Review cleanup

src/RunState.cc

@@ -421,14 +421,19 @@ double check_pseudo_time(const Packet* pkt)
 	return current_pseudo;
 	}
 
+iosource::PktSrc* current_packet_source()
+	{
+	return dynamic_cast<iosource::PktSrc*>(current_iosrc);
+	}
+
 } // namespace detail
 
-extern double current_packet_timestamp()
+double current_packet_timestamp()
 	{
 	return detail::current_pseudo;
 	}
 
-extern double current_packet_wallclock()
+double current_packet_wallclock()
 	{
 	// We stop time when we are suspended.
 	if ( run_state::is_processing_suspended() )

src/RunState.h

@@ -28,9 +28,15 @@ extern void dispatch_packet(zeek::Packet* pkt, zeek::iosource::PktSrc* pkt_src);
 extern void expire_timers();
 extern void zeek_terminate_loop(const char* reason);
 
+/**
+ * Returns the packet source for the packet currently being processed. This will
+ * return null if some other iosrc is currently active.
+ */
+extern zeek::iosource::PktSrc* current_packet_source();
+
 extern double check_pseudo_time(const Packet *pkt);
 
-extern zeek::iosource::PktSrc* current_pktsrc [[deprecated("Remove in v4.1. Use static_cast<zeek::iosource::PktSrc>(zeek::detail::iosource.)")]];
+extern zeek::iosource::PktSrc* current_pktsrc [[deprecated("Remove in v4.1. Use zeek::run_state::detail::get_current_pktsrc().")]];
 extern zeek::iosource::IOSource* current_iosrc;
 extern zeek::iosource::PktDumper* pkt_dumper;	// where to save packets
 
@@ -107,7 +113,7 @@ constexpr auto net_update_time [[deprecated("Remove in v4.1. Use zeek::run_state
 constexpr auto net_packet_dispatch [[deprecated("Remove in v4.1. Use zeek::run_state::detail::dispatch_packet.")]] = zeek::run_state::detail::dispatch_packet;
 constexpr auto expire_timers [[deprecated("Remove in v4.1. Use zeek::run_state::detail::expire_timers.")]] = zeek::run_state::detail::expire_timers;
 constexpr auto zeek_terminate_loop [[deprecated("Remove in v4.1. Use zeek::run_state::detail::zeek_terminate_loop.")]] = zeek::run_state::detail::zeek_terminate_loop;
-extern zeek::iosource::PktSrc*& current_pktsrc [[deprecated("Remove in v4.1. Use static_cast<zeek::iosource::PktSrc>(zeek::detail::iosource).")]];
+extern zeek::iosource::PktSrc*& current_pktsrc [[deprecated("Remove in v4.1. Use zeek::run_state::detail::get_current_pktsrc().")]];
 extern zeek::iosource::IOSource*& current_iosrc [[deprecated("Remove in v4.1. Use zeek::run_state::detail::current_iosrc.")]];
 extern zeek::iosource::PktDumper*& pkt_dumper [[deprecated("Remove in v4.1. Use zeek::run_state::detail::pkt_dumper.")]];
 extern bool& have_pending_timers [[deprecated("Remove in v4.1. Use zeek::run_state::detail::have_pending_timers.")]];

src/iosource/Packet.h

@@ -16,7 +16,7 @@ typedef struct timeval pkt_timeval;
 #endif
 
 #include "pcap.h" // For DLT_ constants
-#include "NetVar.h" // For BifEnum::Tunnel
+#include "zeek/NetVar.h" // For BifEnum::Tunnel
 
