers, too. This also allows
+    to add packet analyzers to Analyzer::disabled_analyzers.
+
 5.2.0-dev.27 | 2022-09-28 10:34:28 +0200
 
   * Bump `bifcl` and `doc` submodules. (Robin Sommer)

CMakeLists.txt

@@ -94,14 +94,14 @@ execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink
 file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.sh
      "export ZEEKPATH=`${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n"
      "export ZEEK_PLUGIN_PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":${ZEEK_PLUGIN_PATH}\n"
-     "export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin/\":$PATH\n"
+     "export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin\":$PATH\n"
      "export SPICY_PATH=\"`${CMAKE_CURRENT_BINARY_DIR}/spicy-path`\"\n"
      "export HILTI_CXX_INCLUDE_DIRS=\"`${CMAKE_CURRENT_BINARY_DIR}/hilti-cxx-include-dirs`\"\n")
 
 file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh
      "setenv ZEEKPATH `${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n"
      "setenv ZEEK_PLUGIN_PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":${ZEEK_PLUGIN_PATH}\n"
-     "setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin/\":$PATH\n"
+     "setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin\":$PATH\n"
      "setenv SPICY_PATH \"`${CMAKE_CURRENT_BINARY_DIR}/spicy-path`\"\n"
      "setenv HILTI_CXX_INCLUDE_DIRS \"`${CMAKE_CURRENT_BINARY_DIR}/hilti-cxx-include-dirs`\"\n")
 
@@ -444,8 +444,6 @@ if ( NOT DISABLE_SPICY )
         set(SPICY_PLUGIN_PATH ${CMAKE_SOURCE_DIR}/auxil/spicy-plugin)
     endif ()
 
-    # set(ZEEK_SPICY_PLUGIN_BUILD_LIBDIR ${CMAKE_BINARY_DIR}/auxil/spicy-plugin)
-    # set(ZEEK_SPICY_PLUGIN_BUILD_LIBDIR ${CMAKE_BINARY_DIR}/src/builtin-plugins/spicy-plugin)
     string(APPEND ZEEK_INCLUDE_PLUGINS ";${SPICY_PLUGIN_PATH}")
 endif ()
 

NEWS

@@ -6,6 +6,17 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file
 Zeek 5.2.0
 ==========
 
+Breaking Changes
+----------------
+
+- Zeekctl now assigns network ports to workers starting at port 27760. This
+  fixes an issue where workers were starting up with ports within Linux's
+  ephemeral port range, and were potentiall failing to startup due the ports
+  already being in use. This change may require changes in firewall/routing
+  configurations between hosts in a Zeek cluster. This should not affect
+  clusters running on FreeBSD, as that OS uses a different range for ephemeral
+  ports.
+
 New Functionality
 -----------------
 
@@ -22,6 +33,12 @@ New Functionality
 - File analyzers can now raise analyzer violations to the script-layer via
   the new ``AnalyzerViolation()`` method.
 
+- Packet and file analyzers can now be disabled and enabled at runtime using
+  the ``Analyzer::enable_analyzer()`` and ``Analyzer::disable_analyzer()``
+  wrappers. While initially for protocol analyzers only, these have
+  been extended to work for packet and file analyzers. This now allows to
+  leverage ``Analyzer::disabled_analyzers`` for these kinds of analyzers.
+
 Changed Functionality
 ---------------------
 
@@ -36,6 +53,21 @@ Deprecated Functionality
   deprecated in favor of the more generic ``analyzer_confirmation_info`` and
   ``analyzer_violation_info`` events.
 
+- The const values for toggling individual tunnel packet analyzers have
+  been deprecated in favor of using ``Analyzer::disable_analyzer()``
+  directly. This affects:
+
+	Tunnel::enable_ip
+	Tunnel::enable_ayiya
+	Tunnel::enable_teredo
+	Tunnel::enable_gtpv1
+	Tunnel::enable_gre
+
+  Setting these explicitly to F can be achieved by leveraging
+  ``Analyzers::disabled_analyzers``, for example:
+
+	redef Analyzer::disabled_analyzers += { PacketAnalyzer::ANALYZER_GRE };
+
 Zeek 5.1.0
 ==========
 

VERSION

@@ -1 +1 @@
-5.2.0-dev.27
+5.2.0-dev.90

auxil/broker

@@ -1 +1 @@
-Subproject commit 1933bd82d6160ecff204624199de23c61f1244a2
+Subproject commit 97f55a8466428a247a177f9598506a235966bb04

auxil/gen-zam

@@ -1 +1 @@
-Subproject commit e05992ad957d986e181d447e582bdf798e5ae496
+Subproject commit e9743078bdeefc6e133dbcf8ae602016611621a6

auxil/paraglob

@@ -1 +1 @@
-Subproject commit 8dbff934dfbba1c2736152831c2cf45ee68f6fc3
+Subproject commit 5b9f8a110e6c4731e894cdf95c63706ae8ae3cee

auxil/spicy-plugin

@@ -1 +1 @@
-Subproject commit ab743fb55a3f45dc87c780f396e99b6227bbf25b
+Subproject commit a4a7072a66488e148c0a7e2001476b1db88df355

auxil/zeek-aux

@@ -1 +1 @@
-Subproject commit 6defd7033280783894a0b31582214ba3621dc290
+Subproject commit bc0c06dd8d7a7602f16c857faae2d3bb6c7052af

auxil/zeekctl

@@ -1 +1 @@
-Subproject commit 495a4f6967aedcea674141622506b2b43d8b18fd
+Subproject commit 73c5d59a57be1d22db10a2b7b00a1d876ef688f2

doc

@@ -1 +1 @@
-Subproject commit 410763bfb654ed5be598dd82ecbbc169ef1ba63e
+Subproject commit b68c7e814979c6ae9b13eda0b2c0faf009acf373

scripts/base/frameworks/analyzer/main.zeek

@@ -33,7 +33,7 @@ export {
 	## tag: The tag of the analyzer to enable.
 	##
 	## Returns: True if the analyzer was successfully enabled.
-	global enable_analyzer: function(tag: Analyzer::Tag) : bool;
+	global enable_analyzer: function(tag: AllAnalyzers::Tag) : bool;
 
 	## Disables an analyzer. Once disabled, the analyzer will not be used
 	## further for analysis of future connections.
@@ -41,7 +41,7 @@ export {
 	## tag: The tag of the analyzer to disable.
 	##
 	## Returns: True if the analyzer was successfully disabled.
-	global disable_analyzer: function(tag: Analyzer::Tag) : bool;
+	global disable_analyzer: function(tag: AllAnalyzers::Tag) : bool;
 
 	## Registers a set of well-known ports for an analyzer. If a future
 	## connection on one of these ports is seen, the analyzer will be
@@ -130,7 +130,7 @@ export {
 
 	## A set of analyzers to disable by default at startup. The default set
 	## contains legacy analyzers that are no longer supported.
-	global disabled_analyzers: set[Analyzer::Tag] = {
+	global disabled_analyzers: set[AllAnalyzers::Tag] = {
 		ANALYZER_TCPSTATS,
 	} &redef;
 
@@ -142,6 +142,8 @@ export {
 }
 
 @load base/bif/analyzer.bif
+@load base/bif/file_analysis.bif
+@load base/bif/packet_analysis.bif
 
 event zeek_init() &priority=5
 	{
@@ -152,13 +154,25 @@ event zeek_init() &priority=5
 		disable_analyzer(a);
 	}
 
-function enable_analyzer(tag: Analyzer::Tag) : bool
+function enable_analyzer(tag: AllAnalyzers::Tag) : bool
 	{
+	if ( is_packet_analyzer(tag) )
+		return PacketAnalyzer::__enable_analyzer(tag);
+
+	if ( is_file_analyzer(tag) )
+		return Files::__enable_analyzer(tag);
+
 	return __enable_analyzer(tag);
 	}
 
-function disable_analyzer(tag: Analyzer::Tag) : bool
+function disable_analyzer(tag: AllAnalyzers::Tag) : bool
 	{
+	if ( is_packet_analyzer(tag) )
+		return PacketAnalyzer::__disable_analyzer(tag);
+
+	if ( is_file_analyzer(tag) )
+		return Files::__disable_analyzer(tag);
+
 	return __disable_analyzer(tag);
 	}
 

scripts/base/init-bare.zeek

@@ -5058,19 +5058,19 @@ export {
 	const max_depth: count = 2 &redef;
 
 	## Toggle whether to do IPv{4,6}-in-IPv{4,6} decapsulation.
-	const enable_ip = T &redef;
+	const enable_ip = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers";
 
 	## Toggle whether to do IPv{4,6}-in-AYIYA decapsulation.
-	const enable_ayiya = T &redef;
+	const enable_ayiya = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers";
 
 	## Toggle whether to do IPv6-in-Teredo decapsulation.
-	const enable_teredo = T &redef;
+	const enable_teredo = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers";
 
 	## Toggle whether to do GTPv1 decapsulation.
-	const enable_gtpv1 = T &redef;
+	const enable_gtpv1 = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers";
 
 	## Toggle whether to do GRE decapsulation.
-	const enable_gre = T &redef;
+	const enable_gre = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers";
 
 	## With this set, the Teredo analyzer waits until it sees both sides
 	## of a connection using a valid Teredo encapsulation before issuing

scripts/base/protocols/http/entities.zeek

@@ -1,6 +1,7 @@
 ##! Analysis and logging for MIME entities found in HTTP sessions.
 
 @load base/frameworks/files
+@load base/frameworks/notice/weird
 @load base/utils/strings
 @load base/utils/files
 @load ./main
@@ -83,6 +84,19 @@ event http_begin_entity(c: connection, is_orig: bool) &priority=10
 
 event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=3
 	{
+	if ( ! c$http?$current_entity )
+		{
+		local weird = Weird::Info(
+			$ts=network_time(),
+			$name="missing_HTTP_entity",
+			$uid=c$uid,
+			$id=c$id,
+			$source="HTTP"
+		);
+		Weird::weird(weird);
+		return;
+		}
+
 	if ( name == "CONTENT-DISPOSITION" &&
 	     /[fF][iI][lL][eE][nN][aA][mM][eE]/ in value )
 		{

scripts/base/protocols/smtp/entities.zeek

@@ -1,6 +1,7 @@
 ##! Analysis and logging for MIME entities found in SMTP sessions.
 
 @load base/frameworks/files
+@load base/frameworks/notice/weird
 @load base/utils/strings
 @load base/utils/files
 @load ./main
@@ -48,6 +49,19 @@ event mime_one_header(c: connection, h: mime_header_rec) &priority=5
 	if ( ! c?$smtp )
 		return;
 
+	if ( ! c$smtp?$entity )
+		{
+		local weird = Weird::Info(
+			$ts=network_time(),
+			$name="missing_SMTP_entity",
+			$uid=c$uid,
+			$id=c$id,
+			$source="SMTP"
+		);
+		Weird::weird(weird);
+		return;
+		}
+
 	if ( h$name == "CONTENT-DISPOSITION" &&
 	     /[fF][iI][lL][eE][nN][aA][mM][eE]/ in h$value )
 		c$smtp$entity$filename = extract_filename_from_content_disposition(h$value);

scripts/base/protocols/ssl/ct-list.zeek

@@ -1,43 +1,44 @@
 #
 # Do not edit this file. This file is automatically generated by gen-ct-list.pl
-# File generated at Thu Apr 28 13:46:41 2022
+# File generated at Thu Oct  6 13:17:02 2022
-# File generated from https://www.gstatic.com/ct/log_list/log_list.json
+# File generated from https://www.gstatic.com/ct/log_list/v3/log_list.json
+# Source file generated at: 2022-10-05T12:55:24Z
+# Source file version: 13.6
 #
 
