Merge remote-tracking branch 'origin/topic/robin/log-threads' into topic/bernhard/input-threads

(and move a little bit of functionality from ascii reader to backend)

Conflicts:
	src/threading/Manager.cc

aux/broccoli

@@ -1 +1 @@
-Subproject commit 930e7c78221929849086a578308e2fdc99ac3fb8
+Subproject commit d6e36c95e0335f7cc081191c8612085bd12706f9

scripts/base/init-bare.bro

@@ -2159,26 +2159,6 @@ const forward_remote_state_changes = F &redef;
 ## Place-holder constant indicating "no peer".
 const PEER_ID_NONE = 0;
 
-## Deprecated.
-## 
-## .. todo:: The connection compressor is scheduled to be removed from Bro.
-const use_connection_compressor = F &redef;
-
-## Deprecated.
-## 
-## .. todo:: The connection compressor is scheduled to be removed from Bro.
-const cc_handle_resets = F &redef;
-
-## Deprecated.
-## 
-## .. todo:: The connection compressor is scheduled to be removed from Bro.
-const cc_handle_only_syns = T &redef;
-
-## Deprecated.
-## 
-## .. todo:: The connection compressor is scheduled to be removed from Bro.
-const cc_instantiate_on_data = F &redef;
-
 # Signature payload pattern types.
 # todo::use enum to help autodoc
 # todo::Still used?

src/Anon.cc

@@ -154,7 +154,7 @@ void AnonymizeIPAddr_A50::init()
 int AnonymizeIPAddr_A50::PreservePrefix(ipaddr32_t input, int num_bits)
 	{
 	DEBUG_MSG("%s/%d\n",
-			IPAddr(IPAddr::IPv4, &input, IPAddr::Network).AsString().c_str(),
+			IPAddr(IPv4, &input, IPAddr::Network).AsString().c_str(),
 			num_bits);
 
 	if ( ! before_anonymization )

src/CMakeLists.txt

@@ -291,7 +291,6 @@ set(bro_SRCS
     ChunkedIO.cc
     CompHash.cc
     Conn.cc
-    ConnCompressor.cc
     ConnSizeAnalyzer.cc
     ContentLine.cc
     DCE_RPC.cc

src/CompHash.cc

@@ -709,7 +709,7 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0,
 		const uint32* const kp = AlignType<uint32>(kp0);
 		kp1 = reinterpret_cast<const char*>(kp+4);
 
-		IPAddr addr(IPAddr::IPv6, kp, IPAddr::Network);
+		IPAddr addr(IPv6, kp, IPAddr::Network);
 
 		switch ( tag ) {
 		case TYPE_ADDR:

src/Conn.h

@@ -239,30 +239,6 @@ public:
 	// Sets the transport protocol in use.
 	void SetTransport(TransportProto arg_proto)	{ proto = arg_proto; }
 
-	// If the connection compressor is activated, we need a special memory
-	// layout for connections. (See ConnCompressor.h)
-	void* operator new(size_t size)
-		{
-		if ( ! use_connection_compressor )
-			return ::operator new(size);
-
-		void* c = ::operator new(size + 4);
-
-		// We have to turn off the is_pending bit.  By setting the
-		// first four bytes to zero, we'll achieve this.
-		*((uint32*) c) = 0;
-
-		return ((char *) c) + 4;
-		}
-
-	void operator delete(void* ptr)
-		{
-		if ( ! use_connection_compressor )
-			::operator delete(ptr);
-		else
-			::operator delete(((char*) ptr) - 4);
-		}
-
 	void SetUID(uint64 arg_uid)	 { uid = arg_uid; }
 
 protected:

src/ConnCompressor.h

@@ -1,240 +0,0 @@
-// The ConnCompressor keeps track of the first packet seen for a conn_id using
-// only a minimal amount of memory. This helps us to avoid instantiating
-// full Connection objects for never-established sessions.
-//
-// TCP only.
-
-#ifndef CONNCOMPRESSOR_H
-#define CONNCOMPRESSOR_H
-
-#include "Conn.h"
-#include "Dict.h"
-#include "NetVar.h"
-#include "TCP.h"
-
-class ConnCompressor {
-public:
-	ConnCompressor();
-	~ConnCompressor();
-
-	// Handle next packet.  Returns 0 if packet in handled internally.
-	// Takes ownership of key.
-	Connection* NextPacket(double t, HashKey* k, const IP_Hdr* ip_hdr,
-			const struct pcap_pkthdr* hdr, const u_char* const pkt);
-
-	// Look up a connection.  Returns non-nil for connections for
-	// which a Connection object has already been instantiated.
-	Connection* Lookup(HashKey* k)
-		{
-		ConnData* c = conns.Lookup(k);
-		return c && IsConnPtr(c) ? MakeConnPtr(c) : 0;
-		}
-
-	// Inserts connection into compressor.  If another entry with this key
-	// already exists, it's replaced.  If that was a full connection, it is
-	// also returned.
-	Connection* Insert(Connection* c);
-
-	// Remove all state belonging to the given connection.  Returns
-	// true if the connection was found in the compressor's table,
-	// false if not.
-	bool Remove(HashKey* k);
-
-	// Flush state.
-	void Drain();
-
-	struct Sizes {
-		// Current number of already fully instantiated connections.
-		unsigned int connections;
-
-		// Total number of fully instantiated connections.
-		unsigned int connections_total;
-
-		// Current number of seen but non-yet instantiated connections.
-		unsigned int pending_valid;
-
-		// Total number of seen but non-yet instantiated connections.
-		unsigned int pending_total;
-
-		// Total number of all entries in pending list (some a which
-		// may already been invalid, but not yet removed from memory).
-		unsigned int pending_in_mem;
-
-		// Total number of hash table entires
-		// (should equal connections + pending_valid)
-		unsigned int hash_table_size;
-
-		// Total memory usage;
-		unsigned int memory;
-	};
-
-	const Sizes& Size()
-		{ sizes.hash_table_size = conns.Length(); return sizes; }
-
-	unsigned int MemoryAllocation() const	{ return sizes.memory; }
-
-	// As long as we have only seen packets from one side, we just
-	// store a PendingConn.
-	struct PendingConn {
-		// True if the block is indeed a PendingConn (see below).
-		unsigned int is_pending:1;
-
-		// Whether roles in key are flipped.
-		unsigned int ip1_is_src:1;
-
-		unsigned int invalid:1;	// deleted
-		int window_scale:4;
-		unsigned int SYN:1;
-		unsigned int FIN:1;
-		unsigned int RST:1;
-		unsigned int ACK:1;
-
-		double time;
-		struct Key {
-			uint32 ip1[4];
-			uint32 ip2[4];
-			uint16 port1;
-			uint16 port2;
-		} key;
-		uint32 seq;
-		uint32 ack;
-		hash_t hash;
-		uint16 window;
-		uint64 uid;
-
-		// The following are set if use_conn_size_analyzer is T.
-		uint16 num_pkts;
-		uint16 num_bytes_ip;
-	};
-
-private:
-	// Helpers to extract addrs/ports from PendingConn.
-
-	const uint32* SrcAddr(const PendingConn* c)
-		{ return c->ip1_is_src ? c->key.ip1 : c->key.ip2; }
-	const uint32* DstAddr(const PendingConn* c)
-		{ return c->ip1_is_src ? c->key.ip2 : c->key.ip1; }
-
-	uint16 SrcPort(const PendingConn* c)
-		{ return c->ip1_is_src ? c->key.port1 : c->key.port2; }
-	uint16 DstPort(const PendingConn* c)
-		{ return c->ip1_is_src ? c->key.port2 : c->key.port1; }
-
-
-	// Called for the first packet in a connection.
-	Connection* FirstFromOrig(double t, HashKey* key,
-					const IP_Hdr* ip, const tcphdr* tp);
-
-	// Called for more packets from the orginator w/o seeing a response.
-	Connection* NextFromOrig(PendingConn* pending, double t, HashKey* key,
-					const IP_Hdr* ip, const tcphdr* tp);
-
-	// Called for the first response packet. Instantiates a Connection.
-	Connection* Response(PendingConn* pending, double t, HashKey* key,
-					const IP_Hdr* ip, const tcphdr* tp);
-
-	// Instantiates a full TCP connection (invalidates pending connection).
-	Connection* Instantiate(HashKey* key, PendingConn* pending);
-
-	// Same but based on packet.
-	Connection* Instantiate(double t, HashKey* key, const IP_Hdr* ip);
-
-	// Fills the attributes of a PendingConn based on the given arguments.
-	void PktHdrToPendingConn(double time, const HashKey* key,
-		const IP_Hdr* ip, const struct tcphdr* tp, PendingConn* c);
-
-	// Fakes a TCP packet based on the available information.
-	const IP_Hdr* PendingConnToPacket(const PendingConn* c);
-
-	// Construct a TCP-flags byte.
-	uint8 MakeFlags(const PendingConn* c) const;
-
-	// Allocate room for a new (Ext)PendingConn.
-	PendingConn* MakeNewState(double t);
-
-	// Expire PendingConns.
-	void DoExpire(double t);
-
-	// Remove all state belonging to the given connection.
-	void Invalidate(HashKey* k);
-
-	// Sends the given connection_* event.  If orig_state is
-	// TCP_ENDPOINT__INACTIVE, tries to guess a better one based
-	// on pending.  If arg in non-nil, it will be used as the
-	// *first* argument of the event call (this is for conn_weird()).
-	void Event(const PendingConn* pending, double t,
-			const EventHandlerPtr& event, int orig_state,
-			int orig_size, int resp_state, Val* arg = 0);
-
-	void Weird(const PendingConn* pending, double t, const char* msg)
-		{
-		// This will actually go through the Reporter; Event() takes
-		// care of that.
-		Event(pending, t, conn_weird, TCP_ENDPOINT_INACTIVE, 0,
-		      TCP_ENDPOINT_INACTIVE, new StringVal(msg));
-		}
-
-	static const int BLOCK_SIZE = 16 * 1024;
-
-	// The memory managment for PendConns.
-	struct Block {
-		double time;
-		Block* prev;
-		Block* next;
-		int bytes_used;
-		unsigned char data[BLOCK_SIZE];
-	};
-
-	// In the connection hash table, we store pointers to both PendingConns
-	// and Connections. Thus, we need a way to differentiate between
-	// these two types. To avoid an additional indirection, we use a little
-	// hack: a pointer retrieved from the table is interpreted as a
-	// PendingConn first. However, if is_pending is false, it's in fact a
-	// Connection which starts at offset 4. The methods below help to
-	// implement this scheme transparently. An "operator new" in
-	// Connection takes care of building Connection's accordingly.
-	typedef PendingConn ConnData;
-	declare(PDict, ConnData);
-	typedef PDict(ConnData) ConnMap;
-	ConnMap conns;
-
-	static ConnData* MakeMapPtr(PendingConn* c)
-		{ assert(c->is_pending); return c; }
-
-	static ConnData* MakeMapPtr(Connection* c)
-		{
-		ConnData* p = (ConnData*) (((char*) c) - 4);
-		assert(!p->is_pending);
-		return p;
-		}
-
-	static PendingConn* MakePendingConnPtr(ConnData* c)
-		{ assert(c->is_pending); return c; }
-
-	static Connection* MakeConnPtr(ConnData* c)
-		{
-		assert(!c->is_pending);
-		return (Connection*) (((char*) c) + 4);
-		}
-
-	static bool IsConnPtr(ConnData* c)
-		{ return ! c->is_pending; }
-
-	// New blocks are inserted at the end.
-	Block* first_block;
-	Block* last_block;
-
-	// If we have already expired some entries in a block,
-	// this points to the first non-expired.
-	unsigned char* first_non_expired;
-
-	// Last "connection" that we have build.
-	RecordVal* conn_val;
-
-	// Statistics.
-	Sizes sizes;
-	};
-
-extern ConnCompressor* conn_compressor;
-
-#endif