 ZEEK_FORWARD_DECLARE_NAMESPACED(ODesc, zeek);
 ZEEK_FORWARD_DECLARE_NAMESPACED(Val, zeek);
@@ -221,11 +221,45 @@ public:
 	// These are fields passed between various packet analyzers. They're best
 	// stored with the packet so they stay available as the packet is passed
 	// around.
+
+	/**
+	 * The stack of encapsulations this packet belongs to, if any. This is
+	 * used by the tunnel analyzers to keep track of the encapsulations as
+	 * processing occurs.
+	 */
 	EncapsulationStack* encap = nullptr;
+
+	/**
+	 * The IP header for this packet. This is filled in by the IP analyzer
+	 * during processing if the packet contains an IP header.
+	 */
 	IP_Hdr* ip_hdr = nullptr;
+
+	/**
+	 * The protocol of the packet. This is used by the tunnel analyzers to
+	 * pass outer protocol from one level to the next.
+	 */
 	int proto = -1;
+
+	/**
+	 * If the packet contains a tunnel, this field will be filled in with
+	 * the type of tunnel. It is used to pass the tunnel type between the
+	 * packet analyzers during analysis.
+	 */
 	BifEnum::Tunnel::Type tunnel_type = BifEnum::Tunnel::IP;
+
+	/**
+	 * If the packet contains a GRE tunnel, this field will contain the
+	 * GRE version. It is used to pass this information from the GRE
+	 * analyzer to the IPTunnel analyzer.
+	 */
 	int gre_version = -1;
+
+	/**
+	 * If the packet contains a GRE tunnel, this field will contain the
+	 * GRE link type. It is used to pass this information from the GRE
+	 * analyzer to the IPTunnel analyzer.
+	 */
 	int gre_link_type = DLT_RAW;
 
 private:

src/packet_analysis/Manager.cc

@@ -37,7 +37,7 @@ void Manager::InitPostScript()
 
 	root_analyzer = analyzers["Root"];
 
-	static auto pkt_profile_file = id::find_val("pkt_profile_file");
+	auto pkt_profile_file = id::find_val("pkt_profile_file");
 
 	if ( detail::pkt_profile_mode && detail::pkt_profile_freq > 0 && pkt_profile_file )
 		pkt_profiler = new detail::PacketProfiler(detail::pkt_profile_mode,

src/packet_analysis/protocol/ip/IP.cc

@@ -93,7 +93,7 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 
 	if ( packet->len < total_len + packet->hdr_size )
 		{
-		packet->Weird("truncated_IP", encapsulation);
+		packet->Weird("truncated_IPv6", encapsulation);
 		return false;
 		}
 
@@ -246,6 +246,8 @@ bool IPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet)
 	case IPPROTO_UDP:
 	case IPPROTO_ICMP:
 	case IPPROTO_ICMPV6:
+		DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.",
+		        GetAnalyzerName(), proto);
 		sessions->DoNextPacket(run_state::processing_start_time, packet, ip_hdr, encapsulation);
 		break;
 	case IPPROTO_NONE:

src/packet_analysis/protocol/iptunnel/IPTunnel.h

@@ -2,8 +2,8 @@
 
 #pragma once
 
-#include <packet_analysis/Analyzer.h>
-#include <packet_analysis/Component.h>
+#include "zeek/packet_analysis/Analyzer.h"
+#include "zeek/packet_analysis/Component.h"
 #include "zeek/IPAddr.h"
 #include "zeek/TunnelEncapsulation.h"
 

src/zeek.bif

@@ -3399,7 +3399,7 @@ const char* conn_id_string(zeek::Val* c)
 function dump_current_packet%(file_name: string%) : bool
 	%{
 	const Packet* pkt;
-	auto* pkt_src = static_cast<zeek::iosource::PktSrc*>(zeek::run_state::detail::current_iosrc);
+	auto* pkt_src = dynamic_cast<zeek::iosource::PktSrc*>(zeek::run_state::detail::current_iosrc);
 
 	if ( ! pkt_src || ! pkt_src->GetCurrentPacket(&pkt) )
 		return zeek::val_mgr->False();
@@ -3432,7 +3432,7 @@ function get_current_packet%(%) : pcap_packet
 	static auto pcap_packet = zeek::id::find_type<zeek::RecordType>("pcap_packet");
 	const Packet* p;
 	auto pkt = zeek::make_intrusive<zeek::RecordVal>(pcap_packet);
-	auto* pkt_src = static_cast<zeek::iosource::PktSrc*>(zeek::run_state::detail::current_iosrc);
+	zeek::iosource::PktSrc* pkt_src = zeek::run_state::detail::current_packet_source();
 
 	if ( ! pkt_src || ! pkt_src->GetCurrentPacket(&p) )
 		{
@@ -3464,7 +3464,7 @@ function get_current_packet%(%) : pcap_packet
 function get_current_packet_header%(%) : raw_pkt_hdr
 	%{
 	const Packet* p;
-	auto* pkt_src = static_cast<zeek::iosource::PktSrc*>(zeek::run_state::detail::current_iosrc);
+	zeek::iosource::PktSrc* pkt_src = zeek::run_state::detail::current_packet_source();
 
