From e35da5f592ca4f3bc088281da26b4c19db8018db Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@corelight.com>
Date: Tue, 22 May 2018 16:27:07 -0500
Subject: [PATCH 1/2] Migrate NCP analyzer to use latest analyzer API

It was possibly never updated for newer Analyzer API changes, as simply
attaching the NCP analyzer to a connection would result in null pointer
derefernces and also support analyzers were not attached.
---
 src/analyzer/protocol/ncp/NCP.cc              |  23 +-
 src/analyzer/protocol/ncp/NCP.h               |   1 +
 .../scripts.base.protocols.ncp.event/out      | 468 ++++++++++++++++++
 testing/btest/Traces/ncp.pcap                 | Bin 0 -> 66824 bytes
 .../scripts/base/protocols/ncp/event.bro      |  20 +
 5 files changed, 500 insertions(+), 12 deletions(-)
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.ncp.event/out
 create mode 100644 testing/btest/Traces/ncp.pcap
 create mode 100644 testing/btest/scripts/base/protocols/ncp/event.bro

diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc
index add7841908..f2745666dc 100644
--- a/src/analyzer/protocol/ncp/NCP.cc
+++ b/src/analyzer/protocol/ncp/NCP.cc
@@ -159,11 +159,7 @@ Contents_NCP_Analyzer::Contents_NCP_Analyzer(Connection* conn, bool orig, NCP_Se
 	{
 	session = arg_session;
 	resync = true;
-
-	tcp::TCP_Analyzer* tcp = static_cast<tcp::TCP_ApplicationAnalyzer*>(Parent())->TCP();
-	if ( tcp )
-		resync = (orig ? tcp->OrigState() : tcp->RespState()) !=
-						tcp::TCP_ENDPOINT_ESTABLISHED;
+	resync_set = false;
 	}
 
 Contents_NCP_Analyzer::~Contents_NCP_Analyzer()
@@ -174,20 +170,23 @@ void Contents_NCP_Analyzer::DeliverStream(int len, const u_char* data, bool orig
 	{
 	tcp::TCP_SupportAnalyzer::DeliverStream(len, data, orig);
 
-	tcp::TCP_Analyzer* tcp = static_cast<tcp::TCP_ApplicationAnalyzer*>(Parent())->TCP();
+	auto tcp = static_cast<NCP_Analyzer*>(Parent())->TCP();
+
+	if ( ! resync_set )
+		{
+		resync_set = true;
+		resync = (IsOrig() ? tcp->OrigState() : tcp->RespState()) !=
+						tcp::TCP_ENDPOINT_ESTABLISHED;
+		}
 
 	if ( tcp && tcp->HadGap(orig) )
 		return;
 
-	DEBUG_MSG("NCP deliver: len = %d resync = %d buffer.empty = %d\n",
-		len, resync, buffer.empty());
-
 	if ( buffer.empty() && resync )
 		{
 		// Assume NCP frames align with packet boundary.
 		if ( (IsOrig() && len < 22) || (! IsOrig() && len < 16) )
 			{ // ignore small fragmeents
-			DEBUG_MSG("NCP discard small pieces: %d\n", len);
 			return;
 			}
 
@@ -224,13 +223,13 @@ NCP_Analyzer::NCP_Analyzer(Connection* conn)
 	{
 	session = new NCP_Session(this);
 	o_ncp = new Contents_NCP_Analyzer(conn, true, session);
+	AddSupportAnalyzer(o_ncp);
 	r_ncp = new Contents_NCP_Analyzer(conn, false, session);
+	AddSupportAnalyzer(r_ncp);
 	}
 
 NCP_Analyzer::~NCP_Analyzer()
 	{
 	delete session;
-	delete o_ncp;
-	delete r_ncp;
 	}
 
diff --git a/src/analyzer/protocol/ncp/NCP.h b/src/analyzer/protocol/ncp/NCP.h
index 713eca756d..f8cac95090 100644
--- a/src/analyzer/protocol/ncp/NCP.h
+++ b/src/analyzer/protocol/ncp/NCP.h
@@ -97,6 +97,7 @@ protected:
 
 	// Re-sync for partial connections (or after a content gap).
 	bool resync;
+	bool resync_set;
 };
 
