From 854c6252753a2a5618c3cc3a86ddb7c3d06da68a Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@ncsa.illinois.edu>
Date: Tue, 5 Jun 2012 15:07:56 -0500
Subject: [PATCH] Add Teredo-specific events.

These are called "teredo_packet", "teredo_authentication",
"teredo_origin_indication", and "teredo_bubble" and may be raised
on a per-packet basis depending on Teredo encapsulation method.
---
 scripts/base/init-bare.bro                    |  36 ++++++++
 src/Teredo.cc                                 |  68 +++++++++++++-
 src/Teredo.h                                  |   2 +
 src/event.bif                                 |  55 ++++++++++++
 .../Baseline/core.tunnels.teredo/conn.log     |  28 ++++++
 .../Baseline/core.tunnels.teredo/http.log     |  11 +++
 .../btest/Baseline/core.tunnels.teredo/output |  83 ++++++++++++++++++
 .../Baseline/core.tunnels.teredo/tunnel.log   |  13 +++
 testing/btest/Traces/tunnels/Teredo.pcap      | Bin 0 -> 26297 bytes
 testing/btest/core/tunnels/teredo.bro         |  35 ++++++++
 10 files changed, 330 insertions(+), 1 deletion(-)
 create mode 100644 testing/btest/Baseline/core.tunnels.teredo/conn.log
 create mode 100644 testing/btest/Baseline/core.tunnels.teredo/http.log
 create mode 100644 testing/btest/Baseline/core.tunnels.teredo/output
 create mode 100644 testing/btest/Baseline/core.tunnels.teredo/tunnel.log
 create mode 100644 testing/btest/Traces/tunnels/Teredo.pcap
 create mode 100644 testing/btest/core/tunnels/teredo.bro

diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index 70905824f3..5ca9cdf330 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -1347,6 +1347,42 @@ type pkt_hdr: record {
 	icmp: icmp_hdr &optional;		##< The ICMP header if an ICMP packet.
 };
 
+## A Teredo origin indication header.  See :rfc:`4380` for more information
+## about the Teredo protocol.
+##
+## .. bro:see:: teredo_bubble teredo_origin_indication teredo_authentication
+##    teredo_hdr
+type teredo_auth: record {
+	id:      string;  ##< Teredo client identifier.
+	value:   string;  ##< HMAC-SHA1 over shared secret key between client and
+	                  ##< server, nonce, confirmation byte, origin indication
+	                  ##< (if present), and the IPv6 packet.
+	nonce:   count;   ##< Nonce chosen by Teredo client to be repeated by
+	                  ##< Teredo server.
+	confirm: count;   ##< Confirmation byte to be set to 0 by Teredo client
+	                  ##< and non-zero by server if client needs new key.
+};
+
+## A Teredo authentication header.  See :rfc:`4380` for more information
+## about the Teredo protocol.
+##
+## .. bro:see:: teredo_bubble teredo_origin_indication teredo_authentication
+##    teredo_hdr
+type teredo_origin: record {
+	p: port; ##< Unobfuscated UDP port of Teredo client.
+	a: addr; ##< Unobfuscated IPv4 address of Teredo client.
+};
+
+## A Teredo packet header.  See :rfc:`4380` for more information about the
+## Teredo protocol.
+##
+## .. bro:see:: teredo_bubble teredo_origin_indication teredo_authentication
+type teredo_hdr: record {
+	auth:   teredo_auth &optional;   ##< Teredo authentication header.
+	origin: teredo_origin &optional; ##< Teredo origin indication header.
+	hdr:    pkt_hdr;                 ##< IPv6 and transport protocol headers.
+};
+
 ## Definition of "secondary filters". A secondary filter is a BPF filter given as
 ## index in this table. For each such filter, the corresponding event is raised for
 ## all matching packets.
diff --git a/src/Teredo.cc b/src/Teredo.cc
index 92cdc7f64f..945e54ee18 100644
--- a/src/Teredo.cc
+++ b/src/Teredo.cc
@@ -88,6 +88,51 @@ bool TeredoEncapsulation::DoParse(const u_char* data, int& len,
 	return false;
 	}
 
+RecordVal* TeredoEncapsulation::BuildVal(const IP_Hdr* inner) const
+	{
+	static RecordType* teredo_hdr_type = 0;
+	static RecordType* teredo_auth_type = 0;
+	static RecordType* teredo_origin_type = 0;
+
+	if ( ! teredo_hdr_type )
+		{
+		teredo_hdr_type = internal_type("teredo_hdr")->AsRecordType();
+		teredo_auth_type = internal_type("teredo_auth")->AsRecordType();
+		teredo_origin_type = internal_type("teredo_origin")->AsRecordType();
+		}
+
+	RecordVal* teredo_hdr = new RecordVal(teredo_hdr_type);
+
+	if ( auth )
+		{
+		RecordVal* teredo_auth = new RecordVal(teredo_auth_type);
+		uint8 id_len = *((uint8*)(auth + 2));
+		uint8 au_len = *((uint8*)(auth + 3));
+		uint64 nonce = ntohll(*((uint64*)(auth + 4 + id_len + au_len)));
+		uint8 conf = *((uint8*)(auth + 4 + id_len + au_len + 8));
+		teredo_auth->Assign(0, new StringVal(
+		    new BroString(auth + 4, id_len, 1)));
+		teredo_auth->Assign(1, new StringVal(
+		    new BroString(auth + 4 + id_len, au_len, 1)));
+		teredo_auth->Assign(2, new Val(nonce, TYPE_COUNT));
+		teredo_auth->Assign(3, new Val(conf, TYPE_COUNT));
+		teredo_hdr->Assign(0, teredo_auth);
+		}
+
+	if ( origin_indication )
+		{
+		RecordVal* teredo_origin = new RecordVal(teredo_origin_type);
+		uint16 port = ntohs(*((uint16*)(origin_indication + 2))) ^ 0xFFFF;
+		uint32 addr = ntohl(*((uint32*)(origin_indication + 4))) ^ 0xFFFFFFFF;
+		teredo_origin->Assign(0, new PortVal(port, TRANSPORT_UDP));
+		teredo_origin->Assign(1, new AddrVal(htonl(addr)));
+		teredo_hdr->Assign(1, teredo_origin);
+		}
+
+	teredo_hdr->Assign(2, inner->BuildPktHdrVal());
+	return teredo_hdr;
+	}
+
 void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
                                     int seq, const IP_Hdr* ip, int caplen)
 	{
@@ -121,7 +166,28 @@ void Teredo_Analyzer::DeliverPacket(int len, const u_char* data, bool orig,
 
 	if ( rslt != 0 ) return;
 
-	// TODO: raise Teredo-specific events for bubbles, origin/authentication
+	Val* teredo_hdr = 0;
+
+	if ( teredo_packet )
+		{
+		teredo_hdr = te.BuildVal(inner);
+		Conn()->Event(teredo_packet, 0, teredo_hdr);
+		}
+	if ( te.Authentication() && teredo_authentication )
+		{
+		teredo_hdr = teredo_hdr ? teredo_hdr->Ref() : te.BuildVal(inner);
+		Conn()->Event(teredo_authentication, 0, teredo_hdr);
+		}
+	if ( te.OriginIndication() && teredo_origin_indication )
+		{
+		teredo_hdr = teredo_hdr ? teredo_hdr->Ref() : te.BuildVal(inner);
+		Conn()->Event(teredo_origin_indication, 0, teredo_hdr);
+		}
+	if ( inner->NextProto() == IPPROTO_NONE && teredo_bubble )
+		{
+		teredo_hdr = teredo_hdr ? teredo_hdr->Ref() : te.BuildVal(inner);
+		Conn()->Event(teredo_bubble, 0, teredo_hdr);
+		}
 
 	Encapsulation* outer = new Encapsulation(e);
 	EncapsulatingConn ec(Conn(), BifEnum::Tunnel::TEREDO);
diff --git a/src/Teredo.h b/src/Teredo.h
index 554e97f29a..84ff8ddf38 100644
--- a/src/Teredo.h
+++ b/src/Teredo.h
@@ -62,6 +62,8 @@ public:
 	const u_char* Authentication() const
 		{ return auth; }
 
+	RecordVal* BuildVal(const IP_Hdr* inner) const;
+
 protected:
 	bool DoParse(const u_char* data, int& len, bool found_orig, bool found_au);
 
diff --git a/src/event.bif b/src/event.bif
index c4ed03e013..8d39af0ba2 100644
--- a/src/event.bif
+++ b/src/event.bif
@@ -511,6 +511,61 @@ event esp_packet%(p: pkt_hdr%);
 ## .. bro:see:: new_packet tcp_packet ipv6_ext_headers
 event mobile_ipv6_message%(p: pkt_hdr%);
 
+## Genereated for any IPv6 packet encapsulated in a Teredo tunnel.
+## See :rfc:`4380` for more information about the Teredo protocol.
+##
+## outer: The Teredo tunnel connection.
+##
+## inner: The Teredo-encapsulated IPv6 packet header and transport header.
+##
+## .. bro:see:: teredo_authentication teredo_origin_indication teredo_bubble
+##
+## .. note:: Since this event may be raised on a per-packet basis, handling
+##    it may become particular expensive for real-time analysis.
+event teredo_packet%(outer: connection, inner: teredo_hdr%);
+
+## Genereated for IPv6 packets encapsulated in a Teredo tunnel that
+## use the Teredo authentication encapsulation method.
+## See :rfc:`4380` for more information about the Teredo protocol.
+##
+## outer: The Teredo tunnel connection.
+##
+## inner: The Teredo-encapsulated IPv6 packet header and transport header.
+##
+## .. bro:see:: teredo_packet teredo_origin_indication teredo_bubble
+##
+## .. note:: Since this event may be raised on a per-packet basis, handling
+##    it may become particular expensive for real-time analysis.
+event teredo_authentication%(outer: connection, inner: teredo_hdr%);
+
+## Genereated for IPv6 packets encapsulated in a Teredo tunnel that
+## use the Teredo origin indication encapsulation method.
+## See :rfc:`4380` for more information about the Teredo protocol.
+##
+## outer: The Teredo tunnel connection.
+##
+## inner: The Teredo-encapsulated IPv6 packet header and transport header.
+##
+## .. bro:see:: teredo_packet teredo_authentication teredo_bubble
+##
+## .. note:: Since this event may be raised on a per-packet basis, handling
+##    it may become particular expensive for real-time analysis.
+event teredo_origin_indication%(outer: connection, inner: teredo_hdr%);
+
+## Genereated for Teredo bubble packets.  That is, IPv6 packets encapsulated
+## in a Teredo tunnel that have a Next Header value of :bro:id:`IPPROTO_NONE`.
