From ee302681649df3d3f0398fed560639c1321da636 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@ncsa.illinois.edu>
Date: Fri, 23 Sep 2011 10:31:20 -0500
Subject: [PATCH 1/5] Teach HTTP parser to derive content length of
 multipart/byteranges bodies.

Addresses #488.
---
 src/HTTP.cc | 45 +++++++++++++++++++++++++++++++++++++++++++++
 src/HTTP.h  |  1 +
 src/MIME.h  |  1 +
 3 files changed, 47 insertions(+)

diff --git a/src/HTTP.cc b/src/HTTP.cc
index 0d154f1873..ee5ee5f1df 100644
--- a/src/HTTP.cc
+++ b/src/HTTP.cc
@@ -5,6 +5,8 @@
 #include <ctype.h>
 #include <math.h>
 #include <stdlib.h>
+#include <string>
+#include <algorithm>
 
 #include "NetVar.h"
 #include "HTTP.h"
@@ -310,6 +312,49 @@ void HTTP_Entity::SubmitHeader(MIME_Header* h)
 			}
 		}
 
+	// Figure out content length for HTTP 206 Partial Content response
+	// that uses multipart/byteranges content-type
+	else if ( strcasecmp_n(h->get_name(), "content-range") == 0 && Parent() &&
+	          Parent()->MIMEContentType() == CONTENT_TYPE_MULTIPART &&
+		      http_message->MyHTTP_Analyzer()->HTTP_ReplyCode() == 206 )
+		{
+		data_chunk_t vt = h->get_value_token();
+		string byte_unit(vt.data, vt.length);
+		vt = h->get_value_after_token();
+		string byte_range(vt.data, vt.length);
+		byte_range.erase(remove(byte_range.begin(), byte_range.end(), ' '),
+		                 byte_range.end());
+
+		if ( byte_unit != "bytes" )
+			http_message->Weird("HTTP_content_range_unknown_byte_unit");
+
+		size_t p = byte_range.find("/");
+		string byte_range_resp_spec = byte_range.substr(0, p);
+		string instance_length = byte_range.substr(p + 1);
+
+		p = byte_range_resp_spec.find("-");
+		string first_byte_pos = byte_range_resp_spec.substr(0, p);
+		string last_byte_pos = byte_range_resp_spec.substr(p + 1);
+
+		if ( DEBUG_http )
+			DEBUG_MSG("Parsed Content-Range: %s %s-%s/%s\n", byte_unit.c_str(),
+		              first_byte_pos.c_str(), last_byte_pos.c_str(),
+		              instance_length.c_str());
+
+		int64_t f, l;
+		atoi_n(first_byte_pos.size(), first_byte_pos.c_str(), 0, 10, f);
+		atoi_n(last_byte_pos.size(), last_byte_pos.c_str(), 0, 10, l);
+		int64_t len = l - f + 1;
+
+		if ( DEBUG_http )
+			DEBUG_MSG("Content-Range length = %"PRId64"\n", len);
+
+		if ( len > 0 )
+			content_length = len;
+		else
+			http_message->Weird("HTTP_non_positive_content_range");
+		}
+
 	else if ( strcasecmp_n(h->get_name(), "transfer-encoding") == 0 )
 		{
 		data_chunk_t vt = h->get_value_token();
diff --git a/src/HTTP.h b/src/HTTP.h
index 6614886e44..373692c0c3 100644
--- a/src/HTTP.h
+++ b/src/HTTP.h
@@ -184,6 +184,7 @@ public:
 			http_event || http_stats) && !FLAGS_use_binpac; }
 
 	int IsConnectionClose()		{ return connection_close; }
+	int HTTP_ReplyCode() const { return reply_code; };
 
 protected:
 	void GenStats();
diff --git a/src/MIME.h b/src/MIME.h
index c8c70cf65b..52d943fb15 100644
--- a/src/MIME.h
+++ b/src/MIME.h
@@ -95,6 +95,7 @@ public:
 	virtual void EndOfData();
 
 	MIME_Entity* Parent() const { return parent; }
+	int MIMEContentType() const { return content_type; }
 	StringVal* ContentType() const { return content_type_str; }
 	StringVal* ContentSubType() const { return content_subtype_str; }
 	int ContentTransferEncoding() const { return content_encoding; }

From 64e821624b34dcb886599a5e478f0a386f26e569 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@ncsa.illinois.edu>
Date: Mon, 26 Sep 2011 17:37:29 -0500
Subject: [PATCH 2/5] Fix handling of HTTP 1xx response codes (addresses #411).

Changed the parser to not treat 1xx response codes as a final answer
to an unanswered request -- a later response is still expected.

The scripting layer will also not finish a request-reply pair when
seeing 1xx's, instead it logs both the 1xx and final response messages
with associated information of the current request as they're seen.
---
 scripts/base/protocols/http/main.bro            |  13 ++++++++++---
 src/HTTP.cc                                     |   4 +++-
 .../http.log                                    |   6 ++++++
 testing/btest/Traces/http-100-continue.trace    | Bin 0 -> 68022 bytes
 .../base/protocols/http/100-continue.bro        |  12 ++++++++++++
 5 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log
 create mode 100644 testing/btest/Traces/http-100-continue.trace
 create mode 100644 testing/btest/scripts/base/protocols/http/100-continue.bro

diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro
index efaa2e12c9..982d29acda 100644
--- a/scripts/base/protocols/http/main.bro
+++ b/scripts/base/protocols/http/main.bro
@@ -163,8 +163,12 @@ event http_reply(c: connection, version: string, code: count, reason: string) &p
 		local s: State;
 		c$http_state = s;
 		}
-	
-	++c$http_state$current_response;
+
+	# If the last response was an informational 1xx, we're still expecting
+	# the real response to the request, so don't create a new Info record yet.
+	if ( c$http_state$current_response !in c$http_state$pending ||
+	  c$http_state$pending[c$http_state$current_response]$status_code/100 != 1 )
+		++c$http_state$current_response;
 	set_state(c, F, F);
 	
 	c$http$status_code = code;
@@ -246,7 +250,10 @@ event http_message_done(c: connection, is_orig: bool, stat: http_message_stat) &
 	if ( ! is_orig )
 		{
 		Log::write(HTTP::LOG, c$http);
-		delete c$http_state$pending[c$http_state$current_response];
+		# If the response was an informational 1xx, we're still expecting
+		# the real response later, so we'll continue using the same record
+		if ( c$http$status_code/100 != 1 )
+			delete c$http_state$pending[c$http_state$current_response];
 		}
 	}
 
diff --git a/src/HTTP.cc b/src/HTTP.cc
index 0d154f1873..6f79ffb443 100644
--- a/src/HTTP.cc
+++ b/src/HTTP.cc
@@ -1305,7 +1305,9 @@ void HTTP_Analyzer::ReplyMade(const int interrupted, const char* msg)
 	if ( reply_message )
 		reply_message->Done(interrupted, msg);
 