src/DCE_RPC.cc

@@ -137,7 +137,7 @@ static bool is_mapped_dce_rpc_endpoint(const dce_rpc_endpoint_addr& addr)
 
 bool is_mapped_dce_rpc_endpoint(const ConnID* id, TransportProto proto)
 	{
-	if ( id->dst_addr.GetFamily() == IPAddr::IPv6 )
+	if ( id->dst_addr.GetFamily() == IPv6 )
 		// TODO: Does the protocol support v6 addresses? #773
 		return false;
 
@@ -414,7 +414,7 @@ void DCE_RPC_Session::DeliverEpmapperMapResponse(
 
 				case binpac::DCE_RPC_Simple::EPM_PROTOCOL_IP:
 					uint32 hostip = floor->rhs()->data()->ip();
-					mapped.addr.addr = IPAddr(IPAddr::IPv4, &hostip, IPAddr::Host);
+					mapped.addr.addr = IPAddr(IPv4, &hostip, IPAddr::Host);
 					break;
 				}
 				}

src/DNS_Mgr.cc

@@ -321,10 +321,10 @@ void DNS_Mapping::Init(struct hostent* h)
 		addrs = new IPAddr[num_addrs];
 		for ( int i = 0; i < num_addrs; ++i )
 			if ( h->h_addrtype == AF_INET )
-				addrs[i] = IPAddr(IPAddr::IPv4, (uint32*)h->h_addr_list[i],
+				addrs[i] = IPAddr(IPv4, (uint32*)h->h_addr_list[i],
 				                  IPAddr::Network);
 			else if ( h->h_addrtype == AF_INET6 )
-				addrs[i] = IPAddr(IPAddr::IPv6, (uint32*)h->h_addr_list[i],
+				addrs[i] = IPAddr(IPv6, (uint32*)h->h_addr_list[i],
 				                  IPAddr::Network);
 		}
 	else

src/Desc.cc

@@ -157,6 +157,16 @@ void ODesc::Add(double d)
 		}
 	}
 
+void ODesc::Add(const IPAddr& addr)
+	{
+	Add(addr.AsString());
+	}
+
+void ODesc::Add(const IPPrefix& prefix)
+	{
+	Add(prefix.AsString());
+	}
+
 void ODesc::AddCS(const char* s)
 	{
 	int n = strlen(s);

src/Desc.h

@@ -8,7 +8,6 @@
 #include <utility>
 
 #include "BroString.h"
-#include "IPAddr.h"
 
 typedef enum {
 	DESC_READABLE,
@@ -23,6 +22,8 @@ typedef enum {
 } desc_style;
 
 class BroFile;
+class IPAddr;
+class IPPrefix;
 
 class ODesc {
 public:
@@ -76,8 +77,8 @@ public:
 	void Add(int64 i);
 	void Add(uint64 u);
 	void Add(double d);
-	void Add(const IPAddr& addr)	{ Add(addr.AsString()); }
+	void Add(const IPAddr& addr);
-	void Add(const IPPrefix& prefix)	{ Add(prefix.AsString()); }
+	void Add(const IPPrefix& prefix);
 
 	// Add s as a counted string.
 	void AddCS(const char* s);

src/Frag.cc

@@ -125,7 +125,7 @@ void FragReassembler::AddFragment(double t, const IP_Hdr* ip, const u_char* pkt,
 
 void FragReassembler::Overlap(const u_char* b1, const u_char* b2, int n)
 	{
-	IP_Hdr proto_h((const struct ip*) proto_hdr);
+	IP_Hdr proto_h(proto_hdr, false);
 
 	if ( memcmp((const void*) b1, (const void*) b2, n) )
 		s->Weird("fragment_inconsistency", &proto_h);
@@ -157,7 +157,7 @@ void FragReassembler::BlockInserted(DataBlock* /* start_block */)
 			// can happen for benign reasons when we're
 			// intermingling parts of two fragmented packets.
 
-			IP_Hdr proto_h((const struct ip*) proto_hdr);
+			IP_Hdr proto_h(proto_hdr, false);
 			s->Weird("fragment_size_inconsistency", &proto_h);
 
 			// We decide to analyze the contiguous portion now.
@@ -171,7 +171,7 @@ void FragReassembler::BlockInserted(DataBlock* /* start_block */)
 
 	else if ( last_block->upper > frag_size )
 		{
-		IP_Hdr proto_h((const struct ip*) proto_hdr);
+		IP_Hdr proto_h(proto_hdr, false);
 		s->Weird("fragment_size_inconsistency", &proto_h);
 		frag_size = last_block->upper;
 		}
@@ -214,7 +214,7 @@ void FragReassembler::BlockInserted(DataBlock* /* start_block */)
 		}
 
 	delete reassembled_pkt;
-	reassembled_pkt = new IP_Hdr(reassem4);
+	reassembled_pkt = new IP_Hdr(reassem4, true);
 
 	DeleteTimer();
 	}

src/IP.h

@@ -9,23 +9,13 @@
 
 class IP_Hdr {
 public:
-	IP_Hdr(struct ip* arg_ip4)
+	IP_Hdr(const struct ip* arg_ip4, bool arg_del)
-		: ip4(arg_ip4), ip6(0), del(1)
+		: ip4(arg_ip4), ip6(0), del(arg_del)
 		{
 		}
 
-	IP_Hdr(const struct ip* arg_ip4)
+	IP_Hdr(const struct ip6_hdr* arg_ip6, bool arg_del)
-		: ip4(arg_ip4), ip6(0), del(0)
+		: ip4(0), ip6(arg_ip6), del(arg_del)
-		{
-		}
-
-	IP_Hdr(struct ip6_hdr* arg_ip6)
-		: ip4(0), ip6(arg_ip6), del(1)
-		{
-		}
-
-	IP_Hdr(const struct ip6_hdr* arg_ip6)
-		: ip4(0), ip6(arg_ip6), del(0)
 		{
 		}
 
@@ -90,7 +80,7 @@ public:
 private:
 	const struct ip* ip4;
 	const struct ip6_hdr* ip6;
-	int del;
+	bool del;
 };
 
 #endif

src/IPAddr.cc

@@ -250,7 +250,7 @@ IPPrefix::IPPrefix(const in6_addr& in6, uint8_t length)
 IPPrefix::IPPrefix(const IPAddr& addr, uint8_t length)
 	: prefix(addr)
 	{
-	if ( prefix.GetFamily() == IPAddr::IPv4 )
+	if ( prefix.GetFamily() == IPv4 )
 		{
 		if ( length > 32 )
 			reporter->InternalError("Bad IPAddr(v4) IPPrefix length : %d",
@@ -275,7 +275,7 @@ string IPPrefix::AsString() const
 	{
 	char l[16];
 
-	if ( prefix.GetFamily() == IPAddr::IPv4 )
+	if ( prefix.GetFamily() == IPv4 )
 		modp_uitoa10(length - 96, l);
 	else
 		modp_uitoa10(length, l);

src/IPAddr.h

@@ -10,6 +10,8 @@
 #include "BroString.h"
 #include "Hash.h"
 #include "util.h"
+#include "Type.h"
+#include "threading/SerialTypes.h"
 
 struct ConnID;
 class ExpectedConn;
@@ -25,7 +27,7 @@ public:
 	/**
 	 * Address family.
 	 */
-	enum Family { IPv4, IPv6 };
+	typedef IPFamily Family;
 
 	/**
 	 * Byte order.
@@ -45,7 +47,7 @@ public:
 	 *
 	 * @param in6 The IPv6 address.
 	 */
-	IPAddr(const in4_addr& in4)
+	explicit IPAddr(const in4_addr& in4)
 		{
 		memcpy(in6.s6_addr, v4_mapped_prefix, sizeof(v4_mapped_prefix));
 		memcpy(&in6.s6_addr[12], &in4.s_addr, sizeof(in4.s_addr));
@@ -56,7 +58,7 @@ public:
 	 *
 	 * @param in6 The IPv6 address.
 	 */
-	IPAddr(const in6_addr& arg_in6) : in6(arg_in6) { }
+	explicit IPAddr(const in6_addr& arg_in6) : in6(arg_in6) { }
 
 	/**
 	 * Constructs an address instance from a string representation.
@@ -318,14 +320,19 @@ public:
 		return memcmp(&addr1.in6, &addr2.in6, sizeof(in6_addr)) < 0;
 		}
 
+	/** Converts the address into the type used internally by the
+	  * inter-thread communication.
+	  */
+	void ConvertToThreadingValue(threading::Value::addr_t* v) const;
+
 	friend HashKey* BuildConnIDHashKey(const ConnID& id);
 	friend HashKey* BuildExpectedConnHashKey(const ExpectedConn& c);
 
-	friend class IPPrefix;
-
 	unsigned int MemoryAllocation() const { return padded_sizeof(*this); }
 
 private:
+	friend class IPPrefix;
+
 	/**
 	 * Initializes an address instance from a string representation.
 	 *
@@ -384,6 +391,25 @@ inline bool IPAddr::IsLoopback() const
 			&& (in6.s6_addr[14] == 0) && (in6.s6_addr[15] == 1));
 	}
 