 class NCP_Analyzer : public tcp::TCP_ApplicationAnalyzer {
diff --git a/testing/btest/Baseline/scripts.base.protocols.ncp.event/out b/testing/btest/Baseline/scripts.base.protocols.ncp.event/out
new file mode 100644
index 0000000000..6374c60f5d
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ncp.event/out
@@ -0,0 +1,468 @@
+ncp reply, 13107, 70, 0, 0, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 59, 89
+ncp reply, 13107, 2, 8738, 89, 255
+ncp request, 8738, 59, 89
+ncp reply, 13107, 2, 8738, 89, 255
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 66, 89
+ncp reply, 13107, 92, 8738, 89, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 66, 89
+ncp reply, 13107, 92, 8738, 89, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 46, 89
+ncp reply, 13107, 88, 8738, 89, 0
+ncp request, 8738, 40, 89
+ncp reply, 13107, 11, 8738, 89, 0
+ncp request, 8738, 40, 89
+ncp reply, 13107, 102, 8738, 89, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 6, 22338
+ncp reply, 13107, 10, 8738, 22338, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 163, 8738, 72, 0
+ncp request, 8738, 14, 72
diff --git a/testing/btest/Traces/ncp.pcap b/testing/btest/Traces/ncp.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..d8c61b3683f631fa404980393915cd9d97d46da9
GIT binary patch
literal 66824
zcmdVD2Y3`!`~E)(Ed+uHBB2^qx}<ktfrK<j+f88;qQsDFdQV89N$4QG_ue~*bdVw{
zVsA*X04ky)AV?Q}_j4u=VRGhtumAh*dtLv``wni}b3V^K=ehUHnK`pxo!GU~TB<Gm
zyFGa#NmlrxUH#+z9e-{pO~z~5r3UB2GkZuczHYiy*G3AIq~Yz1eWW+)_8D*cidBZK
z)0oTF4Q*!Y6UGcNR*ZYuU_W5m-#<%IaYV8Ke;ecOzNl+0ytp=b<8dpij*`@;u@ps7
zt8AI6`W{~6BuU?6`+%;#^r~@LZMIwExAxTf_xFix5y%GOyR^$pG9M!g^R((CjjAh2
zL`8Hqv#lEv73fYG>>o)BFH2HDPD%{^wmo*F+t^yCTMWXG5Sfv}Hf9?1|D~a{2w%}&
zO@k>qra|u#l?JEKS}-)o%=%E#AjRFCTEG^S5Ma(W7n>t<`{w1Bzh-9}S(<Au)Q1Mf
zyZE@ed-?jh*x4G)g++O}N!b}g%_(}%XTOd}$}#K1%N+vpl85A&bBl}YY)O-iAdN<N
z+N)_2=xNQ>Bv_v?*3n@9aLK|8iY9IF_tXU>oo)$;O*(ees0rhhhEfoIKzlVYd|qZ^
z^!o5wF~&MVj1-6wUbsUMqp`a?g_gTn4x-YrpuHM+kY_C}cnZMv0H3n(I|aNg{=O1?
zDWd!1OF}1dyI)1*?HRdVO|A#|XplP>tf)#(v1RhOs|}^acujjX@~NJ+x#Xik9uD&1
zi_rNhyP+9>Pvn6*-7-Xvcc{IxqqL=&G?oHeNmKxpsY$hMr0AH~fWU~D=mt`iKGRUD
z+9euDDdwWA;=FvPjNA++z;B{j?!W}-sjB6%;Sk`8!9Mmww|j~JsAWQwq@qz5FIl3N
z=YmX7%XPRSUV(@!A!28KEiVTl)iN=XbaE{_{w}KJj!c6ds#+eq(pWLR0W?^b`j?^s
zYMENV_CKoS+J6XZxh_wW@eT9|<LVgfAH2)2<rN?{>DW=D4zUVNXxDNlCPsHvMU1Nh
zF*-wxNjcvtVxX2Ov|JJIAgZ92>v6$51H2i)ck^p`C8AR;6FQL_u8GJyGjd-wc{7j)
zfjlewgR0~dTPDxFF05r6E_o2hJAix*zm``a`v0Jo!*7UcxeF7(M^($?IzWKU5TI@y
zKSco4G9gM*y_AygEm6yRK_;l>`dkq=L&S23XyDiKY7kN_6C+S7YdP+wsFu4j4ZKyg
zJgyuXd}^?dxiq+?q5*1|TEO-{s^wiEjYfFdtG!7CdfIX|`4pObXRyEj2fvorfY_vC
zM~x~X>Mv16yu!rrQdh)x5aSPsaWVs3l>;@@GKH2a;>aywEjQqT{{ir80KdSm<+X@T
zwM^(lo^@M9-i?uas>!bzD<;^2e0|!Ds^k<~Chz&Tu$CM0$S2r>{2!2i#INObi2gsQ
z<=a5j9%DN)0X)>T{0{`kg8=@`1}OrdmI+akK98FJz!J5*{*JJg?YJW5=@Z5qAz~T7
zme+%jYMB^;T3O4HcSW`A#58bM)$({FG?)zy+P;SVRM~w|%hUq4|4}WU0BJPB)6S{o
zMqEvBRy6)?Xz~KTmN$Udq+>^oDkANks3M%17;dVH82>iJ*a0!DQaUSQpq44LToI!Y
zRq($292a~Cz)u3aHoulPB0AMFp%Z!Q`yz4|M((O6KMC?r4EE8NlkKaLQ*4=B|4>-V
zjk)BXfc$HN{k_}#THb`{|ASh-3smh|c4Y#%sA_rq*T#y8?hs()&&?D8P|JiUNpnAW
z{HG;qIpLA8mY?T|IMH37Frf=XT*0s9%^;*&CPtuE)^hECM78Y3G;mhc@`NtXzyu8j
z#$_rRpq8lxZ2zNLZu?kR%T2hNn4rm2Xws8k%UeKf(y^mP74a^b&>myEGclZ06)|Bd
z#3+Us`b12fJbhoL&~in*@<dq6O}XI30AC95Zv0x_is)3!gihpzlAVCugONL`$(MqB
z7RX;3)Tb&r#g@q*SlfxtmtWwL&jR^YkhkX7@-{^OAJp=xT6Th3_GAKdQ`Pc>tq|a@
z!9MCh(|U>ksAWQwq?PTDerkzYF0O4S8e=!(ig;I_Fwx3jfA<4^EpG=Q)iN;xwX&9N
z>(~kAzPy+Quc&HyqLr~?QY&aMFM5`u0cx3A!1h0?<?A4gMtIse@5?XpG?~;2nwX(U
z3cr?jfY_vCM~y0CL0wTrcr!7&sw!fl8DjWAjPikHiWqobrqFUl>_=3=`*L$GxDUXG
z06d0Y%R3RBYMIc9Jhq;Q+=r2OQIlgDchUfmC&Z^$C8yXj`P%k&(geJwy_)3Zp7vbw
z0U#d-@_<E+mANk?{vLB*R$)5bE<}&7TU)9tZLK3o))ZNu(35Iu%z9Ou=bF_)l&mjH
zwzE3faY%MOlC_ODRZW&~p0HWqrJaPyw%{ha9?8x{vL5_o-}>*99o$)zY<HGyCv~!O
zk?cK#y>WkBaMff9M^4sZnb4(Ma+AG>WY;3u_I#J#P02dcw)Cv#>&rzh-Gd3xQRUJT
z*BUD(zXkzfN=_>Rz@-UMk_y(1n`sG`egZPVOh_x9h?8G~i1!WlcRu60^xGf|*&s7g
zX~?sh8&`;2x+l}1gW9F<LxT!v;1ae-(Eu(@Enxc}xpbG6LYHpM)uck7FbPNNPB!1A
z_kh@>V@Hj=?kt+n9&zcJ80}RRG3hmku?%7~jUJ_l0hgxGve*5Cr~;R6!v$Xk@Em}@
z%6I9#h)ym|=tMqem596-BY#;<o&)kj27ANbQTbKLDK;+OAnGU#&AsrN_G&KO*|RN|
z{1C`T7#ib3**kKSX7AUNdLjVrR-=wnte0&6Ns*+E{{F1PNTVdF{`{nXmH3G*UbCN$
zdf7^P0WSU=zA0}+^!zI}(h>MQ?P?;c9iA^$A*yASZxb`xYs;?}p6g{e)Ee&c`r?j~
z)UwIo_^IytJ!{(}77cZMJ}1A4KJkqSpZMQcQ0Lk(=Z-_uXYIYyFf%Z*!K@Ds-ghqc