-	if ( ! unanswered_requests.empty() )
+	// 1xx replies do not indicate the final response to a request,
+	// so don't pop an unanswered request in that case.
+	if ( reply_code/100 != 1 && ! unanswered_requests.empty() )
 		{
 		Unref(unanswered_requests.front());
 		unanswered_requests.pop();
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log
new file mode 100644
index 0000000000..a9d02efa09
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log
@@ -0,0 +1,6 @@
+#separator \x09
+#path	http
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
+1237440095.634312	UWkUyAuUGXf	192.168.3.103	54102	128.146.216.51	80	POST	www.osu.edu	/	-	curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3	-	F	0	F	100	Continue	-	-	-	-	-	-	-	-
+1237440095.634312	UWkUyAuUGXf	192.168.3.103	54102	128.146.216.51	80	POST	www.osu.edu	/	-	curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3	2001	F	60731	F	200	OK	-	-	-	-	-	text/html	-	-
diff --git a/testing/btest/Traces/http-100-continue.trace b/testing/btest/Traces/http-100-continue.trace
new file mode 100644
index 0000000000000000000000000000000000000000..3ff38fa5c554b7cbb1636522110cab1e691e33a0
GIT binary patch
literal 68022
zcmeHw3vguFSzdeB-dKXc4g^2Ikh4AZO0!nK^q7$}Bds+vnjNiYc9fB3m-Vs{SKYVO
zJ=5K{_ug(jc3Fe5F_bX@Y=?4O8`of7#xaJtj0*?>$DxQHgqIz{!)$>Iut}=GWvDVx
z6*k}hpL6a#=ib{_EsbXFRIGWZ`##S3&wu{c`Tzg?=hOf7gFkjh?)f?W^X#*^-1G2d
z<M;o|%J+Zag}Ddunf~SOdetNE5xJLs@zN7BFU&3Ha<6&S<FCoR=B~eg{3GwZbL+d`
z_6Jj+dMLO0^v6%N>EWNh<Jo85aXFW}<M}W6(DUxR^Umiz?}ei?UwrS^(!J;3AzS~s
z|1gp}gYWcDwk!MK)+f+Gu5?%NOVl#;kX!xKL!bTa7rhBRbiU*3U-CPjSd^{*$m<Bw
zFQBcHXomhJARYh7ErN9S?J-C@XzzPhU;ON|fB#7d(Z_yvB=-#%JpGHe^1K)Px0BS$
zwa=xt^0H^2o%zRHZuQFAx+sZ@>+7qfO0jZm^jhHhg{3XG)0-F7zTYaHDpv4Uj5nud
zPZpeRx8)XUj=$6F%oZzn<Ai86H_Zp1z;`q?S)4jHdeIBe%+AhE(F^)Tx7I&4x>T*Y
zU0l4kbnmgzb6%&1o(h-T&Q`B6FDA=nfS|9g?{(dIL0vYhPOs^8O1lNLRj7M@y8zJK
zPSvZqwPT~pyIr@6HY??Fp^7G(oxXc)^w=mNdZs@*c+$q7`F5JL)py4x?R%g8`0Q&}
zU;J|M%x~p#pZUADV#cYhORpczT>+-)UxEOZp840@)*DmXdfCgxd*7AIX*?6Cg2rir
z`Ytp-m?j>%n`ZOZ|InVz+1G+5-c2;|rT-y;{O{j2n)_cb$nn28O}yYUfBp(;W%}Mh
ztxS2j+*SQ^L4Ww_@2_Ius~Gqy2EK}cuT%_>diuWq{WV#t?mJjLy(^}k-u?8)7oJ^x
zaenr<|0<Vz!;k#M8>JTcG}>B&-9!K4TI7!9C%%=m$dCP+twk1|WnBcz;*%!~E%KF$
zvaiDR<--7x>!UyOwOQo4$>jRZB)Puk6{{~U-27-QmvirSVW3l6|Kjb(BBO^*eo3@s
zn!n&P&(x@`2R=Kft=@|a%M3QCxboU#qvxF-tk3mEe?nB|#AU}P>vT?(XXYm>^HVe8
z{>$sfM%P?_+x6$gQrD?A+|p#RT%4H`<JUUP-4mki)i#`dud#8%^*2j1#VNiL1TFpC
zm9E=aTf0;$7w3wn9KKt3f?jp2i6^FulVbJaD&Ctc&K?{6w!*5n<N9u`aCUFrya6k+
z1M3&&F%0&W7r^pe_nl5qhaJC67IL$*g*%OY=LXrzwsGBacYCEquifGfoEpsSZLe7q
zo4&V$g@D-XZ;>HASviSj&)j|f%DMGNR+k06Ay%)Qy|i*p<O`+J!&B!<rSt3O#kXBt
zzkEqlie<6Z^PAOPskHoHepINRe52Rv&X-EGAlR8Idj3{v{c35KTC33O>SH0`cZ;=N
zEx$N=hCADBw>rT>N&}U-xjFe>UeucYLcZ1W`7PI};pMj5a{z9yTW}xmH@6q^v_7CE
zM-PjOying3@*yHl167V6xV;4|acaOqp)xr$nHQzS(b17Jy=JfFE<WtGs$Sa_Jx^R|
zG(C(Jv?2;17T3H0Dgbc=&EDRbl6-M=WMt&b-GzcU?|WT=);pr@cKYIaAPR*=+?9X%
zk#l{2dk<>_zk@dB#aSnC#RF^VIkYo!CaC(&Zcori)BqlEww*P;niqjzUC4uEXG_ga
zwRAlwVUf1Ir`jv|UcZC2(?(UcztL*;+#((<UJvq%XG*eZ1rdXD+4Fjy*GhvV1(53i
zM7EIvNZa#D;FlYPcA~ctAX#GQ%G$Mg@u0K43C4S1ZC;`$x~Fc<i<M5d-xDoo(``lQ
zNr7lEYA}^;tSzxZEp)iQLffr19YR^)I)1f5>rER{MnBEt*;e1}`b}Ca^8}q+(=&9Y
z)$H65zS~;J2fe+P8#G+EmlqA+t*dFN20^Lk2ED?jZlq8yo+8w{Zl{R5d2?#{I|GIW
z`H>0H^}Xwo_46Q4Am^}s@(?n+<R?@w82F>jx>#9$Z1K=Nf;vl0H?zx>Q7)dj`%$-3
zYt|oQdLYUF=6|0l`RgqC|J0WJ-+1-uk4r7`p&!oW40=1%9Fl9};IoxR=b#=%=MXhS
zUSNWd(65pJgZvkGswl<40PGtAf#EV}jzqyAddIUR$pCUVL{ju80}>B&L7K;DnNTVE
zXh9~fEQ^zmEee5F(rNRSVJ$S>lM%c&eGuf5QpKs;4#lZKP#7|uh1zA3_|a68ASVHF
z0A?p%A9+o)-SzyQh-AE)Skfq^-t`-W$<q1*uZ8ikch+<K8mXM~&^Qd{X=<T#@3-Gu
zD&1SUmDV<z?#yMUYBnkxgbtxmEwWBSXVi(Fk5-Qe15?5mJD$`O^4k!&fO@}$@jtNU
z)$0+w8cqhKWW!<!n+SZsK2w}2m&<AZw*%x&bIJ(Gg_!{`X8`$J!Z!?b>4Z+RNtA(K
zrF*OWpy#y(WRZZ{6}?6?5M5`>WumGzx5<%QXt*T#KMu)1*j@U9Z=xmY%l^z>qQ2%8
zpZ)D`zKh(YfBv*wIlR*Sx~!E$gZ0NVw*L6$yR`lg|2CI%YOW91pCk&}gjuu2w$;2i
zet~}kJk{gU4r^l|L8$@Lk^d`pJ6k72$1C`5*L8ZL+}#z0x!LY6b7$A7Nz<J!m%BZ_
z*mia?`sP-Hyxo<P>d{Tl2MqJvK;X4tze7*(^BxS)ddu6H7ma4E=5|yg{#FyKg))76
z3jgpIs69@ol@=E+Jc)lJx~o&Fqjs|sb{}3dKvLJDHhH>wZoAupg{)g`JF0)TEwDcF
z7$_5SJzBqX9Upf3KoHORFz~B>zrCrOjRU*WtWiv1YDS|eM23M2qg$g_W6m-ZX0yFj
zir(J<&S9(;x0>}6z(37sVOO-=IxKXrdzuVe7J|m_7@is!5!PIdiXKta_`FDmZXb$*
zVD(xpQ2_<vALChL>7=H!a5jo3F&`i_0V~vP^TP%WO8V0{ot%`-4H|*K^mX(wbe9?g
z!U++pY%-h`lSI27mQB2*bv8lK{hrJ40Fm>e0MV-kqrg!ON5B}Qd<kZFAf6N^E<0Yw
zJuRN1DY5BZKHP6TDI``3KC@a`J)C&{e&5;Cqcl4>evW?(G8%583ezM4PR_;VO0(KN
zsKR0cVX|#TmBNLBxDI0M`>uF$RLwS~kEfbj9*rKB&liLKW<kB9hZoI=+06)qi-XCe
zDdiaosVPQ3{MAHJri7x^c)@8kw;-i-)5h%T;dCbicyL10S{ll*dm>~0C#k;H3?PEw
zIN5A@)f=ZdGWbi~Ov!(pCI4q^$uE9cOa2f2AXW~B^ena=2uI~l07y_(=9L0T{Q_$S
z4XcTb<Mn#oz+Zt0T~oQig*+O<#1QQ(66U57?0UQnt8iDrNgvmDyd+?SCeiIY({Zs_
zGPRiLO<2b&){uk+0`7Wu>qKnQm7bf|(s57TPbjbBFs%~Em{B|tN5)77trX#D=s|#N
zu=hm|uhqnwn{75dJeCKzJ!0IVg~>dWGb9Dwi3m$F4iVSXAea=X+T9~gt{{je9`w@k
z{Q2V-mgvvvQKiU9UQ0cG{K854b9z)gI6F;$@U`y;c(Loj_2BxaM<p9dR#EdVMHh=k
zjWZ}hp=8S-5Q`36iQAAAhQQn(%5#;Osp-iO%1Qnqp{cC@1SX0Nl4S?%1)jb^U4$J#
z?YN;d2)RC-#suoc@mfuqN&^I(Rx#!BtC$d&owO#aw%{OwQ1N;Vz8MK<ZP&!{%<w5B
zD{?T5Mull@I&z!gAe86=F-F})mP}ShqFbywtpcsU1MXB&b44k9`mKpswS&jH#dT-v
zT+8d%(%xYPfVv_W)jQD(!r@m!zEOHq6lauS!Ax6o;eF)9j)>7xnwn=?(G4cvBtNE)
zp@nLXq)&<hQ&UeXhrfd4AG~sy`A%9neE#*xmBT$9S~>jTv|KrqpUBi7E!H1@Wb2Q6
zI$D2x;&ZtiK(`D#o^LH_h*=5A{M*2CY<Pu=6ynB+3zHgI1GRIe?G-INq)yM~jOkO_
zzD_JdG}LjBhk*}c$M}U(T&W~KqU9RliE($!kOFaWU@HP<M*QNW=t6kusiN+&N|oz1
zrtwJ5%paegqCZj^##>j6BBi^~R)AuH<iiFl?9T@n%cfV`1DtilJPLKE-E6@ETJoDt
zYvQ8Y+ID-$tD4A%AH{=i-_1|tFZHX<nj>J`g0=D!54nEL={OSs7G(tlg_?CamLd(Z
zumuy?lH*wTE-x*gT|OJie?lIuE!)TjD|EeXzvcK6rF6C9?gY^{cN>d7DWphx80$?K
zAIbzUkQ+yt?uxA~)BZ{UacOxe1d-vJ?9_TqM9s*EgE1Ga>ce@KOXd-!6Xs@Y`Ip{^
zC}MW|?G7N2?Py_0q|GXF(0eV!0uyf$5;EVSl~-XF?<puHfA0Uvbo9#P6s-%i`W^(H
z8dhU!LhvJu^C`bpAS8;$lomoHn?tX`q*4GOO0}V0#2pb^R;D%^Vgw!#y^Il3lSMH1
zTSd}#WY0xlgl6AB+pfnNipB2al%zJri(!MLKi>L7S^DGaE|C6s(Jv(R$3&j=$EUtq
z>W}fc7iD>#I;=nbz}6oVd96SG0hx&)k5<#bM;QW>#1F_+PhJSOe6}&8(GgAn3r=&6
zkh>`-DL!=F1Pd){M;WEC_NbA#L`o>;1T4Y{1)9;^+#KwG(>H~C_^Vl)<b_CSN<O7w
zs?5yH%uS_%rENhiWcO`28^(P{4Y*>^5{F_bt_?e7*I83AN!F&CA~FK>KhXJUW4W$z
zBBiE<6)kPp(GtB+ULU57j8|=%(!HZ+O;j20b}`)0%TQ*fCO4%hgDM$#r6voonc?W2
z=SOIo)O6^kd6o^cHLf8NCT(bI#s(akoLWCCT<nVCtVQO!=LnZ=_@V<h>9$mc8O=#W
zd(n*6O_O+Fqe3ET@T4>9c-kdL%W>##=!WfVEk5D;USX@>!+MbC00@ceDYc5#xF^%n
zKz%V}Scnv9%Y{$Uiu8E3T1CzRI;feHz`iyaD0f4}tzOrQCF@;42g8Is)&rZTN75EK
zdH~ceQ&UJccmue$U=j7E+o~ax1H2aEjiy}lRk+?}!-Cy`<PwyB6RmNIL6QH5Hgm`~