+inline void IPAddr::ConvertToThreadingValue(threading::Value::addr_t* v) const
+	{
+	v->family = GetFamily();
+
+	switch ( v->family ) {
+
+	case IPv4:
+		CopyIPv4(&v->in.in4);
+		return;
+
+	case IPv6:
+		CopyIPv6(&v->in.in6);
+		return;
+
+	// Can't be reached.
+	abort();
+	}
+	}
+
 /**
   * Returns a hash key for a given ConnID. Passes ownership to caller.
   */
@@ -459,7 +485,7 @@ public:
 	 */
 	uint8_t Length() const
 		{
-		return prefix.GetFamily() == IPAddr::IPv4 ? length - 96 : length;
+		return prefix.GetFamily() == IPv4 ? length - 96 : length;
 		}
 
 	/**
@@ -516,6 +542,15 @@ public:
 		return new HashKey(&key, sizeof(key));
 		}
 
+	/** Converts the prefix into the type used internally by the
+	  * inter-thread communication.
+	  */
+	void ConvertToThreadingValue(threading::Value::subnet_t* v) const
+		{
+		v->length = length;
+		prefix.ConvertToThreadingValue(&v->prefix);
+		}
+
 	unsigned int MemoryAllocation() const { return padded_sizeof(*this); }
 
 	/**

src/NetVar.cc

@@ -213,11 +213,6 @@ int sig_max_group_size;
 
 int enable_syslog;
 
-int use_connection_compressor;
-int cc_handle_resets;
-int cc_handle_only_syns;
-int cc_instantiate_on_data;
-
 TableType* irc_join_list;
 RecordType* irc_join_info;
 TableVal* irc_servers;
@@ -527,12 +522,6 @@ void init_net_var()
 
 	gap_report_freq = opt_internal_double("gap_report_freq");
 
-	use_connection_compressor =
-		opt_internal_int("use_connection_compressor");
-	cc_handle_resets = opt_internal_int("cc_handle_resets");
-	cc_handle_only_syns = opt_internal_int("cc_handle_only_syns");
-	cc_instantiate_on_data = opt_internal_int("cc_instantiate_on_data");
-
 	irc_join_info = internal_type("irc_join_info")->AsRecordType();
 	irc_join_list = internal_type("irc_join_list")->AsTableType();
 	irc_servers = internal_val("irc_servers")->AsTableVal();

src/NetVar.h

@@ -216,11 +216,6 @@ extern int sig_max_group_size;
 
 extern int enable_syslog;
 
-extern int use_connection_compressor;
-extern int cc_handle_resets;
-extern int cc_handle_only_syns;
-extern int cc_instantiate_on_data;
-
 extern TableType* irc_join_list;
 extern RecordType* irc_join_info;
 extern TableVal* irc_servers;

src/PIA.cc

@@ -196,7 +196,7 @@ void PIA_TCP::FirstPacket(bool is_orig, const IP_Hdr* ip)
 			ip4->ip_p = IPPROTO_TCP;
 
 			// Cast to const so that it doesn't delete it.
-			ip4_hdr = new IP_Hdr((const struct ip*) ip4);
+			ip4_hdr = new IP_Hdr(ip4, false);
 			}
 
 		if ( is_orig )

src/PacketSort.cc

@@ -27,9 +27,9 @@ PacketSortElement::PacketSortElement(PktSrc* arg_src,
 		{
 		const struct ip* ip = (const struct ip*) (pkt + hdr_size);
 		if ( ip->ip_v == 4 )
-			ip_hdr = new IP_Hdr(ip);
+			ip_hdr = new IP_Hdr(ip, false);
 		else
-			ip_hdr = new IP_Hdr((const struct ip6_hdr*) ip);
+			ip_hdr = new IP_Hdr((const struct ip6_hdr*) ip, false);
 
 		if ( ip_hdr->NextProto() == IPPROTO_TCP &&
 		      // Note: can't sort fragmented packets

src/RemoteSerializer.cc

@@ -681,7 +681,7 @@ RemoteSerializer::PeerID RemoteSerializer::Connect(const IPAddr& ip,
 	if ( ! initialized )
 		reporter->InternalError("remote serializer not initialized");
 
-	if ( ip.GetFamily() == IPAddr::IPv6 )
+	if ( ip.GetFamily() == IPv6 )
 		Error("inter-Bro communication not supported over IPv6");
 
 	const uint32* bytes;
@@ -1238,7 +1238,7 @@ bool RemoteSerializer::Listen(const IPAddr& ip, uint16 port, bool expect_ssl)
 	if ( ! initialized )
 		reporter->InternalError("remote serializer not initialized");
 
-	if ( ip.GetFamily() == IPAddr::IPv6 )
+	if ( ip.GetFamily() == IPv6 )
 		Error("inter-Bro communication not supported over IPv6");
 
 	const uint32* bytes;

src/RuleMatcher.cc

@@ -1082,7 +1082,7 @@ static bool val_to_maskedval(Val* v, maskedvalue_list* append_to)
 			bool is_v4_mask = m[0] == 0xffffffff &&
 						m[1] == m[0] && m[2] == m[0];
 
-			if ( v->AsSubNet().Prefix().GetFamily() == IPAddr::IPv4 &&
+			if ( v->AsSubNet().Prefix().GetFamily() == IPv4 &&
 			     is_v4_mask )
 				{
 				mval->val = ntohl(*n);

src/SerializationFormat.cc

@@ -250,9 +250,9 @@ bool BinarySerializationFormat::Read(IPAddr* addr, const char* tag)
 		}
 
 	if ( n == 1 )
-		*addr = IPAddr(IPAddr::IPv4, raw, IPAddr::Network);
+		*addr = IPAddr(IPv4, raw, IPAddr::Network);
 	else
-		*addr = IPAddr(IPAddr::IPv6, raw, IPAddr::Network);
+		*addr = IPAddr(IPv6, raw, IPAddr::Network);
 
 	return true;
 	}
@@ -269,6 +269,32 @@ bool BinarySerializationFormat::Read(IPPrefix* prefix, const char* tag)
 	return true;
 	}
 
+bool BinarySerializationFormat::Read(struct in_addr* addr, const char* tag)
+	{
+	uint32_t* bytes = (uint32_t*) &addr->s_addr;
+
+	if ( ! Read(&bytes[0], "addr4") )
+		return false;
+
+	bytes[0] = htonl(bytes[0]);
+	return true;
+	}
+
+bool BinarySerializationFormat::Read(struct in6_addr* addr, const char* tag)
+	{
+	uint32_t* bytes = (uint32_t*) &addr->s6_addr;
+
+	for ( int i = 0; i < 4; ++i )
+		{
+		if ( ! Read(&bytes[i], "addr6-part") )
+			return false;
+
+		bytes[i] = htonl(bytes[i]);
+		}
+
+	return true;
+	}
+
 bool BinarySerializationFormat::Write(char v, const char* tag)
 	{
 	DBG_LOG(DBG_SERIAL, "Write char %s [%s]", fmt_bytes(&v, 1), tag);
@@ -362,6 +388,29 @@ bool BinarySerializationFormat::Write(const IPPrefix& prefix, const char* tag)
 	return Write(prefix.Prefix(), "prefix") && Write(prefix.Length(), "width");
 	}
 
+bool BinarySerializationFormat::Write(const struct in_addr& addr, const char* tag)
+	{
+	const uint32_t* bytes = (uint32_t*) &addr.s_addr;
+
+	if ( ! Write(ntohl(bytes[0]), "addr4") )
+		return false;
+
+	return true;
+	}
+
+bool BinarySerializationFormat::Write(const struct in6_addr& addr, const char* tag)
+	{
+	const uint32_t* bytes = (uint32_t*) &addr.s6_addr;
+
+	for ( int i = 0; i < 4; ++i )
+		{
+		if ( ! Write(ntohl(bytes[i]), "addr6-part") )
+			return false;
+		}
+
+	return true;
+	}
+
 bool BinarySerializationFormat::WriteOpenTag(const char* tag)
 	{
 	return true;
@@ -464,6 +513,18 @@ bool XMLSerializationFormat::Read(IPPrefix* prefix, const char* tag)
 	return false;
 	}
 
+bool XMLSerializationFormat::Read(struct in_addr* addr, const char* tag)
+	{
+	reporter->InternalError("no reading of xml");
+	return false;
+	}
+
+bool XMLSerializationFormat::Read(struct in6_addr* addr, const char* tag)
+	{
+	reporter->InternalError("no reading of xml");
+	return false;
+	}
+
 bool XMLSerializationFormat::Write(char v, const char* tag)
 	{
 	return WriteElem(tag, "char", &v, 1);
@@ -556,6 +617,18 @@ bool XMLSerializationFormat::Write(const IPPrefix& prefix, const char* tag)
 	return false;
 	}
 
+bool XMLSerializationFormat::Write(const struct in_addr& addr, const char* tag)
+	{
+	reporter->InternalError("XML output of in_addr not implemented");
+	return false;
+	}
+
+bool XMLSerializationFormat::Write(const struct in6_addr& addr, const char* tag)
+	{
+	reporter->InternalError("XML output of in6_addr not implemented");
+	return false;
+	}
+
 bool XMLSerializationFormat::WriteEncodedString(const char* s, int len)
 	{
 	while ( len-- )

src/SerializationFormat.h

@@ -9,6 +9,9 @@ using namespace std;
 
 #include "util.h"
 
+class IPAddr;
+class IPPrefix;
+
 // Abstract base class.
 class SerializationFormat {
 public:
@@ -30,6 +33,8 @@ public:
 	virtual bool Read(string* s, const char* tag) = 0;
 	virtual bool Read(IPAddr* addr, const char* tag) = 0;
 	virtual bool Read(IPPrefix* prefix, const char* tag) = 0;
+	virtual bool Read(struct in_addr* addr, const char* tag) = 0;
+	virtual bool Read(struct in6_addr* addr, const char* tag) = 0;
 