 @load base/protocols/ssl
 module SSL;
 redef ct_logs += {
-["\x29\x79\xbe\xf0\x9e\x39\x39\x21\xf0\x56\x73\x9f\x63\xa5\x77\xe5\xbe\x57\x7d\x9c\x60\x0a\xf8\xf9\x4d\x5d\x26\x5c\x25\x5d\xc7\x84"] = CTInfo($description="Google 'Argon2022' log", $operator="Google", $url="ct.googleapis.com/logs/argon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x78\x83\xdc\xe9\xf1\xa6\xb8\x18\x3a\x00\x99\x2f\xff\x3e\xcd\x15\xc9\x26\x1e\xf7\xff\x3a\xa9\xa3\x72\x16\x49\xeb\x09\xb6\xa8\xdd\xb4\xd2\x47\x91\x0e\x0d\xf9\xd9\xd5\xa9\x8b\xb0\x87\x9d\x25\x79\xd4\x1a\x50\x60\x08\xf5\x09\x06\x39\x26\xe4\x40\xc2\xba\xc3\xc2"),
+["\x29\x79\xbe\xf0\x9e\x39\x39\x21\xf0\x56\x73\x9f\x63\xa5\x77\xe5\xbe\x57\x7d\x9c\x60\x0a\xf8\xf9\x4d\x5d\x26\x5c\x25\x5d\xc7\x84"] = CTInfo($description="Google 'Argon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x78\x83\xdc\xe9\xf1\xa6\xb8\x18\x3a\x00\x99\x2f\xff\x3e\xcd\x15\xc9\x26\x1e\xf7\xff\x3a\xa9\xa3\x72\x16\x49\xeb\x09\xb6\xa8\xdd\xb4\xd2\x47\x91\x0e\x0d\xf9\xd9\xd5\xa9\x8b\xb0\x87\x9d\x25\x79\xd4\x1a\x50\x60\x08\xf5\x09\x06\x39\x26\xe4\x40\xc2\xba\xc3\xc2"),
-["\xe8\x3e\xd0\xda\x3e\xf5\x06\x35\x32\xe7\x57\x28\xbc\x89\x6b\xc9\x03\xd3\xcb\xd1\x11\x6b\xec\xeb\x69\xe1\x77\x7d\x6d\x06\xbd\x6e"] = CTInfo($description="Google 'Argon2023' log", $operator="Google", $url="ct.googleapis.com/logs/argon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd0\x90\x8f\x64\x52\x4e\x42\xac\x84\xb6\x2e\x4c\xf2\x3d\x77\x00\xb3\x77\x08\x05\x47\xaa\x45\x4c\xe3\x2c\x8e\x70\xa5\x82\xbb\x6c\xb2\x7b\x9c\x98\x7a\xa0\xe9\x11\x76\x28\x00\xb2\x20\xb4\xcd\xd3\x98\x7b\x4d\x96\x27\xe6\xb7\xee\x22\x6a\xd1\xb0\x2e\x91\x77\x78"),
+["\xe8\x3e\xd0\xda\x3e\xf5\x06\x35\x32\xe7\x57\x28\xbc\x89\x6b\xc9\x03\xd3\xcb\xd1\x11\x6b\xec\xeb\x69\xe1\x77\x7d\x6d\x06\xbd\x6e"] = CTInfo($description="Google 'Argon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd0\x90\x8f\x64\x52\x4e\x42\xac\x84\xb6\x2e\x4c\xf2\x3d\x77\x00\xb3\x77\x08\x05\x47\xaa\x45\x4c\xe3\x2c\x8e\x70\xa5\x82\xbb\x6c\xb2\x7b\x9c\x98\x7a\xa0\xe9\x11\x76\x28\x00\xb2\x20\xb4\xcd\xd3\x98\x7b\x4d\x96\x27\xe6\xb7\xee\x22\x6a\xd1\xb0\x2e\x91\x77\x78"),
-["\x46\xa5\x55\xeb\x75\xfa\x91\x20\x30\xb5\xa2\x89\x69\xf4\xf3\x7d\x11\x2c\x41\x74\xbe\xfd\x49\xb8\x85\xab\xf2\xfc\x70\xfe\x6d\x47"] = CTInfo($description="Google 'Xenon2022' log", $operator="Google", $url="ct.googleapis.com/logs/xenon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf9\x64\xbd\x15\x2c\x40\x62\x50\x95\x13\x38\x3c\xc7\x21\xb0\x3a\xb9\x8f\xa2\x7a\x15\xd7\x89\xd6\x8e\x31\x13\x00\x87\x59\xbc\xbb\xee\x90\xfc\xc8\x58\x13\x0a\xbf\xab\x43\x36\x54\x23\xa4\x81\xcd\xad\x47\x14\xb7\x58\xa0\x44\xfa\x6a\xa0\xa0\xd7\xc3\x63\x1e\x2b"),
+["\xee\xcd\xd0\x64\xd5\xdb\x1a\xce\xc5\x5c\xb7\x9d\xb4\xcd\x13\xa2\x32\x87\x46\x7c\xbc\xec\xde\xc3\x51\x48\x59\x46\x71\x1f\xb5\x9b"] = CTInfo($description="Google 'Argon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/us1/argon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\xb9\x6c\xa9\xcb\x69\x94\xc5\x5c\xe6\xb6\xa6\x03\xbb\xd2\xb8\xdc\x54\x43\x17\x28\x99\x0c\x06\x01\x50\x1d\x9d\x64\xc0\x59\x46\x2b\xdc\xc8\x03\x1d\x05\xb4\x2d\xa8\x09\xf7\x99\x41\xed\x04\xfb\xe5\x57\xba\x26\x04\xf6\x11\x52\xce\x14\x65\x3b\x2f\x76\x2b\xc0"),
-["\xad\xf7\xbe\xfa\x7c\xff\x10\xc8\x8b\x9d\x3d\x9c\x1e\x3e\x18\x6a\xb4\x67\x29\x5d\xcf\xb1\x0c\x24\xca\x85\x86\x34\xeb\xdc\x82\x8a"] = CTInfo($description="Google 'Xenon2023' log", $operator="Google", $url="ct.googleapis.com/logs/xenon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x72\x16\x3e\x0b\xef\xef\xce\x3e\x60\xdd\x95\xcb\x63\x7a\xb9\xa9\x8d\x4a\x6f\x6c\xdc\x61\x80\xa6\x45\x5e\x2f\x83\xac\x94\xf3\x85\x88\xd0\xa5\x74\xd0\x7b\x8e\xff\xc5\xee\x42\xa2\xf0\x2d\x93\xe3\xc2\xd0\xb2\x99\xe2\xe1\x42\xe9\xd2\xc6\x00\x27\x69\x74\xae\xce"),
+["\x46\xa5\x55\xeb\x75\xfa\x91\x20\x30\xb5\xa2\x89\x69\xf4\xf3\x7d\x11\x2c\x41\x74\xbe\xfd\x49\xb8\x85\xab\xf2\xfc\x70\xfe\x6d\x47"] = CTInfo($description="Google 'Xenon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf9\x64\xbd\x15\x2c\x40\x62\x50\x95\x13\x38\x3c\xc7\x21\xb0\x3a\xb9\x8f\xa2\x7a\x15\xd7\x89\xd6\x8e\x31\x13\x00\x87\x59\xbc\xbb\xee\x90\xfc\xc8\x58\x13\x0a\xbf\xab\x43\x36\x54\x23\xa4\x81\xcd\xad\x47\x14\xb7\x58\xa0\x44\xfa\x6a\xa0\xa0\xd7\xc3\x63\x1e\x2b"),
-["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"),
+["\xad\xf7\xbe\xfa\x7c\xff\x10\xc8\x8b\x9d\x3d\x9c\x1e\x3e\x18\x6a\xb4\x67\x29\x5d\xcf\xb1\x0c\x24\xca\x85\x86\x34\xeb\xdc\x82\x8a"] = CTInfo($description="Google 'Xenon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x72\x16\x3e\x0b\xef\xef\xce\x3e\x60\xdd\x95\xcb\x63\x7a\xb9\xa9\x8d\x4a\x6f\x6c\xdc\x61\x80\xa6\x45\x5e\x2f\x83\xac\x94\xf3\x85\x88\xd0\xa5\x74\xd0\x7b\x8e\xff\xc5\xee\x42\xa2\xf0\x2d\x93\xe3\xc2\xd0\xb2\x99\xe2\xe1\x42\xe9\xd2\xc6\x00\x27\x69\x74\xae\xce"),
-["\x29\x3c\x51\x96\x54\xc8\x39\x65\xba\xaa\x50\xfc\x58\x07\xd4\xb7\x6f\xbf\x58\x7a\x29\x72\xdc\xa4\xc3\x0c\xf4\xe5\x45\x47\xf4\x78"] = CTInfo($description="Google 'Icarus' log", $operator="Google", $url="ct.googleapis.com/icarus/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x4e\xd2\xbc\xbf\xb3\x08\x0a\xf7\xb9\xea\xa4\xc7\x1c\x38\x61\x04\xeb\x95\xe0\x89\x54\x68\x44\xb1\x66\xbc\x82\x7e\x4f\x50\x6c\x6f\x5c\xa3\xf0\xaa\x3e\xf4\xec\x80\xf0\xdb\x0a\x9a\x7a\xa0\x5b\x72\x00\x7c\x25\x0e\x19\xef\xaf\xb2\x62\x8d\x74\x43\xf4\x26\xf6\x14"),
+["\x76\xff\x88\x3f\x0a\xb6\xfb\x95\x51\xc2\x61\xcc\xf5\x87\xba\x34\xb4\xa4\xcd\xbb\x29\xdc\x68\x42\x0a\x9f\xe6\x67\x4c\x5a\x3a\x74"] = CTInfo($description="Google 'Xenon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/eu1/xenon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb9\x60\xe0\x34\x1e\x35\xe4\x65\x00\x93\x4f\x90\x09\xbd\x5a\xec\x44\xdd\x8c\x0f\xce\xed\x11\x3e\x2a\x59\x46\x9a\x31\xb6\xc7\x99\xf7\xdc\xef\x3d\xcd\x8f\x86\xc2\x35\xa5\x3e\xdc\x29\xba\xbb\xf2\x54\xe2\xa8\x0c\x83\x08\x51\x06\xde\x21\x6d\x36\x50\x8e\x38\x4d"),
-["\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a\x3c\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10"] = CTInfo($description="Google 'Pilot' log", $operator="Google", $url="ct.googleapis.com/pilot/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c\xa0"),
+["\x29\x3c\x51\x96\x54\xc8\x39\x65\xba\xaa\x50\xfc\x58\x07\xd4\xb7\x6f\xbf\x58\x7a\x29\x72\xdc\xa4\xc3\x0c\xf4\xe5\x45\x47\xf4\x78"] = CTInfo($description="Google 'Icarus' log", $operator="Google", $url="https://ct.googleapis.com/icarus/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x4e\xd2\xbc\xbf\xb3\x08\x0a\xf7\xb9\xea\xa4\xc7\x1c\x38\x61\x04\xeb\x95\xe0\x89\x54\x68\x44\xb1\x66\xbc\x82\x7e\x4f\x50\x6c\x6f\x5c\xa3\xf0\xaa\x3e\xf4\xec\x80\xf0\xdb\x0a\x9a\x7a\xa0\x5b\x72\x00\x7c\x25\x0e\x19\xef\xaf\xb2\x62\x8d\x74\x43\xf4\x26\xf6\x14"),
-["\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66\xa3\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb"] = CTInfo($description="Google 'Rocketeer' log", $operator="Google", $url="ct.googleapis.com/rocketeer/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23\x77\x2d\x05\xc2\x40\x7a"),
+["\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a\x3c\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10"] = CTInfo($description="Google 'Pilot' log", $operator="Google", $url="https://ct.googleapis.com/pilot/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c\xa0"),
-["\xbb\xd9\xdf\xbc\x1f\x8a\x71\xb5\x93\x94\x23\x97\xaa\x92\x7b\x47\x38\x57\x95\x0a\xab\x52\xe8\x1a\x90\x96\x64\x36\x8e\x1e\xd1\x85"] = CTInfo($description="Google 'Skydiver' log", $operator="Google", $url="ct.googleapis.com/skydiver/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x12\x6c\x86\x0e\xf6\x17\xb1\x12\x6c\x37\x25\xd2\xad\x87\x3d\x0e\x31\xec\x21\xad\xb1\xcd\xbe\x14\x47\xb6\x71\x56\x85\x7a\x9a\xb7\x3d\x89\x90\x7b\xc6\x32\x3a\xf8\xda\xce\x8b\x01\xfe\x3f\xfc\x71\x91\x19\x8e\x14\x6e\x89\x7a\x5d\xb4\xab\x7e\xe1\x4e\x1e\x7c\xac"),
+["\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66\xa3\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb"] = CTInfo($description="Google 'Rocketeer' log", $operator="Google", $url="https://ct.googleapis.com/rocketeer/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23\x77\x2d\x05\xc2\x40\x7a"),
-["\x41\xc8\xca\xb1\xdf\x22\x46\x4a\x10\xc6\xa1\x3a\x09\x42\x87\x5e\x4e\x31\x8b\x1b\x03\xeb\xeb\x4b\xc7\x68\xf0\x90\x62\x96\x06\xf6"] = CTInfo($description="Cloudflare 'Nimbus2022' Log", $operator="Cloudflare", $url="ct.cloudflare.com/logs/nimbus2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xb2\x47\x4e\x50\x32\x72\x62\x4a\x0d\x0c\x48\xbf\xad\x29\x64\x6f\x20\xdf\x79\x52\x63\x16\x29\x0a\x2e\x60\xb5\xe2\x3a\x1c\xb7\xaf\x59\xb1\x55\x09\xdb\x59\xc7\xe9\xbd\x6f\xed\x0b\xaf\x05\x96\x97\xff\x3b\x9a\x43\x4d\xeb\x11\x34\x33\x8a\xe7\xac\x83\xc0\xff"),
+["\xbb\xd9\xdf\xbc\x1f\x8a\x71\xb5\x93\x94\x23\x97\xaa\x92\x7b\x47\x38\x57\x95\x0a\xab\x52\xe8\x1a\x90\x96\x64\x36\x8e\x1e\xd1\x85"] = CTInfo($description="Google 'Skydiver' log", $operator="Google", $url="https://ct.googleapis.com/skydiver/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x12\x6c\x86\x0e\xf6\x17\xb1\x12\x6c\x37\x25\xd2\xad\x87\x3d\x0e\x31\xec\x21\xad\xb1\xcd\xbe\x14\x47\xb6\x71\x56\x85\x7a\x9a\xb7\x3d\x89\x90\x7b\xc6\x32\x3a\xf8\xda\xce\x8b\x01\xfe\x3f\xfc\x71\x91\x19\x8e\x14\x6e\x89\x7a\x5d\xb4\xab\x7e\xe1\x4e\x1e\x7c\xac"),
-["\x7a\x32\x8c\x54\xd8\xb7\x2d\xb6\x20\xea\x38\xe0\x52\x1e\xe9\x84\x16\x70\x32\x13\x85\x4d\x3b\xd2\x2b\xc1\x3a\x57\xa3\x52\xeb\x52"] = CTInfo($description="Cloudflare 'Nimbus2023' Log", $operator="Cloudflare", $url="ct.cloudflare.com/logs/nimbus2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8b\xff\x2d\x92\x18\xcb\x46\x9d\x12\x5e\xb9\x59\x75\x3c\xcd\x91\x37\x7a\x1e\xa9\x9c\x99\x78\x83\x27\x3d\xdf\x01\xd5\x8b\x80\xe8\x63\x9a\xfe\x26\xa2\x1b\xd1\x87\x05\xee\x97\xd6\xe0\x5b\x43\x83\x81\x1c\x02\xf5\x41\x80\x80\x7f\xef\xa4\x61\xcf\xbc\x84\xb5\xa8"),
+["\x41\xc8\xca\xb1\xdf\x22\x46\x4a\x10\xc6\xa1\x3a\x09\x42\x87\x5e\x4e\x31\x8b\x1b\x03\xeb\xeb\x4b\xc7\x68\xf0\x90\x62\x96\x06\xf6"] = CTInfo($description="Cloudflare 'Nimbus2022' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xb2\x47\x4e\x50\x32\x72\x62\x4a\x0d\x0c\x48\xbf\xad\x29\x64\x6f\x20\xdf\x79\x52\x63\x16\x29\x0a\x2e\x60\xb5\xe2\x3a\x1c\xb7\xaf\x59\xb1\x55\x09\xdb\x59\xc7\xe9\xbd\x6f\xed\x0b\xaf\x05\x96\x97\xff\x3b\x9a\x43\x4d\xeb\x11\x34\x33\x8a\xe7\xac\x83\xc0\xff"),
-["\x56\x14\x06\x9a\x2f\xd7\xc2\xec\xd3\xf5\xe1\xbd\x44\xb2\x3e\xc7\x46\x76\xb9\xbc\x99\x11\x5c\xc0\xef\x94\x98\x55\xd6\x89\xd0\xdd"] = CTInfo($description="DigiCert Log Server", $operator="DigiCert", $url="ct1.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91\xeb\x38\x24\x40\xac\xe8"),
+["\x7a\x32\x8c\x54\xd8\xb7\x2d\xb6\x20\xea\x38\xe0\x52\x1e\xe9\x84\x16\x70\x32\x13\x85\x4d\x3b\xd2\x2b\xc1\x3a\x57\xa3\x52\xeb\x52"] = CTInfo($description="Cloudflare 'Nimbus2023' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8b\xff\x2d\x92\x18\xcb\x46\x9d\x12\x5e\xb9\x59\x75\x3c\xcd\x91\x37\x7a\x1e\xa9\x9c\x99\x78\x83\x27\x3d\xdf\x01\xd5\x8b\x80\xe8\x63\x9a\xfe\x26\xa2\x1b\xd1\x87\x05\xee\x97\xd6\xe0\x5b\x43\x83\x81\x1c\x02\xf5\x41\x80\x80\x7f\xef\xa4\x61\xcf\xbc\x84\xb5\xa8"),
-["\x87\x75\xbf\xe7\x59\x7c\xf8\x8c\x43\x99\x5f\xbd\xf3\x6e\xff\x56\x8d\x47\x56\x36\xff\x4a\xb5\x60\xc1\xb4\xea\xff\x5e\xa0\x83\x0f"] = CTInfo($description="DigiCert Log Server 2", $operator="DigiCert", $url="ct2.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x5d\x39\x2f\x66\xb8\x4c\x7f\xc1\x2e\x03\xa1\x34\xa3\xe8\x8a\x86\x02\xae\x4a\x11\xc6\xf7\x26\x6a\x37\x9b\xf0\x38\xf8\x5d\x09\x8d\x63\xe8\x31\x6b\x86\x66\xcf\x79\xb3\x25\x3c\x1e\xdf\x78\xb4\xa8\xc5\x69\xfa\xb7\xf0\x82\x79\x62\x43\xf6\xcc\xfe\x81\x66\x84"),
+["\xda\xb6\xbf\x6b\x3f\xb5\xb6\x22\x9f\x9b\xc2\xbb\x5c\x6b\xe8\x70\x91\x71\x6c\xbb\x51\x84\x85\x34\xbd\xa4\x3d\x30\x48\xd7\xfb\xab"] = CTInfo($description="Cloudflare 'Nimbus2024' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x77\xb1\x9b\x7b\x8f\xe6\x8b\x35\xfe\x3a\x92\x29\x2d\xac\x8a\x8d\x51\x8a\x25\xfc\x93\xb6\xd7\xa0\x8b\x29\x37\x71\x1d\x33\xca\xcc\x33\xea\x28\xb9\x1f\xe2\xac\xc3\xa9\x5d\xdd\x97\xbe\xf6\x9e\x94\x25\xdd\x36\x81\xd1\xeb\x5d\x29\xc3\x2b\x44\xf1\x5b\xca\x15\x48"),
-["\x22\x45\x45\x07\x59\x55\x24\x56\x96\x3f\xa1\x2f\xf1\xf7\x6d\x86\xe0\x23\x26\x63\xad\xc0\x4b\x7f\x5d\xc6\x83\x5c\x6e\xe2\x0f\x02"] = CTInfo($description="DigiCert Yeti2022 Log", $operator="DigiCert", $url="yeti2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x9f\xf8\xd8\x1d\xde\xfb\x5b\x51\xb5\xfb\x5d\xf5\xb5\xde\x66\x11\xb0\x9d\x5f\xfd\x6f\xfc\xa8\x98\x5b\x98\x4f\x2d\xc3\x91\x3a\xfb\xfe\xc4\x0f\x0d\xc3\x60\x43\x8c\x1e\xf2\xf9\x11\xb2\xba\xd0\xf6\xbc\xa5\xd2\xb6\x9f\xf9\x5c\x87\xa2\x7d\xfc\xd4\x7d\xd6\x13\x26"),
+["\x56\x14\x06\x9a\x2f\xd7\xc2\xec\xd3\xf5\xe1\xbd\x44\xb2\x3e\xc7\x46\x76\xb9\xbc\x99\x11\x5c\xc0\xef\x94\x98\x55\xd6\x89\xd0\xdd"] = CTInfo($description="DigiCert Log Server", $operator="DigiCert", $url="https://ct1.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91\xeb\x38\x24\x40\xac\xe8"),
-["\x05\x9c\x01\xd3\x20\xe0\x07\x84\x13\x95\x80\x49\x8d\x11\x7c\x90\x32\x66\xaf\xaf\x72\x50\xb5\xaf\x3b\x46\xa4\x3e\x11\x84\x0d\x4a"] = CTInfo($description="DigiCert Yeti2022-2 Log", $operator="DigiCert", $url="yeti2022-2.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\x69\x5e\x3f\x0a\xf2\x71\x77\xcd\x9d\x5d\xc3\x34\x49\x00\xee\x60\x77\xe1\x72\x76\x74\xa8\x7c\x5c\x7d\x09\xf2\x32\x1d\x05\x7e\x2e\xfe\x5b\x31\xd5\x3a\xfd\x73\x34\x6e\x49\x14\x4e\x50\x58\x96\x5a\xc4\xc7\xf4\xbe\x05\x64\xa4\xf7\xd7\xe5\xb1\x6d\x33\x0c\xc3"),
+["\x87\x75\xbf\xe7\x59\x7c\xf8\x8c\x43\x99\x5f\xbd\xf3\x6e\xff\x56\x8d\x47\x56\x36\xff\x4a\xb5\x60\xc1\xb4\xea\xff\x5e\xa0\x83\x0f"] = CTInfo($description="DigiCert Log Server 2", $operator="DigiCert", $url="https://ct2.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x5d\x39\x2f\x66\xb8\x4c\x7f\xc1\x2e\x03\xa1\x34\xa3\xe8\x8a\x86\x02\xae\x4a\x11\xc6\xf7\x26\x6a\x37\x9b\xf0\x38\xf8\x5d\x09\x8d\x63\xe8\x31\x6b\x86\x66\xcf\x79\xb3\x25\x3c\x1e\xdf\x78\xb4\xa8\xc5\x69\xfa\xb7\xf0\x82\x79\x62\x43\xf6\xcc\xfe\x81\x66\x84"),
-["\x35\xcf\x19\x1b\xbf\xb1\x6c\x57\xbf\x0f\xad\x4c\x6d\x42\xcb\xbb\xb6\x27\x20\x26\x51\xea\x3f\xe1\x2a\xef\xa8\x03\xc3\x3b\xd6\x4c"] = CTInfo($description="DigiCert Yeti2023 Log", $operator="DigiCert", $url="yeti2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\x0d\x03\xb1\xd5\x98\x8a\xdc\xf0\x15\x3b\xc6\xdc\x5e\x0d\x6e\x3f\x0d\xbf\x95\xc8\x55\x8c\xd0\xa6\x4c\x96\xb1\x4e\x27\xb9\x26\x25\x99\xcc\x2b\x02\x9e\xa6\xd3\xdd\x9f\xb1\xd5\xc4\xc3\xac\x35\x04\x07\x87\x97\x36\xaa\xad\x28\x0d\x7f\x2b\xd9\x68\x9f\x72\xd1"),
+["\x22\x45\x45\x07\x59\x55\x24\x56\x96\x3f\xa1\x2f\xf1\xf7\x6d\x86\xe0\x23\x26\x63\xad\xc0\x4b\x7f\x5d\xc6\x83\x5c\x6e\xe2\x0f\x02"] = CTInfo($description="DigiCert Yeti2022 Log", $operator="DigiCert", $url="https://yeti2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x9f\xf8\xd8\x1d\xde\xfb\x5b\x51\xb5\xfb\x5d\xf5\xb5\xde\x66\x11\xb0\x9d\x5f\xfd\x6f\xfc\xa8\x98\x5b\x98\x4f\x2d\xc3\x91\x3a\xfb\xfe\xc4\x0f\x0d\xc3\x60\x43\x8c\x1e\xf2\xf9\x11\xb2\xba\xd0\xf6\xbc\xa5\xd2\xb6\x9f\xf9\x5c\x87\xa2\x7d\xfc\xd4\x7d\xd6\x13\x26"),
-["\x51\xa3\xb0\xf5\xfd\x01\x79\x9c\x56\x6d\xb8\x37\x78\x8f\x0c\xa4\x7a\xcc\x1b\x27\xcb\xf7\x9e\x88\x42\x9a\x0d\xfe\xd4\x8b\x05\xe5"] = CTInfo($description="DigiCert Nessie2022 Log", $operator="DigiCert", $url="nessie2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x24\xdd\x68\x03\x28\xcb\xfe\x63\xbe\x0e\x11\x47\x4d\x7d\x17\x68\xa1\x11\x5d\x4c\x71\xc9\x41\x28\xc7\xb6\xa2\x4b\x97\xec\xc0\xaf\xfc\x2f\x3b\xbf\xe9\xf1\xb1\xfc\xf5\x01\xff\xa9\xfb\x49\x40\x0c\x63\x24\x98\xd7\x79\x2e\xa6\x55\xab\x16\xc6\xbe\x51\xd8\x71"),
+["\x35\xcf\x19\x1b\xbf\xb1\x6c\x57\xbf\x0f\xad\x4c\x6d\x42\xcb\xbb\xb6\x27\x20\x26\x51\xea\x3f\xe1\x2a\xef\xa8\x03\xc3\x3b\xd6\x4c"] = CTInfo($description="DigiCert Yeti2023 Log", $operator="DigiCert", $url="https://yeti2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\x0d\x03\xb1\xd5\x98\x8a\xdc\xf0\x15\x3b\xc6\xdc\x5e\x0d\x6e\x3f\x0d\xbf\x95\xc8\x55\x8c\xd0\xa6\x4c\x96\xb1\x4e\x27\xb9\x26\x25\x99\xcc\x2b\x02\x9e\xa6\xd3\xdd\x9f\xb1\xd5\xc4\xc3\xac\x35\x04\x07\x87\x97\x36\xaa\xad\x28\x0d\x7f\x2b\xd9\x68\x9f\x72\xd1"),
-["\xb3\x73\x77\x07\xe1\x84\x50\xf8\x63\x86\xd6\x05\xa9\xdc\x11\x09\x4a\x79\x2d\xb1\x67\x0c\x0b\x87\xdc\xf0\x03\x0e\x79\x36\xa5\x9a"] = CTInfo($description="DigiCert Nessie2023 Log", $operator="DigiCert", $url="nessie2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x11\x7b\xbc\x89\x0c\x12\x09\x14\x9f\xd8\x26\xc8\x4c\x6a\x54\xa4\x1b\x45\x56\xdf\x3e\x23\x42\x14\xd1\xdd\x42\xdf\xa2\xdf\x7b\x5f\x9f\x6f\x07\x5a\x23\x46\x79\x16\x4b\x5f\x33\x67\xc1\xa0\x8d\x5b\x5c\x17\x75\xf2\x4d\xa0\x80\xa1\x98\x1a\x07\x59\x06\x02\xca\x4e"),
+["\x48\xb0\xe3\x6b\xda\xa6\x47\x34\x0f\xe5\x6a\x02\xfa\x9d\x30\xeb\x1c\x52\x01\xcb\x56\xdd\x2c\x81\xd9\xbb\xbf\xab\x39\xd8\x84\x73"] = CTInfo($description="DigiCert Yeti2024 Log", $operator="DigiCert", $url="https://yeti2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x57\xb8\xc1\x6f\x30\xa4\x7f\x2e\xe4\xf0\xd0\xd9\x60\x62\x13\x95\xe3\x7a\xe3\x4e\x53\xc3\xb3\xb8\x73\x85\xc1\x18\x0d\x23\x0e\x58\x84\xd2\x78\xef\x9b\xb3\x1e\x2c\x1a\xde\xc1\x8f\x81\x1b\x19\x44\x58\xb7\x00\x77\x60\x20\x1a\x72\xd8\x82\xde\xae\x9e\xb1\xc6\x4b"),