z4?Jlm){do-5jM7Vq>p~nYw_Yz_Q+nH?|}aJl{;m6Hl=CD^T?5{)Md&4`?ln-{Jxg_
z|M`z{IZf4)YsfschfbW+B?l@7^CbS6h!aJHI(<>GBJ(HZ`b?FN5gsCr9MHDRy3jqC
z<A&eFZ#yj_E=-GZy)`>T?FPZ&F8(H9-vkYNokvMYKZdEZScGX_PbO)9xL|0FAlMR9
z5NEcF79;yH^lX$b;7>>ohX3W<Df$z-9oQRlA?bfHCb(Rj=2dQ7F-W~bAPyKY{Dppj
zTsQzxwMX9|BDp=#XWF|>%6}<J{wpxW<8{gS6`tp4wD2>jaayi#&ATGmlvI5zdu<v>
zc~m-%hI_W|A<kz`#JpVk0ImdbDEmf%Mkv)ow1y=EZG>UvTNEntL26VjO9xLX{7URv
zQgMn(aoUs;r2pu<qB>?`whc`rYpL=72nA+x$iPXLj5$AWqSbw#T#L;>c+>QU-Kj&(
zkhTGpg-He>nS>E~VN!W;w>#}_KU6xBX;fU(a1IzE$9zqxU{gdzE;hx0S~S}7mJGVE
z_sFknEmx=YYBkhjB>Ddal7F!0>3!#E<q&*0xpFx57Fs!c>}9zewX%0CQ-AoZKR#{i
zk5g~a`s4jGxm*-?4TE#a!KqMO>@^Tt#mWvTXZRm`y6}G$YjYP%_o7!V5HEs^Sh>XA
zOa^c6AGZt<84rgm7Ur0kMy7@~#IBkr>FkDS#|Diye4?ieKZ3rf2bw+>ZjkktDT>1m
zq7f!y2+HWHoKg!&tz}~%hGen-RA36oA`4Rs;6u^TQ4E-2V#}OnY0!g(X@DaN1e3Pn
zp>L!S3Jy>+D0NgON3co~Vd}x4(GFl7MM49hEX+c`8$fo8LAzCu6M$FJcv26B)e{nS
z-Ce`Yje)3lq#-KpeSJ-XXc&_5R@iqlAyO|F$UUPtKx1K=d^)(MdQ~A9CInn1irc>}
z>s=;j^(ubhZvvKnD?*K&9JTsSJZY@!Ld!ey6eJ#R%wT;E>+1%3Wj2?>SR7a39b8VV
z`9-*fAT%fzOK;io>g%SXW&0tU4k<cDELK2K(Xb>3EeDzu>a00?B;F{g`$<h&MZQz;
z>e%-x?<#~u965h0*%^h(G>84CW;r&e?PaBlv{5o!CdvPjS7b{59!vh;vnBt+qL%z(
zBbOrrwQ-}C;OZjdrowcm44hLc%&8IOH8ep)2rxuaVTu;T;Nn^39o5pfa>`z@g1!<w
z9g!pPzS9arc@jG4cK)LmFxJ|DeI`Vd5#`}ixDqNvaBEXeO8{kIhvH&hdC}xA-C4?-
zRj!7GO7}2G9tJ|cW%OtQio`7yOAH64d@SfmI!OQtFQ<a$69_`j&B2Ndxk)!|+8sKf
ziXICMpETFXR&yKcRy_42J!#Az)3^-un^AtwRg*7qfFB|J8tZB9Nm<sUfpol@&9o4a
zGLK<UnB26NDyNv_!ck%wfJ`a^7MT+*_zIFRCqrji4C`2}widA2nlYH^Q_#d<r~~vF
z!66#c8U`(`Vo4jS1#K(p>^U6@Ms`8u2(K`;0#RsFF_zI)D8<ry0vk{#z&kupmJ~DE
zuw=Iwku4oxI(4>u7VBB`9ABWO%5JN{?I!FFGDdVd0wLh^XuKgq2dJS%h;-R-oKVfW
zu%1F{j9ZaPASt_veEkfzp5#!xn1U-ZOw?6V@!NQ|`VJe_v}!eKkY-2`{5qu{F;Qqv
zAa{hy+<>?2G|esUo5QamTRuvK)D$|UQ@+yr9U;kIcvYt4-)71GJGSIM`$aAJf4q~+
z=`l{)Vi;4w3R-4<UgC5)vMEL*2_*9YwbYao!fWEEXt|DULx`1;D+N(5?RyZDa>C?_
z-g-pFzoG|aT+bZ13<IfG*^@@C7q}nWH^NV<NZ0ff&(l+*6#CH-rvlGL%!@=UgVsY|
zgE@4|D`Bej0p5iOOUiFR4Rhd%Mnra20d9#9Y9%9>Yw=`}Ygr(R!}X(pfV9GCu{$~<
z9|#(>_b+-v+6Mf<=!ip9i1~^c4icgBFnqMX3?KC?3?PMW*;<A&P~u@~iT;4kGI*Ng
z6?(OskWPcBA-#a-hw*$-h9%`3(rh9pQ@N=ol@mSEMy5H1#91{}iii}UFcqRd^Xt4^
zmf!^<OC(mCH{;JTu~6IeY|z}*50e3eXG{0O*WKU5z6{xjVDUs7BH@e@*mN=hMi>2n
z+`tOKl%uYhgv}`SucHeYDc@}MK?lYt=>iiXqf(^~3a8j@^@D<Rrl|0``IbqO@znD8
zn*)~A1e};5ooInuVc|zqNpbnX@W{Ew{25~z7AkE&7-{cnogV>3^PL3)+PHn4r(<Na
z$UF6rxUl6ip%7y~IU2L1HCKZ@XdhR&wS+dn@-C`#_J%37iz{Ql6iNQS{aB{t-(|`F
zTejrC_)}W)pX%mviCu`~TUT2~jU8gf?pzQ6mFtlipR_Ry1kWj~yv>6)!(z*Zu@z74
z662&$Y^vowtKqKJ?A@5$6z%?y`)%P^LrQT?EQor)!`qt2PmGQTOgI+LqI56+qK&qQ
z5Q?#FBnj7$rWT9|1bR?S2izG5k3%2Wl!gQrfkgy%@$zeXUZ3{t2B;R)tnUeA?IBTt
zcPzUt7u%+K0XCdqBZisV$}d(CuyqjlYQx|{1DwWNBq<1x2o`|Rcd2LEg5>}dY+itt
zufaw~(A=xb4b!?4ehoqdaJhaJ`+9X#;b`W?qj`v>{DjDpg2+E+^yO^AbtK$fxIQ7A
zcD#P8CftrglFEczcpY)!%GJw4_liycE$^cd8d(9det~JiE$;PN^H`Dj2yOMT&39Tn
zHKDE}#WC&r=78rn2R!ef+|g32>7enR-*;8(WFD{5&U3mZJ1mvty;6xVD<@c^1gHS0
zP(k=#QNy)>l9UySKo)9`^Oeo(7#op^iI;IjCjo9xV8gr<1P?lG7u(f2U0Kiz2WSAZ
zgoY}Qa@+%-Cc{rt_*CRS;iU&3!;k8QCjtY+2z|lH*mxV8d9y&qY=I*9VSLQ1mVgRs
z$7rKSHM8_q?{#mf)f!jN#yXSJKM+N-Kb@qd`!hPi1B3hGDLQP2G75jdE~&@Ec4#K2
zJxAS|`Dw=f0NFc9{tuy~S6Ip`S=HhRmi)hIOa2F6rzQVS|3~=wO|sZ`whn_kxky(S
z8;UfTdxg?{QKbP^kSbw6p*j-945)^HdYFsNp=^P<f!3@)pzAs0`@MQ$)~as6eX1>o
zx(36(+DdO$)cQ&I{my02dthz+1PfB^I9Ta4dy?fwBu<xnN|Th*h(D{l?LGchL=>wr
zzUB5Vt_R~|#Bh@S$4)TcjtqPZtQ+k6kV)F{hp~%5L#jLR(KiZU81OepD(TxnqgmIl
zfZ;}7`O5JzGNDbV5s&Vz(e~f*u_%ReYyxWV)nnb=F*zvnMLCWGzh;kYsMiT((y41Z
z%^pg&_>j8v-udQsF#afpLc`F}bUZe8VgeVpJZ}qi53TD`kdqBClD5qn=#!qEkW50l
zkop!zN&vJn$tV{oni?6Krk#0XtN<a`m4kq8z&9S=08Mwc+;!R~Dfh{ZjM1ubY@$@U
zuv?6-2gP$uzgl!*WL)X@WTU~2W_PL6Y|o?7P!EsP`YIJ4SFyoPKHB#BcoF1qj`Sp6
z7?Z(Y1s;EaopYsg2__re4v^B{sj1s|cj>ybJ1@{=-Dw3<<BvGFcFl+FK!egP;o23p
z+F%^OJBhL_4X-vo29_9;W(dDV-N43MN9+-gjj6B2VsVV7;VJy%`DpL0W7khb@tYD8
z<73B0rz+E@j*ZIOV-qw3Op0Vpgwv$B&}~U>CjMpm*W^0(YTP<a{e`z0y+_NB74f2?
zc{yogCyG69rK5SJgu)9Qcq80m%i9`n^kf^pi;a05^gt~V9HZ>*`Jq3_l>FGCfO<xs
zuqFTc*J;Ur=lifX4GUNl0g&}&*w~=$)v-(Apo1N!3-LwUt&5>ew2*HHP4_}`H-Fl~
z5IuYr(a4k+P`GDn%k^U~^t>&w4;~-q4&=_>2T{Az=nKmc_3nxL20s--G@tQ|Zs@c^
zF4LYp1d?$MtRg9}Y19T#=^xY3qUJ0_Bkc$3Tq8{44%5dI<V=wtFRg$eYsh?|l?GAE
zvRZVU1-WjK5jvi4HKit%?_OG25SLbpD0GVIsN4>Tu5qHf8w=&rH_kk9Y31~dSHD_z
zH`1(+Us`$e#$$Ic#E_%z^GyTgA;x9XG{@kf_?Xg#+mmFQQ<c{WN)&bX*c&6pt0x4a
z2PXyIIqwG8zR5+AkPhzeiPw5qqI7ysP%ottje!xO*^0WUsS*`jA*0n)dct@(1$$@r
zR%+v8@wdTyLm+t2j2x;>J<XVt_^hE=&iDY(Pdv#ID|24Mi7hs3YAQ!Y_L)rmK)vY)
zy>pFbtA>Sj6@_$fEJ$vYb52tsTQVNx-IAy>1gB$(T$5N7yMp!?QDu=l)S8sC_?39o
z>u~nZf?@>K2~*ZcG>nLq46c8Y5E!=Uby)XMmc#<d8x5}PQQz(N_$CRXL|1pqM-wPB
z2CAWz(!gp#GK1m;BG#DApf$HL9p)o%1#F=}%@VUAeJ94pFWCcMg*O2e<D?OyEUl3q
z+5C5G+>wzX^z=Ao2)*I=k{Lpee3UYTe)3OchS2-R@61{`yq@*P$87!a$VavQ_}!&k
zj$|SRN0u!13n>t#DmGy^2CfE8$YL+b0$1<QV|IE)LIF&XYGYgr%yC@89&Sz4^eV1g
zB$`_g%|b;@2?SenVWF%aqoACA=GB$cC@w@lipX%!Wc~3mnX0HPIGRQH;~^ewIJCA$
zJ8r9pom|Vb4{3aiIR=Jn2(TLhF+woX(pf(0N_|d{09-Tz<Fbm1dkYI>V?}R`5N?XZ
zR_B}B<IU(Td4rgaZm1zfx1VxhKs~8=L=P6w7Evz+3P)jT<SCe)3Lj*E%8vtZLZ<Hj
zp9qm?;s1d!`YkD&rbSUaCIMkqHiIKJNK$*q;*attyMf1ulGt<}A7ez*ZC|Ois7LN9
zq%h45*?jb9^Rc4uwjm$Q_GO$%bsz}}b05&d`$D29&luvZKw^$G6Oas$4Gpf@xaQUk
zlEuWV!ens$-X2(0@*9{n{HUfD^ZOJ{GX9oI%5h4|zIqcS%KWp<t>uo_-)cxEvdwhk
z=??NCu`cE|m8&|G6Zx9grg}7c@Yrf^06)m(+`@8-fPg&?oNOWLK1@De`9Tl_iPds6
zT^I@XN3#?3;7*mvhbZvK--@I^o|(#&{NK%z|2J&Ozp<?)|G)faxm>IQr1X)H<sh)G
ztll6WyQ)&hx45Pm%Sp=hl=mM{b?j1nDaNoCiNvY6)5>{Rvmur+P1*0s(v~UF3aW00
z*zb*1xyKZRH_1nY(v8J#qiZ;RNJyW#wDRC<#nt6Y3wejgfTHqwvA(i?X?Y<J$w=W3
zSg#jk<rMNRQR&Zxye{FG(!C#WNB7lTh<*LyJ*{TD*;}ZT(Kt${qBr9_1HAESR5q1$
z6^8|h_07QnlCK>-IA{A%b9=71<e{YL_`|MyqqQe>Vjxz%8sZzh69>kgYLwbM0K}l2
zVUhSC9A^iHie9=0hA>YsXygE(4M}cSUFl=OR_t4aPd9b+KoV@?D&k7;D%~OySFavD
zcq?2N5z<jm3Fm_Yi1+!$13-2F!n;zqSXe1sIWX<1_XYq(lK-2|WlH|<VafmNw&Zv3
z)sp{}I8sI)vT`V)v_jdl6zQb3;(2H9z~ftKZ{f88!%G9~AUI!H7i)U~;<sF?xj&F5
zW*cs+OP*{FenYAD`a#KS_BH~3dqZ9+0z=u-d<3z7+9QY@04l*iA#T`VGTO-61zB*i
zCZ4QiIYMg~^DpFBW72#+aN86<t>zc0Caf&eiasWF@x=7H)9S%_vF5t)F^0vr^$2}8
z@cMogMG2KkXE2*J38PGlk`Sich$`@rYQ^{n7CBJ61*(!}JQ6+|$BC?eXY|K@0$H+~
z>oF)~S;&-WXIyU%mAbL#6aEhU9FSOHpjhGawrka-><SKzfMUmav!XY}^Np(BW)W{{
zLAM9w>$bxI>EVZPbKM8de3~p{x1<Rfl0L+yi#m(~lcDBG+f`@>2_xO~`9Fht=3GSj
zxXRGU3qm(}_48tpeo=}7#TIpS^D`v}6V%m^qv<T#lC!R9i!g^5h<fcw<wU^{(Rifa
z(j9;ZTFu1}&J?<1HY1x%TUA8Vs6zrHjsBMaqYWY`{z+?aQyLy*@P#ZJHW*qZxSL-z
zzYW*8ab{Hs`(#RC!{>O*8So2OFFQkmYPMF#E|sq9A$fzXQjLKNxGdy#ffN)VB)`bl
zR{7b1P?O|8_h6>ve-lgokJ^&|`ZHScf7b}SJxozFQvucIcQ-*l*yAPzVK{c0rHAD`
zVi|rY6);JWTs(c#+YPB?<P5EX1%-{gPFT!ex@O>P^0%8+mp5OaJR4NE6vEs}9&rqc