 	// Returns number of raw bytes read since last call to StartRead().
 	int BytesRead() const	{ return bytes_read; }
@@ -54,6 +59,8 @@ public:
 	virtual bool Write(const string& s, const char* tag) = 0;
 	virtual bool Write(const IPAddr& addr, const char* tag) = 0;
 	virtual bool Write(const IPPrefix& prefix, const char* tag) = 0;
+	virtual bool Write(const struct in_addr& addr, const char* tag) = 0;
+	virtual bool Write(const struct in6_addr& addr, const char* tag) = 0;
 
 	virtual bool WriteOpenTag(const char* tag) = 0;
 	virtual bool WriteCloseTag(const char* tag) = 0;
@@ -96,6 +103,8 @@ public:
 	virtual bool Read(string* s, const char* tag);
 	virtual bool Read(IPAddr* addr, const char* tag);
 	virtual bool Read(IPPrefix* prefix, const char* tag);
+	virtual bool Read(struct in_addr* addr, const char* tag);
+	virtual bool Read(struct in6_addr* addr, const char* tag);
 	virtual bool Write(int v, const char* tag);
 	virtual bool Write(uint16 v, const char* tag);
 	virtual bool Write(uint32 v, const char* tag);
@@ -109,6 +118,8 @@ public:
 	virtual bool Write(const string& s, const char* tag);
 	virtual bool Write(const IPAddr& addr, const char* tag);
 	virtual bool Write(const IPPrefix& prefix, const char* tag);
+	virtual bool Write(const struct in_addr& addr, const char* tag);
+	virtual bool Write(const struct in6_addr& addr, const char* tag);
 	virtual bool WriteOpenTag(const char* tag);
 	virtual bool WriteCloseTag(const char* tag);
 	virtual bool WriteSeparator();
@@ -133,6 +144,8 @@ public:
 	virtual bool Write(const string& s, const char* tag);
 	virtual bool Write(const IPAddr& addr, const char* tag);
 	virtual bool Write(const IPPrefix& prefix, const char* tag);
+	virtual bool Write(const struct in_addr& addr, const char* tag);
+	virtual bool Write(const struct in6_addr& addr, const char* tag);
 	virtual bool WriteOpenTag(const char* tag);
 	virtual bool WriteCloseTag(const char* tag);
 	virtual bool WriteSeparator();
@@ -150,6 +163,8 @@ public:
 	virtual bool Read(string* s, const char* tag);
 	virtual bool Read(IPAddr* addr, const char* tag);
 	virtual bool Read(IPPrefix* prefix, const char* tag);
+	virtual bool Read(struct in_addr* addr, const char* tag);
+	virtual bool Read(struct in6_addr* addr, const char* tag);
 
 private:
 	// Encodes non-printable characters.

src/Serializer.h

@@ -415,7 +415,7 @@ public:
 		}
 
 	const IP_Hdr IP() const
-		{ return IP_Hdr((struct ip *) (pkt + hdr_size)); }
+		{ return IP_Hdr((struct ip *) (pkt + hdr_size), true); }
 
 	void Describe(ODesc* d) const;
 

src/Sessions.cc

@@ -27,7 +27,6 @@
 #include "InterConn.h"
 #include "Discard.h"
 #include "RuleMatcher.h"
-#include "ConnCompressor.h"
 #include "DPM.h"
 
 #include "PacketSort.h"
@@ -275,13 +274,13 @@ void NetSessions::NextPacket(double t, const struct pcap_pkthdr* hdr,
 		const struct ip* ip = (const struct ip*) (pkt + hdr_size);
 		if ( ip->ip_v == 4 )
 			{
-			IP_Hdr ip_hdr(ip);
+			IP_Hdr ip_hdr(ip, false);
 			DoNextPacket(t, hdr, &ip_hdr, pkt, hdr_size);
 			}
 
 		else if ( ip->ip_v == 6 )
 			{
-			IP_Hdr ip_hdr((const struct ip6_hdr*) (pkt + hdr_size));
+			IP_Hdr ip_hdr((const struct ip6_hdr*) (pkt + hdr_size), false);
 			DoNextPacket(t, hdr, &ip_hdr, pkt, hdr_size);
 			}
 
@@ -510,7 +509,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 	id.src_addr = ip_hdr->SrcAddr();
 	id.dst_addr = ip_hdr->DstAddr();
 	Dictionary* d = 0;
-	bool pass_to_conn_compressor = false;
 
 	switch ( proto ) {
 	case IPPROTO_TCP:
@@ -520,7 +518,6 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 		id.dst_port = tp->th_dport;
 		id.is_one_way = 0;
 		d = &tcp_conns;
-		pass_to_conn_compressor = ip4 && use_connection_compressor;
 		break;
 		}
 
@@ -563,45 +560,40 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 
 	// FIXME: The following is getting pretty complex. Need to split up
 	// into separate functions.
-	if ( pass_to_conn_compressor )
+	conn = (Connection*) d->Lookup(h);
-		conn = conn_compressor->NextPacket(t, h, ip_hdr, hdr, pkt);
+	if ( ! conn )
+		{
+		conn = NewConn(h, t, &id, data, proto);
+		if ( conn )
+			d->Insert(h, conn);
+		}
 	else
 		{
-		conn = (Connection*) d->Lookup(h);
+		// We already know that connection.
-		if ( ! conn )
+		int consistent = CheckConnectionTag(conn);
+		if ( consistent < 0 )
 			{
+			delete h;
+			return;
+			}
+
+		if ( ! consistent || conn->IsReuse(t, data) )
+			{
+			if ( consistent )
+				conn->Event(connection_reused, 0);
+
+			Remove(conn);
 			conn = NewConn(h, t, &id, data, proto);
 			if ( conn )
 				d->Insert(h, conn);
 			}
 		else
-			{
-			// We already know that connection.
-			int consistent = CheckConnectionTag(conn);
-			if ( consistent < 0 )
-				{
-				delete h;
-				return;
-				}
-
-			if ( ! consistent || conn->IsReuse(t, data) )
-				{
-				if ( consistent )
-					conn->Event(connection_reused, 0);
-
-				Remove(conn);
-				conn = NewConn(h, t, &id, data, proto);
-				if ( conn )
-					d->Insert(h, conn);
-				}
-			else
-				delete h;
-			}
-
-		if ( ! conn )
 			delete h;
 		}
 
+	if ( ! conn )
+		delete h;
+
 	if ( ! conn )
 		return;
 
@@ -838,16 +830,7 @@ Connection* NetSessions::FindConnection(Val* v)
 	Dictionary* d;
 
 	if ( orig_portv->IsTCP() )
-		{
+		d = &tcp_conns;
-		if ( use_connection_compressor )
-			{
-			Connection* conn = conn_compressor->Lookup(h);
-			delete h;
-			return conn;
-			}
-		else
-			d = &tcp_conns;
-		}
 	else if ( orig_portv->IsUDP() )
 		d = &udp_conns;
 	else if ( orig_portv->IsICMP() )
@@ -900,17 +883,7 @@ void NetSessions::Remove(Connection* c)
 
 		switch ( c->ConnTransport() ) {
 		case TRANSPORT_TCP:
-			if ( use_connection_compressor &&
+			if ( ! tcp_conns.RemoveEntry(k) )
-			     conn_compressor->Remove(k) )
-				// Note, if the Remove() returned false
-				// then the compressor doesn't know about
-				// this connection, which *should* mean that
-				// we never gave it the connection in the
-				// first place, and thus we should check
-				// the regular TCP table instead.
-				;
-
-			else if ( ! tcp_conns.RemoveEntry(k) )
 				reporter->InternalError("connection missing");
 			break;
 
@@ -957,13 +930,8 @@ void NetSessions::Insert(Connection* c)
 	// reference the old key for already existing connections.
 
 	case TRANSPORT_TCP:
-		if ( use_connection_compressor )
+		old = (Connection*) tcp_conns.Remove(c->Key());
-			old = conn_compressor->Insert(c);
+		tcp_conns.Insert(c->Key(), c);
-		else
-			{
-			old = (Connection*) tcp_conns.Remove(c->Key());
-			tcp_conns.Insert(c->Key(), c);
-			}
 		break;
 
 	case TRANSPORT_UDP:
@@ -995,9 +963,6 @@ void NetSessions::Insert(Connection* c)
 
 void NetSessions::Drain()
 	{
-	if ( use_connection_compressor )
-		conn_compressor->Drain();
-
 	IterCookie* cookie = tcp_conns.InitForIteration();
 	Connection* tc;
 
@@ -1110,10 +1075,7 @@ Connection* NetSessions::NewConn(HashKey* k, double t, const ConnID* id,
 		conn->AppendAddl(fmt("tag=%s",
 					conn->GetTimerMgr()->GetTag().c_str()));
 
-	// If the connection compressor is active, it takes care of the
+	if ( new_connection )
-	// new_connection/connection_external events for TCP connections.
-	if ( new_connection &&
-	     (tproto != TRANSPORT_TCP || ! use_connection_compressor) )
 		{
 		conn->Event(new_connection, 0);
 

src/Stats.cc

@@ -6,7 +6,6 @@
 #include "Stats.h"
 #include "Scope.h"
 #include "cq.h"
-#include "ConnCompressor.h"
 #include "DNS_Mgr.h"
 #include "Trigger.h"
 #include "threading/Manager.h"
@@ -129,19 +128,6 @@ void ProfileLogger::Log()
 		expensive ? sessions->ConnectionMemoryUsageConnVals() / 1024 : 0
 		));
 
-	const ConnCompressor::Sizes& cs = conn_compressor->Size();
-
-	file->Write(fmt("%.6f ConnCompressor: pending=%d pending_in_mem=%d full_conns=%d pending+real=%d mem=%dK avg=%.1f/%.1f\n",
-		network_time,
-		cs.pending_valid,
-		cs.pending_in_mem,
-		cs.connections,
-		cs.hash_table_size,
-		cs.memory / 1024,
-		cs.memory / double(cs.pending_valid),
-		cs.memory / double(cs.pending_in_mem)
-		));
-
 	SessionStats s;
 	sessions->GetStats(s);
 

src/Val.cc

@@ -606,7 +606,7 @@ ID* MutableVal::Bind() const
 			ip = htonl(0x7f000001);	// 127.0.0.1
 
 		safe_snprintf(name, MAX_NAME_SIZE, "#%s#%d#",
-			      IPAddr(IPAddr::IPv4, &ip, IPAddr::Network)->AsString().c_str(),
+			      IPAddr(IPv4, &ip, IPAddr::Network)->AsString().c_str(),
 			      getpid());
 #else
 		safe_snprintf(name, MAX_NAME_SIZE, "#%s#%d#", host, getpid());
@@ -864,12 +864,12 @@ AddrVal::AddrVal(const char* text) : Val(TYPE_ADDR)
 AddrVal::AddrVal(uint32 addr) : Val(TYPE_ADDR)
 	{
 	// ### perhaps do gethostbyaddr here?
-	val.addr_val = new IPAddr(IPAddr::IPv4, &addr, IPAddr::Network);
+	val.addr_val = new IPAddr(IPv4, &addr, IPAddr::Network);
 	}
 
