BIT-1240: Fix MIME entity file data/gap ordering.

MIME entities buffered data and passed it along to protocol analyzers in
discrete amounts, but a gap is always passed along right away, so the
ordering of these "events" can cause incorrect file analysis.  The
change here is to never leave any MIME data buffered -- it should now be
passed along line by line as it is seen, but may still temporarily make
use of a buffer allocated by the analyzer as it works on decoding
content.

src/analyzer/protocol/mime/MIME.cc

@@ -643,11 +643,7 @@ void MIME_Entity::EndOfData()
 		if ( content_encoding == CONTENT_ENCODING_BASE64 )
 			FinishDecodeBase64();
 
-		if ( data_buf_offset > 0 )
+		FlushData();
-			{
-			SubmitData(data_buf_offset, data_buf_data);
-			data_buf_offset = -1;
-			}
 		}
 
 	message->EndEntity (this);
@@ -1001,6 +997,7 @@ void MIME_Entity::DecodeDataLine(int len, const char* data, int trailing_CRLF)
 			DecodeBinary(len, data, trailing_CRLF);
 			break;
 	}
+	FlushData();
 	}
 
 void MIME_Entity::DecodeBinary(int len, const char* data, int trailing_CRLF)
@@ -1179,6 +1176,15 @@ void MIME_Entity::DataOctets(int len, const char* data)
 		}
 	}
 
+void MIME_Entity::FlushData()
+	{
+	if ( data_buf_offset > 0 )
+		{
+		SubmitData(data_buf_offset, data_buf_data);
+		data_buf_offset = -1;
+		}
+	}
+
 void MIME_Entity::SubmitHeader(MIME_Header* h)
 	{
 	message->SubmitHeader(h);

src/analyzer/protocol/mime/MIME.h

@@ -133,6 +133,7 @@ protected:
 	int GetDataBuffer();
 	void DataOctet(char ch);
 	void DataOctets(int len, const char* data);
+	void FlushData();
 	virtual void SubmitData(int len, const char* buf);
 
 	virtual void SubmitHeader(MIME_Header* h);

src/file_analysis/File.cc

@@ -437,7 +437,7 @@ void File::EndOfFile()
 void File::Gap(uint64 offset, uint64 len)
 	{
 	DBG_LOG(DBG_FILE_ANALYSIS, "[%s] Gap of size %" PRIu64 " at offset %" PRIu64,
-		id.c_str(), offset, len);
+		id.c_str(), len, offset);
 
 	analyzers.DrainModifications();
 

testing/btest/Baseline/scripts.base.frameworks.file-analysis.actions.data_event/out