z2rcBXD2&>(BmtmBgiedekaUQA*#{)EbQbb8G(CTQ{?dG{k_Y3pVboI;6r<#<D6Cvj
zD3uHTYwAlh0h@iJ<89CZ1*!$F-@`uKgS2sN{Q{!V>h&hp9>aHUz3Lt4RV<*Leyg`p
z_xT)z5PmG+;P5&K5QADmQTknI%c$i2@Z-`=LZ-J=U3)!2$U7ejIJ+}ByH0?a%IoQG
zno|qf2sM|IG`ea)Bz#Doxi}H8ws^+WAvV3OF`Z%&OFH6ANxcwJ;Td^E0T=+}#?Q*#
z+Bk!PVyn=&aCP%D`9;~5p@q;M9dKZPq)3`2e_Cs17lM*`c~}~SbU~Be;~{2D#9+)a
z167eFRy|n8>UXxh{NnxInUZ`Y0_#jEfjwLT&xem-Bu&%=*Pcn@tWu;o?CFT6Cj2Bn
z@F@|1kaQ^P%(x{1`v^h;Dv1SAJUB%10}6%jEuDpB;s~Wu>wPMd8ua>*0KK3D3CtH@
zHOea_>@cMOQ^B03mrP;r;Iu<zPv#ft*hAE`hGt%__2p@X7&+->rRLIFf~!DToJtZ?
zL!tYCB>&qV%9Q+XX375%Tk?0`rX~NU|0b8~D3f>}Xjm=a*cQ$#gML6!t9FUM(7_q-
zKw;-)kxpun5blX9T<u|>R@GTBdUUL47nO#Eay{7FygSA712D8NrHAtSoDaVf{#En)
zBA=!)sB@Y-D<W3MPN#}!h*(02?R^`l??IWVr3AeU!&E#1UKMm)r4Mmib@y+i?Oex@
zjCL;b1<q`}+(em;VE;Buf(((AUwnvm^T3-|TE`k7h!01LrMBn0yh(uhM9C_$x!BoP
zK#m9MeZeyZ(IOpWm+^v#@r`zxCHRXTz6aJ|tJ#GEFk%NK6cl%8W<7VoWL9K#QiX7X
zTWvNCxipQn2q$3mt+=@XRDinSHuT*RvbE``pweb@3*|F4byrcOyWOmUju6hqNvIb7
z)4EEvQ!SHp-zLl%%w&>8|HQXd$4BJWprLbo!NPZn!Ja|<nXgip9d`$YSh3#&>0&dj
zWzS*W+|t^GB^(gJ>+3jUt?}i|F3<z^y8Dj5XN>9+Uun7)DW@XDn2}1@08*C-Fs5)2
z1`@YrLKI}~RsITJJyaRe9l$L^bmI3A5h!%4<>?}Q3edP8M+S1A8*T@PVD(aRSDn4m
zLrr&Qt=C41NVVREEkKqqWsHz>1zH5>HgTNz2R1S#|M#=x|5aP^Z(q=o|4Z=pl+YXe
z+d~W`3tz!D;Kfd&8k`8m=b{sIVffQvsE{P?niC2giit@VF{T*N3>_Ltse(r?UXtQq
zfN)8dE%!fQ$`<7Fw>wQzxBNlegH_*Yae<_EjYk3tf=vK9lJvzc2%ktCiAK~I9d{PC
zw-f{(GzqPPOuQthRVm0ScHL@K0&aE@hmtDyy0^(Eg%G-<W$pvsrr<MQhH0DlGX|z)
zf;K>xW+d=%j*L{g0#_29iFNpv`<o~vTBG5k{wRos+Qv23XlwfFP|Yjd3O5KHfJY6<
zPxE4#tBSU;BgFOhYYGX>ZqEzR3&WP`U&By{oIv|E!Qwdujcu1hhK*)dEpCI-byV!`
zcsnv6^#Hz<uDTGG;&S+CW@jW@u~8~A2-xu2Km<#vr%TN`(2BF^ma$E#*~)B85my=k
z_-?-g+N9aJsy-gJsUFEoWgv1GE@5sAqWU!byh4U1s7CRWv^Wu$?8pG>&{AetLne*?
zwKXGQ0E!MIXs*4^6f||Gisd-g%TB$HmM+MzB}n~xoiMKDjB=@w&3~+sDf!>RlK)q1
z$^Ya(YRT_@8oL4_caNfhG*lnl6xxqO8c=|WX*WUj^(L>e&Z>|5y=`cruo)A5lBdq<
za3oCB%ocCKGOG8SNFGO%w!S3JyW4Kd>yp0C>>Ow}kO8k}ALbHbYRVnI-@6d|kqF2y
zLf%`1pT<y!wU=y2yUre+C<97`@xW)xtVy@szWp1+?Rv;2*rPV+!+r*v4Zx1)qpEM+
z#oG_#qab+~!&bUkF)YJd9H=?nBs26pfZr*-Lpn2f-9qk($kAZ4eS8^)bsUX?_OL0}
zLShajy;8k1emP_Tiu3y0GD0Ssm3j2a0$ZxJn?XRbTu>rES!=9nNeaghmu|%<hK(;f
z4)Sg|+QBRHLp6s)ZAwRxjK3<s9I7Fhr&tLy4wcV9rI3K3qdS>R4>LVDti#8KIkt?~
zkgrthW7DRiJrWPmdVF9XB>6w+y&xku^z)n>I+Kzc`i2isZs=2gCv!vJGkaH7Zs=QC
zfBdqoKi=>Gtv{YZ_3D&}PB_KV69h$ne7ouQ`mjt$|I<o<zlou>zt$9C%kZVqNv&|-
z6EzpQ$l3)l%gKKjJ9*e>gW|+#yM`lS&@y9KdBC#*_SB*v1ZSWaFlB(;22Lx5LwF+{
z<!X@rL#(0Tc2Hs>(=h@MCfn$cR3sd<xlYoFosAGJ?EAErJcwXmnObe&Eo>FykA%p5
z-a=pyixJAS$}gVRpHtskTQ}_<KDS14oI~ma`(!u=3sdW`)tczn7NAbA0rMXCz`INO
zv)Qklg+pK+i57%{d*Is%8mBMb&5cUTshNfITKb_;EO&Am2V=80JB*QrVOd3Dd`JvM
zd38wz8NUjjSEpGSQ7!gttII0Y4hv>Sd)SunL7qO1Fm_85W(rfPCIZ^VKUZq{&f^%_
z8LAe-356+daAsnF)1hhI%CBK?_>nJDP?-*P%41V~Zy~>e2C;~zU=4CVz>fjaTWJ&h
zW*_?vQ0J45BLl0_`Uf>ydJVCJgh!k?(Lt#pMJv$$NC3yqggzHkj@DdxS=D7Bk5d*f
zM6LpZgOjIbkt|130-(aE0HsbOLV?L6AP9Ut2V72(t7|B{$3qB-!yq`C&S?mVcV#4E
zjrYD`Zs;gR9CI;2+2I%+OhQ6RG?5fc*R&yzhTs%|S)IH<$K}eOI8f$(M}uC@G^Sva
zz`d-s76<1M!k?mOh5RA?v9_Ek`Tq?|{$I2u|MzWb$^V%@&gDX)m3!z67|3qXqf$HW
z<gr`kGwk(I4j$<u-UwYh$ykeujHm&S)KafT@90lTvgyH^{m2zup)P$lp$8`B(HYp6
zvIoh7S+7U7zFMGJuZ7}4f)U~>KGHav5HWNSHwmW-v>fJs=p&e{+tj|0u}BWI;?Vo3
z;?X=xFQK%HdO<*JsAr-|ML1_;7EjpA!0cdC=O#vsY$z#Wse2jeB%p5z6fT4o1BDBS
zkxwx+a`TJVu<-Zk+C81kpnEzpYvp%jBR~uBQb2-qRNz&nBTV54yhH>;PObzZqDBrA
z9wCx=MveIz#@dvY%7Ddy1X!;K<TtqG<OjVrI9g1WXCh20)kE{?gbNg7w#jAOhYGqG
z&GXIMHpS(s1YqRR8xa4viQwPSb3u7B6^0}yV5b2sNvd_I+Xls0qzmjkvJFWHq%bH+
z{#UPOO8y^a$^T(n^8esVwB-N7B|7W!*4VsUNepm6Z1XlCH`%utQHurXB@gsG`8y2P
zD<0{|-(;xBPb3#_gWRE#m8MuEjwhh)0Q}B<uqzGWNIVlrxC#njDg`4y!tb1hTdA#J
zO@$ePbR|+jT!&SJ2MEG~L}<+GY_S_;o)m%n3QeP|ns^y9a~x_IdUZz@4QwSk5-jo&
z-{&mMv3~9>OqTPD>)2Q@StigYLd%FCydC{btNy0BKgLO<mm`By;w;qgTJVQ)Ds2IM
z1*mo+9K&^*2zVMny8!__Nj)Tz)5Oay3WmuP>6;O-K3bJDdoqQ|V#$wYqT|u_UWxT?
zPn4kzl~4O7ne}NLJV-K=<R5t~Q}Vx!CI5$P$^W)bXvzP7ejt}asg3<D%8F?xDeZ1h
z-DEhLHnO1MF;L#GQky?1pO_4--@MF^+|(YjgN%4cSYrx*Ul!5OYOoc&6y3ggjv}MC
z5!iClR3|-fOA#B%(K>@gemi<Jmrq691=Behpx0vaHguh2EkfGBL=28++|<bsN6Y4M
zO|CRx#sn%dqueaT1o)`4kse-KTPn{MyEUvv;n$g!v$u?Tfbx@On-oh>YAsTo(DnQ!
z(rsUEg<mN@#~MHEFh%7Xh=Q}mSeb_!Kju}?md{s;-Y3c5zn&@i-@%gqgSO;<=j*lP
z|C16Vf4E^NjaY{X#UCvvolF;nX$cH$iKb_;+>A0<ju<?{WQV*9(*q=}NbbBx{<1QO
zj?$YlZOhzP;L-|i9=+6^j_Flx>nBrVv>Q%hBbE(yw6ijW(-YDbAW5Jol)$N4H=i?r
zo@2F0hYqCSLdAGvTa$SI(amW8(b3LJIXN#WX$_J<oG;g^TT$@A^6w<fNXn2O!c4q4
z{*;!H%9w8I3!(S-5KC{8{686FO8y^Z$^Y}V<bU_1mi%{J&*fqj$TMhW&;q_vd9L-j
z?(k6h+;;PSrK$7b6tNQaGE|}bf--d(nbJou?N1#{n8;lip3mX=I4cZV!49{cn>IYl
z<fGp=r|u{<?jZf5WUABZHXL}nU=GL+I0B*S%dCZ^!t11nfNNWRSVIgW)o{Nx1WhI#
zph;OPAy|b&4yz62L<~a$OX0So&TW9NVi*o&ISo#HILetz(Lm{$eG)SvF4mXig;=uR
z(b9BEw8TuIi|65iy-D(a!&8}(|D7!PKVVD#AOA}&`9Jynxg0NcjxM?vcl(p81^)J4
zdy5XOP2KUk3V#aH{Ax;q$wX#}akc;9Hc(*7BHeIbh2ASuv{?D3623tWI<45hqFn5i
z$>&-_>kbc~p>3DD`OW-nC4ZO|A*Q3aIWOH+fP#{7C^;j#OVNZxR<sUM(4$dw0s)W)
zGJoKDK|$fg2XT)xEwqB=xi*p^5S2s5s!{p@4@4Or^o3GA&A<k(G-gthF_9xfvRS3v
zhE(bJ2neE{05S{jLoKb!G&Z*DREe&SH^e6Lxo(ICrQ*%&e8cnH81{287XlY+LqAJn
z#h_;l&j`k$sGNVv^G?E?7kSGZBt(oo?8D%s*4%3Lu+FBv3L!T9$*5X`_At&1Qeb<$
zflKGa(FqyhXGEfrq(j@S<WAoqU)UcJ)|PQ1qyn~5qo018ioapAJbK3Y*0lcx=azI)
zhybJMNl3%!FK-;CL@ONrK?jS-Y$_#;&Xh><f9{Q$lK)*S`QL9#{-1f5mi*qEb2;9*
zZY)C*WO@V>hB2eyA9lV{x?ebB68R<dD;zZ`fQXPWF?+(<^yzRII7mH23}t4SvyF`|
zbpDB)y?q`!^o(7Wpo?=1J7%EOqUqa4&YS3S&6P^o1`Hea<c(KOPT*WbBV#7ylo-(u
z#;~1RlogykOjMKw9Q}u!y^Sz~S7x|!DKf&^1mzMPJi^Oun{B$aro)YjtDe`E^AUxf
zZLw|^XD|i0CF50Pod}oalO*b82HuduUOp_vJyo-lYMxT;mN}6xMc5<J-;{JI!e6xe
zK`(GYq7j3U*pI$tDj)@uwn$JFFA{Mm#OCahj9<gn&{|M+x~O?(H5?{<rZh9VLAjwD
z<*5y1h=QEkD3?eHo_tu~LcTI<Bwx-<sl?CJE@fJ#IUw7OVZnq7k73e)(p0I94%W#j
zV~I9EQr$oztoblG!BjmXX<daZ8B2t)GYf4t)bG$4kMbvF>dkS-r+k2#*LH^*BQp<*
zqY)+Ew@gI10WHtQ8~gd+@WPB;0lzs$6{G*vr;-(;f9^rr6|lN4cLf~3e<W*Hz|*Wh
z-e>ENpL<a2kNaPl%Tduh<ZG1Y3gxLnWsdSTaA2~%yWch$tVyxHzyu1ZCsLXrni<(7
zjx3W6RUZOUpvKlHZ3bO+t747sq3kMZq3wXNDLX!SmB_~G2Zl;FW}ca#MpB1>8tx9+
zd<P$%v(pT!;YQU^F+PlhFdRsTIv&_cMKvX;`W`k%C9mF|q1g<=`xFiQ4YFj1Cvl6c
zWI7P4Gx*-lp(tzcbPYKvko6S^`!5&mSyr|+80*WBglN8F&to`+w#19bHtCu^jB#K}
zIIV2&bNV$Y-Q4X?Pk!REejBKpBfrXHW}@%5P()eg1?3Fpn#~K9JeFy@J=899Ie+Gm
zmW&DPWz+^~us}X?Xpw=&&~g`X^N6=Pkfa%8Cq>tdPsWY|I>#Z}aYFjzO;<A||GQc8
zzt@)hzi@|^{6BDxazg<R7z1lbY<{V!EfDBQ=p88G?g!H}Ge9X|iXvi+GnbjHsauqL
zTGV<XvW70ZE{<qK2}drnLn}H>$-M7HnKjd=P9mhC_LNkhtK^25<nEV}?x5EIDM`~v
zH>m8EM34GD?~xgJmyXbsKc-kdV;I7z{DiYlGlDS(Mot_&3l{CIiU`T_vzXI2IqdZ5
zTwAS}?|HoM^-f>(cEpO<^7wR3wV_Df8Fv0OGI?WD$~<oEU^f@6<et|l8FQ)Ta9=3o
zhNpcWyDgJ?aFp!_=RUI>&9}*|yp2swhk4!HRb`%HsOZ~#l-6RrEo;iJp=uQTAGBAF