 AddrVal::AddrVal(const uint32 addr[4]) : Val(TYPE_ADDR)
 	{
-	val.addr_val = new IPAddr(IPAddr::IPv6, addr, IPAddr::Network);
+	val.addr_val = new IPAddr(IPv6, addr, IPAddr::Network);
 	}
 
 AddrVal::AddrVal(const IPAddr& addr) : Val(TYPE_ADDR)
@@ -889,7 +889,7 @@ unsigned int AddrVal::MemoryAllocation() const
 
 Val* AddrVal::SizeVal() const
 	{
-	if ( val.addr_val->GetFamily() == IPAddr::IPv4 )
+	if ( val.addr_val->GetFamily() == IPv4 )
 		return new Val(32, TYPE_COUNT);
 	else
 		return new Val(128, TYPE_COUNT);
@@ -933,13 +933,13 @@ SubNetVal::SubNetVal(const char* text, int width) : Val(TYPE_SUBNET)
 
 SubNetVal::SubNetVal(uint32 addr, int width) : Val(TYPE_SUBNET)
 	{
-	IPAddr a(IPAddr::IPv4, &addr, IPAddr::Network);
+	IPAddr a(IPv4, &addr, IPAddr::Network);
 	val.subnet_val = new IPPrefix(a, width);
 	}
 
 SubNetVal::SubNetVal(const uint32* addr, int width) : Val(TYPE_SUBNET)
 	{
-	IPAddr a(IPAddr::IPv6, addr, IPAddr::Network);
+	IPAddr a(IPv6, addr, IPAddr::Network);
 	val.subnet_val = new IPPrefix(a, width);
 	}
 
@@ -958,6 +958,16 @@ SubNetVal::~SubNetVal()
 	delete val.subnet_val;
 	}
 
+const IPAddr& SubNetVal::Prefix() const
+	{
+	return val.subnet_val->Prefix();
+	}
+
+int SubNetVal::Width() const
+	{
+	return val.subnet_val->Length();
+	}
+
 unsigned int SubNetVal::MemoryAllocation() const
 	{
 	return padded_sizeof(*this) + val.subnet_val->MemoryAllocation();
@@ -983,7 +993,7 @@ IPAddr SubNetVal::Mask() const
 		uint32 m[4];
 		for ( unsigned int i = 0; i < 4; ++i )
 			m[i] = 0;
-		IPAddr rval(IPAddr::IPv6, m, IPAddr::Host);
+		IPAddr rval(IPv6, m, IPAddr::Host);
 		return rval;
 		}
 
@@ -999,7 +1009,7 @@ IPAddr SubNetVal::Mask() const
 	while ( ++mp < m + 4 )
 		   *mp = 0;
 
-	IPAddr rval(IPAddr::IPv6, m, IPAddr::Host);
+	IPAddr rval(IPv6, m, IPAddr::Host);
 	return rval;
 	}
 

src/Val.h

@@ -513,10 +513,6 @@ protected:
 #define UDP_PORT_MASK  0x20000
 #define ICMP_PORT_MASK 0x30000
 
-typedef enum {
-	TRANSPORT_UNKNOWN, TRANSPORT_TCP, TRANSPORT_UDP, TRANSPORT_ICMP,
-} TransportProto;
-
 class PortVal : public Val {
 public:
 	// Constructors - both take the port number in host order.
@@ -589,8 +585,8 @@ public:
 
 	Val* SizeVal() const;
 
-	const IPAddr& Prefix() const { return val.subnet_val->Prefix(); }
+	const IPAddr& Prefix() const;
-	int Width() const	{ return val.subnet_val->Length(); }
+	int Width() const;
 	IPAddr Mask() const;
 
 	bool Contains(const IPAddr& addr) const;

src/bro.bif

@@ -1949,7 +1949,7 @@ function is_local_interface%(ip: addr%) : bool
 	if ( ent )
 		{
 		for ( unsigned int len = 0; ent->h_addr_list[len]; ++len )
-			addrs.push_back(IPAddr(IPAddr::IPv4, (uint32*)ent->h_addr_list[len],
+			addrs.push_back(IPAddr(IPv4, (uint32*)ent->h_addr_list[len],
 			                       IPAddr::Network));
 		}
 
@@ -1958,7 +1958,7 @@ function is_local_interface%(ip: addr%) : bool
 	if ( ent )
 		{
 		for ( unsigned int len = 0; ent->h_addr_list[len]; ++len )
-			addrs.push_back(IPAddr(IPAddr::IPv6, (uint32*)ent->h_addr_list[len],
+			addrs.push_back(IPAddr(IPv6, (uint32*)ent->h_addr_list[len],
 			                       IPAddr::Network));
 		}
 
@@ -2024,7 +2024,7 @@ function gethostname%(%) : string
 ## Returns: true if *a* is an IPv4 address, else false.
 function is_v4_addr%(a: addr%): bool
 	%{
-	if ( a->AsAddr().GetFamily() == IPAddr::IPv4 )
+	if ( a->AsAddr().GetFamily() == IPv4 )
 		return new Val(1, TYPE_BOOL);
 	else
 		return new Val(0, TYPE_BOOL);
@@ -2037,7 +2037,7 @@ function is_v4_addr%(a: addr%): bool
 ## Returns: true if *a* is an IPv6 address, else false.
 function is_v6_addr%(a: addr%): bool
 	%{
-	if ( a->AsAddr().GetFamily() == IPAddr::IPv6 )
+	if ( a->AsAddr().GetFamily() == IPv6 )
 		return new Val(1, TYPE_BOOL);
 	else
 		return new Val(0, TYPE_BOOL);
@@ -3522,7 +3522,7 @@ function lookup_location%(a: addr%) : geo_location
 		}
 
 #ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
-	if ( geoip_v6 && a->AsAddr().GetFamily() == IPAddr::IPv6 )
+	if ( geoip_v6 && a->AsAddr().GetFamily() == IPv6 )
 		{
 		geoipv6_t ga;
 		a->AsAddr().CopyIPv6(&ga);
@@ -3534,7 +3534,7 @@ function lookup_location%(a: addr%) : geo_location
 	else
 #endif
 
-	if ( geoip && a->AsAddr().GetFamily() == IPAddr::IPv4 )
+	if ( geoip && a->AsAddr().GetFamily() == IPv4 )
 		{
 		const uint32* bytes;
 		a->AsAddr().GetBytes(&bytes);
@@ -3617,7 +3617,7 @@ function lookup_asn%(a: addr%) : count
 		{
 // IPv6 support showed up in 1.4.5.
 #ifdef HAVE_GEOIP_COUNTRY_EDITION_V6
-		if ( a->AsAddr().GetFamily() == IPAddr::IPv6 )
+		if ( a->AsAddr().GetFamily() == IPv6 )
 			{
 			geoipv6_t ga;
 			a->AsAddr().CopyIPv6(&ga);
@@ -3626,7 +3626,7 @@ function lookup_asn%(a: addr%) : count
 		else
 #endif
 
-		if ( a->AsAddr().GetFamily() == IPAddr::IPv4 )
+		if ( a->AsAddr().GetFamily() == IPv4 )
 			{
 			const uint32* bytes;
 			a->AsAddr().GetBytes(&bytes);
@@ -5353,7 +5353,7 @@ function preserve_prefix%(a: addr, width: count%): any
 	AnonymizeIPAddr* ip_anon = ip_anonymizer[PREFIX_PRESERVING_A50];
 	if ( ip_anon )
 		{
-		if ( a->AsAddr().GetFamily() == IPAddr::IPv6 )
+		if ( a->AsAddr().GetFamily() == IPv6 )
 			builtin_error("preserve_prefix() not supported for IPv6 addresses");
 		else
 			{
@@ -5382,7 +5382,7 @@ function preserve_subnet%(a: subnet%): any
 	AnonymizeIPAddr* ip_anon = ip_anonymizer[PREFIX_PRESERVING_A50];
 	if ( ip_anon )
 		{
-		if ( a->AsSubNet().Prefix().GetFamily() == IPAddr::IPv6 )
+		if ( a->AsSubNet().Prefix().GetFamily() == IPv6 )
 			builtin_error("preserve_subnet() not supported for IPv6 addresses");
 		else
 			{
@@ -5418,7 +5418,7 @@ function anonymize_addr%(a: addr, cl: IPAddrAnonymizationClass%): addr
 	if ( anon_class < 0 || anon_class >= NUM_ADDR_ANONYMIZATION_CLASSES )
 		builtin_error("anonymize_addr(): invalid ip addr anonymization class");
 
-	if ( a->AsAddr().GetFamily() == IPAddr::IPv6 )
+	if ( a->AsAddr().GetFamily() == IPv6 )
 		{
 		builtin_error("anonymize_addr() not supported for IPv6 addresses");
 		return 0;

src/input/Manager.cc

@@ -1428,12 +1428,12 @@ int Manager::GetValueLength(const Value* val) {
 
 	case TYPE_ADDR:
 		{
-			switch ( val->val.addr_val->GetFamily() ) {
+			switch ( val->val.addr_val.family ) {
-			case IPAddr::IPv4:
+			case IPv4:
-				length += 1*sizeof(uint32_t);
+				length += sizeof(val->val.addr_val.in.in4);
 				break;
-			case IPAddr::IPv6:
+			case IPv6:
-				length += 4*sizeof(uint32_t);
+				length += sizeof(val->val.addr_val.in.in6);
 				break;
 			default:
 				assert(false);
@@ -1444,12 +1444,12 @@ int Manager::GetValueLength(const Value* val) {
 
 	case TYPE_SUBNET:
 		{
-			switch ( val->val.addr_val->GetFamily() ) {
+			switch ( val->val.subnet_val.prefix.family ) {
-			case IPAddr::IPv4:
+			case IPv4:
-				length += 1*sizeof(uint32_t)+sizeof(uint8_t);
+				length += sizeof(val->val.subnet_val.prefix.in.in4)+sizeof(val->val.subnet_val.length);
 				break;
-			case IPAddr::IPv6:
+			case IPv6:
-				length += 4*sizeof(uint32_t)+sizeof(uint8_t);
+				length += sizeof(val->val.subnet_val.prefix.in.in6)+sizeof(val->val.subnet_val.length);
 				break;
 			default:
 				assert(false);
@@ -1527,23 +1527,47 @@ int Manager::CopyValue(char *data, const int startpos, const Value* val) {
 
 	case TYPE_ADDR:
 		{
-		const uint32_t* bytes;
+			int length;
-		int len = val->val.addr_val->GetBytes(&bytes) * sizeof(uint32_t);
+			switch ( val->val.addr_val.family ) {
-		memcpy(data+startpos, (const char*) bytes, len);
+			case IPv4:
-		return len;
+				length = sizeof(val->val.addr_val.in.in4);
-		break;
+				memcpy(data + startpos, (const char*) &(val->val.addr_val.in.in4), length);
-		}
+				break;
+			case IPv6:
+				length = sizeof(val->val.addr_val.in.in6);
+				memcpy(data + startpos, (const char*) &(val->val.addr_val.in.in6), length);
+				break;
+			default:
+				assert(false);
+			}
+
+			return length;
 