-["\xdd\xeb\x1d\x2b\x7a\x0d\x4f\xa6\x20\x8b\x81\xad\x81\x68\x70\x7e\x2e\x8e\x9d\x01\xd5\x5c\x88\x8d\x3d\x11\xc4\xcd\xb6\xec\xbe\xcc"] = CTInfo($description="Symantec log", $operator="DigiCert", $url="ct.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x96\xea\xac\x1c\x46\x0c\x1b\x55\xdc\x0d\xfc\xb5\x94\x27\x46\x57\x42\x70\x3a\x69\x18\xe2\xbf\x3b\xc4\xdb\xab\xa0\xf4\xb6\x6c\xc0\x53\x3f\x4d\x42\x10\x33\xf0\x58\x97\x8f\x6b\xbe\x72\xf4\x2a\xec\x1c\x42\xaa\x03\x2f\x1a\x7e\x28\x35\x76\x99\x08\x3d\x21\x14\x86"),
+["\x7d\x59\x1e\x12\xe1\x78\x2a\x7b\x1c\x61\x67\x7c\x5e\xfd\xf8\xd0\x87\x5c\x14\xa0\x4e\x95\x9e\xb9\x03\x2f\xd9\x0e\x8c\x2e\x79\xb8"] = CTInfo($description="DigiCert Yeti2025 Log", $operator="DigiCert", $url="https://yeti2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xdf\x95\x00\x5e\x10\xc1\x01\xf7\x37\xe3\x10\x74\xd1\xff\xb2\xca\x90\xed\x32\x99\x5f\x0c\x39\xfe\xa1\xd1\x13\x11\xac\xd1\xb3\x73\x93\x20\xc2\x13\x3c\x4c\xb5\x7a\x52\x86\x86\x3d\xe3\x95\x24\x7c\xd8\x91\x98\x48\x3b\xf0\xf0\xdf\x21\xf1\xb0\x81\x5a\x59\x25\x43"),
-["\xbc\x78\xe1\xdf\xc5\xf6\x3c\x68\x46\x49\x33\x4d\xa1\x0f\xa1\x5f\x09\x79\x69\x20\x09\xc0\x81\xb4\xf3\xf6\x91\x7f\x3e\xd9\xb8\xa5"] = CTInfo($description="Symantec 'Vega' log", $operator="DigiCert", $url="vega.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xea\x95\x9e\x02\xff\xee\xf1\x33\x6d\x4b\x87\xbc\xcd\xfd\x19\x17\x62\xff\x94\xd3\xd0\x59\x07\x3f\x02\x2d\x1c\x90\xfe\xc8\x47\x30\x3b\xf1\xdd\x0d\xb8\x11\x0c\x5d\x1d\x86\xdd\xab\xd3\x2b\x46\x66\xfb\x6e\x65\xb7\x3b\xfd\x59\x68\xac\xdf\xa6\xf8\xce\xd2\x18\x4d"),
+["\x51\xa3\xb0\xf5\xfd\x01\x79\x9c\x56\x6d\xb8\x37\x78\x8f\x0c\xa4\x7a\xcc\x1b\x27\xcb\xf7\x9e\x88\x42\x9a\x0d\xfe\xd4\x8b\x05\xe5"] = CTInfo($description="DigiCert Nessie2022 Log", $operator="DigiCert", $url="https://nessie2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x24\xdd\x68\x03\x28\xcb\xfe\x63\xbe\x0e\x11\x47\x4d\x7d\x17\x68\xa1\x11\x5d\x4c\x71\xc9\x41\x28\xc7\xb6\xa2\x4b\x97\xec\xc0\xaf\xfc\x2f\x3b\xbf\xe9\xf1\xb1\xfc\xf5\x01\xff\xa9\xfb\x49\x40\x0c\x63\x24\x98\xd7\x79\x2e\xa6\x55\xab\x16\xc6\xbe\x51\xd8\x71"),
-["\x15\x97\x04\x88\xd7\xb9\x97\xa0\x5b\xeb\x52\x51\x2a\xde\xe8\xd2\xe8\xb4\xa3\x16\x52\x64\x12\x1a\x9f\xab\xfb\xd5\xf8\x5a\xd9\x3f"] = CTInfo($description="Symantec 'Sirius' log", $operator="DigiCert", $url="sirius.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa3\x02\x64\x84\x22\xbb\x25\xec\x0d\xe3\xbc\xc2\xc9\x89\x7d\xdd\x45\xd0\xee\xe6\x15\x85\x8f\xd9\xe7\x17\x1b\x13\x80\xea\xed\xb2\x85\x37\xad\x6a\xc5\xd8\x25\x9d\xfa\xf4\xb4\xf3\x6e\x16\x28\x25\x37\xea\xa3\x37\x64\xb2\xc7\x0b\xfd\x51\xe5\xc1\x05\xf4\x0e\xb5"),
+["\xb3\x73\x77\x07\xe1\x84\x50\xf8\x63\x86\xd6\x05\xa9\xdc\x11\x09\x4a\x79\x2d\xb1\x67\x0c\x0b\x87\xdc\xf0\x03\x0e\x79\x36\xa5\x9a"] = CTInfo($description="DigiCert Nessie2023 Log", $operator="DigiCert", $url="https://nessie2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x11\x7b\xbc\x89\x0c\x12\x09\x14\x9f\xd8\x26\xc8\x4c\x6a\x54\xa4\x1b\x45\x56\xdf\x3e\x23\x42\x14\xd1\xdd\x42\xdf\xa2\xdf\x7b\x5f\x9f\x6f\x07\x5a\x23\x46\x79\x16\x4b\x5f\x33\x67\xc1\xa0\x8d\x5b\x5c\x17\x75\xf2\x4d\xa0\x80\xa1\x98\x1a\x07\x59\x06\x02\xca\x4e"),
-["\xcd\xb5\x17\x9b\x7f\xc1\xc0\x46\xfe\xea\x31\x13\x6a\x3f\x8f\x00\x2e\x61\x82\xfa\xf8\x89\x6f\xec\xc8\xb2\xf5\xb5\xab\x60\x49\x00"] = CTInfo($description="Certly.IO log", $operator="Certly", $url="log.certly.io/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x0b\x23\xcb\x85\x62\x98\x61\x48\x04\x73\xeb\x54\x5d\xf3\xd0\x07\x8c\x2d\x19\x2d\x8c\x36\xf5\xeb\x8f\x01\x42\x0a\x7c\x98\x26\x27\xc1\xb5\xdd\x92\x93\xb0\xae\xf8\x9b\x3d\x0c\xd8\x4c\x4e\x1d\xf9\x15\xfb\x47\x68\x7b\xba\x66\xb7\x25\x9c\xd0\x4a\xc2\x66\xdb\x48"),
+["\x73\xd9\x9e\x89\x1b\x4c\x96\x78\xa0\x20\x7d\x47\x9d\xe6\xb2\xc6\x1c\xd0\x51\x5e\x71\x19\x2a\x8c\x6b\x80\x10\x7a\xc1\x77\x72\xb5"] = CTInfo($description="DigiCert Nessie2024 Log", $operator="DigiCert", $url="https://nessie2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x2d\xfc\xa2\x7b\x36\xbf\x56\x91\xe9\xfe\x3f\xe8\x3d\xfc\xc3\xa7\xe0\x61\x52\xea\x2c\xe9\x05\xa3\x9f\x27\x17\x81\x05\x70\x6b\x81\x61\x44\x8a\xf8\x3b\x10\x80\x42\xed\x03\x2f\x00\x50\x21\xfc\x41\x54\x84\xa3\x54\xd5\x2e\xb2\x7a\x16\x4b\x2a\x1f\x2b\x66\x04\x2b"),
-["\x74\x61\xb4\xa0\x9c\xfb\x3d\x41\xd7\x51\x59\x57\x5b\x2e\x76\x49\xa4\x45\xa8\xd2\x77\x09\xb0\xcc\x56\x4a\x64\x82\xb7\xeb\x41\xa3"] = CTInfo($description="Izenpe log", $operator="Izenpe", $url="ct.izenpe.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x64\x39\x0c\x2d\xdc\x50\x18\xf8\x21\x00\xa2\x0e\xed\x2c\xea\x3e\x75\xba\x9f\x93\x64\x09\x00\x11\xc4\x11\x17\xab\x5c\xcf\x0f\x74\xac\xb5\x97\x90\x93\x00\x5b\xb8\xeb\xf7\x27\x3d\xd9\xb2\x0a\x81\x5f\x2f\x0d\x75\x38\x94\x37\x99\x1e\xf6\x07\x76\xe0\xee\xbe"),
+["\xe6\xd2\x31\x63\x40\x77\x8c\xc1\x10\x41\x06\xd7\x71\xb9\xce\xc1\xd2\x40\xf6\x96\x84\x86\xfb\xba\x87\x32\x1d\xfd\x1e\x37\x8e\x50"] = CTInfo($description="DigiCert Nessie2025 Log", $operator="DigiCert", $url="https://nessie2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\xf0\xf0\xa7\x8b\x81\x2e\x09\x39\x3b\x9f\x42\xda\x38\x44\x5f\xb4\xcc\xed\x36\xbb\xd8\x43\x7f\x16\x49\x57\x87\x04\x7f\xa5\x01\x34\xf7\xe8\x68\x3f\xb7\x78\x1f\x60\x66\x2d\x67\x9a\x75\x80\xb7\x53\xa7\x85\xd5\xbc\xab\x47\x06\x55\xdb\xb5\xdf\x88\xa1\x6f\x38"),
-["\x41\xb2\xdc\x2e\x89\xe6\x3c\xe4\xaf\x1b\xa7\xbb\x29\xbf\x68\xc6\xde\xe6\xf9\xf1\xcc\x04\x7e\x30\xdf\xfa\xe3\xb3\xba\x25\x92\x63"] = CTInfo($description="WoSign log", $operator="WoSign", $url="ctlog.wosign.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x11\x88\x7b\x2d\x66\xcb\xae\x8f\x4d\x30\x66\x27\x19\x25\x22\x93\x21\x46\xb4\x2f\x01\xd3\xc6\xf9\x2b\xd5\xc8\xba\x73\x9b\x06\xa2\xf0\x8a\x02\x9c\xd0\x6b\x46\x18\x30\x85\xba\xe9\x24\x8b\x0e\xd1\x5b\x70\x28\x0c\x7e\xf1\x3a\x45\x7f\x5a\xf3\x82\x42\x60\x31"),
+["\x05\x9c\x01\xd3\x20\xe0\x07\x84\x13\x95\x80\x49\x8d\x11\x7c\x90\x32\x66\xaf\xaf\x72\x50\xb5\xaf\x3b\x46\xa4\x3e\x11\x84\x0d\x4a"] = CTInfo($description="DigiCert Yeti2022-2 Log", $operator="DigiCert", $url="https://yeti2022-2.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\x69\x5e\x3f\x0a\xf2\x71\x77\xcd\x9d\x5d\xc3\x34\x49\x00\xee\x60\x77\xe1\x72\x76\x74\xa8\x7c\x5c\x7d\x09\xf2\x32\x1d\x05\x7e\x2e\xfe\x5b\x31\xd5\x3a\xfd\x73\x34\x6e\x49\x14\x4e\x50\x58\x96\x5a\xc4\xc7\xf4\xbe\x05\x64\xa4\xf7\xd7\xe5\xb1\x6d\x33\x0c\xc3"),
-["\xac\x3b\x9a\xed\x7f\xa9\x67\x47\x57\x15\x9e\x6d\x7d\x57\x56\x72\xf9\xd9\x81\x00\x94\x1e\x9b\xde\xff\xec\xa1\x31\x3b\x75\x78\x2d"] = CTInfo($description="Venafi log", $operator="Venafi", $url="ctlog.api.venafi.com/", $maximum_merge_delay=86400, $key="\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa2\x5a\x48\x1f\x17\x52\x95\x35\xcb\xa3\x5b\x3a\x1f\x53\x82\x76\x94\xa3\xff\x80\xf2\x1c\x37\x3c\xc0\xb1\xbd\xc1\x59\x8b\xab\x2d\x65\x93\xd7\xf3\xe0\x04\xd5\x9a\x6f\xbf\xd6\x23\x76\x36\x4f\x23\x99\xcb\x54\x28\xad\x8c\x15\x4b\x65\x59\x76\x41\x4a\x9c\xa6\xf7\xb3\x3b\x7e\xb1\xa5\x49\xa4\x17\x51\x6c\x80\xdc\x2a\x90\x50\x4b\x88\x24\xe9\xa5\x12\x32\x93\x04\x48\x90\x02\xfa\x5f\x0e\x30\x87\x8e\x55\x76\x05\xee\x2a\x4c\xce\xa3\x6a\x69\x09\x6e\x25\xad\x82\x76\x0f\x84\x92\xfa\x38\xd6\x86\x4e\x24\x8f\x9b\xb0\x72\xcb\x9e\xe2\x6b\x3f\xe1\x6d\xc9\x25\x75\x23\x88\xa1\x18\x58\x06\x23\x33\x78\xda\x00\xd0\x38\x91\x67\xd2\xa6\x7d\x27\x97\x67\x5a\xc1\xf3\x2f\x17\xe6\xea\xd2\x5b\xe8\x81\xcd\xfd\x92\x68\xe7\xf3\x06\xf0\xe9\x72\x84\xee\x01\xa5\xb1\xd8\x33\xda\xce\x83\xa5\xdb\xc7\xcf\xd6\x16\x7e\x90\x75\x18\xbf\x16\xdc\x32\x3b\x6d\x8d\xab\x82\x17\x1f\x89\x20\x8d\x1d\x9a\xe6\x4d\x23\x08\xdf\x78\x6f\xc6\x05\xbf\x5f\xae\x94\x97\xdb\x5f\x64\xd4\xee\x16\x8b\xa3\x84\x6c\x71\x2b\xf1\xab\x7f\x5d\x0d\x32\xee\x04\xe2\x90\xec\x41\x9f\xfb\x39\xc1\x02\x03\x01\x00\x01"),
+["\x55\x81\xd4\xc2\x16\x90\x36\x01\x4a\xea\x0b\x9b\x57\x3c\x53\xf0\xc0\xe4\x38\x78\x70\x25\x08\x17\x2f\xa3\xaa\x1d\x07\x13\xd3\x0c"] = CTInfo($description="Sectigo 'Sabre' CT log", $operator="Sectigo", $url="https://sabre.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\x6f\xd2\x89\x0f\x3f\xc5\xf8\x87\x1e\xab\x65\xb3\xd9\xbb\x17\x23\x8c\x06\x0e\x09\x55\x96\x3d\x0a\x08\xa2\xc5\x71\xb3\xd1\xa9\x2f\x28\x3e\x83\x10\xbf\x12\xd0\x44\x66\x15\xef\x54\xe1\x98\x80\xd0\xce\x24\x6d\x3e\x67\x9a\xe9\x37\x23\xce\x52\x93\x86\xda\x80"),
-["\xa5\x77\xac\x9c\xed\x75\x48\xdd\x8f\x02\x5b\x67\xa2\x41\x08\x9d\xf8\x6e\x0f\x47\x6e\xc2\x03\xc2\xec\xbe\xdb\x18\x5f\x28\x26\x38"] = CTInfo($description="CNNIC CT log", $operator="CNNIC", $url="ctserver.cnnic.cn/", $maximum_merge_delay=86400, $key="\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbf\xb5\x08\x61\x9a\x29\x32\x04\xd3\x25\x63\xe9\xd8\x85\xe1\x86\xe0\x1f\xd6\x5e\x9a\xf7\x33\x3b\x80\x1b\xe7\xb6\x3e\x5f\x2d\xa1\x66\xf6\x95\x4a\x84\xa6\x21\x56\x79\xe8\xf7\x85\xee\x5d\xe3\x7c\x12\xc0\xe0\x89\x22\x09\x22\x3e\xba\x16\x95\x06\xbd\xa8\xb9\xb1\xa9\xb2\x7a\xd6\x61\x2e\x87\x11\xb9\x78\x40\x89\x75\xdb\x0c\xdc\x90\xe0\xa4\x79\xd6\xd5\x5e\x6e\xd1\x2a\xdb\x34\xf4\x99\x3f\x65\x89\x3b\x46\xc2\x29\x2c\x15\x07\x1c\xc9\x4b\x1a\x54\xf8\x6c\x1e\xaf\x60\x27\x62\x0a\x65\xd5\x9a\xb9\x50\x36\x16\x6e\x71\xf6\x1f\x01\xf7\x12\xa7\xfc\xbf\xf6\x21\xa3\x29\x90\x86\x2d\x77\xde\xbb\x4c\xd4\xcf\xfd\xd2\xcf\x82\x2c\x4d\xd4\xf2\xc2\x2d\xac\xa9\xbe\xea\xc3\x19\x25\x43\xb2\xe5\x9a\x6c\x0d\xc5\x1c\xa5\x8b\xf7\x3f\x30\xaf\xb9\x01\x91\xb7\x69\x12\x12\xe5\x83\x61\xfe\x34\x00\xbe\xf6\x71\x8a\xc7\xeb\x50\x92\xe8\x59\xfe\x15\x91\xeb\x96\x97\xf8\x23\x54\x3f\x2d\x8e\x07\xdf\xee\xda\xb3\x4f\xc8\x3c\x9d\x6f\xdf\x3c\x2c\x43\x57\xa1\x47\x0c\x91\x04\xf4\x75\x4d\xda\x89\x81\xa4\x14\x06\x34\xb9\x98\xc3\xda\xf1\xfd\xed\x33\x36\xd3\x16\x2d\x35\x02\x03\x01\x00\x01"),
+["\x6f\x53\x76\xac\x31\xf0\x31\x19\xd8\x99\x00\xa4\x51\x15\xff\x77\x15\x1c\x11\xd9\x02\xc1\x00\x29\x06\x8d\xb2\x08\x9a\x37\xd9\x13"] = CTInfo($description="Sectigo 'Mammoth' CT log", $operator="Sectigo", $url="https://mammoth.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xef\xe4\x7d\x74\x2e\x15\x15\xb6\xe9\xbb\x23\x8b\xfb\x2c\xb5\xe1\xc7\x80\x98\x47\xfb\x40\x69\x68\xfc\x49\xad\x61\x4e\x83\x47\x3c\x1a\xb7\x8d\xdf\xff\x7b\x30\xb4\xba\xff\x2f\xcb\xa0\x14\xe3\xad\xd5\x85\x3f\x44\x59\x8c\x8c\x60\x8b\xd7\xb8\xb1\xbf\xae\x8c\x67"),
-["\x34\xbb\x6a\xd6\xc3\xdf\x9c\x03\xee\xa8\xa4\x99\xff\x78\x91\x48\x6c\x9d\x5e\x5c\xac\x92\xd0\x1f\x7b\xfd\x1b\xce\x19\xdb\x48\xef"] = CTInfo($description="StartCom log", $operator="StartCom", $url="ct.startssl.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xf3\x59\xf3\xf6\x05\x18\xd3\xdb\xb2\xed\x46\x7e\xcf\xc8\x11\xb5\x57\xb1\xa8\xd6\x4c\xe6\x9f\xb7\x4a\x1a\x14\x86\x43\xa9\x48\xb0\xcb\x5a\x3f\x3c\x4a\xca\xdf\xc4\x82\x14\x55\x9a\xf8\xf7\x8e\x40\x55\xdc\xf4\xd2\xaf\xea\x75\x74\xfb\x4e\x7f\x60\x86\x2e\x51"),
+["\xdf\xa5\x5e\xab\x68\x82\x4f\x1f\x6c\xad\xee\xb8\x5f\x4e\x3e\x5a\xea\xcd\xa2\x12\xa4\x6a\x5e\x8e\x3b\x12\xc0\x20\x44\x5c\x2a\x73"] = CTInfo($description="Let's Encrypt 'Oak2022' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x86\x3c\xb1\x0d\x52\x23\x5a\xde\x6e\xf6\xc0\x7f\xa3\x64\xbc\xad\xc1\x89\xda\x97\x59\x4c\x60\x3c\xf8\x8a\x57\x84\x8f\xed\xbc\xa0\x63\x12\x51\x84\xe6\xbd\xdd\x7b\x8c\x80\x7d\xe3\x8f\x86\xa4\xea\xa9\xcf\xa8\xee\xf3\xe0\x5e\x70\xe0\xbb\xf6\xbd\xfc\x1f\x91\x2e"),
-["\x55\x81\xd4\xc2\x16\x90\x36\x01\x4a\xea\x0b\x9b\x57\x3c\x53\xf0\xc0\xe4\x38\x78\x70\x25\x08\x17\x2f\xa3\xaa\x1d\x07\x13\xd3\x0c"] = CTInfo($description="Sectigo 'Sabre' CT log", $operator="Sectigo", $url="sabre.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\x6f\xd2\x89\x0f\x3f\xc5\xf8\x87\x1e\xab\x65\xb3\xd9\xbb\x17\x23\x8c\x06\x0e\x09\x55\x96\x3d\x0a\x08\xa2\xc5\x71\xb3\xd1\xa9\x2f\x28\x3e\x83\x10\xbf\x12\xd0\x44\x66\x15\xef\x54\xe1\x98\x80\xd0\xce\x24\x6d\x3e\x67\x9a\xe9\x37\x23\xce\x52\x93\x86\xda\x80"),
+["\xb7\x3e\xfb\x24\xdf\x9c\x4d\xba\x75\xf2\x39\xc5\xba\x58\xf4\x6c\x5d\xfc\x42\xcf\x7a\x9f\x35\xc4\x9e\x1d\x09\x81\x25\xed\xb4\x99"] = CTInfo($description="Let's Encrypt 'Oak2023' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb3\x3d\x0e\x78\xbe\xe3\xad\x5c\x44\x5c\x9b\xbe\xa3\x84\x16\x41\x82\xca\xca\x89\x17\x1e\x23\xce\x38\xa5\x54\x2f\x7f\xd3\x34\x51\x6a\xb9\x5c\xc3\x49\xea\xfb\x91\x9d\xe0\x8a\x3c\x73\x06\x9f\x7c\x65\x38\x11\x80\xc4\x9a\x5a\x00\xa6\x67\xc3\x83\xef\x89\x85\x51"),
-["\x6f\x53\x76\xac\x31\xf0\x31\x19\xd8\x99\x00\xa4\x51\x15\xff\x77\x15\x1c\x11\xd9\x02\xc1\x00\x29\x06\x8d\xb2\x08\x9a\x37\xd9\x13"] = CTInfo($description="Sectigo 'Mammoth' CT log", $operator="Sectigo", $url="mammoth.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xef\xe4\x7d\x74\x2e\x15\x15\xb6\xe9\xbb\x23\x8b\xfb\x2c\xb5\xe1\xc7\x80\x98\x47\xfb\x40\x69\x68\xfc\x49\xad\x61\x4e\x83\x47\x3c\x1a\xb7\x8d\xdf\xff\x7b\x30\xb4\xba\xff\x2f\xcb\xa0\x14\xe3\xad\xd5\x85\x3f\x44\x59\x8c\x8c\x60\x8b\xd7\xb8\xb1\xbf\xae\x8c\x67"),
+["\x3b\x53\x77\x75\x3e\x2d\xb9\x80\x4e\x8b\x30\x5b\x06\xfe\x40\x3b\x67\xd8\x4f\xc3\xf4\xc7\xbd\x00\x0d\x2d\x72\x6f\xe1\xfa\xd4\x17"] = CTInfo($description="Let's Encrypt 'Oak2024H1' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h1/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x56\x43\xd7\x7e\x7b\xd4\x72\xb7\xba\xa9\x51\xbd\x36\x93\xb7\xe9\xb5\x92\x0f\xea\x5e\xb7\x45\xa3\x92\xfd\xc9\xa5\x3c\x80\xac\x1a\x20\xef\x25\x2f\xb8\xe1\x20\xf7\xa8\x3a\x2e\x07\x8d\xe6\xeb\xa4\xe2\x7d\x24\x63\x9f\x46\xbf\x94\x73\x52\x8d\x96\xae\xa9\x26\xfd"),
-["\xdf\xa5\x5e\xab\x68\x82\x4f\x1f\x6c\xad\xee\xb8\x5f\x4e\x3e\x5a\xea\xcd\xa2\x12\xa4\x6a\x5e\x8e\x3b\x12\xc0\x20\x44\x5c\x2a\x73"] = CTInfo($description="Let's Encrypt 'Oak2022' log", $operator="Let's Encrypt", $url="oak.ct.letsencrypt.org/2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x86\x3c\xb1\x0d\x52\x23\x5a\xde\x6e\xf6\xc0\x7f\xa3\x64\xbc\xad\xc1\x89\xda\x97\x59\x4c\x60\x3c\xf8\x8a\x57\x84\x8f\xed\xbc\xa0\x63\x12\x51\x84\xe6\xbd\xdd\x7b\x8c\x80\x7d\xe3\x8f\x86\xa4\xea\xa9\xcf\xa8\xee\xf3\xe0\x5e\x70\xe0\xbb\xf6\xbd\xfc\x1f\x91\x2e"),
+["\x3f\x17\x4b\x4f\xd7\x22\x47\x58\x94\x1d\x65\x1c\x84\xbe\x0d\x12\xed\x90\x37\x7f\x1f\x85\x6a\xeb\xc1\xbf\x28\x85\xec\xf8\x64\x6e"] = CTInfo($description="Let's Encrypt 'Oak2024H2' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h2/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\x73\xd6\x53\x47\xe9\xf3\xc9\xd5\x7c\x16\xc2\xd6\x8f\x70\x65\xfa\xf2\x51\x36\xa9\x13\x80\x2f\xed\xf9\x94\xd3\x5a\x8b\xe8\x4f\x33\xcf\xc3\xd3\x89\xd4\x5f\x5a\x66\x89\xba\x20\x1f\x71\xcb\xca\xbb\x9f\x9f\xf3\x5c\x2d\x1e\xa3\x81\x59\xaf\x92\xb3\x6d\x30\x68"),
-["\xb7\x3e\xfb\x24\xdf\x9c\x4d\xba\x75\xf2\x39\xc5\xba\x58\xf4\x6c\x5d\xfc\x42\xcf\x7a\x9f\x35\xc4\x9e\x1d\x09\x81\x25\xed\xb4\x99"] = CTInfo($description="Let's Encrypt 'Oak2023' log", $operator="Let's Encrypt", $url="oak.ct.letsencrypt.org/2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb3\x3d\x0e\x78\xbe\xe3\xad\x5c\x44\x5c\x9b\xbe\xa3\x84\x16\x41\x82\xca\xca\x89\x17\x1e\x23\xce\x38\xa5\x54\x2f\x7f\xd3\x34\x51\x6a\xb9\x5c\xc3\x49\xea\xfb\x91\x9d\xe0\x8a\x3c\x73\x06\x9f\x7c\x65\x38\x11\x80\xc4\x9a\x5a\x00\xa6\x67\xc3\x83\xef\x89\x85\x51"),
+["\xc3\x65\xf9\xb3\x65\x4f\x32\x83\xc7\x9d\xa9\x8e\x93\xd7\x41\x8f\x5b\xab\x7b\xe3\x25\x2c\x98\xe1\xd2\xf0\x4b\xb9\xeb\x42\x7d\x23"] = CTInfo($description="Trust Asia Log2022", $operator="TrustAsia", $url="https://ct.trustasia.com/log2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xbb\x52\xf2\x16\xcf\x92\x0b\xce\x79\xe6\x54\x6d\xc2\x37\x53\xa4\xf5\xf9\x3a\xa9\xb3\x05\xec\x1d\xbd\x16\xec\x30\xac\x2e\xf8\x79\x62\x35\x15\x8e\x1a\xd8\x16\x2e\xe4\x48\x6b\xf6\xc6\x13\xf1\x96\x2e\x5c\x10\xfe\x19\x1e\xa8\x18\xb8\x0f\x2d\xc3\xa4\x86\x51\x97"),
-["\xc3\x65\xf9\xb3\x65\x4f\x32\x83\xc7\x9d\xa9\x8e\x93\xd7\x41\x8f\x5b\xab\x7b\xe3\x25\x2c\x98\xe1\xd2\xf0\x4b\xb9\xeb\x42\x7d\x23"] = CTInfo($description="Trust Asia Log2022", $operator="TrustAsia", $url="ct.trustasia.com/log2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xbb\x52\xf2\x16\xcf\x92\x0b\xce\x79\xe6\x54\x6d\xc2\x37\x53\xa4\xf5\xf9\x3a\xa9\xb3\x05\xec\x1d\xbd\x16\xec\x30\xac\x2e\xf8\x79\x62\x35\x15\x8e\x1a\xd8\x16\x2e\xe4\x48\x6b\xf6\xc6\x13\xf1\x96\x2e\x5c\x10\xfe\x19\x1e\xa8\x18\xb8\x0f\x2d\xc3\xa4\x86\x51\x97"),
+["\xe8\x7e\xa7\x66\x0b\xc2\x6c\xf6\x00\x2e\xf5\x72\x5d\x3f\xe0\xe3\x31\xb9\x39\x3b\xb9\x2f\xbf\x58\xeb\x3b\x90\x49\xda\xf5\x43\x5a"] = CTInfo($description="Trust Asia Log2023", $operator="TrustAsia", $url="https://ct.trustasia.com/log2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa4\x11\x52\xdb\x17\x41\x4e\x90\xd4\x56\x51\x12\x30\x52\xf8\x9b\x03\xcf\x4c\x9f\xf8\x2e\x38\xb5\xf1\x5a\xba\xfa\x38\xb9\xd2\x8f\x1a\x81\xda\x95\xcc\x33\xec\x21\x28\x66\xc6\x56\x3e\x60\x36\x21\x20\xd9\xd4\xac\x5d\xfa\x5c\x19\xa1\x05\x7d\xfe\x20\x23\xfc\xf5"),
-["\xe8\x7e\xa7\x66\x0b\xc2\x6c\xf6\x00\x2e\xf5\x72\x5d\x3f\xe0\xe3\x31\xb9\x39\x3b\xb9\x2f\xbf\x58\xeb\x3b\x90\x49\xda\xf5\x43\x5a"] = CTInfo($description="Trust Asia Log2023", $operator="TrustAsia", $url="ct.trustasia.com/log2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa4\x11\x52\xdb\x17\x41\x4e\x90\xd4\x56\x51\x12\x30\x52\xf8\x9b\x03\xcf\x4c\x9f\xf8\x2e\x38\xb5\xf1\x5a\xba\xfa\x38\xb9\xd2\x8f\x1a\x81\xda\x95\xcc\x33\xec\x21\x28\x66\xc6\x56\x3e\x60\x36\x21\x20\xd9\xd4\xac\x5d\xfa\x5c\x19\xa1\x05\x7d\xfe\x20\x23\xfc\xf5"),
 };