zov>$}ar4NWm=iJnd9K?YbXZ=i&-fAR&+WYHHY{LO$G-|LPl`I&=5gMsq3<vF{rAx;
zo4wb0M~lHT?tQrT!ic*Mvs+KunP>f)^PImDq9=NmJRaHq^3Bg(Z_mhz3(x;@>!}u3
z_Zbc^*f*zQ_xuGRC-gtqIIKOIows6Y&$I(wd@h!IS$|V>VbH^OAK%<H;nZ65p3?j#
zZ?yh7=u+@|EuD7wCANNV_$#*a{v0#I|HSW`ug1?g*YDRsV~3t}m%Jl`*1H_|uwS9u
zxx}c@H8G!ko9H$7;H0JwM<=)bBjxnuBi5a}p4yxBZpea@iwC^$VA!!AH@?(k@!hli
zhqsC9u={Ra-l*}DQ;)2=JGNEwr<Vpge&;`D&951oo19s)`nz#|?|$)onBAyz+X7ZJ
z+wSC@o7m&lN28W_&S~0n-IJ|9`!C3v6g02ix{-y$zu$EC^zJUMx3m3P?HZ=*^hH>(
z%f4%W=bStJq-;xZ?ipV?n%mQCl%DZ~ZIaz=bG=<QbtNks32)_A^4GRbZ9U{ZVCxh(
zI=0$IvChx7k*497Xjk_PX_Ti!m7bwo)SWE%Rr^QMqUOqoA`X9FIilEyO8EaaqG%!|
z6&7bCXPdozJiI+Ty`6>>W)t1Jb8Ms)2uypmYoD_gvHE;J@7ZgglSUXT-h2V|xin>`
zQlFXb?nEVT4wBSIl9pF~B}rRH`>>1P|Nd9sL-~=kby*L#TR;7l@~WZa7Zua5Z`epz
zr`V`4;%z?HMw)}4(_T%@@t*B?YQFgbDjyg89?n~Yi@=rFCNagx24T21xu4V&yo+m%
z(zG=F42;?nCX1P-?~PMwdIg#mLet(4URE^4+c&XEQt$c$pIBKrK-I=oRK*XlJ=OHz
zS5+0QrTjjr*JqxM=<Qp_Rj*K=Fu4cR^XI>P9{?e}eG?<`G-eLne!h)#1z*u#tzVs8
z!ZbM9`B@Dn_kafTpg}8}4-^e{y1P>g*p?^s%Plq+=9-J6)AI_8lZO=JCIfT}eR^?m
zes^c*($Z3=;*1<K?l8#C$Td49=Q$0@axTuxcFr}I7C9FsXP9%7&CW&nN%&V)4d!IC
zoo&B>u#BQ&y`62sFc%jWH&+io7e~CP{HO1~ujpGYE*@SZ(7d5AFW+77>f6oD&Xxq8
zhP0!>N_(~L8R+>kSKxUN7?&&_%;b*+4kCS%j&%WQ!hL~_U@WkdDf{jzm9l?8*|!Y#
zk&nY}D#~IkK%wRL!bn6Fj0M_r!QTS-BY;=%#{!2C-5>D@oyhM9$(J$m6Ke8DApacX
zKZahcN=~t5^0Nztj?jTi{<%Kk&4wT^;5))$M7N|POj;yzgyk&r<0?mZ6F2uvaYp8&
zKOL-O4o4t1l+@$5)>*<4CNCB`LPwr@Q=FmR>rk%^-w}?0kQ{*+fm-PZ9!o@yu!3oD
zOyvk~z77qdp~0Y9s}&942-E_$n&1dakajd!Y3DdXC$7NJ`h+RZ;}V6&*}*$V-=t$*
zfa<EpQjsI9WXc{@)zy^ep=>^s^$Y$;Q5KFsq2;=YM^u3$bmoHR1H2u;HO>x>B04z&
zp%eKPA^9ps{*Icw9muDF{N<oSRmmx~O#aO>p(AwRl1~G<E6Bt6j&KaoE$Ij|mx~->
zHOu^n$`PixB6GY^M4W7o;l<ON5Q$Ba{HDHq+7gcNJIDm5_+7c`;rjR#%z)jy$9II|
zAS6d1Mxa(Y!kiT%M_9u&IIMDnDVWrn+87$Fd^|$Y0FFQ{V5<p^@H^6u1}p6xM|g!N
z@YKfogsEN-IG8_1IDzy{I@SfKuBNRNIl@||>>*WMP4$AZj!<^2|9VAPI0A*1>uM9C
z3LK#u7u*rxxI^ilH-C)qE~1ko5IT{2tP+v0W8??b<Ut@01$nC9{Ho*>TPFV$QR$3<
z_G*%k_jKfvhk_h)#rHb#9pNORThbAVR*M{AJ<I%n$`PgxK;|2fxlM|bk~zi*#3o5~
z>bDwi2}d{%GJzvFan;)h^)_K{<4e9Hyaz&Z1Y)FvBA+#+uMs)I2ByJ&l_N~u1Pwkm
z*oXggA7{vwt_Vk<7O>R>M>veMqrpmhweA_{>C6@QV|~K31PH9-JHq=&-=t$*fa)r8
zt*EXxGG+Iv>S|g7l>H6LzONsxC<{lR&~jbPL{xzzxNyOL19%p|oA4ds14JiBAao*k
zSSKRi#K`xm$+L_V(`-P#v1egba*8dJ_g*h_1XmvUG#ii)1GzQd5l$hxB^}`k7`5jS
zHnYt4s2pM1Fl3&J%tQ0OQ8I@k5St{OY|(#%B^)7igU}J&xay@sJ=~^vXB*!UJ_I2-
z0x<%$(h+__OWN}YTbKrKs~ln4r_f+BH0X5OUC{uJKrLXa369WfqtFrDxdKntCrls3
zR)SnmrnxZTC0}dQ=}sekla6%(s;ghoL=b*Td$k!FpRG*U-Kx5pJ_^d>l47{6&ufaZ
za0Ci1*Hx`eLPzl6g5#3n^ck38y1{pZj}V<4fzXM38rsk%-^R$_Qj^aB`ALI)*dN~E
zRmmx~OzyZ@=m?%%@{=H60rDUDj_@&}Thb9Of>GNMwzJH4sT^VY3S-4|EL{ql_M5Yk
zIUIr5B*`?y=Mzgfg2xu2BY5%Dn~tSR({Dq)DSSux1cc-W#0b<%NB9&iX*<FWrom2?
zBTT;y4T7OT=JiI325<yw0b5OQgbrJUj^ND|80(;B;PUl@^ZYTwr%2zVV_ksiY9E@=
zuB)9)*&V97nt{vC)3FXJEZp5kQ5KFsq2;<VZWB6!4;LKkpl0Ca(g&ycj_?_xlOqs1
zkzYm|+T^<!`F1rq?k=5<bx>i>Zk?-=Q*4=h{dS=v_;Sgy4r&H`=D|U}BYckNmUM*3
z9U@0~i)Fq|<p?uQBJ&>&_Mx92zNcgkM<6yyy1wxJgO+fFtsoPeHFW2y_oF^xW(%m7
z#&?7-KuC^2j6kh)gy5YbN7&6Y*s5}bnJtVJGipPFtyixq8o&{#1#C6J5q2Q$Xt2`G
zIcw;_6L>~#2>c<Yx%TiK;Y*}%(y=Z;b=7y5sIJ~-%5G8B)yxl}Eam`1XE-%gl!YTu
zXt}O35mj*3(31<^4&dhizK-t*Um-d<0-+Q6Jt6rXM!s21eh%clL0;$x)Tj5TQf!(0
z)LTMF&~wRqgB)j3_cg9QevRmsbcD>^Pp@598`pK-%QD||_Sx%0Gk-(oOAU<^`aJ#}
zsj`h!oR3)A<BfeR)<%`PRK~JT=wnx=s0eqVJaJe3)KPaW;V$<<CUBQt+#|76pD?Qz
zj)caQ%x^$Q?m~<tfjlR%;BAq+>}MKmP`S&jUeNQH!9Jn&R|^yk;4ahxwwmBBe<ST^
zu+q+Pm)=}~k3rz;m@?D2l6eN{V@(Kk0qR||_K4i&08@6oszzsBhqB)r><2!vKdvYX
zccIX7jc!9!fxGnKf`1S2Cji&DlKCy7le-W)k$2xKB0tE;*Qv>$fE-s#2VQKxt13Cg
zmdVc}>KweLy_)3XJ^i@kkMs$%p98tZmCUn<Zb^5Uwol{;hgjxoRgN(GIb+4lfyjK!
zbEQh=a0FtLq~9kcp0R`@d=D~#Blz>wn>i5bB||-pE1Bm&NRB{^bWmhRDBmw~gu_gO
zH7ZA#oeT{|LW9Ilixdsu2-E_$n&1fS4hS8gFIV7^`h+>SRp_q9mCW-<-=t$*fa>a9
zG@(6?Kf;t<t*WazFF@JFP}aZcQbk!f0)>|A>Jp*~93g-Uz8K)`0j_Z+^8%uiBM>@~
z4?id(e}|E;Qj@m_`F@bMZ!)ziImMRA`yLWHLLirXKgc~mu5l&vJ4CmnBRmA7_88$P
z%Y3EE5$1RpD`qt}*vG%OVz`ny9D&#*>FdNFzOjTO<Qx_{LJ&{AS<Ru|M9flZT*>?%
zgyaas2-HePXmLd32*;QPD^!j!XCgGfeO2+RK8#Q_fFn=~*lL0!Y(m=6V5Pm<8&;ra
zFjwFn`h>Z@+Ow2DAbpdLbpfiY{_lwD>Nrz&xvH+_`a;<_C_Apv(-9~ffkMl5m4>JS
zM+o79#{s;b_AKR(h)#|`=tTaPko*KAU#2GS2l5h-r`e?|eFEeZTP8nvROkr(xa1`u
zkJp~1yol(QbcE7lB1d?aWxiD92y^3+`B%ui{(GC1%;5;cCQ0#KUG`bR5%kA}j?ka0
z-d9i$EA_NyDKCML9Dx{tTImRv(USHo<w>T&5|ty&#X`GTSi=(c^T{rX25<yw0b5OQ
zguW+)ju6Tf7>jJ?4bq;ayo~fsI@SfKu6{rh+GB+Gn6isibv190v0`>JDEmSEXhm7n