-	case TYPE_SUBNET: {
-		const uint32_t* bytes;
-		int len = val->val.subnet_val->Prefix().GetBytes(&bytes) * sizeof(uint32_t);
-		memcpy(data+startpos, (const char*) bytes, len);
-		uint8_t prefixlen = val->val.subnet_val->Length();
-		memcpy(data+startpos+len, (const char*) &(prefixlen), sizeof(uint8_t) );
-		len += sizeof(uint8_t);		
-		return len;
-		break;
 		}
+		break;
+	
+	case TYPE_SUBNET: 
+		{
+			int length;
+			switch ( val->val.subnet_val.prefix.family ) {
+			case IPv4:
+				length = sizeof(val->val.addr_val.in.in4);
+				memcpy(data + startpos, (const char*) &(val->val.subnet_val.prefix.in.in4), length);
+				break;
+			case IPv6:
+				length += sizeof(val->val.addr_val.in.in6);
+				memcpy(data + startpos, (const char*) &(val->val.subnet_val.prefix.in.in4), length);
+				break;
+			default:
+				assert(false);
+			}
+			int lengthlength = sizeof(val->val.subnet_val.length);
+			memcpy(data + startpos + length , (const char*) &(val->val.subnet_val.length), lengthlength);
+			length += lengthlength;
+			return length;
+
+		}
+		break;
 
 	case TYPE_TABLE: {
 		int length = 0;
@@ -1648,11 +1672,42 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type) {
 		break;
 
 	case TYPE_ADDR:
-		return new AddrVal(*(val->val.addr_val));
+		{
-		break;
+			IPAddr* addr;
+			switch ( val->val.addr_val.family ) {
+			case IPv4:
+				addr = new IPAddr(val->val.addr_val.in.in4);
+				break;
+			case IPv6:
+				addr = new IPAddr(val->val.addr_val.in.in6);
+				break;
+			default:
+				assert(false);
+			}
+			AddrVal* addrval = new AddrVal(*addr);
+			delete addr;
+			return addrval;
+
+		}
 
 	case TYPE_SUBNET:
-		return new SubNetVal(*(val->val.subnet_val));
+		{
+			IPAddr* addr;
+			switch ( val->val.subnet_val.prefix.family ) {
+			case IPv4:
+				addr = new IPAddr(val->val.subnet_val.prefix.in.in4);
+				break;
+			case IPv6:
+				addr = new IPAddr(val->val.subnet_val.prefix.in.in6);
+				break;
+			default:
+				assert(false);
+			}
+			SubNetVal* subnetval = new SubNetVal(*addr, val->val.subnet_val.length);
+			delete addr;
+			return subnetval;
+
+		}
 		break;
 
 	case TYPE_TABLE: {

src/input/ReaderBackend.cc

@@ -273,5 +273,49 @@ bool ReaderBackend::DoHeartbeat(double network_time, double current_time)
 	return true;
 }
 
+TransportProto ReaderBackend::StringToProto(const string &proto) {
+	if ( proto == "unknown" ) {
+		return TRANSPORT_UNKNOWN;
+	} else if ( proto == "tcp" ) {
+		return TRANSPORT_TCP;
+	} else if ( proto == "udp" ) {
+		return TRANSPORT_UDP;
+	} else if ( proto == "icmp" ) {
+		return TRANSPORT_ICMP;
+	}
+
+	Error(Fmt("Tried to parse invalid/unknown protocol: %s", proto.c_str()));
+
+	return TRANSPORT_UNKNOWN;
+}
+
+
+// more or less verbose copy from IPAddr.cc -- which uses reporter
+Value::addr_t ReaderBackend::StringToAddr(const string &s) {
+	Value::addr_t val;
+
+	if ( s.find(':') == std::string::npos ) // IPv4.
+		{
+		val.family = IPv4;
+
+		if ( inet_aton(s.c_str(), &(val.in.in4)) <= 0 ) {
+			Error(Fmt("Bad addres: %s", s.c_str()));
+			memset(&val.in.in4.s_addr, 0, sizeof(val.in.in4.s_addr));
+		}
+
+
+		}
+	else
+		{
+		val.family = IPv6;
+		if ( inet_pton(AF_INET6, s.c_str(), val.in.in6.s6_addr) <=0 )
+			{
+			Error(Fmt("Bad IP address: %s", s.c_str()));
+			memset(val.in.in6.s6_addr, 0, sizeof(val.in.in6.s6_addr));
+			}
+		}
+
+	return val;
+}
 
 }

src/input/ReaderBackend.h

@@ -267,6 +267,20 @@ protected:
 	 */
 	virtual bool DoHeartbeat(double network_time, double current_time);	
 
+	/**
+	 * Utility function for Readers - convert a string into a TransportProto
+	 *
+	 * @param proto the transport protocol
+	 */
+	TransportProto StringToProto(const string &proto);		
+
+	/**
+	 * Utility function for Readers - convert a string into a Value::addr_t
+	 *
+	 * @param addr containing an ipv4 or ipv6 address
+	 */
+	threading::Value::addr_t StringToAddr(const string &addr);
+
 private:
 	// Frontend that instantiated us. This object must not be access from
 	// this class, it's running in a different thread!

src/input/readers/Ascii.cc

@@ -245,23 +245,6 @@ bool Ascii::GetLine(string& str) {
 	return false;
 }
 
-TransportProto Ascii::StringToProto(const string &proto) {
-	if ( proto == "unknown" ) {
-		return TRANSPORT_UNKNOWN;
-	} else if ( proto == "tcp" ) {
-		return TRANSPORT_TCP;
-	} else if ( proto == "udp" ) {
-		return TRANSPORT_UDP;
-	} else if ( proto == "icmp" ) {
-		return TRANSPORT_ICMP;
-	}
-
-	//assert(false);
-	
-	reporter->Error("Tried to parse invalid/unknown protocol: %s", proto.c_str());
-
-	return TRANSPORT_UNKNOWN;
-}
 
 Value* Ascii::EntryToVal(string s, FieldMapping field) {
 
@@ -309,20 +292,22 @@ Value* Ascii::EntryToVal(string s, FieldMapping field) {
 		break;
 
 	case TYPE_SUBNET: {
-		int pos = s.find("/");
+		size_t pos = s.find("/");
+		if ( pos == s.npos ) {
+			Error(Fmt("Invalid value for subnet: %s", s.c_str()));
+			return false;
+		}
 		int width = atoi(s.substr(pos+1).c_str());
 		string addr = s.substr(0, pos);
 
-		IPAddr a(addr);
+		val->val.subnet_val.prefix = StringToAddr(addr);
-		val->val.subnet_val = new IPPrefix(a, width);
+		val->val.subnet_val.length = width;
-
+		}
 		break;
 
-		}
+	case TYPE_ADDR: 
-	case TYPE_ADDR: {
+		val->val.addr_val = StringToAddr(s);
-		val->val.addr_val = new IPAddr(s);
 		break;
-		}
 
 	case TYPE_TABLE:
 	case TYPE_VECTOR:

src/input/readers/Ascii.h

@@ -67,8 +67,6 @@ private:
 
 	bool HasFilter(int id);
 
-	TransportProto StringToProto(const string &proto);		
-
 	bool ReadHeader(bool useCached);
 	threading::Value* EntryToVal(string s, FieldMapping type);
 

src/logging/Manager.cc

@@ -862,11 +862,11 @@ threading::Value* Manager::ValToLogVal(Val* val, BroType* ty)
 		break;
 
 	case TYPE_SUBNET:
-		lval->val.subnet_val = new IPPrefix(val->AsSubNet());
+		val->AsSubNet().ConvertToThreadingValue(&lval->val.subnet_val);
 		break;
 
 	case TYPE_ADDR:
-		lval->val.addr_val = new IPAddr(val->AsAddr());
+		val->AsAddr().ConvertToThreadingValue(&lval->val.addr_val);
 		break;
 
 	case TYPE_DOUBLE:

src/logging/WriterBackend.cc

@@ -242,4 +242,40 @@ bool WriterBackend::DoHeartbeat(double network_time, double current_time)
 	return true;
 	}
 
+string WriterBackend::Render(const threading::Value::addr_t& addr) const
+	{
+	if ( addr.family == IPv4 )
+		{
+		char s[INET_ADDRSTRLEN];
+
+		if ( inet_ntop(AF_INET, &addr.in.in4, s, INET_ADDRSTRLEN) == NULL )
+			return "<bad IPv4 address conversion>";
+		else
+			return s;
+		}
+	else
+		{
+		char s[INET6_ADDRSTRLEN];
+
+		if ( inet_ntop(AF_INET6, &addr.in.in6, s, INET6_ADDRSTRLEN) == NULL )
+			return "<bad IPv6 address conversion>";
+		else
+			return s;
+		}
+	}
+
+string WriterBackend::Render(const threading::Value::subnet_t& subnet) const
+	{
+	char l[16];
+
+	if ( subnet.prefix.family == IPv4 )
+		modp_uitoa10(subnet.length - 96, l);
+	else
+		modp_uitoa10(subnet.length, l);
+
+	string s = Render(subnet.prefix) + "/" + l;
+
+	return s;
+	}
+
 

src/logging/WriterBackend.h

@@ -158,6 +158,21 @@ public:
 	bool FinishedRotation(string new_name, string old_name,
 			      double open, double close, bool terminating);
 