src/3rdparty

@@ -1 +1 @@
-Subproject commit 76eb27d2f5bea28e8e60ed0a4a29fc1ec2ec6b4e
+Subproject commit 3ce86be0c0588fbe26178d1da9683ff75cb5e982

src/Dict.cc

@@ -246,6 +246,96 @@ TEST_CASE("dict robust iteration")
 	delete key3;
 	}
 
+TEST_CASE("dict ordered iteration")
+	{
+	PDict<uint32_t> dict(DictOrder::ORDERED);
+
+	// These key values are specifically contrived to be inserted
+	// into the dictionary in a different order by default.
+	uint32_t val = 15;
+	uint32_t key_val = 5;
+	auto key = std::make_unique<detail::HashKey>(key_val);
+
+	uint32_t val2 = 10;
+	uint32_t key_val2 = 25;
+	auto key2 = std::make_unique<detail::HashKey>(key_val2);
+
+	uint32_t val3 = 30;
+	uint32_t key_val3 = 45;
+	auto key3 = std::make_unique<detail::HashKey>(key_val3);
+
+	uint32_t val4 = 20;
+	uint32_t key_val4 = 35;
+	auto key4 = std::make_unique<detail::HashKey>(key_val4);
+
+	// Only insert the first three to start with so we can test the order
+	// being the same after a later insertion.
+	dict.Insert(key.get(), &val);
+	dict.Insert(key2.get(), &val2);
+	dict.Insert(key3.get(), &val3);
+
+	int count = 0;
+
+	for ( const auto& entry : dict )
+		{
+		auto* v = static_cast<uint32_t*>(entry.value);
+		uint32_t k = *(uint32_t*)entry.GetKey();
+
+		// The keys should be returned in the same order we inserted
+		// them, which is 5, 25, 45.
+		if ( count == 0 )
+			CHECK(k == 5);
+		else if ( count == 1 )
+			CHECK(k == 25);
+		else if ( count == 2 )
+			CHECK(k == 45);
+
+		count++;
+		}
+
+	dict.Insert(key4.get(), &val4);
+	count = 0;
+
+	for ( const auto& entry : dict )
+		{
+		auto* v = static_cast<uint32_t*>(entry.value);
+		uint32_t k = *(uint32_t*)entry.GetKey();
+
+		// The keys should be returned in the same order we inserted
+		// them, which is 5, 25, 45, 35.
+		if ( count == 0 )
+			CHECK(k == 5);
+		else if ( count == 1 )
+			CHECK(k == 25);
+		else if ( count == 2 )
+			CHECK(k == 45);
+		else if ( count == 3 )
+			CHECK(k == 35);
+
+		count++;
+		}
+
+	dict.Remove(key2.get());
+	count = 0;
+
+	for ( const auto& entry : dict )
+		{
+		auto* v = static_cast<uint32_t*>(entry.value);
+		uint32_t k = *(uint32_t*)entry.GetKey();
+
+		// The keys should be returned in the same order we inserted
+		// them, which is 5, 45, 35.
+		if ( count == 0 )
+			CHECK(k == 5);
+		else if ( count == 1 )
+			CHECK(k == 45);
+		else if ( count == 2 )
+			CHECK(k == 35);
+
+		count++;
+		}
+	}
+
 class DictTestDummy
 	{
 public:

src/Dict.h

@@ -174,6 +174,8 @@ public:
 	bool operator!=(const DictEntry& r) const { return ! Equal(r.GetKey(), r.key_size, r.hash); }
 	};
 
+using DictEntryVec = std::vector<detail::HashKey>;
+
 	} // namespace detail
 
 template <typename T> class DictIterator
@@ -209,6 +211,8 @@ public:
 		dict = that.dict;
 		curr = that.curr;
 		end = that.end;
+		ordered_iter = that.ordered_iter;
+
 		dict->IncrIters();
 		}
 