z6@`}T>H(q(93hMcKD!yfbG2tFe?oL}1VShBdGCtI-)H2D)a1D!$3p73O*Vb2l2dG%
zeCA1^BZPCwu?Tt|Mx$D@ls_Z7B^@F7J&_}Pz%pN`a)fy!k@-wy9@hT8k~tiK*d(d>
zAC1OZ!Vy-3OmNl^!BuZ2)cZnvmhu-6k|Pi!P%9lF;C+!JoMIX*P&vZ9FQ5VD!Q(m~
zt*vMPN1zt4)dWXahO|+0T4RJruE1~W6XuW6o~68k^i4X}1*ooiejuu=51F#_RdqFg
z43xz&jB8NaNl_M#K%wQjibGU^BN({gUjTfz_AKSEh)#|`=tO=~NPe1;&r_4n2Kfzx
zz3E!5wpGa~woHEUL!l!eYW2qm&b|Ti)!MU^R}tNkj<Dvm$Pqqbna@=@!u-|7ia8O;
zeEKdQC383eu}RX1)EC!U!Vy}0By@x*o_cd4pdOaUYt1bF210TKVgzcXBOF6Z+GB)|
znFe!Ijxhf&G{8C$Q`UhW6b;}A)B?7e;0P~&EOdluuE1D?vS5Su%;N7z-=t$*fa+?%
zCn87qgef~)RaXl(K-uX~HsXnmqAVPNLd$hkh^PWbh~a`y2lzhinZ-X4og9JCiTt@w
zMdY6{@>y!~eIUmO)#UQey{hCCTP9zHsB`d|_G%|;<2_@!<Xb`hf%eSeHAJ_hBN#pt
zIl^Zw^O-6~Snz?dVlEzIIN*yp50%W}2*f5yW9D|AW(h|)2{OSLVE|9Pxp-{hLago7
znpyl4gyaasNC!opS<L%f<OrWL4Q8kuVPR`%;0z76y?sE@0FFQ{V5<p^a1m)ogO&Db
z-80bB#1$BeP!{60Ppz57>qy_EV_ksis^kk%U46lnovx~@g&#xNFep3o{$)j3I0A*1
z>uL$23LGJh3myjW@3dzYZy-830-+Omr!Ph1Uo!G(YVz+uo(b}zdtX*1r`R(2D_;p6
zA)ZT~3G!>&GmAG7-I9**BN(-37QbSdPgOa>!fVJJt~H>U!K7pkM<6y_9kzP3!V-?q
z_#2@k4CJc!fj(i8pZ3h+Umzq$AV#28I>HIGq&-IXnrSda<p_)XpaIs2#NOO7SJ42D
zKrLXa369`(M(79$T!FC&Wzk>SGmE#7KJIOxE<km49ZhJ@BYeY@eN$Cei~cfJ%&QM&
zzq)-yQ5KFsq2;=2^sUelUgd$$tFKR3Y^^=BcpK5l5eS{go1PVspJC*aRpg7ULEZ`E
zdv0y3N=~t5@`s2j7$dyKCGQ0CCfYNLe<Qjj9bwZskt2M|GM}V!gvCveIo2k{#vMbd
zPghM5n<Oo*{q0AVa0I*aLPr?HRc{>B!@b&CGmCdXNRB{^K&^Cy{b)(s5zaCVCaN4^
zaVj*xI+0k9%}<}G0Y{(~u+;=dXm&y92#H*Qu?S@eE;DJ}|9BVan{=!TP+hG@6WWe&
zjww4qRaZ-zL)rJBZ1d|2mEHwMpwMz%oj_E<7~yp;_<I0HwQAk}cn{IZ5eS{gBfk@o
zpJ(Lb)#RN({u7?AdH>HzRmmx~OnwDX1&)x!CI1QJ-r6&Z_YvKaj_}?OB1gEuG9RaM
zgeBg_iuwM?eDU;bC3B1sh)t3%jyQVK5{}UPN1-DO=BYQ|AL_lSJ+t@#gyaas2-HeP
z*nyU`9pO8s!B~|eEO`?ez<Xj!*M%w?z!9hgY&F3VnqL$;LNZriEJ9h@Q+sCdA<{SL
zSQntW+Jz>x9pQVX>=;#DE$s<qF?ks?@V8<`SvUfPmh0*qq6!=#g$q6g;5Zl2y8rPJ
zqLU*KI+2?%iO7Fo<fGN(VIW@#@}5^ys*+P|nY`;|p(B{N<SRk`s`kv{KZtHgM>qvW
z?X!j-S>_cgM_BqQGROU2(ch21p=1t6AT~+*&h~@pmT&~OpM;K(%2n?P)Z3vwv-lW<
z<OswF)JjMA3@vFp!bPURD3v2D-C?X)@G>+wfXCVWJ5GWlPz%^<f+KYPS?CC9Jb@Qr
z5z4Y8?U}_VNZ+JmU4ZIpADYm1giB1>H&k`CED6f?fwD_~j#QL|BT#6$uD(Q6fg_}I
z!TSKbKzn9ULUeKjLMQT9e-V*iX5=H)<OLwdrP=5=e(F<|oMOx5w-8k@M#$ij4+43G
z_ROLcqFd4tR$dV~!cQ#o5h_PmR)Ne9A@g=^IxCsO5r|EaT5P?6$0<7e*Uw|R2{OUV
zVkTETJR5A;*V;3S)*vKDAV#28I>LcpMUL<@(_pyD5tiX0-V3l!B<i0f)`|vj1Zn|W
zO>l(3t3pS};tGsKD9gud&n(tL`X(Lg0#sMup$TnA_=PDuOjTFQ$3xkFpzM!7zM?1#
zN1)JhT|Gopfg@yd!T$j`o}Z<4&th#vCr2Q3A|L;oi2Mp8AF3vwXRKJ*3gpLsXjPS*
zV$0-_zY859hey5;4=rB4PJ3pt4x(Gq5$=OgdyMca%e-9W2+P+Y^KxXK646)59F9P2
zlGMX)!A(mzLf#)jN66)>R}S?aXwNLx1tB>CF#@&H5$azPIl@(@L7B=CmOp?7OQAuZ
zdEY4-z!9hgY&F3VHY4q5u+q-C){w^)7z;;MY}TGxtcUbXI@SfKuKfNK)zxoI*-}+q
zt=J4@4?x+M&(~Fyg(FaCxvmlsRp1EuT<`+`Kd3#kXoKkF2!u}Le+bEcXXGVn@`E7%
z7UXr#-l<AXv1Rhx*M*Kyz$O0{<fpY~7V9IrB^}}D4biHpKUn5NRI8>|oHkZ0@-j3w
zuD@Z6RM|!<F1;yomuoCmvC3U4W7!+mzZ$Ek2zQ}8algo^4UaA1E{{Pb7;hBvj>IA_
zeZtC@v}Y-8K}haGj3j}4C3DSRB6s<dX;7qcmz6I;PplI$j+u!&DW5*cg<8N?6Wrw?
z(vAiz?HqS0;tGsKC@VkHo~3Mn^l`Tnbph&Kvu=sp<vLTgP*tNVKZCNRP&W1Ji;A*v
z7YZ%c=r%+ZxJxk?ycFOVA8O4~HbiuC7eXiUpxYwy8;ra_P5vXu=Yl-stIw;FQ*4?1
zPec`*fehi2&jmT|q0+kl(GJlq=`P#<7CFLAmU+I)5mw$n=C|-P)Zel&j(>XHg4i(6
zbMV7WmT-hxcZ7~m!d35<K4DdW_AF&15RxMhBTy?HVKZ9No|E{CX^^LKgjE5?ip7|~
zH@r7xwxR*X8`J`}n&1eJk#;m#Y3DdXDNo?VScJ0bZ|zyi=a4>TDX9xkU9Gz-s;gT}
z*<4j!t@<0vVwI3#<7bByW#I@ETCS_Bh$?V|GA_7>K4Eno?ODpkh)#|`=tMr|o{0Q5
zBhOKhudV~~D3HJT>6WVG6k8@gb6@BP<y`V8kT=twrF<UIE$Ij|9*7*_Z<cws$`MvK
zL*|$ZG&uHYp=6FR0<qykc0ZV6ku#9LK_(a@4CSha&s1BTp*>641cc-W#0b<%N0{?a
z<Op||23aacSe*e4uujBKe?qRJ0UUu^z*Z9+q5dPGBMjpTj72DGT58WyHbwd-9qR&A
zR|n99_MF6BrfjCFuGX}KvN!Qu)jv+pSCoY#P-wZXennJ)BMj$)-voG9?ODnf5S<)>
z(20E9KO*vbj66e4-ql#K1Z$upKlyM%RdR|glMj3>bc7K+@+HrKyu0=+Wiv##q$4!J
zZKv9E68Bl==_*H9(;b=TAoKjl9!lnL1Y(n<^4$SPEHOqX2ARMSMsn55fqHmKuh#vK
zFM^O9ff#{W=?IQeeZd&v0n;E&<p^u0K?AH4i3}UvPtgF5KrLXa363xxX-9*VcFq{#
z4X(g5^$Bb7uoA8NADbh6la6%(s;f>`^#zXbkSUw0s;jlVq3kv&>-^p`Pf?`Ma$Wf$
zs=yIOaly9%JW_j>(jL*t5eS{gzY>x^V&rBuc_hd`0{QbN2P=I7UPiHH^20~!t3To6
z`M%x0?pWm$KG@f`PNQ@1C)jMA!f<A;-iYw+EA>TZAQfB{K7tB~+B2RlKx#>MIrM9N
zfxG;}R7_F1%i2U^#Zq{8#9J5JD=NZWhz(EUTb5*z`y>ok>x<lFG*7*yU7_Av+B2Rl
zK^W3YW~3t~&q+K+OWJ23kC_I^DtB4?7Bs+`lZfdfo@xMhp%$>!1a~R@P3SITxB_EA
z%eoZp8P8ToAJ3AcE<hE~?01p7JYmWXR@Lab6eyboWebmmE4>RfN}=T%bwgBvyNu<6
zX92tzvsD_;l5CCW<Sv9x<Ua|?C9L*&qi&L#ycpz@Kpt~cUzMC<%j9$a5IVv*F8L&o
zj|I8Lvn1Ofx+NW<&oz-FSh37sS2@DEvB>-ip8t8L00V-ja}vZRNfrK$-?zkgV=l-9
z<BjoL^{zlY%tCA3OW78L<OswF)JjM2|5M}$)=Yy$l_RYC)>yHu0W|oc^ogPY9D!QE