 	if ( pkt_src && pkt_src->GetCurrentPacket(&p) )
 		{

testing/btest/Baseline/core.reassembly/output

@@ -18,14 +18,14 @@ flow weird, excessively_small_fragment, 128.32.46.142, 10.0.0.1
 flow weird, excessively_small_fragment, 128.32.46.142, 10.0.0.1
 flow weird, fragment_inconsistency, 128.32.46.142, 10.0.0.1
 ----------------------
-net_weird, truncated_IP
-net_weird, truncated_IP
-net_weird, truncated_IP
-net_weird, truncated_IP
+net_weird, truncated_IPv6
+net_weird, truncated_IPv6
+net_weird, truncated_IPv6
+net_weird, truncated_IPv6
 rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliidlhd, A
 rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], dgphrodofqhq, orgmmpelofil, A
 rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], lenhfdqhqfgs, dfpqssidkpdg, A
 rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfOOOOOOOOOOOOOOOOOOOOOOOOOOOO, nlkmlpjfjjnoomfnqmdqgrdsgpefslhjrdjghsshrmosrkosidknnieiggpmnggelfhlkflfqojpjrsmeqghklmjlkdskjollmensjiqosemknoehellhlsspjfjpddfgqkemghskqosrksmkpsdomfoghllfokilshsisgpjhjoosidirlnmespjhdogdidoemejrnjjrookfrmiqllllqhlqfgolfqssfjrhrjhgfkpdnigiilrmnespjspeqjfedjhrkisjdhoofqdfeqnmihrelmildkngirkqorjslhmglripdojfedjjngjnpikoliqhdipgpshenekqiphmrsqmemghklodqnqoeggfkdqngrfollhjmddjreeghdqflohgrhqhelqsmdghgihpifpnikrddpmdfejhrhgfdfdlepmmhlhrnrslepqgmkopmdfogpoljeepqoemisfeksdeddiplnkfjddjioqhojlnmlirehidipdhqlddssssgpgikieeldsmfrkidpldsngdkidkoshkrofnonrrehghlmgmqshkedgpkpgjjkoneigsfjdlgjsngepfkndqoefqmsssrgegspromqepdpdeglmmegjljlmljeeorhhfmrohjeregpfshqjsqkekrihjdpfdjflgspepqjrqfemsjffmjfkhejdkrokmgdrhojgmgjpldjeiphroeheipolfmshoglkfnllfnhlflhlpddjflekhiqilefjpfqepdrrdokkjiekmelkhdpjlqjdlnfjemqdrksirdnjlrhrdijgqjhdqlidpfdisgrmnlfnsdlishlpfkshhglpdiqhpgmhpjdrpednjljfsqknsiqpfeqhlphgqdphflglpmqfkkhdjeodkelinkfpmfedidhphldmqjqggrljlhriehqqemeimkjhoqnsrdgengmgjokpeiijgrseppeoiflngggomdfjkndpqedhgnkiqlodkpjfkqoifidjmrdhhmglledkomllhpehdfjfdspmklkjdnhkdgpgqephfdfdrfplmepoegsekmrnikknelnprdpslmfkhghhooknieksjjhdeelidikndedijqqhfmphdondndpehmfoqelqigdpgioeljhedhfoeqlinriemqjigerkphgepqmiiidqlhriqioimpglonlsgomeloipndiihqqfiekkeriokrsjlmsjqiehqsrqkhdjlddjrrllirqkidqiggdrjpjirssgqepnqmhigfsqlekiqdddllnsjmroiofkieqnghddpjnhdjkfloilheljofddrkherkrieeoijrlfghiikmhpfdhekdjloejlmpperkgrhomedpfqkrodjdmrqfpiodgphidfliislrr, A
 rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], iokgedlsdkjkiefgmeqkfjoh, ggdeolssksemrhedoledddml, A
-net_weird, truncated_IP
+net_weird, truncated_IPv6
 rexmit_inconsistency, [orig_h=63.193.213.194, orig_p=2564/tcp, resp_h=128.3.97.175, resp_p=80/tcp], OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO HTTP/1.1\x0d\x0aHost: 127.0.0.1\x0d\x0aContent-Type: text/xml\x0d\x0aContent-length: 1\x0d\x0a\x0d\x0aO<?xml version="1.0"?>\x0d\x0a<g:searchrequest xmlns:g=, OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO HTTP/1.1\x0d\x0aHost: 127.0.0.1\x0d\x0aContent-Type: text/xml\x0d\x0aContent-length: 1\x0d\x0a\x0d\x0aO<?xml version="1.0"?igplqgeqsonkllfshdjplhjspmde, AP