+## See :rfc:`4380` for more information about the Teredo protocol.
+##
+## outer: The Teredo tunnel connection.
+##
+## inner: The Teredo-encapsulated IPv6 packet header and transport header.
+##
+## .. bro:see:: teredo_packet teredo_authentication teredo_origin_indication
+##
+## .. note:: Since this event may be raised on a per-packet basis, handling
+##    it may become particular expensive for real-time analysis.
+event teredo_bubble%(outer: connection, inner: teredo_hdr%);
+
 ## Generated for every packet that has non-empty transport-layer payload. This is a
 ## very low-level and expensive event that should be avoided when at all possible.
 ## It's usually  infeasible to handle when processing even medium volumes of
diff --git a/testing/btest/Baseline/core.tunnels.teredo/conn.log b/testing/btest/Baseline/core.tunnels.teredo/conn.log
new file mode 100644
index 0000000000..151230886b
--- /dev/null
+++ b/testing/btest/Baseline/core.tunnels.teredo/conn.log
@@ -0,0 +1,28 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	count	string	count	count	count	count	table[string]
+1210953047.736921	arKYeMETxOg	192.168.2.16	1576	75.126.130.163	80	tcp	-	0.000357	0	0	SHR	-	0	fA	1	40	1	40	(empty)
+1210953050.867067	k6kgXLOoSKl	192.168.2.16	1577	75.126.203.78	80	tcp	-	0.000387	0	0	SHR	-	0	fA	1	40	1	40	(empty)
+1210953057.833364	5OKnoww6xl4	192.168.2.16	1577	75.126.203.78	80	tcp	-	0.079208	0	0	SH	-	0	Fa	1	40	1	40	(empty)
+1210953058.007081	VW0XPVINV8a	192.168.2.16	1576	75.126.130.163	80	tcp	-	-	-	-	RSTOS0	-	0	R	1	40	0	0	(empty)
+1210953057.834454	3PKsZ2Uye21	192.168.2.16	1578	75.126.203.78	80	tcp	http	0.407908	790	171	RSTO	-	0	ShADadR	6	1038	4	335	(empty)
+1210953058.350065	fRFu0wcOle6	192.168.2.16	1920	192.168.2.1	53	udp	dns	0.223055	66	438	SF	-	0	Dd	2	122	2	494	(empty)
+1210953058.577231	qSsw6ESzHV4	192.168.2.16	137	192.168.2.255	137	udp	dns	1.499261	150	0	S0	-	0	D	3	234	0	0	(empty)
+1210953074.264819	Tw8jXtpTGu6	192.168.2.16	1920	192.168.2.1	53	udp	dns	0.297723	123	598	SF	-	0	Dd	3	207	3	682	(empty)
+1210953061.312379	70MGiRM1Qf4	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	tcp	http	12.810848	1675	10467	S1	-	0	ShADad	10	2279	12	11191	GSxOnSLghOa
+1210953076.058333	EAr0uf4mhq	192.168.2.16	1578	75.126.203.78	80	tcp	-	-	-	-	RSTRH	-	0	r	0	0	1	40	(empty)
+1210953074.055744	h5DsfNtYzi1	192.168.2.16	1577	75.126.203.78	80	tcp	-	-	-	-	RSTRH	-	0	r	0	0	1	40	(empty)
+1210953074.057124	P654jzLoe3a	192.168.2.16	1576	75.126.130.163	80	tcp	-	-	-	-	RSTRH	-	0	r	0	0	1	40	(empty)
+1210953074.570439	c4Zw9TmAE05	192.168.2.16	1580	67.228.110.120	80	tcp	http	0.466677	469	3916	SF	-	0	ShADadFf	7	757	6	4164	(empty)
+1210953052.202579	nQcgTWjvg4c	192.168.2.16	3797	65.55.158.80	3544	udp	teredo	8.928880	129	48	SF	-	0	Dd	2	185	1	76	(empty)
+1210953060.829233	GSxOnSLghOa	192.168.2.16	3797	83.170.1.38	32900	udp	teredo	13.293994	2359	11243	SF	-	0	Dd	12	2695	13	11607	(empty)
+1210953058.933954	iE6yhOq3SF	0.0.0.0	68	255.255.255.255	67	udp	-	-	-	-	S0	-	0	D	1	328	0	0	(empty)
+1210953052.324629	TEfuqmmG4bh	192.168.2.16	3797	65.55.158.81	3544	udp	teredo	-	-	-	SHR	-	0	d	0	0	1	137	(empty)
+1210953046.591933	UWkUyAuUGXf	192.168.2.16	138	192.168.2.255	138	udp	-	28.448321	416	0	S0	-	0	D	2	472	0	0	(empty)
+1210953052.324629	FrJExwHcSal	fe80::8000:f227:bec8:61af	134	fe80::8000:ffff:ffff:fffd	133	icmp	-	-	-	-	OTH	-	0	-	1	88	0	0	TEfuqmmG4bh
+1210953060.829303	qCaWGmzFtM5	2001:0:4137:9e50:8000:f12a:b9c8:2815	128	2001:4860:0:2001::68	129	icmp	-	0.463615	4	4	OTH	-	0	-	1	52	1	52	GSxOnSLghOa,nQcgTWjvg4c
+1210953052.202579	j4u32Pc5bif	fe80::8000:ffff:ffff:fffd	133	ff02::2	134	icmp	-	-	-	-	OTH	-	0	-	1	64	0	0	nQcgTWjvg4c
diff --git a/testing/btest/Baseline/core.tunnels.teredo/http.log b/testing/btest/Baseline/core.tunnels.teredo/http.log
new file mode 100644
index 0000000000..b3cf832083
--- /dev/null
+++ b/testing/btest/Baseline/core.tunnels.teredo/http.log
@@ -0,0 +1,11 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	http
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	trans_depth	method	host	uri	referrer	user_agent	request_body_len	response_body_len	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	count	string	string	string	string	string	count	count	count	string	count	string	string	table[enum]	string	string	table[string]	string	string	file
+1210953057.917183	3PKsZ2Uye21	192.168.2.16	1578	75.126.203.78	80	1	POST	download913.avast.com	/cgi-bin/iavs4stats.cgi	-	Syncer/4.80 (av_pro-1169;f)	589	0	204	<empty>	-	-	-	(empty)	-	-	-	text/plain	-	-
+1210953061.585996	70MGiRM1Qf4	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	1	GET	ipv6.google.com	/	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	6640	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+1210953073.381474	70MGiRM1Qf4	2001:0:4137:9e50:8000:f12a:b9c8:2815	1286	2001:4860:0:2001::68	80	2	GET	ipv6.google.com	/search?hl=en&q=Wireshark+!&btnG=Google+Search	http://ipv6.google.com/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	25119	200	OK	-	-	-	(empty)	-	-	-	text/html	-	-
+1210953074.674817	c4Zw9TmAE05	192.168.2.16	1580	67.228.110.120	80	1	GET	www.wireshark.org	/	http://ipv6.google.com/search?hl=en&q=Wireshark+%21&btnG=Google+Search	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5	0	11845	200	OK	-	-	-	(empty)	-	-	-	text/xml	-	-
diff --git a/testing/btest/Baseline/core.tunnels.teredo/output b/testing/btest/Baseline/core.tunnels.teredo/output
new file mode 100644
index 0000000000..02d5a41e74
--- /dev/null
+++ b/testing/btest/Baseline/core.tunnels.teredo/output
@@ -0,0 +1,83 @@
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp]
+    ip6: [class=0, flow=0, len=24, nxt=58, hlim=255, src=fe80::8000:ffff:ffff:fffd, dst=ff02::2, exts=[]]
+    auth: [id=, value=, nonce=14796129349558001544, confirm=0]
+auth: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp]
+    ip6: [class=0, flow=0, len=24, nxt=58, hlim=255, src=fe80::8000:ffff:ffff:fffd, dst=ff02::2, exts=[]]
+    auth: [id=, value=, nonce=14796129349558001544, confirm=0]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.81, resp_p=3544/udp]
+    ip6: [class=0, flow=0, len=48, nxt=58, hlim=255, src=fe80::8000:f227:bec8:61af, dst=fe80::8000:ffff:ffff:fffd, exts=[]]