z_f#44Oo9Z5Dfn8Bv^?Y<Bgq)%<pd5~##?fJY2O%%K?t{3Er#-iB#|NQ%ynYrq}*U7
zgh{LeAD@*qWoOMJtK~`O=Bd(p&z7b?bl;fLJ8lrm=@sCoFwP9d&ccpzz}fq==#1cf
ze^Qng@M0CJT$40HAtAwDTw0@K`X|YMaU)am-(<=EQ?}&)<qvDg|Hap#l0+NwD3oL*
z&m!WXZ}el%hgU`AW7HnBUIEH%Pa@ulnfB-g`vzMvzfoudUzWF(Zzk6I$cTNLrYf2)
zhA?jPCw!a8j<Z1?62dNaKw`Z{HG51Q#e>nFq=HzLPk}Cc%R@l0ja>ACE;%_l=wT(m
z<K}R9!d4NrAy|uD8zVU9Ks!PcxYIXCW*n|}Y;%_d4>K?j?y^YqAKoDV7$NFE&drZ5
z*rg-+x^2+{S^Mz>j%$W%)})QwL(Pd=9C})=>20xlC~QIX&9FVz1_%R7dnm#KJ|!__
z^A}LHA2r7zq`h?kypx+v9Pm}*I0E~{vH%BFU4rQ5Ex@IVvI>BSTR<ASZ|WsEqBEO*
zq*LW3nY}k}uC!^)F@X^d0BK%U^*P!NAIgmo$$(Y13mycod8pJC1NE%u-AHA@p}Vfa
z@qmg-s9)f0I;bEg<C_|Ts(a0DSjEf75`c^>$!HG)BT=GorR_EObs$5K<bQrUQ}Vxu
zCI3&@lK&&uwdDWU6Vm2a{qD<FQf%8JxjmePNElTYqnb)cSq%dW;e-QsveMW&`2;fl
zVpooUd1$$^gOh{U6XkD3V((#hw*&J<Mi6Xt0F~BV0)vU)imJu*R{U$62_yt65oL<}
zXd8MByU}-o68;(9eocu~<@=hyiFg#_X07W~lUgb5Ap>TcdF*cqhB23SVR;QW%-w!l
zR%6kSQQaL06y{i5mQN(`I1(?<Bgs_$9|I+h!I<-x%M;rf;CRBK_n3dg3|K%a4KPL1
zY)fn-fn5|Wg7Nk~mL#Uzh-V{uwkHd<DzB(h^}Qg#T9{2|Gk(3qcX*i`?q0O5QC`lQ
z&Yl*^$@w^~0AAfe=OZA9*%|AJ>xguqsExEq$uD`1Y8-6#gCc2cGfu+jG39JDAXFQQ
zcs2%YQ5+tGjJ5M%bQv^bIuR<T;5P`J2y+OO$Q3{879;XU8$^{`A>J|_m4ahM@BoI%
z3nF$bSc=Y8g-TfNyFS?G0h0W8?_^5;pJ2)V9$WJN#<yz8|CwWSro8-#&_ceSkXXi~
zXE11Mk{OFlvE{Qjc|VRPTHRS?ezY90S)NiHscMW`R>}N1%T$faMYGee><up__wSA}
zKQ`x3^MyGF{v@0hVwB5?(>S#7KFEm!7r=90AbX2TY*TeiI(iM1!pRFY7whF#z`-A@
zZnDi<G3`n)n4C9AE`>{E5=Ia%ST)2%5(zXEoi~n2cLRHZ2Z}uVXciX73<uS)Pad#t
z&#`nb-p|Ldi*sws+FCp7?TWK>ib^00!JDE!^{@$Z>gA$H+Obg~eH>V^f!v<ynUkl=
zCnw8uC+B8oD^s(lX6HAasQZuaJb?mqar5v@qU^l{<Ot3UKtuZcinOy0s=HzN{{4X#
zmWV;anJs(uu;~j|uCAP)uOO``)`B|KK&c@<q@X}&>%h~NCwh&Ybui4y28jX34l7W7
z8D|=#5Kz-?)zqna21!H`i!SN|4pf8CZv~WA4bM0T9B3du5d@A-I{P5?!~<?9dFlao
zYIO&h8Hq>)>1kOcSX5f<LvY2<df>+NR4HhUgD^Fi*q==*N1l1HwF;>b&fgYE{y%#|
zrsV%Ami#wu$^XgUW6A%r!p%2b$>o^+@<OPiHgPhOJaaRNX(6r!u8{m{p@A)`v;iUu
zE_TF4+OWxkNaso54BsJ!ji(2J2K#j&T-FU*M#Waku_G-Q&S6fhq?AFJVb#+0pd<xe
zNs6EXWDZWLL}Fn{ma#Q8CJ2H&qUo}485tks`(zj-!mNdHOb_6RP~;LSRriF^n7qZX
z=_=QWg9%xPKYf&k_$atdr6jvcp5;T2W=bu2lFv4B0&%PlmfGP-KQY0T-3p8XKFvq9
zV;uK$pl0Y)AJv3Bvgbf=)4@K6e_J2uqfrq*_vb*MB+m3Xl2*yc35S?+_Ro+YDp+u?
zk9pir%FFiJjHzyr;)W2u<r9Bo2Q1a}I*q?16ePt=Lsn$XHKd*dH_MZ)q@I$BQlUd*
zgCzggf6quphR|ESkurqd{ujv%q2GNoWe62tAv1(}Z_U&n?`8e*Zd-r+?wj?>A$Mmk
zhogp+`qF}jMr$5VB+alSLgKTzpYp~5MMElYtmg+9Z^LVBt-I80s4+?rpQ)}qTT3hb
z8Xv5wOyPY<QIqKa>}MmS_rAY&m+(M?4gh8-jTzTWq-W!vmVrwN=_@hxw5hI0cSJi`
z8UI+C+h@+<OwZ6cSlwzC;MbmnYJR-m^!Fx<xDp*W*Tse?TR9FA8bino>qNgnM}<Lf
z>~B}syXyQf`;@>G>eydK;QVIVa5EHlhW%nmx{DKVwt9_){A@XHXYFHL56zzgxN}(E
zq~}zoDOJe8p^HXJ=vg19dj&;RT}MP&oYKg!%|4<}vWRTcjAcCiXZr1|FG;$N(Ruvq
z0HPmyX-<ciBW6v$6WV%W$B#@K%ZiOt8CQYL1t_v;6FcdTkGvyO^1qKI|I@bQ|DW?(
z@~{3S>V`(eLDTlb5C-GXIl6?TYYq{izM5Iflpe>=5RKAPaM#9tET$L02{#)$g(uh<
zfOAB+q-~&%eL+PP&y(?25P{|WWjNCNu&di4mtG#+#hx3nD))VG3}^TzEwHoqmC`w#
zf_9T4kQi81#TCdIkel6Pm3<$srL@u^2nOyP?367tEF%$SNPh;zcEr;qV!gy{*{=;C
zy2uet%#`q~rxZ>O`n-2X($AXw!tszp6E1;fVK|G3jqZ;xDS}39OMN0h(r_UO_fVZ&
zMCIvTqrlW$co+w`q4Xrx;+EGH<LK+Rp?|ect3c;JguAxF(;$v`u<LHM(eV%!Mq+jJ
znWvYWyRp!-$v(!ssCw~qkd)!Lwbt&Kk0im;#pr}gIaw)`Z7Cooefy=DnnA0B6pdB|
zB>8*q&XoM`XUYFATk?PAueIc#{OMc{3I+LACf5xiwvUW0DP6%w86esp$cGQDL>C6J
z=MeBo#>txaSjWfZsgnhxdwBLaZA%!}BuELFb@1+%Vd{8$bPP>?G5S1^4=tY&k=TAp
zGd{cr5nHCTW!ejyC2O)!#>c|Q6T!@bVFvSZR%3Ah*BqRS1@@J{4-aI#-SBt_d7P#?
z$Ax1)8Dha`#fmt|lVy@3B26p|B^BgMn%qZ|3tI}fQ_Iw0HJnW1P{*Ul6b5C!Bu%p;
zVIiZ#P^W>&hEr-;v|%-jBn_p-WJ(AQRFF9#(ooYE56zioXDaIsnn30&a-;ib5cU4;
zCKHoH1WEoszBZb*AM67x`QK?v{?EQgOa8z96yn5j3O$$#LgFl9kcpN4FjoHn^+Bf#
zB1}xkcMiXxNNF4_mBQ@Up6zZTYmDQ#;4(fufUn?0Os~%y6iu|V+)dN}iHC?}Qj|ml
z#c`w=Ba7!OOcrdi#YW{bZhLXO>a}T~XyAFB6K6`eLiCqtoFFh`#RL|9vN{wCBCl*>
zoHM)AywU6uj_Jh95`8NnVPk_5B5>LRT=E-H1|v4A>8A$*L%k=U%pAUgWe;xr{-%th
zGyWg(`s=tL&NUny8L5t$q2`UBG*OGu4?;PF>Ga}i!|QnvhWHo<6tC{T^yTge!AU|g
z$3Vv&ZFF1C-Uii^xUai#esa2eYH8|xW$Enl-0aC&P#7f(Sm$~fL(AyKv{`WgPGO~R
zg$}`ypZExzbi7EqNP=y)$JzQ`9Z@7~2SuwZl>b60GPpvU6$gq|G@Gz|X$%ZX8i~@=
z_IQ)iVcw73&H9>RamT4Lg+mUfX`R}!(aOo`Q^!WZui-hwwg#Yc5u$q%g-4)=N%G(K
z&}c@q;1g#lTCnzu$!NjnAEIc%OL0~JwQ|QsrvCVO)*nA=>yOVrr1i(ke=V2OBE_U7
ztXa~Jn>w78NM}z(STr$w{C*ETb#UH0mY30ILiCY$wSs~lbQbV7C3_oRZcArZ>h)%o
zI#M5QODB<lFI+-42vyE#;(X%hvWPA-?e1d)4W6fgtLij)l@uo_Y)zN4m(J3T(SjtD
z8n$^8`!;B?eUdGl!|zB6n!749lap7FZ;1?JeZ_BXHG26GLn+;2N@<GYYdGm{iKaAT
z3HrH+jUuIZb0KyS>cqKaYR!UtuO904Amg;*)V!U_qyPuCdOTjyge%+gFO=yIpGt-T
zM~E|L9(fk3r#{xrAlMo!DRLRyhi(@tlT)WEr)Fnn<~o(>$tk3Tl`C@_Q|0nx`BY_g
zV`g^lq+K>+uADd4)M}UE60APj9SgOGGj9=Y;e65fRWtfWyb)r+$OMmXn92{2QjQEr
zUr4NH>MS4jMrzjDHex!MqNl=75;~InpYSpz{|8y}zr&XNe?6)t|III`y#-OWluRf^
z+`vWXoJhJ5c&%p5&YRlY3nM*9m{T#IrIx!Jl>jM-%gf=n5O5l(nc#zQM)%n6)1?~5
zRN7X-Ygm1+J9G*ur8?8p_8LA)1E~Y=>hO$WZ>tJ11ypj1p1F)C+)lIKrW`qxY;bzm
z6i{<~9N>n75huhN^4t5tjXiPYVo}Q(2Gg>7BFl122USGB6^AZvmJClSD2h*KY<m4b
zFgx&aKLkgbVIis@He)vVK|0bCw#KP;;UrN}tTFD}uouUOP&2@=q_-`G2Rc2UlZ5<1
zhIP7djGhj0Jd6ya6vja!FlvZ}q3&U@%$qKsEYHlT=j`3@BO|&*5Xm|v;nb5#vgvPM
zp%N_;(2-<4n9wm~&JxN&c%40PE|)I@t0)l^5^6%qgm<E8IRHn8+@)txT0)`dQ<p<H
zL{}|R4UM9fQmTK&!6^-E?!3mzF=`TvQ(uh9o=EcF+09xx+_gz7hnN1l<jUc1f0b4a
zU-Rd3<?y+^O#Sg8)*o-P^~c}-s@5N0d|xhiWy~CHgx;9Q!dKJK8&Xst5HC-3W&ad;
zPibciQaF1^O2uNq)RQuGlU9NEH@Bf9*z08ORR;|iahS0!e#%lVDfh8uq(xyB2E%?h
z{<O>6tz*xiPxe%-!3e=loj{g66g^LxSNF8}<XfmJwTH*^kv>CviCA|bQ>0ZZ;sji3
zgEx|nha^Mxp+2Y#V{v<7xuOy(HEz2luS05F4zq;4q3#w6LYJ=5*^c)kf0@tKxv$f2
zFI38?2y#DOA+Y#9qOg1<pirSdVMJL^031_?Gi${V>lSL*CDL;f$cWr#M+|;+(yq+>
zmHU3E076M&KtfdPQnoxBgXbAU9H84np^B&q+oVyhWa<=U;airWlq50wrHg5oqLm1d
zn_GZ=`(;Cki3{Xk5rU+aVPs(X$*yAkAK_wd(%5xXNk>L<+=(l(3-(v@oAEjN7=8*r
zSd7d$ICalMkxLo-G-xp&uX$nLqXQ^p<%vnVwgglYWk-_0ku4YC-Sy}+J{&SPcvl{z
zHQf*SV*tQrGSK9#?RF29VxBGWFq(T$)$8t^#?gG`xrvNDdEY6PJE+wOd2-Q#E4nf>
zEglw?NjeT1we0$?_)gj)Nc!Vvzh^Y}rRV4PU+$$}y!6CO?ygro@*eTR+;Z;ufA!3V
zN%Ft;jke_f2cISX%L_O6rgAynXgI-}@5J;Jjx9suCo9v1$+^kGm5VD^w9XIFfoap`
zeQb2=4HRYVlB*KGsmKWzDyfOhJ)C(MbNBoDsB4{6X!$zM;n@0q2lXp>D?D*-G0}qQ
z<U*0xeormY=p)1~K%i`Cepl(UA%<{{s;g9cnVlgIM;^(hIt))^rM|dO*1-LGu~(6C
zBwIT0n}%N~iK__#{S!yHiLMwJ>sVh&-xjSIR-$;nuv0gR1|CD5J%|`=9ih*)Q9cVl
zP*G8exm;aa6F5h##*3v}>S7jYB3(^TT>l2iik!p%ObcBES_FGIP_GRwZXVCfvL9s&
zLwX-T<STUnBTh6NQnYYSpo%VZJ^X_KNnWNqW&zr7-NC3x8~g6#ee5ZwwHd@TIZ2Ua
zCeth?WI>;Ukz6=`uTf5*IF+kWM3O7~6n&8UW)e;wm4oeId*~i&WCt9J>!Sn&9b_Nq
z9C1pVFI`6+VcCkg4<~zH&*CWd(W9C@1;DN?6=qIC;!GB1@~1~-AM3tTz2W-fCr-ma
zQCoYoQa)4K^lE!Bp-Oau@8Yr1^0Colqa+5u<&9Zp^e?TE8D0D7q#6BB(_}_JuOrRq
zE8myZ%47FYD<An!sjd8Tw9=NXRIYqY?o18|ocI?P$+_`oevw4->RDSP|I;)?^0%zM
TxN!4RznRNjy7ZEJa=HHtmp=5l