@@ -5,16 +5,22 @@ FILE_BOF_BUFFER
 MIME_TYPE
 text/plain
 FILE_OVER_NEW_CONNECTION
-file_stream, file #0, 1500, ^J0.26 | 2012-08-24 15:10:04 -0700^J^J  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)^J^J  * Fixing GPG signing script. (Robin Sommer)^J^J0.25 | 2012-08-01 13:55:46 -0500^J^J  * Fix configure script to exit with non-zero status on error (Jon Siwek)^J^J0.24 | 2012-07-05 12:50:43 -0700^J^J  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)^J^J  * Adding script to delete old fully-merged branches. (Robin Sommer)^J^J0.23-2 | 2012-01-25 13:24:01 -0800^J^J  * Fix a bro-cut error message. (Daniel Thayer)^J^J0.23 | 2012-01-11 12:16:11 -0800^J^J  * Tweaks to release scripts, plus a new one for signing files.^J    (Robin Sommer)^J^J0.22 | 2012-01-10 16:45:19 -0800^J^J  * Tweaks for OpenBSD support. (Jon Siwek)^J^J  * bro-cut extensions and fixes.  (Robin Sommer)^J    ^J    - If no field names are given on the command line, we now pass through^J      all fields. Adresses #657.^J^J    - Removing some GNUism from awk script. Addresses #653.^J^J    - Added option for time output in UTC. Addresses #668.^J^J    - Added output field separator option -F. Addresses #649.^J^J    - Fixing option -c: only some header lines were passed through^J      rather than all. (Robin Sommer)^J^J  * Fix parallel make portability. (Jon Siwek)^J^J0.21-9 | 2011-11-07 05:44:14 -0800^J^J  * Fixing compiler warnings. Addresses #388. (Jon Siwek)^J^J0.21-2 | 2011-11-02 18:12:13 -0700^J^J  * Fix for misnaming temp file in update-changes script. (Robin Sommer)^J^J0.21-1 | 2011-11-02 18:10:39 -0700^J^J  * Little fix for make-relea
+file_stream, file #0, 1146, ^J0.26 | 2012-08-24 15:10:04 -0700^J^J  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)^J^J  * Fixing GPG signing script. (Robin Sommer)^J^J0.25 | 2012-08-01 13:55:46 -0500^J^J  * Fix configure script to exit with non-zero status on error (Jon Siwek)^J^J0.24 | 2012-07-05 12:50:43 -0700^J^J  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)^J^J  * Adding script to delete old fully-merged branches. (Robin Sommer)^J^J0.23-2 | 2012-01-25 13:24:01 -0800^J^J  * Fix a bro-cut error message. (Daniel Thayer)^J^J0.23 | 2012-01-11 12:16:11 -0800^J^J  * Tweaks to release scripts, plus a new one for signing files.^J    (Robin Sommer)^J^J0.22 | 2012-01-10 16:45:19 -0800^J^J  * Tweaks for OpenBSD support. (Jon Siwek)^J^J  * bro-cut extensions and fixes.  (Robin Sommer)^J    ^J    - If no field names are given on the command line, we now pass through^J      all fields. Adresses #657.^J^J    - Removing some GNUism from awk script. Addresses #653.^J^J    - Added option for time output in UTC. Addresses #668.^J^J    - Added output field separator option -F. Addresses #649.^J^J    - Fixing option -c: only some header lines were passed through^J   
-file_chunk, file #0, 1500, 0, ^J0.26 | 2012-08-24 15:10:04 -0700^J^J  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)^J^J  * Fixing GPG signing script. (Robin Sommer)^J^J0.25 | 2012-08-01 13:55:46 -0500^J^J  * Fix configure script to exit with non-zero status on error (Jon Siwek)^J^J0.24 | 2012-07-05 12:50:43 -0700^J^J  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)^J^J  * Adding script to delete old fully-merged branches. (Robin Sommer)^J^J0.23-2 | 2012-01-25 13:24:01 -0800^J^J  * Fix a bro-cut error message. (Daniel Thayer)^J^J0.23 | 2012-01-11 12:16:11 -0800^J^J  * Tweaks to release scripts, plus a new one for signing files.^J    (Robin Sommer)^J^J0.22 | 2012-01-10 16:45:19 -0800^J^J  * Tweaks for OpenBSD support. (Jon Siwek)^J^J  * bro-cut extensions and fixes.  (Robin Sommer)^J    ^J    - If no field names are given on the command line, we now pass through^J      all fields. Adresses #657.^J^J    - Removing some GNUism from awk script. Addresses #653.^J^J    - Added option for time output in UTC. Addresses #668.^J^J    - Added output field separator option -F. Addresses #649.^J^J    - Fixing option -c: only some header lines were passed through^J      rather than all. (Robin Sommer)^J^J  * Fix parallel make portability. (Jon Siwek)^J^J0.21-9 | 2011-11-07 05:44:14 -0800^J^J  * Fixing compiler warnings. Addresses #388. (Jon Siwek)^J^J0.21-2 | 2011-11-02 18:12:13 -0700^J^J  * Fix for misnaming temp file in update-changes script. (Robin Sommer)^J^J0.21-1 | 2011-11-02 18:10:39 -0700^J^J  * Little fix for make-relea
+file_chunk, file #0, 1146, 0, ^J0.26 | 2012-08-24 15:10:04 -0700^J^J  * Fixing update-changes, which could pick the wrong control file. (Robin Sommer)^J^J  * Fixing GPG signing script. (Robin Sommer)^J^J0.25 | 2012-08-01 13:55:46 -0500^J^J  * Fix configure script to exit with non-zero status on error (Jon Siwek)^J^J0.24 | 2012-07-05 12:50:43 -0700^J^J  * Raise minimum required CMake version to 2.6.3 (Jon Siwek)^J^J  * Adding script to delete old fully-merged branches. (Robin Sommer)^J^J0.23-2 | 2012-01-25 13:24:01 -0800^J^J  * Fix a bro-cut error message. (Daniel Thayer)^J^J0.23 | 2012-01-11 12:16:11 -0800^J^J  * Tweaks to release scripts, plus a new one for signing files.^J    (Robin Sommer)^J^J0.22 | 2012-01-10 16:45:19 -0800^J^J  * Tweaks for OpenBSD support. (Jon Siwek)^J^J  * bro-cut extensions and fixes.  (Robin Sommer)^J    ^J    - If no field names are given on the command line, we now pass through^J      all fields. Adresses #657.^J^J    - Removing some GNUism from awk script. Addresses #653.^J^J    - Added option for time output in UTC. Addresses #668.^J^J    - Added output field separator option -F. Addresses #649.^J^J    - Fixing option -c: only some header lines were passed through^J   