+    auth: [id=, value=, nonce=14796129349558001544, confirm=0]
+    origin: [p=3797/udp, a=70.55.215.234]
+auth: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.81, resp_p=3544/udp]
+    ip6: [class=0, flow=0, len=48, nxt=58, hlim=255, src=fe80::8000:f227:bec8:61af, dst=fe80::8000:ffff:ffff:fffd, exts=[]]
+    auth: [id=, value=, nonce=14796129349558001544, confirm=0]
+    origin: [p=3797/udp, a=70.55.215.234]
+origin: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.81, resp_p=3544/udp]
+    ip6: [class=0, flow=0, len=48, nxt=58, hlim=255, src=fe80::8000:f227:bec8:61af, dst=fe80::8000:ffff:ffff:fffd, exts=[]]
+    auth: [id=, value=, nonce=14796129349558001544, confirm=0]
+    origin: [p=3797/udp, a=70.55.215.234]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=0, nxt=59, hlim=21, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+bubble: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=0, nxt=59, hlim=21, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp]
+    ip6: [class=0, flow=0, len=12, nxt=58, hlim=21, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp]
+    ip6: [class=0, flow=0, len=0, nxt=59, hlim=0, src=fe80::708d:fe83:4114:a512, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+    origin: [p=32900/udp, a=83.170.1.38]
+origin: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp]
+    ip6: [class=0, flow=0, len=0, nxt=59, hlim=0, src=fe80::708d:fe83:4114:a512, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+    origin: [p=32900/udp, a=83.170.1.38]
+bubble: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=65.55.158.80, resp_p=3544/udp]
+    ip6: [class=0, flow=0, len=0, nxt=59, hlim=0, src=fe80::708d:fe83:4114:a512, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+    origin: [p=32900/udp, a=83.170.1.38]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=0, nxt=59, hlim=0, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=fe80::708d:fe83:4114:a512, exts=[]]
+bubble: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=0, nxt=59, hlim=0, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=fe80::708d:fe83:4114:a512, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=12, nxt=58, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=24, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=24, nxt=6, hlim=245, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=817, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=20, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=514, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=898, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=812, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=1232, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=717, nxt=6, hlim=58, src=2001:4860:0:2001::68, dst=2001:0:4137:9e50:8000:f12a:b9c8:2815, exts=[]]
+packet: [orig_h=192.168.2.16, orig_p=3797/udp, resp_h=83.170.1.38, resp_p=32900/udp]
+    ip6: [class=0, flow=0, len=20, nxt=6, hlim=128, src=2001:0:4137:9e50:8000:f12a:b9c8:2815, dst=2001:4860:0:2001::68, exts=[]]
diff --git a/testing/btest/Baseline/core.tunnels.teredo/tunnel.log b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log
new file mode 100644
index 0000000000..5549d66a29
--- /dev/null
+++ b/testing/btest/Baseline/core.tunnels.teredo/tunnel.log
@@ -0,0 +1,13 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	tunnel
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	action	tunnel_type	user
+#types	time	string	addr	port	addr	port	enum	enum	string
+1210953052.202579	nQcgTWjvg4c	192.168.2.16	3797	65.55.158.80	3544	Tunnel::DISCOVER	Tunnel::TEREDO	-
+1210953052.324629	TEfuqmmG4bh	192.168.2.16	3797	65.55.158.81	3544	Tunnel::DISCOVER	Tunnel::TEREDO	-
+1210953061.292918	GSxOnSLghOa	192.168.2.16	3797	83.170.1.38	32900	Tunnel::DISCOVER	Tunnel::TEREDO	-
+1210953076.058333	nQcgTWjvg4c	192.168.2.16	3797	65.55.158.80	3544	Tunnel::CLOSE	Tunnel::TEREDO	-
+1210953076.058333	GSxOnSLghOa	192.168.2.16	3797	83.170.1.38	32900	Tunnel::CLOSE	Tunnel::TEREDO	-
+1210953076.058333	TEfuqmmG4bh	192.168.2.16	3797	65.55.158.81	3544	Tunnel::CLOSE	Tunnel::TEREDO	-
diff --git a/testing/btest/Traces/tunnels/Teredo.pcap b/testing/btest/Traces/tunnels/Teredo.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..2eff14469d6edb8f411e072b20f8dcd744b9faf3
GIT binary patch
literal 26297
zcmeFa2UJwc(m%S10+Nv=AVZKOIp>^n&UqMM$YF?rWDo=dR20c70wRcl2qHNuNrHkP
zC>cZ~gMh%>8;|FB@La!p-~GS0)_dz4=vlja_pYk0uKw+=qPrPtd6JI~U;;lrM@ImF
z24;*)xm2ZaaDff*8cIjUAAq7yE(?YOC;`B1Tq6L4lU!J6EJ7y+(-DvW{`9{UBSDX~
zgUY~MEdaojl$8~gm6a8gbd=PU6%@3Uw3OtP<&>3_bd}{4z#p)Nwz8s<nv$-PwvsYb
z^7kKk9pK17Oa444!@v5F006_E_ZBdITrvR00LF1+&;fqHQcF%v(?C<l&{AGs$HYJh
zAOga_;Q>kpM*7-n`dpfFx`sNs04Ek22I(n)2+imLU;?TjL;5rz3=)LW_r?Qs=I{H~
zj#a?M@<J96!cG>~xD<K!xXHTMY=dU2B;%P347w!LFex$Mn98BdPgIVd|4ET-aZR#7
zIQEnvL;<3N%?9W~6hKO(y2SE}WL^MZ4$87GPVgI9RB9kunA0>ab!q=03;XK4UYB3d
z##LPshH!M3?^G^H{zT<hS(+hPGA@6YrAr%|9ngg+fRws*i4}=IyaNDBP!<D93?Kkh
z36#ET<fj%P<60ooAdY~j$cg0W622iA0gTLopw8$qM#`RM{BRktg&w66KROJDF2D!A
z+t|So`uF@F-{>(wF&%V`_D6X*u*Ol-$wm%|LB5Fz+yw7I>6h+_7b^z<FA@)5Py{_l
z6oL`LH-Mim;%{OAe~`0<NbvqF&N^#-r`@BI;>7~=CQ#MypHr_fFlA-G4-RPPfCdk?
z5o+@v6#zR>Ov7jRfA!q2I&VMLdGtT(oCMVQ2yjd#y%ryk2FXI{7oGFQbsST<_$L((
zKvz`qHY-%w3tbjSc>w_Em{^r)Xqf1bOfNqFWCzE?`e(}q0LYr$G)`DkH)snfy2PM0
zA-~IXVUqw52RT6Lmk!|kgNn*eR5;f9vDHAi*lbBDUcc=-mgylRj}}Pj&yn`4jyjK9
z7kQ#}Y#=pt$S#`{zsu8bNB}_HaNHFqsjS7lgs9xA{zocQip1=z0HCX5U<l)ZJ0ZF3
zksdrqJAYq6Uz8onmm4gCsTvyU^6+u<65uI#dY}*<C@#YwFN8SkxEjxKy}xd0B0QW>
z&f+j3Q85BMBVU9Mmz)#$h&aq3$ODe>;SuB(<%O}?`P+E;cyjUa35!WMvJ>E`disJ@
z96SR&+&t|Z#P|fb?fmV0QQUA(_hZr?2sjGq=^+l&Kp?!h<lK<{2m(A^A3G;^J8_tY
zCl}lf?hKX?;6X}NJ|Y03z;OemlO}`i7xxNM$4!9~>R3BgDyR-JV*r5K<d5)?;^*e$
z#dEXsu(5M+@R36J`uTVueYo80yilHA$K^;bDLyf<mar%{^o<9$7is4vWgzzbV<;vj
zC?Lnj$198nHrK%qj*|M`ay*c_FW4X{NCS8%P@PiFp6&=dFFPL;H(1rl$Ikuu9w#3^
zFCQoG_Zz+llpn|teB^J%9*6*6DG?z~@b{03{$9RPd;)?(LVUb}e4Ib7_&NE$({TYA
zNC}B@g1@|YPJT!SDSJLUdr=2IF)mR-djyxDpnx!!sF;`l7r&T*gP@qOh@FGIFrKHc
zQ~=V0Q;3s~lb@4cn3tDRL|BwlfFII?lN7HYuNc&RNN<XNbtFvASPrx;gX0@`jz~9z
zua1V4Af9~?>i9}XP*4O9<?ChV0Tv5?ukhox)L%EjTlxr;4-(;P=!pU~%=<^yK^dY5
zW(~o64&S->O7Y|Af(CVb3#7_>oRj~9;rE>39~{5ueh`74I<EJ}Gsm^SYXd)fcO*(5