@@ -226,6 +230,8 @@ public:
 		dict = that.dict;
 		curr = that.curr;
 		end = that.end;
+		ordered_iter = that.ordered_iter;
+
 		dict->IncrIters();
 
 		return *this;
@@ -245,6 +251,7 @@ public:
 		dict = that.dict;
 		curr = that.curr;
 		end = that.end;
+		ordered_iter = that.ordered_iter;
 
 		that.dict = nullptr;
 		}
@@ -263,25 +270,64 @@ public:
 		dict = that.dict;
 		curr = that.curr;
 		end = that.end;
+		ordered_iter = that.ordered_iter;
 
 		that.dict = nullptr;
 
 		return *this;
 		}
 
-	reference operator*() { return *curr; }
+	reference operator*()
-	reference operator*() const { return *curr; }
+		{
-	pointer operator->() { return curr; }
+		if ( dict->IsOrdered() )
-	pointer operator->() const { return curr; }
+			{
+			// TODO: how does this work if ordered_iter == end(). LookupEntry will return a nullptr,
+			// which the dereference will fail on. That's undefined behavior, correct? Is that any
+			// different than if the unordered version returns a dereference of it's end?
+			auto e = dict->LookupEntry(*ordered_iter);
+			return *e;
+			}
+
+		return *curr;
+		}
+	reference operator*() const
+		{
+		if ( dict->IsOrdered() )
+			{
+			auto e = dict->LookupEntry(*ordered_iter);
+			return *e;
+			}
+
+		return *curr;
+		}
+	pointer operator->()
+		{
+		if ( dict->IsOrdered() )
+			return dict->LookupEntry(*ordered_iter);
+
+		return curr;
+		}
+	pointer operator->() const
+		{
+		if ( dict->IsOrdered() )
+			return dict->LookupEntry(*ordered_iter);
+
+		return curr;
+		}
 
 	DictIterator& operator++()
 		{
-		// The non-robust case is easy. Just advanced the current position forward until you find
+		if ( dict->IsOrdered() )
-		// one isn't empty and isn't the end.
+			++ordered_iter;
+		else
+			{
+			// The non-robust case is easy. Just advance the current position forward until you
+			// find one isn't empty and isn't the end.
 			do
 				{
 				++curr;
 				} while ( curr != end && curr->Empty() );
+			}
 
 		return *this;
 		}
@@ -293,7 +339,17 @@ public:
 		return temp;
 		}
 
-	bool operator==(const DictIterator& that) const { return curr == that.curr; }
+	bool operator==(const DictIterator& that) const
+		{
+		if ( dict != that.dict )
+			return false;
+
+		if ( dict->IsOrdered() )
+			return ordered_iter == that.ordered_iter;
+
+		return curr == that.curr;
+		}
+
 	bool operator!=(const DictIterator& that) const { return ! (*this == that); }
 
 private:
@@ -302,10 +358,21 @@ private:
 	DictIterator(const Dictionary<T>* d, detail::DictEntry<T>* begin, detail::DictEntry<T>* end)
 		: curr(begin), end(end)
 		{
+		// Cast away the constness so that the number of iterators can be modified in the
+		// dictionary. This does violate the constness guarantees of const-begin()/end() and
+		// cbegin()/cend(), but we're not modifying the actual data in the collection, just a
+		// counter in the wrapper of the collection.
+		dict = const_cast<Dictionary<T>*>(d);
+
 		// Make sure that we're starting on a non-empty element.
 		while ( curr != end && curr->Empty() )
 			++curr;
 
+		dict->IncrIters();
+		}
+
+	DictIterator(const Dictionary<T>* d, detail::DictEntryVec::iterator iter) : ordered_iter(iter)
+		{
 		// Cast away the constness so that the number of iterators can be modified in the
 		// dictionary. This does violate the constness guarantees of const-begin()/end() and
 		// cbegin()/cend(), but we're not modifying the actual data in the collection, just a
@@ -317,6 +384,7 @@ private:
 	Dictionary<T>* dict = nullptr;
 	detail::DictEntry<T>* curr = nullptr;
 	detail::DictEntry<T>* end = nullptr;
+	detail::DictEntryVec::iterator ordered_iter;
 	};
 
 template <typename T> class RobustDictIterator
@@ -473,7 +541,7 @@ public:
 			}
 
 		if ( ordering == ORDERED )
-			order = new std::vector<detail::DictEntry<T>>;
+			order = std::make_unique<std::vector<detail::HashKey>>();
 		}
 
 	~Dictionary() { Clear(); }
@@ -490,12 +558,10 @@ public:
 
 	T* Lookup(const void* key, int key_size, detail::hash_t h) const
 		{
-		// Look up possibly modifies the entry. Why? if the entry is found but not positioned
+		if ( auto e = LookupEntry(key, key_size, h) )
-		// according to the current dict (so it's before SizeUp), it will be moved to the right
+			return e->value;
-		// position so next lookup is fast.
+
-		Dictionary* d = const_cast<Dictionary*>(this);
+		return nullptr;
-		int position = d->LookupIndex(key, key_size, h);
-		return position >= 0 ? table[position].value : nullptr;
 		}
 
 	T* Lookup(const char* key) const
@@ -541,13 +607,6 @@ public:
 			if ( ! copy_key )
 				delete[](char*) key;
 
-			if ( order )
-				{ // set new v to order too.
-				auto it = std::find(order->begin(), order->end(), table[position]);
-				ASSERT(it != order->end());
-				it->value = val;
-				}
-
 			if ( iterators && ! iterators->empty() )
 				// need to set new v for iterators too.
 				for ( auto c : *iterators )
@@ -575,12 +634,15 @@ public:
 						"Dictionary::Insert() possibly caused iterator invalidation");
 				}
 
+			// Do this before the actual insertion since creating the DictEntry is going to delete
+			// the key data. We need a copy of it first.
+			if ( order )
+				order->emplace_back(detail::HashKey{key, static_cast<size_t>(key_size), hash});
+
 			// Allocate memory for key if necesary. Key is updated to reflect internal key if
 			// necessary.
 			detail::DictEntry<T> entry(key, key_size, hash, val, insert_distance, copy_key);
 			InsertRelocateAndAdjust(entry, insert_position);
-			if ( order )
-				order->push_back(entry);
 
 			num_entries++;
 			cum_entries++;
@@ -651,7 +713,16 @@ public:
 		ASSERT(num_entries >= 0);
 		// e is about to be invalid. remove it from all references.
 		if ( order )
-			order->erase(std::remove(order->begin(), order->end(), entry), order->end());
+			{
+			for ( auto it = order->begin(); it != order->end(); ++it )
+				{
+				if ( it->Equal(key, key_size, hash) )
+					{
+					it = order->erase(it);
+					break;
+					}
+				}
+			}
 
 		T* v = entry.value;
 		entry.Clear();
@@ -699,10 +770,13 @@ public:
 		{
 		if ( ! order || n < 0 || n >= Length() )
 			return nullptr;
-		detail::DictEntry<T> entry = (*order)[n];
+
-		key = entry.GetKey();
+		auto& hk = order->at(n);
-		key_size = entry.key_size;
+		auto entry = Lookup(&hk);
-		return entry.value;
+
+		key = hk.Key();
+		key_size = hk.Size();
+		return entry;
 		}
 
 	T* NthEntry(int n, const char*& key) const
@@ -731,10 +805,8 @@ public:
 			}
 
 		if ( order )
-			{
+			order.reset();
-			delete order;
+
-			order = nullptr;
-			}
 		if ( iterators )
 			{
 			delete iterators;
@@ -935,12 +1007,48 @@ public:
 	using reverse_iterator = std::reverse_iterator<iterator>;
 	using const_reverse_iterator = std::reverse_iterator<const_iterator>;
 
-	iterator begin() { return {this, table, table + Capacity()}; }
+	iterator begin()
-	iterator end() { return {this, table + Capacity(), table + Capacity()}; }
+		{
-	const_iterator begin() const { return {this, table, table + Capacity()}; }
+		if ( IsOrdered() )
-	const_iterator end() const { return {this, table + Capacity(), table + Capacity()}; }
+			return {this, order->begin()};
-	const_iterator cbegin() { return {this, table, table + Capacity()}; }
+
-	const_iterator cend() { return {this, table + Capacity(), table + Capacity()}; }
+		return {this, table, table + Capacity()};
+		}
+	iterator end()
+		{
+		if ( IsOrdered() )
+			return {this, order->end()};
+
+		return {this, table + Capacity(), table + Capacity()};
+		}
+	const_iterator begin() const
+		{
+		if ( IsOrdered() )
+			return {this, order->begin()};
+
+		return {this, table, table + Capacity()};
+		}
+	const_iterator end() const
+		{
+		if ( IsOrdered() )
+			return {this, order->end()};
+
+		return {this, table + Capacity(), table + Capacity()};
+		}
+	const_iterator cbegin()
+		{
+		if ( IsOrdered() )
+			return {this, order->begin()};
+
+		return {this, table, table + Capacity()};
+		}
+	const_iterator cend()
+		{
+		if ( IsOrdered() )
+			return {this, order->end()};
+
+		return {this, table + Capacity(), table + Capacity()};
+		}
 
 	RobustDictIterator<T> begin_robust() { return MakeRobustIterator(); }
 	RobustDictIterator<T> end_robust() { return RobustDictIterator<T>(); }
@@ -1424,6 +1532,35 @@ private:
 		                                // previous log2_buckets.
 		}
 
+	/**
+	 * Retrieves a pointer to a full DictEntry in the table based on a hash key.
+	 *
+	 * @param key the key to lookup.
+	 * @return A pointer to the entry or a nullptr if no entry has a matching key.
+	 */
+	detail::DictEntry<T>* LookupEntry(const detail::HashKey& key)
+		{
+		return LookupEntry(key.Key(), key.Size(), key.Hash());
+		}
+
+	/**
+	 * Retrieves a pointer to a full DictEntry in the table based on key data.
+	 *
+	 * @param key the key to lookup
+	 * @param key_size the size of the key data
+	 * @param h a hash of the key data.
+	 * @return A pointer to the entry or a nullptr if no entry has a matching key.
+	 */
+	detail::DictEntry<T>* LookupEntry(const void* key, int key_size, detail::hash_t h) const
+		{
+		// Look up possibly modifies the entry. Why? if the entry is found but not positioned
+		// according to the current dict (so it's before SizeUp), it will be moved to the right
+		// position so next lookup is fast.
+		Dictionary* d = const_cast<Dictionary*>(this);
+		int position = d->LookupIndex(key, key_size, h);
+		return position >= 0 ? &(table[position]) : nullptr;
+		}
+
 	bool HaveOnlyRobustIterators() const
 		{
 		return (num_iterators == 0) || ((iterators ? iterators->size() : 0) == num_iterators);
@@ -1431,6 +1568,10 @@ private:
 
 	RobustDictIterator<T> MakeRobustIterator()
 		{
+		if ( IsOrdered() )
+			reporter->InternalError(
+				"RobustIterators are not currently supported for ordered dictionaries");
+
 		if ( ! iterators )
 			iterators = new std::vector<RobustDictIterator<T>*>;
 
@@ -1439,15 +1580,17 @@ private:
 
 	detail::DictEntry<T> GetNextRobustIteration(RobustDictIterator<T>* iter)
 		{
-		// If there are any inserted entries, return them first.
+		// If there's no table in the dictionary, then the iterator needs to be
-		// That keeps the list small and helps avoiding searching
+		// cleaned up because it's not pointing at anything.
-		// a large list when deleting an entry.
 		if ( ! table )
 			{
 			iter->Complete();
 			return detail::DictEntry<T>(nullptr); // end of iteration
 			}
 
+		// If there are any inserted entries, return them first.
+		// That keeps the list small and helps avoiding searching
+		// a large list when deleting an entry.
 		if ( iter->inserted && ! iter->inserted->empty() )
 			{
 			// Return the last one. Order doesn't matter,
@@ -1457,6 +1600,7 @@ private:
 			return e;
 			}
 
+		// First iteration.
 		if ( iter->next < 0 )
 			iter->next = Next(-1);
 
@@ -1536,8 +1680,10 @@ private:
 	detail::DictEntry<T>* table = nullptr;
 	std::vector<RobustDictIterator<T>*>* iterators = nullptr;
 
-	// Order means the order of insertion. means no deletion until exit. will be inefficient.
+	// Ordered dictionaries keep the order based on some criteria, by default the order of
-	std::vector<detail::DictEntry<T>>* order = nullptr;
+	// insertion. We only store a copy of the keys here for memory savings and for safety
+	// around reallocs and such.
+	std::unique_ptr<detail::DictEntryVec> order;
 	};
 
 template <typename T> using PDict = Dictionary<T>;

src/Hash.cc

@@ -8,6 +8,7 @@
 #include <highwayhash/instruction_sets.h>
 #include <highwayhash/sip_hash.h>
 
+#include "zeek/3rdparty/doctest.h"
 #include "zeek/DebugLogger.h"
 #include "zeek/Desc.h"
 #include "zeek/Reporter.h"
@@ -184,6 +185,29 @@ HashKey::HashKey(const void* arg_key, size_t arg_size, hash_t arg_hash, bool /*
 	key = (char*)arg_key;
 	}
 
+HashKey::HashKey(const HashKey& other) : HashKey(other.key, other.size, other.hash) { }
+
+HashKey::HashKey(HashKey&& other) noexcept
+	{
+	hash = other.hash;
+	size = other.size;
+	write_size = other.write_size;
+	read_size = other.read_size;
+
+	is_our_dynamic = other.is_our_dynamic;
+	key = other.key;
+
+	other.size = 0;
+	other.is_our_dynamic = false;
+	other.key = nullptr;
+	}
+
+HashKey::~HashKey()
+	{
+	if ( is_our_dynamic )
+		delete[] reinterpret_cast<char*>(key);
+	}
+
 hash_t HashKey::Hash() const
 	{
 	if ( hash == 0 )
@@ -543,4 +567,115 @@ void HashKey::EnsureReadSpace(size_t n) const
 		                        n, size - read_size);
 	}
 
+bool HashKey::operator==(const HashKey& other) const
+	{
+	// Quick exit for the same object.
+	if ( this == &other )
+		return true;
+
+	return Equal(other.key, other.size, other.hash);
+	}
+
+bool HashKey::operator!=(const HashKey& other) const
+	{
+	// Quick exit for different objects.
+	if ( this != &other )
+		return true;
+
+	return ! Equal(other.key, other.size, other.hash);
+	}
+
+bool HashKey::Equal(const void* other_key, size_t other_size, hash_t other_hash) const
+	{
+	// If the key memory is the same just return true.
+	if ( key == other_key && size == other_size )
+		return true;
+
+	// If either key is nullptr, return false. If they were both nullptr, it
+	// would have fallen in to the above block already.
+	if ( key == nullptr || other_key == nullptr )
+		return false;
+
+	return (hash == other_hash) && (size == other_size) && (memcmp(key, other_key, size) == 0);
+	}
+
+HashKey& HashKey::operator=(const HashKey& other)
+	{
+	if ( this == &other )
+		return *this;
+
+	if ( is_our_dynamic && IsAllocated() )
+		delete[] key;
+
+	hash = other.hash;
+	size = other.size;
+	is_our_dynamic = true;
+	write_size = other.write_size;
+	read_size = other.read_size;
+
+	key = CopyKey(other.key, other.size);
+
+	return *this;
+	}
+
+HashKey& HashKey::operator=(HashKey&& other) noexcept
+	{
+	if ( this == &other )
+		return *this;
+
+	hash = other.hash;
+	size = other.size;
+	write_size = other.write_size;
+	read_size = other.read_size;
+
+	if ( is_our_dynamic && IsAllocated() )
+		delete[] key;
+
+	is_our_dynamic = other.is_our_dynamic;
+	key = other.key;
+
+	other.size = 0;
+	other.is_our_dynamic = false;
+	other.key = nullptr;
+
+	return *this;
+	}
+
+TEST_SUITE_BEGIN("Hash");
+
+TEST_CASE("equality")
+	{
+	HashKey h1(12345);
+	HashKey h2(12345);
+	HashKey h3(67890);
+
+	CHECK(h1 == h2);
+	CHECK(h1 != h3);
+	}
+
+TEST_CASE("copy assignment")
+	{
+	HashKey h1(12345);
+	HashKey h2 = h1;
+	HashKey h3{h1};
+
+	CHECK(h1 == h2);
+	CHECK(h1 == h3);
+	}
+
+TEST_CASE("move assignment")
+	{
+	HashKey h1(12345);
+	HashKey h2(12345);
+	HashKey h3(12345);
+
+	HashKey h4 = std::move(h2);
+	HashKey h5{h3};
+
+	CHECK(h1 == h4);
+	CHECK(h1 == h5);
+	}
+
+TEST_SUITE_END();
+
 	} // namespace zeek::detail

src/Hash.h

@@ -255,11 +255,14 @@ public:
 	// function from the one above; its value is not used.
 	HashKey(const void* key, size_t size, hash_t hash, bool dont_copy);
 
-	~HashKey()
+	// Copy constructor. Always copies the key.
-		{
+	HashKey(const HashKey& other);
-		if ( is_our_dynamic )
+
-			delete[](char*) key;
+	// Move constructor. Takes ownership of the key.
-		}
+	HashKey(HashKey&& other) noexcept;
+
+	// Destructor
+	~HashKey();
 
 	// Hands over the key to the caller.  This means that if the
 	// key is our dynamic, we give it to the caller and mark it
@@ -343,6 +346,17 @@ public:
 
 	void Describe(ODesc* d) const;
 
+	bool operator==(const HashKey& other) const;
+	bool operator!=(const HashKey& other) const;
+
+	bool Equal(const void* other_key, size_t other_size, hash_t other_hash) const;
+
+	// Copy operator. Always copies the key.
+	HashKey& operator=(const HashKey& other);
+
+	// Move operator. Takes ownership of the key.
+	HashKey& operator=(HashKey&& other) noexcept;
+
 protected:
 	char* CopyKey(const char* key, size_t size) const;
 

src/ID.cc

@@ -680,11 +680,6 @@ std::vector<Func*> ID::GetOptionHandlers() const
 	return v;
 	}
 
-void IDOptInfo::AddInitExpr(ExprPtr init_expr)
-	{
-	init_exprs.emplace_back(std::move(init_expr));
-	}
-
 	} // namespace detail
 
 	} // namespace zeek

src/Scope.cc

@@ -190,6 +190,20 @@ ScopePtr pop_scope()
 	return old_top;
 	}
 
+void merge_top_scope()
+	{
+	if ( scopes.size() < 2 )
+		reporter->InternalError("scope merge underflow");
+
+	auto t = pop_scope();
+
+	for ( const auto& v : t->OrderedVars() )
+		{
+		v->SetOffset(top_scope->Length());
+		top_scope->Insert(v->Name(), v);
+		}
+	}
+
 ScopePtr current_scope()
 	{
 	return top_scope;

src/Scope.h

@@ -92,6 +92,11 @@ extern void push_existing_scope(ScopePtr scope);
 
 // Returns the one popped off.
 extern ScopePtr pop_scope();
+
+// Merges the elements of the current scope with the one surrounding it,
+// popping it in the process.
+extern void merge_top_scope();
+
 extern ScopePtr current_scope();
 extern ScopePtr global_scope();
 

src/Stmt.cc

@@ -1893,7 +1893,7 @@ void WhenInfo::Build(StmtPtr ws)
 	{
 	if ( IsDeprecatedSemantics(ws) )
 		{
-		pop_scope();
+		merge_top_scope();
 		return;
 		}
 

src/Type.cc

@@ -278,6 +278,15 @@ detail::TraversalCode Type::Traverse(detail::TraversalCallback* cb) const
 	HANDLE_TC_TYPE_POST(tc);
 	}
 