zRudfIDAJAwEA5=|#sr?g%dntjJvzPCy_7E@eUpxL0jewWb&(^~V#*Fu)z$h*P_{Fa
zefv;nMOiokg_i4TJ)#O6VImj2Gr$*W&r&)dIynNN6S@9|h`cr<e@#uk5adB1pMTK4
zDmlfL$vtlh9bpoeJP72tYgcQQvK^vZ(h;tJQTq&}4$J&il_RX*h|Jd@bKhA{GshT#
z*d!@u!Q-ixaD@JU2_0cFSG_e*57*eWo+YURAvppu0=3c+ZlWdaF+yFYL4wK=*8c+y
zu;wJZS>ZY5=))1H1#C6J5w_hDI>MV=fw7=v15OXLo+bG*(l_Z?7ofT_+!obUJ*MnH
zRb6e^24#Q7Gg|NMg_M==H*f?BE!R~pq6!>g3K#rmfFIGGrEHJr<OqaL<W_%+$ZZ&T
zyqf%ov0`~Gke_?|R#kF}Et4Nc)H!%fdo>dt?>Uu6zPuL5Khd70?11Q&bcCEcB1fpt
zGLKU^!iG<fIc}&68-C3}$sCSAY?8Fu|MfkVaD)#)CKw}3<EodWPuQr_o~7&vLUIIR
zq=O=#HDufsIf5<Iz@&17jXG$6H78+lId3Z(z!9hgY&F3Vjv;Nq7-2eBU@U0a_@(wN
zWhbO>(y=Z;bv5XosID3?We2G0YU7tsb`_NEvGaRHSvUfPmg{OLq6!>g1{Zu4z%Ogh
zQg%jkas)yr^7{8h<P8~lteX5X$d7`&&5lp1l2dG%d;_8i9APGx{3ytAl~C*Xk6jSm
zl8#_{AaVpdmU)cI5jNg3R;*}?=jy)WQLJPRM<6yy%K9pLizOW48ps5WFpH<&injWM
zO~Kl;lwCncjzEk+t#pKq4@Hj9h-nb5a)eF6&;V;rLKmmcP&9xePz%^<f+H+=By@z?
zT!FEmWfLB0r8P_W3eq>}SQntW>iLhTuAXDcMycv*(>*AQnY7T6TlOo;!VxI6TvsWG
zDsY53T<}DF!e$%oS;}sRPL4q6M1EgL-k6aaRpgs(Kt2NGuW#O1m7HSB<fk7C9bqn)
zd<4ktwPzL`5#5rGuvoHHW>Tv^Z~A$bxj}X3)Mk5Rex9B;{q-A2m2ITryNIQI2GWGZ
zid4BvWh^{z+T(XcMYs#)DM=aDeb!jQUAkD=iri%$_eh+_k;vAbrE~%zxeGCp1oC*}
z3$&zt2GW#i5TSCH&DqfN2|aH*+ELK}?m{hKs|oJnVQniKZ_MWkjKwiq+Gx*GIwO6P
zj&%X*T_2+f?W>|MFlED4HM*sZv0^2j<1z5b`~ixxa2E<K*XUJ56}Za+9{9@E0C&`$
zrF21bau-4;@@=(5<joj)n3~)X<hXu0@Zvlq{q)?4V$0+MYuk#(8w<JQ-9fI`o~3j}
zbW6I+V=!tv!iy~PP?aNW(IfK($b8HXca_ZH2*f5yi*LPFVF^cwsUviRMO^h3Ks{Wm
z)S9Jq10gvAF#`49ISI6+?Fh}82K`lzuw^DR!1|Sei4iu625<yw0b5OQgkg1sj<A?3
zFc!yb#V|{2meL*Rn{=!TP+hgGC#oyl=8oC_eyY0K>JMelLRtS=u8Oj71PU$Jl|P~i
z9AOC;{4Bt6SCiJglpcsqjzH){enCjyf{}-)$)iAi7v$|{wyR1`v1RhNY=n-mluLdW
z<b$<mDLoP0l8z8xU*rfaS?0kiN7y>pSg|S=PnUf!tw6~fjzDaZwD#tEKUu;N4uMQ?
z2C|H&-l|xrw?})H(hG#-2*e1~N=F!GD{_QZOoJemBW&FR4X}PCepSe2MFThjwScWA
zIKo#*TQDcFoGUOE$81Z}o~86g`X(Lg0#sM!4MdL6nkgHos;g~jP!{X1;>S&Gs3;3Z
zpwMz%%|ldyBdp+p&jUE_+16U|?Sts#2!u}L?hQrcZ5Vlgn!FU`yFs4z=A)|Q6k8_0
zfT(luns&}C<w`F3ZjevVo~86fbW1wIOgoVyv}Kw1RXM`83C4=mcydjA{k5S==5PdJ
zlcedb7FpyouvRn@I>IWRdaIj2z4O|$l-)r{jzElbP~@|Qz~@Ac@DkI&U*!nf&O-w)
zJOlOTzDE=d;0V+LwwmAwJCU})5ms{r#)6jZQ?zF(dmw$2j&%X5tMJC6x^iI3`l;$_
z`xGb}4P`%=fPvf7u{VX5>na0L1&*+W3my&dCEBx;JrSK8fzXNE_IVL`J4W6|O}+%=
zSXCakY5bY0<P=*bzlW#-M_9`xF97)#?O94aqFd4tHZ~DCf{tb0TjdDbw;=ORk$KoB
zK1$|r1Y(n<vt4wHEipzI&{XIM>$vKDs!!M<Y0pyj0wFm9F#@&H5$eAna)g(e2E9~{
zutS0dm`#rB+-sqt0UUu^z*Z9+AsuN89AQ0IU@U0au~U1NvNzH<=~x$_x{{iS>Z(0c
zR<Ek79XpK`YZ^n@2BVKF%3_Q_q2;=2ji>@g*uVo{(-`2#v}Y;%AUZh$p%eLGA$bQz
z-cwC}4CGFDy6m-zT~)~`woE?eMWG{X<dQpq{B!MDN<T!mq$3117db*lmU$1ABkcGb
znd6PZH2vgSC383eu}RYDK=*5waD*iw6Pz_{;;J`ApRluo_ROL`2+0wM5vY}p(9d4v
z2%VS)-BpgTvja51niEr&Z?U2Q9D!QERuddy8PXOw!e*|(SkSWb8||6JzDVDsV_ksi
z%DaWg5jrzveN}a}^BX9O2iTe-Ml4m7g(FaCxvruSRp1C)xZocH{1@$+#Q;PnM<8?}
z|3gULg^~NH$$tU)?;v*>jyq?bj&3NnOunY2&=IzB$$tm=9qpOLKt#8sBSf_lIYL*K
zxwpy@cHS{otnG)V%YO0F({UXff!HMJXX(IcOE|(>kO>@N8&AEp{qzaD`fJZD27!<q
zff#{W=?J}BiyYw<rh%8r5q9;523T`4V4KI&ry0Q!s0C~_!4c*mZGj_f=L(DkExR6S
z&nyNbeUpxL0jewiHX=vp#+3C`)zz+tP<Aquomo~^wXP_%Tvx9ls=yI;aKR_*6W+r8
zs#-IPA&5?nK<Gq%Ur6rA$URi#Z#4k<29Ot(rdK7W*fM$kvIc^yg!<ckq>*(y#M#!e
z%C~hIb9uCvO-wJtq1Ib|{cgUY@uTbYuObZFh|n>xp@go?_G)tyE}r|Vs8Gx5)rMzY
zn$i4+x7yI3=UYFL?(~-=>)Lg8TUph%rf7SNRiZUGAD-Dmj%gzWN|MX-@e;^pJ^|UQ
zME25*hG*7Zy8Z$pw#{$y;KtynXQSOfG%vJ7do{Mso(H&WZ4t2<@{|_hQU@_PM>mvy
zt0S>p9i`3%&x7J9%OQ>-GCIZ~y|_5PyR&mnQbx8@T3%jSw%I8;FNb~YoSdGNn`_Q?
z9-NVz(tAK)l-{djMzP+*&BNQJV^XocEZ05L-L-Uxhfh{|VP4iypX{N&8O5$%X0w~O
zYe~oGegS&_pa3uTKsVpMo^HPG-a&pHqwq~{7dJ1rjzi1zse_Z!GQBf>Ts=z*Iu`3)
z9YSJa49>1ju6DK|c}2zD9aL0ywy{O#LPx(eb1r@uo;NfjJ3GnQ)5*o5vk8cKrA0j)
zVtY7LzIKR+aqx6<?crd~bqx0J;ZRu8-POt0$;HXFi$kzEIV;cE&BevX1vD-`4nY}(
z=G440XLtI!ovmMTvN<1Z6r0P6ozshRvb!ba=VxamClzPp<vN$qcU~z|e>W$)M}gkO
z$+ufq=dSFP&%c2j!;*5-h9sq#yAw>>;BMwz_6wfMF9hZ$=cQ!irge8n8=8^dEybLg
zom6aAe%v=bsj$clpnlPjjy^t~zK*Wlh7_kd`miwG-Q@PX?QBEM=6pxL?2HmL<?iBQ
zXKN_TD=T;Gn}-9LOz_<uvglWm=vVA)@%>_m=@?U<k3V=ON5|6AQpeQ1!W_pTh1q7p
zGpF=$K$jp8eQZpSBhrg9r<x1Rh24eSsP~Wzy<5kU40EYIv#4WkQjVGaTVgKM4@u8X
zjg08$T@)MdWX^T!n3SV$m*GDozN9d9fLCg2{=k&%v{JK2xiQTrq`<=vni*f5A03ob
z;MFhN@hN<mIXA61y}N@Kfcoa;Wo00h;5dDN(a+B>A{PGyq?(5YXL<VcEy#+E8<<jD
zW{5~}PjZbdDN6D$iSY1=FuC^4FUa(YHn^3#ITm^th8kTQO_9mLxrY8ZQEoB5f$0$u
zuD))b$$^oDvDxW)J~64$5yb_bF#`;KF&^oKrj&lE<#E9grNM<hF8zjjWVm>QheUW6
z#U~Y(<z^cD4oNCB8V0&~hk2v~x<nacLtI^pT?(W6gD50C1;~c-l5&r*oYcg$P-AFp