+file_stream, file #0, 354,    rather than all. (Robin Sommer)^J^J  * Fix parallel make portability. (Jon Siwek)^J^J0.21-9 | 2011-11-07 05:44:14 -0800^J^J  * Fixing compiler warnings. Addresses #388. (Jon Siwek)^J^J0.21-2 | 2011-11-02 18:12:13 -0700^J^J  * Fix for misnaming temp file in update-changes script. (Robin Sommer)^J^J0.21-1 | 2011-11-02 18:10:39 -0700^J^J  * Little fix for make-relea
+file_chunk, file #0, 354, 1146,    rather than all. (Robin Sommer)^J^J  * Fix parallel make portability. (Jon Siwek)^J^J0.21-9 | 2011-11-07 05:44:14 -0800^J^J  * Fixing compiler warnings. Addresses #388. (Jon Siwek)^J^J0.21-2 | 2011-11-02 18:12:13 -0700^J^J  * Fix for misnaming temp file in update-changes script. (Robin Sommer)^J^J0.21-1 | 2011-11-02 18:10:39 -0700^J^J  * Little fix for make-relea
 file_stream, file #0, 1024, se script, which could pick out the wrong^J    tag. (Robin Sommer)^J^J0.21 | 2011-10-27 17:40:45 -0700^J^J  * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)^J^J  * Bugfix in update-changes script. (Robin Sommer)^J^J  * update-changes now ignores commits it did itself. (Robin Sommer)^J^J  * Fix a bug in the update-changes script. (Robin Sommer)^J^J  * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)^J^J  * Options to adjust time format for bro-cut. (Robin Sommer)^J^J    The default with -d is now ISO format. The new option "-D <fmt>"^J    specifies a custom strftime()-style format string. Alternatively,^J    the environment variable BRO_CUT_TIMEFMT can set the format as^J    well.^J^J  * bro-cut now understands the field separator header. (Robin Sommer)^J^J  * Renaming options -h/-H -> -c/-C, and doing some general cleanup.^J^J0.2 | 2011-10-25 19:53:57 -0700^J^J  * Adding support for replacing version string in a setup.py. (Robin^J    Sommer)^J^J  * Change generated root cert DN indices f
 file_chunk, file #0, 1024, 1500, se script, which could pick out the wrong^J    tag. (Robin Sommer)^J^J0.21 | 2011-10-27 17:40:45 -0700^J^J  * Fixing bro-cut's usage message and argument error handling. (Robin Sommer)^J^J  * Bugfix in update-changes script. (Robin Sommer)^J^J  * update-changes now ignores commits it did itself. (Robin Sommer)^J^J  * Fix a bug in the update-changes script. (Robin Sommer)^J^J  * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek)^J^J  * Options to adjust time format for bro-cut. (Robin Sommer)^J^J    The default with -d is now ISO format. The new option "-D <fmt>"^J    specifies a custom strftime()-style format string. Alternatively,^J    the environment variable BRO_CUT_TIMEFMT can set the format as^J    well.^J^J  * bro-cut now understands the field separator header. (Robin Sommer)^J^J  * Renaming options -h/-H -> -c/-C, and doing some general cleanup.^J^J0.2 | 2011-10-25 19:53:57 -0700^J^J  * Adding support for replacing version string in a setup.py. (Robin^J    Sommer)^J^J  * Change generated root cert DN indices f
-file_stream, file #0, 476, ormat for RFC2253^J    compliance. (Jon Siwek)^J^J  * New tool devel-tools/check-release to run before making releases.^J    (Robin Sommer)^J^J  * devel-tools/update-changes gets a new option -a to amend to^J    previous commit if possible. Default is now not to (used to be the^J    opposite). (Robin Sommer)^J^J  * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)^J^J  * Change distclean to only remove build dir. (Jon Siwek)^J^J  * Make dist now cleans the 
+file_stream, file #0, 70, ormat for RFC2253^J    compliance. (Jon Siwek)^J^J  * New tool devel-tool
-file_chunk, file #0, 476, 2524, ormat for RFC2253^J    compliance. (Jon Siwek)^J^J  * New tool devel-tools/check-release to run before making releases.^J    (Robin Sommer)^J^J  * devel-tools/update-changes gets a new option -a to amend to^J    previous commit if possible. Default is now not to (used to be the^J    opposite). (Robin Sommer)^J^J  * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)^J^J  * Change distclean to only remove build dir. (Jon Siwek)^J^J  * Make dist now cleans the 
+file_chunk, file #0, 70, 2524, ormat for RFC2253^J    compliance. (Jon Siwek)^J^J  * New tool devel-tool
+file_stream, file #0, 406, s/check-release to run before making releases.^J    (Robin Sommer)^J^J  * devel-tools/update-changes gets a new option -a to amend to^J    previous commit if possible. Default is now not to (used to be the^J    opposite). (Robin Sommer)^J^J  * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)^J^J  * Change distclean to only remove build dir. (Jon Siwek)^J^J  * Make dist now cleans the 