testing/btest/Baseline/core.truncation/output

@@ -3,78 +3,78 @@
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-14-01-19-19
+#open	2020-10-09-19-23-22
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334160095.895421	-	-	-	-	-	truncated_IP	-	F	zeek
-#close	2020-07-14-01-19-19
+#close	2020-10-09-19-23-22
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-14-01-19-20
+#open	2020-10-09-19-23-23
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1334156241.519125	-	-	-	-	-	truncated_IP	-	F	zeek
-#close	2020-07-14-01-19-20
+#close	2020-10-09-19-23-23
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-14-01-19-21
+#open	2020-10-09-19-23-23
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1334094648.590126	-	-	-	-	-	truncated_IP	-	F	zeek
-#close	2020-07-14-01-19-21
+1334094648.590126	-	-	-	-	-	truncated_IPv6	-	F	zeek
+#close	2020-10-09-19-23-23
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-14-01-19-23
+#open	2020-10-09-19-23-24
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1338328954.078361	-	-	-	-	-	internally_truncated_header	-	F	zeek
-#close	2020-07-14-01-19-23
+#close	2020-10-09-19-23-24
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-14-01-19-24
+#open	2020-10-09-19-23-25
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-0.000000	-	-	-	-	-	truncated_ethernet_frame	-	F	zeek
-#close	2020-07-14-01-19-24
+1404148886.981015	-	-	-	-	-	truncated_ethernet_frame	-	F	zeek
+#close	2020-10-09-19-23-25
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-14-01-19-25
+#open	2020-10-09-19-23-26
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1508360735.834163	-	163.253.48.183	0	192.150.187.43	0	invalid_IP_header_size	-	F	zeek
-#close	2020-07-14-01-19-25
+#close	2020-10-09-19-23-26
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-14-01-19-26
+#open	2020-10-09-19-23-26
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1508360735.834163	-	163.253.48.183	0	192.150.187.43	0	internally_truncated_header	-	F	zeek
-#close	2020-07-14-01-19-26
+#close	2020-10-09-19-23-26
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-07-14-01-19-27
+#open	2020-10-09-19-23-27
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
 1500557630.000000	-	0.255.0.255	0	15.254.2.1	0	invalid_IP_header_size_in_tunnel	-	F	zeek
-#close	2020-07-14-01-19-27
+#close	2020-10-09-19-23-27

testing/btest/Baseline/plugins.packet-protocol/output_orig

@@ -3,18 +3,18 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2020-09-02-18-56-02
+#open	2020-10-09-19-25-26
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
 1599068759.619112	CHhAvVGS1DHFjwGM9	172.22.214.60	8	192.0.78.212	0	icmp	-	-	-	-	OTH	-	-	0	-	1	28	0	0	-
-#close	2020-09-02-18-56-02
+#close	2020-10-09-19-25-26
 #separator \x09
 #set_separator	,
 #empty_field	(empty)
 #unset_field	-
 #path	weird
-#open	2020-09-02-18-56-02
+#open	2020-10-09-19-25-26
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	name	addl	notice	peer
 #types	time	string	addr	port	addr	port	string	string	bool	string
-1599068759.647566	-	-	-	-	-	truncated_IP	-	F	zeek
-#close	2020-09-02-18-56-02
+1599068759.647566	-	-	-	-	-	truncated_IPv6	-	F	zeek
+#close	2020-10-09-19-25-26

testing/external/commit-hash.zeek-testing-private

@@ -1 +1 @@
-c3393ef9496bec8e85fe1a66a89898e230fbc9d3
+0f49f7352e19a4422ccbdba0d15a2df5abdb128f