+	/** Helper method to render an IP address as a string.
+	  *
+	  * @param addr The address.
+	  *
+	  * @return An ASCII representation of the address.
+	  */
+	string Render(const threading::Value::addr_t& addr) const;
+
+	/** Helper method to render an subnet value as a string.
+	  *
+	  * @param addr The address.
+	  *
+	  * @return An ASCII representation of the address.
+	  */
+	string Render(const threading::Value::subnet_t& subnet) const;
 
 protected:
 	/**

src/logging/writers/Ascii.cc

@@ -177,11 +177,11 @@ bool Ascii::DoWriteOne(ODesc* desc, Value* val, const Field* field)
 		break;
 
 	case TYPE_SUBNET:
-		desc->Add(*val->val.subnet_val);
+		desc->Add(Render(val->val.subnet_val));
 		break;
 
 	case TYPE_ADDR:
-		desc->Add(*val->val.addr_val);
+		desc->Add(Render(val->val.addr_val));
 		break;
 
 	case TYPE_TIME:

src/main.cc

@@ -43,7 +43,6 @@ extern "C" void OPENSSL_add_all_algorithms_conf(void);
 #include "PersistenceSerializer.h"
 #include "EventRegistry.h"
 #include "Stats.h"
-#include "ConnCompressor.h"
 #include "DPM.h"
 #include "BroDoc.h"
 #include "Brofiler.h"
@@ -101,7 +100,6 @@ int do_notice_analysis = 0;
 int rule_bench = 0;
 int generate_documentation = 0;
 SecondaryPath* secondary_path = 0;
-ConnCompressor* conn_compressor = 0;
 extern char version[];
 char* command_line_policy = 0;
 vector<string> params;
@@ -305,7 +303,6 @@ void terminate_bro()
 	delete state_serializer;
 	delete event_registry;
 	delete secondary_path;
-	delete conn_compressor;
 	delete remote_serializer;
 	delete dpm;
 	delete log_mgr;
@@ -834,8 +831,6 @@ int main(int argc, char** argv)
 
 	delete [] script_rule_files;
 
-	conn_compressor = new ConnCompressor();
-
 	if ( g_policy_debug )
 		// ### Add support for debug command file.
 		dbg_init_debugger(0);

src/net_util.cc

@@ -162,8 +162,8 @@ const char* fmt_conn_id(const IPAddr& src_addr, uint32 src_port,
 const char* fmt_conn_id(const uint32* src_addr, uint32 src_port,
 			const uint32* dst_addr, uint32 dst_port)
 	{
-	IPAddr src(IPAddr::IPv6, src_addr, IPAddr::Network);
+	IPAddr src(IPv6, src_addr, IPAddr::Network);
-	IPAddr dst(IPAddr::IPv6, dst_addr, IPAddr::Network);
+	IPAddr dst(IPv6, dst_addr, IPAddr::Network);
 	return fmt_conn_id(src, src_port, dst, dst_port);
 	}
 

src/net_util.h

@@ -5,6 +5,13 @@
 
 #include "config.h"
 
+// Define first.
+typedef enum {
+	TRANSPORT_UNKNOWN, TRANSPORT_TCP, TRANSPORT_UDP, TRANSPORT_ICMP,
+} TransportProto;
+
+typedef enum { IPv4, IPv6 } IPFamily;
+
 #include <assert.h>
 #include <sys/types.h>
 
@@ -21,7 +28,6 @@
 #include <netinet/ip_icmp.h>
 
 #include "util.h"
-#include "IPAddr.h"
 
 #ifdef HAVE_NETINET_IP6_H
 #include <netinet/ip6.h>
@@ -58,6 +64,8 @@ inline int seq_delta(uint32 a, uint32 b)
 	return int(a-b);
 	}
 
+class IPAddr;
+
 // Returns the ones-complement checksum of a chunk of b short-aligned bytes.
 extern int ones_complement_checksum(const void* p, int b, uint32 sum);
 extern int ones_complement_checksum(const IPAddr& a, uint32 sum);

src/threading/Manager.cc

@@ -106,9 +106,12 @@ void Manager::Process()
 
 		Message* msg = t->RetrieveOut();
 
-		if ( msg->Process() ) //&& network_time ) // FIXME: ask robin again if he needs this. makes input interface not work in bro_init.
+		if ( msg->Process() ) 
-			did_process = true;
+			{
+			//if ( network_time ) //&& network_time ) // FIXME: ask robin again if he needs this. makes input interface not work in bro_init.
 
+				did_process = true;
+			}
 		else
 			{
 			string s = msg->Name() + " failed, terminating thread " + t->Name() + " (in ThreadManager)";

src/threading/SerialTypes.cc

@@ -32,12 +32,6 @@ Value::~Value()
 	     && present )
 		delete val.string_val;
 
-	if ( type == TYPE_ADDR && present )
-		delete val.addr_val;
-
-	if ( type == TYPE_SUBNET && present )
-		delete val.subnet_val;
-
 	if ( type == TYPE_TABLE && present )
 		{
 		for ( int i = 0; i < val.set_val.size; i++ )
@@ -132,8 +126,8 @@ bool Value::Read(SerializationFormat* fmt)
 		if ( ! (fmt->Read(&val.port_val.port, "port") && fmt->Read(&proto, "proto") ) ) {
 			return false;
 		}
-		
+
-		switch (proto) {
+		switch ( proto ) {
 			case 0:
 				val.port_val.proto = TRANSPORT_UNKNOWN;
 				break;
@@ -149,20 +143,55 @@ bool Value::Read(SerializationFormat* fmt)
 			default:
 				return false;
 		}
+
 		return true;
 		}
 
-
-	case TYPE_SUBNET:
-		{
-		val.subnet_val = new IPPrefix;
-		return fmt->Read(val.subnet_val, "subnet");
-		}
-
 	case TYPE_ADDR:
 		{
-		val.addr_val = new IPAddr;
+		char family;
-		return fmt->Read(val.addr_val, "addr");
+
+		if ( ! fmt->Read(&family, "addr-family") )
+			return false;
+
+		switch ( family ) {
+		case 4:
+			val.addr_val.family = IPv4;
+			return fmt->Read(&val.addr_val.in.in4, "addr-in4");
+
+		case 6:
+			val.addr_val.family = IPv6;
+			return fmt->Read(&val.addr_val.in.in6, "addr-in6");
+
+		}
+
+		// Can't be reached.
+		abort();
+		}
+
+	case TYPE_SUBNET:
+		{
+		char length;
+		char family;
+
+		if ( ! (fmt->Read(&length, "subnet-len") && fmt->Read(&family, "subnet-family")) ) 
+			return false;
+
+		switch ( family ) {
+		case 4:
+			val.subnet_val.length = (uint8_t)length;
+			val.subnet_val.prefix.family = IPv4;
+			return fmt->Read(&val.subnet_val.prefix.in.in4, "subnet-in4");
+
+		case 6:
+			val.subnet_val.length = (uint8_t)length;
+			val.subnet_val.prefix.family = IPv6;
+			return fmt->Read(&val.subnet_val.prefix.in.in6, "subnet-in6");
+
+		}
+
+		// Can't be reached.
+		abort();
 		}
 
 	case TYPE_DOUBLE:
@@ -241,13 +270,44 @@ bool Value::Write(SerializationFormat* fmt) const
 		return fmt->Write(val.uint_val, "uint");
 
 	case TYPE_PORT:
-		return fmt->Write(val.port_val.port, "port") && fmt->Write(val.port_val.proto, "proto");	
+		return fmt->Write(val.port_val.port, "port") && fmt->Write(val.port_val.proto, "proto");
-
-	case TYPE_SUBNET:
-		return fmt->Write(*val.subnet_val, "subnet");
 
 	case TYPE_ADDR:
-		return fmt->Write(*val.addr_val, "addr");
+		{
+		switch ( val.addr_val.family ) {
+		case IPv4:
+			return fmt->Write((char)4, "addr-family")
+				&& fmt->Write(val.addr_val.in.in4, "addr-in4");
+
+		case IPv6:
+			return fmt->Write((char)6, "addr-family")
+				&& fmt->Write(val.addr_val.in.in6, "addr-in6");
+			break;
+		}
+
+		// Can't be reached.
+		abort();
+		}
+
+	case TYPE_SUBNET:
+		{
+		if ( ! fmt->Write((char)val.subnet_val.length, "subnet-length") )
+			return false;
+
+		switch ( val.subnet_val.prefix.family ) {
+		case IPv4:
+			return fmt->Write((char)4, "subnet-family")
+				&& fmt->Write(val.subnet_val.prefix.in.in4, "subnet-in4");
+
+		case IPv6:
+			return fmt->Write((char)6, "subnet-family")
+				&& fmt->Write(val.subnet_val.prefix.in.in6, "subnet-in6");
+			break;
+		}
+
+		// Can't be reached.
+		abort();
+		}
 
 	case TYPE_DOUBLE:
 	case TYPE_TIME:

src/threading/SerialTypes.h

@@ -2,10 +2,13 @@
 #ifndef THREADING_SERIALIZATIONTYPES_H
 #define THREADING_SERIALIZATIONTYPES_H
 
-#include "../RemoteSerializer.h"
-
 using namespace std;
 
+#include "Type.h"
+#include "net_util.h"
+
+class SerializationFormat;
+
 namespace threading {
 
 /**
@@ -64,6 +67,16 @@ struct Value {
 	typedef set_t vec_t;
 	struct port_t { bro_uint_t port; TransportProto proto; };
 
+        struct addr_t {
+		IPFamily family;
+		union {
+			struct in_addr in4;
+			struct in6_addr in6;
+		} in;
+	};
+
+	struct subnet_t { addr_t prefix; uint8_t length; };
+
 	/**
 	 * This union is a subset of BroValUnion, including only the types we
 	 * can log directly. See IsCompatibleType().
@@ -75,8 +88,8 @@ struct Value {
 		double double_val;
 		set_t set_val;
 		vec_t vector_val;
-		IPAddr* addr_val;
+		addr_t addr_val;
-		IPPrefix* subnet_val;
+		subnet_t subnet_val;
 		string* string_val;
 	} val;
 