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/http/100-continue.bro b/testing/btest/scripts/base/protocols/http/100-continue.bro
new file mode 100644
index 0000000000..7b7b5bde89
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/http/100-continue.bro
@@ -0,0 +1,12 @@
+# This tests that the HTTP analyzer does not generate an unmatched_HTTP_reply
+# weird as a result of seeing both a 1xx response and the real response to
+# a given request.  The http scripts should also be able log such replies
+# in a way that correlates the final response with the request.
+#
+# @TEST-EXEC: bro -r $TRACES/http-100-continue.trace %INPUT
+# @TEST-EXEC: grep -q unmatched_HTTP_reply weird.log && exit 1 || exit 0
+# @TEST-EXEC: btest-diff http.log
+
+# The base analysis scripts are loaded by default.
+#@load base/protocols/http
+

From a71ab223c4d0801a47ca2f667bb56e673f7fd1e2 Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@ncsa.illinois.edu>
Date: Tue, 27 Sep 2011 12:41:30 -0500
Subject: [PATCH 3/5] Various unit test cleanup.

Updated README and collected coverage-related tests in a common dir.

There are still coverage failures resulting from either the following
scripts not being @load'd in the default bro mode:

base/frameworks/time-machine/notice.bro
base/protocols/http/partial-content.bro
base/protocols/rpc/main.bro

Or the following result in errors when @load'd:

policy/protocols/conn/scan.bro
policy/hot.conn.bro

If these are all scripts-in-progress, can we move them all to live
outside the main scripts/ directory until they're ready?
---
 doc/scripts/DocSourcesList.cmake              |   3 +
 scripts/base/frameworks/logging/__load__.bro  |   2 +-
 .../logging/postprocessors/__load__.bro       |   1 +
 scripts/base/frameworks/notice/__load__.bro   |   2 +-
 .../policy/protocols/ssl/expiring-certs.bro   |   3 +-
 .../protocols/ssl/extract-certs-pem.bro       |   3 +-
 scripts/test-all-policy.bro                   |   2 +
 .../canonified_loaded_scripts.log             |   2 +
 .../unique_errors                             |   0
 .../canonified_loaded_scripts.log             |   2 +
 .../coverage.init-default/missing_loads       |   6 +
 testing/btest/README                          | 142 ++++++++----------
 testing/btest/btest.cfg                       |   2 +-
 .../bare-load-baseline.test}                  |   6 +-
 .../bare-mode-errors.test}                    |   9 +-
 .../default-load-baseline.test}               |   6 +-
 .../{doc/coverage.test => coverage/doc.test}  |   4 +-
 .../init-default.test}                        |  11 +-
 .../test-all-policy.test}                     |   8 +-
 19 files changed, 119 insertions(+), 95 deletions(-)
 create mode 100644 scripts/base/frameworks/logging/postprocessors/__load__.bro
 rename testing/btest/Baseline/{scripts.policy.misc.bare-loaded-scripts => coverage.bare-load-baseline}/canonified_loaded_scripts.log (80%)
 rename testing/btest/Baseline/{scripts.bare-mode-coverage => coverage.bare-mode-errors}/unique_errors (100%)
 rename testing/btest/Baseline/{scripts.policy.misc.default-loaded-scripts => coverage.default-load-baseline}/canonified_loaded_scripts.log (96%)
 create mode 100644 testing/btest/Baseline/coverage.init-default/missing_loads
 rename testing/btest/{scripts/policy/misc/bare-loaded-scripts.test => coverage/bare-load-baseline.test} (68%)
 rename testing/btest/{scripts/bare-mode-coverage.test => coverage/bare-mode-errors.test} (60%)
 rename testing/btest/{scripts/policy/misc/default-loaded-scripts.test => coverage/default-load-baseline.test} (70%)
 rename testing/btest/{doc/coverage.test => coverage/doc.test} (63%)
 rename testing/btest/{scripts/base/init-default-coverage.bro => coverage/init-default.test} (55%)
 rename testing/btest/{scripts/test-all-policy-coverage.bro => coverage/test-all-policy.test} (54%)

diff --git a/doc/scripts/DocSourcesList.cmake b/doc/scripts/DocSourcesList.cmake
index f7eff580c6..7887a69f7d 100644
--- a/doc/scripts/DocSourcesList.cmake
+++ b/doc/scripts/DocSourcesList.cmake
@@ -42,6 +42,7 @@ rest_target(${psd} base/frameworks/notice/actions/add-geodata.bro)
 rest_target(${psd} base/frameworks/notice/actions/drop.bro)
 rest_target(${psd} base/frameworks/notice/actions/email_admin.bro)
 rest_target(${psd} base/frameworks/notice/actions/page.bro)
+rest_target(${psd} base/frameworks/notice/cluster.bro)
 rest_target(${psd} base/frameworks/notice/extend-email/hostnames.bro)
 rest_target(${psd} base/frameworks/notice/main.bro)
 rest_target(${psd} base/frameworks/notice/weird.bro)
@@ -125,6 +126,8 @@ rest_target(${psd} policy/protocols/ssh/detect-bruteforcing.bro)
 rest_target(${psd} policy/protocols/ssh/geo-data.bro)
 rest_target(${psd} policy/protocols/ssh/interesting-hostnames.bro)
 rest_target(${psd} policy/protocols/ssh/software.bro)
+rest_target(${psd} policy/protocols/ssl/expiring-certs.bro)
+rest_target(${psd} policy/protocols/ssl/extract-certs-pem.bro)
 rest_target(${psd} policy/protocols/ssl/known-certs.bro)
 rest_target(${psd} policy/protocols/ssl/validate-certs.bro)
 rest_target(${psd} policy/tuning/defaults/packet-fragments.bro)
diff --git a/scripts/base/frameworks/logging/__load__.bro b/scripts/base/frameworks/logging/__load__.bro
index 3021aed706..42b2d7c564 100644
--- a/scripts/base/frameworks/logging/__load__.bro
+++ b/scripts/base/frameworks/logging/__load__.bro
@@ -1,3 +1,3 @@
 @load ./main
-
+@load ./postprocessors
 @load ./writers/ascii
diff --git a/scripts/base/frameworks/logging/postprocessors/__load__.bro b/scripts/base/frameworks/logging/postprocessors/__load__.bro
new file mode 100644
index 0000000000..c5d92cfb4b
--- /dev/null
+++ b/scripts/base/frameworks/logging/postprocessors/__load__.bro
@@ -0,0 +1 @@
+@load ./scp
diff --git a/scripts/base/frameworks/notice/__load__.bro b/scripts/base/frameworks/notice/__load__.bro
index 13e351dd56..4c34dd3244 100644
--- a/scripts/base/frameworks/notice/__load__.bro
+++ b/scripts/base/frameworks/notice/__load__.bro
@@ -17,4 +17,4 @@
 
 @if ( Cluster::is_enabled() )
 @load ./cluster
-@endif
\ No newline at end of file
+@endif
diff --git a/scripts/policy/protocols/ssl/expiring-certs.bro b/scripts/policy/protocols/ssl/expiring-certs.bro
index dc15bce077..44ce7345fe 100644
--- a/scripts/policy/protocols/ssl/expiring-certs.bro
+++ b/scripts/policy/protocols/ssl/expiring-certs.bro
@@ -5,6 +5,7 @@
 
 @load base/protocols/ssl
 @load base/frameworks/notice
+@load base/utils/directions-and-hosts
 
 module SSL;
 
@@ -59,4 +60,4 @@ event x509_certificate(c: connection, cert: X509, is_server: bool, chain_idx: co
 		        $identifier=fmt("%s:%d-%s", c$id$resp_h, c$id$resp_p, md5_hash(der_cert))]);
 	}
 	
-	
\ No newline at end of file
+	
diff --git a/scripts/policy/protocols/ssl/extract-certs-pem.bro b/scripts/policy/protocols/ssl/extract-certs-pem.bro
index c0d9f9b36e..f433d4fd12 100644
--- a/scripts/policy/protocols/ssl/extract-certs-pem.bro
+++ b/scripts/policy/protocols/ssl/extract-certs-pem.bro
@@ -14,6 +14,7 @@
 ##!
 
 @load base/protocols/ssl
+@load base/utils/directions-and-hosts
 
 module SSL;
 
@@ -45,4 +46,4 @@ event ssl_established(c: connection)
 	local side = Site::is_local_addr(c$id$resp_h) ? "local" : "remote";
 	local cmd = fmt("%s x509 -inform DER -outform PEM >> certs-%s.pem", openssl_util, side);
 	piped_exec(cmd, c$ssl$cert);
-	}
\ No newline at end of file
+	}
diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro
index 3aa6a00ebd..8cb5f52451 100644
--- a/scripts/test-all-policy.bro
+++ b/scripts/test-all-policy.bro
@@ -49,6 +49,8 @@
 @load protocols/ssh/geo-data.bro
 @load protocols/ssh/interesting-hostnames.bro
 @load protocols/ssh/software.bro
+@load protocols/ssl/expiring-certs.bro
+@load protocols/ssl/extract-certs-pem.bro
 @load protocols/ssl/known-certs.bro
 @load protocols/ssl/validate-certs.bro
 @load tuning/__load__.bro
diff --git a/testing/btest/Baseline/scripts.policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
similarity index 80%
rename from testing/btest/Baseline/scripts.policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log
rename to testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
index 8521a12f45..cc2b04a868 100644
--- a/testing/btest/Baseline/scripts.policy.misc.bare-loaded-scripts/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
@@ -12,5 +12,7 @@
 1	scripts/base/frameworks/logging/__load__.bro
 2	scripts/base/frameworks/logging/./main.bro
 3	build/src/base/logging.bif.bro
+2	scripts/base/frameworks/logging/./postprocessors/__load__.bro
+3	scripts/base/frameworks/logging/./postprocessors/./scp.bro
 2	scripts/base/frameworks/logging/./writers/ascii.bro
 0	scripts/policy/misc/loaded-scripts.bro
diff --git a/testing/btest/Baseline/scripts.bare-mode-coverage/unique_errors b/testing/btest/Baseline/coverage.bare-mode-errors/unique_errors
similarity index 100%
rename from testing/btest/Baseline/scripts.bare-mode-coverage/unique_errors
rename to testing/btest/Baseline/coverage.bare-mode-errors/unique_errors
diff --git a/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
similarity index 96%
rename from testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log
rename to testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
index a1e04c75ad..029e1ba8fd 100644
--- a/testing/btest/Baseline/scripts.policy.misc.default-loaded-scripts/canonified_loaded_scripts.log
+++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
@@ -12,6 +12,8 @@
 1	scripts/base/frameworks/logging/__load__.bro
 2	scripts/base/frameworks/logging/./main.bro
 3	build/src/base/logging.bif.bro
+2	scripts/base/frameworks/logging/./postprocessors/__load__.bro
+3	scripts/base/frameworks/logging/./postprocessors/./scp.bro
 2	scripts/base/frameworks/logging/./writers/ascii.bro
 0	scripts/base/init-default.bro
 1	scripts/base/utils/site.bro
diff --git a/testing/btest/Baseline/coverage.init-default/missing_loads b/testing/btest/Baseline/coverage.init-default/missing_loads
new file mode 100644
index 0000000000..4497bbd185
--- /dev/null
+++ b/testing/btest/Baseline/coverage.init-default/missing_loads
@@ -0,0 +1,6 @@
+-./frameworks/cluster/nodes/manager.bro
+-./frameworks/cluster/nodes/proxy.bro
+-./frameworks/cluster/nodes/worker.bro
+-./frameworks/cluster/setup-connections.bro
+-./frameworks/metrics/cluster.bro
+-./frameworks/notice/cluster.bro
diff --git a/testing/btest/README b/testing/btest/README
index 82b6463ad9..4c2762b20f 100644
--- a/testing/btest/README
+++ b/testing/btest/README
@@ -1,97 +1,85 @@
-BTest is simple framework for writing unit tests. Each test consists of a set
-of command lines that will be executed, and success is determined based on
-their exit codes. In addition, output can optionally be compared against a
-previously established baseline.
+This a test suite of small "unit tests" that verify small pieces of bro
+functionality.  They all utilize BTest, a simple framework/driver for
+writing unit tests.  More information about BTest can be found at
+http://www.bro-ids.org/development/btest.html
 
-More information about BTest can be found at http://www.icir.org/robin/btest/
+The test suite's BTest configuration is handled through the
+``btest.cfg`` file.  Of particular interest is the "TestDirs" settings,
+which specifies which directories BTest will recursively search for
+test files.
 