+void TypeList::CheckPure()
+	{
+	if ( pure_type )
+		return;
+
+	if ( ! types.empty() && AllMatch(types[0], false) )
+		pure_type = types[0];
+	}
+
 bool TypeList::AllMatch(const Type* t, bool is_init) const
 	{
 	for ( const auto& type : types )

src/Type.h

@@ -339,6 +339,10 @@ public:
 	// is not pure or is empty.
 	const TypePtr& GetPureType() const { return pure_type; }
 
+	// Retrospectively instantiates an underlying pure type, if in
+	// fact each element has the same type.
+	void CheckPure();
+
 	// True if all of the types match t, false otherwise.  If
 	// is_init is true, then the matching is done in the context
 	// of an initialization.

src/Var.cc

@@ -17,6 +17,7 @@
 #include "zeek/Traverse.h"
 #include "zeek/Val.h"
 #include "zeek/module_util.h"
+#include "zeek/script_opt/IDOptInfo.h"
 #include "zeek/script_opt/StmtOptInfo.h"
 #include "zeek/script_opt/UsageAnalyzer.h"
 
@@ -117,12 +118,12 @@ static bool add_prototype(const IDPtr& id, Type* t, std::vector<AttrPtr>* attrs,
 	return true;
 	}
 
-static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
+static ExprPtr initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
 	{
 	if ( ! id->HasVal() )
 		{
 		if ( c == INIT_REMOVE )
-			return;
+			return nullptr;
 
 		bool no_init = ! init;
 
@@ -134,7 +135,7 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
 			auto& t = id->GetType();
 
 			if ( ! IsAggr(t) )
-				return;
+				return nullptr;
 
 			ValPtr init_val;
 
@@ -147,7 +148,7 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
 				catch ( InterpreterException& )
 					{
 					id->Error("initialization failed");
-					return;
+					return nullptr;
 					}
 				}
 
@@ -157,11 +158,11 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
 			else if ( t->Tag() == TYPE_VECTOR )
 				init_val = make_intrusive<VectorVal>(cast_intrusive<VectorType>(t));
 
-			id->SetVal(init_val);
+			init = make_intrusive<ConstExpr>(init_val);
-			return;
+			c = INIT_FULL;
 			}
 
-		if ( c == INIT_EXTRA )
+		else if ( c == INIT_EXTRA )
 			c = INIT_FULL;
 		}
 
@@ -177,19 +178,12 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init)
 		assignment = make_intrusive<RemoveFromExpr>(lhs, init);
 	else
 		// This can happen due to error propagation.
-		return;
+		return nullptr;
 
 	if ( assignment->IsError() )
-		return;
+		return nullptr;
 
-	try
+	return assignment;
-		{
-		(void)assignment->Eval(nullptr);
-		}
-	catch ( InterpreterException& )
-		{
-		id->Error("initialization failed");
-		}
 	}
 
 static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
@@ -347,11 +341,29 @@ static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init,
 
 		if ( init && ((c == INIT_EXTRA && id->GetAttr(ATTR_ADD_FUNC)) ||
 		              (c == INIT_REMOVE && id->GetAttr(ATTR_DEL_FUNC))) )
+			{
 			// Just apply the function.
 			id->SetVal(init, c);
+			id->GetOptInfo()->AddInitExpr(init, c);
+			}
 
 		else if ( dt != VAR_REDEF || init || ! attr )
-			initialize_var(id, c, init);
+			{
+			auto init_expr = initialize_var(id, c, init);
+			if ( init_expr )
+				{
+				id->GetOptInfo()->AddInitExpr(init_expr);
+
+				try
+					{
+					(void)init_expr->Eval(nullptr);
+					}
+				catch ( InterpreterException& )
+					{
+					id->Error("initialization failed");
+					}
+				}
+			}
 		}
 
 	if ( dt == VAR_CONST )

src/packet_analysis/Analyzer.cc

@@ -107,6 +107,14 @@ bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet,
 		return false;
 		}
 
+	if ( ! inner_analyzer->IsEnabled() )
+		{
+		DBG_LOG(DBG_PACKET_ANALYSIS,
+		        "Analysis in %s found disabled next layer analyzer %s for identifier %#x",
+		        GetAnalyzerName(), inner_analyzer->GetAnalyzerName(), identifier);
+		return false;
+		}
+
 	DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.",
 	        GetAnalyzerName(), identifier);
 	return inner_analyzer->AnalyzePacket(len, data, packet);

src/packet_analysis/Analyzer.h

@@ -71,6 +71,13 @@ public:
 	 */
 	bool IsAnalyzer(const char* name);
 
+	/**
+	 * Return whether this analyzer is enabled or not.
+	 *
+	 * @return true if the analyzer is enabled, else false.
+	 */
+	bool IsEnabled() const { return enabled; }
+
 	/**
 	 * Analyzes the given packet. A common case is that the analyzed protocol
 	 * encapsulates another protocol, which can be determined by an identifier
@@ -187,6 +194,7 @@ public:
 	void Weird(const char* name, Packet* packet = nullptr, const char* addl = "") const;
 
 protected:
+	friend class Component;
 	friend class Manager;
 
 	/**
@@ -207,6 +215,14 @@ protected:
 	 */
 	AnalyzerPtr LoadAnalyzer(const std::string& name);
 
+	/**
+	 * Enable or disable this analyzer. This is meant for internal use by
+	 * manager and component.
+	 *
+	 * @param value The new enabled value.
+	 */
+	void SetEnabled(bool value) { enabled = value; }
+
 	/**
 	 * Returns the module name corresponding to the analyzer, i.e. its script-land
 	 * namespace. Configuration values for the analyzer are expected in this module.
@@ -258,6 +274,7 @@ private:
 	zeek::Tag tag;
 	Dispatcher dispatcher;
 	AnalyzerPtr default_analyzer = nullptr;
+	bool enabled = true;
 
 	/**
 	 * Flag for whether to report unknown protocols in ForwardPacket.

src/packet_analysis/Component.cc

@@ -3,6 +3,7 @@
 #include "zeek/packet_analysis/Component.h"
 
 #include "zeek/Desc.h"
+#include "zeek/packet_analysis/Analyzer.h"
 #include "zeek/packet_analysis/Manager.h"
 
 using namespace zeek::packet_analysis;
@@ -21,11 +22,23 @@ void Component::Initialize()
 	packet_mgr->RegisterComponent(this, "ANALYZER_");
 	}
 
+void Component::SetEnabled(bool arg_enabled)
+	{
+	enabled = arg_enabled;
+
+	// If we already have instantiated an analyzer, update its state.
+	if ( auto analyzer = packet_mgr->GetAnalyzer(Tag().AsVal().get()) )
+		analyzer->SetEnabled(enabled);
+	}
+
 void Component::DoDescribe(ODesc* d) const
 	{
 	if ( factory )
 		{
 		d->Add("ANALYZER_");
 		d->Add(CanonicalName());
+		d->Add(", ");
 		}
+
+	d->Add(enabled ? "enabled" : "disabled");
 	}

src/packet_analysis/Component.h

@@ -36,6 +36,20 @@ public:
 	 */
 	factory_callback Factory() const { return factory; }
 
+	/**
+	 * Returns true if the analyzer is currently enabled and hence
+	 * available for use.
+	 */
+	bool Enabled() const { return enabled; }
+
+	/**
+	 * Enables or disables this analyzer.
+	 *
+	 * @param arg_enabled True to enabled, false to disable.
+	 *
+	 */
+	void SetEnabled(bool arg_enabled);
+
 protected:
 	/**
 	 * Overriden from plugin::Component.
@@ -44,6 +58,7 @@ protected:
 
 private:
 	factory_callback factory; // The analyzer's factory callback.
+	bool enabled = true; // True if the analyzer is enabled.
 	};
 
 	}

src/packet_analysis/Dispatcher.cc

@@ -52,10 +52,6 @@ void Dispatcher::Register(uint32_t identifier, AnalyzerPtr analyzer)
 		}
 
 	int64_t index = identifier - lowest_identifier;
-	if ( table[index] != nullptr )
-		reporter->InternalWarning("Overwriting packet analyzer mapping %#8" PRIx64 " => %s with %s",
-		                          index + lowest_identifier, table[index]->GetAnalyzerName(),
-		                          analyzer->GetAnalyzerName());
 	table[index] = std::move(analyzer);
 	}
 

src/packet_analysis/Manager.cc

@@ -30,8 +30,11 @@ void Manager::InitPostScript(const std::string& unprocessed_output_file)
 	for ( const auto& analyzerComponent : GetComponents() )
 		{
 		if ( AnalyzerPtr newAnalyzer = InstantiateAnalyzer(analyzerComponent->Tag()) )
+			{
+			newAnalyzer->SetEnabled(analyzerComponent->Enabled());
 			analyzers.emplace(analyzerComponent->Name(), newAnalyzer);
 			}
+		}
 
 	// Initialize all analyzers
 	for ( auto& [name, analyzer] : analyzers )
@@ -88,6 +91,22 @@ AnalyzerPtr Manager::GetAnalyzer(const std::string& name)
 	return analyzer_it->second;
 	}
 
+bool Manager::EnableAnalyzer(EnumVal* tag)
+	{
+	Component* c = Lookup(tag);
+	c->SetEnabled(true);
+
+	return true;
+	}
+
+bool Manager::DisableAnalyzer(EnumVal* tag)
+	{
+	Component* c = Lookup(tag);
+	c->SetEnabled(false);
+
+	return true;
+	}
+
 void Manager::ProcessPacket(Packet* packet)
 	{
 #ifdef DEBUG

src/packet_analysis/Manager.h

@@ -82,6 +82,46 @@ public:
 	 */
 	AnalyzerPtr GetAnalyzer(const std::string& name);
 
+	/**
+	 * Enables an analyzer type. Only enabled analyzers will participate
+	 * in packet processing.
+	 *
+	 * @param tag The analyzer's tag.
+	 *
+	 * @return True if successful.
+	 */
+	bool EnableAnalyzer(zeek::EnumVal* tag);
+
+	/**
+	 * Enables an analyzer type. Only enabled analyzers will participate
+	 * in packet processing.
+	 *
+	 * @param tag The analyzer's tag.
+	 *
+	 * @return True if successful.
+	 */
+	bool EnableAnalyzer(const zeek::Tag& tag) { return EnableAnalyzer(tag.AsVal().get()); }
+
+	/**
+	 * Disables an analyzer type. Disabled analyzers will not participate
+	 * in packet processing.
+	 *
+	 * @param tag The packet analyzer's tag.
+	 *
+	 * @return True if successful.
+	 */
+	bool DisableAnalyzer(zeek::EnumVal* tag);
+
+	/**
+	 * Disables an analyzer type. Disabled analyzers will not participate
+	 * in packet processing.
+	 *
+	 * @param tag The packet analyzer's tag.
+	 *
+	 * @return True if successful.
+	 */
+	bool DisableAnalyzer(const zeek::Tag& tag) { return DisableAnalyzer(tag.AsVal().get()); };
+
 	/**
 	 * Processes a packet by applying the configured packet analyzers.
 	 *

src/packet_analysis/packet_analysis.bif

@@ -77,3 +77,17 @@ function register_protocol_detection%(parent: PacketAnalyzer::Tag, child: Packet
 	parent_analyzer->RegisterProtocolDetection(child_analyzer);
 	return zeek::val_mgr->True();
 	%}
+
+## Internal function to disable a packet analyzer.
+function PacketAnalyzer::__disable_analyzer%(id: PacketAnalyzer::Tag%) : bool
+	%{
+	bool result = zeek::packet_mgr->DisableAnalyzer(id->AsEnumVal());
+	return zeek::val_mgr->Bool(result);
+	%}
+
+## Internal function to enable a packet analyzer.
+function PacketAnalyzer::__enable_analyzer%(id: PacketAnalyzer::Tag%) : bool
+	%{
+	bool result = zeek::packet_mgr->EnableAnalyzer(id->AsEnumVal());
+	return zeek::val_mgr->Bool(result);
+	%}

src/parse.y

@@ -102,7 +102,6 @@
 #include "zeek/zeekygen/Manager.h"
 #include "zeek/module_util.h"
 #include "zeek/IntrusivePtr.h"
-#include "zeek/script_opt/IDOptInfo.h"
 
 extern const char* filename;  // Absolute path of file currently being parsed.
 extern const char* last_filename; // Absolute path of last file parsed.
@@ -321,8 +320,6 @@ static void build_global(ID* id, Type* t, InitClass ic, Expr* e,
 
 	add_global(id_ptr, std::move(t_ptr), ic, e_ptr, std::move(attrs_ptr), dt);
 
-	id->GetOptInfo()->AddInitExpr(e_ptr);
-
 	if ( dt == VAR_REDEF )
 		zeekygen_mgr->Redef(id, ::filename, ic, std::move(e_ptr));
 	else
@@ -342,8 +339,6 @@ static StmtPtr build_local(ID* id, Type* t, InitClass ic, Expr* e,
 	auto init = add_local(std::move(id_ptr), std::move(t_ptr), ic,
 	                      e_ptr, std::move(attrs_ptr), dt);
 
-	id->GetOptInfo()->AddInitExpr(std::move(e_ptr));
-
 	if ( do_coverage )
 		script_coverage_mgr.AddStmt(init.get());
 

src/script_opt/CPP/Attrs.cc

@@ -18,7 +18,7 @@ shared_ptr<CPP_InitInfo> CPPCompile::RegisterAttributes(const AttributesPtr& att
 	if ( pa != processed_attrs.end() )
 		return pa->second;
 
-	attributes.AddKey(attrs);
+	attributes.AddKey(attrs, pfs.HashAttrs(attrs));
 
 	// The cast is just so we can make an IntrusivePtr.
 	auto a_rep = const_cast<Attributes*>(attributes.GetRep(attrs));
@@ -49,7 +49,7 @@ shared_ptr<CPP_InitInfo> CPPCompile::RegisterAttr(const AttrPtr& attr)
 
 	const auto& e = a->GetExpr();
 	if ( e && ! IsSimpleInitExpr(e) )
-		init_exprs.AddKey(e);
+		init_exprs.AddKey(e, p_hash(e));
 
 	auto gi = make_shared<AttrInfo>(this, attr);
 	attr_info->AddInstance(gi);

src/script_opt/CPP/Compile.h

@@ -1015,6 +1015,10 @@ private:
 	// Generate code to initialize indirect references to constants.
 	void InitializeConsts();
 
+	// Generate code to initialize globals (using dynamic statements
+	// rather than constants).
+	void InitializeGlobals();
+
 	// Generate the initialization hook for this set of compiled code.
 	void GenInitHook();
 

src/script_opt/CPP/Driver.cc

@@ -5,6 +5,7 @@
 #include <cerrno>
 
 #include "zeek/script_opt/CPP/Compile.h"
+#include "zeek/script_opt/IDOptInfo.h"
 
 extern std::unordered_set<std::string> files_with_conditionals;
 
@@ -310,6 +311,9 @@ void CPPCompile::RegisterCompiledBody(const string& f)
 
 void CPPCompile::GenEpilog()
 	{
+	NL();
+	InitializeGlobals();
+
 	NL();
 	for ( const auto& ii : init_infos )
 		GenInitExpr(ii.second);
@@ -449,7 +453,7 @@ void CPPCompile::GenFinishInit()
 
 	NL();
 	int max_cohort = 0;
-	for ( auto gi : all_global_info )
+	for ( const auto& gi : all_global_info )
 		max_cohort = std::max(max_cohort, gi->MaxCohort());
 
 	for ( auto c = 0; c <= max_cohort; ++c )
@@ -468,6 +472,9 @@ void CPPCompile::GenFinishInit()
 	NL();
 	Emit("load_BiFs__CPP();");
 
+	NL();
+	Emit("init_globals__CPP();");
+
 	EndBlock();
 	}
 

src/script_opt/CPP/Inits.cc

@@ -188,6 +188,50 @@ void CPPCompile::InitializeConsts()
 	EndBlock(true);
 	}
 
+void CPPCompile::InitializeGlobals()
+	{
+	Emit("static void init_globals__CPP()");
+	StartBlock();
+
+	Emit("Frame* f__CPP = nullptr;");
+	NL();
+
+	for ( const auto& ginit : IDOptInfo::GetGlobalInitExprs() )
+		{
+		auto g = ginit.Id();
+		if ( pfs.Globals().count(g) == 0 )
+			continue;
+
+		auto ic = ginit.IC();
+		auto& init = ginit.Init();
+
+		if ( ic == INIT_NONE )
+			{
+			IDPtr gid = {NewRef{}, const_cast<ID*>(g)};
+			auto gn = make_intrusive<RefExpr>(make_intrusive<NameExpr>(gid));
+			auto ae = make_intrusive<AssignExpr>(gn, init, true);
+			Emit(GenExpr(ae.get(), GEN_NATIVE, true) + ";");
+			}
+
+		else
+			{
+			// This branch occurs for += or -= initializations that
+			// use associated functions.
+			string ics;
+			if ( ic == INIT_EXTRA )
+				ics = "INIT_EXTRA";
+			else if ( ic == INIT_REMOVE )
+				ics = "INIT_REMOVE";
+			else
+				reporter->FatalError("bad initialization class in CPPCompile::InitializeGlobals()");
+
+			Emit("%s->SetValue(%s, %s);", globals[g->Name()], GenExpr(init, GEN_NATIVE, true), ics);
+			}
+		}
+
+	EndBlock();
+	}
+
 void CPPCompile::GenInitHook()
 	{
 	NL();

src/script_opt/CPP/InitsInfo.cc

@@ -339,16 +339,7 @@ GlobalInitInfo::GlobalInitInfo(CPPCompile* c, const ID* g, string _CPP_name)
 		attrs = -1;
 
 	exported = g->IsExport();
-
+	val = ValElem(c, nullptr); // empty because we initialize dynamically
-	auto v = g->GetVal();
-	if ( v && gt->Tag() == TYPE_OPAQUE )
-		{
-		reporter->Error("cannot compile to C++ global \"%s\" initialized to opaque value",
-		                g->Name());
-		v = nullptr;
-		}
-
-	val = ValElem(c, v);
 	}
 
 void GlobalInitInfo::InitializerVals(std::vector<std::string>& ivs) const
@@ -439,6 +430,9 @@ ListTypeInfo::ListTypeInfo(CPPCompile* _c, TypePtr _t)
 		if ( gi )
 			init_cohort = max(init_cohort, gi->InitCohort());
 		}
+
+	if ( ! types.empty() )
+		++init_cohort;
 	}
 
 void ListTypeInfo::AddInitializerVals(std::vector<std::string>& ivs) const

src/script_opt/CPP/README.md

@@ -173,9 +173,6 @@ as currently done, to instead be in a pseudo-event handler.
 code requires initializing a global variable that specifies extend fields in
 an extensible record (i.e., fields added using `redef`).
 