@@ -122,6 +135,7 @@ struct Value {
 	static bool IsCompatibleType(BroType* t, bool atomic_only=false);
 
 private:
+friend class ::IPAddr;
 	Value(const Value& other)	{ } // Disabled.
 };
 

testing/btest/Baseline/core.conn-uid/output.cc

@@ -1,43 +0,0 @@
-[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf
-[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], arKYeMETxOg
-[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], k6kgXLOoSKl
-[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], nQcgTWjvg4c
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif
-[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh
-[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal
-[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], 5OKnoww6xl4
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], VW0XPVINV8a
-[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6
-[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4
-[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], iE6yhOq3SF
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GSxOnSLghOa
-[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5
-[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4
-[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], h5DsfNtYzi1
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Tw8jXtpTGu6
-[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05
-[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq
-[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], GvmoxJFXdTa
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Q4FH8sESw5
-[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb
-[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], UfGkYA2HI2g
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], i2rO3KD1Syg
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], VW0XPVINV8a
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GSxOnSLghOa
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Tw8jXtpTGu6
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Q4FH8sESw5
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], i2rO3KD1Syg
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl
-[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], BWaU4aSuwkc
-[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 10XodEwRycf
-[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], zno26fFZkrh
-[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], v5rgkJBig5l
-[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], eWZCH7OONC1
-[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], 0Pwk3ntf8O3
-[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], 0HKorjr8Zp7

testing/btest/Baseline/core.conn-uid/output.cc2

@@ -1,43 +0,0 @@
-[orig_h=141.142.220.202, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], UWkUyAuUGXf
-[orig_h=fe80::217:f2ff:fed7:cf65, orig_p=5353/udp, resp_h=ff02::fb, resp_p=5353/udp], arKYeMETxOg
-[orig_h=141.142.220.50, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], k6kgXLOoSKl
-[orig_h=141.142.220.118, orig_p=35634/tcp, resp_h=208.80.152.2, resp_p=80/tcp], nQcgTWjvg4c
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif
-[orig_h=141.142.220.118, orig_p=48649/tcp, resp_h=208.80.152.118, resp_p=80/tcp], j4u32Pc5bif
-[orig_h=141.142.220.118, orig_p=43927/udp, resp_h=141.142.2.2, resp_p=53/udp], TEfuqmmG4bh
-[orig_h=141.142.220.118, orig_p=37676/udp, resp_h=141.142.2.2, resp_p=53/udp], FrJExwHcSal
-[orig_h=141.142.220.118, orig_p=40526/udp, resp_h=141.142.2.2, resp_p=53/udp], 5OKnoww6xl4
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], VW0XPVINV8a
-[orig_h=141.142.220.118, orig_p=32902/udp, resp_h=141.142.2.2, resp_p=53/udp], fRFu0wcOle6
-[orig_h=141.142.220.118, orig_p=59816/udp, resp_h=141.142.2.2, resp_p=53/udp], qSsw6ESzHV4
-[orig_h=141.142.220.118, orig_p=59714/udp, resp_h=141.142.2.2, resp_p=53/udp], iE6yhOq3SF
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GSxOnSLghOa
-[orig_h=141.142.220.118, orig_p=58206/udp, resp_h=141.142.2.2, resp_p=53/udp], qCaWGmzFtM5
-[orig_h=141.142.220.118, orig_p=38911/udp, resp_h=141.142.2.2, resp_p=53/udp], 70MGiRM1Qf4
-[orig_h=141.142.220.118, orig_p=59746/udp, resp_h=141.142.2.2, resp_p=53/udp], h5DsfNtYzi1
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Tw8jXtpTGu6
-[orig_h=141.142.220.118, orig_p=45000/udp, resp_h=141.142.2.2, resp_p=53/udp], c4Zw9TmAE05
-[orig_h=141.142.220.118, orig_p=48479/udp, resp_h=141.142.2.2, resp_p=53/udp], EAr0uf4mhq
-[orig_h=141.142.220.118, orig_p=48128/udp, resp_h=141.142.2.2, resp_p=53/udp], GvmoxJFXdTa
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Q4FH8sESw5
-[orig_h=141.142.220.118, orig_p=56056/udp, resp_h=141.142.2.2, resp_p=53/udp], slFea8xwSmb
-[orig_h=141.142.220.118, orig_p=55092/udp, resp_h=141.142.2.2, resp_p=53/udp], UfGkYA2HI2g
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], i2rO3KD1Syg
-[orig_h=141.142.220.118, orig_p=49997/tcp, resp_h=208.80.152.3, resp_p=80/tcp], VW0XPVINV8a
-[orig_h=141.142.220.118, orig_p=49996/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 3PKsZ2Uye21
-[orig_h=141.142.220.118, orig_p=49998/tcp, resp_h=208.80.152.3, resp_p=80/tcp], GSxOnSLghOa
-[orig_h=141.142.220.118, orig_p=50000/tcp, resp_h=208.80.152.3, resp_p=80/tcp], Tw8jXtpTGu6
-[orig_h=141.142.220.118, orig_p=49999/tcp, resp_h=208.80.152.3, resp_p=80/tcp], P654jzLoe3a
-[orig_h=141.142.220.118, orig_p=50001/tcp, resp_h=208.80.152.3, resp_p=80/tcp], 0Q4FH8sESw5
-[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp], i2rO3KD1Syg
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl
-[orig_h=141.142.220.235, orig_p=6705/tcp, resp_h=173.192.163.128, resp_p=80/tcp], 2cx26uAvUPl
-[orig_h=141.142.220.44, orig_p=5353/udp, resp_h=224.0.0.251, resp_p=5353/udp], BWaU4aSuwkc
-[orig_h=141.142.220.226, orig_p=137/udp, resp_h=141.142.220.255, resp_p=137/udp], 10XodEwRycf
-[orig_h=fe80::3074:17d5:2052:c324, orig_p=65373/udp, resp_h=ff02::1:3, resp_p=5355/udp], zno26fFZkrh
-[orig_h=141.142.220.226, orig_p=55131/udp, resp_h=224.0.0.252, resp_p=5355/udp], v5rgkJBig5l
-[orig_h=fe80::3074:17d5:2052:c324, orig_p=54213/udp, resp_h=ff02::1:3, resp_p=5355/udp], eWZCH7OONC1
-[orig_h=141.142.220.226, orig_p=55671/udp, resp_h=224.0.0.252, resp_p=5355/udp], 0Pwk3ntf8O3
-[orig_h=141.142.220.238, orig_p=56641/udp, resp_h=141.142.220.255, resp_p=137/udp], 0HKorjr8Zp7

testing/btest/Baseline/istate.broccoli-ipv6/bro..stdout

@@ -0,0 +1,9 @@
+handshake done with peer
+bro_addr(1.2.3.4)
+bro_subnet(10.0.0.0/16)
+bro_addr(2607:f8b0:4009:802::1014)
+bro_subnet(2607:f8b0::/32)
+broccoli_addr(1.2.3.4)
+broccoli_subnet(10.0.0.0/16)
+broccoli_addr(2607:f8b0:4009:802::1014)
+broccoli_subnet(2607:f8b0::/32)

testing/btest/Baseline/istate.broccoli-ipv6/broccoli..stdout

@@ -0,0 +1,6 @@
+Connected to Bro instance at: localhost:47757
+Received bro_addr(1.2.3.4)
+Received bro_subnet(10.0.0.0/16)
+Received bro_addr(2607:f8b0:4009:802::1014)
+Received bro_subnet(2607:f8b0::/32)
+Terminating

testing/btest/Baseline/istate.pybroccoli/bro..stdout

@@ -1,14 +1,16 @@
 ==== atomic
 -10
 2
-1313624487.48817
+1330035434.516896
 2.0 mins
 F
 1.5
 Servus
 5555/tcp
 6.7.6.5
+2001:db8:85a3::8a2e:370:7334
 192.168.0.0/16
+2001:db8:85a3::/48
 ==== record
 [a=42, b=6.6.7.7]
 42, 6.6.7.7

testing/btest/Baseline/istate.pybroccoli/python..stdout.filtered

@@ -1,7 +1,7 @@
 ==== atomic a 1 ====
 -4L -4
 42 42
-1313624487.4889
+1330035434.5180
 60.0
 True True
 3.14
@@ -9,10 +9,12 @@ True True
 '12345/udp' 12345/udp
 '1.2.3.4' 1.2.3.4
 '22.33.44.0/24' 22.33.44.0/24
+'2607:f8b0:4009:802::1014' 2607:f8b0:4009:802::1014
+'2607:f8b0::/32' 2607:f8b0::/32
 ==== atomic a 2 ====
 -10L -10
 2 2
-1313624487.4882
+1330035434.5169
 120.0
 False False
 1.5
@@ -20,10 +22,12 @@ False False
 '5555/tcp' 5555/tcp
 '6.7.6.5' 6.7.6.5
 '192.168.0.0/16' 192.168.0.0/16
+'2001:db8:85a3::8a2e:370:7334' 2001:db8:85a3::8a2e:370:7334
+'2001:db8:85a3::/48' 2001:db8:85a3::/48
 ==== atomic b 2 ====
 -10L -10
 <broccoli.count instance at > 2
-<broccoli.time instance at > 1313624487.4882
+<broccoli.time instance at > 1330035434.5169
 <broccoli.interval instance at > 120.0
 False False
 1.5
@@ -31,6 +35,8 @@ False False
 <broccoli.port instance at > 5555/tcp
 <broccoli.addr instance at > 6.7.6.5
 <broccoli.subnet instance at > 192.168.0.0/16
+<broccoli.addr instance at > 2001:db8:85a3::8a2e:370:7334
+<broccoli.subnet instance at > 2001:db8:85a3::/48
 ==== record 1 ====
 <broccoli.record instance at >
 42L 42

testing/btest/analyzers/conn-size.bro

@@ -1,2 +1,2 @@
-# @TEST-EXEC: bro -C -r ${TRACES}/conn-size.trace tcp udp icmp report_conn_size_analyzer=T use_connection_compressor=F
+# @TEST-EXEC: bro -C -r ${TRACES}/conn-size.trace tcp udp icmp report_conn_size_analyzer=T
 # @TEST-EXEC: btest-diff conn.log

testing/btest/core/conn-uid.bro

@@ -9,17 +9,6 @@
 # @TEST-EXEC: unset BRO_SEED_FILE &&  bro -C -r $TRACES/wikipedia.trace %INPUT >output2
 # @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l | sed 's/ //g' >counts
 # @TEST-EXEC: btest-diff counts
-#
-# Make sure it works without the connection compressor as well.
-#
-# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT use_connection_compressor=F >output.cc
-# @TEST-EXEC: btest-diff output.cc
-#
-# Make sure it works with the full connection compressor as well.
-#
-# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT cc_handle_only_syns=F >output.cc2
-# @TEST-EXEC: btest-diff output.cc2
-
 
 event new_connection(c: connection)
 	{

testing/btest/istate/broccoli-ipv6.bro

@@ -0,0 +1,13 @@
+# @TEST-REQUIRES: test -e $BUILD/aux/broccoli/src/libbroccoli.so || test -e $BUILD/aux/broccoli/src/libbroccoli.dylib
+#
+# @TEST-EXEC: btest-bg-run bro bro %INPUT $DIST/aux/broccoli/test/broccoli-v6addrs.bro
+# @TEST-EXEC: btest-bg-run broccoli $BUILD/aux/broccoli/test/broccoli-v6addrs
+# @TEST-EXEC: btest-bg-wait -k 20
+# @TEST-EXEC: btest-diff bro/.stdout
+# @TEST-EXEC: btest-diff broccoli/.stdout
+
+event remote_connection_closed(p: event_peer)
+	{
+	terminate();
+	}
+