z;R2c=!r{*XL!>(b%ouq&*rAXfPJd(}<M9J!;QjtNHc49%qQA!ZFSs*N2H{Rp)(ON=
z2N7dUmzWy1<O%@xpkZ5(e}5<c^Lu%s{Fut^U#VnE>k`u~&KP~C5=#jHli<jJ(l6*W
zIPnCclDPbjRH*0{H_rjUAArCI<L4D5z*DqCfncEQgXDzq3B$DPg1};4Q5c_)xDc<n
zkRVJ&%a8!?d(Vi&<h;I*)E`Ll11>;t`D<v4!%(1RJ^fHpd_tTsce_9-KHl%>^N%?2
zgVuLcLLmZCJYH^gNDl}PAhi|K{G_&%@W>X|1>wOI$9Ft9F%dZf&I$ie+YuM~UtRbs
zmF{DxzVvrg$(9CDWlNV>0a4HWUHQ+SVEm3s&oPzIf20D+f|l}~inj?CpaJ$ClujZX
zAQd+RfD;j}V2BEs&`yN|LIC??Zh1KPmIi;J4<^#fUl`lT)6>ZffdQf{0MG(xkg~c<
zumM-F5|mC_2bxvtIa%O{#DNGR3y}wePKBeXalVs>M}&i<(ScLIsedH>YatdS3PT@&
zdwdJct&ycs5)uLwkrN<>p{d#e$I}W(TEMwc4kV5Spz*>1Of<VjxxeM@Pvqez@(w5R
zh!c6o6L}{v?+$STfb&-Y%zmRQxQ(IT^DJ%vrtD$`Ze!AM9*r5iFT0qJ+nD`5&!Prk
z%I{j?HkSTT9|=7lkK0)H*L_vOCEUiI?|D39==nliNcEDX*uU%5H^;pi^!HwE^w*|=
zRCcVTf9O@P5fJIddK@4ZtOKQ!y$YnJ(jWKg=+C_hgr0|K(;WBeu_Au$K(P4N!hh&h
zIRN`uK1qNX4eS|Q2M=E^I|p~9M<WYxChh|OU_^gUr*J^wBq4G8dT{_tFaxDud@${}
zw~!_{k$-672#5!N#Ce!w9ngq>XaWZMU2@7QiYf{^N~)ljr3-#*fu5F*k|N}D$;kl#
z?7M2@WeEXeP=8SRgV))`Y=dWzvxBC}F9}ZPNK`;K;`?1d5l}!AY{)@F!v<_=kT0O}
zUp~jr|5Ez@*#dZ^0bB?TL+TV7aNII}Oi=Tr_!uTgqzE<|1~w5b!|}}XUo{X8_NdlA
z=I?rR__#-%|N9<w0C{zDp#6>)=vaW(<Me-q7hfShpbs`2O1~hnV%!+SD^m&LW$*xv
zh44*yG{8G0W((B@B*<Z)%|UL{5AW_I>Orju06AELwW0J22i>^$5Qh^^r{w)oTc|d^
z`2WZu9B2y}^sUN-q(gw*qCkh!9DEc?zW{|MX&dBQ-pGPvhT3%OTZ#^406^Hqhen6*
zY@w$B3E(jN_yX`sI*gJ#Q$TvMoe(E!boAe8Zv0qt3V+uerLFBTVF}<Q#giN%4#I($
ze`)UIq)V464gmN`w34BgLtMh6K|fit{@O7Id~xxUeQ}aw1kn07%}KOk0uW3bL&eGY
zfo0spaeIzu8Gl-W>N?snH!AG#lhjXg$HE45LoT{1gA4#$bkMQA138hHtx!8ZFX8;f
z`D8mSnJyo<GvaUUR9#E71t|ek*jpz#os<O7#lmJPbo2+gtJsp#AF^CJ=KKQUOtg#x
zID%xL^ownpLf8&kKiA*-P;njC7OH*b-)^%C$UOiI38|jl1ptUEJ{X9K!T|j{FrDOz
z;TQK2;(803qWn4LFzlB4Y{AMHeE%U=DtXl!8vsyI0=?rOelXt;cNLmKaetpeeRouU
zc6YTrgOP4-c05Adpu1~=^Z<QZUkR9z1niG%n6@EIh?`FWhVbArGLV4z_>1##i`fgY
z!&DG(S5F>j4$UjTFU-#iQ%3qA96bYh1h{$ag$VHE;BbT&=q(>lbe&P|Zk%>rUT#P@
z=!1BA@B~677XnX~y1PkuOYw4xadPl*9AAn4AjG8!dT)MqPT(9K6vfY%6X9`O;ZIIn
zN*-`e2hhI}hdBi!y*M2Zj&9(T|Ig<Yob7x-&r}?yW}w3*Dk>z##mDJ~a^w;{CL_Z6
zouA0xC-?#<C-kn6V{iA}u~+c)bVY*l=;|veOQ|VJi3kgcitxhig&Z9Pcm?bP#0|Bi
zK)+awUx1fSkXKyukDQQ@fRL!T3YZf&kU}Y|z>SPF9Lx<3-ISf3L_rNB+!5~f2p`aA
zL;3h2Bwz+0X+=FbIXP80_@x-+?%~KUVq)On?k#GpA)<)Vb5&F@3-B@&4pLI(gNu3z
z!+m^^K8891s=lV${Mt5NI&c#%Ls5P=xOR}gn~|!MDbiTi*WAoURoKwOMbF0x4F77n
z7#Zj&__%2*I}54t$~&mIAUy+v-Ccd1OniJC5n9GvK_d2ne1?3Qx(Zr~Iwrg(t^vHJ
z%HAeAURrLh@(QZH4k&(OxUaJvuM0n~v6q@%fN+qL1WX&0osU<_Ma#@Y+toAJ*G*2)
z$WGr+G&o4vKvT)XR}^Vt94x5f0IJo|)!W!z$U)hFSD7~$1s8QzbkkPXcXPA1F+rFi
z#7qK(?L^HyMYKG8l!Ltk%;CXKrp7`DE`4Qt1s@-EF$YH@AtzrEF-;qP0eJ%lKZKf-
zjgF3^i<bf1z!`F}pdpFmBlrslPC}3=Q~WUmMgI+g6xVg2AqfJ({|L2zKu|!)MGpsE
zVj4E-Z+`%R83DkE1stc7FDtAwObHNI)sCOJVgU=o5Le9C|2bD1hrfBgyf7UNFg69b
zvs{n|>f`Aq4)gLs`X7&tfAC46fhhrle;+MUMuy5<;28W-@9$&me{!lt|L#;f1^E6&
z>4!(nFCqX&;0W;OuRzmk5VMb-nz;vLR+ApqH^`qCu?|T>8w)Do>lJn%?Ae~3^QiSK
z6nUl+4!jBH#gVY?I66pX_VO|a5TW<zQ;TeM&dE>_xJ#1VDyen<+O3ba;%c}ZY;%$;
z*MgKN%jPN)uO;s6a<HC#pi<WUlIvNk{Ha|&ZuRDI8)?h!zRJaDgPfGb3+;EJH93WD
zUk||wlcacve~xOTlR&^aF0Yh+>N-maA2*wJBB>Liff<WHq-Q_vP_11-qJdmMTEmo2
znkq?KJ0uL=n~6IXOTt4!^j3@z{k9U^Li3@NG3LF6DAUM|w8YG~qzs2c(foJaDLSXk
z^|d4ELW5c#I~B=H-{Ml$BT`QzroWfTK+tJUJkWug^yD!Serj{70NR>agc#zTD4g2+
z%a#Nh*9PXJcI)PE8DwN<+d?EIdpxsw?QUHqBlS_qYxWXLMiQrVua(PO!81lQRdbMz
z-=Wrd*f(;AJy{hwi*=eK_jE(FonwxY)%C}h<a{D)415RYIq7q8l?x7*&JzSmo=Xg$
zp^%kvYK$*`AtNdE$}_bN>AN;uf~~S_M1brOU-KDc)YZDW%`Wl86>-L%*DUO%h8F!p
z<KT~WwN)_O&yA68gp5R#OBA&PiwX?ZzD(AMam`hoR|vieDWX{kMlj!^31>L3;T%r*
zt*{9x>h%TVjR$Jf=OEY>Gw@|v0-1_4)j4+px{>Wk$17=5jCbCBrTW-p`rN~PM~*5s
z`N`A-`n+_#k}13I>!yX)M`4rsaW9cwjS;qit}VHtx3Ol7P3<u3v5JS8bw9wfDp2@n
z@j0&rov=EnO=!<PU7&Osn-m(c+E!3UPax4w6B3mmev$mveecHnfqd_+LZ&qF^0ur!
z(c(e8N{&0_qvW1-nQ~fFnF?u)8@KM!yv#o{k?@K+q?+A@r`I;=x<^01?m4Cx24|}r
z6F;^Mlh#=mU@k=?Jz3ne4NkY#e+hh&Vfw&QTfHGqESJ0KY?UCBng00J=h-)=`*4qq
zokwA{_1~s#6xIhl-xUUI$2fLdA6_EhIaSy)UD*C{6NSR}m8qw8WgZmn4Y0eh+pK69
z8yrB#+n}CroRKdkqCj;$IAFtyz?idU?DA3$303Rm#1R~VQ7axydhVAY6e%{B>Vtc2
zGX-=}0V?YB^R25^eTk<@Z+|48eeR#<M<+DxLNQdjL0W6MwAfVh)^6xcuqn}VxYp7(
z3f(}OaE4aTm$zwFG_CKG6=#mz4cf2t%b8`kO59D-{iR2n4?ABI#!>q4<$p1G`Du~C
z)(C;gA&;wgF%RkGOSrw=8g&b^)-0VLC&2c+uTT#=&Z7kUwL6Tm$O@72u`j{X3l_a+
zwCcx5b!o-x#dua~+SGZSA)F?+{Vif%IY!L({|+%-1%BW(M>B}D^aG=d3p*BV36+?h
zJ-g#{rcT^m`Xq6&jr7KtB{Dk>3-o;wBI7mtYYo|%VG{=}{8gR#lYYamXvQ)8=;VfJ
zM*^MEi$0)4dWA2M(kZA$j|&Mez4n{-)xxY7e(ON&N+_(v?iZDl{vm;6<`K=Srgo8_
zO>%5ErfB*;)yV+I5D%)Ct5dUFJmq`>MPs~^iXLEh^;}-PiAy3tSyCc9jM>-Nb$|+b
zycd2qK=k}`<2lhNt~YDrRxR7;iqG#~706|#yfH5qDW!&$ucI2EW$Chqm6dhR_`b{q
zyceV;32%(!(yASUZsfWOasqg!f!<peWJwH?c^oqQg)E||J6#s!^9*YmZ)LHCP}=v#
zOXp1765|FI=-k5NH?ka>Hg2(?%|xm(tmo$;o1gb(C#QUomt3H}L%sLjs_&fXn5g8K
z-qtSMe=rnK7ARWy78$O5rw_k)e3Q&FJyIe<a!B}0T9ZzZjBjXQN8VNQNcB4xJvJW?
zYj{3)EhlJZ?3Xfl%ggkcATduw@{70}(F1waD`^@6nq~fNe&>zmb@E@1HM%^);?PyO
zU1Z31ro@a&zHnEWcAUUNAc#w9(L-1fE%TEXvYDq}4W7a$`APioKJ$d=Q!<HsssM3D
z$w}{u#ZOkJ5*|NjCewJ@c_&`Unz`iJg$E+v6sGXKCf$gSQk)xx8h85TlajBV`q~|Z
zp_|;Sizm<8qF72cYs%t%ZSFz#QklRLMUyGBl~-)L^~g;atMqwJd#3)W(1w0uhnwQ^
z<0Se-LTGmvF~v_~HZkeL#b4e!)u3bxQxnuAYAjy#Y|S)17szg{)sKN&P0_i>#eE81
zQgv7Qnr3bRFIn4eP*!8p>xlb=PfQfFDsh~Pg2k^Q-({;`eH9;bBy5f+b&*CRaZLB6
zbkQ@|S1K4R<P@7ldaX8MKV_onRR@ggW|y$8HD;~sq;%d6UzcyuxvSGxS!%!ax4PUd
z7~Q;a>-{6trpdX^5}cQu=~oOnN-ypU*;Ox|H$t=H&W`w|f8&{$RxbX>Ia4hIHfgdF
z(h>H}gu&jX!E0m|GkLUMo_Tz2e2!(wVLDb{ReL3L=8(f!3R_taRr{EleD{mC@_wWB
z%coc6HmEX}!-Fb#rUX8m@@Ghw#xB`}r-#Q<oYh>ubK_!^A=f2*YgGYnyk~2liiH{9
z#RV2S(6_M|zE1nte08TS{@G2f$D5g^x~R#5y@MSsQn9D@<d0s&wc~G7Z=5QTZj9`h
zstk#>pr|}mUH*|cM!6vAlk4F8)>sEH<K=r{EiKUf)~y1GOtBC1{eIn|7Y!?$`^~<L
zDc#qy8Dd?!i@GF7T4~%!aE9W^d%cE%`!Zc7M}>i3jgzty_!AW0DQ2VhU6}jq{A>vM
z$X1EwHLOk5U!m;Vs9l(b{CH=8;!LPzT}o)oR|;JX*PUF<-ekgO0X{VE7I5}>nR!Ob
zzAp5m7$>e@_d<U?6{nh`|MC8U!fU!wpMFc~4Q=jr!A~<@E8Z&EHMMc~7rao^tZ{cK
znI&j*u0P}mL1#L9ULa`tqW|tnU*88SX_~BqOLWQ;$W`%usgQ&D#bu;m;MP<J+SN*S
zcWJvRIyk2NE-~r8^!v|2$htOaln8{FksxCJ#>JgHc5yHK>}&%6v5V{Bz*OkD0=c+^
z;2aa;IuCL+1pj;qrIRyTbY-SQ2&Xl!{fyJ-{9k-+p=loazdN(_Tsg*RDjK$L;QEHX
zA>GV+tNguP*M$1~c>+`bxeTR^CDJ&x-QYHl_UQWPrj#2ty57^ZWdaj=#t8fBI2PS`
zOHqZk*z<bl-mBbx5I*l~vOOm?a!J3@4u6@Jl&kRkX!k(c;C2RefB8h~<e-4z&aJ43
zq@kN^!?6qDV|zv{$pPL*4zFoDFx6&N*;Ur>uG-)f3#O8w%S=sNDR&!SICuT!*;lRS
z8M3rt1Z0sPv2PBcopQWP;t;{30@KfnNw8SBZbv0(O-rvWkzq2IA}X1}bNv=05yH*P
z)>O9Q#S|W|cFNbYUmoaORkd!)rxN66uaEJe#vR}8&oJj#VLbnSdb-_@++rbg`SL(M
z^3^+v^o|M>ywZm+uCFWm1RUJdD66lU`Lut=ij<K%XF+SW&p2{w6fujqk`~_yN1(z?