+Significant Subdirectories
+==========================
 
-This README contains the following sections:
-	* Contents of the testing/btest/ directory
-	* Running tests
-	* Adding tests
+* Baseline/
+	Validated baselines for comparison against the output of each
+	test on future runs. If the new output differs from the Baseline
+	output, then the test fails.
 
-
-Contents of the testing/btest/ directory:
-
-Baseline/*/
-	The validated baselines for comparison against the output of each test on
-	future runs. If the new output differs from the Baseline output, then the
-	test fails.
-
-Scripts/
-	Shell scripts invoked by BTest to support testing.
-
-Traces/
+* Traces/
 	Packet captures utilized by the various BTest tests.
 
-logging/
-	Tests to validate the logging framework.
+* scripts/
+    This hierarchy of tests emulates the hierarchy of the bro scripts/
+    directory.
 
-policy/
-	Tests of the functionality of Bro's bundled policy scripts.
+* coverage/
+    This collection of tests relates to checking whether we're covering
+    everything we want to in terms of tests, documentation, and which
+    scripts get loaded in different Bro configurations.  These tests are
+    more prone to fail as new bro scripts are developed and added to the
+    distribution -- checking the individual test's comments is the best
+    place to check for more details on what exactly the test is checking
+    and hints on how to fix it when it fails.
 
-software/
-	Tests to validate Bro software not tested elsewhere.
+Running Tests
+=============
 
-btest.cfg
-	Configuration file that specifies run-time settings for BTest. Of particular
-	interest is the "TestDirs" settings, which specifies which directories BTest
-	will recursively search for test files.
+Either use the ``make all`` or ``make brief`` ``Makefile`` targets, or
+run ``btest`` directly with desired options/arguments.  Examples:
+
+* btest <no arguments>
+	If you simply execute btest in this directory with no arguments,
+	then all directories listed as "TestDirs" in btest.cfg will be
+	searched recursively for     test files.
 
 
-Running tests:
-
-btest  <no arguments>
-	If you simply execute btest in this directory with no arguments, then all
-	directories listed as "TestDirs" in btest.cfg will be searched recursively
-	for	test files. This is how the NMI automated build & test environment
-	invokes BTest to run all tests.
+* btest <btest options> test_directory
+	You can specify a directory on the command line to run just the
+	tests contained in that directory. This is useful if you wish to
+	run all of a given type of test, without running all the tests
+	there are. For example, "btest scripts" will run all of the Bro
+	script unit tests.
 
 
-btest  test_directory
-	You can specify a directory on the command line to run just the tests
-	contained in that directory. This is useful if you wish to run all of a
-	given type of test, without running all the tests there are. For example,
-	"btest policy" will run all of the tests for Bro's bundled policy scripts.
-
-
-btest  test_directory/test_file
-	You can specify a single test file to run just that test. This is useful
-	when testing a single aspect of Bro functionality, and also when developing
+* btest <btest options> test_directory/test_file
+	You can specify a single test file to run just that test. This
+	is useful when testing a single failing test or when developing
 	a new test.
 
+Addding Tests
+=============
 
+See either the `BTest documentation
+<http://www.bro-ids.org/development/btest.html>`_ or the existing unit
+tests for examples of what they actually look like.  The essential
+components of a new test include:
 
-Adding tests:
+* A test file in one of the subdirectories listed in the ``TestDirs``
+  of the ``btest.cfg`` file.
 
-See the documentation at http://www.icir.org/robin/btest/ for information on
-what BTests actually look like.
+* If the unit test requires a known-good baseline output against which
+  future tests will be compared (via ``btest-diff``), then that baseline
+  output will need to live in the ``Baseline`` directory.  Manually
+  adding that is possible, but it's easier to just use the ``-u`` or
+  ``-U`` options of ``btest`` to do it for you (using ``btest -d`` on a
+  test for which no baseline exists will show you the output so it can
+  be verified first before adding/updating the baseline output).
 
-The essential components of a new test include:
-* A test file in a subdirectory of /testing/btest. This can be a sub-sub-
-	directory, as the search for test files is recursive from the directories
-	listed as "TestDirs" in btest.cfg
-* A baseline for the output of your test. Although the baseline will be stored
-	in testing/btest/Baseline/ you should allow btest to copy the correct files
-	to that location, rather than copying them manually (see below).
+If you create a new top-level testing directory for collecting related
+tests, then you'll need to add it to the list of ``TestDirs`` in
+``btest.cfg``. Do this only if your test really doesn't fit logically in
+any of the extant directories.
 
-If you create a new subdirectory from testing/btest you'll need to add it to the
-list of "TestDirs" in btest.cfg. Do this only if your test really doesn't fit
-logically in any of the extant directories.
-
-While developing your test, you can specify the "-t" command-line option to make
-BTest preserve the testing/btest/.tmp directory. This directory holds the output
-from your test run; you can inspect it in place to ensure it is correct and as
-expected.
-
-Once you are satisfied with the results in testing/btest/.tmp you can make BTest
-store this output as the Baseline for the test by specifying the "-U" command-
-line option.
-
-When you are ready to commit your test to git, be sure the testing/btest/.tmp
-directory is deleted, and use "git status" to ensure you correctly identify all
-of the files that should be committed to the repository.
-
-Note that any new test you add this way will automatically be included in the
-testing done in the NMI automated build & test environment.
+Note that any new test you add this way will automatically be included
+in the testing done in the NMI automated build & test environment.
diff --git a/testing/btest/btest.cfg b/testing/btest/btest.cfg
index f674ae68c8..7d8283587c 100644
--- a/testing/btest/btest.cfg
+++ b/testing/btest/btest.cfg
@@ -1,5 +1,5 @@
 [btest]
-TestDirs    = doc bifs language core scripts istate
+TestDirs    = doc bifs language core scripts istate coverage
 TmpDir      = %(testbase)s/.tmp
 BaselineDir = %(testbase)s/Baseline
 IgnoreDirs  = .svn CVS .tmp
diff --git a/testing/btest/scripts/policy/misc/bare-loaded-scripts.test b/testing/btest/coverage/bare-load-baseline.test
similarity index 68%
rename from testing/btest/scripts/policy/misc/bare-loaded-scripts.test
rename to testing/btest/coverage/bare-load-baseline.test
index 2f273386dc..0e532901c8 100644
--- a/testing/btest/scripts/policy/misc/bare-loaded-scripts.test
+++ b/testing/btest/coverage/bare-load-baseline.test
@@ -1,5 +1,7 @@
 # This test is meant to cover whether the set of scripts that get loaded by
-# default in bare mode matches a baseline of known defaults.
+# default in bare mode matches a baseline of known defaults.  The baseline
+# should only need updating if something new is @load'd from init-bare.bro
+# (or from an @load'd descendent of it).
 #
 # As the output has absolute paths in it, we need to remove the common
 # prefix to make the test work everywhere. That's what the sed magic
@@ -7,6 +9,6 @@
 
 # @TEST-EXEC: bro -b misc/loaded-scripts
 # @TEST-EXEC: test -e loaded_scripts.log
-# @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | awk 'NR>1{print $2}' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix
+# @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | awk 'NR>0{print $2}' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix
 # @TEST-EXEC: cat loaded_scripts.log | sed "s#`cat prefix`##g" >canonified_loaded_scripts.log
 # @TEST-EXEC: btest-diff canonified_loaded_scripts.log
diff --git a/testing/btest/scripts/bare-mode-coverage.test b/testing/btest/coverage/bare-mode-errors.test
similarity index 60%
rename from testing/btest/scripts/bare-mode-coverage.test
rename to testing/btest/coverage/bare-mode-errors.test
index 12744023dc..16d8d7c671 100644
--- a/testing/btest/scripts/bare-mode-coverage.test
+++ b/testing/btest/coverage/bare-mode-errors.test
@@ -1,6 +1,9 @@
-# Makes sure any given policy script in the scripts/ tree can be loaded in
-# bare mode.  btest-bg-run/btest-bg-wait are used to kill off scripts that
-# block after loading, e.g. start listening on a socket.
+# Makes sure any given bro script in the scripts/ tree can be loaded in
+# bare mode without error.  btest-bg-run/btest-bg-wait are used to kill off
+# scripts that block after loading, e.g. start listening on a socket.
+#
+# Commonly, this test may fail if one forgets to @load some base/ scripts
+# when writing a new bro scripts.
 #
 # @TEST-EXEC: test -d $DIST/scripts
 # @TEST-EXEC: for script in `find $DIST/scripts -name \*\.bro`; do echo $script;if [[ "$script" =~ listen-clear|listen-ssl|controllee ]]; then rm -rf load_attempt .bgprocs; btest-bg-run load_attempt bro -b $script; btest-bg-wait -k 2; cat load_attempt/.stderr >>allerrors; else bro -b $script 2>>allerrors; fi done || exit 0
diff --git a/testing/btest/scripts/policy/misc/default-loaded-scripts.test b/testing/btest/coverage/default-load-baseline.test
similarity index 70%
rename from testing/btest/scripts/policy/misc/default-loaded-scripts.test
rename to testing/btest/coverage/default-load-baseline.test
index 147bdea685..be73379fe5 100644
--- a/testing/btest/scripts/policy/misc/default-loaded-scripts.test
+++ b/testing/btest/coverage/default-load-baseline.test
@@ -1,5 +1,7 @@
 # This test is meant to cover whether the set of scripts that get loaded by
-# default matches a baseline of known defaults.
+# default matches a baseline of known defaults.  When new scripts are
+# added to the scripts/base/ directory, the baseline will usually just need
+# to be updated.
 #
 # As the output has absolute paths in it, we need to remove the common
 # prefix to make the test work everywhere. That's what the sed magic
@@ -7,6 +9,6 @@
 
 # @TEST-EXEC: bro misc/loaded-scripts
 # @TEST-EXEC: test -e loaded_scripts.log
-# @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | awk 'NR>1{print $2}' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix
+# @TEST-EXEC: cat loaded_scripts.log | egrep -v '#' | awk 'NR>0{print $2}' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix
 # @TEST-EXEC: cat loaded_scripts.log | sed "s#`cat prefix`##g" >canonified_loaded_scripts.log
 # @TEST-EXEC: btest-diff canonified_loaded_scripts.log
diff --git a/testing/btest/doc/coverage.test b/testing/btest/coverage/doc.test
similarity index 63%
rename from testing/btest/doc/coverage.test
rename to testing/btest/coverage/doc.test
index 6b31845704..18ed13e6fa 100644
--- a/testing/btest/doc/coverage.test
+++ b/testing/btest/coverage/doc.test
@@ -1,5 +1,5 @@
-# This tests that we're generating policy script documentation for all the
-# available policy scripts.  If this fails, then the genDocSources.sh needs
+# This tests that we're generating bro script documentation for all the
+# available bro scripts.  If this fails, then the genDocSources.sh needs
 # to be run to produce a new DocSourcesList.cmake or genDocSources.sh needs
 # to be updated to blacklist undesired scripts.
 #
diff --git a/testing/btest/scripts/base/init-default-coverage.bro b/testing/btest/coverage/init-default.test
similarity index 55%
rename from testing/btest/scripts/base/init-default-coverage.bro
rename to testing/btest/coverage/init-default.test
index a2f6a0df1c..be4de42c16 100644
--- a/testing/btest/scripts/base/init-default-coverage.bro
+++ b/testing/btest/coverage/init-default.test
@@ -1,11 +1,18 @@
 # Makes sure that all base/* scripts are loaded by default via init-default.bro;
 # and that all scripts loaded there in there actually exist.
+#
+# This test will fail if a new bro script is added under the scripts/base/
+# directory and it is not also added as an @load in base/init-default.bro.
+# In some cases, a script in base is loaded based on the bro configuration
+# (e.g. cluster operation), and in such cases, the missing_loads baseline
+# can be adjusted to tolerate that.
 