zcIx0j(~zL7ka*9)l5C%X{-J%-4JnDS#=OWO<z+>FsHWhuNZ<ZLy#opy%iMf?JVJeP
z(lW};#ind`ui|jetejj|UzeEj^m3CaFT^w0F{6Lx;PSLW*Ww^!ahYG}z_^l9?|`UG
z*JR&VgL!}<B0DOtJfoz<+vL~7A&sgI$GKQvTwauy>y%|K@58>wjKK@N%H6YvLvXlX
zzpzBVnE%5CdN@Su*&pjm6aCZj!ZJ*z^whkJ0sTV;`j@#m8hbbxq5^~TaD^ma-@zVk
zDaoGR?r!cWNvYjq^`3*hl2d(BlRQ#VQ@oPBeY(f^>pi>2gzH`1JU!gpJYC(qx`#de
z%EzsHzyQ6UU-w{quY0sUD=#~#Fez+ke27P|Ii@hbheHI~ar4$^1iO_628a8`q-RIO
znj$k}W1=JbC8qgiL>6a6c^9}8N4ZBv=KJ_0<|M}#<qXY<a|!Aj6yf0#7}M7$$G1Ez
zEIKtb+dVy}G$ygocR+wkkxxOn$<05eATy>gtJGs?scWHMu48JZ>%j7`P_Nj2CYP+>
zvVH?xlOjvvV@u1zAqqg`{uzk=>1P};IATCrsv#hJU~ZVZTdsF(SZri}9~Wb}duT@g
z*vRzwGM|7lcNd>fa{fX%|A$r*+tto*b;$D&&-wR#!QMaYA4!YbN>YKV+0EB0Fs?kw
zFWD4RX7C6P_YTO6^z+RM@C+>V?;jQ#?dVusU~n;e#fBCP7@9G_H`(9SoYg<ikmPR4
ziXJk=P~z<o?2_LvJ|`eAdqApRs7tzUkb7dXM^gWSaC3NMXi`XWL{UyiVPR>3(b1fi
zXDkZy@Nw%~nCxZDFK{o5O!V{*2p-~5Fr;5VT6C&gxR-y4PhVqlV)5W~^MJmwp(WXY
znbF04`weh0gt~cn`Q^K1XQdd24)sn>^3FATgv5K7q{n%?=HzA+IYx#L88WbcrbkhK
z$MlHI0j4BVzp(IrzG*Q=lS@)@Tu@w*Pe|;5(A2n~Sg!!Q#TBLXa0sD8;Flj?oEaP(
zWQ_LCNlx^Qgu%rO)H`}H-%LWk?e379=a`(7oK9Xz{~;$WF3iiW`U5-L<h&udc>n5H
zXfAL`EQXirGb&$a!0hmb>ES7VZ7yLy&B+^5WX{PeG0WdgEK1fV(~;fsdPBho==ni3
z0*bO$jWe1x|KUKYq49$o6L8O{yiu&)?>CgjTT5(L-*aVM*2|7!>8^7}Q}&Op5Byb<
zS~eLRKh<5oXKkCrqM@$O=j1ohC%!S^6aO0v>RcP<+;Ql^2Qyb+jc?hg{)I8EV%o1>
zx*|K@bJ#eqzveU=fAr!z>#rW&u;+`}d(t1Y9Xc#%kB|4^h|q}d9DbSpLAQBdgtYrU
zXv!~}_BCJnL$s@*XIcD&vFm1hoRiQrVX57>13u|rv?KSC%}eobct(HIY0r}EM;YDv
zy}8QV=AGi;dXB$b)ouAGw^=WrFXt`!xXqF?qrWWQIc>p>pZ@Ce#y7_nzmxOg<g+_!
z|CQ7<w^44Jb!+Wgor*eJIxsFiI(2x9*MHsSu<+nQzoI7RR!$iB#?8Hjg~Qr>b7lJ2
zmM3R;mK2QY+UTTD`n<VAtUj7IY0bdlJCD3MvB7U;pHJDk_oMPH83PaaPj+&@clx=M
zAz`;8eLf$hPi%9+_q5cxQ`u3QV+X9d*SY)F>uq!DEgzfO_)eE^PNdxY%_`VCy6J|%
z`i>dLJ&x~4?>Fbog0tN=_@x}Ny72lo`*!c2c)0wSYuh*0jU7MnSlaBF``%4E?QHJZ
z`=0lUsSVw;Pwwh<a@F+?yFUKduKmaMp+h{D8h`7)E_%!MelrJ!L=L*uZ)xa`?8d$N
zC*~h&eO2Gcv?_nin6{}ej=aBr?xebXTTf4w25yTeYO^gVvtQAl_ro*S+&+H2(|q^g
zcJmL+-H>wqb;s;Aj`!+c@6ff?(qj#`=l0(@BFyizX_wr)KWeh!+OkHm4|W(^|1$S#
z$Ii22+Wc7eWxbu-HzT{eDz)6u^5dMQKkq(o*C1=)TI0r<jnmG|Kb16T*rd5FX6-*a
zqs!zh`-uTpQ_dZJrTN-m|AKi3O4@gg`SEM&l_MSPL}TBNt9aKdRv9+4tsBx=1I|ub
zp@$z__>MgGojKf2%0ySE{R!KshsS$WS((kg#>(t^az)rWHEl1y`p^F*{@34bB;x<1
z3O~+MY+^=x(fLU)!;x$@c3&n*FC)tOS+$fpujFr9IA?4?6@K<L&L+NA_?7B@ngPYS
z)Tp*P*7NPZ{d0JgSnO+Cr?yy$N}H`y;ON+D8^xO6vbIzUo<Y0XGpzn@a*I48Vg=WK
z>>u1XK0=cI9l<+bZ0!&kYG*qj119Q<A$oLdRFE4Rv?(Le<m|j67;E(*YUK|C%knWS
zFY4|PRG87t!Nt{~e^Rc4tFNz%gNsXd_J0gRV(e@KFjVgD5HrNw&B4vrA=;czt@}E-
zx_5W=>F(ww|I)KVT{f`K&rZt7eLALP18Pm5??!J0Ma6lAXeB49%n_q`y$fCrDJpg>
zG?!pNox(=!hC=llN3^*ZZyWNs^#2?UB^9UZ+1Zz!Z5(^E`FD8k7@1Gwcc_t@SCpHP
zno7SA7ai>g`HKG?+vAPv-#ni^qp-7$HWy;ZjgfIsAWpH|?QHFAUwRYwePOeH;&yS9
zNB?M?O`@D?N#5NrIo8E%>JqomC3@mD?dmQeb#8K(x`ZL)*)DP85_?N}{=tp$^jB=7
zSdClN78TE@&lFGPN%?`)wU=&OM)AATi7!QQZ7q!Qg&@lFPotdbAk6Cl%PUot*Jb3D
zMsKy_u&noKUKvN~C>lMrqx6<lN)UFG-qO}-Y-9PaY@MtyfKzXjUH|^|)UjTC-E^sL
zm00ZSrx9Qh<?2YXQaS%YtUzCWEd5XQq*w7H+ADL^`MtCQ59h)ZNJOVU@to`D9Xw$&
z?QET%JUKd5nk02Eh_i2E)mW;`)FCJ&&=Ax&Ff1?x{~CgVg8cec`JaD;BsoY{q`{aN
z8|euCiuP&)+#Q}@K68YhHCY<qcKpAGF6p!O-f5T_nAl*}2M6yv7yC}wv(C7AWKPV9
z82>!iZ4WvuuhnP#i1p`o-gO%mu&U!<1(zp99c=SB@6^!u7ySPF=#|ah>%61I;2HNm
z+<Rff-G|w&r|itLe$9E#UkT9@Jxd;s?0@;@=dQPBWW|N&f4TKki>vz#hZpRdQ?Yyg
zf{+vXA8Z`f9?i~MF|}vffi6B5%e}0>DY`J|;k%D-?wW9Ft$9yrev>y^{~UBF_`Q}+
zJNyz`zc>69+j)PEnc;up_sv)1=bY>J>!7hiPr6IqkwNQS4t&_J(Cu7eROp(R&%RCc
zntO0kQ-`CITmO-Adh!wL&RtLK&3ZRv!O6t~UU)F<*pC}u>aqCl+5W@ZM0MDGH!pA0
z_{ph9R^1)jD*4k(10BEfpR?xIjLl8XELr{CxW9M5cs|T-)VXZ|E1GS0^3F}{aqFW|
zOFZW^?YZvB)}Q?sWK9a1S8v_O!r|X<x_f$e7uVa_eyw&5({=hHEZAk=wZC)Doqkfb
zr8xJDFC9()BpYcO4kYdBqbZH@{Hn^)RKMlhV_9=^NeakGp&89M?C23zVLDwuOd7`5
ztu57+w!*aN-HQDP|JK5TvtnWc0wZFg8%Uvn@h(2D?p}DyXd)#Q7H1@9o4tHIygfX<
zoiM9GbcVq;(hB???bZBkmK&SObk4H{8BOh3H?)~egArrJI$UfY&}z~~Whyh%-JPi9
z%>m_rdG5-uBx&ntpB`T0p8i+gL-~=kby*L#%UL}AKD}xv`9;O_>l-%G)hRYAjChxV
zcMg6+do?x3dw$JRbDaccEH!*!T!bmkN;L=J@2S25b-MnfrbBIfro)zI(pU;?^<QcF
zda~#-RqjkvC)H(>x5hzJe2hTs;k9XsrnqcEY?AcxrNDDmRt`|LaTQhZ18o0ltMBpe
ztE!6DQhuM*I}b9!Ws`5X>J5T=xS99<KMOA_>d{~l>NU33=|Vvm5+XAaPh<8jRgofk
zaGeL!z)^MC<gK&NU^FyX=y+7o0GCau1#JI+zidJRUqRY}%O+>I0*}@w?8Y^X`(X<&
zC<4=5Jatb=rwc>+CLQYn)WjsS=<#o!OxbR#ix0aeL)qm}c6b3U6Fj{fNulNU$~A~e
zCPRC*x(f3AmJ7Zd;EMp>bK!RiIHp(r1rJAbe|$;kMDCd?BKKnCuc*lvf&4JY2j!ow
zN=~t5@-v7^Za{lA^6{Q$x#WjIz6s>r_>K^P=$3SZk!d1F@Mf8JRXM`$O~#7#_!xm$
z$*z-<IUIr5B&k`inTssp2)95caD;O__15E~2zEcl%~s#?9U&5g<Osw_2Ss*-)#)Nf