z$qWY#JCb6eVnn^7bo_vq38JCKeQ)mzWqvgxV9dnL5|u8_++Ex{=oT?y5xv5pTA`Em
z_@3Ff`#FmAt@qSVO)4+nZ&R}G)J^3{sHC&D@U-aJsCqvod)?eiD<qXOLKe~M*Th&o
zuE93s`R2mq4_H|Aw*5+2>-RYOFRm5nomoCLU~z`%$;g?bVsz6f>T#32_G{m|ve(S&
zePXLZtH{f&u+>V~f%NK%gwqed=H?us<;P_5uTp~n8_>q&(9nKo*)zwM&Gz40w)eO$
zv8*{{+1?;m#sMr~2n^gn>6hS5d)y+#_2$!`xnew7;({z2Bl6!3-az9C<Vq!LUT*bA
z@WvNm=L2_^adwkJc(8a&nSdb`(5Losy>OnNkHsG4p(3Sn{I{?R2FDfuH`eq2R;))K
z;fU}-_=v-tQ7A8Q9-b3HH6F;Z{oiQN|97H6&=`LbjrY5_OwzHJ(fae->pzdnc#nr%
z^d10LWjPWl{yz|xF+iZesLpr8Gcb_S<CQYzcMCE%)%G+qRrgU-P?CUo*`b`Jc)kP6
zZv!@b;(WaS5U?@yvGec+jsK_kD%{!6!xiE1S1{*fSO{FuAm;dUOs5ix>4;JsN;k+e
z(9mB@TC*T6Y!@BWlyL9M*hUp*XN(W_^pe122~;to>4w+BK3u?c^P2kdwPia?+^gpK
zPQR}Wa}y`2nq;mL=KhA6Jf?CgG4kqrO4MXv7H+em&O`mkS2P{OGjf}=yfi^1y*`Xt
zAEb}o*YeK^$SG;gg}qLkS)C!w&N~;}5=2F|8UL~SieqRge^(pc;a8L$-iJ!6=1)$~
z^TfzoZ7xdAz1u|bQn_)aG8Hqu@Jk5Ied6^X8s<IB-4~L!B`ejA)V}`)i%oaXXZoqm
zhG2UMJAx0P{(|)r?&tPZ7;ou4pNm03xRE0QeBX?lU$%|`uL_XkCcLxfw=u1VtI-2|
zD86`5*!E*l2Ix3prEkYjQYwVZMq1Kvwo$L4ZH%@}SlwES+#NJHYTk)@TnFzgbFNXP
ze@%RtTS!FHHJ&!@!w|@SL&xWw0eyBdkCZO)jmVFS*9vWhH9lQ&7MEsy*`C00{S$TR
zm(?q1=PcbhE%BNYiK`yhyR$peipIe#+_FD%-qYM?41a_#Ms*tYI9TjJ`F@KWhp>84
z;E+ywbZqLa=aSeQRr;keX?r!Ru1`w(-_2bwm}7_A$_VJd&-q+0r1FrurII=uE;xJU
ziC9I~7>>Y8feFVEs)eFMjM7Yl)TvbVu#Owaw_ly!<wSW`5!xrW39>|#GbIHIs?$Fh
z*_?@5RK;dNF_B$T#t9T7Mq7!I!HwPa(2sgGC!1tbNb3{lBizP~&yM-HAch2U;;kJG
zA+}RyDP_;WrhHUE5(+P}@hzJ_&SxvLm%Of`9DJ|nC4KlZh5*8dBDz>lsaGNEFg^T6
zc<ME`F7u2evQ<C%YuBC71@grNHQq>7_|?bt*vYW87E(=$TDLgFr46q=*AC0@%Sbc5
z#;5if>m}xv*ZUSef_G;gy4)#GPN>zg7MYtEud04XqL$)^_9jo%@KuuJvs`SYjwyBH
zl%cYI{viS7>IpJ`-u6}5s&_d$k~ww=qc>^i3djpd;%WpVahr<IMkTt!S#;SRBM}#u
z`^tu?rp+R!(*!eIgDf9C^i?fZMj581a@0M<EswG_d?Lf9v#nYxX}G5M##=gNHnk(*
z^%oi?|Hn2e`WqRdqx&9B*EPf1?%m6YM|z5mJQFs&RQLYIfohp*ZMq)ov(731TozI0
zpxnu}Tz#Zl0q18}`$cLs+=&~9=S5TdBg)FNl!tZ@Hqq_vpVmIP3)~ODrFxymF`;2r
z#K~o`x?A&{AcvmaYFXKu-DoAq2<iOcWfk8NgqY1&ev6pN$B5bT-yx=d#t+0qTm=A9
z>J{_O0^`dU&J@(MEA`#ZWn-pko3MVNVb1M;zF3`x;Pni<UakBq)x=qQQ@Q$-)L>z8
z2`Y?xY{izZXrCJ0I@NcksJl$=E@E!CpHC)yN?p5DO(A~zV@PH-jCC-i?vZ8BlFRT?
zoJ*6A<@1i<&;vFj6(Pr&t%?XkY&}n(rypchMz6jf{QL~<=Kh768`rkr1&%f9r$qDD
zToMEl-~t_-D{^6lXsG88koZPjqCE$WedW2F2Zf@g#g_7+eS5)VyDgkM{I?T!NnNsd
zN_E{uv$w{V0t{N}=r8NgxAWL!KU#RxrL#gW&3`m2gTL`*OGc)7deQ;4)=aD2P6_`S
zBeOcQ%wrJ63x^-+p6yO=#>Jac^B*l+%xuN)>BQF@HREw03&7c^*15F5HLgSZmIXU$
zZY_1@oOb-8SQ$Bjxg5rCSeayS7w#Gl-(+Yg^Zkr-cWnDn5=CKhf17)QfKa0LGcDN}
zJDZo6(<5Yy_I0h6oKjz48+>Zt=dWHiO}Wjtty+7u;vplLRMDSwR<p=AJjFu-@Kib%
znJQaz$EsZDMICmlRS-i=cveMp3kSgq-VWZ+iI*ASst#E1NLVP@o$4NsS-ch0%P}x`
z%{iLmm%B33X5RnkOfKn|%hS*=<hYjRXb(-qx`&^Kg<zuIqIY0DMgsWuT8|Ga?%q9^
zeeO3_6Hx!H&~JaIqhYJ3biNTK;VP9`b$ZS`t^A_xG&?45!=l?~7q)~ksx-!hhmVaY
z^2n@ceCmW@XbASR!c`7y5|@Tm>1XH+tI3KolbqsLsj;ygfg>w{2ph*srBo5Zn|pE&
zBQFGs4fyQhw7-5;Els&R%$J&$`9`9_T{S1-X0~X9S!ny@sjQSL1`D?6$|QRF3ssbP
z1CJ%UB}qS=;igT@x~51PEHCalrQ6k&H=R0Qx{pYoyg_@Tv`V<LT_uNN@u^%Cz9rh}
zM-vBxWtR)Scn*CT;KRmN&GVn^#=i0xBavNhPAtXO|0}}BwLla@g&qb_Xd5(t%Vj*f
zuS-A?^FA*07DIoi`_p^=r`Gd(h!G2}PN6%P?n0BbvBi&UM%?G)1zzRp#nYfusO|R}
zzUAU+58|%5mZQ=hE6*3mxAldVD92mWkGqK(S*!iEU`)$H!nF|_N%G7}<0*&00-;ue
z#PfxbOO$)^vK5wWR9@S<dfv23Z?>*1I+sWEd-N1<iVKUo=H8V}o|6NdR%~YC@2*?m
z$~?$G3Dex6vv@vlvPk(%4XcwjJK%GtSiG>mSiCZaa%sAzPW5{?@#SO!DU+R1Gn)qf
zlu-Jb{85y+&mis*G4nHzm0qgFD+5P?(otCGa-SU>dz}(%S1(LQ4oS*MVrFj0T$Wg>
z{irB?`!4HQszq#$4@R2%vv^j*m%66a*lUvQoqI|zI_)dpxj4W<>NIjkv7y3QZs*`N
z=}62vzb?5pF5#%Yg`(g}_Xl>13hBeHK+-JX*PZ)!%Uk2hU!2nDfY~{`lVx1FD&I`V
zunVLo%RRB=UXmS1+>c>R#vr3b-(a6Y;z`X^!}_bKna}P#BC63&+@&e@9%=a+rj@}@
zvV*&{VQ6eJ@j<ISrK0?Ob!T4dP<P%8N}!Bl<QjyS?1^~4^Ikt4d#{W?`;q^7T*iBV
zsqmr^6qh*y5fkEyx{U{10zFqKos7$1crk&s_({|qf5vGH%g^-3-Ye(78<)9gbd1wf
z433B3OgWz~mwW?rum7Qq>IX0VEAyp;ls9i;n5BQ(=6&8zhC2O;%(|lxvnE(8z|fE)
z?#_CxU?4to4Vk-fayl&*t0d-p(i1=Yb2m3?v1!kX;%Nor^dt%T;oo|HB@my&#Y??k
zFMK^p=w1>X278{S2l=NIuq36EK~=^Tt`dWv>?|Hf<2|N+6@Bg;eop0%m1%i*lfuFN
zaDP|w<Ea=n%On~Y#agPCPaw`_L*N=UKK+$K<-2k45s^uJFTRl`I=A#3zN2D8sdfu>
zsjTVq-b>QcMUR-~9YZqcZ<_AJ6@8`hZo2wFdITvV-qcj%3qO4D{s#T5?NyhN8uXUe
z*IurdKf1wpWVCpYtG{;f%CKdbj%t}o(T&Od$T5PY(7LCC9<w=**3U3J-9T;DrmP?r
z0tgAnw;t%o=w_<!KCd1UzP&<Jm7DNd_7V|aN-)|~X8`$|s=;gpKSZLVOsoqJFnB#v
zd-HOYWk}oUhaxWqQ)=Gk()JQ8C-a3h$kSKDJl?b{!E@$`2DDe*-VE=$cG7VNmmvD6
zJ9Et&b2?6|J~+JCZL6@S|AB*ZcFRWL$<vL~MEP$lyH<j)leZQN4=zqUdE8m_NrL8x
zw#{kUBsx2Zdu7tzBFyP-CRs{NWF6Y$!_iax2X%e7!Xhs-tlq7-n?wGo#e&*zGTm;|
zo~ls#t{@|e?RCjzCKereyJS*E#xD|{)?vz~*~YYY6**)S_HLLFaiMw}Qx)%vGA9Lx