-* The compiler will not compile bodies that include "when" statements
-This is fairly involved to fix.
-
 * If a lambda generates an event that is not otherwise referred to, that
 event will not be registered upon instantiating the lambda.  This is not
 particularly difficult to fix.

src/script_opt/CPP/RuntimeInits.cc

@@ -377,6 +377,8 @@ TypePtr CPP_TypeInits::BuildTypeList(InitsManager* im, ValElemVec& init_vals, in
 	while ( iv_it != iv_end )
 		tl->Append(im->Types(*(iv_it++)));
 
+	tl->CheckPure();
+
 	return tl;
 	}
 
@@ -485,12 +487,11 @@ void CPP_GlobalInit::Generate(InitsManager* im, std::vector<void*>& /* inits_vec
 	global = lookup_global__CPP(name, im->Types(type), exported);
 
 	if ( ! global->HasVal() && val >= 0 )
-		{
 		global->SetVal(im->ConstVals(val));
+
 	if ( attrs >= 0 )
 		global->SetAttrs(im->Attributes(attrs));
 	}
-	}
 
 void generate_indices_set(int* inits, std::vector<std::vector<int>>& indices_set)
 	{

src/script_opt/CPP/RuntimeInits.h

@@ -66,12 +66,41 @@ public:
 	// Accessors for the sundry initialization vectors, each retrieving
 	// a specific element identified by an index/offset.
 	const std::vector<int>& Indices(int offset) const { return indices[offset]; }
-	const char* Strings(int offset) const { return strings[offset]; }
+	const char* Strings(int offset) const
-	const p_hash_type Hashes(int offset) const { return hashes[offset]; }
+		{
-	const TypePtr& Types(int offset) const { return types[offset]; }
+		ASSERT(offset >= 0 && offset < static_cast<int>(strings.size()));
-	const AttributesPtr& Attributes(int offset) const { return attributes[offset]; }
+		ASSERT(strings[offset]);
-	const AttrPtr& Attrs(int offset) const { return attrs[offset]; }
+		return strings[offset];
-	const CallExprPtr& CallExprs(int offset) const { return call_exprs[offset]; }
+		}
+	const p_hash_type Hashes(int offset) const
+		{
+		ASSERT(offset >= 0 && offset < static_cast<int>(hashes.size()));
+		return hashes[offset];
+		}
+	const TypePtr& Types(int offset) const
+		{
+		ASSERT(offset >= 0 && offset < static_cast<int>(types.size()));
+		ASSERT(types[offset]);
+		return types[offset];
+		}
+	const AttributesPtr& Attributes(int offset) const
+		{
+		ASSERT(offset >= 0 && offset < static_cast<int>(attributes.size()));
+		ASSERT(attributes[offset]);
+		return attributes[offset];
+		}
+	const AttrPtr& Attrs(int offset) const
+		{
+		ASSERT(offset >= 0 && offset < static_cast<int>(attrs.size()));
+		ASSERT(attrs[offset]);
+		return attrs[offset];
+		}
+	const CallExprPtr& CallExprs(int offset) const
+		{
+		ASSERT(offset >= 0 && offset < static_cast<int>(call_exprs.size()));
+		ASSERT(call_exprs[offset]);
+		return call_exprs[offset];
+		}
 
 private:
 	std::vector<CPP_ValElem>& const_vals;

src/script_opt/CPP/maint/README

@@ -15,7 +15,7 @@ The maintenance workflow:
     to check in updates to the list of how the compiler currently fares
     on various btests (see end of this doc):
 
-	Fri Sep 16 16:13:49 PDT 2022
+	Thu Sep 29 14:49:49 PDT 2022
 
 2.  Run "find-test-files.sh" to generate a list (to stdout) of all of the
     possible Zeek source files found in the test suite.
@@ -74,18 +74,11 @@ These BTests won't successfully run due to the indicated issue:
 Database Of Known Issues (keep sorted)
 
 ../testing/btest/bifs/table_values.zeek bad-constructor
-../testing/btest/core/global_opaque_val.zeek opaque
 ../testing/btest/language/alternate-event-hook-prototypes.zeek deprecated
-../testing/btest/language/global-init-calls-bif.zeek opaque
 ../testing/btest/language/redef-same-prefixtable-idx.zeek deprecated
 ../testing/btest/language/table-redef.zeek deprecated
 ../testing/btest/language/when-aggregates.zeek bad-when
 ../testing/btest/scripts/base/protocols/krb/smb2_krb.test skipped
 ../testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test skipped
 ../testing/btest/scripts/base/utils/active-http.test test-glitch
-../testing/btest/scripts/policy/frameworks/telemetry/log-prefixes.zeek opaque
-../testing/btest/scripts/policy/frameworks/telemetry/log.zeek opaque
 ../testing/btest/scripts/policy/misc/dump-events.zeek skipped
-../testing/btest/telemetry/counter.zeek opaque
-../testing/btest/telemetry/gauge.zeek opaque
-../testing/btest/telemetry/histogram.zeek opaque

src/script_opt/IDOptInfo.cc

@@ -51,6 +51,8 @@ void IDDefRegion::Dump() const
 	printf("\n");
 	}
 
+std::vector<IDInitInfo> IDOptInfo::global_init_exprs;
+
 void IDOptInfo::Clear()
 	{
 	static bool did_init = false;
@@ -69,6 +71,17 @@ void IDOptInfo::Clear()
 	tracing = trace_ID && util::streq(trace_ID, my_id->Name());
 	}
 
+void IDOptInfo::AddInitExpr(ExprPtr init_expr, InitClass ic)
+	{
+	if ( ! init_expr )
+		return;
+
+	if ( my_id->IsGlobal() )
+		global_init_exprs.emplace_back(IDInitInfo(my_id, init_expr, ic));
+
+	init_exprs.emplace_back(std::move(init_expr));
+	}
+
 void IDOptInfo::DefinedAfter(const Stmt* s, const ExprPtr& e,
                              const std::vector<const Stmt*>& conf_blocks, zeek_uint_t conf_start)
 	{

src/script_opt/IDOptInfo.h

@@ -105,6 +105,24 @@ protected:
 	ExprPtr def_expr;
 	};
 
+// Class tracking information associated with a (global) identifier's
+// (re-)initialization.
+
+class IDInitInfo
+	{
+public:
+	IDInitInfo(const ID* _id, ExprPtr _init, InitClass _ic) : id(_id), init(_init), ic(_ic) { }
+
+	const ID* Id() const { return id; }
+	const ExprPtr& Init() const { return init; }
+	InitClass IC() const { return ic; }
+
+private:
+	const ID* id;
+	ExprPtr init;
+	InitClass ic;
+	};
+
 // Class tracking optimization information associated with identifiers.
 
 class IDOptInfo
@@ -118,11 +136,19 @@ public:
 	void Clear();
 
 	// Used to track expressions employed when explicitly initializing
-	// the identifier.  These are needed by compile-to-C++ script
+	// the (global) identifier.  These are needed by compile-to-C++ script
-	// optimization.  They're not used by ZAM optimization.
+	// optimization, and for tracking variable usage.  An initialization
-	void AddInitExpr(ExprPtr init_expr);
+	// class other than INIT_NONE indicates that initialization should
+	// be done with the ExprPtr form of ID::SetVal.
+	void AddInitExpr(ExprPtr init_expr, InitClass ic = INIT_NONE);
+
+	// Returns the initialization expressions for this identifier.
 	const std::vector<ExprPtr>& GetInitExprs() const { return init_exprs; }
 
+	// Returns a list of the initialization expressions seen for all
+	// globals, ordered by when they were processed.
+	static auto& GetGlobalInitExprs() { return global_init_exprs; }
+
 	// Associated constant expression, if any.  This is only set
 	// for identifiers that are aliases for a constant (i.e., there
 	// are no other assignments to them).
@@ -224,6 +250,9 @@ private:
 	// one of the earlier instances rather than the last one.
 	std::vector<ExprPtr> init_exprs;
 
+	// Tracks initializations of globals in the order they're seen.
+	static std::vector<IDInitInfo> global_init_exprs;
+
 	// If non-nil, a constant that this identifier always holds
 	// once initially defined.
 	const ConstExpr* const_expr = nullptr;
@@ -256,8 +285,12 @@ private:
 	// Whether the identifier is a temporary variable.
 	bool is_temp = false;
 
-	// Only needed for debugging purposes.
+	// Associated identifier, to enable tracking of initialization
+	// expressions for globals (for C++ compilation), and for debugging
+	// output.
 	const ID* my_id;
+
+	// Only needed for debugging purposes.
 	bool tracing = false;
 
 	// Track whether we've already generated usage errors.

src/script_opt/ProfileFunc.cc

@@ -917,7 +917,10 @@ p_hash_type ProfileFuncs::HashAttrs(const AttributesPtr& Attrs)
 		// can vary in structure due to compilation of elements.  We
 		// do though enforce consistency for their types.
 		if ( e )
+			{
 			h = merge_p_hashes(h, HashType(e->GetType()));
+			h = merge_p_hashes(h, p_hash(e.get()));
+			}
 		}
 
 	return h;

src/script_opt/ScriptOpt.cc

@@ -412,7 +412,7 @@ static void use_CPP()
 			}
 		}
 
-	if ( num_used == 0 )
+	if ( num_used == 0 && standalone_activations.empty() )
 		reporter->FatalError("no C++ functions found to use");
 
 	// Now that we've loaded all of the compiled scripts

src/script_opt/ZAM/BuiltIn.cc

@@ -313,23 +313,23 @@ ZInstAux* ZAMCompiler::BuildCatAux(const ExprPList& args)
 
 			switch ( t->Tag() )
 				{
-			TYPE_BOOL:
+				case TYPE_BOOL:
-			TYPE_INT:
+				case TYPE_INT:
-			TYPE_COUNT:
+				case TYPE_COUNT:
-			TYPE_DOUBLE:
+				case TYPE_DOUBLE:
-			TYPE_TIME:
+				case TYPE_TIME:
-			TYPE_ENUM:
+				case TYPE_ENUM:
-			TYPE_PORT:
+				case TYPE_PORT:
-			TYPE_ADDR:
+				case TYPE_ADDR:
-			TYPE_SUBNET:
+				case TYPE_SUBNET:
 					ca = std::make_unique<FixedCatArg>(t);
 					break;
 
-			TYPE_STRING:
+				case TYPE_STRING:
 					ca = std::make_unique<StringCatArg>();
 					break;
 
-			TYPE_PATTERN:
+				case TYPE_PATTERN:
 					ca = std::make_unique<PatternCatArg>();
 					break;
 

src/script_opt/ZAM/BuiltInSupport.cc

@@ -12,41 +12,41 @@ FixedCatArg::FixedCatArg(const TypePtr& _t) : t(_t)
 	{
 	switch ( t->Tag() )
 		{
-	TYPE_BOOL:
+		case TYPE_BOOL:
 			max_size = 1;
 			break;
 
-	TYPE_INT:
+		case TYPE_INT:
 			max_size = 20; // sufficient for 64 bits
 			break;
 
-	TYPE_COUNT:
+		case TYPE_COUNT:
 			max_size = 20; // sufficient for 64 bits
 			break;
 
-	TYPE_DOUBLE:
+		case TYPE_DOUBLE:
-	TYPE_TIME:
+		case TYPE_TIME:
 			max_size = 32; // from modp_dtoa2 documentatino
 			break;
 
-	TYPE_ENUM:
+		case TYPE_ENUM:
 			{
 			size_t n = 0;
-		for ( auto e : t->AsEnumType()->Names() )
+			for ( const auto& e : t->AsEnumType()->Names() )
 				n += e.first.size();
 			max_size = n;
 			break;
 			}
 
-	TYPE_PORT:
+		case TYPE_PORT:
 			max_size = 5 + 1 + 7; // <number> + / + "unknown
 			break;
 
-	TYPE_ADDR:
+		case TYPE_ADDR:
 			max_size = 39; // for IPv6
 			break;
 
-	TYPE_SUBNET:
+		case TYPE_SUBNET:
 			max_size = 39 + 1 + 3; // for IPv6 + / + <3-digits>
 			break;
 
@@ -64,27 +64,27 @@ void FixedCatArg::RenderInto(ZVal* zframe, int slot, char*& res)
 
 	switch ( t->Tag() )
 		{
-	TYPE_BOOL:
+		case TYPE_BOOL:
 			*(res++) = z.AsInt() ? 'T' : 'F';
 			break;
 
-	TYPE_INT:
+		case TYPE_INT:
 			n = modp_litoa10(z.AsInt(), res);
 			res += n;
 			break;
 
-	TYPE_COUNT:
+		case TYPE_COUNT:
 			n = modp_ulitoa10(z.AsCount(), res);
 			res += n;
 			break;
 
-	TYPE_DOUBLE:
+		case TYPE_DOUBLE:
-	TYPE_TIME:
+		case TYPE_TIME:
 			n = modp_dtoa2(z.AsDouble(), res, 6);
 			res += n;
 			break;
 
-	TYPE_PATTERN:
+		case TYPE_PATTERN:
 			text = z.AsPattern()->AsPattern()->PatternText();
 			*(res++) = '/';
 			strcpy(res, text);
@@ -92,13 +92,13 @@ void FixedCatArg::RenderInto(ZVal* zframe, int slot, char*& res)
 			*(res++) = '/';
 			break;
 
-	TYPE_ENUM:
+		case TYPE_ENUM:
 			text = t->AsEnumType()->Lookup(z.AsInt());
 			strcpy(res, text);
 			res += strlen(text);
 			break;
 
-	TYPE_PORT:
+		case TYPE_PORT:
 			{
 			uint32_t full_p = static_cast<uint32_t>(z.AsCount());
 			zeek_uint_t p = full_p & ~PORT_SPACE_MASK;
@@ -132,13 +132,13 @@ void FixedCatArg::RenderInto(ZVal* zframe, int slot, char*& res)
 			break;
 			}
 
-	TYPE_ADDR:
+		case TYPE_ADDR:
 			str = z.AsAddr()->Get().AsString();
 			strcpy(res, str.c_str());
 			res += strlen(str.c_str());
 			break;
 
-	TYPE_SUBNET:
+		case TYPE_SUBNET:
 			str = z.AsSubNet()->Get().AsString();
 			strcpy(res, str.c_str());
 			res += strlen(str.c_str());

src/script_opt/ZAM/BuiltInSupport.h

@@ -88,7 +88,7 @@ public:
 protected:
 	size_t ComputeMaxSize(ZVal* zframe, int slot) override;
 
-	const char* text;
+	const char* text = nullptr;
 	size_t n = 0;
 	};
 

testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info-ftp/.stdout

@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+analyzer_confirmation_info, AllAnalyzers::ANALYZER_ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3
+analyzer_confirmation, AllAnalyzers::ANALYZER_ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3
+analyzer_violation_info, AllAnalyzers::ANALYZER_ANALYZER_FTP, non-numeric reply code, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3, SSH-2.0-mod_sftp/0.9.7
+analyzer_violation, AllAnalyzers::ANALYZER_ANALYZER_FTP, non-numeric reply code [SSH-2.0-mod_sftp/0.9.7], [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3

testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info/.stdout

@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+analyzer_confirmation_info, AllAnalyzers::ANALYZER_ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
+analyzer_confirmation, AllAnalyzers::ANALYZER_ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
+analyzer_violation_info, AllAnalyzers::ANALYZER_ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3
+analyzer_violation, AllAnalyzers::ANALYZER_ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3

testing/btest/Baseline.zam/core.file-analyzer-violation/.stdout

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+AllAnalyzers::FILES_ANALYZER_PE, Binpac exception: binpac exception: &enforce violation : DOS_Header:AddressOfNewExeHeader, FKPuH630Tmj6UQUMP7, {\x0aPE\x0a}

testing/btest/Baseline.zam/core.file-analyzer-violation/files.log

@@ -0,0 +1,10 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	files
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	fuid	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid
+#types	time	string	string	addr	port	addr	port	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string
+XXXXXXXXXX.XXXXXX	FKPuH630Tmj6UQUMP7	-	-	-	-	-	./myfile.exe	0	PE	application/x-dosexec	-	0.000000	-	-	64	-	0	0	F	-

testing/btest/Baseline.zam/language.vector-deprecated/.stderr

@@ -1,7 +1,7 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-warning in <...>/vector-deprecated.zeek, line 18: mixing vector and scalar operands is deprecated (vector) (string)
+warning in <...>/vector-deprecated.zeek, line 19: mixing vector and scalar operands is deprecated (vector) (string)
-warning in <...>/vector-deprecated.zeek, line 21: mixing vector and scalar operands is deprecated (string) (vector)
+warning in <...>/vector-deprecated.zeek, line 22: mixing vector and scalar operands is deprecated (string) (vector)
-warning in <...>/vector-deprecated.zeek, line 24: mixing vector and scalar operands is deprecated (string) (vector)
+warning in <...>/vector-deprecated.zeek, line 25: mixing vector and scalar operands is deprecated (string) (vector)
 error: deprecated mixed vector/scalar operation not supported for ZAM compiling
 error: deprecated mixed vector/scalar operation not supported for ZAM compiling
 error: deprecated mixed vector/scalar operation not supported for ZAM compiling

testing/btest/Baseline.zam/plugins.file/output

@@ -0,0 +1,21 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+Demo::Foo - A Foo test analyzer (dynamic, version 1.0.0)
+    [File Analyzer] Foo (ANALYZER_FOO, enabled)
+    [Event] foo_piece
+
+===
+analyzer_confirmation_info, AllAnalyzers::FILES_ANALYZER_FOO, FCceqBvpMfirSN0Ri
+foo_piece, FCceqBvpMfirSN0Ri, The National Center 
+foo_piece, FCceqBvpMfirSN0Ri, net, consult your lo
+foo_piece, FCceqBvpMfirSN0Ri, most everything else
+foo_piece, FCceqBvpMfirSN0Ri, low:\x0a\x0a   /Mac       
+foo_piece, FCceqBvpMfirSN0Ri, es and directories o
+analyzer_violation_info, AllAnalyzers::FILES_ANALYZER_FOO, FCceqBvpMfirSN0Ri, test violation 5, es and directori
+foo_piece, FCceqBvpMfirSN0Ri, r example, here is a
+foo_piece, FCceqBvpMfirSN0Ri, application, StuffIt
+foo_piece, FCceqBvpMfirSN0Ri, tion BinHex by doubl
+foo_piece, FCceqBvpMfirSN0Ri, laced, or are going 
+foo_piece, FCceqBvpMfirSN0Ri, sers several documen
+analyzer_violation_info, AllAnalyzers::FILES_ANALYZER_FOO, FCceqBvpMfirSN0Ri, test violation 10, sers several doc
+foo_piece, FCceqBvpMfirSN0Ri, er or can be printed
+foo_piece, FCceqBvpMfirSN0Ri,  \x0a\x0aBug reports shoul

testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log

@@ -27,6 +27,7 @@ scripts/base/init-bare.zeek
       scripts/base/frameworks/analyzer/main.zeek
         scripts/base/frameworks/packet-filter/utils.zeek
         build/scripts/base/bif/analyzer.bif.zeek
+        build/scripts/base/bif/file_analysis.bif.zeek
     scripts/base/packet-protocols/root/__load__.zeek
       scripts/base/packet-protocols/root/main.zeek
     scripts/base/packet-protocols/ip/__load__.zeek
@@ -115,7 +116,6 @@ scripts/base/init-frameworks-and-bifs.zeek
     scripts/base/frameworks/analyzer/dpd.zeek
   scripts/base/frameworks/files/__load__.zeek
     scripts/base/frameworks/files/main.zeek
-      build/scripts/base/bif/file_analysis.bif.zeek
       scripts/base/utils/site.zeek
         scripts/base/utils/patterns.zeek
     scripts/base/frameworks/files/magic/__load__.zeek

testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log

@@ -27,6 +27,7 @@ scripts/base/init-bare.zeek
       scripts/base/frameworks/analyzer/main.zeek
         scripts/base/frameworks/packet-filter/utils.zeek
         build/scripts/base/bif/analyzer.bif.zeek
+        build/scripts/base/bif/file_analysis.bif.zeek
     scripts/base/packet-protocols/root/__load__.zeek
       scripts/base/packet-protocols/root/main.zeek
     scripts/base/packet-protocols/ip/__load__.zeek
@@ -115,7 +116,6 @@ scripts/base/init-frameworks-and-bifs.zeek
     scripts/base/frameworks/analyzer/dpd.zeek
   scripts/base/frameworks/files/__load__.zeek
     scripts/base/frameworks/files/main.zeek
-      build/scripts/base/bif/file_analysis.bif.zeek
       scripts/base/utils/site.zeek
         scripts/base/utils/patterns.zeek
     scripts/base/frameworks/files/magic/__load__.zeek

testing/btest/Baseline/plugins.hooks/output

@@ -1,5 +1,5 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
-0.000000   MetaHookPost  CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::__disable_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 4011/udp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp)) -> <no result>
@@ -59,7 +59,7 @@
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_XMPP, 5222/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_XMPP, 5269/tcp)) -> <no result>
-0.000000   MetaHookPost  CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS)) -> <no result>
+0.000000   MetaHookPost  CallFunction(Analyzer::disable_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 4011/udp)) -> <no result>
 0.000000   MetaHookPost  CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp)) -> <no result>
@@ -716,6 +716,8 @@
 0.000000   MetaHookPost  CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> <no result>
 0.000000   MetaHookPost  CallFunction(global_options, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(gsub, ..., ...) -> <no result>
+0.000000   MetaHookPost  CallFunction(is_file_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
+0.000000   MetaHookPost  CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> <no result>
 0.000000   MetaHookPost  CallFunction(lstrip, ..., ...) -> <no result>
 0.000000   MetaHookPost  CallFunction(network_time, <frame>, ()) -> <no result>
 0.000000   MetaHookPost  CallFunction(port_to_count, <frame>, (2123/udp)) -> <no result>
@@ -1512,7 +1514,7 @@
 0.000000   MetaHookPost  QueueEvent(NetControl::init()) -> false
 0.000000   MetaHookPost  QueueEvent(filter_change_tracking()) -> false
 0.000000   MetaHookPost  QueueEvent(zeek_init()) -> false
-0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS))
+0.000000   MetaHookPre   CallFunction(Analyzer::__disable_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DCE_RPC, 135/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 4011/udp))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp))
@@ -1572,7 +1574,7 @@
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_SYSLOG, 514/udp))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_XMPP, 5222/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::__register_for_port, <frame>, (Analyzer::ANALYZER_XMPP, 5269/tcp))
-0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, <frame>, (Analyzer::ANALYZER_TCPSTATS))
+0.000000   MetaHookPre   CallFunction(Analyzer::disable_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DCE_RPC, 135/tcp))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 4011/udp))
 0.000000   MetaHookPre   CallFunction(Analyzer::register_for_port, <frame>, (Analyzer::ANALYZER_DHCP, 67/udp))
@@ -2229,6 +2231,8 @@
 0.000000   MetaHookPre   CallFunction(getenv, <null>, (ZEEK_DEFAULT_LISTEN_ADDRESS))
 0.000000   MetaHookPre   CallFunction(global_options, <frame>, ())
 0.000000   MetaHookPre   CallFunction(gsub, ..., ...)
+0.000000   MetaHookPre   CallFunction(is_file_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
+0.000000   MetaHookPre   CallFunction(is_packet_analyzer, <frame>, (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS))
 0.000000   MetaHookPre   CallFunction(lstrip, ..., ...)
 0.000000   MetaHookPre   CallFunction(network_time, <frame>, ())
 0.000000   MetaHookPre   CallFunction(port_to_count, <frame>, (2123/udp))
@@ -3025,7 +3029,7 @@
 0.000000   MetaHookPre   QueueEvent(NetControl::init())
 0.000000   MetaHookPre   QueueEvent(filter_change_tracking())
 0.000000   MetaHookPre   QueueEvent(zeek_init())
-0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_TCPSTATS)
+0.000000 | HookCallFunction Analyzer::__disable_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 67/udp)
@@ -3085,7 +3089,7 @@
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SYSLOG, 514/udp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5222/tcp)
 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5269/tcp)
-0.000000 | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_TCPSTATS)
+0.000000 | HookCallFunction Analyzer::disable_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp)
 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 67/udp)
@@ -3741,6 +3745,8 @@
 0.000000 | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS)
 0.000000 | HookCallFunction global_options()
 0.000000 | HookCallFunction gsub(...)
+0.000000 | HookCallFunction is_file_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
+0.000000 | HookCallFunction is_packet_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)
 0.000000 | HookCallFunction lstrip(...)
 0.000000 | HookCallFunction network_time()
 0.000000 | HookCallFunction port_to_count(2123/udp)

testing/btest/Baseline/plugins.packet-protocol/output_build

@@ -1,7 +1,7 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 PacketDemo::Bar - Demo packet analyzers (RawLayer, LLC). (dynamic, version 1.0.0)
-    [Packet Analyzer] LLC_Demo (ANALYZER_LLC_DEMO)
+    [Packet Analyzer] LLC_Demo (ANALYZER_LLC_DEMO, enabled)
-    [Packet Analyzer] Raw_Layer (ANALYZER_RAW_LAYER)
+    [Packet Analyzer] Raw_Layer (ANALYZER_RAW_LAYER, enabled)
     [Event] raw_layer_message
     [Event] llc_demo_message
 

testing/btest/Baseline/scripts.base.frameworks.analyzer.disabled-packet-analyzers/output

@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+packet, 1
+packet, 2
+packet, 3
+packet, 4
+packet, 5
+packet, 6
+packet, 7
+packet, 8
+packet, 9
+packet, 10

testing/btest/Baseline/scripts.base.frameworks.analyzer.toggle-packet-analyzers/output

@@ -0,0 +1,17 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+packet, 1
+packet, 2
+vxlan_packet, C4J4Th3PJpwUYZZ6gc, inner, [hl=20, tos=0, len=84, id=12111, ttl=64, p=1, src=10.0.0.1, dst=10.0.0.2]
+packet, 3
+vxlan_packet, CtPZjS20MLrsMUOJi2, inner, [hl=20, tos=0, len=84, id=36913, ttl=64, p=1, src=10.0.0.2, dst=10.0.0.1]
+packet, 4
+Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_VXLAN), T
+packet, 5
+packet, 6
+packet, 7
+packet, 8
+Analyzer::enable_analyzer(PacketAnalyzer::ANALYZER_VXLAN), T
+vxlan_packet, C4J4Th3PJpwUYZZ6gc, inner, [hl=20, tos=0, len=84, id=12684, ttl=64, p=1, src=10.0.0.1, dst=10.0.0.2]
+packet, 9
+vxlan_packet, CtPZjS20MLrsMUOJi2, inner, [hl=20, tos=0, len=84, id=37295, ttl=64, p=1, src=10.0.0.2, dst=10.0.0.1]
+packet, 10

testing/btest/Baseline/scripts.base.protocols.http.http-no-crlf/weird.log

@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	10.1.6.206	49783	5.2.136.90	80	line_terminated_without_CRLF	-	F	zeek	CONTENTLINE
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.http.missing-http-entity/http.log

@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	http
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	version	user_agent	origin	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	tags	username	password	proxied	orig_fuids	orig_filenames	orig_mime_types	resp_fuids	resp_filenames	resp_mime_types
+#types	time	string	addr	port	addr	port	count	string	string	string	string	string	string	string	count	count	count	string	count	string	set[enum]	string	string	set[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]	vector[string]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	35474	127.0.0.1	8080	1	POST	interleave.me	/	-	1.1	-	-	10	3	200	OK	-	-	(empty)	-	-	-	FtWn3S3nVYQ9iA3uu8	-	text/plain	F2bxt6qiQGYTYxTgg	-	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/Baseline/scripts.base.protocols.http.missing-http-entity/weird.log

@@ -0,0 +1,11 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	weird
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer	source
+#types	time	string	addr	port	addr	port	string	string	bool	string	string
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	127.0.0.1	35474	127.0.0.1	8080	missing_HTTP_entity	-	F	zeek	HTTP
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test

@@ -3,6 +3,10 @@
 
 @load base/protocols/ssl
 
+redef SSL::ct_logs += {
+["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"),
+};
+
 event zeek_init()
 	{
 	Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response");

testing/btest/scripts/base/frameworks/analyzer/disabled-file-analyzers.zeek

@@ -0,0 +1,20 @@
+# @TEST-DOC: Add the PE analyzer to Analyzer::disabled_analyzers and ensure no pe.log is created.
+
+# First, cross-check that pe.log is indeed generated.
+# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT
+# @TEST-EXEC: test -f pe.log
+# @TEST-EXEC: rm *log
+
+# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT 'Analyzer::disabled_analyzers += { Files::ANALYZER_PE }'
+# @TEST-EXEC: test ! -f pe.log
+# @TEST-EXEC: test -f conn.log
+# @TEST-EXEC: rm *log
+
+# Finally, explicitly enable the analyzer via Analyzer::enable_analyzer() during zeek_init() and expect pe.log to be generated.
+# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT 'Analyzer::disabled_analyzers += { Files::ANALYZER_PE }' -e 'event zeek_init() { Analyzer::enable_analyzer(Files::ANALYZER_PE); }'
+# @TEST-EXEC: test -f pe.log
+# @TEST-EXEC: test -f conn.log
+
+@load base/protocols/conn
+@load base/protocols/ftp
+@load base/files/pe

testing/btest/scripts/base/frameworks/analyzer/disabled-packet-analyzers.zeek

@@ -0,0 +1,21 @@
+# @TEST-DOC: Add a packet analyzer to Analyzer::disabled_analyzers and ensure it does not generate events (vxlan in this case).
+# @TEST-EXEC: zeek -b -r $TRACES/tunnels/vxlan.pcap %INPUT > output
+# @TEST-EXEC: btest-diff output
+#
+
+# Removing this line triggers vxlan events from all but the first two packets.
+redef Analyzer::disabled_analyzers += { PacketAnalyzer::ANALYZER_VXLAN };
+
+global all_packets = 0;
+
+event raw_packet(hdr: raw_pkt_hdr)
+	{
+	++all_packets;
+	print "packet", all_packets;
+	}
+
+# Should never run.
+event vxlan_packet(outer: connection, inner: pkt_hdr, vni: count)
+	{
+	print "vxlan_packet", outer$uid, "inner", inner$ip;
+	}

testing/btest/scripts/base/frameworks/analyzer/toggle-packet-analyzers.zeek

@@ -0,0 +1,30 @@
+# @TEST-DOC: Use Analyzer::disable_analyzer() and Analyzer::enable_analyzer() to disable the VXLAN packet analyzers at runtime based on total raw packet count.
+# @TEST-EXEC: zeek -b -r $TRACES/tunnels/vxlan.pcap %INPUT > output
+# @TEST-EXEC: btest-diff output
+#
+
+global all_packets = 0;
+
+event raw_packet(hdr: raw_pkt_hdr)
+	{
+	++all_packets;
+	print "packet", all_packets;
+
+	if ( all_packets == 4 )
+		{
+		local er = Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_VXLAN);
+		print "Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_VXLAN)", er;
+		}
+	# Packets 5 to 8 don't produce vxlan_packet events.
+
+	if ( all_packets == 8 )
+		{
+		local dr = Analyzer::enable_analyzer(PacketAnalyzer::ANALYZER_VXLAN);
+		print "Analyzer::enable_analyzer(PacketAnalyzer::ANALYZER_VXLAN)", dr;
+		}
+	}
+
+event vxlan_packet(outer: connection, inner: pkt_hdr, vni: count)
+	{
+	print "vxlan_packet", outer$uid, "inner", inner$ip;
+	}

testing/btest/scripts/base/protocols/http/http-no-crlf.zeek

@@ -3,7 +3,7 @@
 # @TEST-EXEC: zeek -b -r $TRACES/http/no_crlf.pcap %INPUT
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff http.log
-# @TEST-EXEC: test ! -f weird.log
+# @TEST-EXEC: btest-diff weird.log
 
 @load base/protocols/conn
 @load base/protocols/http

testing/btest/scripts/base/protocols/http/missing-http-entity.zeek

@@ -0,0 +1,7 @@
+# @TEST-DOC: The server starts sending a response while the client is still uploading the POST payload. This causes http_header to be raised while no entity is set.
+# @TEST-EXEC: zeek -b -r $TRACES/http/interleaved-http-entity.pcap %INPUT
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff weird.log
+
+@load base/protocols/http
+@load base/frameworks/notice/weird

testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test

@@ -11,6 +11,11 @@
 # @TEST-EXEC: btest-diff .stdout
 # @TEST-EXEC: test ! -f dpd.log
 
+redef SSL::ct_logs += {
+["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"),
+["\xdd\xeb\x1d\x2b\x7a\x0d\x4f\xa6\x20\x8b\x81\xad\x81\x68\x70\x7e\x2e\x8e\x9d\x01\xd5\x5c\x88\x8d\x3d\x11\xc4\xcd\xb6\xec\xbe\xcc"] = SSL::CTInfo($description="Symantec log", $operator="DigiCert", $url="ct.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x96\xea\xac\x1c\x46\x0c\x1b\x55\xdc\x0d\xfc\xb5\x94\x27\x46\x57\x42\x70\x3a\x69\x18\xe2\xbf\x3b\xc4\xdb\xab\xa0\xf4\xb6\x6c\xc0\x53\x3f\x4d\x42\x10\x33\xf0\x58\x97\x8f\x6b\xbe\x72\xf4\x2a\xec\x1c\x42\xaa\x03\x2f\x1a\x7e\x28\x35\x76\x99\x08\x3d\x21\x14\x86"),
+};
+
 export {
 	type LogInfo: record {
 		version: count;

testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek

@@ -9,6 +9,8 @@
 
 redef SSL::ct_logs += {
 ["\x03\x01\x9d\xf3\xfd\x85\xa6\x9a\x8e\xbd\x1f\xac\xc6\xda\x9b\xa7\x3e\x46\x97\x74\xfe\x77\xf5\x79\xfc\x5a\x08\xb8\x32\x8c\x1d\x6b"] = SSL::CTInfo($description="Venafi Gen2 CT log", $operator="Venafi", $url="ctlog-gen2.api.venafi.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8e\x27\x27\x7a\xb6\x55\x09\x74\xeb\x6c\x4b\x94\x84\x65\xbc\xe4\x15\xf1\xea\x5a\xd8\x7c\x0e\x37\xce\xba\x3f\x6c\x09\xda\xe7\x29\x96\xd3\x45\x50\x6f\xde\x1e\xb4\x1c\xd2\x83\x88\xff\x29\x2f\xce\xa9\xff\xdf\x34\xde\x75\x0f\xc0\xcc\x18\x0d\x94\x2e\xfc\x37\x01"),
+["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"),
+["\xac\x3b\x9a\xed\x7f\xa9\x67\x47\x57\x15\x9e\x6d\x7d\x57\x56\x72\xf9\xd9\x81\x00\x94\x1e\x9b\xde\xff\xec\xa1\x31\x3b\x75\x78\x2d"] = SSL::CTInfo($description="Venafi log", $operator="Venafi", $url="ctlog.api.venafi.com/", $maximum_merge_delay=86400, $key="\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa2\x5a\x48\x1f\x17\x52\x95\x35\xcb\xa3\x5b\x3a\x1f\x53\x82\x76\x94\xa3\xff\x80\xf2\x1c\x37\x3c\xc0\xb1\xbd\xc1\x59\x8b\xab\x2d\x65\x93\xd7\xf3\xe0\x04\xd5\x9a\x6f\xbf\xd6\x23\x76\x36\x4f\x23\x99\xcb\x54\x28\xad\x8c\x15\x4b\x65\x59\x76\x41\x4a\x9c\xa6\xf7\xb3\x3b\x7e\xb1\xa5\x49\xa4\x17\x51\x6c\x80\xdc\x2a\x90\x50\x4b\x88\x24\xe9\xa5\x12\x32\x93\x04\x48\x90\x02\xfa\x5f\x0e\x30\x87\x8e\x55\x76\x05\xee\x2a\x4c\xce\xa3\x6a\x69\x09\x6e\x25\xad\x82\x76\x0f\x84\x92\xfa\x38\xd6\x86\x4e\x24\x8f\x9b\xb0\x72\xcb\x9e\xe2\x6b\x3f\xe1\x6d\xc9\x25\x75\x23\x88\xa1\x18\x58\x06\x23\x33\x78\xda\x00\xd0\x38\x91\x67\xd2\xa6\x7d\x27\x97\x67\x5a\xc1\xf3\x2f\x17\xe6\xea\xd2\x5b\xe8\x81\xcd\xfd\x92\x68\xe7\xf3\x06\xf0\xe9\x72\x84\xee\x01\xa5\xb1\xd8\x33\xda\xce\x83\xa5\xdb\xc7\xcf\xd6\x16\x7e\x90\x75\x18\xbf\x16\xdc\x32\x3b\x6d\x8d\xab\x82\x17\x1f\x89\x20\x8d\x1d\x9a\xe6\x4d\x23\x08\xdf\x78\x6f\xc6\x05\xbf\x5f\xae\x94\x97\xdb\x5f\x64\xd4\xee\x16\x8b\xa3\x84\x6c\x71\x2b\xf1\xab\x7f\x5d\x0d\x32\xee\x04\xe2\x90\xec\x41\x9f\xfb\x39\xc1\x02\x03\x01\x00\x01"),
 };
 
 module SSL;
@@ -19,7 +21,12 @@ event ssl_established(c: connection)
 	for ( i in c$ssl$ct_proofs )
 		{
 		local proof = c$ssl$ct_proofs[i];
+		if ( proof$logid !in SSL::ct_logs )
+			print "Logid unknown: ", proof$logid;
+		else
+			{
 			local log = SSL::ct_logs[proof$logid];
 			print log$description, proof$valid;
 			}
 		}
+	}