z@L?KsQ8~iy$IzfRK5pqkXWX_`*>B+p)B?7e;0RF}LPt2y6}Y!P;qC1ZxD($I3`pOk
zV_ksi>K8N-1UYE0_8#uz%arY`s;jrRL)llM>^s@-D$3&43JNXPm35}j5iW4SUj_I(
z0B_EB1S6u8BM>@~PeB{n<lPy0CpGyyARh|ym07#1l2dG%d{UOs5x(P+4+S}HZM;{H
z?+8(dZb?Vzk}YzC9xU^YDo1$xQ)G?@IK}jJ!s%#bHNX*w4GZC3Xg=8zjxY&i0!R3s
zs~$dzU=KbR>+V~8M~DU?IRY^PwbBvV<cJ)hC)1#V$`SUw3=JMZgO^?|Q8a)fPz%^<
zf+G|nZNV7f2d==6ATXZkd)J!p2r)<>%Q&eEP+ir@71foVDcfFES9`uPR%~biWv$aN
zaDO^RpwMz%IUp*H4`{FUP8;O;BM*E-3xNNG+wlJ4J3=g?lOqs1k#7`|_hRHPtI2-?
zxi>zD>ZjD{Rmmx~Om4~(I>JRRxi`pfgZvWT5e6W-B^}`w7^yf|fv9h?7~Y#@u2VU}
zp4-SAkN%Gy?{H4Z9F9P2lGNr=<`0%|gur~EBV6LDhmQ}~8v^yF@g2bgLUIIR1Zt%t
ze2<oJ*BINYy_22o!!&58a)iAh&|p6_7~IyVXaGl`7O>R>M{q6>I>KeH!22QaeeK&X
z<B+~d$GQO3)iE@o{Z8x0lyy+m)!zG17I%0?2M!*pD2p)yg_i5;JfaF5;U_NmH~NHq
z^|f!mj7M~G1VShBltK}?KO=uhMZT{-$Wgn|osu%El2dG%`~jlQ!E4&9dD(c+pSk3>
zK@Nx1di>--M7N|PEH4r{LSL47Ta_d1YhkR|h()qdr^;t2nZpr?4UhDE*?hqgj$l<R
zbcA1c>TSfw2kgU5ky;D86F^9gK#X)y<g<oFXi3`<0+<GERF1GO2O5+>gS9QXDH^~L
zs0C~_!4YhR2p!=HSKtzT!hSqMNNZvDt4JRYq@^xEb+sH#Xgfk6Q?|9LuJ*Tuva_M=
z#MfdKW#I@ETCS`25mn#_zjDDbr??->C$w(Ad=1gb5eS{gjU^)TAV%IwP3{D8tY3-B
zd^NBtImMRATa*eN;VPGWC&+t&{2+gfFbL5t=?DkFs69pqW|_BCIl}&4#)?hPA@hdy
zTPc~t5r|Ea+AS*nuOBu?$Hcx&=m@{@)Z2uQ57<8o>ZS3=2#FvhM<7O^Ryx8Sw506_
zAxwi7Do5Bq3mUlNBa(i7p`M}v9D!QERudedQMu3&e&-78u1`477t>sO_-75TBYl&O
zbpbkt%g}_jBlKg++N<j7Kwl_pfU>9KToh&D2ozebt9^(naD+d&;0AzWaj4e9?j%Gf
zM<8?}_ZuoA@6X7atI4B5o(uA=CWorz6k8@gkEnt%!Zj{=F36KXK9BDRgAv`5j_}4X
zkt2k%%wJSF!hvLD{t+^d>@!-)9F9P2lJsTE@f$5MMrb}l=m>vu)x#tI5A20{{(MJB
z1|c~DF#@&H5%!@aZAS=W8Z=Wm!hyZe;082!rO_ot12_V;fUPDtLfer-N4U-v_=Y~=
zU^=F`X7U{&1?ih~tP4<GT|^Vwju6h2eL+=M2h)ueo9&=%BV2*3GLJx^<+^J7hR_ji
z@W40Q0lW<075sSwGoq6t5IT`>MjP7X5sbX4n!F6;ui%4|ZWtd{C8yXj`NdH}N4Uu)
ze+A?dL0-Ujgj7Vgq$5nM5II65%e;xo5e`m7=6G_sVOAUp>FLZOu}RXI#VN}y;Rv@u
zCYV|Li>n?U`G4>N)N8|cgftM6BM>7{D;;6>Xptirm<G?Q9O2*vXs{I;<kml|XaGl`
z7O>R>N4STy1v87de{ED<y8ms=WxAj*-(9$Qt3Kh-RLm@9^Bo}_>6>({3s7B686&DI
zBU84qs;&-Ag|Z()S!4Jwin16ZP-wZX)+4H5jBuL^{vp7Z0{m6JBV-^tIRc>*x%*fV
zc@!gmPEEcP<iCR4J?xvR<P=*bZ!u2j2!C_Qe+4;u+TAd|BV;1FB^_Ze7`4wDqFLsR
zRE}_HtFdAW9@iiFb^dWBbBqy)O_Ju$p0v&qj?i?x&=KzN)Z2nb{vWo|Uf7)lLUIIR
z1Zt%tY(z`iV}ux{ft|_`4qHKkOlYvP_5wu%I0ChRttL2v(*&U-;P%Dpj<6*Y0`JnE
zS<FWICLQYnR99c33GH{<Sf*@4Rb3t41!eL0qsTcS#}sAZ2o$<<j4)B?2=}<)699f(
zduA~Q(a8}AoyfPM4Q=uPjJ$!G{5Z(hg1jVnXH{~FEt3zQBy@!PT=KOb|3Z6aF&EJ-
z=?I-BiyXnkGPhMZ!r?EB6<cc|bNdpVk~tiK*l-(F<4^zVhse?~nG7<)7y<XCR`0M|
z@yP!p9kpi`^FT<BK#V}GbOZ<7{j2Q=aZH2yDn~fd5gK&D#~R&!QmAMEN1zt4)dWYF
zfV2f;goj*#J3-(x+B1v!NFN`qNnL=BVT&oEx{7DY+NkR4$QdXb0A<hgU7{!pN1)Jh
zUG+v(!5HBY7d!yqSF~pq3lN<gfzX+k3CRaC@_K6WD<H?i9V7PpPpL{yv1RgAQ-zN3
z50`u}$nR>;EEXcVB^@Dmn#d6nSmt$Aj&S5IGRNckBNEc~Dw)F(h)t3XwjTVwCB_Kf
zf=u8DkGbmMk^k?6YR@bdfsh=57=c>p2)WZmj_@keppMEB-U)>UxV|0X{UBV?0FFQ{
zV5<p^@GjC8IKmUIz&}A?+=ihwvsjGuO*+;EsIHP{h#cWHrfh9hUA^<jSg{S`yoi>)
zN)=_{2ozebt2Yo;+Y!7Z9{4sZeZtX(+B1to5S<)>(24xDnIiH*jJ%eL{3sS}ZF>nH
zcJxS}R+XG$%j8XFi5$Vpic9_y$XjdAES4a;B^_Ze7`4wD5?SWfDn~fl8kvtk=F4tj
z#{TI%0<lSw_nnv@E#U~Zvqg^JWzAI&kNiKHuRXI^3PN%OVgzcXBkVv++GB**nFdxW
zM>v`f4OT*fp?`N)G=L*e3)pIcBh;QFas;nhT!B~W6OOgho>?qI`X(Lg0#sKU(1iBb
zJBcYPsp{%jJ1Bbu%D(1{M~XbXLy1Dmb#)w31&&ag3w{LPuG%w;<%mv>K<GrCFjquA
zn2|sE;Mo-u$6P^<S*-BhJ_z-coMOx5UoN+ihT=8t)$T{g_Nv1rzW{PSHnWH@mFpS;
z@b^~uKURqhMRfiu5o;V@-YOBwZ|({k2}3ZpSGxyiS~AP;aiJ<dKV!vq2YhhP!#cy2
z{8HWBi9p^OOLhCyu6#}Z32fTgHw0(Zw~Bq)%8<@g)?Il-)|P0uuJZf;zO<=a)H2eQ
zSpNZQF@8jQHPuqR>he_E?f})+L$wAA|4~%yg};YtQhl9n7^!CcZ|n3;tgsR2wREM8
z6p7!Vy_#NrDNL__-cjkb9(oOeUWb3GQ1oiy?oMr^HA<cqnNf;I5nhmDJ#LCvvT+Op
zv%7y)PqE%3oo+a#SgW?wQQBU|dX&<fmDVDml2ta+CV<giEyX2fmg1unRf<QE;u56z
zhVdOG#bS4NYP&K;TBkxzD>?iJ3tOID8l*+OWS#Jh)`qLz5`DsP52!biKRq{s)U&GH
zE>~GDRR6zPF7(=Z(Hm_lQ}^N6XVpFK0d*fh-FC50tq?<RVuPVnJYHq>AF2B6a-l^a
zLwL4VE3W{r`dsxMKs{XUxZ8E%d8NEsBM4QJjZQZbgeHF?q~6_ggN=lRk8H2jv-+g5
z+#eiO<&KLLJ6=TYb!MGYdX~MrJ4MF(D|Xr_`b0$6K6UW2<?-)$5&SE_--Lg`;SIDB
z(qGn?+L3Ql>atNZP)KKa-0!5yV+HcSr;mhQ{Oz8S2L=k%0=AkkP)I`Bg7@17T!HcN
zC?|}VzfI!L+mAx}^nUwq7iqdl^nRPcq`jwlzdd1uv~iI3gtJbO7UvEWTkaa4A?h5w
zroCF%9`DtVOCAUEB#>*YBdkF5XGh@woiXg*EHZ{nmib+kF`P(3=6jI2`N2^oa~K1$
zNz#0)AIDi)Is6B9`>Zk8Z4nL-?YQdgfqHLiPb-fGp-IOGsdnE+6WRmBESCHo^<jS-
z$$yFDL%JPNlE-1E(DGrwfv5sUXv78o65uD<wDM)e(b^**9E}!0jzM&C1VYDmD;;6n
zRvTp@do^e4oXz<E{`Of%IB^pEcj+^~w&3(h-bjnph^2iRlEY%%R=G=MEPUqI*H0&B
t;4VaqttPn3k!`|*^&IzL;iFdG#l4>odsnw_skTlxmJU|v(}N{h|34(sVa5Oe