zewB*MLsLRhv)+?75pSm<jJy5GV9tWjX|$$Z4`EnPmveWOJd&SlDPHtl*jC7S0pGZC
zvDx_rK9}5nWlCOi1A|=N=`Q>h2X>9q5i^ArDh=X8@0IxUAF0vqCYR)&x4Gt;eUW*o
zQ;fcOaT#qd5GPMLYNN!(VHsm3J)dKu$b+BfeRR4qK?Z{|;*S1@fv0f|axpGO#NxM%
zuhay&EPZglv-7wig$C=W&nMNBn@Ch``N?PN^n|g#eq!EERd-JlF)v95v<Rc#D1{k0
zIDLTn(}_Z-p__J#B~-%9{PE9-4o^c1F$wUX(J21{|92R$e2f9~|2+m=a@Qr6;e{~3
z2jtoaMoa(PvvYE-16wLg7C6Et;rMC&JhUV2`yQe*0Khc+oeDF!IO;c47$7QULnrpw
zksj}{1F1lZ(ji$wi_w1PX@kqf!4(iqKjYDV?rC3g|1oduivpw5V&JNRZcC)^)N|5<
z3&Fl6U-U&-90|H>)owI>))<k;v0<CWqH*gAY-)TI#`O+cvom@oEkmS)FMY_xFIRdz
zjf{euge&NM<Q`%yi#y9=wo1@*L7->tN^Q{NwsGyMw6Dz$taWb<>?es!m5|l(cT4i9
zf?v#Qap-o`BJ`TBSKAG7ls~a;Sjkbk^KdCYCN|er+kSPioN>}V)VIG|%GA~&u-`>Y
zzsRKVxmQ!N5GGghq@;_Mtt77u%kJwN?x!+WM+nm&(x)(BHfG<G?Rl+{ZVku66$qye
zUSi2`@-!9xiY=(^aqb;wO}6ZUPIVUxKl|QwCJaLLUYpcB#l#lzn0hJ$6-%Rh|AD-$
zYcNFjtNWV|6n$Qc8WnKS(o$cO>)!8<=hi-dMU%q~o9W#Hg{n<r2K9S!oC&oW_qM$l
zi1=e@UhMk=r`to0OigRmnp@xRd#Z5nPl(#J7z!K4vt5(gi3=MtbdXI>K7&I-!HWkY
zC3Qiv;1;=XNH-M~N(?NYZ>GDzLiOq$4IAEt5eN9};h5gR+49qL#os)I@u?y+@NLoL
z3+tJ;f)4`ZYI)M}{gg@;xso0Ub^FwdRQ5<V%=-3hf=hXrYR7ysP#;!<-vkMil3%fW
z{OX2)WlX?h{?9tY248RR)K_Y)d_fp@h<V)co@JbS&|Jma<-Hq}dT~-ct8%6`$}r!4
zMACvXOoW{dRk<r=@+QZm?8CG`@*Uxv==WDDE+7WlVxI)h_>K{5N3hXjiRnFkTr79F
zU`#W*BQ<=7_c|TrT2)m#2~QWrAbD#6E%xWeQGjvjKK!LzT_&0dX7(#=Z#=xqGiZe0
zP_<Fqm?pC1G&DG*gfumG&IiSA^{M6S1O{5<;jrZ4KJ0vhKgs2r81zo!5Q~t0t0hNa
zulzZ#?#60g7?rZ^t&}i&63e|Lxq1c~WM{gcEiUu*YGPs=0Wul%GR&&^##*8;@Z9su
ztbK8PpV+Fr$!^yz*9tN{-<>AfJ7wP7p!T)PDENwgp>c141SfaF1+B3qCx_&5)y&{S
zk4de$Rbs1)ysbl_Bmrp;d)!_vRy}o-X4x9O>{~4p&OxuhBR9IzcqawZF&zg#@$25K
z+(K(f16Ms=2}Rboe5P7y?Ca0mRM&tHDa0cMS{O|N<M+Hi-jB}FbdRz$@_M;T;$tv@
z6YDrINWq+=+L}Uc--$jD?|VybSOiBLZ{<oPR>JkvJ589pV$vTu$>!bZ&P>u@h~y^v
zs?YzFIhC_=Hyn1_PDAPHBhLgb=Jj`q92r{7@4A<BmM=#Zz4}lWnZ@HX*nK$+84~7>
z7nWPVx2cYb2+ZvIX#TwLeDqFfj9`3*MnM%_&u8o}hHZ9To*Q+V4PB${uT2IlyDje*
za7dW4cKBJm)a>X>7(G|^LX7VwX-2%F05x{q+ZOkS2?~1^A*WvCSeJcSj6gFJ7YItb
zOm&-kq%+~cu0!};quYy*whqVg6=^<&-;c1(%x9d~l;EdKV`N;nOr(o_SxD#fHMu^~
zO+qnIit>DBD<9R>tBUEW9g){zD*PDar+47N5l=665OW3-Xhk-Xlm+OTk3JHugN-#z
zs{7xle>coB{&2AryT>YQJ#CS16hcga$G=6))MLbK{O=Gmiv0&-mcIgkE=HSK)d(gk
z{#z!|o;R;(W{ftZiTH6mDlejH)9dNcsEF;@+;y@RDJZx{;VWH!_)Z$_pt}6ty6?W3
z*dVLV+t|z(9$$>N`cd8{G#i?O2zrU?_r2za`Cf_)3#t<v?1;eoDFtR9<L=+XDG4h$
z=w5uNylY;ueNQzie)dArleafwk#p?NQua1HiO9?5EsH|ji?c89nUPemGN!AX)^Oz%
zit*fh&mmw?zR)LtrOcNb`~fD<^|Ws^F25&=Eci&hpoT1{B<9nD!P~{{!8;D#<j7v>
zeYY_FjutLa+jm9`YiCgU*F~9ymsLrxt1@f%uqwy5oMG}~8F&#@9(GNk>jV63Ah`+m
zZRuiKe!I~9F@?+_k`^5~w<H3R`;;Ai?Zaxq*%x##T+=NPsaKhgABkf#!uOJCd8EG|
zZkAJi$;3NQCo^H&w`{b-UhRoX%wluWMoGbDXW9Ld;u=Ix&5GfLbmQ*r-i;DbahpsV
z0wWx=9IakT;9P$)ZcI$HEX%z`L)v>{Y#FwbA`cWW`XUpp(;ecxxIa3tn`0Cx(TR$v
zMg=aByj;NO4;}Dz*hr~Sut)1Y9r+laTKKgH<sD8hUQK6OB%Zu3(JiTv@PxMX8>>$?
zp9a3W$5WJKmJioinh!K{``D#s{z-v(+1B^Q<JVfJ>)eo8Z$&LTOWHrHIh%;o9X_Y5
z5KFRoXj~FJ{7&}%`#Rs-iR1M9HfjS?Ia}ALE!<Xj7RD$elH6ES@hdxv{W;F;qH0Cr
z`@*&M0AaDR;Xrl@6-^gIGos-e9zJ!{T?9&5UmwTlj6K=<YUskUTUgxw)Z61aJJ<Yt
zBR0j1SlSMYm%K%Ks#}7EUdQJ4aNcXNTO^T9T;_GM$;Iq=4xx;~oJ8v((U@K6EjaQ*
zXiU!XhN>IQyiXO%lB7}w^!WVcu4lq7qGXFZn-Z2z6W>?;f>U=khkARCHcd;-x{KFa
ze#+w#j>5djUgD)e6AdCtng+eDcWGj+Nh>R+qqDr%4~g;V%;3WY?|nS(1{7{J8@gJ+
z3-~?7M5oV8zwJ!w39c2<r$l7A+tqY`bTMACB8r{ZsNspp55PWB;zh;A5y>K-TjIT<
z>valetFYO7kmC`MW3X2#{)(!!cAhYIxo)N_eQc?f={0KOJ-yrRLw;kE=JI>j?_cvz
z<_@)_H6@nUuny|Wc}riKPU0S_aXa);)Dx;9iYm5@@e<*0E2Akwjm}r<K7?sd9%{(8
zDsc$g+C5f#5HF%i{x<qKr{t-Wmza(POW|6D2I{(BrccY(hws%k>)$Ur{S{;AL!K@R
z?B<Z~dHp`EygT!0cFVSv6vJ|)*eu#@UN7@7`>HP26P)U~jMH@K<rroHRfie&mWy5*
z*0%Y_f?<J&1&$Sox6uf<azd>MZ8C_OhMQu$;PCc>3l;1<UmlF&X!y3!h}nm}MobBR
z7TJ@iy5m)_nB7V)zL#a;F*xj?x3c$Xc)e&R_Q;4B`<wQ#re_5(9Y=MJHWcQWxVY}l
zVAUCh-TWkOmLA7f#r1lZq;}Qqkqd54CF(ERJPOILTJr=sX1XpvP#-(Pvb<GZCM<w3
zr{eMC#1|XH8LlmIh2MHOna9f7ZDVhJ1R>@<5HWwV0^-Z@Ec@JlKg*7rg*@$ba4QkS
z^}_St;&j?EPB;8_I2||p1E>AK6~(@yLj(~-3RPQN=C||knML>SEwR8%=PcU%<cnx4
z8wJ*BVb{vU%G}aQFe*sTD3N*UR!eA+iu5qwOL~D?z>W#T0D9z--Ney)f_YN+C-KPE
zuQyN}ZW82=IODyUO(5{8rY8&)J9LnVmN|v-aD6H58Kx>HDyw6FnaAhut2-`4t&@z_
zE;{cd#1PwfvvW_LOprTBKVx4m%W69q>93c(x<9$vfD?w&N;OK0A8BHEz#CLeFpg%4
z%Jt$mwQKC5QXApF$c%s;3VdYc4(*6nLkJW*NZS>^b@I9pP^r+ucixxZRAT$i*9Gb4
zJ$B141y(gY&k$K4>)VFzXPU1sCU0ey=)c@bWNs@hdZFmTAANDPd3)dW(-y1BCyCT=
zVW9+(1p}8W+^*Zdt7R%0@mzn3m72x2D$F)|=KTs*eVT~kdDfA|)4r<DF>u&$bP*qg
zU}R{V;pcsNqiIFoMbQ-KB*0!dZ69)%M~8(t`}NXlBj08kuSvhMTIjWLdS-)%VZ*Y`
z6G?RHwI;J?ZqF=ccf<?siWH^cnsJS9#n}h77!i}XZw{5Sa9%o8Oz5_anp!@bJGhD0