 #@TEST-EXEC: test -d $DIST/scripts/base
 #@TEST-EXEC: test -e $DIST/scripts/base/init-default.bro
 #@TEST-EXEC: ( cd $DIST/scripts/base && find . -name '*.bro' ) | sort >"all scripts found"
 #@TEST-EXEC: bro misc/loaded-scripts
-#@TEST-EXEC: cat loaded_scripts.log | egrep -v '/build/|/loaded-scripts.bro|#' | awk 'NR>1{print $2}' | sed 's#/./#/#g'  >loaded_scripts.log.tmp
+#@TEST-EXEC: cat loaded_scripts.log | egrep -v '/build/|/loaded-scripts.bro|#' | awk 'NR>0{print $2}' | sed 's#/./#/#g'  >loaded_scripts.log.tmp
 #@TEST-EXEC: cat loaded_scripts.log.tmp | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix
 #@TEST-EXEC: cat loaded_scripts.log.tmp | sed "s#`cat prefix`#./#g" | sort >init-default.bro
-#@TEST-EXEC: diff -u "all scripts found" init-default.bro 1>&2
+#@TEST-EXEC: diff -u "all scripts found" init-default.bro | egrep "^-[^-]" > missing_loads
+#@TEST-EXEC: btest-diff missing_loads
diff --git a/testing/btest/scripts/test-all-policy-coverage.bro b/testing/btest/coverage/test-all-policy.test
similarity index 54%
rename from testing/btest/scripts/test-all-policy-coverage.bro
rename to testing/btest/coverage/test-all-policy.test
index 89cbcb55fe..3a545a02af 100644
--- a/testing/btest/scripts/test-all-policy-coverage.bro
+++ b/testing/btest/coverage/test-all-policy.test
@@ -1,5 +1,9 @@
-# Makes sure that all policy/* scripts are loaded in test-all-policy.bro; and that
-# all scripts loaded there actually exist.
+# Makes sure that all policy/* scripts are loaded in
+# scripts/test-all-policy.bro and that all scripts loaded there actually exist.
+#
+# This test will fail if new bro scripts are added to the scripts/policy/
+# directory.  Correcting that just involves updating scripts/test-all-policy.bro
+# to @load the new bro scripts.
 
 @TEST-EXEC: test -e $DIST/scripts/test-all-policy.bro
 @TEST-EXEC: test -d $DIST/scripts

From 7af3977a5006002593e2b61c0c86265872b2cdcb Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@ncsa.illinois.edu>
Date: Tue, 27 Sep 2011 14:15:23 -0500
Subject: [PATCH 4/5] Change logging of HTTP 1xx responses to occur in their
 own columns.

Instead of as entirely new log lines (addresses #411).
---
 scripts/base/protocols/http/main.bro               | 13 ++++++++++++-
 .../Baseline/istate.events-ssl/receiver.http.log   |  6 +++---
 .../Baseline/istate.events-ssl/sender.http.log     |  6 +++---
 .../btest/Baseline/istate.events/receiver.http.log |  6 +++---
 .../btest/Baseline/istate.events/sender.http.log   |  6 +++---
 .../http.log                                       |  6 +++---
 .../http.log                                       |  7 +++----
 .../http.log                                       | 14 +++++++-------
 .../http.log                                       | 14 +++++++-------
 9 files changed, 44 insertions(+), 34 deletions(-)

diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro
index 982d29acda..0cf51cda90 100644
--- a/scripts/base/protocols/http/main.bro
+++ b/scripts/base/protocols/http/main.bro
@@ -48,6 +48,10 @@ export {
 		status_code:             count    &log &optional;
 		## The status message returned by the server.
 		status_msg:              string   &log &optional;
+		## The last 1xx informational reply code returned by the server.
+		info_code:               count    &log &optional;
+		## The last 1xx informational reply message returned by the server.
+		info_msg:               string    &log &optional;
 		## The filename given in the Content-Disposition header
 		## sent by the server.
 		filename:                string   &log &optional;
@@ -173,6 +177,11 @@ event http_reply(c: connection, version: string, code: count, reason: string) &p
 	
 	c$http$status_code = code;
 	c$http$status_msg = reason;
+	if ( code/100 == 1 )
+		{
+		c$http$info_code = code;
+		c$http$info_msg = reason;
+		}
 	}
 	
 event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=5
@@ -249,11 +258,13 @@ event http_message_done(c: connection, is_orig: bool, stat: http_message_stat) &
 	# The reply body is done so we're ready to log.
 	if ( ! is_orig )
 		{
-		Log::write(HTTP::LOG, c$http);
 		# If the response was an informational 1xx, we're still expecting
 		# the real response later, so we'll continue using the same record
 		if ( c$http$status_code/100 != 1 )
+			{
+			Log::write(HTTP::LOG, c$http);
 			delete c$http_state$pending[c$http_state$current_response];
+			}
 		}
 	}
 
diff --git a/testing/btest/Baseline/istate.events-ssl/receiver.http.log b/testing/btest/Baseline/istate.events-ssl/receiver.http.log
index 4d8421ac86..a18242e8da 100644
--- a/testing/btest/Baseline/istate.events-ssl/receiver.http.log
+++ b/testing/btest/Baseline/istate.events-ssl/receiver.http.log
@@ -1,5 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1316124231.969273	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1317149787.593092	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	-	-	text/html	-	-
diff --git a/testing/btest/Baseline/istate.events-ssl/sender.http.log b/testing/btest/Baseline/istate.events-ssl/sender.http.log
index 4d8421ac86..a18242e8da 100644
--- a/testing/btest/Baseline/istate.events-ssl/sender.http.log
+++ b/testing/btest/Baseline/istate.events-ssl/sender.http.log
@@ -1,5 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1316124231.969273	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1317149787.593092	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	-	-	text/html	-	-
diff --git a/testing/btest/Baseline/istate.events/receiver.http.log b/testing/btest/Baseline/istate.events/receiver.http.log
index f1b0fd02ab..3896ee8c3a 100644
--- a/testing/btest/Baseline/istate.events/receiver.http.log
+++ b/testing/btest/Baseline/istate.events/receiver.http.log
@@ -1,5 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1316124240.720195	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1317149750.648989	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	-	-	text/html	-	-
diff --git a/testing/btest/Baseline/istate.events/sender.http.log b/testing/btest/Baseline/istate.events/sender.http.log
index f1b0fd02ab..3896ee8c3a 100644
--- a/testing/btest/Baseline/istate.events/sender.http.log
+++ b/testing/btest/Baseline/istate.events/sender.http.log
@@ -1,5 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1316124240.720195	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1317149750.648989	arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	GET	www.icir.org	/	-	Wget/1.10	0	F	9130	F	200	OK	-	-	-	-	-	-	-	text/html	-	-
diff --git a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log
index 4f7215e3c7..0f167ded6a 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.logging.ascii-escape-odd-url/http.log
@@ -1,5 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1315799856.264750	UWkUyAuUGXf	10.0.1.104	64216	193.40.5.162	80	GET	lepo.it.da.ut.ee	/~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf	-	Wget/1.12 (darwin10.8.0)	0	F	346	F	404	Not Found	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1315799856.264750	UWkUyAuUGXf	10.0.1.104	64216	193.40.5.162	80	GET	lepo.it.da.ut.ee	/~cect/teoreetilised seminarid_2010/arheoloogia_uurimisr\xfchma_seminar/Joyce et al - The Languages of Archaeology ~ Dialogue, Narrative and Writing.pdf	-	Wget/1.12 (darwin10.8.0)	0	F	346	F	404	Not Found	-	-	-	-	-	-	-	text/html	-	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log
index a9d02efa09..10a6afcb37 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.100-continue/http.log
@@ -1,6 +1,5 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1237440095.634312	UWkUyAuUGXf	192.168.3.103	54102	128.146.216.51	80	POST	www.osu.edu	/	-	curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3	-	F	0	F	100	Continue	-	-	-	-	-	-	-	-
-1237440095.634312	UWkUyAuUGXf	192.168.3.103	54102	128.146.216.51	80	POST	www.osu.edu	/	-	curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3	2001	F	60731	F	200	OK	-	-	-	-	-	text/html	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1237440095.634312	UWkUyAuUGXf	192.168.3.103	54102	128.146.216.51	80	POST	www.osu.edu	/	-	curl/7.17.1 (i386-apple-darwin8.11.1) libcurl/7.17.1 zlib/1.2.3	2001	F	60731	F	200	OK	100	Continue	-	-	-	-	-	text/html	-	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log
index d69b3e5b1a..3c58932940 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-mime-and-md5/http.log
@@ -1,9 +1,9 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	string	file
-1258577884.844956	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/style/enhanced.css	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2675	F	200	OK	-	-	-	-	-	FAKE_MIME	-	-
-1258577884.960135	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/script/urchin.js	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	21421	F	200	OK	-	-	-	-	-	FAKE_MIME	-	-
-1258577885.317160	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/bullet_utility.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	94	F	200	OK	-	-	-	-	-	FAKE_MIME	-	-
-1258577885.349639	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/key-point-top.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2349	F	200	OK	-	-	-	-	-	image/png	e0029eea80812e9a8e57b8d05d52938a	-
-1258577885.394612	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/projects/calendar/images/header-sunbird.png	http://www.mozilla.org/projects/calendar/calendar.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	27579	F	200	OK	-	-	-	-	-	image/png	30aa926344f58019d047e85ba049ca1e	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	mime_type	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	string	file
+1258577884.844956	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/style/enhanced.css	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2675	F	200	OK	-	-	-	-	-	-	-	FAKE_MIME	-	-
+1258577884.960135	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/script/urchin.js	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	21421	F	200	OK	-	-	-	-	-	-	-	FAKE_MIME	-	-
+1258577885.317160	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/bullet_utility.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	94	F	200	OK	-	-	-	-	-	-	-	FAKE_MIME	-	-
+1258577885.349639	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/key-point-top.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2349	F	200	OK	-	-	-	-	-	-	-	image/png	e0029eea80812e9a8e57b8d05d52938a	-
+1258577885.394612	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/projects/calendar/images/header-sunbird.png	http://www.mozilla.org/projects/calendar/calendar.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	27579	F	200	OK	-	-	-	-	-	-	-	image/png	30aa926344f58019d047e85ba049ca1e	-
diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log
index 4ef6d2ee1c..e5e3579a7b 100644
--- a/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log
+++ b/testing/btest/Baseline/scripts.base.protocols.http.http-pipelining/http.log
@@ -1,9 +1,9 @@
 #separator \x09
 #path	http
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	filename	tags	username	password	proxied	md5	extraction_file
-#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	string	table	string	string	table	string	file
-1258577884.844956	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/style/enhanced.css	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2675	F	200	OK	-	-	-	-	-	-	-
-1258577884.960135	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/script/urchin.js	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	21421	F	200	OK	-	-	-	-	-	-	-
-1258577885.317160	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/bullet_utility.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	94	F	200	OK	-	-	-	-	-	-	-
-1258577885.349639	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/key-point-top.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2349	F	200	OK	-	-	-	-	-	-	-
-1258577885.394612	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/projects/calendar/images/header-sunbird.png	http://www.mozilla.org/projects/calendar/calendar.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	27579	F	200	OK	-	-	-	-	-	-	-
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	method	host	uri	referrer	user_agent	request_body_len	request_body_interrupted	response_body_len	response_body_interrupted	status_code	status_msg	info_code	info_msg	filename	tags	username	password	proxied	md5	extraction_file
+#types	time	string	addr	port	addr	port	string	string	string	string	string	count	bool	count	bool	count	string	count	string	string	table	string	string	table	string	file
+1258577884.844956	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/style/enhanced.css	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2675	F	200	OK	-	-	-	-	-	-	-	-	-
+1258577884.960135	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/script/urchin.js	http://www.mozilla.org/projects/calendar/	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	21421	F	200	OK	-	-	-	-	-	-	-	-	-
+1258577885.317160	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/bullet_utility.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	94	F	200	OK	-	-	-	-	-	-	-	-	-
+1258577885.349639	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/images/template/screen/key-point-top.png	http://www.mozilla.org/style/screen.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	2349	F	200	OK	-	-	-	-	-	-	-	-	-
+1258577885.394612	UWkUyAuUGXf	192.168.1.104	1673	63.245.209.11	80	GET	www.mozilla.org	/projects/calendar/images/header-sunbird.png	http://www.mozilla.org/projects/calendar/calendar.css	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5	0	F	27579	F	200	OK	-	-	-	-	-	-	-	-	-

From e15dbb238955bb0e337bfc48d95f72e4134d8f21 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Wed, 28 Sep 2011 17:52:05 -0700
Subject: [PATCH 5/5] Updating submodule(s).

---
 aux/broctl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aux/broctl b/aux/broctl
index 01720883d2..f90d3eded2 160000
--- a/aux/broctl
+++ b/aux/broctl
@@ -1 +1 @@
-Subproject commit 01720883d2ba5584817964f6c30bef88b865726e
+Subproject commit f90d3eded266b4effbdd607f76768dd010c7f3b5