+file_chunk, file #0, 406, 2594, s/check-release to run before making releases.^J    (Robin Sommer)^J^J  * devel-tools/update-changes gets a new option -a to amend to^J    previous commit if possible. Default is now not to (used to be the^J    opposite). (Robin Sommer)^J^J  * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek)^J^J  * Change distclean to only remove build dir. (Jon Siwek)^J^J  * Make dist now cleans the 
 file_stream, file #0, 1024, copied source (Jon Siwek)^J^J  * Small tweak to make-release for forced git-clean. (Jon Siwek)^J^J  * Fix to not let updates scripts loose their executable permissions.^J    (Robin Sommer)^J^J  * devel-tools/update-changes now looks for a 'release' tag to^J    idenfify the stable version, and 'beta' for the beta versions.^J    (Robin Sommer).^J^J  * Distribution cleanup. (Robin Sommer)^J^J  * New script devel-tools/make-release to create source tar balls.^J    (Robin Sommer)^J^J  * Removing bdcat. With the new log format, this isn't very useful^J    anymore. (Robin Sommer)^J^J  * Adding script that shows all pending git fastpath commits. (Robin^J    Sommer)^J^J  * Script to measure CPU time by loading an increasing set of^J    scripts. (Robin Sommer)^J^J  * extract-conn script now deals wit *.gz files. (Robin Sommer)^J^J  * Tiny update to output a valid CA list file for SSL cert^J    validation. (Seth Hall)^J^J  * Adding "install-aux" target. Addresses #622. (Jon Siwek)^J^J  * Distribution cleanup. (Jon Siwek and Robin Sommer)^J^J  * FindPCAP
 file_chunk, file #0, 1024, 3000, copied source (Jon Siwek)^J^J  * Small tweak to make-release for forced git-clean. (Jon Siwek)^J^J  * Fix to not let updates scripts loose their executable permissions.^J    (Robin Sommer)^J^J  * devel-tools/update-changes now looks for a 'release' tag to^J    idenfify the stable version, and 'beta' for the beta versions.^J    (Robin Sommer).^J^J  * Distribution cleanup. (Robin Sommer)^J^J  * New script devel-tools/make-release to create source tar balls.^J    (Robin Sommer)^J^J  * Removing bdcat. With the new log format, this isn't very useful^J    anymore. (Robin Sommer)^J^J  * Adding script that shows all pending git fastpath commits. (Robin^J    Sommer)^J^J  * Script to measure CPU time by loading an increasing set of^J    scripts. (Robin Sommer)^J^J  * extract-conn script now deals wit *.gz files. (Robin Sommer)^J^J  * Tiny update to output a valid CA list file for SSL cert^J    validation. (Seth Hall)^J^J  * Adding "install-aux" target. Addresses #622. (Jon Siwek)^J^J  * Distribution cleanup. (Jon Siwek and Robin Sommer)^J^J  * FindPCAP
-file_stream, file #0, 476,  now links against thread library when necessary (e.g.^J    PF_RING's libpcap) (Jon Siwek)^J^J  * Install binaries with an RPATH (Jon Siwek)^J^J  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)^J^J  * Rewrite of the update-changes script. (Robin Sommer)^J^J0.1-1 | 2011-06-14 21:12:41 -0700^J^J  * Add a script for generating Mozilla's CA list for the SSL analyzer.^J    (Seth Hall)^J^J0.1 | 2011-04-01 16:28:22 -0700^J^J  * Converting build process to CMake. (Jon Siwek)^J
+file_stream, file #0, 18,  now links against
-file_chunk, file #0, 476, 4024,  now links against thread library when necessary (e.g.^J    PF_RING's libpcap) (Jon Siwek)^J^J  * Install binaries with an RPATH (Jon Siwek)^J^J  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)^J^J  * Rewrite of the update-changes script. (Robin Sommer)^J^J0.1-1 | 2011-06-14 21:12:41 -0700^J^J  * Add a script for generating Mozilla's CA list for the SSL analyzer.^J    (Seth Hall)^J^J0.1 | 2011-04-01 16:28:22 -0700^J^J  * Converting build process to CMake. (Jon Siwek)^J
+file_chunk, file #0, 18, 4024,  now links against
+file_stream, file #0, 458,  thread library when necessary (e.g.^J    PF_RING's libpcap) (Jon Siwek)^J^J  * Install binaries with an RPATH (Jon Siwek)^J^J  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)^J^J  * Rewrite of the update-changes script. (Robin Sommer)^J^J0.1-1 | 2011-06-14 21:12:41 -0700^J^J  * Add a script for generating Mozilla's CA list for the SSL analyzer.^J    (Seth Hall)^J^J0.1 | 2011-04-01 16:28:22 -0700^J^J  * Converting build process to CMake. (Jon Siwek)^J
+file_chunk, file #0, 458, 4042,  thread library when necessary (e.g.^J    PF_RING's libpcap) (Jon Siwek)^J^J  * Install binaries with an RPATH (Jon Siwek)^J^J  * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek)^J^J  * Rewrite of the update-changes script. (Robin Sommer)^J^J0.1-1 | 2011-06-14 21:12:41 -0700^J^J  * Add a script for generating Mozilla's CA list for the SSL analyzer.^J    (Seth Hall)^J^J0.1 | 2011-04-01 16:28:22 -0700^J^J  * Converting build process to CMake. (Jon Siwek)^J
 file_stream, file #0, 205, ^J  * Removing cf/hf/ca-* from distribution. The README has a note where^J    to find them now. (Robin Sommer)^J^J  * General cleanup. (Robin Sommer)^J^J  * Initial import of bro/aux from SVN r7088. (Jon Siwek)^J
 file_chunk, file #0, 205, 4500, ^J  * Removing cf/hf/ca-* from distribution. The README has a note where^J    to find them now. (Robin Sommer)^J^J  * General cleanup. (Robin Sommer)^J^J  * Initial import of bro/aux from SVN r7088. (Jon Siwek)^J
 FILE_STATE_REMOVE

testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.register_mime_type/files.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	files
-#open	2014-07-21-14-26-07
+#open	2014-09-08-21-50-32
 #fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted
 #types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string
-1362692527.009721	FakNcS1Jfe01uljb3	192.150.187.43	141.142.228.5	CXWv6p3arKYeMETxOg	HTTP	0	MD5	text/plain	-	0.000054	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	-	-	-
+1362692527.009512	FakNcS1Jfe01uljb3	192.150.187.43	141.142.228.5	CXWv6p3arKYeMETxOg	HTTP	0	MD5	text/plain	-	0.000263	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	-	-	-
-#close	2014-07-21-14-26-07
+#close	2014-09-08-21-50-32

testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	files
-#open	2014-04-01-23-13-35
+#open	2014-09-08-21-55-01
 #fields	ts	fuid	tx_hosts	rx_hosts	conn_uids	source	depth	analyzers	mime_type	filename	duration	local_orig	is_orig	seen_bytes	total_bytes	missing_bytes	overflow_bytes	timedout	parent_fuid	md5	sha1	sha256	extracted
 #types	time	string	set[addr]	set[addr]	set[string]	string	count	set[string]	string	string	interval	bool	bool	count	count	count	count	bool	string	string	string	string	string
-1362692527.009721	FakNcS1Jfe01uljb3	192.150.187.43	141.142.228.5	CXWv6p3arKYeMETxOg	HTTP	0	SHA256,DATA_EVENT,MD5,EXTRACT,SHA1	text/plain	-	0.000054	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	1dd7ac0398df6cbc0696445a91ec681facf4dc47	4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18	FakNcS1Jfe01uljb3-file
+1362692527.009512	FakNcS1Jfe01uljb3	192.150.187.43	141.142.228.5	CXWv6p3arKYeMETxOg	HTTP	0	SHA256,DATA_EVENT,MD5,EXTRACT,SHA1	text/plain	-	0.000263	-	F	4705	4705	0	0	F	-	397168fd09991a0e712254df7bc639ac	1dd7ac0398df6cbc0696445a91ec681facf4dc47	4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18	FakNcS1Jfe01uljb3-file
-#close	2014-04-01-23-13-35
+#close	2014-09-08-21-55-01

testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log

@@ -55,6 +55,18 @@
 1254722770.692743 mime_one_header
 1254722770.692743 mime_one_header
 1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
 1254722770.692743 mime_end_entity
 1254722770.692743 get_file_handle
 1254722770.692743 file_new
@@ -64,9 +76,83 @@
 1254722770.692743 mime_begin_entity
 1254722770.692743 mime_one_header
 1254722770.692743 mime_one_header
+1254722770.692743 get_file_handle
+1254722770.692743 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
 1254722770.692786 get_file_handle
 1254722770.692786 file_new
 1254722770.692786 file_over_new_connection
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692786 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
 1254722770.692804 get_file_handle
 1254722770.692804 mime_end_entity
 1254722770.692804 get_file_handle
@@ -79,20 +165,331 @@
 1254722770.692804 mime_one_header
 1254722770.692804 mime_one_header
 1254722770.692804 mime_one_header
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692804 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
 1254722770.692823 get_file_handle
 1254722770.692823 file_new
 1254722770.692823 file_over_new_connection
 1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
+1254722770.692823 get_file_handle
 1254722770.695115 new_connection
 1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.469814 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
+1254722771.494181 get_file_handle
 1254722771.494181 get_file_handle
 1254722771.494181 get_file_handle
 1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.494199 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
+1254722771.834628 get_file_handle
 1254722771.834628 get_file_handle
 1254722771.834655 get_file_handle
 1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.834655 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
+1254722771.858316 get_file_handle
 1254722771.858316 get_file_handle
-1254722771.858334 get_file_handle
 1254722771.858334 mime_end_entity
 1254722771.858334 get_file_handle
 1254722771.858334 file_state_remove