zaM>hhV;beid-1&%^ZV{h*ZMmJbBtWr1VxEARNIGPt6P;Z_xT9@Y!!fc{0TWpi)f0J
zm{2c$ov_R{#aWu&TR|_rfOQ=QNVm*^D=Y@SMl=_Fx3(&DSU$!tJAX-UKGWg|t}Bjv
zG1pTdgN5M}2n&6RSu(#`S9{LHyTpEaA8Rf^tgU9BxJ~Sqvyc(E;@8^F&xB+0-TkhL
zPjJ`6Z~V7!dna=hb7k@QAHpvUd8+!r2Nvh6Ozw%^6rH|#XABGdTeIMmtWZ6nuI4kr
zOt-QRCGNeV?}g3obyqGsE!FMXi@U`ui`>v-c^gtoG3}^JOYr2bx#zkir?!yxv)q6;
zrDqB`AHBckq1B{rWJ~zenNWuO*>=&rPI+As1~uY*+Gxufs*kuuu|@V;*TXCyNZUlS
zgeaxI$kR{CE8yO}&CEK{Q#xV#)|bt&ngWNN-6?g+;j^W9_mhdIrCoMxM+{WrPa1+M
zxR<@s;6^czt|tWdn<20rOuFL@<~oe-SC;h+)$4z`%`xV5PhP9RK7WtjW`Esn$%^C>
z!<prn%kqLZ)&#y9h(2ui^b+yq3zD<G(s#r7w&!J<u(VmK{zRuy?!rQ0h1~JSPe0kN
zx@ES!L&>cbo)4@FSLfKR!FYa7^yq3)Gv)Gol}aqHk6OeGD*@D_+_I-5>5@5vg*&gy
zDn)!wZ*nKTeU|fJf-$$5Nn^4<=__i{0JG~kiM01*&e;c<$t5*87rEWVpXtzByeWB-
z+vI4{pQfdpwXI#X0Eb&A3&#-U_cV=itXCHVVUJvMGpWOBDYJAPclBa9qP^-r;)O@<
zQDVFiiZrL@Hcpi4wWM~R@G8uG#z#-HbA)Choy4lP4X|0<g>n1S7+D5oNrx40^6StP
zybm%%OldsaZ8P^UMxCQqY4O*y8NQd3D^p8!RFH@$S1A%cKwcEg@M)Z$Ey83T;g))Y
zC5yg^)z@j~{A7ju7C>_~Cuuct)kxnA_f?CmQKt@#tUzDCrZe*?)+dOs8rF-<7@zmA
zSVM>@*@y<vgK<eH{SuobVY+r4oBUfW0R7<eI24;i@A-FQlZp91Vv}FMvrq_dI9ltK
z`v|alWI}pbTa!wRVl<FKEv~fw4k5u$=HXtc4l@2Td!4t_d(3KMFDfGh-D<`cgZXJJ
z$h1~6u8B&iy~)JTd+lpq<-uZ*GmEN-;@C0j2)e|tYe@$C7(o{r9`cPIln;vc@C$<b
zu3ltYc}DV{iCx*ba5l|~oAHtzg;kZ?%d+mYAWvDnOa?es!}ij!!o_=Bmrz%_Tcc$^
zU1VFHl-+x=9-)NC;`b5L`?Db7WffAl#st0A9LrmQ==$EbpCzNEE;6h4R?_*@dD_{q
zX%fy}x`E`XVYwl3ZQMdxqGLl(R!UO14gTsze&a~|gn>C`dx~g;^6jW-*3<3JtSsro
z2lTa?4G;1Qn=6M0wm(-|_&GoOTsa1QFIP(VIR|{MtOdW9D=+#v?|iO25U&iCSiVFz
z8Y<xq_+PzzlYQxx8aBV>9VOl=TqD-)H{>%@+_JA)ZKy8TC3t*P#$EkJl9Myf%xYJ}
zFf_U>J5bqhhX0*%mH5;RSnXTIXP)>J>qp&ajWl`o1h(_Gx@f`#?a~inIi_oqykq=J
zd{qdn*4LX>hm%`cBoC@}EnamcE4pc<$*sKrYzP%Z2-DhbQ!0}Mz6=;}l*L7}X1>hg
zfUnhiBq?6Sc~`Uz>y3If{I>Pih(|*78oQU!$B|@olVn~bvr%fDeV^f9H7htfk-~-j
zpCewZvjw{AEZ`;VEWGfk)L>FRP0BH6G;?dYKX_V6?2cFht?2BOMd`Aa{3`Ra)(6WL
z%s6_8e4V(PU%X<)St4W(G<SA#miDN6v+b!Pl3{l)HZk3MSd^qe+TAES?`>>q+LA!u
zKd1F@s*7X!D^q{0Hk0!vbMCE93DUtrBf{(1%pV<wI7X6$%F;&8+AiYgTwCoRmN~W_
z4B*K4vL3xXXt8+UIT8eT&~UMs{Oz=6?RZ*4^WRTvu9`#Bnk8^E62#RP4-?P=g@V$_
z<!^vY+*gPzmm$OzOy5s#xNuf6T?^bO4E{nNjDUau+<+hJ*DySNoQ}_KfQUy$V*f?_
zWMon%l@W|7k|5Y2!Vm-K>;~Y%jh1w+nDBptxOfycU<2}p(l3(h#esV>LCNL*Cb?9j
zf^+ciBtPW@Zk7tL3&P@u8ie72K>gX4<~eMD16=(IrIToePMgXEwFR#6b6e1HM2nn*
zV~$TCfMontQU8J+RQZ2D|G&@xGzu2ye;NfRH)6}g?HwDc{@)Dsf>KG$-0ut(8hvOG
zagQ4~0Jx^~IGr?0Kqr;?c!*K{Y?gooiA~Jh@el(!{F7N86K}+aSO9>iEP$yn;}Hlk
zQ>n!H&Dm#{(PhDdYYxhxmOxKna{{{3_k*J$CSKq@XvOW1v(F%E!RmN_Q9FqaywIs-
z{MdsP5G9Brpo`5Zy_d}jQjGBePc5?m-}fN3htNrC5VazZ+Mj>FIH_f}%NWP9Jv$*=
z3`mg;I=RgJkH3PTY2pE=!4VFnlc0ija2XS#vOoEcRKTOUVuk+I)@%?Xx&OpSZV)5?
zeiqsPZqEL{zd8GVTCn>cuCyk=Gvxxi1KK(Zt^`KGkGB*<2KH$8r{g0}nk!q;B4n-{
z11HRtP5OQa_`aovL8Abo;*X0DOo3a3p>%S*Vht62f~cH7|F5V_YyZR2(%+nS1+Mhu
z`}<1IALm_t-?Y!A5AL-`_=>~qp~J`s@Qm$zg1|GejyLrGxeWAQul_XUGH~;BvICF7
zQ}Kj3fE(ty|El|A+pmDI5I9l(KY5lGv~T(6jl=-P8}p@r(Q4A8oCbNnKKI&rY)#cn
z7UG41XvtpEw6WLzI|j++SVgH^kC@}i!w#}j=|?2d7bl2n4_;H5o$X1STgyz<k&(iR
zl;kg{!MEs@dpbu<5j-$Id2cp^F2^J}TW7g$(8Nh(d~)TP6u(f!2-D2=()^*(O;PgU
zgG(cR;}w(CyURX-<E*lg@2T6Qrk~eEVEEDnE=o@}M<rBwKB!-#%S(V`QsMY@Wt=4w
zvJ4Q;G;)eFDrWi8^zx<JlinsZ0=ZOH3UTHz`Ll_8?jy59UQDL@5+<5D#lg-gr`1B*
z?|drGe9^2n+Kt8Jc<ymJ99(lERZ2(7n>(1U5aZ=V!EiJw$9#j~G3g3z)^snbz`E^a
zgJ5d1E3P{$HT${SNs7y3S|}_c`pfp{yZo9lL%gixvC63*&k1=smJRHE&?&l8Y(M?v
ztbmcJd#v025<IhtQD?E5`<;MwJ_m*)n;bg%wn{g>g|<m-ELxnx$QuUh^$Ryh`wG+~
zVR;$I^Xce<?`I^nRR(g&sPWVe(pwZfCJqK#cSa2)`IY<*@~#R}`&~A+?(z<E9=;|A
zYxzX<@ifZ*!yR&Cj+y7aLa<!V-b<`E@bGuPrFxAp=1EotS6!11z>b=rl)zAaBF1z!
zR<ocm^(vlN>LOL*fZ<hcx9%vlS0qFW(KR`?hDLY2rc$VPdMamW&qX$9Qs-*Qaj~8v
zjJV6;vaOHpmejn=i=%8{Z27Ux=eEq5=mmn_FQjGxLspH=foi_&ZF2J#_ph0nPAcr(
zT2xpSR$ak;&_tsW8BCO+Rr4sjmDu;n^A4%3n2LP1LT=rWjG^oCYz00|_%+eFJgid{
zDl87l^PIa|KK#n+`38&%A(xV)uTEW6>^AO9oC;E(@s;FB6ZM1Z@wc9rn!9%+(F?eb
zh<g&@E1veac=Ywimya9G>B0|JXS>DW&lflkYW%VXmEl^2T%QH5Id~`XP}*xAsn&?C
zd^1^rMHE`iyuT7r|G3|CiLvQvlhN>X1<C9b>BEUCjw|`!B6zU$1b0u>Pw(kT_Fq_%
z=^(Q|qv_~EkU>6ePT4!np{N2AG9=!RElP?r@VR<3SLeB;)Lj|?_i9#;zeHiiHtSCH
z>O^MyB*upCj>D%?7D~RIcgZgI^6|Ie)%VmKX8Sdc4C`=Dz2OiWOo=Z{M9uoI*JxA=
z3iF3=;%RPAUKO74?T&dQ!cj%cYh7ksJ92~X5e_^3lx2g>Bh?RtZV1VI-Yd@M2Z$Ee
zSDt0RS{{Ei6DgN)SNTCw_q^Swd8zF!HsKvd^`v^Df|_U5?0s0doi`$w&RuA?u6x}o
z^@*?LMX}JTs+!Dp<3%R!dj$Tu_GIr}sV`i8y1qQ|8s;)}TG7(`^*SRDJ^IL*%FpW|
zY#4kRcUNV1nJrW58nmhcMxTjp95Ld|a;!U}WbUI;Zsgu%E2v-`eDzg8->>?4OwG*u
z^>vfhLGS4Dw@+!JyA21>uJ<87OfCTY->mreOrj>x6+;PXN-erW+J<tm)I~7>5pyZ!