literal 0
HcmV?d00001

diff --git a/testing/btest/scripts/base/protocols/ncp/event.bro b/testing/btest/scripts/base/protocols/ncp/event.bro
new file mode 100644
index 0000000000..acb4bf0a0c
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ncp/event.bro
@@ -0,0 +1,20 @@
+# @TEST-EXEC: bro -C -r $TRACES/ncp.pcap %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+redef likely_server_ports += { 524/tcp };
+
+event bro_init()
+	{
+	const ports = { 524/tcp };
+	Analyzer::register_for_ports(Analyzer::ANALYZER_NCP, ports);
+	}
+
+event ncp_request(c: connection, frame_type: count, length: count, func: count)
+	{
+	print "ncp request", frame_type, length, func;
+	}
+
+event ncp_reply(c: connection, frame_type: count, length: count, req_frame: count, req_func: count, completion_code: count)
+	{
+	print "ncp reply", frame_type, length, req_frame, req_func, completion_code;
+	}

From 58864c358ccd1a37c112d15acaa0742d0846336c Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@corelight.com>
Date: Tue, 22 May 2018 18:27:52 -0500
Subject: [PATCH 2/2] Add NCP::max_frame_size tuning option

This helps prevent excessive allocations based on message lengths
taken from NCP headers.
---
 scripts/base/init-bare.bro                    |   6 +
 src/analyzer/protocol/ncp/CMakeLists.txt      |   2 +-
 src/analyzer/protocol/ncp/NCP.cc              |  44 +-
 src/analyzer/protocol/ncp/NCP.h               |  11 +-
 src/analyzer/protocol/ncp/consts.bif          |   1 +
 .../out                                       | 418 ++++++++++++++++++
 .../base/protocols/ncp/frame_size_tuning.bro  |  20 +
 7 files changed, 487 insertions(+), 15 deletions(-)
 create mode 100644 src/analyzer/protocol/ncp/consts.bif
 create mode 100644 testing/btest/Baseline/scripts.base.protocols.ncp.frame_size_tuning/out
 create mode 100644 testing/btest/scripts/base/protocols/ncp/frame_size_tuning.bro

diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro
index d5bb8f2be9..e592f9277e 100644
--- a/scripts/base/init-bare.bro
+++ b/scripts/base/init-bare.bro
@@ -4806,6 +4806,12 @@ export {
 	const max_frag_data = 30000 &redef;
 }
 
+module NCP;
+export {
+	## The maximum number of bytes to allocate when parsing NCP frames.
+	const max_frame_size = 65536 &redef;
+}
+
 module Cluster;
 export {
 	type Cluster::Pool: record {};
diff --git a/src/analyzer/protocol/ncp/CMakeLists.txt b/src/analyzer/protocol/ncp/CMakeLists.txt
index bd06d4e426..1ec5cf2e67 100644
--- a/src/analyzer/protocol/ncp/CMakeLists.txt
+++ b/src/analyzer/protocol/ncp/CMakeLists.txt
@@ -5,6 +5,6 @@ include_directories(BEFORE ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_CURRENT_BINARY_DI
 
 bro_plugin_begin(Bro NCP)
 bro_plugin_cc(NCP.cc Plugin.cc)
-bro_plugin_bif(events.bif)
+bro_plugin_bif(events.bif consts.bif)
 bro_plugin_pac(ncp.pac)
 bro_plugin_end()
diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc
index f2745666dc..f01c409429 100644
--- a/src/analyzer/protocol/ncp/NCP.cc
+++ b/src/analyzer/protocol/ncp/NCP.cc
@@ -9,6 +9,7 @@
 #include "NCP.h"
 
 #include "events.bif.h"
+#include "consts.bif.h"
 
 using namespace std;
 using namespace analyzer::ncp;
@@ -105,13 +106,12 @@ void FrameBuffer::Reset()
 	msg_len = 0;
 	}
 
-// Returns true if we have a complete frame
-bool FrameBuffer::Deliver(int &len, const u_char* &data)
+int FrameBuffer::Deliver(int &len, const u_char* &data)
 	{
 	ASSERT(buf_len >= hdr_len);
 
 	if ( len == 0 )
-		return false;
+		return -1;
 
 	if ( buf_n < hdr_len )
 		{
@@ -123,13 +123,16 @@ bool FrameBuffer::Deliver(int &len, const u_char* &data)
 			}
 
 		if ( buf_n < hdr_len )
-			return false;
+			return -1;
 
 		compute_msg_length();
 
 		if ( msg_len > buf_len )
 			{
-			buf_len = msg_len * 2;
+			if ( msg_len > BifConst::NCP::max_frame_size )
+				return 1;
+
+			buf_len = msg_len;
 			u_char* new_buf = new u_char[buf_len];
 			memcpy(new_buf, msg_buf, buf_n);
 			delete [] msg_buf;
@@ -143,7 +146,13 @@ bool FrameBuffer::Deliver(int &len, const u_char* &data)
 		++buf_n; ++data; --len;
 		}
 
-	return buf_n >= msg_len;
+	if ( buf_n < msg_len )
+		return -1;
+
+	if ( buf_n == msg_len )
+		return 0;
+
+	return 1;
 	}
 
 void NCP_FrameBuffer::compute_msg_length()
@@ -203,10 +212,27 @@ void Contents_NCP_Analyzer::DeliverStream(int len, const u_char* data, bool orig
 		resync = false;
 		}
 
-	while ( buffer.Deliver(len, data) )
+	for ( ; ; )
 		{
-		session->Deliver(IsOrig(), buffer.Len(), buffer.Data());
-		buffer.Reset();
+		auto result = buffer.Deliver(len, data);
+
+		if ( result < 0 )
+			break;
+
+		if ( result == 0 )
+			{
+			session->Deliver(IsOrig(), buffer.Len(), buffer.Data());
+			buffer.Reset();
+			}
+		else
+			{
+			// The rest of the data available in this delivery will
+			// be discarded and will need to resync to a new frame header.
+			Weird("ncp_large_frame");
+			buffer.Reset();
+			resync = true;
+			break;
+			}
 		}
 	}
 
diff --git a/src/analyzer/protocol/ncp/NCP.h b/src/analyzer/protocol/ncp/NCP.h
index f8cac95090..bdf5d8bffe 100644
--- a/src/analyzer/protocol/ncp/NCP.h
+++ b/src/analyzer/protocol/ncp/NCP.h
@@ -54,8 +54,9 @@ public:
 	explicit FrameBuffer(int header_length);
 	virtual ~FrameBuffer();
 
-	// Returns true if a frame is ready
-	bool Deliver(int& len, const u_char* &data);
+	// Returns -1 if frame is not ready, 0 if it else, and 1 if
+	// the frame would require too large of a buffer allocation.
+	int Deliver(int& len, const u_char* &data);
 
 	void Reset();
 
@@ -68,9 +69,9 @@ protected:
 
 	int hdr_len;
 	u_char* msg_buf;
-	int msg_len;
-	int buf_n;	// number of bytes in msg_buf
-	int buf_len;	// size off msg_buf
+	uint64 msg_len;
+	size_t buf_n;	// number of bytes in msg_buf
+	size_t buf_len;	// size off msg_buf
 };
 
 #define NCP_TCPIP_HEADER_LENGTH 8
diff --git a/src/analyzer/protocol/ncp/consts.bif b/src/analyzer/protocol/ncp/consts.bif
new file mode 100644
index 0000000000..452dd9a2b6
--- /dev/null
+++ b/src/analyzer/protocol/ncp/consts.bif
@@ -0,0 +1 @@
+const NCP::max_frame_size: count;
diff --git a/testing/btest/Baseline/scripts.base.protocols.ncp.frame_size_tuning/out b/testing/btest/Baseline/scripts.base.protocols.ncp.frame_size_tuning/out
new file mode 100644
index 0000000000..cfb805ee70
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.ncp.frame_size_tuning/out
@@ -0,0 +1,418 @@
+ncp reply, 13107, 70, 0, 0, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 59, 89
+ncp reply, 13107, 2, 8738, 89, 255
+ncp request, 8738, 59, 89
+ncp reply, 13107, 2, 8738, 89, 255
+ncp request, 8738, 79, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp reply, 13107, 86, 8738, 72, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 66, 89
+ncp reply, 13107, 92, 8738, 89, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 66, 89
+ncp reply, 13107, 92, 8738, 89, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 46, 89
+ncp reply, 13107, 88, 8738, 89, 0
+ncp request, 8738, 40, 89
+ncp reply, 13107, 11, 8738, 89, 0
+ncp request, 8738, 40, 89
+ncp reply, 13107, 102, 8738, 89, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 6, 22338
+ncp reply, 13107, 10, 8738, 22338, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 8, 66
+ncp reply, 13107, 2, 8738, 66, 0
+ncp request, 8738, 72, 89
+ncp reply, 13107, 70, 8738, 89, 0
+ncp request, 8738, 7, 22306
+ncp reply, 13107, 2, 8738, 22306, 0
+ncp request, 8738, 14, 72
+ncp request, 8738, 14, 72
diff --git a/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.bro b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.bro
new file mode 100644
index 0000000000..46ad87e752
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/ncp/frame_size_tuning.bro
@@ -0,0 +1,20 @@
+# @TEST-EXEC: bro -C -r $TRACES/ncp.pcap %INPUT NCP::max_frame_size=150 >out
+# @TEST-EXEC: btest-diff out
+
+redef likely_server_ports += { 524/tcp };
+
+event bro_init()
+	{
+	const ports = { 524/tcp };
+	Analyzer::register_for_ports(Analyzer::ANALYZER_NCP, ports);
+	}
+
+event ncp_request(c: connection, frame_type: count, length: count, func: count)
+	{
+	print "ncp request", frame_type, length, func;
+	}
+
+event ncp_reply(c: connection, frame_type: count, length: count, req_frame: count, req_func: count, completion_code: count)
+	{
+	print "ncp reply", frame_type, length, req_frame, req_func, completion_code;
+	}