z@CU+%)SeGuJ#`g<Yzk8)BZ~-K&X4M91vlkBCqsxoi~qZ0XD?$NPfU(C82vSA3Ne@7
zyE6n$ObozD6GX*|?6>cYrQ`Po^WWbacZPnveNZs~z{Y(=yKBk7f3I$XVR2%!!I~)D
zuFMvGeL!2Hc2|1g1FCmGtZgP`;MrS@c;-{>u5&Y<Z%ak^IbPU^M72;9uy1dAzq)nW
z&gR3_yIQ)4Q&fj*E$A`R6-txTtqiBHQEOl|$dB0SVY_Ek$u6=_XQa+zP&^2uBlN_s
zNfUX1_ssH*;-^y;>>Z>$!&i86`qksHbu-SH(ps^7V!r1>WtBtqG+#dMY#nT-n1*X@
z6FsAeHGQ`InMjL9k(I}O_T+BQ&81qu2Wo9q9r3}|6AntDsd?BVgqu(B?rz`luoxiY
zh@rW#+(WnPPETx0C9`}@g1u-eIQR8yR#M(5b-l1kt98V?bffahPl6m*CIwb!({QdB
zOrNDPH_VSw?QD6RrFK4q2B&!aKJj6tD@;-`7n|!~&SGii<AOpDa**2S5~95YpO*CU
ztMbhVSr-0*Yv|i~_J^zn%x!_)tapPV7(PbCsSTp(3X`|;o+TFRWn;MRs1rV$SVr+w
zK!4fklA}I($xUh6ORDI_BbmcGTjmEvX8iR7K@ZJaRnLZdXtW!A)eGT_X^~9hp&W0k
zHqVM)skgMU^uT+LclWBn$b+3y5vqyOb}L=*JROSM6{;L&>X(H+5(;D9RK2Y7ZmO&{
zs$wLZ8CSo^qC4IvrO={cCjLY{_Ugi|-d65%|LL}~<jS!5rqAiulvfNCRAhaaZ}b^<
z6^l6tqDiE#ehYRxl5<Rm3V#sP^>`zc^i{?ky)L!GDHzdRQ4KePFZ&}8P9qyv8_Q)d
z<aSc!bK-QLz0YZ8s_cqL%wuAC4VNQeBBX(9;5&N}pxI7@Cn@0Ek*d_;KlNFW6hYFe
z{IS)4msI4Iqk#1xknl|>ut?!P&cZd@Nz7}i2Q6_~4a|7cUoyX*b)Q<|K8Ho@rJu7J
z^0wmM@{2@vt&O_DX)QttxPzgCLq!f60be%vd!;v->_L%H*>i?>0u99u1J@rPKECvA
zP3oIXSXem?!)sv2S6qU7iqj_5pCZ8Qe3;7(){fKT0eda&OXkbf#w9{Ldr47q@7_FX
zUy9mMVeP1!dv@uWHwqOP=ri!yQdlyUV&q#$zkAkLSkI-&8VuhERf4#ULc8hLhpyIH
zM6vHaw!PVMm)?5f{k8tx(S&ID!G2Ow&wEUqp3Td9Wd57ynshfjHZ~oPC=??c{QTaI
ztYO|~G{M_`N2y^s-NJKsRR;g8XteQRNS3<&Ljup@v60FTFkug24U+c*i&>#dq14vn
zRs`I}aJDU?tFAiqOH`=0_g-zip|qvjuJrA{v6;~2M|qtl_M+iK3e)U+>l_hA;a@!D
z3vPQ^e4(YM6z_nkVXM?;dtAkj*d=aWi5AGd^X`qe<TcwT_piKAj*8JV*4CYI8L8#2
zX9p@$Q*`$!2YB+-EP9h3E3L;wG$Nvd%sby)i5GbAQjyQaI<<rk+l|z#6wMpJ8DXu*
z|8O>(;p~~>&dlMCt*GF^-gW0&1{-XK&dkX;t$JdvZsDie=7k&?W|&UTjYvL@MVrz}
zyF>m?bFx$9i$Jk2KfDO<^qm)_bQY3I<V?C1-gXr%LOdfB#6;ifbBG2%sCvrS5LIi$
zq9^c0Qo_7(+Dc=}sKZY)<IBlneT}IW0%%3-MhMPVu^Nt--Lfd(d3f;w*)A2<xXb-D
zJTEmtD!}>M!@%=SwY8r^cDG&xh&+6ooNsz_nr}z6vBNS(j9vG9eE6<nuA>C9Fo`?m
z5zlk<fugd=hRAGIN9*-SM1b1+e95-A2X!m1x|X*rGq`9mR$eCrj|S`A{LoQKQ4MeZ
z7Il}|(sZ83C_lch)OTnQS*MFLiS0q>`))s2if^SYk}3tSTvME?AJa7@^Ky*t89QC(
zdHz__V!^LpO?mrLGKoJcA2xQla(|>kTf8?*>V~_2&hh%Sg&?9s>44E})zsk7To@TI
zg!rc@e*50QK7Mah{@oRY-Wx^X(0fCx`ulssxtIXpzy!lqU^?k<VA2+ShTa=2V}E~d
z6ontZH>jv#I+o!79Uyj84tjHQ^I`Z>89uCn*GG$WQ%5kgjrVCnkbb0X9AzYyzh4Kn
zjqc@{h>N)>LCxv^Yrhif`D-6Vwe5TKz+>B~4X>GgG1q9Eusr_t+Ka_5D_(hteH5D4
zG(|PLL2dJno!qR!5uQdKs>!Ps38jXnM0mao6N_H<aH)0bJ?3kRUrs%{+V=H|qhEHs
zp4rs6#`3bC1e3iSTgRUKoqs3r^=*^A)c0=ZqiMgtF(@6~SfXInv_Sc)+za`3@znfP
z8)}VOQ$8|hiR=kX7TJ8{9p}IIm(<y;&oFP(-LiG<tJ(>i)(a}kB-V18U0B=eFLKX{
z!N}lptKX^=4|xSK;XSGh)(4}0&0orGG?npm^PfJU8}HTb+}b;@Y1KPNYp-3BwsMoc
zKRBjXv8;~K(|)hv6}?$6HeBEPCwy;N_0|27kM8R~@Z9=1>q&p2w17+cvgvO=Y<?H{
zdxz$esE&&Yhu`VG^lE6|7N=gjvb<-7{Pv%(LOBiu2~LbjwS82!Vi)5BKE<x;G{N%v
zwS47Sd-reknQYf9diS-T;{AtmuTQj=ReN)NnrqFrZn>V=xvLpcwO)49Bkg5BHHQ3f
zoRpn<u;1B8a1+DZYkb+qzq7rOu(!Op%Sx=@PdbNVlF=Xbf77<^S#wXErNiTE+}+*N
z7-}cU>Tn%eo!nu+=R#kxdyUEtmipdhpG}q|GcU53BcOfjZ1Ik&yFaH+2ulj~yIs_N
zUORV_%q!c=-#00wC7)k?<$6?J)y)n2uDo&j9<|e4V{hzU?+w|f%2}V5Yj0<{EmOUG
zbz^hX!@LJC4j;?PD*k&lF3V$D^=|21|GksefB9Q}V);`s^MrkID|VP~wY~dv-@e>t
z-9MMNrCD;@hTSQ0H#~LsjnO<kPt&f}gk?8+;sfKReJpLXJk#>}v2TZI$)!cV&K-`9
zj#p~gp!@5igp%LB;At=3SodmNY`&Z0=K4nM(xQx0O->tU)U;0i?_>A+r@HEuuNjN}
zY`t`z<9qp@8OOdT8^{LFcT?Lx?<c2We4XRo*JjrD{ibuK-EYqQy#DIxUfy`FsQub(
z@6y*@f7A4N_UwnRzE4cn<ki0Kqx&hCvwg~5$&GuApZ!Q&H^*bPjp*!zUm+1YHD5Wa
zE|tr<TY6AL)Na9qgeiBe*QMqbUY*yp{?qpP-PaBHyytSSJ7Rb2;Px8_6qMbP4<9#-
zD|O5g2rc?5*1%b2z0hpA@SB_)3p#%?*$1gDIQnGsn!P<a*ABc{aNTj{n$NtS^?7pM
zMefX8c_F9Ov|Hl+t2f)%%--jrQ5!tr$>z7+-^%_jTd=oWKA1o2yIA4AGA;M5{O!lp
zr|!CZ$J<O&t!V#mU?cm>+O@kKS@r7fX4`*b<+yV1x4dq;p|YzUq~u_;<-<3iCIl{j
zR$!JtYf1tH9b|mB0~as=OR+x_@GUD|@fJL4at^ipSyKWmf1*KGca&^`n4$(;28U;G
zPZ;c$<!Ek+w)?fF6u8x2#&;XU6uY^=kxk%`CJ1Ak;`_M+xQrQilS&)N6d;D&q;lWq
zrXW*WDo6}?lgdd31_C#!0MGGNaCCBXb_;L=p6Uy{QN<Z}=SqN^2ax3k5(8eV;zZ0%
zD*C|E8UheEspvC6Zc+gqYwdt}lL`;Rg5A6fzQG>;zOEpx1&@=M85Eeg7z7v^7!<zM
tqusGm0*suykCB2EV@PYFDsb?aO;8nS<v8fxh_4nl!1LRIfdxAJ8vyH7t^xo6

literal 0
HcmV?d00001

diff --git a/testing/btest/core/tunnels/teredo.bro b/testing/btest/core/tunnels/teredo.bro
new file mode 100644
index 0000000000..c457decd98
--- /dev/null
+++ b/testing/btest/core/tunnels/teredo.bro
@@ -0,0 +1,35 @@
+# @TEST-EXEC: bro -r $TRACES/tunnels/Teredo.pcap %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: btest-diff tunnel.log
+# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff http.log
+
+function print_teredo(name: string, outer: connection, inner: teredo_hdr)
+	{
+	print fmt("%s: %s", name, outer$id);
+	print fmt("    ip6: %s", inner$hdr$ip6);
+	if ( inner?$auth )
+		print fmt("    auth: %s", inner$auth);
+	if ( inner?$origin )
+		print fmt("    origin: %s", inner$origin);
+	}
+
+event teredo_packet(outer: connection, inner: teredo_hdr)
+	{
+	print_teredo("packet", outer, inner);
+	}
+
+event teredo_authentication(outer: connection, inner: teredo_hdr)
+	{
+	print_teredo("auth", outer, inner);
+	}
+
+event teredo_origin_indication(outer: connection, inner: teredo_hdr)
+	{
+	print_teredo("origin", outer, inner);
+	}
+
+event teredo_bubble(outer: connection, inner: teredo_hdr)
+	{
+	print_teredo("bubble", outer, inner);
+	}